Python微信订餐小程序课程视频
https://edu.csdn.net/course/detail/36074
Python实战量化交易理财系统
https://edu.csdn.net/course/detail/35475
一,引言
Azure Pipeline 管道是一个自动化过程;但是往往我们由于某种原因,需要在多个阶段之前获得批准之后再继续下一步流程,所以我们可以向Azure Pipeline 管道添加审批!批准流程可帮助我们进一步控制自己的管道;我们可以控制管道内特定阶段的 Step 开始,通过审批,并决定 Azure Pipeline 管道何时完成。
而至于为什么要添加审批流程,是因为基础设施资源的部署是需要进行评估,慎重操作。有了审批,可以查看前一阶段以确认配置代码是否正确。
--------------------Azure Terraform 系列--------------------
1,Azure Terraform(一)入门简介
2,Azure Terraform(二)语法详解
3,Azure Terraform(三)部署 Web 应用程序
4,Azure Terraform(四)状态文件存储
5,Azure Terraform(五)利用Azure DevOps 实现自动化部署基础资源
6,Azure Terraform(六)Common Module
7,Azure Terraform(七)利用Azure DevOps 实现自动化部署基础资源(补充)
8,Azure Terraform(八)利用Azure DevOps 实现Infra资源和.NET CORE Web 应用程序的持续集成、持续部署
9,Azure Terraform(九)利用 Azure DevOps Pipeline 的审批来控制流程发布
二,正文
1,Azure DevOps 创建新的项目
登录 Azure DevOps 的地址:https://www.dev.azure.com ,点击 “+ New project” 创建新的项目
输入项目描述等信息
Project name:“Terraform_CnBateBlogWeb_AutoDeploy”
Visibility 选择:“Private” ----- (根据现有项目进行设置)
Version control 选择 “Git”
Work item process:“Agile”
确认完以上信息,点击 “Create” 进行创建。
2,配置Azure DevOps 审批
选择左侧菜单 ”Pipelines =》Environments“,点击 ”Create environment“ 创建环境
输入配置以下参数
Name:”Approve_AutoDeploy"
Resoure 选择:“None” (默认即可)
点击 “Create” 创建环境
接下来为当前 “Approve_AutoDeploy” 环境创建审批
点击红色箭头所指,选择 “Approve and checks” 添加审批请求
选择 “Approvals” ,并将自己设置为申请人
添加完成后,可看到类型为 “Approvals” 的记录,大家需要注意的是,审批的过期时间默认是 “30天”,大家可以根据实际情况更改。
3,配置 Azure DevOps Pipeline
选择左侧菜单 “Pipelines”,点击 “Create Pipeline“ 创建 管道作业
今天不使用经典编辑器模式,而选择 GitHub (yaml)
选择对应的 TF Code 的代码仓库
选择 “Start Pipeline” 开启新的管道构建部署代码
Azure DevOps 会为我们自动在项目根目录生成一个名称叫 “azure-pipelines.yaml” 的文件,我们将定义好的管道步骤添加到该文件中
管道步骤审批 yaml 示例代码
jobs:
- deployment: terraform\_apply
continueOnError: false
environment: 'Approve\_Production'
timeoutInMinutes: 120
strategy:
runOnce:
deploy:
steps:
注意:我将在 terraform_apply 阶段之前添加一个申请请求
红色标记是需要改成自己Azure的订阅,
橙色标记是需要添加的变量:
**1,管道变量:**tf_version
**2,秘密变量:****terraform_rg,**storage_account,storage_account_container,container_key,keyvault,keyvault_sc
1 # Starter pipeline
2 # Start with a minimal pipeline that you can customize to build and deploy your code.
