Every now and then I lose the permissions for a project to be deployed via Google App Engine PHP.
HttpException: Permissions error fetching application [apps/PROJECT_ID]. Please make sure you are using the correct project ID and that you have permission to view applications on the project.
I use Jenkins, and I can see via the config history that nothing changed. Even if I escalate the privileges to "project owner" in console.cloud.google.com - same results: permissions denied.
The only way I am able to solve this issue is create a complete new app engine project.
Question: why do IAM accounts expire, and what is the recommended way of using credentials to automate deploys with Google App Engine PHP ?
I had this error message and for me the error was due to switching projects by using "gcloud config set project PROJECT_NAME" instead of "gcloud config set project PROJECT_ID".
I was able to solve it by appending --configuration CONFIG_NAME additionally to my gcloud app deploy command. I don't know why some projects work by just specifying the --project arg, and others not.
In any case it seems cleaner to always explicitly set the configuration-arg per gcloud command
Related
I am trying to deploy the Azure Web App in the Qa instance. I have created 3 different appsettings.json files with environment specific Client ID's in it
On the release pipeline for QA branch I am trying to use the test app service and set the settings like below
Release pipeline is all getting executed without any issues but when I try to access the application URL I get error like
Application ID is still pointing to the DEV one even though the appsettings.QA.json has different client ID of the Test App Registration where I set the reply URl and all correcctly.
I am not sure why my QA release pipeline is not using the ID's from the appsettings.QA.json. Can anyone please suggest me what is that I am missing here. Any help is greatly appreciated
Check how the application picks correct appsettings.json -file into use. As it picks Appsettings.Development.json in QA-environment, check how the environment is set in QA-environment App Service. Perhaps there is an environment-variable with the value "Development" in App Service configuration and that should be set to "QA"?
When you create an app there's no option to customize this, it's just there by default.
This matters because sometimes I don't want github actions to say that I'm deploying to "production", I want it to say I'm deploying to "development". But if I change this property manually, I'll get an error in github actions saying: Error: Deployment Failed with Error: Error: Publish profile is invalid for app-name and slot-name provided. Provide correct publish profile credentials for app. But then as soon as it's changed back the deployment works again, so I need to find a way to change this property in Azure?
Always the main slot of the webapp is called production, there is no way to change it.
I have followed these steps:
I installed `Google Cloud Build app on Github, linked it to Cloud Build and configured it to use a certain repository (a private one)
I set up a trigger at Cloud Build: Push to any branch
the project has no app instances after deploying (App Engine -> Dashboard)
My cloudbuild.yarml looks like this:
steps:
- name: 'gcr.io/cloud-builders/gcloud'
args: ['app', 'deploy', '--project=project-name', '--version=$SHORT_SHA']
If I try to run the trigger manually: I get this error in Google Cloud:
unable to get credentials for cloud build robot
I have also tried to set IAM roles based on this article but using #cloudbuild.gserviceaccount.com doesn't seem to be a valid "member" (perhaps I need two projects, one for running and one for building the app?)
How do I fill the gaps / fixes the errors mentioned?
It seems the error message looking for credential that has the required permission. From the article that you are following, in the step #4, don't add manually the Service Account for Cloud Build. Check if you enable the Cloud Build API in your project, if the API is disabled try to enable. It will automatically create the Service Account for Cloud Build and look likes this:
[PROJECT_NUMBER]#cloudbuild.gserviceaccount.com
Once the service account is created, go to Cloud Build > Setting page and enable the required roles for you application.
After a successful build using a hosted VS2017 agent, I'm trying to deploy on-prem using an local hosted agent which was setup using a domain account which should have sufficient permissions as it is in the local admin group. As I was digging around on this issue elsewhere, one user re-installed their agent using NTATHORITY\SYSTEM and it worked.
I d'ont really need to create or stop\start the website, just deploy the recent build artifact.
What permissions should I check or should I use another task?
019-04-06T21:03:10.3898646Z ERROR ( message:Configuration error
2019-04-06T21:03:10.3899503Z
2019-04-06T21:03:10.3899791Z Filename: redirection.config
2019-04-06T21:03:10.3900026Z 2019-04-06T21:03:10.3900293Z Line
Number: 0 2019-04-06T21:03:10.3900530Z 2019-04-06T21:03:10.3900852Z
Description: Cannot read configuration file due to insufficient
permissions 2019-04-06T21:03:10.3901076Z 2019-04-06T21:03:10.3901333Z
. ) 2019-04-06T21:03:10.8135484Z ##[error]Process 'appcmd.exe' exited
with code '5'.
