Automation and scripting Azure deployments might sound like a tough task for partners running a thin IT team.
While spending the time and energy to learn automation through scripting is desireable, its often simple to start with a few readily available scripts from script repositories like Github.
But wait...! What if Azure can get you a script for existing resources and environments in Azure and allow you to reuse the same. This is very useful in scenarios where you want to:
- Redeploy dev and test deployments
- Build similar environments for multiple customers
- Build a disaster recovery copy of the existing environment
In this blog, I discuss the simple steps to for achieving this in your environment. I am making the simple assumption that you've got an Azure Subscription through CSP for your customer. This is a prerequisite to get started.
Let's cover a simple scenario where you have two virtual machines (-an application stack with a web engine and a database server) within a designated VNET and two subnets that have network security rules for allowing selective ports and traffic across these two virtual machines. Let's also consider a storage account that will house the VM disks and a repository for any application that can leverage blob storage for the application stack - all encompassed in a Resource Group.
Assuming the environment is up and operational how can you script a similar deployment to repeat it for the purposes I have outlined above. Let's get started:
- Login to your Azure environment that runs the above setup
- In the console - Click 'Show Menu' icon in the top left corner
- Click on 'Resource Groups'
- The resource groups blade should display the existing resource groups in the environment
- Select the resource group that runs the above environment in context:
- This opens the properties blade. Click on 'Automation Scripts'
- You will see the console reads the resources in the group and populates the equivalent script for resources that exists in the group.
Note: There might be some resources which get excluded from the script group - like gateway vnet configurations.
The exception is only during the script building that Azure does. The missing components are to be configured manually or added through an amendment to the script before redeploying the set. I will cover on script amendments and customisation in a separate blog.
Once the script building is complete you will see three sections covering Template, Parameters and the scripts in multiple formats or scripting languages (PowerShell, Ruby, CLI and .Net).
The template file carries the extract of the resource schema and the parameter files define different inputs that will feed into the schema during script execution. These are .json format files which will download when you click the ''Download' button on the top.
The script set is the form of .zip file that has the template, parameter and the scripts for the earlier mentioned script formats.
You also have the option to include this schema to your script library for deployment later by clicking on the 'Add to Library' button.
The deploy button directly allows you to deploy the script from the console and opens a blade with pre-populated parameters based on the export or source resource group. In this scenario make sure to deploy this in a new resource group to avoid duplication or with different parameters like virtual machine names, storage account name etc.
Once you check the terms agreement checkbox and click on the 'Purchase' button, Azure runs a validation of the parameters against the existing environment for name duplications and prompts a validation error if any. You can fix these in the parameter pane and rerun the deployment.
If all validations are green, then Azure starts deploying the resources immediately.
Choose the resource group icon again a while later to check back on the resources deployed. There are post deployment tasks to ensure the new setup runs smoothly. Make sure the application level configurations and references are updated to point to the new deployment parameters.
Also, make sure you do necessary amendments and changes to the network security groups in the new environment.
There you are with a new environment that was deployed through automation script in Azure in a very short time without much knowledge of scripting. The exported scripts can be executed from outside Azure where you will be prompted for credentials to deploy in the requirement tenant or environment. Make sure that no customer specific contents are exported as part of this procedure. Ensure that the parameters are refined and cleaned not to relect any customer specific data in their names and tags.
By, Sridhar Deenadayalan | Cloud Partner Enablement Specialist - Microsoft Azure | rhipe
T +61 3 9642 8695 E sridhar.deenadayalan@rhipe.com