I'm trying to setup an Azure Function App with my own Docker image (as per https://learn.microsoft.com/en-us/azure/azure-functions/functions-create-function-linux-custom-image?tabs=nodejs)
But I can't figure out how to install an Extension (e.g. CosmosDBTrigger, as per https://learn.microsoft.com/fr-fr/azure/azure-functions/install-update-binding-extensions-manual)
Is it possible ? Thanks for your help.
If you want to add it to your project in Visual Studio, use package manager:
Install-Package Microsoft.Azure.WebJobs.Extensions.CosmosDB -Version 3.0.4
Ensure your .csproj file has this package reference in it:
<PackageReference Include="Microsoft.Azure.WebJobs.Extensions.CosmosDB" Version="3.0.4" />
If you need to add it manually, you can do so through Kudu which you access via https://[your-func-hostname].scm.azurewebsites.net - Full instructions here
Adding manually to a deployed docker container can only be achieve when using persistent storage.
You can use an app setting called WEBSITES_ENABLE_APP_SERVICE_STORAGE
to control whether or not the /home directory of your app is mapped to
Azure Storage. If you need files to be persisted in scale operations
or across restarts, you should add this app setting and set it to
"true". If you don't require file persistence, you can set this app
setting to false.
The absence of this app setting will result in the setting being
"true". In other words, if this app setting does not exist in your
app, you will see the /home directory mapped to Azure Storage. The app
setting will be missing if you created your app while Web App for
Containers was in public preview or if someone has deleted the app
setting.
Keep in mind that if you enable App Service Storage, when an Azure
Storage changeover occurs (which does happen periodically), your site
will restart when the storage volume changes.
Note: If App Service Storage is not enabled, any files written into
the /home folder will not be persisted across instances (in the case
of a scale out) or across restarts.
Even if storage persistence is disabled, the /home directory will be
mapped to Azure Storage in the Kudu (Advanced Tools) container. That
way, the /home/LogFiles directory will persist between restarts and
scale out operations in the Kudu container. Therefore, if you need to
get Docker logs or other logs, always use the Kudu Bash console
instead of using SSH to access your app's container. (See this for
more information on how to get the latest Docker logs from Kudu.)
Note: If you set this app setting on an Azure App Service on Linux app
using a built-in image, it will have no impact.
Source: https://blogs.msdn.microsoft.com/waws/2017/09/08/things-you-should-know-web-apps-and-linux/#NoStorage
Related
We have an Angular application running on AppService (Windows) and there are large volume of SCORM packages on BLOB storage. To launch the SCORM package, we need to iframe the launcher URL(a BLOB URL) inside an Angular component. The SCORM launcher html file has few JS method which we need to access from Angular component. When trying to access the JS method from Angular, we are getting Cross origin error.
One option is to place all the SCORM packages under the same AppService root folder so that both Angular application and SCORM packages will be under same domain. But since these SCORM packages run into hundreds of GB, it is best to place it in storage rather in root folder.
So is there any way to mount a BLOB container as a drive in AppService so that when accessing the JS methods in Angular it will not result in Cross origin error?
Note: We don't follow container deployment but direct deployment to AppService.
As I have already mentioned in the comment , It is not possible to mount AzureBlob in a App Service of kind:Windows , you can only use Azure Files as mentioned in the Microsoft Document in limitations section. If it was of kind:linux then you could have mounted both AzureBlobs and Azure Files.
I have already tested for the same thing while creating a App service of windows and mounting the azure blob container using terraform in this SO thread and as you can find the output there it will error out.
So , as a Solution you can create a Azure File Share in the storage account and mount the same in the app service.
You can refer the below documents :
Create Fileshare
Mount Fileshare in Windows App Serice
We have a Web application, developed with ASP.Net Core and deployed on Azure using Docker container. The Web App uses serilog library (https://serilog.net/) as internal logging engine. The configuration of Serilog is stored in the file serilog.json, included in the Visual Studio Solution Explorer and, obviously, in the final Docker container.
Using a special admin panel included in the Web App, an administrator can change the active Serilog log level to any supported value (Fatal, Error, Warning and so on). This feature simply updates the file serilog.json, and ASP.NET Core reloads on-the-fly the new log level.
It works like a charm, but now the problems begins.
We use Azure DevOps to deploy every nighty a new version of our Web App, so every night the current Docker container is overwritten with the newest one. Also the file serilog.json, so every night we lose the log level configuration.
What are we wrong with this approach?
We need to move 'serilog.json' outside the Docker container and store it in another location?
Any idea?
Thanks for your help, support and discussion!
