I am trying to run an image on ACI, whenever it is trying to pull image as this
pulling image "mysql#sha256:asakjvnankvaknaklfvkabjaoenla"
the container is failing, whereas in command i have given image as mysql:latest.
az container create \
--resource-group $ACI_PERS_RESOURCE_GROUP \
--name xxxxxxx \
--location eastus \
--image mysql:latest \
--dns-name-label xxxxxxxx \
--environment-variables MYSQL_ROOT_PASSWORD=password#123 \
--ports 3306 33060 \
--azure-file-volume-account-name $ACI_PERS_STORAGE_ACCOUNT_NAME \
--azure-file-volume-account-key $STORAGE_KEY \
--azure-file-volume-share-name $ACI_PERS_SHARE_NAME2 \
--azure-file-volume-mount-path /var/lib/mysql
The issue is when it try to pull image as mysql#sha256:asakjvnankvaknaklfvkabjaoenla, the continer fails to start while if the image pulled is pulling image "mysql:latest" than container works.
Attaching the pic for refrenece.
Not sure why this issue is happening
Command to run three containers
ACI_PERS_RESOURCE_GROUP=myresourcegroup
ACI_PERS_STORAGE_ACCOUNT_NAME=mydatabasest2501
ACI_PERS_LOCATION=eastus
ACI_PERS_SHARE_NAME=mysqlshare1
ACI_PERS_SHARE_NAME2=mysqlshare2
ACI_PERS_SHARE_NAME3=mysqlshare3
#I already have storage account so only creating fileshare
# Create the file share
az storage share create \
--name $ACI_PERS_SHARE_NAME \
--account-name $ACI_PERS_STORAGE_ACCOUNT_NAME
# Create the file share
az storage share create \
--name $ACI_PERS_SHARE_NAME2 \
--account-name $ACI_PERS_STORAGE_ACCOUNT_NAME
# Create the file share
az storage share create \
--name $ACI_PERS_SHARE_NAME3 \
--account-name $ACI_PERS_STORAGE_ACCOUNT_NAME
echo $ACI_PERS_STORAGE_ACCOUNT_NAME
STORAGE_KEY=$(az storage account keys list --resource-group $ACI_PERS_RESOURCE_GROUP --account-name $ACI_PERS_STORAGE_ACCOUNT_NAME --query "[0].value" --output tsv)
echo $STORAGE_KEY
az container create \
--resource-group $ACI_PERS_RESOURCE_GROUP \
--name contaier1 \
--location eastus \
--image mysql:latest \
--dns-name-label uniqueddns1 \
--environment-variables MYSQL_ROOT_PASSWORD=password#123 \
--ports 3306 33060 \
--azure-file-volume-account-name $ACI_PERS_STORAGE_ACCOUNT_NAME \
--azure-file-volume-account-key $STORAGE_KEY \
--azure-file-volume-share-name $ACI_PERS_SHARE_NAME \
--azure-file-volume-mount-path /var/lib/mysql
az container create \
--resource-group $ACI_PERS_RESOURCE_GROUP \
--name contaier2 \
--location eastus \
--image mysql:latest \
--dns-name-label uniqueddns2 \
--environment-variables MYSQL_ROOT_PASSWORD=password#123 \
--ports 3306 33060 \
--azure-file-volume-account-name $ACI_PERS_STORAGE_ACCOUNT_NAME \
--azure-file-volume-account-key $STORAGE_KEY \
--azure-file-volume-share-name $ACI_PERS_SHARE_NAME2 \
--azure-file-volume-mount-path /var/lib/mysql
az container create \
--resource-group $ACI_PERS_RESOURCE_GROUP \
--name contaier3 \
--location eastus \
--image mysql:latest \
--dns-name-label uniqueddns3 \
--environment-variables MYSQL_ROOT_PASSWORD=password#123 \
--ports 3306 33060 \
--azure-file-volume-account-name $ACI_PERS_STORAGE_ACCOUNT_NAME \
--azure-file-volume-account-key $STORAGE_KEY \
--azure-file-volume-share-name $ACI_PERS_SHARE_NAME3 \
--azure-file-volume-mount-path /var/lib/mysql
The problem does not due to the reason that you think, it's a problem with the volume that mounts the Azure File Share to the existing folder which is the dependency of the MySQL. When you mount the File Share, it will Occlude the existing folder then all the files in this folder will not be accessible. Therefore MySQL will not work fine anymore by losing the dependencies. See more details here.
