I use azure pipeline to build and deploy my docker container (ASP.Net core 3.1).
All steps finish successfully, I can see my container on Azure registry and App service portal pages. But seems like the instance is not running on App Service because I can see only "Starting page" which suggests me to deploy code and my swagger page returns 404.
So the question is: How to run already deployed by pipeline image?
My azure pipeline yml file:
# Docker
# Build a Docker image
# https://learn.microsoft.com/azure/devops/pipelines/languages/docker
trigger:
- master
resources:
- repo: self
variables:
tag: '$(Build.BuildId)'
stages:
- stage: Build
displayName: Build image
jobs:
- job: Build
displayName: Build
pool:
vmImage: ubuntu-latest
steps:
# run tests
- task: DotNetCoreCLI#2
displayName: Run tests
inputs:
command: test
projects: '**/*Tests/*.csproj'
arguments: '--configuration $(buildConfiguration)'
- task: Docker#2
displayName: Build and push an image to container registry
inputs:
command: buildAndPush
repository: 'ProjectName'
dockerfile: '$(Build.SourcesDirectory)/ProjectName/API/Dockerfile'
buildContext: '$(Build.SourcesDirectory)/ProjectName/'
containerRegistry: AzureContainerRegistryConnection
tags: |
$(tag)
# Deploy stage to your App Service
- stage: Deploy
displayName: Deploy to App Service
jobs:
- job: Deploy
displayName: Deploy
pool:
vmImage: ubuntu-latest
steps:
- task: AzureWebAppContainer#1
displayName: Deploy to App Service
inputs:
azureSubscription: 'my_free_subscription(my-subscription-id)'
appName: 'app-service'
containers: 'projectnamecontainerregistry.azurecr.io/RepositoryName:$(tag)'
UPD
I dunno mb it's a trouble with app service settings in terraform
resource "azurerm_app_service_plan" "app_service_plab" {
name = "app-service-plan"
location = azurerm_resource_group.store_group.location
resource_group_name = azurerm_resource_group.store_group.name
kind = "Linux"
sku {
tier = "FREE"
size = "S1"
}
}
resource "azurerm_app_service" "app_service" {
name = "app-service"
location = azurerm_resource_group.store_group.location
resource_group_name = azurerm_resource_group.store_group.name
app_service_plan_id = azurerm_app_service_plan.app_service_plab.id
}
UPD2
Started to use new deployment task AzureRmWebAppDeployment#4 and it does do something I can even see logs on app service machine now.
- stage: Deploy
displayName: Deploy to App Service
jobs:
- job: Deploy
displayName: Deploy
pool:
vmImage: ubuntu-latest
steps:
- task: AzureRmWebAppDeployment#4
inputs:
ConnectionType: 'AzureRM'
azureSubscription: 'free_subscription(id)'
appType: 'webAppContainer'
WebAppName: 'app-service'
DockerNamespace: 'containerregistry.azurecr.io'
DockerRepository: 'myRepository'
DockerImageTag: $(tag)
StartupCommand: 'az acr login --password $(REGISTRY_PASSWORD_UNSECRET) --username $(REGISTRY_USERNAME_UNSECRET) --name (MyRegistry)containerregistry.azurecr.io && docker run'
appSettings: |
-CONNECTION_STRING $(CONNECTION_STRING_UNSECRET)
But seems like az acr login doesn't work :(
Now I'm getting such error
2020-09-19T19:29:08.498Z ERROR - Image pull failed: Verify docker image configuration and credentials (if using private repository)
2020-09-19T19:34:00.826Z INFO - Pulling image from Docker hub: MyContainercontainerregistry.azurecr.io/MyRepo:85
2020-09-19T19:34:01.151Z ERROR - DockerApiException: Docker API responded with status code=InternalServerError, response={"message":"Get https://MyContainercontainerregistry.azurecr.io/v2/MyRepo/manifests/85: unauthorized: authentication required, visit https://aka.ms/acr/authorization for more information."}
Use docker run cmd.
Add the task Docker->delete the field cmd content and add the cmd run
Related
We build our docker image with a custom .sh file. Then we would like to push it to our azure registry. We have the following step in our azure pipeline:
- task: Docker#2
inputs:
containerRegistry: 'someazureregistry'
repository: 'appname'
command: 'push'
tags: 'latest'
The build is successfull, and as can be seen below it is registered in docker as appname:latest , however for some reason azure does not find it, and asks for an image with the tag ***/appname.
