Team Services | TFS 2017 | TFS 2015 | Previous versions
In just a few steps, you can provision Azure virtual machines (VMs) using Resource Manager (RM) templates. Managing the definitions for virtual machines in this way is considered Infrastructure as code and is a good DevOps practice.
Get set up
Begin with a CI build
Before you begin, you need a CI build that creates your Azure RM template. To set up CI, see:
Create an Azure RM connection
Follow these steps to establish a connection from Team Foundation Server or Visual Studio Team Services to Azure. You need an Azure subscription.
Open your Team Services or TFS team project in a web browser. Choose the Settings icon in the menu bar and select Services.
In the Services tab, choose New Service Endpoint and select Azure Resource Manager.
Enter a user-friendly name for the connection and select your Azure subscription.
If the subscription you require is not shown in the service endpoint dialog, see Azure Resource Manager service endpoint for more information and Troubleshoot Azure Resource Manager service endpoints.
Or, if you prefer to use an existing service principal, use the link near the bottom to open the full version of the dialog and follow these steps:
- Download and run this PowerShell script in an Azure PowerShell window.
- Enter a user-friendly name for the connection.
- Copy these fields from the output of the PowerShell script into the Azure subscription dialog textboxes:
- Subscription ID
- Subscription Name
- Service Principal ID
- Service Principal Key
- Tenant ID
Choose OK to save the Azure service endpoint.
Create the release definition
Carry out the following steps to deploy the Azure Resource Group.
Open the Releases tab of the Build & Release hub and choose the "+" icon to create a new release definition.
In the Create release definition dialog, select the Empty template and choose Next.
In the next page, select the build definition you created earlier and choose Create. This creates a new release definition with one default environment.
In the new release definition, select + Add tasks and add an Azure Resource Group Deployment task. Optionally edit the name to help identify the task, such as Provision Windows 2012 R2 VM.
Configure the Azure Resource Group Deployment task as follows:
Deploy: Azure Resource Group Deployment
Deploy files to an Azure Resource Group.
- Azure Subscription: Select the name of the Azure Resource Manager endpoint you defined earlier.
Create or Update Resource Group.
- Resource Group: Enter a name for a new resource group, or specify an existing resource group.
- Template location: The path of the Resource Manager template; for example:
- Template Parameters: The path of the Resource Manager template parameters file; for example
- Override Template Parameters: A list of values for the parameters in the template; for example:
-adminUsername $(vmuser) -adminPassword (ConvertTo-SecureString -String $(vmpassword) -AsPlainText -Force) -dnsNameForPublicIP $(dns)'.
- Enable Deployment Prerequisites: Checked.
- Output | Resource Group: The name of the Resource Group output from the task as a value that can be used as an input to further deployment tasks.
Checking the Enable Deployment Prerequisites checkbox configures WinRM on the virtual machine and enables execution of remote PowerShell scripts, which may be required to deploy an application. Also notice the use of ConvertTo-SecureString to specify the value for adminPassword. You must do this because adminPassword is defined as a SecureString type in the Resource Manager template file.
If you used variables in the parameters of the Azure Resource Group Deployment task, such as vmuser, vmpassword, and dns, set the values for them in the environment configuration variables. Encrypt the value of vmpassword by selecting the "padlock" icon.
Enter a name for the release definition and save it.
Create a new release, select the latest build, and deploy it to the single environment.