Mounting an Azure Files share to a container instance is similar to a
Docker bind mount. Be aware that if you mount a share into a container
directory in which files or directories exist, these files or
directories are obscured by the mount and are not accessible while the
container runs.
There are three ways to solve it. The first way is that not mount the File Share, but then you cannot persist the data of the database. The second way is to mount the File Share to a new folder that does not exist in the image and then copy the data to the new folder. The third way is that copy the dependencies into the File Share and then mount the File Share to the container, it will also work.
Update:
A possible solution is that you can push the MySQL image to an ACR and then use it to create ACI, in this way, all the things are the same, then maybe all ACI succeeds or fails.
Related
I was able to create a azure acr task using the below command:
az acr task create --registry myregistry \
--name demo_task \
--image demo_app:{{.Run.ID}} \
--file demo.Dockerfile \
--context https://github.com/hm-group/repo.git#branch \
--git-access-token your_token --debug
But, I don't want to provide git repository. Just want to use --file and tried build this task using below command:
az acr task create --registry productionai \
--name demo_task \
--image demo_app:{{.Run.ID}} \
--file demo.Dockerfile
Error:
If the task is not a System Task, --context-path must be provided.
We can provide --context as /dev/null if we want to use only file without providing context.
Command:
az acr task create --registry myregistry \
--name demo_task \
--image demo_app:{{.Run.ID}} \
--file demo.Dockerfile \
--context /dev/null
I am creating my disk as follows:
az disk create -g ML-Resource-Group -n myDataDisk --size-gb 256 --location eastus --max-shares 2 --sku Premium_LRS
And I am creating my first VM as follows:
az vm create --resource-group ML-Resource-Group --name PVM --image microsoft-dsvm:ubuntu-1804:1804-gen2:20.11.04 --generate-ssh-keys --location eastus
And I am creating my second VM as follows:
az vm create \
--resource-group ML-Resource-Group \
--name VMTest \
--image microsoft-dsvm:ubuntu-1804:1804-gen2:20.11.04 \
--generate-ssh-keys \
--priority Spot \
--max-price -1 \
--location eastus \
--eviction-policy Deallocate \
--output json \
--verbose \
--size "Standard_ND12s"
I attach myDataDisk to PVM as:
diskId=$(az disk show -g ML-Resource-Group -n myDataDisk --query 'id' -o tsv)
az vm disk attach -g ML-Resource-Group --vm-name PVM --name $diskId
This step is performed successfully. But when I try attaching the disk to VMTest in the same way as above, I get the following error:
Deployment failed. Correlation ID:
140afdfe-8b92-4c4d-a9a9-521d8bf3a497. Cannot change network spine of
shared disk myDataDisk while it is attached to running VM(s)
/subscriptions/39472272-11a1-4c87-9de5-92aaeac6f7cf/resourceGroups/ML-Resource-Group/providers/Microsoft.Compute/virtualMachines/PVM.
Target: 'VM:
'/subscriptions/39472272-11a1-4c87-9de5-92aaeac6f7cf/resourceGroups/ML-Resource-Group/providers/Microsoft.Compute/virtualMachines/VMTest',
disk:
'/subscriptions/39472272-11a1-4c87-9de5-92aaeac6f7cf/resourceGroups/ML-Resource-Group/providers/Microsoft.Compute/disks/myDataDisk''.
Figured out the solution! A Proximity Placement Group is to be made as follows:
az ppg create \
-n myPPG \
-g ML-Resource-Group \
-l eastus \
-t standard
And then passed as a parameter in --ppg while creating VMs such as:
az vm create -n PVM -g ML-Resource-Group --image microsoft-dsvm:ubuntu-1804:1804-gen2:20.11.04 --generate-ssh-keys --ppg myPPG --location eastus --verbose
I want to run a container instance (OrientDB database). I created an Azure file share and attached it to the instance (had to use Azure CLI command-line interface since Web GUI doesn't support it). The problem is that I need to give in the run parameters to map internal folder to external one. I am searching for days and simply cannot find how to give in the parameters. I am sure I am not the only one doing this but everything I found was not satisfactory. Help anyone?
I am so far using this command.
az container create -g ProjectX --name orientdb --image orientdb:3.0.32 `
--cpu 1 `
--memory 1.5 `
--environment-variables ORIENTDB_ROOT_PASSWORD=*** `
--os-type Linux `
--ports 80 2424 2480 `
--protocol TCP `
--ip-address public `
--dns-name-label *** `
--azure-file-volume-share-name *** `
--azure-file-volume-account-name *** `
--azure-file-volume-account-key *** `
--azure-file-volume-mount-path /mnt/azurevolume `
--restart-policy OnFailure
I don't know if "azure-file-volume-xxx" parameters are enough. I think not since I think these only attach the external volume to the container but performs no mapping.
And the command to run orientdb container locally is:
docker run -d --name orientdb -p 2424:2424 -p 2480:2480 \
-v <config_path>:/orientdb/config \
-v <databases_path>:/orientdb/databases \
-v <backup_path>:/orientdb/backup \
-e ORIENTDB_ROOT_PASSWORD=rootpwd \
orientdb
Thanks
Tomaz
I think you need to work with these parameters:
--azure-file-volume-account-name
--azure-file-volume-account-key
--azure-file-volume-share-name
--azure-file-volume-mount-path
https://learn.microsoft.com/en-us/azure/container-instances/container-instances-volume-azure-files
az container create \
--resource-group $ACI_PERS_RESOURCE_GROUP \
--name hellofiles \
--image mcr.microsoft.com/azuredocs/aci-hellofiles \
--dns-name-label aci-demo \
--ports 80 \
--azure-file-volume-account-name $ACI_PERS_STORAGE_ACCOUNT_NAME \
--azure-file-volume-account-key $STORAGE_KEY \
--azure-file-volume-share-name $ACI_PERS_SHARE_NAME \
--azure-file-volume-mount-path /aci/logs/
PREVIOUS ANSWER (where I was guessing about the docker image and command line prameters the OP was using)
In a nutshell:
Non "secret" aka sensitive values. You use ENVIRONMENT variables to "inject" configuration values.
Note the "--environment-variables"
az container create \
--resource-group myResourceGroup \
--name mycontainer2 \
--image mcr.microsoft.com/azuredocs/aci-wordcount:latest \
--restart-policy OnFailure \
--environment-variables 'NumWords'='5' 'MinLength'='8'
https://learn.microsoft.com/en-us/azure/container-instances/container-instances-environment-variables
Philosophically, you do NOT bake these values into your container. You container "reaches out" to get them...the simplest way your container can "reach out" is to read an environment variable.
..
For secrets, you use Azure KeyVault. This is outside the scope of your question, but I mention it so you avoid the bad security practice of using ENV variables for secrets.
Secrets would be "database passwords", "client_secret" for Oauth2, etc, etc.
Breadcrumbs:
https://learn.microsoft.com/en-us/azure/container-instances/container-instances-managed-identity
https://thorsten-hans.com/integrating-azure-keyvault-with-azure-container-services
I'm using Azure Container instances and Container registries to deploy apps.