/usr/bin/docker images
/usr/bin/docker push ***/appname:latest
REPOSITORY TAG IMAGE ID CREATED SIZE
appname latest f1e11b4fc19c Less than a second ago 680MB
ubuntu 20.04 a0ce5a295b63 7 days ago 72.8MB
...
The push refers to repository [***/appname]
An image does not exist locally with the tag: ***/appname
##[error]An image does not exist locally with the tag: ***/appname
We have tried different combinations of tags. What is azure expecting here?
It looks like you are building the Docker image separately. Please note that the container image needs to be tag locally for the private container registry before it can be pushed. As Shayki Abramczyk mentioned you need to build the image with containerRegistry.
To resolve this issue you must Tag the image using the "docker tag" command with the specific private container registry.
For example:
docker tag image youoregistryhost:port/xxx/image-name:latest
Besides, you can build and push the Docker image together in Azure DevOps pipeline. The following YAML file for your reference:
variables:
# Container registry service connection established during pipeline creation
dockerRegistryServiceConnection: 'testacr'
imageRepository: 'appname'
containerRegistry: 'xxx.azurecr.io'
dockerfilePath: '$(Build.SourcesDirectory)/app/Dockerfile'
tag: 'latest'
system.debug : true
# Agent VM image name
vmImageName: 'ubuntu-latest'
stages:
- stage: Build
displayName: Build and push stage
jobs:
- job: Build
displayName: Build
pool:
vmImage: $(vmImageName)
steps:
- task: Docker#2
displayName: Build and push an image to container registry
inputs:
command: buildAndPush
repository: $(imageRepository)
dockerfile: $(dockerfilePath)
containerRegistry: $(dockerRegistryServiceConnection)
tags: |
$(tag)
Of course you can also build and push the image separately in Azure DevOps pipeline like this:
stages:
- stage: Build
displayName: Build and push stage
jobs:
- job: Build
displayName: Build
pool:
vmImage: $(vmImageName)
steps:
- task: Docker#2
displayName: Build an image for container registry
inputs:
containerRegistry: '$(dockerRegistryServiceConnection)'
repository: '$(imageRepository)'
command: 'build'
Dockerfile: '$(dockerfilePath)'
tags: 'latest'
- task: Docker#2
displayName: Push an image to container registry
inputs:
containerRegistry: '$(dockerRegistryServiceConnection)'
repository: '$(imageRepository)'
command: 'push'
tags: 'latest'
Is there a way to view or get the service connection ids for the service connections that I create in Azure DevOps?
I need them in yaml pipelines that I create. For example, dockerRegistryServiceConnection that you see in the following is used in the docker#02 task for setting containerRegistry, if you see below.
variables:
- name: vmImageName
value: ubuntu-latest
# Container registry service connection established during pipeline creation
- name: dockerRegistryServiceConnection
value: 'd072f8f7-fag1-asdf-467e-7fd5jfr5gjh6' # This is not a true id
- name: imageRepository
value: 'globoticket.services.discount'
- name: containerRegistry
value: 'reacrtrialsregistry.azurecr.io'
- name: dockerfileFolderPath
value: 'src/Services/GloboTicket.Services.Discount'
- name: tag
value: '$(Build.BuildId)'
name: $(date:yyyyMMdd)$(rev:.r)
stages:
- stage: Build
jobs:
- job: buildWebApp
displayName: Build Release pipeline for Discount Service on Master branch
pool:
vmImage: $(vmImageName)
steps:
- checkout: self
- task: Docker#2
displayName: Build the image
inputs:
command: build
repository: $(imageRepository)
dockerfile: $(dockerfileFolderPath)/Dockerfile
buildContext: .
tags: |
$(tag)
- script: |
sudo docker tag $(imageRepository):$(tag) $(containerRegistry)/$(imageRepository):$(tag)
displayName: 'Tag container image before push'
- task: Docker#2
displayName: Push an tagged image to container registry
inputs:
command: push
repository: $(imageRepository)
dockerfile: $(dockerfileFolderPath)/Dockerfile
buildContext: .
containerRegistry: $(dockerRegistryServiceConnection)
tags: |
$(tag)
- stage: DeployToDev
displayName: Deploy to Dev Env
jobs:
- deployment:
pool:
vmImage: ubuntu-latest
environment: Dev
strategy:
runOnce:
deploy:
steps:
- script: |
echo Any deploy stage starts here.
displayName: 'Command Line Script to write out some messages'
The input for the containerRegistry input for the docker task is the name of the service connection, not the id, according to docs:
Container registry (Optional): Name of the Docker registry service
connection
If you still need the ID, you can click the service connection in the list under Project Settings -> Service Connections and fetch the service connection ID from the resourceId parameter in the url:
All Azure Tasks I know are using the service connection name, not the Id. The same is true for the Docker#2 Task:
Source.
I am trying to run a Azure Container Instance with openVPN inside to connect to an external site. I have now managed to make a setup where I use docker-compose to handle the setup.
The container works when I run it locally (with openvpn establishing a vpn connection), and the Azure DevOps pipeline also builds and push to Azure Container Registry.
BUT when I try to run a Container Instance on the image nothing happens, and if I try to run my script interactively I get an error stating basically that there is no connection.
Does anyone have an idea of how to solve this?
My azure-pipelines.yml look like this:
# Docker
# Build and push an image to Azure Container Registry
# https://learn.microsoft.com/azure/devops/pipelines/languages/docker
trigger:
- main
resources:
- repo: self
variables:
# Container registry service connection established during pipeline creation
dockerRegistryServiceConnection: '*****************************'
imageRepository: 'getstatus'
containerRegistry: 'composeproject.azurecr.io'
dockerfilePath: '$(Build.SourcesDirectory)/Dockerfile'
tag: '$(Build.BuildId)'
# Agent VM image name
vmImageName: 'ubuntu-latest'
stages:
- stage: Build
displayName: Build and push stage
jobs:
- job: Build
displayName: Build
pool:
vmImage: $(vmImageName)
steps:
- task: Docker#2
displayName: Build and push an image to container registry
inputs:
command: buildAndPush
repository: $(imageRepository)
dockerfile: $(dockerfilePath)
containerRegistry: $(dockerRegistryServiceConnection)
tags: |
$(tag)
- task: DockerCompose#0
inputs:
containerregistrytype: 'Azure Container Registry'
azureSubscription: 'Composeproject'
azureContainerRegistry: '{"loginServer":"composeprojectsrc.azurecr.io", "id" : "/subscriptions/*********************/resourceGroups/RG-ComposeprojectCloud/providers/Microsoft.ContainerRegistry/registries/composeprojectscr"}'
dockerComposeFile: '**/docker-compose.yml'
action: 'Run a Docker Compose command'
dockerComposeCommand: 'up -d'
In my docker file I run the following command which should make the openVPN connection:
CMD openvpn --config config/fremsyn.ovpn --daemon --auth-user-pass config/login.txt --askpass config/password.conf \
&& ["python3" , "src/cli/getStatus.py"]
And the docker-compose.yml like this:
version: "3.3"
services:
getstatus:
image: composeproject.azurecr.io/getstatus:v1
restart: always
sysctls:
- net.ipv6.conf.all.disable_ipv6=0
cap_add:
- NET_ADMIN
devices:
- /dev/net/tun
volumes:
- /etc/timezone:/etc/timezone:ro
I'm trying to run a spring boot application on azure. This is what I'm trying to accomplish:
local project > Azure Devops Git Repos > Azure container registry
From my local, I push the changes to Azure Devops Repos. Repository has a pipeline that does maven package, create docker image and push the image to Azure Container registry. And I'm running the container image using Azure container instance. Container instance is deploying successfully, but when I try to access a rest api defined in spring boot application, nothing happens. Page keeps on loading.
