GetRawCertData ()) Connect-AzureRMAccount # Create the service principal with the certificate just created $servicePrincipal = New-AzureRMADServicePrincipal -DisplayName $servicePrincipalName -CertValue $keyValue -EndDate $cert. # Create an Azure Service principal with a cert for authentication $certStoreLoc = 'cert:\CurrentUser\My' $certSubject = 'CN=teamCityAzureContainerSP' $servicePrincipalName = 'azure-container-instances-teamcity-testing' # Create local self-signed cert - use cert authority in production $cert = New-SelfSignedCertificate -CertStoreLocation $certStoreLoc -Subject $certSubject -KeySpec KeyExchange $keyValue = :: ToBase64String ( $cert. This certificate should be copied (included the private key) to where you want the service principal to be able to login (i.e. Here’s the code to create the Service Principal, it creates a local self-signed certificate that is used for the Service Principal to connect. There’s also this issue tracker that shows they are working on improving security of secrets held. Jetbrains also advise to avoid storing passwords for external accounts in TeamCity in this response from support. I wanted to use a certificate for the Service Principal authentication because I had not done this before and wanted to learn the process. Azure Service Principal with Certificateįirst I create the Azure Service Principal following the documentation. The examples in this post were carried out using PowerShell Desktop Version 5.1 on Windows 10 1803. The PowerShell scripts to run in item 3.Setting up TeamCity build steps and parameters to connect to Azure, create, test against and remove then container the remove the Azure session.Giving the service principal just enough permissions to a resource group via a custom Azure role to create and remove containers.Creating a Service Principal with a Certificate.Running the tests against the containerīecause the build agents are running in AWS, I had to create a service principal to connect to Azure and run the PowerShell commands.With it being that easy, I came up with the plan to use this as part of a TeamCity build job which would involve: # Create Nginx Container with date time for unique DNS name $ResourceGroupName = 'container-demo' $Location = 'northeurope' $date = Get-Date -Format yyyyMMddHHMMss $ContainerGroupName = "nginx" $DnsName = " $ContainerGroupName - $date " $OsType = 'Linux' $Port = '80' $ContainerImage = 'nginx' New-AzureRMResourceGroup -Name $ResourceGroupName -location $location $containerGroupParams = 'ResourceGroupName' = $ResourceGroupName 'Name' = $ContainerGroupName 'Image' = $ContainerImage 'DnsNameLabel' = $DnsName 'OsType' = $OsType 'Port' = $Port } New-AzureRmContainerGroup containerGroupParams Remove-AzureRmContainerGroup -ResourceGroupName $ResourceGroup -Name $ContainerGroupName I looked around at some other solutions and watched the channel9 video on Azure container instances which perked my interest.Īfter checking the Azure Container Instances docs and the how to get started with PowerShell section, I created, connected to and removed the container and was pleased at how simple it was: There was a work around in place but it was reported that this had mixed results. The original plan of using docker on the agent to run a linux container to test against didn’t work because running linux containers on a Windows host requires hyper-v to be installed, which after contacting AWS support was informed couldn’t be done. The build agents are Windows hosts (to build full DotNet applications) that run on EC2. The requirement came up recently to be able to test certain steps of a build against an application running in a linux container. This post will go through the process of how to create a container in an Azure Container Instance Groups from a TeamCity build job. Azure custom role for Container Instances.Import the cert using the password used to export it.Azure Service Principal with Certificate.Create and remove Azure Container Instances from a TeamCity build
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |