I'm struggle with very werid scenarion and seems to be hopeless to resolve it. I have Azure Function which I use for pretty long time. Cause of that it starts with FUNCTIONS_EXTENSION_VERSION ~2 on dotnet but it was upgraded few times and now require FUNCTIONS_EXTENSION_VERSION ~4 and I move it to dotnet-isolated. It is working in that runtime for pretty long but recently I notice that from time to time (sometimes once per month, sometimes once per week) it change FUNCTIONS_EXTENSION_VERSION and FUNCTIONS_WORKER_RUNTIME back to old values and cause of that it is not working anymore.
Now funny part. In activity log I found that configuration has change cause Get Web App Publishing Profile Event initiated by some randome guid (don't know what it is). And this could happend even in middle of night when noone doing anything with development.
Operation name
Get Web App Publishing Profile
Time stamp
Mon Nov 28 2022 09:59:06 GMT+0100 (czas środkowoeuropejski standardowy)
Event initiated by
4b11a3b9-2f77-4a46-9d0c-cafda9296e6f
How can I trace what really fire up this event?
Is it possible to stop it? Make readonly those configuration or something like that?
How can I trace what really fire up this event?
You can trace all the app services events by enabling change analysis in Diagnose and solve problems -> Availability and Performance under your webapp/function App.
Get-AzWebAppPublishingProfile includes all the publishing events with the user profile name in a given subscription by adding resourcegroupnameas well.
If your function app/webapp created with service principal authentication, you can trace the details by providing -objectID or filter with AppID.
Get-AzureADServicePrincipal -Filter "APPID eq <appID>"
Is it possible to stop it? Make read-only those configurations or something like that?
Restrict actions via service principal under AzureAD to avoid these kinds of issues.
You cannot restrict access to any specific function's configuration. Instead, you can enable Microsoft.Web/sites/config/read kind of permissions for an App Service.
You can define access restriction rules by providing IP range within a chosen network.
Goto your App and choose Networking.
Related
I want add a functionality in my ADF pipeline which will send me email notification in case of failure. On searching the internet, I came to know that Azure Logic Apps helps with this. I am trying to follow below link to achieve this.
https://microsoft-bitools.blogspot.com/2018/03/add-email-notification-in-azure-data.html
I have tried searching up many tutorials, guides and the official docs as well. However, all of them have some templates already there in the Logic Apps Designer. I cannot find the templates and the 'When a HTTP request is received' trigger is also not available in the drop-down.
Please let me know how to proceed.
EDIT :
If you start with a blank Logic App, search for 'HTTP' or 'Request' and select Request.
On the next screen under triggers, select "When a HTTP request is received" and you should be good to go.
EDIT:
It looks like you created a Standard Logic App, which works in a slightly different way. For instance it can contain multiple workflows, which means you create workflows yourself. In the Consumption model, there's one workflow withing a Logic App, so you can open up the editor for that one directly. If there's no explicit reason for you to use Standard, a Consumption Logic App will be easier to work with.
If you really need a Standard Logic App, go to 'Workflows' and create a new workflow:
Then click the newly created workflow to edit it, go to 'Designer' and search for 'HTTP' to add an HTTP trigger:
Here's some information on the Consumption model for Logic Apps:
Resource type
Benefits
Resource sharing and usage
Limits management
Logic App (Consumption) Host environment: Multi-tenant Azure Logic Apps
- Easiest to get started - Pay-for-what-you-use - Fully managed
A single logic app can have only one workflow. Logic apps created by customers across multiple tenants share the same processing (compute), storage, network, and so on.
Azure Logic Apps manages the default values for these limits, but you can change some of these values, if that option exists for a specific limit.
See Resource type and host environment differences for a comparison with the other hosting options.
I was able to solve this. I wasn't able to view a few functionalities because of another error : Functions runtime error Microsoft.WindowsAzure.Storage: Value cannot be null. (Parameter 'connectionString').
AzureWebJobsStorage App Setting was missing which caused the error. I added that and now I can see the triggers and other stuff.
