Azure Terraform(九)利用 Azure DevOps Pipeline 的審批來控制流程發佈

一,引言

  Azure Pipeline 管道是一個自動化過程;但是往往我們由於某種原因,需要在多個階段之前獲得批准之後再繼續下一步流程,所以我們可以向Azure Pipeline 管道添加審批!批准流程可幫助我們進一步控制自己的管道;我們可以控制管道內特定階段的 Step 開始,通過審批,並決定 Azure Pipeline 管道何時完成。

而至於爲什麼要添加審批流程,是因爲基礎設施資源的部署是需要進行評估,慎重操作。有了審批,可以查看前一階段以確認配置代碼是否正確。

--------------------Azure Terraform 系列--------------------

1,Azure Terraform(一)入門簡介

2,Azure Terraform(二)語法詳解

3,Azure Terraform(三)部署 Web 應用程序

4,Azure Terraform(四)狀態文件存儲

5,Azure Terraform(五)利用Azure DevOps 實現自動化部署基礎資源

6,Azure Terraform(六)Common Module

7,Azure Terraform(七)利用Azure DevOps 實現自動化部署基礎資源(補充)

8,Azure Terraform(八)利用Azure DevOps 實現Infra資源和.NET CORE Web 應用程序的持續集成、持續部署

9,Azure Terraform(九)利用 Azure DevOps Pipeline 的審批來控制流程發佈

二,正文

1,Azure DevOps 創建新的項目

登錄 Azure DevOps 的地址:https://www.dev.azure.com ,點擊 “+ New project” 創建新的項目

輸入項目描述等信息

Project name:“Terraform_CnBateBlogWeb_AutoDeploy”

Visibility 選擇:“Private” ----- (根據現有項目進行設置)

Version control 選擇 “Git”

Work item process:“Agile”

確認完以上信息,點擊 “Create” 進行創建。

2,配置Azure DevOps 審批

選擇左側菜單 ”Pipelines =》Environments“,點擊 ”Create environment“ 創建環境

輸入配置以下參數

Name:”Approve_AutoDeploy"

Resoure 選擇:“None” (默認即可)

點擊 “Create” 創建環境

接下來爲當前 “Approve_AutoDeploy” 環境創建審批

點擊紅色箭頭所指,選擇 “Approve and checks” 添加審批請求

選擇 "Approvals" ,並將自己設置爲申請人

添加完成後,可看到類型爲 “Approvals” 的記錄,大家需要注意的是,審批的過期時間默認是 “30天”,大家可以根據實際情況更改。

3,配置 Azure DevOps Pipeline 

選擇左側菜單 “Pipelines”,點擊 “Create Pipeline“ 創建 管道作業

今天不使用經典編輯器模式,而選擇 GitHub (yaml)

選擇對應的 TF Code 的代碼倉庫

選擇 “Start Pipeline” 開啓新的管道構建部署代碼

Azure DevOps 會爲我們自動在項目根目錄生成一個名稱叫 “azure-pipelines.yaml” 的文件,我們將定義好的管道步驟添加到該文件中

管道步驟審批 yaml 示例代碼

jobs:
    - deployment: terraform_apply
      continueOnError: false
      environment: 'Approve_Production'
      timeoutInMinutes: 120
      strategy:
       runOnce:
        deploy:
            steps:

注意:我將在 terraform_apply 階段之前添加一個申請請求

紅色標記是需要改成自己Azure的訂閱,

橙色標記是需要添加的變量:

  1,管道變量:tf_version

  2,祕密變量:terraform_rg,storage_account,storage_account_container,container_key,keyvault,keyvault_sc 

