This Azure Automation Runbook allows deploying docker services into a docker swarm.
The idea is that a Build Pipeline will push an image to a private azure container registry and a webhook will trigger this automation runbook to deploy that service securely into the cluster. The build pipeline (which often runs on an on-prem network) doesn't require to SSH (remote access) to swarm managers running on Azure virtual machines.
- Create a runbook "Deploy-Service" in Azure automation account (from the portal).
- Copy the web hook trigger URL and add it to the webhook triggers in your Azure Container Registry.
- Create a Storage Account
- Create a BLOB container (example deployment-scripts)
- Create a Table (example deployments)
- Create two text files in notepad that contains the command to deploy the service.
An example, let's say we have the container image "feedback-service".
- Create a text file named "feedback-service.create"
- The file should contain the docker service create command with following format:
docker service create `
--with-registry-auth `
--replicas 1 `
--name [SERVICE_NAME] `
[IMAGE_NAME] `
-p 9009:9009 `
-v /var/run/docker.sock:/var/run/docker.sock
Notice that [SERVICE_NAME] and [IMAGE_NAME] without specifying the actual values. The runbook will replace them before deployment based on the container image from container registry.
- Create a file named "feedback-service.update" The content follows the sample principle as above:
docker service update `
--with-registry-auth `
--force `
--update-parallelism 1 `
--update-delay 30s `
--replicas 4 `
[SERVICE_NAME] `
--image [IMAGE_NAME]
-
Please upload these two files into the BLOB container you have created in step 4.
-
Copy the content from deploy-runbook.ps1 into the runbook code in Azure Portal.
-
Edit the file providing the correct credentials and URLs that are appropriate to your subscription and storage accounts.
-
Publish the runbook and you are Done!
At this point your runbook should deploy everytime you push a new image for the service we have configure above. It will also log all the deployments into the table storage - as an operation log.
-
$AzureLBPIP: The public IP address to your Azure Load Balancer.
-
$Port: The SSH port to the master.
-
$RemoteUserName: The SSH user name
-
$RemotePassword: The SSH password
-
$ACRUserName: The user name to access the Azure Container Registry
-
$ACRPassword: The password for registry
-
$sasToken: The SAS token to the BLOB container with READ access.
-
$blobRoot: The URL of the BLOB container
-
$resourceGroup: The resource group where the storage account was created. (Note, this indeed can be any storage account and any subscription, can be a different one than the subscription that run the swarm cluster. Only requirement is to keep the automation account and storage account into the same subscription.)
-
$storageAccount: The name of the storage account.