Azure Terraform(十)利用 Azure DevOps 的条件语句选择发布环境
一,引言
之前我讲过的所有的案例中,都是将整个Azure Resource 部署到同一个订阅下,没有做到灵活的在 Azure Pipeline 在运行前选择需要部署的环境。在实际的项目开发中,我们也会遇到将这些基础设施资源验证完成后,分别部署到 DEV,UAT,PRD 等多个环境 。那么我们就带着个整个问题开始今天的分析。
-------------------- 我是分割线 --------------------
--------------------Azure Terraform 系列--------------------
二,正文
1,Azure DevOps Pipeline 中的条件语句
首先我们需要先定义参数,以便在 Pipeline 运行的时候进行选择哪个环境
parameters:
- name: deployEnv
displayName: Select a Deployment Environment???
type: string
default: 'dev'
values:
- dev
- uat
- prd
接下来设置条件语句的变量的值可以根据 “deployEnv” 的值变化
variables:
- name: tf_version
value: 'latest'
- name: env_name
${{ if eq(parameters['deployEnv'],'dev') }}:
value: 'dev'
${{elseif eq(parameters['DeployEnv'],'uat') }}:
value: 'uat'
${{elseif eq(parameters['DeployEnv'],'prd') }}:
value: 'prd'
以上两段代码我们不难看出,veriables.env_name 的值取决于 parameters.deployEnv 的值,再经过条件语句的过滤,重新赋值
复制以上两段代码到 azure-pipelines.yml 中
azure-pipeline.yml 完整代码
1 # Starter pipeline 2 # Start with a minimal pipeline that you can customize to build and deploy your code. 3 # Add steps that build, run tests, deploy, and more: 4 # https://aka.ms/yaml 5 6 trigger: 7 - remote_stats 8 9 pool: 10 vmImage: ubuntu-latest 11 12 parameters: 13 - name: deployEnv 14 displayName: Selecting a Deployment Environment??? 15 type: string 16 default: 'dev' 17 values: 18 - dev 19 - uat 20 - prd 21 22 variables: 23 - name: tf_version 24 value: 'latest' 25 - name: env_name 26 ${{ if eq(parameters['deployEnv'],'dev') }}: 27 value: 'dev' 28 ${{elseif eq(parameters['DeployEnv'],'uat') }}: 29 value: 'uat' 30 ${{elseif eq(parameters['DeployEnv'],'prd') }}: 31 value: 'prd' 32 33 stages: 34 - stage: script 35 jobs: 36 - job: azure_cli_script 37 steps: 38 - task: AzureCLI@2 39 displayName: 'Azure CLI :Create Storage Account,Key Vault And Set KeyVault Secret' 40 inputs: 41 azureSubscription: 'Microsoft Azure Subscription(xxxx-xxx-xxx-xxxx)' 42 scriptType: 'bash' 43 scriptLocation: 'inlineScript' 44 inlineScript: | 45 # create azure resource group 46 az group create --location eastasia --name $(terraform_rg) 47 48 # create azure storage account 49 az storage account create --name $(storage_account) --resource-group $(terraform_rg) --location eastasia --sku Standard_LRS 50 51 # create storage account container for tf state 52 az storage container create --name $(storage_account_container) --account-name $(storage_account) 53 54 # query storage key and set variable 55 ACCOUNT_KEY=$(az storage account keys list --resource-group $(terraform_rg) --account-name $(storage_account) --query "[?keyName == 'key1'][value]" --output tsv) 56 57 # create azure keyvault 58 az keyvault create --name $(keyvault) --resource-group $(terraform_rg) --location eastasia --enable-soft-delete false 59 60 # set keyvault secret,secret value is ACCOUNT_KEY 61 az keyvault secret set --name $(keyvault_sc) --vault-name $(keyvault) --value $ACCOUNT_KEY 62 63 - task: AzureKeyVault@2 64 displayName: 'Azure Key Vault :Get Storage Access Secret' 65 inputs: 66 azureSubscription: 'Microsoft Azure Subscription(xxxx-xxx-xxx-xxxx)' 67 KeyVaultName: '$(keyvault)' 68 SecretsFilter: 'terraform-stste-storage-key' 69 RunAsPreJob: false 70 71 - stage: terraform_validate 72 jobs: 73 - job: terraform_validate 74 steps: 75 - task: TerraformInstaller@0 76 inputs: 77 terraformVersion: ${{variables.tf_version}} 78 - task: TerraformTaskV2@2 79 displayName: 'terraform init' 80 inputs: 81 provider: 'azurerm' 82 command: 'init' 83 # commandOptions: '-backend-config="access_key=$(terraform-stste-storage-key)"' 84 backendServiceArm: 'Microsoft Azure Subscription(xxxx-xxx-xxx-xxxx)' 85 backendAzureRmResourceGroupName: $(terraform_rg) 86 backendAzureRmStorageAccountName: $(storage_account) 87 backendAzureRmContainerName: $(storage_account_container) 88 backendAzureRmKey: $(container_key) 89 workingDirectory: '$(System.DefaultWorkingDirectory)/src/model/' 90 - task: TerraformTaskV2@2 91 inputs: 92 provider: 'azurerm' 93 command: 'validate' 94 workingDirectory: '$(System.DefaultWorkingDirectory)/src/model/' 95 96 - stage: terraform_plan 97 dependsOn: [terraform_validate] 98 condition: succeeded('terraform_validate') 99 jobs: 100 - job: terraform_plan 101 steps: 102 - task: TerraformInstaller@0 103 inputs: 104 terraformVersion: ${{ variables.tf_version }} 105 - task: TerraformTaskV2@2 106 displayName: 'terraform init' 107 inputs: 108 provider: 'azurerm' 109 command: 'init' 110 # commandOptions: '-backend-config="access_key=$(terraform-stste-storage-key)"' 111 backendServiceArm: 'Microsoft Azure Subscription(xxxx-xxx-xxx-xxxx)' 112 backendAzureRmResourceGroupName: $(terraform_rg) 113 backendAzureRmStorageAccountName: $(storage_account) 114 backendAzureRmContainerName: $(storage_account_container) 115 backendAzureRmKey: $(container_key) 116 workingDirectory: '$(System.DefaultWorkingDirectory)/src/model/' 117 - task: TerraformTaskV2@2 118 inputs: 119 provider: 'azurerm' 120 command: 'plan' 121 environmentServiceNameAzureRM: 'Microsoft Azure Subscription(xxxx-xxx-xxx-xxxx)' 122 workingDirectory: '$(System.DefaultWorkingDirectory)/src/model/' 123 124 - stage: terraform_apply 125 dependsOn: [terraform_plan] 126 condition: succeeded('terraform_plan') 127 jobs: 128 - deployment: terraform_apply 129 continueOnError: false 130 environment: 'Approve_Production' 131 timeoutInMinutes: 120 132 strategy: 133 runOnce: 134 deploy: 135 steps: 136 - checkout: self 137 - task: TerraformInstaller@0 138 inputs: 139 terraformVersion: ${{ variables.tf_version }} 140 - task: TerraformTaskV2@2 141 displayName: 'terraform init' 142 inputs: 143 provider: 'azurerm' 144 command: 'init' 145 # commandOptions: '-backend-config="access_key=$(terraform-stste-storage-key)"' 146 backendServiceArm: 'Microsoft Azure Subscription(xxxx-xxx-xxx-xxxx)' 147 backendAzureRmResourceGroupName: $(terraform_rg) 148 backendAzureRmStorageAccountName: $(storage_account) 149 backendAzureRmContainerName: $(storage_account_container) 150 backendAzureRmKey: $(container_key) 151 workingDirectory: '$(System.DefaultWorkingDirectory)/src/model/' 152 - task: TerraformTaskV2@2 153 inputs: 154 provider: 'azurerm' 155 command: 'plan' 156 environmentServiceNameAzureRM: 'Microsoft Azure Subscription(xxxx-xxx-xxx-xxxx)' 157 workingDirectory: '$(System.DefaultWorkingDirectory)/src/model/' 158 - task: TerraformTaskV2@2 159 inputs: 160 provider: 'azurerm' 161 command: 'apply' 162 commandOptions: '-auto-approve' 163 environmentServiceNameAzureRM: 'Microsoft Azure Subscription(xxxx-xxx-xxx-xxxx)' 164 