3 # Add steps that build, run tests, deploy, and more:
4 # https://aka.ms/yaml
5
6 trigger:
7 - remote\_stats
8
9 pool:
10 vmImage: ubuntu-latest
11
12 **variables**:
13 - name: **tf\_version** 14 value: '**latest**'
15
16 stages:
17 - stage: script
18 jobs:
19 - job: azure\_cli\_script
20 steps:
21 - task: AzureCLI@2
22 displayName: 'Azure CLI :Create Storage Account,Key Vault And Set KeyVault Secret'
23 inputs:
24 azureSubscription: '**Microsoft Azure Subscription(XXXX-XXX-XX-XX-XXX)**'
25 scriptType: 'bash'
26 scriptLocation: 'inlineScript'
27 inlineScript: |
28 # create azure resource group
29 az group create --location eastasia --name **$(terraform\_rg)** 30
31 # create azure storage account
32 az storage account create --name **$(storage\_account)** --resource-group **$(terraform\_rg)** --location eastasia --sku Standard\_LRS
33
34 # create storage account container for tf state
35 az storage container create --name **$(storage\_account\_container)** --account-name **$(storage\_account)** 36
37 # query storage key and set variable
38 ACCOUNT\_KEY=$(az storage account keys list --resource-group **$(terraform\_rg)** --account-name **$(storage\_account)** --query "[?keyName == 'key1'][value]" --output tsv)
39
40 # create azure keyvault
41 az keyvault create --name **$(keyvault)** --resource-group **$(terraform\_rg)** --location eastasia --enable-soft-delete false
42
43 # set keyvault secret,secret value is ACCOUNT\_KEY
44 az keyvault secret set --name **$(keyvault\_sc)** --vault-name **$(keyvault)** --value $ACCOUNT\_KEY
45
46 - task: AzureKeyVault@2
47 displayName: 'Azure Key Vault :Get Storage Access Secret'
48 inputs:
49 azureSubscription: '**Microsoft Azure Subscription(XXXX-XXX-XX-XX-XXX)**'
50 KeyVaultName: '$(keyvault)'
51 SecretsFilter: 'terraform-stste-storage-key'
52 RunAsPreJob: false
53
54 - stage: terraform\_validate
55 jobs:
56 - job: terraform\_validate
57 steps:
58 - task: TerraformInstaller@0
59 inputs:
60 terraformVersion: ${{variables.tf\_version}}
61 - task: TerraformTaskV2@2
62 displayName: 'terraform init'
63 inputs:
64 provider: 'azurerm'
65 command: 'init'
66 # commandOptions: '-backend-config="access\_key=$(terraform-stste-storage-key)"'
67 backendServiceArm: '**Microsoft Azure Subscription(XXXX-XXX-XX-XX-XXX)**'
68 backendAzureRmResourceGroupName: $(terraform\_rg)
69 backendAzureRmStorageAccountName: $(storage\_account)
70 backendAzureRmContainerName: $(storage\_account\_container)
71 backendAzureRmKey: $(container\_key)
72 workingDirectory: '$(System.DefaultWorkingDirectory)/src/model/'
73 - task: TerraformTaskV2@2
74 inputs:
75 provider: 'azurerm'
76 command: 'validate'
77 workingDirectory: '$(System.DefaultWorkingDirectory)/src/model/'
78
79 - stage: terraform\_plan
80 dependsOn: [terraform\_validate]
81 condition: succeeded('terraform\_validate')
82 jobs:
83 - job: terraform\_plan
84 steps:
85 - task: TerraformInstaller@0
86 inputs:
87 terraformVersion: ${{ variables.tf\_version }}
88 - task: TerraformTaskV2@2