I try to access the GET api like this:
my_public_ip:8080/hello
DockerFile:
FROM openjdk:8
VOLUME /tmp
ADD target/command-center.jar command-center.jar
EXPOSE 8080
ENTRYPOINT ["java", "-jar", "/command-center.jar"]
azure-pipeline.yaml
# Docker
# Build and push an image to Azure Container Registry
# https://learn.microsoft.com/azure/devops/pipelines/languages/docker
trigger:
- master
resources:
- repo: self
variables:
# Container registry service connection established during pipeline creation
dockerRegistryServiceConnection: 'f4031dc5-3c27-4f41-be8c-2abdf064eaf2'
imageRepository: 'commandcenter'
containerRegistry: 'sapcemission.azurecr.io'
dockerfilePath: '**/command-center/Dockerfile'
tag: '$(Build.BuildId)'
# Agent VM image name
vmImageName: 'ubuntu-latest'
stages:
- stage: Build
displayName: Build and push stage
jobs:
- job: Build
displayName: Build
pool:
vmImage: $(vmImageName)
steps:
- task: Maven#3
inputs:
mavenPomFile: 'pom.xml'
publishJUnitResults: true
testResultsFiles: '**/surefire-reports/TEST-*.xml'
javaHomeOption: 'JDKVersion'
mavenVersionOption: 'Default'
mavenAuthenticateFeed: false
effectivePomSkip: false
sonarQubeRunAnalysis: false
- task: Docker#2
displayName: Build and push an image to container registry
inputs:
command: buildAndPush
repository: $(imageRepository)
dockerfile: $(dockerfilePath)
containerRegistry: $(dockerRegistryServiceConnection)
tags: |
$(tag)
Azure container instance settings:
What am I doing wrong here?
Azure Container Instance doesnt support port mapping like docker. So in your case when you setup ACI, port property should be set to 8080 (not default 80).
I have created a deployment pipeline using Azure Devops through which I am building and pushing an image to Azure Container Registry.
In the next step I am deploying from ACR to an AKS cluster which I have created and attached to ACR using the following command:
az aks create -n HealthCareAKSCluster -g AKSCICDRG --generate-ssh-keys --attach-acr HealthCareAKSCICDACR
Following is my yaml code:
# Docker
# Build and push an image to Azure Container Registry
# https://learn.microsoft.com/azure/devops/pipelines/languages/docker
trigger:
- master
resources:
- repo: self
variables:
# Container registry service connection established during pipeline creation
dockerRegistryServiceConnection: 'XXXXXXXXXX'
imageRepository: 'patientservice'
containerRegistry: 'healthcareakscicdacr.azurecr.io'
dockerfilePath: './PatientService/Dockerfile'
tag: '$(Build.BuildId)'
# Agent VM image name
vmImageName: 'ubuntu-latest'
stages:
- stage: Build
displayName: Build and push stage
jobs:
- job: Build
displayName: Build
pool:
vmImage: $(vmImageName)
steps:
- task: Docker#2
displayName: Build and push an image to container registry
inputs:
command: buildAndPush
repository: $(imageRepository)
dockerfile: $(dockerfilePath)
containerRegistry: $(dockerRegistryServiceConnection)
tags: |
$(tag)
- stage: Deploy
displayName: Deploy
jobs:
- job: Deploy
displayName: Deploy
pool:
vmImage: $(vmImageName)
steps:
- task: Kubernetes#1
displayName: Deploy an image to AKS
inputs:
connectionType: 'Azure Resource Manager'
azureSubscriptionEndpoint: 'XXXXXXX'
azureResourceGroup: 'AKSCICDRG'
kubernetesCluster: 'HealthCareAKSCluster'
command: 'apply'
arguments: '-f patientservice.yaml'
secretType: 'dockerRegistry'
containerRegistryType: 'Azure Container Registry'
The image is getting pushed to ACR successfully and Build step is running fine.
Even deploy step is running fine but when I do 'kubectl get pods' in my AKS cluster I am getting the pod status as ImagePullBackOff or ErrImagePull.
When I did 'kubectl describe pod' I am getting the following message:
Failed to pull image "patientservice": rpc error: code = Unknown desc
= Error response from daemon: pull access denied for patientservice, repository does not exist or may require 'docker login': denied:
requested access to the resource is denied
Please help as to how can I deploy a proper image.
The issue was in patientservice.yaml file. I overlooked it. Previously image had only the name of the service.I added the following to the image in patientservice.yaml:
image: healthcareakscicdacr.azurecr.io/patientservice:latest
The deployment worked fine.