Skip to content

Latest commit

 

History

History
82 lines (52 loc) · 5.43 KB

deployment-validation.adoc

File metadata and controls

82 lines (52 loc) · 5.43 KB

Deployment validation

As you customize and extend toolkit to support your organization’s needs, you’ll be updating the parameter files and Resource Manager templates included in the example archetypes and modules. To ensure that your changes do not break any syntax or formatting rules within the deployment templates, the automation toolkit includes a validation mode.

Validation mode works against the archetype configuration (archetype.json) file you create to store your deployment values. This validation mode goes through all the pre-deployment steps a normal deployment would: it processes the parameter files, transpiles parameter values into the deployment template, and prepares the required files for submission to the Resource Manager engine. However, in validation mode the deployment processes stops as soon as Resource Manager confirms the submitted files are valid and does not proceed with the actual deployment.

While a full deployment can take a long time to complete, running a validation pass should only take a few minutes.

Note
 While the toolkit’s validation mode can help you find structural or syntactical issues with your deployment files, it can’t detect bad values provided in your parameters files, such as incorrect names or network settings.

Validation resource dependencies

Certain parts of the validation process may depend on having some resources on the target subscription. For instance, any deployment that creates user accounts that store passwords in a key vault will require a deployed key vault to perform the validation.

The archetype configuration files include the module-validation-dependencies array where these dependencies are defined. Any deployment modules included in this array must already be defined in the modules-to-deploy array for that deployment. For the sample archetypes in the toolkit, the only validation resource dependency is the key vault deployment:

    "module-validation-dependencies": [
        "kv"
    ]

When running validation, the toolkit automation script will deploy the resources in the module-validation-dependencies array. If these resources do not exist on the target subscription, they will be created as part of the deployment. If they already exist, they will be redeployed using the latest settings in the parameters file.

Resources used in validation are deployed just as they would be during a normal deployment. If one of these resources also has a dependency defined in the parameter file’s resource-dependencies array, that dependency will also be deployed. For instance, the kv resource has a dependency on the la resource, so in validation mode where kv is a validation dependency, both kv and la resources will be deployed.

Spoke validation settings

Because deployment validation is meant to work independently of any actually deployed resources, spoke validation may fail when trying to access resources based on parameters set in the shared-services section of the archetype configuration file. When running validation checks on workload deployments, temporarily modify your parameters file with the following settings:

  • Set the shared-services/deployment-name parameter to match the workload/deployment-name value.

  • Set the shared-services/domain-admin-user parameter to match the workload/local-admin-user value.

  • Set the shared-services/subscription-id parameter to match the workload/subscription-id value.

Once validation is complete revert these settings to the correct shared services value.

Run a deployment in validation mode

You can run a deployment in validation mode by using the validate command with the vdc.py script.

You can validate entire deployments. For example, to validate the entire shared services archetype:

Docker
python vdc.py validate workload -path ./archetypes/shared-services/archetype.json --delete-validation-resources
Linux/OSX
python3 vdc.py validate workload -path ./archetypes/shared-services/archetype.json --delete-validation-resources
Windows
py vdc.py validate workload -path ./archetypes/shared-services/archetype.json --delete-validation-resources

You can also validate individual modules. For example, to validate the data tier of the ntier-iaas archetype:

Docker
python vdc.py validate workload -path ./archetypes/ntier-iaas/archetype.json -m sqlserver-alwayson
Linux/OSX
python3 vdc.py validate workload -path ./archetypes/ntier-iaas/archetype.json -m sqlserver-alwayson
Windows
py vdc.py validate workload -path ./archetypes/ntier-iaas/archetype.json -m sqlserver-alwayson

Clean up dependent resources

You will likely want to delete the temporary resources created during a validation.. You can do this by appending the --delete-validation-resources when running the validation.

Note
 Only apply the --delete-validation-resources if you have not already created the required validation dependency. If you’ve already created a key vault as part of a shared services deployment, and then pass this argument when validating your ADDS resource deployment, you will delete the pre-existing key vault that other resources still depend on.

See the reference documentation for vdc.py for additional details.

Next steps

Learn about creating your own archetypes and modules to use with the toolkit