89 displayName: 'terraform init'
90 inputs:
91 provider: 'azurerm'
92 command: 'init'
93 # commandOptions: '-backend-config="access\_key=$(terraform-stste-storage-key)"'
94 backendServiceArm: '**Microsoft Azure Subscription(XXXX-XXX-XX-XX-XXX)**'
95 backendAzureRmResourceGroupName: $(terraform\_rg)
96 backendAzureRmStorageAccountName: $(storage\_account)
97 backendAzureRmContainerName: $(storage\_account\_container)
98 backendAzureRmKey: $(container\_key)
99 workingDirectory: '$(System.DefaultWorkingDirectory)/src/model/'
100 - task: TerraformTaskV2@2
101 inputs:
102 provider: 'azurerm'
103 command: 'plan'
104 environmentServiceNameAzureRM: '**Microsoft Azure Subscription(XXXX-XXX-XX-XX-XXX)**'
105 workingDirectory: '$(System.DefaultWorkingDirectory)/src/model/'
106
107 - stage: terraform\_apply
108 dependsOn: [terraform\_plan]
109 condition: succeeded('terraform\_plan')
110 jobs:
111 - deployment: terraform\_apply
112 continueOnError: false
113 environment: 'Approve\_Production'
114 timeoutInMinutes: 120
115 strategy:
116 runOnce:
117 deploy:
118 steps:
119 - checkout: self
120 - task: TerraformInstaller@0
121 inputs:
122 terraformVersion: ${{ variables.tf\_version }}
123 - task: TerraformTaskV2@2
124 displayName: 'terraform init'
125 inputs:
126 provider: 'azurerm'
127 command: 'init'
128 # commandOptions: '-backend-config="access\_key=$(terraform-stste-storage-key)"'
129 backendServiceArm: '**Microsoft Azure Subscrription(XXXX-XXX-XX-XX-XXX)**'
130 backendAzureRmResourceGroupName: $(terraform\_rg)
131 backendAzureRmStorageAccountName: $(storage\_account)
132 backendAzureRmContainerName: $(storage\_account\_container)
133 backendAzureRmKey: $(container\_key)
134 workingDirectory: '$(System.DefaultWorkingDirectory)/src/model/'
135 - task: TerraformTaskV2@2
136 inputs:
137 provider: 'azurerm'
138 command: 'plan'
139 environmentServiceNameAzureRM: '**Microsoft Azure Subscription(XXXX-XXX-XX-XX-XXX)**'
140 workingDirectory: '$(System.DefaultWorkingDirectory)/src/model/'
141 - task: TerraformTaskV2@2
142 inputs:
143 provider: 'azurerm'
144 command: 'apply'
145 commandOptions: '-auto-approve'
146 environmentServiceNameAzureRM: '**Microsoft Azure Subscription(XXXX-XXX-XX-XX-XXX)**'
147 workingDirectory: '$(System.DefaultWorkingDirectory)/src/model/'
148
149 # - stage: terraform\_apply
150 # dependsOn: [terraform\_plan]
151 # condition: succeeded('terraform\_plan')
152 # jobs:
153 # - job: terraform\_apply
154 # steps:
155 # - task: TerraformInstaller@0
156 # inputs:
157 # terraformVersion: ${{ variables.tf\_version }}
158 # - task: TerraformTaskV2@2
159 # displayName: 'terraform init'
160 # inputs:
161 # provider: 'azurerm'
162 # command: 'init'
163 # # commandOptions: '-backend-config="access\_key=$(terraform-stste-storage-key)"'
164 # backendServiceArm: '**Microsoft Azure Subscription(XXXX-XXX-XX-XX-XXX)**'
165 # backendAzureRmResourceGroupName: $(terraform\_rg)
166 # backendAzureRmStorageAccountName: $(storage\_account)
