New Terraform 1.1 Refactoring Feature!
The new refactoring feature can help when (many times) you find a better module but you don't want to go through the shuffle of the mv command. I liked one scenario explained in the demo which was the decoupling a web config from a specific cloud provider module to a module that can be used for multiple clouds done without the mv command and less risk.
How to create an Azure DevOps Service Connection to my private AKS Cluster?
Ok, so we can deploy AKS and restrict the IPs that can consume the K8S API but this is still "out in the internet" which might not sit right with management or security. So.... we can deploy a private AKS (article coming soon..) and keep all traffic internal. The trade off is that a private AKS cluster's api endpoint cannot be restricted to specific subnets from the AKS console but you can deploy NSGs if needed. In this article we go trough setting up a service connection so you can deploy from Azure DevOps
Configuring snapshots for Elastic Cloud on Kubernetes with AKS and Azure Storage Accounts
We had the opportunity to migrate Elastic Cloud Enterprise running on bare metal to Azure. Initially we were going to spin up 3-5 VMs and install ECE with the Ansible role but then we found ECK and made our lives way easier. Migrating was very easy following Elastic's documentation and video posted here but we had a little trouble configuring the snapshots with an Azure Storage account that had a private link so in this article we share how we got it done.
Deploying Azure App Service Environment v3, App Plan and blue/green Functions with Terraform via Azure DevOps.
Azure's ASE is all about serverless! In a Windows environment IT usually spins up a server in an on prem hypervisor, updates it, installs security software and SCCM to patch it and then configure IIS with certs and bindings for Development to deploy simple code. The ASE is an abstraction of all those layers and provides a platform for Dev to deploy code. Thanks to Jason Savill's youtube channel for a great overview on ASE v3, the video is embedded here for review and I explain the different areas in terraform.
Working with secure files (certs) in Azure DevOps and Terraform the easy way without compromising security.
The documentation from Hashicorp is great! If you are using your shell with terraform then the docs will save you lots of time but eventually you'll want to use terraform in your pipelines and this is where things change, for better! In this article we show how you can save the steps of creating an Azure vault, setting permissions and uploading secrets or certs to use later on. Since we are using Azure DevOps pipelines we can use the secure file download task to get our cert on the agent and upload it directly to the app service in our case. We are not compromising security by making it simpler which is the best part.
Want to make I.T. Happy? Automate Cert Import and Binding for IIS.
An important part of any web server build is to install a valid SSL cert and bind it to the sites. In a regular IT team certs are misunderstood since it is something they do only when they expire or when there is a new server to build, some even fear dealing with certs. New IT teams are building servers and infrastructure as code and this step makes it easy to deploy and bind the certs when using windows and IIS.
Configure the Azure DevOps Agent to use Ansible playbooks locally.
Sometimes you might want to do things in localhost. My example is that I want to mount a share locally so that I can create directories for mount points and different permissions. I don't want to spin up a new machine to do this simple task so I will run Ansible on the localhost which is my Azure DevOps Agent.
Easy way to create an Ansible Dynamic Inventory from an Azure Resource group
I was looking at the best way to create an inventory from a virtual machine scale set and found this gem. The Azure dynamic-inventory plugin is the easiest way to get VMs, scale set and resources from resource groups and do stuff with ansible.
Elastic Cloud Enterprise Configuration with Ansible
One of the advantages about using DevOps practices is that you can rely less in documentation and more on orchestration. Documentation can come from a vendor or the engineer that configured the system or a mix of both since you have to modify based on your environments. Using an Ansible role like the one developed by Elastic saves a ton of time and add best practices and performance tuning while at it!
Fix for Azure DevOps Build Immutable Image: Invalid Grant - AADSTS50173
I have a pipeline with an on prem Azure DevOps agent that is loaded with packer so that I can use the packer image build step. After changing my password and installing the azure cli the pipeline failed with status code 400.
Error: Invalid Grant
Error Description: AADSTS50173: The provided grant has expired due to it being revoked, a fresh auth token is needed. The user might have changed or reset their password. The grant was issued on '{{ timestamp }}' and the TokensValidFrom date (before which tokens are not valid) for this user is '{{ timestamp }}'