I've got a Windows container that's running in Azure that I'm trying to attach persistent storage to, however, I'm not able to find any documentation on how to do so.
Dockerfile:
FROM mcr.microsoft.com/dotnet/framework/aspnet:4.8-20190910-windowsservercore-ltsc2016
SHELL ["powershell"]
EXPOSE 443
WORKDIR /CompanyAPP
COPY WebPackage.zip .
RUN Expand-Archive WebPackage.zip . ; `
Rename-Item ./CustomerWebConfigurator ./WebConfigurator; `
Rename-Item ./Customer ./WebRoot; `
Rename-Item ./CustomerWebService ./WebService; `
Rename-Item ./CustomerWCFService ./WCFService; `
rm WebPackage.zip
ARG BUILD
RUN Add-WindowsFeature Net-WCF-HTTP-Activation45;`
Install-PackageProvider -Name Nuget -Force;`
Set-PSRepository -Name PSGallery -InstallationPolicy Trusted;`
Install-Module -Name AWSPowerShell;`
New-WebApplication -Site 'Default Web Site' -Name 'App' -PhysicalPath c:\CompanyAPP\WebRoot; `
New-WebApplication -Site 'Default Web Site' -Name 'AppWebService' -PhysicalPath c:\CompanyAPP\WebService; `
New-WebApplication -Site 'Default Web Site' -Name 'AppWCFService' -PhysicalPath c:\CompanyAPP\WCFService; `
New-WebApplication -Site 'Default Web Site' -Name 'AppWebConfigurator' -PhysicalPath c:\CompanyAPP\WebConfigurator; `
Set-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters' -Name ServerPriorityTimeLimit -Value 0 -Type DWord;`
$cert = New-SelfSignedCertificate -Subject self; `
New-WebBinding -Protocol https -port 443 -name 'Default Web Site' -SSLFlags 0; `
$binding = Get-WebBinding -protocol https; `
$binding.AddSslCertificate($cert.Thumbprint, 'my');
RUN Set-WebConfiguration -PSPath 'IIS:\Sites\Default Web Site\App' -Filter '/system.web/customErrors' -Value #{mode='Off'};`
write-host 'got here!'
The storage is configured in an Azure Storage account, and using file storage, I'm attaching it in the configuration via path mappings, and am having no luck.
Hoping that someone can point me in a good direction to get this figured out.
I may be quite late to the party, but I stumbled upon this issue only today (mounting Azure File Volumes in a Windows Container still is not supported even a year later), and I found quite an easy workaround. I will share this here, because this question is one of the top results when searching for the error message.
You can mount your Azure File Volume via SMB. All you need is the UNC, a username and a password, which you can get from the properties of your Azure File Volume
So I created a small startup.cmd
#echo off
net use z: %MNTUNC% %MNTPASS% /user:%MNTUSER%
"c:\program files\myapp\myapp.exe"
and defined that startup.cmd as the entrypoint in the dockerfile
....
COPY ["startup.cmd", "c:/startup.cmd"]
ENTRYPOINT ["c:/startup.cmd"]
Pitfall: Be aware, that a drive mapped with net use (or New-PSDrive if you prefer PowerShell) is only visible to the user account under which the command was executed, so be sure to mount the drive with the same user, which is used to execute the service.
You can set the values for the environment variables during deployment like described here:
https://learn.microsoft.com/en-us/azure/container-instances/container-instances-environment-variables
For instance, when using a YAML file for deployment, you can set the environment variables as follows. Using secureValue makes the value of the environment variable accessible only from within the container and the values won't be shown for instance in the properties of the container on the azure portal.
....
containers:
- name: mycontainer
properties:
environmentVariables:
- name: 'MNTUNC'
secureValue: '\\myaccountname.file.core.windows.net\myvolume'
- name: 'MNTPASS'
secureValue: 'mysupersecretpassword'
- name: 'MNTUSER'
secureValue: 'Azure\myaccountname'
If you use the Azure Container Instance to deploy for Windows container, then the Azure File storage does not support the persistent volume., it's currently restricted to Linux containers. You can get more details about the note here:
Mounting an Azure Files share is currently restricted to Linux
containers.
