Hi quick question; I'm sorta new at this and was following along, when you were setting up the KeyVault variable do you already need to have a keyvault set up beforehand (seperate to whats covered in this video)?
Great video Travis. You packed a lot of practical information into a relatively short video. Just wondering if it is possible to automate installing additional software as part of the pipeline?
13 minutes into the video you are setting up the YAML pipeline... why is the pool vmimage set to ubuntu-latest when you are deploying a windows server? have i missed something here? cheers
Hi Travis, thanks for the video tutorial. May I know the purpose of adding the variable group because when I tried without the variable group, it still worked.
I wondered about that as well. Creating the service connection at the subscription gives it the contributor RBAC role, including on the Key Vault. The service connection also needs the get and list permissions in the Key Vault access policy. This is added with the authorize step when setting up the variable group. I’m not sure if adding the Key Vault task alone without authorizing the account will also add the permissions to the access policy.
@@Ciraltos Thanks Travis, you are absolutely right, adding the Key Vault task alone won't authorize the service principal (used in the service connection) to read the secret in the key vault. We have to either set an access policy in the key vault with Secret Permissions (Get) or perform the variable group as demonstrated in the video. Thanks again for making the video very simple and concise.
Thanks. I suspect I could have called the variable group as outlined in the document below and skipped adding the Key Vault tasks. I haven't tried it, but it seems like a more elegant way to do it. docs.microsoft.com/en-us/azure/devops/pipelines/library/variable-groups?view=azure-devops&tabs=yaml
For your Windows virtual desktop course, is there an option in virtual desktop to pause when not active for say 15 minutes? Then restart whenever a key is pressed? This is absolutely essential to save cost and we can neither depend of users to manually pause it, or have a fixed scheduled start and stop times ( which will be very Inflexible) . I needed to know this before subscribing for your Udemy course. Thanks
There is currently no option to “pause” a VM and stop charges in Azure. A VM can be deallocated to stop charges, but that action will power down the VM and restart once powered back on.
@@Ciraltos That seems like an intentional one from Microsoft to generate income in an unethical way! They have the same thing for SQL Managed Instance (not Azure SQLDB which can be paused).
@@nasarazam You can save cost using multiple methods: 1. Shutdown (Deallocate) VM when not in use (This process can be automated using Azure automation or using web jobs) 2. Purchase reserved instances for VM, 1yr, 3 yr or 5 yr. 3. Purchase reserved instance for Disk 4. Use DevOps to completely delete the VM and related resources and re create them when needed using ARM template.
ITs a an awesome tutorial for beginners. Could you please help me to get the template file .which you used. i could see a 404 error to accessing the gitrepo.
Thanks for pointing that out. It looks like the directory structure for that repo has changed. I updated the link on the page with the new location. github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.compute/vm-simple-windows
Hi Travis thank you for your video it is very helpful, but I am wondering how to do this with a build and then release it in different stages. Now the VM gets deployed with the build. How can we first deploy it into a testing environment/stage and if that is successful in a productiv environment?
Great tut. I keep getting error in azure resource manager part of pipeline. ##[error]Deployment template validation failed: 'The provided value for the template parameter 'adminPassword' at line '1' and column '415' is not valid. Length of the value should be greater than or equal to '12'. However in the template parameter file I have the following: "adminPassword": { "value": "" }, Perhaps my secret value/password in the key vault is too short? **Edit and fix** I notice the file requires a min of 12 length password. Once I increase pw to greater then 12 in my keyvault, it worked. "adminPassword": { "type": "secureString", "minLength": 12, "metadata": { "description": "Password for the Virtual Machine." }
Hey Travis! great work, I love the way you deliver your content, very concise and easy to understand especially for noobs like myself. Have you got a tut where you deployed a Windows Server but using Bicep instead of json?
Thanks a lot Roberts, its very ver use full video for Azure DevOps learners , Its a clear explanation! Thank you!
Hi quick question; I'm sorta new at this and was following along, when you were setting up the KeyVault variable do you already need to have a keyvault set up beforehand (seperate to whats covered in this video)?
Great work. I was looking for this explanation.❤
I cannot get past the Key Vault creation step, there is no key vault for me to select. Nor is Allow Access to All pipelines an option
Very Nice. Clear instructions. thanks
You are welcome!
Well explained and precise! Thank you Travis!
Superb! Thanks for sharing this wonderful information :)
Really helpful video. Well explained and to the point :) Thanks!
quick question, on 11:40, do you need to create a new key vault cenuskeyvault01 in azure portal prior to selecting Key Vault Name ?
Yes, that step adds the permissions to the key vault for the DevOps service to read the secrets.
Great tutorial as always. thanks.
Excellent content!
Great video Travis. Thank you!
