You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
You can use Azure Repos to store your configuration files and Azure Pipelines to deploy and configure the infrastructure and the SAP application.
15
15
## Sign up for Azure DevOps Services
16
16
17
-
To use Azure DevOps Services, you'll need an Azure DevOps organization. An organization is used to connect groups of related projects. Use your work or school account to automatically connect your organization to your Azure Active Directory (Azure AD). To create an account, open [Azure DevOps](https://azure.microsoft.com/services/devops/) and either _sign-in_ or create a new account. Record the URL of the project.
17
+
To use Azure DevOps Services, you'll need an Azure DevOps organization. An organization is used to connect groups of related projects. Use your work or school account to automatically connect your organization to your Azure Active Directory (Azure AD). To create an account, open [Azure DevOps](https://azure.microsoft.com/services/devops/) and either _sign-in_ or create a new account.
18
18
19
19
## Create a new project
20
20
@@ -25,17 +25,13 @@ Open (https://dev.azure.com) and create a new project by clicking on the _New Pr
25
25
> [!NOTE]
26
26
> If you are unable to see _New Project_ ensure that you have permissions to create new projects in the organization.
27
27
28
+
Record the URL of the project.
28
29
### Import the repository
29
30
30
31
Start by importing the SAP Deployment Automation Framework GitHub repository into Azure Repos.
31
32
32
33
Navigate to the Repositories section and choose Import a repository, import the 'https://github.com/Azure/sap-automation.git' repository into Azure DevOps. For more info, see [Import a repository](/azure/devops/repos/git/import-git-repository?view=azure-devops&preserve-view=true)
33
34
34
-
> [!NOTE]
35
-
> Most of the pipelines will add files to the Azure Repos and therefore require pull permissions. Assign "Contribute" permissions to the 'Build Service' using the Security tab of > the source code repository in the Repositories section in Project settings.
If you are unable to import a repository, you can create the 'sap-automation' repository and manually import the content from the SAP Deployment Automation Framework GitHub repository to it.
40
36
41
37
### Create the repository for manual import
@@ -49,7 +45,7 @@ Choose the repository type 'Git' and provide a name for the repository, for exam
49
45
### Cloning the repository
50
46
51
47
In order to provide a more comprehensive editing capability of the content, you can clone the repository to a local folder and edit the contents locally.
52
-
Clone the repository to a local folder by clicking the _Clone_ button in the Files view in the Repos section of the portal. For more info see [Cloning a repository](/azure/devops/repos/git/clone?view=azure-devops#clone-an-azure-repos-git-repo&preserve-view=true)
48
+
Clone the repository to a local folder by clicking the _Clone_ button in the Files view in the Repos section of the portal. For more info, see [Cloning a repository](/azure/devops/repos/git/clone?view=azure-devops#clone-an-azure-repos-git-repo&preserve-view=true)
53
49
54
50
:::image type="content" source="./media/automation-devops/automation-repo-clone.png" alt-text="Picture showing how to clone the repository":::
55
51
@@ -68,27 +64,15 @@ Open the local folder in Visual Studio code, you should see that there are chang
68
64
Select the source control icon and provide a message about the change, for example: "Import from GitHub" and press Cntr-Enter to commit the changes. Next select the _Sync Changes_ button to synchronize the changes back to the repository.
69
65
### Create configuration root folder
70
66
71
-
Using your local clone create a top level folder called 'WORKSPACES', this folder will be the root folder for all the SAP deployment configuration files. Create the following folders in the 'WORKSPACES' folder: 'DEPLOYER', 'LIBRARY', 'LANDSCAPE' and 'SYSTEM'.
67
+
Create a top level folder called 'WORKSPACES', this folder will be the root folder for all the SAP deployment configuration files. Create the following folders in the 'WORKSPACES' folder: 'DEPLOYER', 'LIBRARY', 'LANDSCAPE' and 'SYSTEM'.
72
68
73
69
Optionally you may copy the sample configuration files from the 'samples/WORKSPACES' folders to the WORKSPACES folder you just created, this will allow you to experiment with sample deployments.