Update:
With the message that the provided in the comment, you use the web app for the container with the Windows image. In this situation, it supports to mount the Azure File Share to the Windows Container. You can follow the steps in Configure Azure Files in a Windows Container on App Service.
Related
We are using Azure automation runbook using hybrid worker and trying to collect information from on-prem vcenter environment. We are using Get-VICredentialStoreItem to logon to vcenter but logon itself using stored credentials is failing from runbook. When I use this script locally on hybrid worker server it works fine.
The error we are getting is that it can't find the path(most likely for xml file) so it can't logon to vcenter server. Screenshot of error is below.
My understanding is that the script runs locally in hybrid worker server so if it is not complaning about path locally then why would this be causing an issue while running from runbook hybrid worker.
$date = get-date -format dd-MM-yyyy
#Load Module and connect to vCenter
Get-Module -Name VMware.PowerCLI.VCenter* -ListAvailable | Import-Module
Get-Module -Name VMware.Sdk* -ListAvailable | Import-Module
Get-Module -Name VMware.VimAutomation.Core | Import-Module
Set-PowerCLIConfiguration -InvalidCertificateAction Ignore -Confirm:$false
Set-PowerCLIConfiguration -Scope User -ParticipateInCEIP $false -Confirm:$false
$Credentials = Get-VICredentialStoreItem -Host "server1.domain.local" -File "\\mgmtserver.domain.local\Credentials\pwd.xml"
Connect-viserver -server "server1.domain.local" -User $Credentials.User -Password $Credentials.Password
$datastore = "\\mgmtserver.domain.local\myshare2\VMware-Corp-Datastores.csv"
#add VMtools details
New-VIProperty -Name ToolsVersion -ObjectType VirtualMachine -ValueFromExtensionProperty 'Config.tools.ToolsVersion' -Force
New-VIProperty -Name ToolsVersionStatus -ObjectType VirtualMachine -ValueFromExtensionProperty 'Guest.ToolsVersionStatus' -Force
#export datastore list
get-datastore | Select Name, Datacenter, CapacityGB, FreeSpaceGB | export-csv $datastore -NoTypeInformation -UseCulture
disconnect-viserver -Server * -confirm:$false
Error screenshot
The system cannot find the path specified.
A command that prompts the user failed because the host program or the command type does not support user interaction. The host was attempting to request confirmation with the following message: Please specify server credential
Found the issue, credentials have to be created using same account that is going to use it in Automation account.
I've been following this guide to cloning an existing app. I'm running the Az Powershell Module via Docker.
Here's what I ran:
$destapp = New-AzWebApp -ResourceGroupName HLP-API-NEW -Name hlp-api-new -Location "UK South" -AppServicePlan hlp-api-plan-new -SourceWebApp $srcapp
HLP-API-NEW is a new resource group that I created; hlp-api-plan-new is likewise a new service plan.
Here's how I got $srcapp:
$srcapp = Get-AzWebApp -ResourceGroupName HLP-API -Name api-hlp
The service plan / resource group nams are definitely correct. I get the following error:
New-AzWebApp: Long running operation failed with stauts 'InternalServerError'
Does anyone know why this might be?
Please make sure your app is not under the below conditions. if it is in the below condition, we can't be able to clone it.
Restrictions to clone app
Auto scale settings are not cloned
Backup schedule settings are not cloned
VNET settings are not cloned
App Insights are not automatically set up on the destination app
Easy Auth settings are not cloned
Kudu Extension are not cloned
TiP rules are not cloned
Database content is not cloned
Outbound IP Addresses changes if cloning to a different scale unit
Not available for Linux Apps
Managed Identities are not cloned
Not available for Function Apps
If your app is not in the above criteria, you can clone it.
Ways follows
1. Using Slot parameter
To clone an existing app including all associated deployment slots, you need to use the Slots parameter.
