Find out how to Automate Digital Machine Creation in Azure DevOps

0
91

[ad_1]

Find out how to Automate Digital Machine Creation in Azure DevOps

Workload Safety

See how one can allow extra automation in your Microsoft® Azure® digital machine infrastructure builds, deployments, and safety implementation.
By: Chuck Losh

August 20, 2020

Learn time:  ( phrases)

Hey all! Completely happy Friday-eve! Very excited this Friday-eve! I wished to share with you some new experiments in automation that I’ve been working with and testing in Azure DevOps. These studying experiments are utilizing Infrastructure as Code (IaC) with ARM, Immutable Azure Digital Machine Structure with Packer and ARM, and Development Micro Cloud One Workload Safety.
In every of those experiments, I used to be in a position to efficiently deploy Development Micro Cloud One Workload Safety within the Azure DevOps pipeline. These are all actually cool applied sciences from each Microsoft and Development Micro to assist bridge collectively and enable you to create extra automation in your Azure Digital Machine infrastructure builds, deployments, and safety implementation!
Okay, so let’s get began!
Let’s take a fast look the place all good pipelines start and finish in Azure DevOps! That is proven beneath in my Azure DevOps Subscription!

Listed here are all my take a look at pipelines. We’re going to create and execute two take a look at pipelines right this moment coping with IaC by using ARM and an related Azure Customized-Script Extension useful resource, and once more with Immutable Structure with Packer and ARM.
These pipelines are named IaC and PackerIaCTest appropriately.
The primary place you begin in creating an Azure DevOps Pipeline is Azure Repos. You’ll want to create a brand new Personal Repo proven beneath. Then, clone it appropriately in Visible Studio Code! Clone away, my pals! Clone away, Clone away!

Alrighty, now we’ve a spot to start out! Now, you is perhaps asking your self the next query. How did I get these parameters.json and template.json recordsdata? Slightly secret! I skipped forward! To get began in IaC, you possibly can generate these proper inside your Azure Portal. Everytime you stage a Digital Machine through the Azure , you possibly can auto magically generate the corresponding ARM (Azure Useful resource Supervisor) template for later use for repeated deployments. You possibly can obtain the recordsdata from the Azure Portal in a pleasant little zip bundle! That is illustrated beneath in my Azure Portal! Professional-tip alert! Simply kidding!

This can be a fast and nice solution to jump-start in using IaC!
Additionally, spoiler-alert! You should utilize the official ARM extension for Visible Studio Code and run snippets and the autocomplete performance to construct your personal templates with just a few clicks. All, actually, actually, and I imply actually cool stuff! Severely, it is cool!

To start out the pipeline, beneath the Pipelines part, the primary choice you will choose is the supply Repo. On this case it’ll be IaC.

You need to ensure that and select Starter Pipeline.

Now, you will need to add a process to the pipeline. The duty we’re going to use is the ARM template deployment. It will stroll you thru the wizard and add the corresponding YAML attributes to your related pipeline file certain to that process. This instance I created will go forward and use the generated ARM templates dedicated within the Repo that I downloaded from the Azure Portal beforehand.

You’re going to need to reap the benefits of Azure DevOps pipeline variables. Why? So, you can add an adminPassword for instance! You need to select the choice as a saved Azure DevOps secret. That method it’s saved as secret, and you’ll reference the variable as $(adminPassword) in your pipeline configuration. This ensures we are able to logon to the newly created machine with that password variable. How cool is that? Nicely, I believe it is fairly cool!

Okay, lets go forward and run via a take a look at deployment and see if that works and provisions a take a look at Azure Digital Machine utilizing IaC that we are able to logon to!

Our IaC pipeline run was profitable! Let’s examine if we are able to RDP to the take a look at machine and ensure we are able to get to entry to it with the password variable/secret that we used. Yep, Look!

Okay, cool! So, we’ve efficiently deployed our first IaC based mostly deployment with an ARM template generated from my Azure Portal. We did all this using Azure DevOps Pipelines, Azure Repos, and Visible Studio Code. This all works very well collectively! I’m impressed!
Okay, so how can we mechanically add safety safety from Development Micro Cloud One Workload Safety via our newly created Azure DevOps pipeline?
Good query!
Nicely, let’s go forward and logon to our Development Micro Cloud One Workload Safety console and obtain a deployment script.

Cool! Take a look at this! You possibly can set your parameters on your Development Micro safety coverage and decide your base OS platform and the Powershell (Home windows) or Bash (Linux) will probably be mechanically generated for you! That is good! That method you do not have to go to a obtain middle and obtain particular brokers to put in. Huzzah!
Let’s take that Development Micro deployment script that I saved off and proven beneath in Visible Studio Code, and add that to an Azure Storage Account for instance. I wished to see how I can use that useful resource (Azure Storage Account) to retailer my script and pull it right into a machine as a take a look at.