74
70
75
71
Push the changes to Azure DevOps repos by selecting the source control icon and providing a message about the change, for example: "Import of sample configurations" and press Cntr-Enter to commit the changes. Next select the _Sync Changes_ button to synchronize the changes back to the repository.
76
72
77
-
## Set up the Azure Pipelines
78
-
79
-
To remove the Azure resources, you need an Azure Resource Manager service connection. For more information see [Manage service connections](/azure/devops/pipelines/library/service-endpoints?view=azure-devops&preserve-view=true)
80
-
81
-
To create the service connection, go to Project settings and navigate to the Service connections setting in the Pipelines section.
82
-
83
-
:::image type="content" source="./media/automation-devops/automation-create-service-connection.png" alt-text="Picture showing how to create a Service connection":::
84
-
85
-
Choose _Azure Resource Manager_ as the service connection type and _Service principal (manual)_ as the authentication method. Enter the target subscription, typically the control plane subscription, and provide the service principal details (verify that they're valid using the _Verify_ button). For more information on how to create a service principal, see [Creating a Service Principal](automation-deploy-control-plane.md#prepare-the-deployment-credentials).
86
-
87
-
Enter a Service connection name, for instance 'Connection to MGMT subscription' and ensure that the _Grant access permission to all pipelines_ checkbox is checked. Select _Verify and save_ to save the service connection.
88
-
89
73
## Create Azure Pipelines
90
74
91
-
Azure Pipelines are implemented as YAML files and they're stored in the 'deploy/pipelines' folder in the GitHub repo.
75
+
Azure Pipelines are implemented as YAML files and they're stored in the 'deploy/pipelines' folder in the repository.
92
76
## Control plane deployment pipeline
93
77
94
78
Create the control plane deployment pipeline by choosing _New Pipeline_ from the Pipelines section, select 'Azure Repos Git' as the source for your code. Configure your Pipeline to use an existing Azure Pipeline YAML File. Specify the pipeline with the following settings:
@@ -200,7 +184,7 @@ The pipelines use a custom task to perform cleanup activities post deployment. T
200
184
201
185
## Variable definitions
202
186
203
-
The deployment pipelines are configured to use a set of predefined parameter values. I Azure DevOps the variables are defined using variable groups.
187
+
The deployment pipelines are configured to use a set of predefined parameter values. In Azure DevOps the variables are defined using variable groups.
204
188
205
189
### Common variables
206
190
@@ -230,14 +214,14 @@ As each environment may have different deployment credentials you'll need to cre
230
214
231
215
Create a new variable group 'SDAF-MGMT' for the control plane environment using the Library page in the Pipelines section. Add the following variables:
| Agent |Either 'Azure Pipelines' or the name of the agent pool containing the deployer, for instance 'MGMT-WEEU-POOL' Note, this pool will be created in a later step. |
236
-
| ARM_CLIENT_ID | Enter the Service principal application id. ||
237
-
| ARM_CLIENT_SECRET | Enter the Service principal password. | Change variable type to secret by clicking the lock icon |
238
-
| ARM_SUBSCRIPTION_ID | Enter the target subscription id. ||
239
-
| ARM_TENANT_ID | Enter the Tenant id for the service principal. ||
240
-
| AZURE_CONNECTION_NAME | Previously created connection name ||
| Agent | 'Azure Pipelines' or the name of the agent pool |Note, this pool will be created in a later step.|
220
+
| ARM_CLIENT_ID | Enter the Service principal application id. ||
221
+
| ARM_CLIENT_SECRET | Enter the Service principal password. | Change variable type to secret by clicking the lock icon |
222
+
| ARM_SUBSCRIPTION_ID | Enter the target subscription id. ||
223
+
| ARM_TENANT_ID | Enter the Tenant id for the service principal. ||
224
+
| AZURE_CONNECTION_NAME | Previously created connection name ||
241
225
| sap_fqdn | SAP Fully Qualified Domain Name, for example sap.contoso.net | Only needed if Private DNS isn't used. |
242
226
243
227
Save the variables.
@@ -247,6 +231,24 @@ Save the variables.
247
231
>
248
232
> You can use the clone functionality to create the next environment variable group.
249
233
234
+
## Create an service connection
235
+
236
+
To remove the Azure resources, you need an Azure Resource Manager service connection. For more information, see [Manage service connections](/azure/devops/pipelines/library/service-endpoints?view=azure-devops&preserve-view=true)
237
+
238
+
To create the service connection, go to Project settings and navigate to the Service connections setting in the Pipelines section.
239
+
240
+
:::image type="content" source="./media/automation-devops/automation-create-service-connection.png" alt-text="Picture showing how to create a Service connection":::
241
+
242
+
Choose _Azure Resource Manager_ as the service connection type and _Service principal (manual)_ as the authentication method. Enter the target subscription, typically the control plane subscription, and provide the service principal details. Validate the credentials using the _Verify_ button. For more information on how to create a service principal, see [Creating a Service Principal](automation-deploy-control-plane.md#prepare-the-deployment-credentials).
243
+
244
+
Enter a Service connection name, for instance 'Connection to MGMT subscription' and ensure that the _Grant access permission to all pipelines_ checkbox is checked. Select _Verify and save_ to save the service connection.
245
+
246
+
## Permissions
247
+
248
+
> [!NOTE]
249
+
> Most of the pipelines will add files to the Azure Repos and therefore require pull permissions. Assign "Contribute" permissions to the 'Build Service' using the Security tab of the source code repository in the Repositories section in Project settings.
## Register the Deployer as a self-hosted agent for Azure DevOps
252
254
@@ -268,11 +270,51 @@ You must use the Deployer as a [self-hosted agent for Azure DevOps](/azure/devop
268
270
269
271
:::image type="content" source="./media/automation-devops/automation-new-pat.png" alt-text="Diagram showing the attributes of the Personal Access Token (PAT).":::
270
272
273
+
## Deploy the Control Plane
274
+
275
+
Newly created pipelines might not be visible in the default view. Select on recent tab and go back to All tab to view the new pipelines.
276
+
277
+
Select the _Control plane deployment_ pipeline, provide the configuration names for the deployer and the SAP library and choose "Run" to deploy the control plane.
278
+
279
+
Wait for the deployment to finish.
280
+
271
281
## Configure the Azure DevOps Services self-hosted agent
272
282
273
-
1. Connect to the Deployer using the steps described here [Using Visual Studio Code](automation-tools-configuration.md#configuring-visual-studio-code)
283
+
Connect to the deployer by following these steps:
284
+
285
+
1. Sign in to the [Azure portal](https://portal.azure.com).
286
+
287
+
1. Navigate to the resource group containing the deployer virtual machine.
288
+
289
+
1. Connect to the virtual machine using Azure Bastion.
290
+
291
+
1. The default username is *azureadm*
292
+
293
+
1. Choose *SSH Private Key from Azure Key Vault*
294
+
295
+
1. Select the subscription containing the control plane.
296
+
297
+
1. Select the deployer key vault.
298
+
299
+
1. From the list of secrets choose the secret ending with *-sshkey*.
274
300
275
-
1. Open a Terminal window and run:
301
+
1. Connect to the virtual machine.
302
+
303
+
Run the following script to configure the deployer.
The [SAP deployment automation framework on Azure](automation-deployment-framework.md) uses a standard naming convention for Azure [resource naming](automation-naming.md).
14
+
The [SAP deployment automation framework on Azure](automation-deployment-framework.md) uses a standard naming convention for Azure [resource naming](automation-naming.md).
15
+
16
+
The Terraform module `sap_namegenerator` defines the names of all resources that the automation framework deploys. The module is located at `/deploy/terraform/terraform-units/modules/sap_namegenerator/` in the repository. The framework also supports providing you own names for some of the resources using the [parameter files](automation-configure-system.md).