  1 # Starter pipeline
  2 # Start with a minimal pipeline that you can customize to build and deploy your code.
  3 # Add steps that build, run tests, deploy, and more:
  4 # https://aka.ms/yaml
  5 
  6 trigger:
  7 - remote_stats
  8 
  9 pool:
 10   vmImage: ubuntu-latest
 11   
 12 variables:
 13   - name: tf_version
 14     value: 'latest'
 15 
 16 stages:
 17 - stage: script
 18   jobs:
 19    - job: azure_cli_script
 20      steps: 
 21       - task: [email protected]
 22         displayName: 'Azure CLI :Create Storage Account,Key Vault And Set KeyVault Secret'
 23         inputs:
 24           azureSubscription: 'Microsoft Azure Subscription(XXXX-XXX-XX-XX-XXX)'
 25           scriptType: 'bash'
 26           scriptLocation: 'inlineScript'
 27           inlineScript: |
 28               # create azure resource group
 29               az group create --location eastasia --name $(terraform_rg)
 30       
 31               # create azure storage account
 32               az storage account create --name $(storage_account) --resource-group $(terraform_rg) --location eastasia --sku Standard_LRS
 33       
 34               # create storage account container for tf state 
 35               az storage container create --name $(storage_account_container) --account-name $(storage_account)
 36       
 37               # query storage key and set variable
 38               ACCOUNT_KEY=$(az storage account keys list --resource-group $(terraform_rg) --account-name $(storage_account) --query "[?keyName == 'key1'][value]" --output tsv)
 39       
 40               # create azure keyvault
 41               az keyvault create --name $(keyvault) --resource-group $(terraform_rg) --location eastasia --enable-soft-delete false
 42       
 43               # set keyvault secret,secret value is ACCOUNT_KEY
 44               az keyvault secret set --name $(keyvault_sc) --vault-name $(keyvault)  --value $ACCOUNT_KEY
 45        
 46       - task: [email protected]
 47         displayName: 'Azure Key Vault :Get Storage Access Secret'
 48         inputs:
 49           azureSubscription: 'Microsoft Azure Subscription(XXXX-XXX-XX-XX-XXX)'
 50           KeyVaultName: '$(keyvault)'
 51           SecretsFilter: 'terraform-stste-storage-key'
 52           RunAsPreJob: false
 53 
 54 - stage: terraform_validate
 55   jobs:
 56   - job: terraform_validate
 57     steps:
 58     - task: [email protected]
 59       inputs:
 60         terraformVersion: ${{variables.tf_version}}
 61     - task: [email protected]
 62       displayName: 'terraform init'
 63       inputs:
 64         provider: 'azurerm'
 65         command: 'init'
 66         # commandOptions: '-backend-config="access_key=$(terraform-stste-storage-key)"'
 67         backendServiceArm: 'Microsoft Azure Subscription(XXXX-XXX-XX-XX-XXX)'
 68         backendAzureRmResourceGroupName: $(terraform_rg)
 69         backendAzureRmStorageAccountName: $(storage_account)
 70         backendAzureRmContainerName: $(storage_account_container)
 71         backendAzureRmKey: $(container_key)
 72         workingDirectory: '$(System.DefaultWorkingDirectory)/src/model/'
 73     - task: [email protected]
 74       inputs:
 75         provider: 'azurerm'
 76         command: 'validate'
 77         workingDirectory: '$(System.DefaultWorkingDirectory)/src/model/'
 78 
 79 - stage: terraform_plan
 80   dependsOn: [terraform_validate]
 81   condition: succeeded('terraform_validate')
 82   jobs:
 83     - job: terraform_plan
 84       steps:
 85         - task: [email protected]
 86           inputs:
 87             terraformVersion: ${{ variables.tf_version }}
 88         - task: [email protected]
 89           displayName: 'terraform init'
 90           inputs:
 91             provider: 'azurerm'
 92             command: 'init'
 93             # commandOptions: '-backend-config="access_key=$(terraform-stste-storage-key)"'
 94             backendServiceArm: 'Microsoft Azure Subscription(XXXX-XXX-XX-XX-XXX)'
 95             backendAzureRmResourceGroupName: $(terraform_rg)
 96             backendAzureRmStorageAccountName: $(storage_account)
 97             backendAzureRmContainerName: $(storage_account_container)
 98             backendAzureRmKey: $(container_key)
 99             workingDirectory: '$(System.DefaultWorkingDirectory)/src/model/'
100         - task: [email protected]
101           inputs:
102             provider: 'azurerm'
103             command: 'plan'
104             environmentServiceNameAzureRM: 'Microsoft Azure Subscription(XXXX-XXX-XX-XX-XXX)'
105             workingDirectory: '$(System.DefaultWorkingDirectory)/src/model/'
106 
107 - stage: terraform_apply
108   dependsOn: [terraform_plan]
109   condition: succeeded('terraform_plan')
110   jobs:
111     - deployment: terraform_apply
112       continueOnError: false
113       environment: 'Approve_Production'
114       timeoutInMinutes: 120
115       strategy:
116        runOnce:
117         deploy:
118           steps:
119             - checkout: self
120             - task: [email protected]
121               inputs:
122                 terraformVersion: ${{ variables.tf_version }}
123             - task: [email protected]
124               displayName: 'terraform init'
125               inputs:
126                 provider: 'azurerm'
127                 command: 'init'
128                 # commandOptions: '-backend-config="access_key=$(terraform-stste-storage-key)"'
129                 backendServiceArm: 'Microsoft Azure Subscrription(XXXX-XXX-XX-XX-XXX)'
130                 backendAzureRmResourceGroupName: $(terraform_rg)
131                 backendAzureRmStorageAccountName: $(storage_account)
132                 backendAzureRmContainerName: $(storage_account_container)
133                 backendAzureRmKey: $(container_key)
134                 workingDirectory: '$(System.DefaultWorkingDirectory)/src/model/'
135             - task: [email protected]
136               inputs:
137                 provider: 'azurerm'
138                 command: 'plan'
139                 environmentServiceNameAzureRM: 'Microsoft Azure Subscription(XXXX-XXX-XX-XX-XXX)'
140                 workingDirectory: '$(System.DefaultWorkingDirectory)/src/model/'
141             - task: [email protected]
142               inputs:
143                 provider: 'azurerm'
144                 command: 'apply'
145                 commandOptions: '-auto-approve'
146                 environmentServiceNameAzureRM: 'Microsoft Azure Subscription(XXXX-XXX-XX-XX-XXX)'
147                 workingDirectory: '$(System.DefaultWorkingDirectory)/src/model/'
148 
149 # - stage: terraform_apply
150 #   dependsOn: [terraform_plan]
151 #   condition: succeeded('terraform_plan')
152 #   jobs:
153 #     - job: terraform_apply
154 #       steps:
155 #         - task: [email protected]
156 #           inputs:
157 #             terraformVersion: ${{ variables.tf_version }}
158 #         - task: [email protected]
159 #           displayName: 'terraform init'
160 #           inputs:
161 #             provider: 'azurerm'
162 #             command: 'init'
163 #             # commandOptions: '-backend-config="access_key=$(terraform-stste-storage-key)"'
164 #             backendServiceArm: 'Microsoft Azure Subscription(XXXX-XXX-XX-XX-XXX)'
165 #             backendAzureRmResourceGroupName: $(terraform_rg)
166 #             backendAzureRmStorageAccountName: $(storage_account)
167 #             backendAzureRmContainerName: $(storage_account_container)
168 #             backendAzureRmKey: $(container_key)
169 #             workingDirectory: '$(System.DefaultWorkingDirectory)/src/model/'
170 #         - task: [email protected]
171 #           inputs:
172 #             provider: 'azurerm'
173 #             command: 'plan'
174 #             environmentServiceNameAzureRM: 'Microsoft Azure Subscription(XXXX-XXX-XX-XX-XXX)'
175 #             workingDirectory: '$(System.DefaultWorkingDirectory)/src/model/'
176 #         - task: [email protected]
177 #           inputs:
178 #             provider: 'azurerm'
179 #             command: 'apply'
180 #             commandOptions: '-auto-approve'
181 #             environmentServiceNameAzureRM: 'Microsoft Azure Subscription(XXXX-XXX-XX-XX-XXX)'
182 #             workingDirectory: '$(System.DefaultWorkingDirectory)/src/model/'
183 
184 - stage: terraform_destroy
185   dependsOn: [terraform_apply]
186   condition: succeeded('terraform_apply')
187   jobs:
188     - job: terraform_destroy
189       steps:
190         - task: [email protected]
191           inputs:
192             terraformVersion: ${{ variables.tf_version }}
193         - task: [email protected]
194           displayName: 'terraform init'
195           inputs:
196             provider: 'azurerm'
197             command: 'init'
198             # commandOptions: '-backend-config="access_key=$(terraform-stste-storage-key)"'
199             backendServiceArm: 'Microsoft Azure Subscription(XXXX-XXX-XX-XX-XXX)'
200             backendAzureRmResourceGroupName: $(terraform_rg)
201             backendAzureRmStorageAccountName: $(storage_account)
202             backendAzureRmContainerName: $(storage_account_container)
203             backendAzureRmKey: $(container_key)
204             workingDirectory: '$(System.DefaultWorkingDirectory)/src/model/'
205         - task: [email protected]
206           inputs:
207             provider: 'azurerm'
208             command: 'plan'
209             environmentServiceNameAzureRM: 'Microsoft Azure Subscription(XXXX-XXX-XX-XX-XXX)'
210             workingDirectory: '$(System.DefaultWorkingDirectory)/src/model/'
211         - task: [email protected]
212           inputs:
213             provider: 'azurerm'
214             command: 'destroy'
215             commandOptions: '-auto-approve'
216             environmentServiceNameAzureRM: 'Microsoft Azure Subscription(XXXX-XXX-XX-XX-XXX)'
217             workingDirectory: '$(System.DefaultWorkingDirectory)/src/model/'

