I have setup an Azure App Service to host a docker container. This is all running fine -- pointing at a private Docker repository/image, using the latest tag.
I would like to be able to publish a new Dockage image from my CI server to the Docker repository under the latest tag and somehow trigger the App Service to pick up that there is a change of the latest image.
It seems I can trigger the change by modifying an Application Setting on the App Service and saving it -- but this does not seem like the correct way to handle it.
Is there a best practise for this kind of deployment?
In the properties section of the web app you'll find a DEPLOYMENT TRIGGER URL.
This URL should point to the /deploy endpoint. Remove that part and use the /docker/hook endpoint.
Your URL should look something like this: https://xxxx.scm.azurewebsites.net/docker/hook
If you POST to that URL with empty body it will trigger a deployment using the latest docker image.
Currently they are working on a solution for this scenario but as stated in their FAQ about Web App on Linux either modifying the application settings or restarting the web app is the only way of triggering the change.
Related
I have a pipeline that publishes to my private Azure container registry but if I push a new image tagged with latest, my Azure app service does not pull the newly tagged latest image. I have Continuous deployment turned on via the DOCKER_ENABLE_CI app setting.
Additionally, I'm using a managed identity to authenticate with the ACR. I feel like the CD portion was working when I was using credentials to pull the image but after switching to managed identity it appears to have stopped. In order to get the new image I have to restart the app service which is not idea and makes this CD option useless...
When you enable Continuous deployment, App Service adds a webhook to your ACR to notify the web apps. The webhook causes your App Service app to restart and run the docker pull to get the updated image.
So, please go to your ACR, and under webhook, please check if there are running webhooks or not, if not you can create a webhook manually and see if the WebApp get the latest image in the following deployment.
source
With Azure App Service it is possible to deploy an application using a container image, as visibile in the image that follows.
I am deploying the boss/keycloak image from docker hub repository with the configuration visibile here:
After a successful deployment I am able to access the home page of the application that shows me correctly that I should create an admin user in order to access keycloak.
Now the problem arise. I am not able to access the container using ssh in order to create the admin user through the add-user.sh script.
The azure built-in ssh console from the portal refuses the connection. I also found a guide to create a connection but it fails into an infinte loop and then a timeout. It says that the app is not running, but of course it is, because I can access the home page through http.
A question may be: is there a way to use -e parameters when deploying the container in this way? It that would possibile I could create the user like described in keycloak documentation, but I can't find a way to do it.
I attach some images to explain better what happens.
Set the following variables in the app service Application Settings:
KEYCLOAK_USER=<USERNAME>
KEYCLOAK_PASSWORD=<PASSWORD
as documented in https://hub.docker.com/r/jboss/keycloak/
You could try to execute a command within the container, maybe the following URL could help :
https://learn.microsoft.com/en-us/azure/container-instances/container-instances-exec
On the other hand, you could log in using VS code with the azure and docker plugins and ssh into the container that you want to log in.
it's easy. Azure only works if the ssh port is 2222.
So you have to use a own Docker Image based on keycloak and modify the port.
We have a Restify API running in Azure App Service on Linux for a while now. Suddenly this app (both test and prod, they run as seperate apps) stopped working. Based on the logs the error is related to a package we are using node-highcharts-exporting which is dependent on PhantomJS. App Service is using Node 8.1.
We tried re-deploying the code, upgrading node version to 8.12 (do not want to use latest version with out testing) but still no luck.
Deployment Logs: (This part is successful. This is just for reference)
Container logs: (Startup fails here)
Tried to replicate the same environment on-prem and everything works fine. Created a new App Service which is also running into same issue. Any help is much appreciated.
Update 1:
I think I figured out what is happening. This is related to font libraries on linux https://github.com/ariya/phantomjs/issues/10904
I need to install libfontconfig but this is not supported on Azure App Service.
Yes, it is due to sandbox restriction on a App Service. Just to highlight, the standard/native Azure Web Apps run in a secure environment called a sandbox. Each app runs inside its own sandbox, isolating its execution from other instances on the same machine as well as providing an additional degree of security and privacy which would otherwise not be available.
Not supported scenarios on standard App Service - PhantomJS (/Selenium): tries to connect to local address, and also uses GDI+.Known issue for all PDF generators based on wkhtmltopdf or phantomjs: custom fonts are not rendered (system-installed font is used instead) because of sandbox GDI API limitations.See App Service GitHub sandbox page.
Based on your requirement, however you could use a custom container in App Service (You can use a custom Docker image) that lets you make OS changes that your app needs.
Checkout these document for more details on this topic:
Run a custom Linux container in Azure App Service (You can use a custom Docker image): https://learn.microsoft.com/azure/app-service/containers/quickstart-docker
Run a custom Windows container in Azure (Preview):
https://learn.microsoft.com/azure/app-service/app-service-web-get-started-windows-container
I'm trying Azure App Services. I've set up a build pipeline in Azure DevOps which builds and pushes my image to Docker Hub and then publishes docker-compose.yml as an artifact.
My release pipeline takes the docker-compose.yml and feeds it to the "Azure Web App for Container" task which succeeds. But the bot goes down and doesn't get back up after the deployment unless I access http://<myappname>.azurewebsites.net, then it starts and is of the latest pushed version. So everything seems to work, except the "restart" or docker-compose up.
I've been reading that I want to add a WebJob to my app service, but since I am using a Linux host I cannot seem to configure this. I've tried adding a curl task after deployment, but this probably executes too early.
Any ideas on how I would get to solve this last piece of the puzzle to have a simple CI/CD environment?
Currently there is zero out of the box support for hosting WebJobs in a Linux hosted app service. I've heard there's a hacky way of doing it (I'll have to find the post) but since it's not supported out of the gate, there's no guarantee it'll work.
I created Azure App Service. I choosed "single container" and used "Private Registry".
I filled my private docker hub, credentials, username & password and my site is running my docker image website well.
Now I want to use NEW image with newer tag. I noticed, there is a "webhook" functionality but I dont know how to use this webhook. I thing, that this webhook can be used to pull newer image from my registry but I dont know how to use it.
If this is not the meaning of this web hook, what is the best practise to PULL new container to web app service.
Note: I am not using Azure Container registry. I have my own private hub. And I want to use Jenkins to deploy new container.