0
点赞
收藏
分享

微信扫一扫

Azure Terraform(九)利用 Azure DevOps Pipeline 的审批来控制流程发布

eelq 2022-01-14 阅读 71

Python微信订餐小程序课程视频

https://edu.csdn.net/course/detail/36074

Python实战量化交易理财系统

https://edu.csdn.net/course/detail/35475

一,引言

Azure Pipeline 管道是一个自动化过程;但是往往我们由于某种原因,需要在多个阶段之前获得批准之后再继续下一步流程,所以我们可以向Azure Pipeline 管道添加审批!批准流程可帮助我们进一步控制自己的管道;我们可以控制管道内特定阶段的 Step 开始,通过审批,并决定 Azure Pipeline 管道何时完成。

而至于为什么要添加审批流程,是因为基础设施资源的部署是需要进行评估,慎重操作。有了审批,可以查看前一阶段以确认配置代码是否正确。

--------------------Azure Terraform 系列--------------------

1,Azure Terraform(一)入门简介

2,Azure Terraform(二)语法详解

3,Azure Terraform(三)部署 Web 应用程序

4,Azure Terraform(四)状态文件存储

5,Azure Terraform(五)利用Azure DevOps 实现自动化部署基础资源

6,Azure Terraform(六)Common Module

7,Azure Terraform(七)利用Azure DevOps 实现自动化部署基础资源(补充)

8,Azure Terraform(八)利用Azure DevOps 实现Infra资源和.NET CORE Web 应用程序的持续集成、持续部署

9,Azure Terraform(九)利用 Azure DevOps Pipeline 的审批来控制流程发布

二,正文

1,Azure DevOps 创建新的项目

登录 Azure DevOps 的地址:https://www.dev.azure.com ,点击 “+ New project” 创建新的项目

输入项目描述等信息

Project name:“Terraform_CnBateBlogWeb_AutoDeploy”

Visibility 选择:“Private” ----- (根据现有项目进行设置)

Version control 选择 “Git”

Work item process:“Agile”

确认完以上信息,点击 “Create” 进行创建。

2,配置Azure DevOps 审批

选择左侧菜单 ”Pipelines =》Environments“,点击 ”Create environment“ 创建环境

输入配置以下参数

Name:”Approve_AutoDeploy"

Resoure 选择:“None” (默认即可)

点击 “Create” 创建环境

接下来为当前 “Approve_AutoDeploy” 环境创建审批

点击红色箭头所指,选择 “Approve and checks” 添加审批请求

选择 “Approvals” ,并将自己设置为申请人

添加完成后,可看到类型为 “Approvals” 的记录,大家需要注意的是,审批的过期时间默认是 “30天”,大家可以根据实际情况更改。

3,配置 Azure DevOps Pipeline

选择左侧菜单 “Pipelines”,点击 “Create Pipeline“ 创建 管道作业

今天不使用经典编辑器模式,而选择 GitHub (yaml)

选择对应的 TF Code 的代码仓库

选择 “Start Pipeline” 开启新的管道构建部署代码

Azure DevOps 会为我们自动在项目根目录生成一个名称叫 “azure-pipelines.yaml” 的文件,我们将定义好的管道步骤添加到该文件中

管道步骤审批 yaml 示例代码

jobs:
 - deployment: terraform\_apply
 continueOnError: false
 environment: 'Approve\_Production'
 timeoutInMinutes: 120
 strategy:
 runOnce:
 deploy:
 steps:

注意:我将在 terraform_apply 阶段之前添加一个申请请求

红色标记是需要改成自己Azure的订阅,

橙色标记是需要添加的变量:

**1,管道变量:**tf_version

**2,秘密变量:****terraform_rg,**storage_account,storage_account_container,container_key,keyvault,keyvault_sc

 1 # Starter pipeline
 2 # Start with a minimal pipeline that you can customize to build and deploy your code.
 3 # Add steps that build, run tests, deploy, and more:
 4 # https://aka.ms/yaml
 5 
 6 trigger:
 7 - remote\_stats
 8 
 9 pool:
 10  vmImage: ubuntu-latest
 11   
 12 **variables**:
 13  - name: **tf\_version** 14  value: '**latest**'
 15 
 16 stages:
 17 - stage: script
 18  jobs:
 19  - job: azure\_cli\_script
 20  steps: 
 21  - task: AzureCLI@2
 22  displayName: 'Azure CLI :Create Storage Account,Key Vault And Set KeyVault Secret'
 23  inputs:
 24  azureSubscription: '**Microsoft Azure Subscription(XXXX-XXX-XX-XX-XXX)**'
 25  scriptType: 'bash'
 26  scriptLocation: 'inlineScript'
 27  inlineScript: |
 28  # create azure resource group
 29  az group create --location eastasia --name **$(terraform\_rg)** 30       
 31  # create azure storage account
 32  az storage account create --name **$(storage\_account)** --resource-group **$(terraform\_rg)** --location eastasia --sku Standard\_LRS
 33       
 34  # create storage account container for tf state 
 35  az storage container create --name **$(storage\_account\_container)** --account-name **$(storage\_account)** 36       
 37  # query storage key and set variable
 38  ACCOUNT\_KEY=$(az storage account keys list --resource-group **$(terraform\_rg)** --account-name **$(storage\_account)** --query "[?keyName == 'key1'][value]" --output tsv)
 39       
 40  # create azure keyvault
 41  az keyvault create --name **$(keyvault)** --resource-group **$(terraform\_rg)** --location eastasia --enable-soft-delete false
 42       
 43  # set keyvault secret,secret value is ACCOUNT\_KEY
 44  az keyvault secret set --name **$(keyvault\_sc)** --vault-name **$(keyvault)** --value $ACCOUNT\_KEY
 45        
 46  - task: AzureKeyVault@2
 47  displayName: 'Azure Key Vault :Get Storage Access Secret'
 48  inputs:
 49  azureSubscription: '**Microsoft Azure Subscription(XXXX-XXX-XX-XX-XXX)**'
 50  KeyVaultName: '$(keyvault)'
 51  SecretsFilter: 'terraform-stste-storage-key'
 52  RunAsPreJob: false
 53 
 54 - stage: terraform\_validate
 55  jobs:
 56  - job: terraform\_validate
 57  steps:
 58  - task: TerraformInstaller@0
 59  inputs:
 60  terraformVersion: ${{variables.tf\_version}}
 61  - task: TerraformTaskV2@2
 62  displayName: 'terraform init'
 63  inputs:
 64  provider: 'azurerm'
 65  command: 'init'
 66  # commandOptions: '-backend-config="access\_key=$(terraform-stste-storage-key)"'
 67  backendServiceArm: '**Microsoft Azure Subscription(XXXX-XXX-XX-XX-XXX)**'
 68  backendAzureRmResourceGroupName: $(terraform\_rg)
 69  backendAzureRmStorageAccountName: $(storage\_account)
 70  backendAzureRmContainerName: $(storage\_account\_container)
 71  backendAzureRmKey: $(container\_key)
 72  workingDirectory: '$(System.DefaultWorkingDirectory)/src/model/'
 73  - task: TerraformTaskV2@2
 74  inputs:
 75  provider: 'azurerm'
 76  command: 'validate'
 77  workingDirectory: '$(System.DefaultWorkingDirectory)/src/model/'
 78 
 79 - stage: terraform\_plan
 80  dependsOn: [terraform\_validate]
 81  condition: succeeded('terraform\_validate')
 82  jobs:
 83  - job: terraform\_plan
 84  steps:
 85  - task: TerraformInstaller@0
 86  inputs:
 87  terraformVersion: ${{ variables.tf\_version }}
 88  - task: TerraformTaskV2@2
 89  displayName: 'terraform init'
 90  inputs:
 91  provider: 'azurerm'
 92  command: 'init'
 93  # commandOptions: '-backend-config="access\_key=$(terraform-stste-storage-key)"'
 94  backendServiceArm: '**Microsoft Azure Subscription(XXXX-XXX-XX-XX-XXX)**'
 95  backendAzureRmResourceGroupName: $(terraform\_rg)
 96  backendAzureRmStorageAccountName: $(storage\_account)
 97  backendAzureRmContainerName: $(storage\_account\_container)
 98  backendAzureRmKey: $(container\_key)
 99  workingDirectory: '$(System.DefaultWorkingDirectory)/src/model/'
100  - task: TerraformTaskV2@2
101  inputs:
102  provider: 'azurerm'
103  command: 'plan'
104  environmentServiceNameAzureRM: '**Microsoft Azure Subscription(XXXX-XXX-XX-XX-XXX)**'
105  workingDirectory: '$(System.DefaultWorkingDirectory)/src/model/'
106 
107 - stage: terraform\_apply
108  dependsOn: [terraform\_plan]