$srcappslot = Get-AzWebAppSlot -ResourceGroupName <Your Resource Group> -Name <Your app name> -Slot <slot name>
$destapp = New-AzWebApp -ResourceGroupName <Your Resource Group> -Name <Your new app name> -Location <location to create app> -AppServicePlan <App service plan name> -SourceWebApp $srcappslot
2. Using the new App Service plan
$srcapp = Get-AzWebApp -ResourceGroupName <Your Resource Group> -Name <Your app name>
New-AzAppServicePlan -Location "Central US" -ResourceGroupName <Your Resource Group> -Name <App Service plan Name> -Tier Standard
$destapp = New-AzWebApp -ResourceGroupName <Your Resource Group> -Name <new app name to create> -Location <Location to create app> -AppServicePlan <Your new app service name> -SourceWebApp $srcapp
3. Using Existing App Service plan
$srcapp = Get-AzWebApp -ResourceGroupName <Your Resource Group> -Name <Your app name>
$destapp = New-AzWebApp -ResourceGroupName <Your Resource Group> -Name <new app name to create> -Location <Location to create app> -AppServicePlan <Specify exact App service file path (APP SERVICE PLAN> PROPERTIES>RESOURCEID)> -SourceWebApp $srcapp
I have the same problem, I don't understand what's wrong with my command. While scouring the Internet I found this command which is leading me towards a solution. You may find it helpful as well:
PS> Resolve-AzError
This provided me the clue I needed to chase:
Message : Long running operation failed with status 'InternalServerError'.
ServerMessage : Restore failed with errors: Detail: Hostname 'abc.somedomain.com' conflicts with an already existing hostname.
ExtendedCode: 04005
Good luck!
I am trying to setup my first Azure point-to-site VPN. If I'm reading things correctly, the URL I get from this PowerShell code:
$profile = New-AzVpnClientConfiguration -ResourceGroupName $ResourceGroup -Name $GWName -AuthenticationMethod "EapTls"
$profile.VPNProfileSASUrl
should download an executable called VpnClientSetupAMD64.exe that will be in the WindowsAmd64 folder of the downloaded zip file. That executable should do the setup on the native Win 10 1909 client.
The zip file I get doesn't have any executable in it and doesn't have that directory in it. I only get the XML and OVPN files with the config data for the VPN client.
I also tried using the Download VPN Client selection in the GUI Azure portal on the VnetGW/point-to-site page and I get the identical zip file - still no setup exe.
I looked for a way to either directly download the VpnClientSetupAMD64.exe file or to specify the azurevpnconfig.xml file that I do get as a parameter to setup the VPN client but I see nothing applicable.
I understand that I can manually configure the VPN client using the info I have but that doesn't scale.
Can someone give me any pointers?
I had the same issue trying to setup Azure P2S VPN today, the downloaded VPN client is just a configuration file.
Did a bit research and found the solution: https://learn.microsoft.com/en-us/azure/vpn-gateway/openvpn-azure-ad-client
Open Windows store, and install a app "Azure VPN Client". Then you can run Azure VPN Client and import the configuration file.
Be default, the Tunnel type is OpenVPN(SSL) in the Point-to-site configuration UI. Before you generate files using PowerShell, you should select the VpnClientProtocol to SSTP and IKEv2, or one of them because they are used for Windows clients. So you will get the VpnClientSetupAMD64.exe file. You could get more details here.
You also could refer to create a VPN Gateway and add point-to-site configuration using PowerShell.
New-AzVirtualNetworkGateway -Name VNet1GW -ResourceGroupName TestRG1 `
-Location 'East US' -IpConfigurations $gwipconfig -GatewayType Vpn `
-VpnType RouteBased -GatewaySku VpnGw1 -VpnClientProtocol "IKEv2"
# Add the VPN client address pool
$Gateway = Get-AzVirtualNetworkGateway -ResourceGroupName $RG -Name $GWName
Set-AzVirtualNetworkGateway -VirtualNetworkGateway $Gateway -VpnClientAddressPool $VPNClientAddressPool
# Create a self-signed root certificate
$cert = New-SelfSignedCertificate -Type Custom -KeySpec Signature `
-Subject "CN=P2SRootCert" -KeyExportPolicy Exportable `
-HashAlgorithm sha256 -KeyLength 2048 `
-CertStoreLocation "Cert:\CurrentUser\My" -KeyUsageProperty Sign -KeyUsage CertSign
# Export the root certificate to "C:\cert\P2SRootCert.cer"
# Upload the root certificate public key information
$P2SRootCertName = "P2SRootCert.cer"
$filePathForCert = "C:\cert\P2SRootCert.cer"
$cert = new-object System.Security.Cryptography.X509Certificates.X509Certificate2($filePathForCert)
$CertBase64 = [system.convert]::ToBase64String($cert.RawData)
$p2srootcert = New-AzVpnClientRootCertificate -Name $P2SRootCertName -PublicCertData $CertBase64
Add-AzVpnClientRootCertificate -VpnClientRootCertificateName $P2SRootCertName `
-VirtualNetworkGatewayname "VNet1GW" `
-ResourceGroupName "TestRG1" -PublicCertData $CertBase64
On Azure Portal, I am able to setup path-based rules which have some default setting, and a list of sub-rules (UrlPathMap).
Each of those sub-rules has a name, paths, backend pool, and HTTP setting that have to be configured.
As I can see I can update this map easily through Azure Portal.
I want to be able to create such sub-rules dynamically from code as part of the application installation. I would prefer to do this directly from .NET (ASP.NET Core 3.1) application, but Azure CLI or Azure Powershell script should be OK for me as well.
At this point, I tried to use Microsoft.Azure.Management.Fluent library, Azure CLI and Azure Powershell but I do not see the direct option to do what is need.
Will be really glad to get some help here.
According to my test, we can use the following PowerShell script to create a sub-rule.
Connect-AzAccount
$groupName=""
$gatewayName=""
$poolNmae=""
$httpName=""
$pathRuleName=""
# get original sub-rule in your path rule
$appgateway=Get-AzApplicationGateway -Name $gatewayName -ResourceGroupName $groupName
$pathmap=Get-AzApplicationGatewayUrlPathMapConfig -ApplicationGateway $appgateway -Name $pathRuleName
$t =$pathmap.PathRules.ToArray()
# add a new sub-rule to the path rule
# 1. get the require backendpool or backendhttp settings
$pool=Get-AzApplicationGatewayBackendAddressPool -Name $poolNmae -ApplicationGateway $appgateway
$http=Get-AzApplicationGatewayBackendHttpSetting -Name $httpName -ApplicationGateway $appgateway
# 2. create the sub-rule
$r=New-AzApplicationGatewayPathRuleConfig -Name "rule01" -Paths "/path" -BackendAddressPool $pool -BackendHttpSettings $http
$t += $r
# 3. update the path rule to add the new sub rule
Set-AzApplicationGatewayUrlPathMapConfig -ApplicationGateway $appgateway -Name $pathmap.Name -PathRules $t -DefaultBackendAddressPool $pool -DefaultBackendHttpSettings $http
# 4. make the update effective
Set-AzApplicationGateway -ApplicationGateway $appgateway
I'm trying to create a new Backend Pool in PowerShell.
In Azure's UI, these Backend Pools can refer to an App Service (e.g. a single container).
The PowerShell cmdlet however doesn't appear to support this, as far as I can see:
$AppGw = Get-AzureRmApplicationGateway -Name "ApplicationGateway01" -ResourceGroupName "ResourceGroup01"
$AppGw = Add -AzureApplicationGatewayBackendAddressPool -ApplicationGateway $ AppGw -Name "Pool02" -BackendIPAddresses "10.10.10.10", "10.10.10.11"
$AppGw = Get-AzureRmApplicationGateway -Name "ApplicationGateway01" -ResourceGroupName "ResourceGroup01"
$AppGw = Add-AzureRmApplicationGatewayBackendAddressPool -ApplicationGateway $AppGw -Name "Pool02" -BackendFqdns "contoso1.com", " contoso1.com"
I was hoping that it would be something along the lines of...
$AppService = Get-AzureRmWebApp -Name 'WebApp01'
$AppGw = Add-AzureRmApplicationGatewayBackendAddressPool -ApplicationGateway $AppGw -Name 'Pool02' -BackendWebApp $AppService
Does anyone know if there's any way around this?
For PowerShell, it seems there no cmdlet can achieve it that you expected:
Add-AzureRmApplicationGatewayBackendAddressPool -ApplicationGateway $AppGw -Name 'Pool02' -BackendWebApp $AppService
In the Azure portal, it is just convenient for people to find the App Service with the type App Services and get the FQDN. But for PowerShell cmdlet, it is more direct to input the FQDN.
By the way, people usually use an FQDN to access Azure Web Service. You can get more details about Configure App Service Web Apps with Application Gateway here.