添加祕密變量,點擊 “ Variables=》New variable”

輸入機密的名稱和值

Name:“terraform_rg”

Value:“Web_Test_TF_RG”

點擊 “OK” 確認添加操作

 按照以上方式一次添加以下機密信息

terraform_rg:"Web_Test_TF_RG"

storage_account:"cnbatetfstorage"

storage_account_container:"tf-state001"

container_key:"cnbate.tf.stats"

keyvault:"cnbate-terraform-kv001"

keyvault_sc:"terraform-stste-storage-key"

完成以上信息後,點擊 ”Run” 手動觸發當前 Pipeline

選擇分支 ‘“remote_stats”,點擊 “Run”

接下來我們就會看到整個流程步驟,以及當前運行運行的步驟,如果需要審批,流程就會暫停,等待審批完成後,再執行後續操作

點擊 “Approve” 同意審批,進行下一步執行 TF Code 執行部署計劃

OK,成功!!!部署完成。是✨😁ヾ(≧▽≦*)o

三,結尾

   對於今天實驗的操作,大家可以多多練習,參考作者的 github 倉庫。今天的內容需要在Azure DevOps 上進行操作的,大家要多加練習。至於 Terraform 代碼方面沒有過多的講解,主要是因爲結合之前部署Azure 資源,大家都會Terraform 有了一定的理解了。所以大家可以自行下載,進行分析修改。

參考資料:Terraform 官方Azure Pipeline 文檔

Terraform_Cnbate_Traffic_Manager github Address:https://github.com/yunqian44/Terraform_Cnbate_Traffic_Manager

歡迎大家關注博主的博客:https://allenmasters.com/

作者:Allen 

版權:轉載請在文章明顯位置註明作者及出處。如發現錯誤,歡迎批評指正。

發表評論
所有評論
還沒有人評論,想成為第一個評論的人麼? 請在上方評論欄輸入並且點擊發布.
相關文章