堆栈内存溢出
  简体   繁体   English

如何将软件构建从 Azure DevOps 部署到内部服务器?

[英]How to deploy software builds from Azure DevOps to internal servers?

 原文  2019-04-03 13:55:53       azure/ security/ azure-devops/ vpn

问题描述

We have our software hosted in Git on Azure DevOps and built using a build pipeline (which primarily uses a Cake script).我们的软件托管在 Azure DevOps 上的 Git 中,并使用构建管道(主要使用 Cake 脚本)构建。 We are now looking to deploy this software using the Azure DevOps release pipeline.我们现在正在寻求使用 Azure DevOps 发布管道部署此软件。 However, all of our application servers are behind our firewall, inside of our network, and don't have any port open except for 80 and 443 for the web applications.但是,我们所有的应用程序服务器都在我们的防火墙后面,在我们的网络内部,除了 web 应用程序的 80 和 443 端口之外,没有任何端口开放。 We have dev, staging, and production servers for our apps (including some for load balancing).我们的应用程序有开发、登台和生产服务器(包括一些用于负载平衡的服务器)。 All I really need is to copy the artifact, backup the current code to a separate folder on the server, deploy and unzip the artifact file in the root deployment folder, and restart IIS on those servers.我真正需要的是复制工件,将当前代码备份到服务器上的单独文件夹,在根部署文件夹中部署和解压缩工件文件,然后在这些服务器上重新启动 IIS。

My company is rather large and bureaucratic so there are some hoops we have to jump through for due diligence before we even attempt this new process.我的公司相当大而且官僚,所以在我们尝试这个新流程之前,我们必须跳过一些尽职调查。 In that spirit, I am trying to find the best solution.本着这种精神,我正在努力寻找最佳解决方案。 If you can offer your advice, and in particular, offer any other solution we did not think of, that would be helpful:如果您能提供您的建议,特别是提供我们没有想到的任何其他解决方案,那将很有帮助:

  1. The obvious solution would be to stand up servers on Azure cloud and move completely to the cloud.显而易见的解决方案是在 Azure 云上建立服务器并完全迁移到云上。 I know this is a solution, and this may be where we go, but my request is for non-cloud solution options so I can present this properly and make a recommendation.我知道这是一个解决方案,这可能是我们 go 的地方,但我的要求是针对非云解决方案选项,所以我可以正确地提出这个问题并提出建议。
  2. Use a Hyper VPN tunnel to securely transfer the files and restart IIS.使用 Hyper VPN 隧道安全地传输文件并重新启动 IIS。 Probably the easiest and simplest method in regards to our already built build process on AzDO.就我们已经在 AzDO 上构建的构建过程而言,这可能是最简单和最简单的方法。 Technically, this is the one I am least comfortable with.从技术上讲,这是我最不满意的一个。
  3. Use build agents inside the network, connect to them from AzDO, have them build the software, and then have them deploy it or other agents.在网络内使用构建代理,从 AzDO 连接到它们,让他们构建软件,然后让他们部署它或其他代理。 Lots of work to set it up but so far the least intrusive to our security.设置它的工作量很大,但到目前为止对我们的安全性干扰最小。 I also am not a fan because I wanted AzDO to handle builds and deployments.我也不是粉丝,因为我希望 AzDO 处理构建和部署。
  4. Open the SFTP and SSH ports for each server and transfer the files that way.打开每个服务器的 SFTP 和 SSH 端口并以这种方式传输文件。 Maybe the least secure way but very simple?也许是最不安全但非常简单的方法?

If you have a better solution for this problem or a more common solution, let me know.如果您对此问题有更好的解决方案或更常见的解决方案,请告诉我。 If you think I should one of the 4 above solutions, let me know.如果您认为我应该是上述 4 个解决方案之一,请告诉我。 If you can expand on any of the options above, please do.如果您可以扩展上述任何选项,请执行此操作。

2 个解决方案

解决方案1
 5 已采纳  2019-04-03 14:02:27

ADO agents only require external connectivity, so they talk to ADO, not vice versa. ADO 代理只需要外部连接,因此它们与 ADO 对话,反之则不然。 So you only need 443 outbound to a couple of ADO urls.所以你只需要 443 出站到几个 ADO url。

Reading: https://docs.microsoft.com/en-us/azure/devops/pipelines/agents/agents?view=azure-devops#communication阅读: https : //docs.microsoft.com/en-us/azure/devops/pipelines/agents/agents?view=azure-devops#communication
https://docs.microsoft.com/en-us/azure/devops/pipelines/agents/v2-windows?view=azure-devops#im-running-a-firewall-and-my-code-is-in-azure-repos-what-urls-does-the-agent-need-to-communicate-with https://docs.microsoft.com/en-us/azure/devops/pipelines/agents/v2-windows?view=azure-devops#im-running-a-firewall-and-my-code-is-in- azure-repos-what-urls-does-the-agent-need-to-communicate-with

解决方案2
 0  2022-09-22 11:00:13

You could use Environments.您可以使用环境。 Create Environment for each VM (that includes creating agent on your machine) and then use the environment parameter in YAML pipelines deployment job.为每个 VM 创建环境(包括在您的机器上创建代理),然后在 YAML 管道部署作业中使用environment参数。 The deployment job can then do whatever you need (deploy webapp, move files, backup, etc..) on your target machine, regardless whether it's on private network.然后,部署作业可以在您的目标机器上执行您需要的任何操作(部署 webapp、移动文件、备份等),无论它是否在专用网络上。

More reading - Azure DevOps Environments: https://learn.microsoft.com/en-us/azure/devops/pipelines/process/environments?view=azure-devops更多阅读 - Azure DevOps 环境: https://learn.microsoft.com/en-us/azure/devops/pipelines/process/environments?view=azure-devops

Using deployment job: https://learn.microsoft.com/en-us/azure/devops/pipelines/process/deployment-jobs?view=azure-devops使用部署作业: https://learn.microsoft.com/en-us/azure/devops/pipelines/process/deployment-jobs?view=azure-devops

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 如何从 Azure DevOps 管道将多个发布或构建导出到桌面? - How to export multiple Release or Builds from Azure DevOps Pipeline to desktop? 使用 Azure Devops yaml 管道部署到本地服务器 - Using Azure Devops yaml pipelines to deploy to on-prem servers 如何将 Azure DevOps 服务器存储库与 Azure DevOps 服务管道集成 - How to integrate Azure DevOps Servers repositories with Azure DevOps Services Pipelines 如何从 Azure DevOps 中的文件夹(不是 zip)部署 WebApp - How to deploy a WebApp from a folder (not a zip) in Azure DevOps 从逻辑应用在 Azure Devops 中部署发布 - Deploy Release in Azure Devops from a logic app 来自 Azure DevOps 的已取消构建显示为失败 - Cancelled Builds from Azure DevOps show up as failed 在 azure DevOps 中将构建从一个管道复制到另一管道 - Copy Builds from one pipeline to other pipeline in azure DevOps 如何使用Azure DevOps部署多个应用程序? - How to deploy multiple apps with Azure DevOps? 如何获取Azure Devops Web应用程序进行部署 - How to get Azure Devops Web Applications to deploy 如何在 azure devops 中构建和部署 dacpac - How to build and deploy dacpac in azure devops
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM