This is a relatively new feature in Azure Resource Manager Templates that I wasn't aware of until someone mentioned it to me today. It is now possible to catch the failure of an ARM template deployment and then trigger running a previous version of the template when this happens. I'm hesitant to call this a roll-back (even though the docs do), as there are some limitations that mean it's not really a full roll-back, but it could be a useful tool to deal with failed deployments.
Use Case & Caveats
So what is this and what is it for? This functionality allows you to specify a previous deployment, and should your current deployment fails it will re-run the previous deployment to return your environment to this state.
There are some big caveats to this, that you should be aware of before you run this:
- The previous deployment is run exactly as it was run previously, so using the same parameters. There is not an opportunity to change the parameters
- The previous deployment is run using the "complete" mode. This means that any resources not included in the previous deployment will be deleted, and any resource configurations will be set to their previous state. Be very clear that this is what you want. Any resources that did get deployed before your template errored will get deleted if they are not in the previous template, and any changes you made manually will be removed or overwritten
- This will only roll-back the ARM resources, any data changes will not be affected
- This is only supported on Resource Group deployments, not subscription level deployments. You cannot do complete deployments at subscription level
Specifying a Roll Back Option
To use this functionality you need to specify what to do when an error occurs in the template at deploy time using PowerShell or the CLI. There are two options for doing this:
The first option is to use the RollbackToLastDeployment parameter. As the name suggests, this will roll back to the last deployment in the resource group.
new-azResourceGroupDeployment -name "NewDeploymentName" -resourceGroup "ResourceGroupName" -RollbackToLastDeployment -TemplateFile "templatename" -templateParamterFile "paramterFileName"
az group deployment create -n "NewDeploymentName" -g "ResourceGroupName" --rollback-on-error --template-file "templatename" --parameters "parameterFileName"
The second option is to roll back to a specific previous deployment rather than the latest one. To do this, you need to specify the name of the deployment you want to use. For this reason you want to make sure that each of your deployments has a unique name and a way for you to identify which deployment you want to use.
new-azResourceGroupDeployment -name "NewDeploymentName" -resourceGroup "ResourceGroupName" -RollbackDeploymentName "nameOfDeplpoyment" -TemplateFile "templatename" -templateParamterFile "paramterFileName"
Note that CLI uses the same parameter (rollback-on-error), differentiating by whether a string value is supplied.
az group deployment create -n "NewDeploymentName" -g "ResourceGroupName" --rollback-on-error "deploymentName" --template-file "templatename" --parameters "parameterFileName"
This functionality is useful if you've got a known good state for your infrastructure deployment and want this to be reverted to if an error occurs. There are a number of caveats and restrictions around this, but if they work for you this can be a useful tool.