Azure DevOps: Deploy a Windows Server with a DevOps Pipeline and Key Vault
HTML-код
- Опубликовано: 22 авг 2024
- In this video, we go through the process of using Azure DevOps pipelines to deploy a simple Windows server with an Azure ARM template. We add ARM templates to a repo and connect Azure DevOps to a subscription with a service principle. We also go over connecting Azure DevOps to an Azure Key Vault and use a KeyVault secret as a password for the server’s local admin account.
Links:
Zero to Hero with Windows Virtual Desktop
www.udemy.com/...
GitHub Simple Server Repo:
github.com/Azu...
json and ARM Templates
www.ciraltos.c...
Thanks a lot Roberts, its very ver use full video for Azure DevOps learners , Its a clear explanation! Thank you!
I cannot get past the Key Vault creation step, there is no key vault for me to select. Nor is Allow Access to All pipelines an option
Well explained and precise! Thank you Travis!
Really helpful video. Well explained and to the point :) Thanks!
Great work. I was looking for this explanation.❤
Great video Travis. You packed a lot of practical information into a relatively short video. Just wondering if it is possible to automate installing additional software as part of the pipeline?
Superb! Thanks for sharing this wonderful information :)
Thanks a lot very useful video to start with AzureDevops for ARM deployment.
Hi quick question; I'm sorta new at this and was following along, when you were setting up the KeyVault variable do you already need to have a keyvault set up beforehand (seperate to whats covered in this video)?
Hey Travis! great work, I love the way you deliver your content, very concise and easy to understand especially for noobs like myself. Have you got a tut where you deployed a Windows Server but using Bicep instead of json?
Thanks! All the Bicep content I have is here ruclips.net/p/PLnWpsLZNgHzUWIDWI0lWCTsS8wC9UaJho
Great video Travis. Thank you!
Glad you liked it!
Great tutorial as always. thanks.
Thanks for sharing . Awesome video .
Thanks for watching!
thanks for nice explanation, your video really help me to build my first DevOps test. but vault part not worked for me.
thank you, nice explanation
For your Windows virtual desktop course, is there an option in virtual desktop to pause when not active for say 15 minutes? Then restart whenever a key is pressed? This is absolutely essential to save cost and we can neither depend of users to manually pause it, or have a fixed scheduled start and stop times ( which will be very Inflexible) . I needed to know this before subscribing for your Udemy course. Thanks
There is currently no option to “pause” a VM and stop charges in Azure. A VM can be deallocated to stop charges, but that action will power down the VM and restart once powered back on.
@@Ciraltos That seems like an intentional one from Microsoft to generate income in an unethical way! They have the same thing for SQL Managed Instance (not Azure SQLDB which can be paused).
@@nasarazam You can save cost using multiple methods: 1. Shutdown (Deallocate) VM when not in use (This process can be automated using Azure automation or using web jobs) 2. Purchase reserved instances for VM, 1yr, 3 yr or 5 yr. 3. Purchase reserved instance for Disk 4. Use DevOps to completely delete the VM and related resources and re create them when needed using ARM template.
Hi Travis, thanks for the video tutorial. May I know the purpose of adding the variable group because when I tried without the variable group, it still worked.
I wondered about that as well. Creating the service connection at the subscription gives it the contributor RBAC role, including on the Key Vault. The service connection also needs the get and list permissions in the Key Vault access policy. This is added with the authorize step when setting up the variable group. I’m not sure if adding the Key Vault task alone without authorizing the account will also add the permissions to the access policy.
@@Ciraltos Thanks Travis, you are absolutely right, adding the Key Vault task alone won't authorize the service principal (used in the service connection) to read the secret in the key vault. We have to either set an access policy in the key vault with Secret Permissions
(Get) or perform the variable group as demonstrated in the video. Thanks again for making the video very simple and concise.
Thanks. I suspect I could have called the variable group as outlined in the document below and skipped adding the Key Vault tasks. I haven't tried it, but it seems like a more elegant way to do it. docs.microsoft.com/en-us/azure/devops/pipelines/library/variable-groups?view=azure-devops&tabs=yaml
quick question, on 11:40, do you need to create a new key vault cenuskeyvault01 in azure portal prior to selecting Key Vault Name ?
Yes, that step adds the permissions to the key vault for the DevOps service to read the secrets.
how to give SC acces to keyVault lacal admin from RBAC
is it possible to add tags to the vm as part of the deployment?
Is there a way to provision a VM without creating a new VNet each time? What if I want to use an existing VNet?
ITs a an awesome tutorial for beginners. Could you please help me to get the template file .which you used. i could see a 404 error to accessing the gitrepo.
Thanks for pointing that out. It looks like the directory structure for that repo has changed. I updated the link on the page with the new location. github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.compute/vm-simple-windows
Hi Travis thank you for your video it is very helpful, but I am wondering how to do this with a build and then release it in different stages. Now the VM gets deployed with the build. How can we first deploy it into a testing environment/stage and if that is successful in a productiv environment?
13 minutes into the video you are setting up the YAML pipeline...
why is the pool vmimage set to ubuntu-latest when you are deploying a windows server?
have i missed something here?
cheers
The ubuntu pool is what runs the pipeline job, that doesn't have to be Windows.
@@Ciraltos thanks for clarifying that... was a bit confused.. cheers!
Travis, do you have instead of a .json file - have one for a terraform deployment? thanks!
Great tut. I keep getting error in azure resource manager part of pipeline. ##[error]Deployment template validation failed: 'The provided value for the template parameter 'adminPassword' at line '1' and column '415' is not valid. Length of the value should be greater than or equal to '12'.
However in the template parameter file I have the following:
"adminPassword": {
"value": ""
},
Perhaps my secret value/password in the key vault is too short?
**Edit and fix** I notice the file requires a min of 12 length password. Once I increase pw to greater then 12 in my keyvault, it worked.
"adminPassword": {
"type": "secureString",
"minLength": 12,
"metadata": {
"description": "Password for the Virtual Machine."
}
Thanks!
Can we have more content like this one in your channel please