workingDirectory: '$(System.DefaultWorkingDirectory)/src/model/' 165 166 # - stage: terraform_apply 167 # dependsOn: [terraform_plan] 168 # condition: succeeded('terraform_plan') 169 # jobs: 170 # - job: terraform_apply 171 # steps: 172 # - task: TerraformInstaller@0 173 # inputs: 174 # terraformVersion: ${{ variables.tf_version }} 175 # - task: TerraformTaskV2@2 176 # displayName: 'terraform init' 177 # inputs: 178 # provider: 'azurerm' 179 # command: 'init' 180 # # commandOptions: '-backend-config="access_key=$(terraform-stste-storage-key)"' 181 # backendServiceArm: 'Microsoft Azure Subscription(xxxx-xxx-xxx-xxxx)' 182 # backendAzureRmResourceGroupName: $(terraform_rg) 183 # backendAzureRmStorageAccountName: $(storage_account) 184 # backendAzureRmContainerName: $(storage_account_container) 185 # backendAzureRmKey: $(container_key) 186 # workingDirectory: '$(System.DefaultWorkingDirectory)/src/model/' 187 # - task: TerraformTaskV2@2 188 # inputs: 189 # provider: 'azurerm' 190 # command: 'plan' 191 # environmentServiceNameAzureRM: 'Microsoft Azure Subscription(xxxx-xxx-xxx-xxxx)' 192 # workingDirectory: '$(System.DefaultWorkingDirectory)/src/model/' 193 # - task: TerraformTaskV2@2 194 # inputs: 195 # provider: 'azurerm' 196 # command: 'apply' 197 # commandOptions: '-auto-approve' 198 # environmentServiceNameAzureRM: 'Microsoft Azure Subscription(xxxx-xxx-xxx-xxxx)' 199 # workingDirectory: '$(System.DefaultWorkingDirectory)/src/model/' 200 201 - stage: terraform_destroy 202 dependsOn: [terraform_apply] 203 condition: succeeded('terraform_apply') 204 jobs: 205 - job: terraform_destroy 206 steps: 207 - task: TerraformInstaller@0 208 inputs: 209 terraformVersion: ${{ variables.tf_version }} 210 - task: TerraformTaskV2@2 211 displayName: 'terraform init' 212 inputs: 213 provider: 'azurerm' 214 command: 'init' 215 # commandOptions: '-backend-config="access_key=$(terraform-stste-storage-key)"' 216 backendServiceArm: 'Microsoft Azure Subscription(xxxx-xxx-xxx-xxxx)' 217 backendAzureRmResourceGroupName: $(terraform_rg) 218 backendAzureRmStorageAccountName: $(storage_account) 219 backendAzureRmContainerName: $(storage_account_container) 220 backendAzureRmKey: $(container_key) 221 workingDirectory: '$(System.DefaultWorkingDirectory)/src/model/' 222 - task: TerraformTaskV2@2 223 inputs: 224 provider: 'azurerm' 225 command: 'plan' 226 environmentServiceNameAzureRM: 'Microsoft Azure Subscription(xxxx-xxx-xxx-xxxx)' 227 workingDirectory: '$(System.DefaultWorkingDirectory)/src/model/' 228 - task: TerraformTaskV2@2 229 inputs: 230 provider: 'azurerm' 231 command: 'destroy' 232 commandOptions: '-auto-approve' 233 environmentServiceNameAzureRM: 'Microsoft Azure Subscription(xxxx-xxx-xxx-xxxx)' 234 workingDirectory: '$(System.DefaultWorkingDirectory)/src/model/'
2,Azure Pipeline 条件语句运行效果
保存完 yml 文件后,点击 ”Run“,手动触发 Pipeline 管道
可以看到除了默认 Run pipeline 的默认分支,还需要选择我们自定义的 Parameters-----"deployEnv"
bingo !! 我们的目的已经达到了。通过这种条件语句的判定,我们就可以做一些部署变量的替换,从而达到部署不同环境的目的了。
三,结尾
以上内容,大家多做做练习。下一篇,我们继续介绍多环境部署Azure Pipeline
参考资料:Terraform 官方,Azure Pipeline 文档
Terraform_Cnbate_Traffic_Manager github Address:https://github.com/yunqian44/Terraform_Cnbate_Traffic_Manager
欢迎大家关注博主的博客:https://allenmasters.com/
作者:Allen
版权:转载请在文章明显位置注明作者及出处。如发现错误,欢迎批评指正。