Docker has a run command that accepts a --read-only argument for mounting a container with a read-only filesystem. Is there a way to set up an Azure App Service slot to run a container from an Azure Container Registry with a read-only filesystem? I haven't been able to find any documentation or setting in the web console for configuring this.
My current setup is to use a GitHub Actions workflow to build and deploy the container with docker/build-push-action and azure/webapps-deploy Actions. My app is a Python Django app and as part of a security assessment, I've been instructed to make the app run in a read-only environment to prevent runtime modification of the app's code. I've already ensured that no part of my app needs to be able to write to the Docker container's filesystem, so now all I need to do is to ensure that the filesystem cannot be modified.
Docker containers for Azure App Service cannot be run in read-only mode(Mounting a Host's root File System in Read-Only Mode). AZ CLI Azure App Service for Docker supported commands
You can run your app in Azure App Service directly from a ZIP package, the ZIP package itself gets mounted directly as the read-only wwwroot directory.
Running directly from a package have multiple benefits:
Eliminates file lock conflicts between deployment and runtime.
Ensures only full-deployed apps are running at any time.
https://learn.microsoft.com/en-us/azure/app-service/deploy-run-package
Unfortunately, you can't change the docker command that the Azure App Service used to run the containers. Actually, there is nothing you can do with the command. All the containers are temporary. If you only want to run the containers and do not need to persist the data. Then you need to do nothing. The app services won't affect the filesystem after you delete them.
I have been attempting this for a good chunk of today but still have not found a solution.
I have a built spring boot application in the form of a jar.
I push this to a storage account container as a blob with azurerm_storage_blob
I reference this from a azurerm_app_service in app_settings.WEBSITE_RUN_FROM_PACKAGE using a data.azurerm_storage_account_sas
I see that it has pulled the blob from storage in the app-service but it has exploded it under D:\home\site\wwwroot
I have set site_config.java* (java_version, java_container and java_container_version) but it makes no attempt to start the application
I see there is a site_config.app_command_line but none of the examples I have found set this.
Has anybody gotten a spring boot application in a windows app service running using terraform?
Is there a better way to get the application jar to azure using terraform?
There are various ways to deploy your application to Azure App Service. For your scenario, I recommend not to set WEBSITE_RUN_FROM_PACKAGE and make sure your executable jar is called app.jar and it is dropped to the root of your Web App's content folder (/site/wwwroot).
App Service will automatically take care of setting the appropriate SERVER_PORT environment variable behind the scenes, so that when your Spring Boot application starts, it will start listening to the correct port.
If you need to set parameters, you can always set JAVA_OPTS in the App Service Settings section in the Azure portal and those will travel as environment variables and ultimately used by java.exe upon start.
If you hit any rough edge, feel free to open a ticket in Azure portal and we will be able to assist you better to make sure your app runs well in Azure App Service.
Other popular mechanism to deploy is using Maven:
https://learn.microsoft.com/en-us/azure/java/spring-framework/deploy-spring-boot-java-app-with-maven-plugin
I have the Matomo Docker Image from https://github.com/bitnami/bitnami-docker-matomo that I run in a Web App for Container on Azure with my own Azure Container Registry (ACR).
Also, I have an Azure Storage Account with a File Share available.
What I would like to achieve is to mount a persistent storage (File Share from Az Storage Account) to it so I don't loose the config and plugins installed of Matomo.
I tried using the Mount Storage (Preview), but I couldn't get it to work.
Name: matomo_data
Storage Type: Azure Files
Mount path: /bitnami
As described in: https://github.com/bitnami/bitnami-docker-matomo#persisting-your-application
This didn't work.
I also tried via the setting WEBSITES_ENABLE_APP_SERVICE_STORAGE = true on the Web App for Containers, but apparently seems not to do anything either.
I would appreciate any hints here, as otherwise I would have to make a custom docker image, push it to the registry, with a custom docker compose file, which I would like to avoid.
Thanks a lot in advance for any hints on this!
To mount the Azure File Share to the Web App for Container, as I think, it's not simple persistent storage, it's a share action. See the Caution below:
Linking an existing directory in a web app to a storage account will
delete the directory contents. If you are migrating files for an
existing app, make a backup of your app and its content before you
begin.
So, if you want to mount the file share to the web app to persist the storage, you need to upload all the files needed to the file share first. And the steps that mount the Azure File Share to the Web app are here. It shows for Windows, and for Linux is also the same way.
But I will suggest you'd better use the persistent storage following the steps here. This way will create persistent storage at the beginning and will not delete the directory contents.