Deploying Azure App Service Environment v3, App Plan and blue/green Functions with Terraform via Azure DevOps.
Azure's ASE is all about serverless! In a Windows environment IT usually spins up a server in an on prem hypervisor, updates it, installs security software and SCCM to patch it and then configure IIS with certs and bindings for Development to deploy simple code. The ASE is an abstraction of all those layers and provides a platform for Dev to deploy code. Thanks to Jason Savill's youtube channel for a great overview on ASE v3, the video is embedded here for review and I explain the different areas in terraform.
Working with secure files (certs) in Azure DevOps and Terraform the easy way without compromising security.
The documentation from Hashicorp is great! If you are using your shell with terraform then the docs will save you lots of time but eventually you'll want to use terraform in your pipelines and this is where things change, for better! In this article we show how you can save the steps of creating an Azure vault, setting permissions and uploading secrets or certs to use later on. Since we are using Azure DevOps pipelines we can use the secure file download task to get our cert on the agent and upload it directly to the app service in our case. We are not compromising security by making it simpler which is the best part.
Want to make I.T. Happy? Automate Cert Import and Binding for IIS.
An important part of any web server build is to install a valid SSL cert and bind it to the sites. In a regular IT team certs are misunderstood since it is something they do only when they expire or when there is a new server to build, some even fear dealing with certs. New IT teams are building servers and infrastructure as code and this step makes it easy to deploy and bind the certs when using windows and IIS.
Configure the Azure DevOps Agent to use Ansible playbooks locally.
Sometimes you might want to do things in localhost. My example is that I want to mount a share locally so that I can create directories for mount points and different permissions. I don't want to spin up a new machine to do this simple task so I will run Ansible on the localhost which is my Azure DevOps Agent.
Fix for Azure DevOps Build Immutable Image: Invalid Grant - AADSTS50173
I have a pipeline with an on prem Azure DevOps agent that is loaded with packer so that I can use the packer image build step. After changing my password and installing the azure cli the pipeline failed with status code 400.
Error: Invalid Grant
Error Description: AADSTS50173: The provided grant has expired due to it being revoked, a fresh auth token is needed. The user might have changed or reset their password. The grant was issued on '{{ timestamp }}' and the TokensValidFrom date (before which tokens are not valid) for this user is '{{ timestamp }}'
Storing and Passing the packer imageid to Azure DevOps variable in a variable group.
For infrastructure as code I am using packer (Build Immutable image) task to create a gold image. I then want to pass the image URI to Terraform so it can spin up servers or scale sets. Since I like to add date/time in our packer image name then the name is not static so we have to save the resource ID somewhere after a successful packer build so that Terraform is aware of which image to use.
Using ServiceNow flow REST step to start and pass variables to an Azure DevOps pipeline with started integrationhub package.
If you have the starter pack and want to create your own automation without having to pay for higher packs you can pass variables to Azure DevOps or Jenkins and run pipelines to orchestrate tasks.
In this article we configure a SNOW Catalog Item with a Flow which has a rest step that passes variables and starts a pipeline in Azure DevOps. The pipeline then runs the script with variables and updates the request so the user is aware of progress. Then the SNOW flow checks the request and based on the modification from the script it closes the request or opens a task for IT to check and perform the request manually.
IaC - Gold Image as Code: A DevOps approach to building base images efficiently!
My favorite task is to automate a process that takes days, manual configs and meetings with SMEs into a pipeline with scripts that complete in minutes. In this article we are using Azure DevOps pipelines, Azure Vault, Azure Blob Storage, Hashicorp's packer, Chocolatey and Powershell to orchestrate the creation of a gold image that has the latest-patched version of Windows 10 H2, nine applications installed and 2 configurations applied. All of this is built in less than 1 hour and the pipeline can be triggered every month to get new patches and software updates without interaction. The base images can be used for WVD, Citrix machine catalogs, RDSH and scale groups .
Easy config of an Azure DevOps agent in a Kubernetes cluster with Helm Charts
Helm charts make it simple to deploy containers in K8S . I see it as Kubernetes package manager, think Chocolatey for Windows. Here are simple steps to get the Azure Agent configured in your Kubernetes cluster by using Helm charts and parameters so that you can have your own or extra builder in your pipelines if you already have a K8S cluster.