109  condition: succeeded('terraform\_plan')
110  jobs:
111  - deployment: terraform\_apply
112  continueOnError: false
113  environment: 'Approve\_Production'
114  timeoutInMinutes: 120
115  strategy:
116  runOnce:
117  deploy:
118  steps:
119  - checkout: self
120  - task: TerraformInstaller@0
121  inputs:
122  terraformVersion: ${{ variables.tf\_version }}
123  - task: TerraformTaskV2@2
124  displayName: 'terraform init'
125  inputs:
126  provider: 'azurerm'
127  command: 'init'
128  # commandOptions: '-backend-config="access\_key=$(terraform-stste-storage-key)"'
129  backendServiceArm: '**Microsoft Azure Subscrription(XXXX-XXX-XX-XX-XXX)**'
130  backendAzureRmResourceGroupName: $(terraform\_rg)
131  backendAzureRmStorageAccountName: $(storage\_account)
132  backendAzureRmContainerName: $(storage\_account\_container)
133  backendAzureRmKey: $(container\_key)
134  workingDirectory: '$(System.DefaultWorkingDirectory)/src/model/'
135  - task: TerraformTaskV2@2
136  inputs:
137  provider: 'azurerm'
138  command: 'plan'
139  environmentServiceNameAzureRM: '**Microsoft Azure Subscription(XXXX-XXX-XX-XX-XXX)**'
140  workingDirectory: '$(System.DefaultWorkingDirectory)/src/model/'
141  - task: TerraformTaskV2@2
142  inputs:
143  provider: 'azurerm'
144  command: 'apply'
145  commandOptions: '-auto-approve'
146  environmentServiceNameAzureRM: '**Microsoft Azure Subscription(XXXX-XXX-XX-XX-XXX)**'
147  workingDirectory: '$(System.DefaultWorkingDirectory)/src/model/'
148 
149 # - stage: terraform\_apply
150 # dependsOn: [terraform\_plan]
151 # condition: succeeded('terraform\_plan')
152 # jobs:
153 # - job: terraform\_apply
154 # steps:
155 # - task: TerraformInstaller@0
156 # inputs:
157 # terraformVersion: ${{ variables.tf\_version }}
158 # - task: TerraformTaskV2@2
159 # displayName: 'terraform init'
160 # inputs:
161 # provider: 'azurerm'
162 # command: 'init'
163 # # commandOptions: '-backend-config="access\_key=$(terraform-stste-storage-key)"'
164 # backendServiceArm: '**Microsoft Azure Subscription(XXXX-XXX-XX-XX-XXX)**'
165 # backendAzureRmResourceGroupName: $(terraform\_rg)
166 # backendAzureRmStorageAccountName: $(storage\_account)
167 # backendAzureRmContainerName: $(storage\_account\_container)
168 # backendAzureRmKey: $(container\_key)
169 # workingDirectory: '$(System.DefaultWorkingDirectory)/src/model/'
170 # - task: TerraformTaskV2@2
171 # inputs:
172 # provider: 'azurerm'
173 # command: 'plan'
174 # environmentServiceNameAzureRM: '**Microsoft Azure Subscription(XXXX-XXX-XX-XX-XXX)**'
175 # workingDirectory: '$(System.DefaultWorkingDirectory)/src/model/'
176 # - task: TerraformTaskV2@2
177 # inputs:
178 # provider: 'azurerm'
179 # command: 'apply'
180 # commandOptions: '-auto-approve'
181 # environmentServiceNameAzureRM: '**Microsoft Azure Subscription(XXXX-XXX-XX-XX-XXX)**'
182 # workingDirectory: '$(System.DefaultWorkingDirectory)/src/model/'
183 
184 - stage: terraform\_destroy
185  dependsOn: [terraform\_apply]
186  condition: succeeded('terraform\_apply')
187  jobs:
188  - job: terraform\_destroy
189  steps:
190  - task: TerraformInstaller@0
191  inputs:
192  terraformVersion: ${{ variables.tf\_version }}
193  - task: TerraformTaskV2@2
194  displayName: 'terraform init'
195  inputs:
196  provider: 'azurerm'
197  command: 'init'
198  # commandOptions: '-backend-config="access\_key=$(terraform-stste-storage-key)"'
199  backendServiceArm: '**Microsoft Azure Subscription(XXXX-XXX-XX-XX-XXX)**'
200  backendAzureRmResourceGroupName: $(terraform\_rg)
201  backendAzureRmStorageAccountName: $(storage\_account)
202  backendAzureRmContainerName: $(storage\_account\_container)
203  backendAzureRmKey: $(container\_key)
204  workingDirectory: '$(System.DefaultWorkingDirectory)/src/model/'
205  - task: TerraformTaskV2@2
206  inputs:
207  provider: 'azurerm'
208  command: 'plan'
209  environmentServiceNameAzureRM: '**Microsoft Azure Subscription(XXXX-XXX-XX-XX-XXX)**'
210  workingDirectory: '$(System.DefaultWorkingDirectory)/src/model/'
211  - task: TerraformTaskV2@2
212  inputs:
213  provider: 'azurerm'
214  command: 'destroy'
215  commandOptions: '-auto-approve'
216  environmentServiceNameAzureRM: '**Microsoft Azure Subscription(XXXX-XXX-XX-XX-XXX)**'
217             workingDirectory: '$(System.DefaultWorkingDirectory)/src/model/'