I have create few of the throught the web interface and those work fine,
but for some others I need data persistance, hence I have to mount a volume,
that part I'm not finding it straght forward.
The following code works without any issue:
/home/luis/bin/az container create \
--resource-group mlcontainers2 \
--name modeldiagnosticsvolume \
--image mlcontainers2.azurecr.io/samples/modeldiagnostics \
--registry-login-server mlcontainers2.azurecr.io \
--registry-password XXXXXXXXXXXXXXXXXXXXXXXX \
--registry-username mlcontainers2 \
--ports 80 5000 5100 \
--ip-address public
But when I add the lines to mount a volume:
--azure-file-volume-account-name cs217dfd5a81083x41faxb08
--azure-file-volume-account-key XXXXXXXXXXXXXXXXXXXXXXXX
--azure-file-volume-share-name mlstorage
--azure-file-volume-mount-path app/data
New code been:
/home/luis/bin/az container create \
--resource-group mlcontainers2 \
--name modeldiagnosticsvolume \
--image mlcontainers2.azurecr.io/samples/modeldiagnostics \
--registry-login-server mlcontainers2.azurecr.io \
--registry-password XXXXXXXXXXXXXXXXXXXXXXXX \
--registry-username mlcontainers2 \
--ports 80 5000 5100 \
--ip-address public \
--azure-file-volume-account-name cs217dfd5a81083x41faxb08 \
--azure-file-volume-account-key XXXXXXXXXXXXXXXXXXXXXXXX \
--azure-file-volume-share-name mlstorage \
--azure-file-volume-mount-path app/data
The process goes for over half an hour and just shows:
- Running ..
- Running ..
- Running ..
In the Azure portal interface that the status of that container is: "Pending"
And if I stop to process and try to restart it, I get the following error:
The container group 'modeldiagnosticsvolume' is still transitioning, please retry later.
And I have to change the name to be able to try it again, but the result is the same
- Running ..
- Running ..
- Running ..
EDIT:
I leave it running an got this other error:
Deployment failed. Correlation ID: 6012f7c9-6241-4bfb-8322-c7f052523da0. Operation failed with status: 200. Details: Resource state Failed
For your issue, the possible reason is that you did not use the right mount path. It should an absolute path such as /app/data. So the CLI command would like below:
/home/luis/bin/az container create \
--resource-group mlcontainers2 \
--name modeldiagnosticsvolume \
--image mlcontainers2.azurecr.io/samples/modeldiagnostics \
--registry-login-server mlcontainers2.azurecr.io \
--registry-password XXXXXXXXXXXXXXXXXXXXXXXX \
--registry-username mlcontainers2 \
--ports 80 5000 5100 \
--ip-address public \
--azure-file-volume-account-name cs217dfd5a81083x41faxb08 \
--azure-file-volume-account-key XXXXXXXXXXXXXXXXXXXXXXXX \
--azure-file-volume-share-name mlstorage \
--azure-file-volume-mount-path /app/data
And there one more advice, you'd better add the image tag when you use the image. If you do not use the tag, the default one is latest. It will cause the errors if there is no latest tag. For more details, see Mount an Azure file share in Azure Container Instances.
I tried to create VM from another VM via Azure CLI with this command :
az vm create \
--resource-group my_resource \
--name newVMfromImage \
--image firstMachine-image \
--admin-username user_name \
--data-disk-sizes-gb 150 20 --size Standard_B1ms \
--verbose \
----ssh-key-value /path/to/publick/key/azure.pub
But I get this error :
az: error: unrecognized arguments: ----ssh-key-value
/path/to/publick/key/azure.pub
----ssh-key-value /path/to/publick/key/azure.pub
should only be:
--ssh-key-value /path/to/publick/key/azure.pub
Remove the 2 additional dashes.
Correct, the 4 dashes (----) indicates a wrong transmission while uploading the .PUB file.
Remove the 2 additional dashes.