Glad you liked it!
Great video Travis. You packed a lot of practical information into a relatively short video. Just wondering if it is possible to automate installing additional software as part of the pipeline?
13 minutes into the video you are setting up the YAML pipeline...
why is the pool vmimage set to ubuntu-latest when you are deploying a windows server?
have i missed something here?
cheers
The ubuntu pool is what runs the pipeline job, that doesn't have to be Windows.
@@Ciraltos thanks for clarifying that... was a bit confused.. cheers!
is it possible to add tags to the vm as part of the deployment?
Thanks a lot very useful video to start with AzureDevops for ARM deployment.
Thanks for sharing . Awesome video .
Thanks for watching!
I'm having an issue with Authorizing the KeyVault. I don't get a pop up or anything it just comes back to "Authorize" and i can't assign the password.
Hi Travis, thanks for the video tutorial. May I know the purpose of adding the variable group because when I tried without the variable group, it still worked.
I wondered about that as well. Creating the service connection at the subscription gives it the contributor RBAC role, including on the Key Vault. The service connection also needs the get and list permissions in the Key Vault access policy. This is added with the authorize step when setting up the variable group. I’m not sure if adding the Key Vault task alone without authorizing the account will also add the permissions to the access policy.
@@Ciraltos Thanks Travis, you are absolutely right, adding the Key Vault task alone won't authorize the service principal (used in the service connection) to read the secret in the key vault. We have to either set an access policy in the key vault with Secret Permissions
(Get) or perform the variable group as demonstrated in the video. Thanks again for making the video very simple and concise.
Thanks. I suspect I could have called the variable group as outlined in the document below and skipped adding the Key Vault tasks. I haven't tried it, but it seems like a more elegant way to do it. docs.microsoft.com/en-us/azure/devops/pipelines/library/variable-groups?view=azure-devops&tabs=yaml
how to give SC acces to keyVault lacal admin from RBAC
Is there a way to provision a VM without creating a new VNet each time? What if I want to use an existing VNet?
For your Windows virtual desktop course, is there an option in virtual desktop to pause when not active for say 15 minutes? Then restart whenever a key is pressed? This is absolutely essential to save cost and we can neither depend of users to manually pause it, or have a fixed scheduled start and stop times ( which will be very Inflexible) . I needed to know this before subscribing for your Udemy course. Thanks
There is currently no option to “pause” a VM and stop charges in Azure. A VM can be deallocated to stop charges, but that action will power down the VM and restart once powered back on.
@@Ciraltos That seems like an intentional one from Microsoft to generate income in an unethical way! They have the same thing for SQL Managed Instance (not Azure SQLDB which can be paused).
@@nasarazam You can save cost using multiple methods: 1. Shutdown (Deallocate) VM when not in use (This process can be automated using Azure automation or using web jobs) 2. Purchase reserved instances for VM, 1yr, 3 yr or 5 yr. 3. Purchase reserved instance for Disk 4. Use DevOps to completely delete the VM and related resources and re create them when needed using ARM template.
Travis, do you have instead of a .json file - have one for a terraform deployment? thanks!
ITs a an awesome tutorial for beginners. Could you please help me to get the template file .which you used. i could see a 404 error to accessing the gitrepo.
Thanks for pointing that out. It looks like the directory structure for that repo has changed. I updated the link on the page with the new location. github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.compute/vm-simple-windows
Hi Travis thank you for your video it is very helpful, but I am wondering how to do this with a build and then release it in different stages. Now the VM gets deployed with the build. How can we first deploy it into a testing environment/stage and if that is successful in a productiv environment?
thank you, nice explanation
Great tut. I keep getting error in azure resource manager part of pipeline. ##[error]Deployment template validation failed: 'The provided value for the template parameter 'adminPassword' at line '1' and column '415' is not valid. Length of the value should be greater than or equal to '12'.
However in the template parameter file I have the following:
"adminPassword": {
"value": ""
},
Perhaps my secret value/password in the key vault is too short?
**Edit and fix** I notice the file requires a min of 12 length password. Once I increase pw to greater then 12 in my keyvault, it worked.
"adminPassword": {
"type": "secureString",
"minLength": 12,
"metadata": {
"description": "Password for the Virtual Machine."
}
Hey Travis! great work, I love the way you deliver your content, very concise and easy to understand especially for noobs like myself. Have you got a tut where you deployed a Windows Server but using Bicep instead of json?
Thanks! All the Bicep content I have is here ua-cam.com/play/PLnWpsLZNgHzUWIDWI0lWCTsS8wC9UaJho.html
thanks for nice explanation, your video really help me to build my first DevOps test. but vault part not worked for me.
Thanks!
Can we have more content like this one in your channel please