Azure Question posted in
The official documentation to get you started can be found here.

Run Azure DevOps EF Core migrations for production database

I currently have databases dev, test, prod. I don’t mind running EF CORE migrations locally for dev and test. However, for prod I want to run this alongside my ADO pipelines e.g. before I build/push my docker image.

I created the pipeline but can’t connect to the Azure PostgreSQL database because I need to whitelist IPs.

So are my options

  • Allow public access from any Azure service within Azure to this serve (enable this but of course don’t want to do this for prod)

  • Whitelist all the IPs provided by Azure (seems cumbersome to do this)

Are there any other ways or how do others go about performing this?

Tags:

2

Answers


  1. 0

    This can be achieved by deploying a self-hosted agent to your Azure environment.

    The agent will then need network access to the VNet integrated database server. How that is catered for really depends on your Azure network topology.

    Here’s a guide to configuring a self-hosted agent:

    Azure DevOps Self-Hosted Agent Setup Guide

    Login or Signup to reply.
  2. 0

    I created the pipeline but can’t connect to the Azure PostgreSQL database because I need to whitelist IPs.

    If you need to use Microsoft-hosted agents to run the pipeline to connect the Azure PostgreSQL database, you can use Azure CLI to add the current Agent machine IP to the Azure PostgreSQL database firewall whitelist.

    Then you can connect to the Azure PostgreSQL database to do actions. At the end of the Pipeline, you can remove the Firewall rule in Azure PostgreSQL database.

    Here is Pipeline example:

    steps:

- task: AzureCLI@2
  displayName:  Add Agent IP to firewall
  inputs:
    azureSubscription: 'xx'
    scriptType: 'pscore'
    scriptLocation: 'inlineScript'
    inlineScript: |
      $IP= Invoke-RestMethod http://ipinfo.io/json | Select -exp ip
      $IP
      az postgres flexible-server firewall-rule create --name databasename  --resource-group resourcegroupname   --start-ip-address $IP --rule-name customname

- task: do actions

- task: AzureCLI@2
  displayName: Remove  Agent IP to firewall
  inputs:
    azureSubscription: 'xx'
    scriptType: 'pscore'
    scriptLocation: 'inlineScript'
    inlineScript: 'az postgres flexible-server firewall-rule delete --name databasename --rule-name customname --resource-group resourcegroupname --yes'

    In this case, you don’t need to whitelist all IPs provided by Azure DevOps Pipeline. Pipeline can access the Azure PostgreSQL database during the pipeline execution.

    For more detailed info, you can refer to this doc: Create and manage Azure Database for PostgreSQL – Flexible Server firewall rules using the Azure CLI

    Login or Signup to reply.
Please signup or login to give your own answer.

Back To Top
Search