Installing Invictus Dashboard
To access the resources stored on Azure Storage and Azure Container Registry you have to request an SAS-token and ACR Password from coditproducts@codit.eu.
Include VNET support Shared
Invictus includes functionality which allows all its resources to run within an Azure Virtual Network (VNET).
Required deployment
-
An Azure Virtual Network
- Including two subnets, one each for:
- Private Endpoints
- Container App Environment
- The subnets must have the following services enabled
Microsoft.AzureCosmosDBMicrosoft.EventHubMicrosoft.KeyVaultMicrosoft.ServiceBusMicrosoft.Storage
- The Container App subnet must also have the delegation
Microsoft.App/environments
- Including two subnets, one each for:
-
Private DNS Zones (Bicep template)
privatelink.azurecr.ioprivatelink.blob.core.windows.netprivatelink.file.core.windows.netprivatelink.mongo.cosmos.azure.comprivatelink.queue.core.windows.netprivatelink.servicebus.windows.netprivatelink.table.core.windows.netprivatelink.table.cosmos.azure.comprivatelink.vaultcore.azure.netprivatelink.{regionName}.azurecontainerapps.io
-
To be able to deploy the app code from an Azure DevOps pipeline you will need a self hosted agent running on the same VNET with the following software installed:
- Powershell
- Azure Powershell
- Bicep CLI
Required role assignment
If the Invictus resources and the VNET are on different resource groups, then the Invictus resource group will need to be assigned the role of Network Contributor onto the VNET resource group.
Migrate from older installations
Migrate to Dashboard v2+
Build pipeline
The Azure Blob Storage container for Dashboard V2 is now dashboard-v2, this can be updated in the -StorageContainerName parameter you use in the build pipeline.
Release pipeline
Make sure that the PowerShell script in the release pipeline which runs Deploy.ps1 has the following parameters:
azurePowerShellVersion: LatestVersion
pwsh: false
Object ID update
When upgrading to Invictus V2, the devOpsObjectId parameter which is passed to the release pipeline should be updated. This must be changed to the Enterprise Application Object ID of the service principal thats connected to the DevOps service connection (not of the App Registration). This change is required for both Dashboard and Framework pipelines.
Remove existing role assignments
Invictus V2 includes functionality to automatically deploy role assignments which were previously set manually. However, if these role assignments are already present, they will cause a conflict. In your Invictus resource group, remove any roles which are assigned to the Azure Functions. Typically, this is just 1 role assignment:
- Monitoring Contributor rights for the FlowHandler component for the Invictus resource group.
Azure AD setup
If your Invictus installation integrates with Azure AD, please follow the Azure AD setup guide to update your app registration, or set up a new one with the appropriate settings required for Invictus V2.
SQL data migration
Invictus V2 includes functionality to migrate the SQL data from your previous installation into the Cosmos DB of the new version. Data relating to users, groups and the folder and flow structure will be migrated. Flow traces will not be migrated.
Data migration release pipeline changes
The data migration process forms part of the release pipeline. Please refer to Dashboard release pipeline installation step for more information. The deploy script parameter PerformSqlDataMigration must be set to 1. The deploy script also accepts a few optional parameters to be able to connect to your SQL database:
-sqlToMigrateServerName: Server name hosting the SQL DB you wish to migrate. Defaults toinvictus-{ResourcePrefix}-sqlsvr-sqlToMigrateDBName: Name of the SQL DB you wish to migrate. Defaults tocoditcip-sqlToMigrateUserName: The login username used to connect to the SQL Server. Defaults toInvictusFrameworkAdmin
In addition to these values, the SQL server password must be stored as a secret in your Invictus Azure Key Vault with the name invictussqlserverpassword.
The data migration will now run as part of your release pipeline. The resultant data in Azure Cosmos DB will be validated against the original SQL data, with the validation results printed in the release logs. However it is still important to manually verify the migrated data. When complete, you will be able to login to the new Invictus V2 Dashboard with the same credentials as before.
Once you are satisfied with the migrated data, it is advised to change the PerformSqlDataMigration script parameter to 0 so that the migration process is entirely skipped in subsequent releases.
Dashboard URL
The Invictus V2 release pipeline will create a new App Service Dashboard resource with a -v2 suffix e.g invictus-dev-invictusdashboard-v2. This means that the URL of this resource will be used to access the new Dashboard. If instead you wish to maintain your current URLs for the Dashboard, the old Dashboard App Service resource must be deleted from your resource group. Then, pass invictusDashboardWebAppName as a parameter to the release script, passing the name of the app service as a value.
By doing this you will lose access to the old Dashboard and the ability to view and query its historic data.**
Add role assignments
In addition to the Flow Handler component, in V2 also the Dashboard Gateway must have Logic App Contribute access on the resource group or subscription which contains the Logic Apps.
Common migrating issues
If you are passing the servicePlanName or autoscaleForPlanName (or both) parameters to the Dashboard release pipeline, these must be updated by adding -linux to the end of their values (feel free to maintain your own naming conventions). This change is required for the Dashboard pipeline only.
If you have role assignments conflicts during deployment, you might have multiple role assignments defined at the Invictus resource group. This case, remove all role assignments defined at the Invictus resource group level.
Invictus configure dashboard script update
If you are using the PowerShell script Invictus-ConfigureDashboard.ps1 to deploy flows, etc, you must replace this script with the V2 version