Automatic continous deployment for Azure PaaS platform

Azure PaaS platform initial deployment and future updates can be automized. All deployments will be then pushed automatically from Centero to the Azure PaaS platform. To enable automatic continous deployment following configuration must be done in the target Azure subscription where Carillon PaaS resources are located.

Azure AD App Registration

To allow authentication to Azure resources for deployments a Azure AD App Registration must be created to target Azure subscription. Instructions for creating Azure AD App Registration can be found from here: Create an Azure AD app and service principal in the portal - Microsoft identity platform | Microsoft Docs (these instructions are references below on guidelines)

Use following guidelines when creating the Azure AD App Registration

• Name of the application (can be anything) at step 5. in Register an application with Azure AD and create a service principal
  • Carillon Continous Deployment
• No need to specify Redirect URI at step 5. in Register an application with Azure AD and create a service principal
• Grant Contributor and SQL Security Manager roles for the Azure AD application at step 5. in Assign a role to the application
  • If you use Resource Group as a scope (recommended) then grant both roles to the Resource Group
  • If you use each Azure PaaS resource (App Services and SQL Server) as a scope then grant Contributor role for both App Service and SQL Security Manager for SQL Server
• Create shared secret to Azure AD App Registration at option 2 in Create a new application secret
  • Remember to take a note of the created shared secret value!
• Collect Azure AD App Registration information at Get tenant and app ID values for signing in
  • Directory ID
  • Application ID
• Send following information to Centero using email tahtipuikko@centero.fi
  • Azure AD App Registration information
    • Directory ID, Application ID and secret value (from previous steps)
  • Azure SQL Database information (for the SQL Database created using these instructions)
    • Azure Subscription ID (from Azure Portal the Subscription ID value at SQL Database resource Overview page)
    • Azure Resource Group name (from Azure Portal the Resource group value at SQL Database resource Overview page)
    • Azure SQL Database connection string (from Azure Portal the ADO.NET (SQL authentication) connection string at SQL Database resource Connection strings page)
    • Azure SQL Database user account password (for the user account specified in connection string)
  • Azure App Service information (for the Carillon Portal and Agent Gateway created using these instructions)
    • Azure Subscription name (from Azure Portal the Subscription value at App Service resource Overview page)
    • Azure Subscription ID (from Azure Portal the Subscription ID value at App Service resource Overview page)
    • App Service name for Carillon Portal (from Azure Portal the name of the at Carillon Portal App Service resource)
    • App Service name for Agent Gateway (from Azure Portal the name of the at Agent Gateway App Service resource)
  • Information about what Azure AD groups should be allowed to use Self Service for getting temporary admin privileges. You can grant permissions to use only elevation using local user account or you can grant permissions to elevate also using Azure AD account. Detailed information about all possible configurations can be found from self service configuration.