17
+
18
+
The naming of the resources uses the following format:
The Terraform module `sap_namegenerator` defines the names of all resources that the automation framework deploys. The module is located at `/deploy/terraform/terraform-units/modules/sap_namegenerator/` in the repository. The framework also supports providing you own names for some of the resources using the [parameter files](automation-configure-system.md).
17
22
18
23
If these capabilities are not enough, you can also use custom naming logic by either providing a custom json file containing the resource names or by modifying the naming module used by the automation.
19
24
20
25
## Provide name overrides using a json file
21
26
22
27
You can specify a custom naming json file in your tfvars parameter file using the 'name_override_file' parameter.
23
28
24
-
The json file has sections for the different resource types.
29
+
The json file has sections for the different resource types.
25
30
26
31
The deployment types are:
27
32
28
33
- DEPLOYER (Control Plane)
29
34
- SDU (SAP System Infrastructure)
30
-
- VNET (Workload zone)
35
+
- WORKLOAD_ZONE (Workload zone)
36
+
37
+
### Availability set names
31
38
39
+
The names for the availability sets are defined in the "availabilityset_names" structure. The example below lists the availability set names for a deployment.
40
+
41
+
```json
42
+
"availabilityset_names" : {
43
+
"app": "app-avset",
44
+
"db" : "db-avset",
45
+
"scs": "scs-avset",
46
+
"web": "web-avset"
47
+
}
48
+
```
32
49
### Key Vault names
33
50
34
-
The names for the key vaults are defined in the "keyvault_names" structure. The example below lists the key vault names for a deployment in the "DEV" environment in West Europe.
51
+
The names for the key vaults are defined in the "keyvault_names" structure. The example below lists the key vault names for a deployment in the "DEV" environment in West Europe.
35
52
36
53
```json
37
54
"keyvault_names": {
@@ -43,7 +60,7 @@ The names for the key vaults are defined in the "keyvault_names" structure. The
43
60
"private_access": "DEVWEEUSAP01X00pABC",
44
61
"user_access": "DEVWEEUSAP01X00uABC"
45
62
},
46
-
"VNET": {
63
+
"WORKLOAD_ZONE": {
47
64
"private_access": "DEVWEEUSAP01prvtABC",
48
65
"user_access": "DEVWEEUSAP01userABC"
49
66
}
@@ -57,7 +74,7 @@ The "private_access" names are currently not used.
57
74
58
75
### Storage Account names
59
76
60
-
The names for the storage accounts are defined in the "storageaccount_names" structure. The example below lists the storage account names for a deployment in the "DEV" environment in West Europe.
77
+
The names for the storage accounts are defined in the "storageaccount_names" structure. The example below lists the storage account names for a deployment in the "DEV" environment in West Europe.
61
78
62
79
```json
63
80
"storageaccount_names": {
@@ -67,7 +84,7 @@ The names for the storage accounts are defined in the "storageaccount_names" str
@@ -82,7 +99,7 @@ The names for the storage accounts are defined in the "storageaccount_names" str
82
99
83
100
The names for the virtual machines are defined in the "virtualmachine_names" structure. Both the computer and the virtual machine names can be provided.
84
101
85
-
The example below lists the virtual machine names for a deployment in the "DEV" environment in West Europe. The deployment has a database server, two application servers, a Central Services server and a web dispatcher.
102
+
The example below lists the virtual machine names for a deployment in the "DEV" environment in West Europe. The deployment has a database server, two application servers, a Central Services server and a web dispatcher.
86
103
87
104
```json
88
105
"virtualmachine_names": {
@@ -168,7 +185,7 @@ The different resource names are identified by prefixes in the Terraform code.
168
185
- SAP landscape deployments use resource names with the prefix `vnet_`
169
186
- SAP system deployments use resource names with the prefix `sdu_`
170
187
171
-
The calculated names are returned in a data dictionary, which is used by all the terraform modules.
188
+
The calculated names are returned in a data dictionary, which is used by all the terraform modules.
0 commit comments