如何使用VSTS发布管理部署到Azure资源组 [英] How to deploy to Azure Resource Group using VSTS release management
问题描述
尝试不同的方法,我创建了一个基于证书的服务端点,一个它使用服务主体(SPN)。我的构建定义已经构建了一个Web部署包,并且发布定义与之相关联,并且可以使用该工件。
成功1:
使用 Azure Web App部署任务的应用程序的部署已经成功 - 几乎。
缺点1:我不明白我是如何可以使用此任务指定正确的资源组。这个使用基于证书的端点,对于这个任务,我不能使用其他端点(SPN)。
成功2:
使用 Azure资源组部署任务,我可以使用JSON ARM模板来创建一个新的资源组,其中包含一个Web应用程序。这样我可以指定资源组,寻址缺点1
缺点2:但现在我不明白我如何实际部署二进制文件的定义与我的发布定义相关联。由资源组部署创建的Web应用程序为空,后续的Web App部署任务似乎无法定位到新创建的Web应用程序,因为它可能不是基于ARM的。
更新1
感谢@ bmoore-msft,我使用他链接的子资源扩展示例进行了部署。基本上,我的ARM模板的相应代码段现在看起来像这样:
资源:[
{
apiVersion:2015-08-01,
type:Microsoft.Web / sites,
name:[variables('fullEnvName')],
location:[parameters('siteLocation')],
properties:{
name:[variables('fullEnvName')]
} ,
资源:[
{
apiVersion:2014-06-01,
name:MSDeploy,
type :扩展,
dependsOn:[
[concat('Microsoft.Web / Sites /',variables('fullEnvName'))]
],
property:{
packageUri:https://dl.dropboxusercontent.com/u/<myId>/<WebDeploymentPackage>.zip,
dbType:无 ,
connectionString:,
mode:Complete
}
}
]
}
]
但是问题是这将静态链接放入我的模板 - 可以看到,我使用Dropbox作为临时解决方案。但当然,我不想将我的Web部署包上传到Dropbox,也不需要手动也不自动上传。我想链接到由我的构建定义创建的工件,这不幸是动态的,我找不到有关如何构建此链接的任何信息。例如,build 1位于以下路径
https://< tenant> .visualstudio.com / DefaultCollection / _apis / resources / Containers / 800850?itemPath =< ; PathToWebDeploymentPackage> .zip
,而build 2可在这里
https://< tenant> .visualstudio.com /DefaultCollection/_apis/resources/Containers/801968?itemPath=<PathToWebDeploymentPackage>.zip
所以在链接中有一个数字更改这意味着我在模板中引用的链接必须是动态的,这意味着我需要了解从哪里获取该数字,我不知道。
也许有引用神器上传的另一种方法?
查看此示例:
该模板资源中的网站有一个名为MSDeploy的子资源扩展名。这将在部署期间将包部署到网站。所以在执行部署的任务中,您可以创建Web应用程序,并将其全部部署在RM中的一个部署任务中。
您将需要使用用户或使用ARM(无证书)的任何东西的SPN authn。
更新:暂存软件包
好的,通常我在这里做的是在Azure存储中(sasToken来保护)中的工件。您在模板中提供的uri必须可以通过AzureRM访问。您的VSTS构建输出可能是安全的,所以即使您可以交互访问AzureRM。
本质上您需要的是RM(或构建)中的任务, 1)将工件复制到Azure(安全地),然后2)告诉下一个任务,那些工件是...这里有一个选项:
此文档正在使用VSTS构建,但RM的工作方式相同。另一部分是不同的,该文档正在使用Windows资源组项目中Visual Studio使用的PS脚本。没有什么特别的脚本(它可以像任何其他PS脚本一样工作),但这是一个例子。它不使用Azure资源组部署任务,因为该任务无法执行工件的分段。
本质上您需要做的是:
- 参数化该URI属性(请参见下面的示例& repo)
- 将webdeploy包复制到Azure(在此的PowerShell案例)
- 部署模板并传入包裹的uri
eg
packageUri:[concat(parameters('artifactsLocation)),webdeploy.zip,parameters('sasToken')]
该文档显示您VS如何做到这一点,你应该可以适应你的情况,如果你去这个路线,你将使用Azure PowerShell任务,不再需要Azure资源组部署任务。
另一种方法是使用Azure文件复制任务,但是当前该任务不输出URI或sasToken,因此您无法将其传递到部署任务(队列中有PR)这个工作)。
如果您没有访问Visual Studio的另一个选择是这个repo:
https://github.com/Azure/azure-xplat -arm-tooling / tree / master / PowerShell
它具有VS使用的相同的PS脚本,模板显示参数化URL的示例(对于dsc.zip文件在这个例子中的e),但是对于msdeploy来说,它的工作方式也是一样的。
你实际上打过了一个更复杂的场景,目前还没有真正的好的,但它的工作非常酷。如果您需要更多帮助,请点击LMK。
I am new to Visual Studio Team Services Release Management. My goal is to automate a deployment of an ASP.NET MVC application to the Azure App Service.