Right here we see importing to an personal Azure Storage Account.

To limit entry simply to the pipeline script and the related Azure Storage Account you need to use a SAS URI and token, or you need to use a Digital Machine managed identification. The managed identification will prohibit entry from the newly created Digital Machine identification to the Azure Storage Account through RBAC position project. Both method will work, simply make it possible for the entry you select to the Storage Account that incorporates your deployment script is about to Learn Solely rights! I did that for testing and experimentation!

You then need to add and make the most of a brand new ARM useful resource in your template as a customized script extension. This ARM useful resource extension works for each Home windows and Linux. You should utilize the ARM extension for Visible Studio Code to generate the template code for you. That helps! This will make the most of the system managed identification choice, or SAS URI no matter you want to decide on. This practice-script extension useful resource will then run the Development Micro deployment script saved within the Azure Storage Account. I’m showcasing this beneath utilizing the SAS URI/token beneath for instance with the customized script extension useful resource being referred to as from the Azure Storage Account and ran on the Digital Machine.

You possibly can go forward and commit these modifications and push away!
The pipeline ought to kick off mechanically based mostly on the dedicated modifications and replace the Azure Digital Machine with Development Micro Cloud One Workload Safety. That is completed by working the learn solely script pulled out of the Azure Storage Account by the pipeline script utilizing the SaS URI/token. That is proven beneath with the finished Azure DevOps pipeline job, and the Development Micro Cloud One Workload Safety console exhibiting the newly provisioned and guarded machine!

Cool! That each one labored! Fairly cool experiment!
Now, one other method that I discovered to do that with IaC and Immutable Structure is to make use of Packer in Azure DevOps. You possibly can bundle up a customized Azure Digital Machine Picture based mostly on the official Microsoft pictures to start out, after which customise it with the Development Micro agent pre-installed within the picture. This practice picture can be utilized to construct new machines. Then you possibly can then flip round and run an related ARM Digital Machine deployment with that customized picture multi functional pipeline. Personally, I actually like this selection and most popular it over the opposite! It was enjoyable to experiment! Take pleasure in!
We’re going to accomplish this new construct construction beneath in a model new Azure DevOps pipeline and related Azure DevOps Repo. You possibly can see the PackerBuild step I added!

Right here is that new Repo created beneath. Actually the one key variations within the ARM template portion are to alter out the Microsoft Home windows 2016 commonplace picture to the Packer customized picture that will probably be created within the earlier Builder step within the pipeline. We need not run the deployment script within the ARM template part of the deployment as a result of it will likely be run contained in the customized picture to be reused. A lot of the modifications are completed within the pipeline config. I prefer it! I prefer it loads!

Okay, you possibly can see the brand new Repo above that I cloned regionally in Visible Studio Code beneath.
I added a scripts listing and positioned my Development Micro Cloud One Workload Safety deployment script (sames as earlier than downloaded from Development Micro) in there to be pulled in by Azure DevOps and Packer.

In my pipelines.yml file, I’ve added a few new duties to the pipeline. First, is the Construct Machine Picture Process (Packer).

That is my packer construct process for Azure DevOps which is doing the constructing of the Azure Digital Machine using Packer.
What I’m doing on this process is using a normal Microsoft Picture 2016-Datacenter. Then, I’m customizing it with my Development Micro deployment script to put in and configure Development Micro Cloud One Workload Safety. It’s then re-packaged again up as a customized picture, and saved in an accessible Azure Storage Account.
The second process within the pipeline is extra acquainted to us. It’s deploying a brand new Azure Digital Machine with that customized picture. That is utilizing the ARM deployment process of the pipeline.

Right here you possibly can see the Azure Machine Picture Builder process executing with the related Packer job. On this screenshot, we are able to see the Development Micro Cloud One Workload Safety Script truly being executed contained in the Azure Digital Machine Picture previous to the Picture being created. Cowabunga!

As soon as that Digital Machine is efficiently constructed, the machine will probably be sysprep’ed and shutdown and captured as a picture and saved within the Azure Storage Account for reference and reuse. Then the momentary Azure Useful resource Group will probably be deleted and cleaned up! Wow! That may be a big time saver quite than doing that by hand on the Azure Portal!
Subsequent, our ARM deployment process will key up, and deploy our new customized picture as a model new Azure Digital Machine!

Okay, and we are able to see that corresponding construct step in our pipeline!

Cool, appears like our all of our job levels have executed efficiently! PackerIaCTest pipeline is accomplished!

Let’s verify in on our Development Micro Cloud One Workload Safety console and see if the newly created Digital Machine from the packer customized picture reveals up in our Microsoft Azure Subscription. There it’s! It is working and guarded all via automation! Sweeeeeeet!

Tags

sXpIBdPeKzI9PC2p0SWMpUSM2NSxWzPyXTMLlbXmYa0R20xk

[ad_2]