An agent is running under a user. The error means that your user doesn't have permissions to read/modify the redirection.config file that is necessary to manage IIS.
You have multiple options to solve this.
Change the user were the agent is running under. In example: NTATHORITY\SYSTEM
Give permissions to the user were your agent is running under to the folder C:\Windows\System32\inetsrv\config. If you want to create app pools or websites etc, modify permissions are of course needed.
When we install Azure agent as a service(In Windows, search for 'Services' and look for something like Azure Pipelines Agent..), by default it is logged on as 'Network Service'. Change it to 'Local System' and the pipeline should be able to run IIS related tasks/commands.
I have a Visual Studio Enterprise MSDN subscription so I decided to move from Heroku to Microsoft Azure because I used to pay: now I don't. My Service Plan is the D1.
I wish I can trail the console.log strings of my Node JS application deployed on my Azure platform. My service plan is the shared one named
I deployed the app code on BitBucket and linked my repo to the application with a correct destribution. Correct means I see the green check flag. I deployed, on the main folder of the app, a file named IISNode.yml, here is the content:
nodeProcessCommandLine: "D:\Program Files (x86)\nodejs\0.12.6\node.exe"
loggingEnabled: true
debuggingEnabled: false
devErrorsEnabled: false
node_env: production
The firse line I copied from the iisnode.yml created by Azure itselves. The other lines I am not quite sure about the exact meanings of all of them, but I figured they were enough. If I visit the url: http://MY_APP_NAME.scm.azurewebsites.net/DebugConsole I can click on Tools->Log Stream menu but the page remains on loading.
I can reach the Azure Portal, enter my node app, Tools -> Application Log and Web Server log. The application log shows this (I think quite interesting) message:
System.ApplicationException: The trace listener AzureBlobTraceListener is disabled. ---> System.InvalidOperationException: The SAS URL for the cloud storage account is not specified. Use the environment variable 'DIAGNOSTICS_AZUREBLOBCONTAINERSASURL' to define it.
at Microsoft.WindowsAzure.WebSites.Diagnostics.AzureBlobTraceListener.RefreshConfig()
I have not reached informations about this "environment variable", and I can0t guess what the BLOB container has to do with my log application. And: what is the correct value for this variable? And if there is any, why is that one correct?
The Web Servier log is are empty. I can see http activities from the monitor of the app on the same portal, but still no log.
Am I missing something ? I decided to install Visual Studio, maybe this will help? I hope this has tools to be integrated with Azure for good. Meanwhile, where is the console log of my (Extremely Simple) node application?
You can view your logs in real time if you use the azure SCM interface. This can usually be accessed on the following url
https://{{ name of webapp }}.scm.azurewebsites.net/api/logstream
All your console output from your application is redirected here.
You can also use curl:
curl -u {{ deploymentCredentialsUsername:deploymentCredentialsPassword }} https://webapp-name.acm.azurewebsites.net/api/logstream
Otherwise you could use the nodejs azure cli. Install it with
npm install -g azure-cli
Switch to asm mode:
azure config mode asm
Then you can proceed to look at the logs from your terminal:
azure site log tail {{ webapp name }}
You can add an item in iisnode.yml named logDirectory, set the value as iisnode for example, then the application will create a folder in this name in your root directory and store files with stdout and stderr captures in it. You can refer to https://github.com/tjanczuk/iisnode/blob/master/src/samples/configuration/iisnode.yml#L94 for the details for this configuration.
You can store logs in files whatever you need via console.log(), then the application will create a html file index.html in the log folder to provide logs. You can visit the logs via the URL: http://<you_app_name>.azurewebsites.net/<log_file_name>/index.html
Additionally, you can leverage Node.js console class to customize logger, refer to https://nodejs.org/api/console.html#console_new_console_stdout_stderr for the sample
If you are using the Azure Portal web interface, you can find the console.log output under the Log Stream section under Monitoring.
Refer to the screenshot below: