1

My target is to create Azure Resources from Azure DevOps release pipeline. Resources that are created are virtual machines and application gateway (+ all the necessary vnet's etc.). Resources are created successfully, but the pipeline wont work through application gateway. Currently the pipeline has "Azure File Copy" -task to copy some scripts to the virtual machines. This setup works without application gateway but I cannot get it to work with application gateway.

Error message I get from Azure DevOps is: "Unable to get FQDN for all resources in ResourceGroup"

I have created a ticket to MS but they were not able to resolve this issue ("Works as expected") yet and now waiting for Azure DevOps support to participate, but since it is a bit slow I decided to post a question about this here since I think that someone might have bumped into this before as well.

Does anyone have idea if this setup is supported or have any workarounds? Main need would be to copy and execute scripts in virtual machines.

Improve this question

1 Answer 1

Reset to default
1

Talked with Azure Networking team and Azure DevOps team and there is no way around this at the moment. Virtual machine must have public IP address to use "Azure File Copy" -task.

So I ended up adding additional NIC with public IP address to the VM and use NSG to only allow traffic from Azure DevOps pipeline.

EDIT: Created a feedback item, please vote if you need this functionality as well: https://feedback.azure.com/forums/217313-networking/suggestions/36482038-add-application-gateway-support-for-azure-devops-t

Improve this answer
Sign up to request clarification or add additional context in comments.

4 Comments

What's annoying is this worked for us until some time after 2018-10-24 (the last time our nightly pipe successful copied the files to our VM). It doesn't appear to be a change to the task, so it must be something to do with Azure DevOps access (seems likely). Can you share the NSG settings that worked for you?
I have additional "DevOps" NIC + NSG attached to every VM. That NSG have traffic through port 5986 allowed. So Azure DevOps accesses that VM directly and traffic does not go through Application Gateway. It's a balanced workaround without having to compromise too much security while still having possibility to have DevOps.
Thanks. Unfortunately, we already have that rule and still get the issue
Rule itself does not help if your VM is behind application gateway and does not have public ip address.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.