Trying different approaches, I created a Service Endpoint that is certificate based and one that uses a service principal (SPN). My build definition already builds a web deploy package, and the release definition is linked against that and can use this artifact.
Success 1:
A deployment of the app using the Azure Web App Deployment Task already succeeded - almost.
Shortcoming 1: I do not understand how I can specify the correct Resource Group using this task. This uses the certificate based endpoint, and for this task I cannot use the other (SPN) endpoint.
Success 2:
Using the Azure Resource Group Deployment task, I was able to use a JSON ARM template to create a new resource group with a web app in it. This way I can specify the resource group, addressing Shortcoming 1
Shortcoming 2: But now I don't understand how I can actually deploy the binaries of the build definition that has been linked against my release definition. The web application that gets created by the resource group deployment is empty, and a subsequent Web App Deployment Task seemingly cannot target this newly created web app, since it is probably not ARM based.
I get the feeling that I am missing something obvious here - any help is appreciated.
Update 1
Thanks to @bmoore-msft, I got a deployment working using the child resource extension example he linked to. Essentially, the corresponding snippet of my ARM template now looks like this:
"resources": [
{
"apiVersion": "2015-08-01",
"type": "Microsoft.Web/sites",
"name": "[variables('fullEnvName')]",
"location": "[parameters('siteLocation')]",
"properties": {
"name": "[variables('fullEnvName')]"
},
"resources": [
{
"apiVersion": "2014-06-01",
"name": "MSDeploy",
"type": "Extensions",
"dependsOn": [
"[concat('Microsoft.Web/Sites/', variables('fullEnvName'))]"
],
"properties": {
"packageUri": "https://dl.dropboxusercontent.com/u/<myId>/<WebDeploymentPackage>.zip",
"dbType": "None",
"connectionString": "",
"mode": "Complete"
}
}
]
}
]
But the problem is that this places a static link into my template - as you can see, I used Dropbox as temporary solution. But of course I don't want to upload my web deployment package to Dropbox, neither manually nor automatically. I want to link to the artifact created by my build definition, which unfortunately is dynamic and I can't find any information on how to construct this link. For example, build 1 is located at the following path
https://<tenant>.visualstudio.com/DefaultCollection/_apis/resources/Containers/800850?itemPath=<PathToWebDeploymentPackage>.zip
while build 2 is available here
https://<tenant>.visualstudio.com/DefaultCollection/_apis/resources/Containers/801968?itemPath=<PathToWebDeploymentPackage>.zip
So there is a number changing inside the link which means the link I refer to in my template must be dynamic which means I need to understand where to get that number from, which I don't.
Maybe there is another way of referencing artifact uploads?
Take a look at this sample:
The website in that template resource has a child resource extension named "MSDeploy". This will deploy a package to the web site during deployment. So in your task that does the deployment you can create the web app, and deploy the package all in the one deployment task in RM.
You will need to use user or SPN authn for anything using ARM (no certs).
Update: Staging the Package
Ok, usually what I do here is "stage" my artifacts in Azure Storage (secured with a sasToken). The uri you provide in the template must be accessible to AzureRM. You VSTS build output is likely secured, so even though you could access it interactively, AzureRM cannot.
Essentially what you need is a task in RM (or build) that will 1) copy the artifacts to Azure (securely) and then 2) tell the next task where those artifacts are... Here's one option:
https://azure.microsoft.com/en-us/documentation/articles/vs-azure-tools-resource-groups-ci-in-vsts/
This doc is using VSTS build, but RM works the same way. The other part that's different is the doc is using a PS script used by Visual Studio in the Azure Resource Group projects. There's nothing special about that script (it will work anywhere just like any other PS script) but that's the example. It doesn't use the Azure Resource Group Deployment Task because that task cannot do the staging of the artifacts.
Essentially what you need to do is:
- parameterize that URI property (see example & repo below)
- copy the webdeploy package to Azure (PowerShell in this case)
- deploy the template and pass in the uri of the package
e.g. "packageUri": "[concat(parameters('artifactsLocation'), webdeploy.zip, parameters('sasToken')]"
That doc shows you how VS does it, and you should be able to adapt that for your scenario. If you go this route, you would use the Azure PowerShell task and no longer need the Azure Resource Group Deployment Task.
Another way to do this is with the Azure File Copy task, but currently that task does not output the URI or sasToken, so you couldn't pass it in to the deployment task (there's a PR in the queue to make that work).
Another option if you don't have access to Visual Studio is this repo:
https://github.com/Azure/azure-xplat-arm-tooling/tree/master/PowerShell
It has the same PS script that VS uses, and the templates show an example of the parameterized URL (for a dsc.zip file in this example) but would work the same way for msdeploy.
You've actually hit on one of the more sophisticated scenarios and at the moment not doc'd real well, but it's pretty cool when it works. LMK if you need more help here.
这篇关于如何使用VSTS发布管理部署到Azure资源组的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