167 # backendAzureRmContainerName: $(storage\_account\_container)
168 # backendAzureRmKey: $(container\_key)
169 # workingDirectory: '$(System.DefaultWorkingDirectory)/src/model/'
170 # - task: TerraformTaskV2@2
171 # inputs:
172 # provider: 'azurerm'
173 # command: 'plan'
174 # environmentServiceNameAzureRM: '**Microsoft Azure Subscription(XXXX-XXX-XX-XX-XXX)**'
175 # workingDirectory: '$(System.DefaultWorkingDirectory)/src/model/'
176 # - task: TerraformTaskV2@2
177 # inputs:
178 # provider: 'azurerm'
179 # command: 'apply'
180 # commandOptions: '-auto-approve'
181 # environmentServiceNameAzureRM: '**Microsoft Azure Subscription(XXXX-XXX-XX-XX-XXX)**'
182 # workingDirectory: '$(System.DefaultWorkingDirectory)/src/model/'
183
184 - stage: terraform\_destroy
185 dependsOn: [terraform\_apply]
186 condition: succeeded('terraform\_apply')
187 jobs:
188 - job: terraform\_destroy
189 steps:
190 - task: TerraformInstaller@0
191 inputs:
192 terraformVersion: ${{ variables.tf\_version }}
193 - task: TerraformTaskV2@2
194 displayName: 'terraform init'
195 inputs:
196 provider: 'azurerm'
197 command: 'init'
198 # commandOptions: '-backend-config="access\_key=$(terraform-stste-storage-key)"'
199 backendServiceArm: '**Microsoft Azure Subscription(XXXX-XXX-XX-XX-XXX)**'
200 backendAzureRmResourceGroupName: $(terraform\_rg)
201 backendAzureRmStorageAccountName: $(storage\_account)
202 backendAzureRmContainerName: $(storage\_account\_container)
203 backendAzureRmKey: $(container\_key)
204 workingDirectory: '$(System.DefaultWorkingDirectory)/src/model/'
205 - task: TerraformTaskV2@2
206 inputs:
207 provider: 'azurerm'
208 command: 'plan'
209 environmentServiceNameAzureRM: '**Microsoft Azure Subscription(XXXX-XXX-XX-XX-XXX)**'
210 workingDirectory: '$(System.DefaultWorkingDirectory)/src/model/'
211 - task: TerraformTaskV2@2
212 inputs:
213 provider: 'azurerm'
214 command: 'destroy'
215 commandOptions: '-auto-approve'
216 environmentServiceNameAzureRM: '**Microsoft Azure Subscription(XXXX-XXX-XX-XX-XXX)**'
217 workingDirectory: '$(System.DefaultWorkingDirectory)/src/model/'
添加秘密变量,点击 “ Variables=》New variable”
输入机密的名称和值
Name:“terraform_rg”
Value:“Web_Test_TF_RG”
点击 “OK” 确认添加操作
按照以上方式一次添加以下机密信息
terraform_rg:"Web_Test_TF_RG"
storage_account:"cnbatetfstorage"
storage_account_container:"tf-state001"
container_key:"cnbate.tf.stats"
keyvault:"cnbate-terraform-kv001"
keyvault_sc:"terraform-stste-storage-key"
完成以上信息后,点击 ”Run” 手动触发当前 Pipeline
选择分支 ‘“remote_stats”,点击 “Run”
接下来我们就会看到整个流程步骤,以及当前运行运行的步骤,如果需要审批,流程就会暂停,等待审批完成后,再执行后续操作
点击 “Approve” 同意审批,进行下一步执行 TF Code 执行部署计划
OK,成功!!!部署完成。是✨😁ヾ(≧▽≦*)o
三,结尾
对于今天实验的操作,大家可以多多练习,参考作者的 github 仓库。今天的内容需要在Azure DevOps 上进行操作的,大家要多加练习。至于 Terraform 代码方面没有过多的讲解,主要是因为结合之前部署Azure 资源,大家都会Terraform 有了一定的理解了。所以大家可以自行下载,进行分析修改。
参考资料:Terraform 官方,Azure Pipeline 文档
Terraform_Cnbate_Traffic_Manager github Address:https://github.com/yunqian44/Terraform_Cnbate_Traffic_Manager
欢迎大家关注博主的博客:https://allenmasters.com/
版权:转载请在文章明显位置注明作者及出处。如发现错误,欢迎批评指正。