Thanks #rickvdbosch
User reported a failure of one of our Blazor Server apps an hour or so ago. When I investigated it seemed the Azure SignalR service was responding with "502 Bad Gateway" to the initial OPTIONS on the signalr hub negotiation (signalr is separate to the webapp that hosts the site)
In azure manpo, this shows for the SignalR service:
Restarting it does not succeed. Clicking "view activity logs" in the "the resource is ina failed state" banner simply brings a "Code: 'invalidRG'" message
The only significant event recently on this subscription was that it converted from a Free-Trial to Pay-as-you-go and there were some issues transitioning (upgrade done post subscription disable for lack of payment method, took some time to get it reactivated), but then everything seemed to work well for a day
There are many other services in the same resource group, apparently working fine - it's just SignalR. The "Azure status" page shows that all SignalR services are in "Good" condition.
Where does one go from here to diagnose and fix this? Is it a "pay for support from MS and ask them"?
Even though it wasn't a billing issue I wrote on the end of my billing support ticket that I'd raised to get a payment method problem sorted out during subscription upgrade. Support wrote back acknowledging a problem with the Azure SignalR service that was actively being worked on. They claimed that it was already resolved by the time they read my ticket update..
..I don't believe the staus dashboard ever showed AzSignalR as anything other than healthy so it might be that it makes sense to sign up for at least developer support level so there is a route for reporting these things. Either that or (depending on one's moral compass) raise them as billing requests (which are free) if one feels that service availability is a billing related thing (and I suppose it should be; they can't reasonably charge you for services they aren't providing, even if it is only a few cents)
rca in progress
Azure Signal R - Service availability/management operation failures - Mitigated
Resolved: An Azure service issue (Tracking ID 1L_L-NZG) impacted resources in your subscription.
Summary of impact: Between 06:00 and 14:00 UTC on 21 Jul 2021, you were identified as a customer using Azure SignalR Service who may have received failure notifications when attempting to connect or access resources. Additionally, failures may have been seen when attempting to perform service management operations - such as create, update, delete.
I'm trying to add a SQL Database to my resource group, but it says my subscription is disabled. However, when I go to my Azure subscription page, it says it's active. And my hosted web app loads successfully in the web browser, so that must mean my subscription really is active, right?
Why does the SQL Database creation screen say that my subscription is disabled? What can I do to fix this?
I should mention that my subscription actually was disabled this morning, but then I fixed it by changing my payment plan. However, that was several hours ago. Do I just need to keep waiting for my changes to take effect? Or is there some other action I'm supposed to take?
Update: After waiting 24 hours, the error has gone away. I guess it just takes a long time to fully reactivate a subscription.
I have an app service that I use from time to time (test env). How to configure it to auto-close when I do not use it?
App Service always incurs cost so that is not possible. You can create it when you need it using some sort of automation (powershell\cli\arm templates\etc) and delete it after you dont need it.
another option - colocate it with some other App Service which you need all the time, so it will just use small fraction of that app resources (wont cost anything extra).
I would recommend to use Dev/Test option if you are really worried about pricing.
Dev/Test pricing applies only when you run the resources within an
Azure subscription that is based on one of the Dev/Test offer
May be a delayed answer but I have found an elegant solution. There is a "Always ON" flag in the settings page that can be used for this purpose.
Location
AppService --> Configuration --> General Settings --> Platform Settings --> Always On.
Usage
Always On: Keeps the app loaded even when there's no traffic. When Always On is not turned on (default), the app is unloaded after 20 minutes without any incoming requests. The unloaded app can cause high latency for new requests because of its warm-up time. When Always On is turned on, the front-end load balancer sends a GET request to the application root every five minutes. The continuous ping prevents the app from being unloaded.
Always On is required for continuous WebJobs or for WebJobs that are triggered using a CRON expression.
For dev/test there is an app service plan that is free (it has the "Always On" setting turned off and disabled). Create a Free F1 app service plan and then assign your app service to use that plan.
As a follow up to my question about Deployment Status, I'd like to ask if there is a fast way to find:
Current Subscription Id
The current deployment slot the role is in (Staging/Production)
I am currently using the Management API, which is a bit slow, but I don't want to cache it for long because I can't be sure the cache will invalidate upon the slot swap.
From a running instance, you might be able to tell if you are in staging/production from the host URL for a web role. If you see your deployment ID there, it is staging. However, this can get tricky if you are using CNAMEs or you are running a worker role. For subscription ID, there is not much you can do as that is a pre-cursor to everything. You can't even use the Mgmt API if you don't know your SubID (there is no way that I am aware of to get the subscription ID other than portal).
Seems like the management API is your best bet (and only bet in some cases).