添加秘密变量,点击 “ Variables=》New variable”

输入机密的名称和值

Name:“terraform_rg”

Value:“Web_Test_TF_RG”

点击 “OK” 确认添加操作

按照以上方式一次添加以下机密信息

terraform_rg:"Web_Test_TF_RG"

storage_account:"cnbatetfstorage"

storage_account_container:"tf-state001"

container_key:"cnbate.tf.stats"

keyvault:"cnbate-terraform-kv001"

keyvault_sc:"terraform-stste-storage-key"

完成以上信息后,点击 ”Run” 手动触发当前 Pipeline

选择分支 ‘“remote_stats”,点击 “Run”

接下来我们就会看到整个流程步骤,以及当前运行运行的步骤,如果需要审批,流程就会暂停,等待审批完成后,再执行后续操作

点击 “Approve” 同意审批,进行下一步执行 TF Code 执行部署计划

OK,成功!!!部署完成。是✨😁ヾ(≧▽≦*)o

三,结尾

对于今天实验的操作,大家可以多多练习,参考作者的 github 仓库。今天的内容需要在Azure DevOps 上进行操作的,大家要多加练习。至于 Terraform 代码方面没有过多的讲解,主要是因为结合之前部署Azure 资源,大家都会Terraform 有了一定的理解了。所以大家可以自行下载,进行分析修改。

参考资料:Terraform 官方,Azure Pipeline 文档

Terraform_Cnbate_Traffic_Manager github Address:https://github.com/yunqian44/Terraform_Cnbate_Traffic_Manager

欢迎大家关注博主的博客:https://allenmasters.com/

版权:转载请在文章明显位置注明作者及出处。如发现错误,欢迎批评指正。

举报

相关推荐

如何创建azure pipeline

0 条评论