I have a Visual Studio Enterprise MSDN subscription so I decided to move from Heroku to Microsoft Azure because I used to pay: now I don't. My Service Plan is the D1.
I wish I can trail the console.log strings of my Node JS application deployed on my Azure platform. My service plan is the shared one named
I deployed the app code on BitBucket and linked my repo to the application with a correct destribution. Correct means I see the green check flag. I deployed, on the main folder of the app, a file named IISNode.yml, here is the content:
nodeProcessCommandLine: "D:\Program Files (x86)\nodejs\0.12.6\node.exe"
loggingEnabled: true
debuggingEnabled: false
devErrorsEnabled: false
node_env: production
The firse line I copied from the iisnode.yml created by Azure itselves. The other lines I am not quite sure about the exact meanings of all of them, but I figured they were enough. If I visit the url: http://MY_APP_NAME.scm.azurewebsites.net/DebugConsole I can click on Tools->Log Stream menu but the page remains on loading.
I can reach the Azure Portal, enter my node app, Tools -> Application Log and Web Server log. The application log shows this (I think quite interesting) message:
System.ApplicationException: The trace listener AzureBlobTraceListener is disabled. ---> System.InvalidOperationException: The SAS URL for the cloud storage account is not specified. Use the environment variable 'DIAGNOSTICS_AZUREBLOBCONTAINERSASURL' to define it.
at Microsoft.WindowsAzure.WebSites.Diagnostics.AzureBlobTraceListener.RefreshConfig()
I have not reached informations about this "environment variable", and I can0t guess what the BLOB container has to do with my log application. And: what is the correct value for this variable? And if there is any, why is that one correct?
The Web Servier log is are empty. I can see http activities from the monitor of the app on the same portal, but still no log.
Am I missing something ? I decided to install Visual Studio, maybe this will help? I hope this has tools to be integrated with Azure for good. Meanwhile, where is the console log of my (Extremely Simple) node application?
You can view your logs in real time if you use the azure SCM interface. This can usually be accessed on the following url
https://{{ name of webapp }}.scm.azurewebsites.net/api/logstream
All your console output from your application is redirected here.
You can also use curl:
curl -u {{ deploymentCredentialsUsername:deploymentCredentialsPassword }} https://webapp-name.acm.azurewebsites.net/api/logstream
Otherwise you could use the nodejs azure cli. Install it with
npm install -g azure-cli
Switch to asm mode:
azure config mode asm
Then you can proceed to look at the logs from your terminal:
azure site log tail {{ webapp name }}
You can add an item in iisnode.yml named logDirectory, set the value as iisnode for example, then the application will create a folder in this name in your root directory and store files with stdout and stderr captures in it. You can refer to https://github.com/tjanczuk/iisnode/blob/master/src/samples/configuration/iisnode.yml#L94 for the details for this configuration.
You can store logs in files whatever you need via console.log(), then the application will create a html file index.html in the log folder to provide logs. You can visit the logs via the URL: http://<you_app_name>.azurewebsites.net/<log_file_name>/index.html
Additionally, you can leverage Node.js console class to customize logger, refer to https://nodejs.org/api/console.html#console_new_console_stdout_stderr for the sample
If you are using the Azure Portal web interface, you can find the console.log output under the Log Stream section under Monitoring.
Refer to the screenshot below:
Related
My issue:
When I try access the main URL for my web app, Azure replies with a '403 - You do not have permission to view this directory or page'.
Context:
I have deployed a Python webapp to Azure using the Pipeline/Release on DevOps (Azure Web App Deploy task seems to run successfully with the artifact generated by the Pipeline). I have previously deployed Python Function Apps successfully with a similar pipeline (different app type of course, and sku).
The Kudu SCM page works e.g.,: myapp.scm.azurewebsites.net
All logs seem to indicate the webapp deployment was successful. If I use CMD or Powershell from the SCM, I can see my app.py (for Flask) is in the correct location. The deployment has my requirements under the site packages installed including Flask.
The app runs quite successfully on my local machine via 'flask run', after I activate the virtual environment.
Yet when I try connect to myapp.azurewebsites.net, I get a 403 on the plain route. Anything after it like /test or /myapi returns a 404.
Something I do not see in any of the logs I can access via Kudu is mention of 'gunicorn', which I believe is what Azure uses by default. I just want to see some kind of log output somewhere to show that flask or gunicorn or something has successfully loaded app.py and is listening for incoming connections.
Maybe you do not know why I would get 403's, but you might know where I should be seeing the aforementioned logs.
TIA for any suggestions.
EDIT:
Something to add is that if I enable logs, and connect to the logstream then I do see logs generated as I access Kudu. This suggests some Application & Web Server are running - at least for whatever container runs that side of things.
It even notes the failed connections from Postman for the actual myapp.azurewebsites.net, but has nothing other than a line indicating that there is a 403.
My app has been stripped down to the most bare app.py with no includes other than Flask and routes which simply return a string. Most includes in requirements.txt have also been stripped out.
Still same issue.
I do have an answer after a couple of days worth of pulling my hair out.
Turns out that the 403's were not actually a permissions issue.
az webapp list-runtimes --os windows
The list shows no runtimes available for Python/Flask Web App. This is why I could not find any gunicorn or Flask logs - neither are set up. Azure deployed the artifact's zip and called it a day.
To rectify this, the DevOps Pipeline/Release must run on Linux. The Azure Web App Deploy task, when set to "Web App on Linux", will have Python runtime stacks available. Once selected, these will allow for a startup command to be specified. (Such as flask run --host=0.0.0.0 --port=8000)
Furthermore in azuredeploy.json the "Microsoft.Web/serverfarms" must have a "kind" specified to include "linux". It also requires:
"properties": {"reserved" : true}
Once deployed, logs indicate that docker is being set to an internal port of 8000 while the default 'flask run' which is executed would use 5000.
Ideally: use gunicorn with port mapping but, to get things going, tell flask to use port 8000.
I have several Azure Functions Apps (c#, javascript and python) and after some time they were all randomly set to Read Only mode. The strange thing is that only one of these 3 function apps were updated before this happened. I know that this is not necessarily a problem, but I want to be able to make edits from the portal.
I can't open App Service Editor
I can't set the app to Read/Write from Function App Settings -> Function app edit mode
I also tried using "func azure functionapp publish myAzFuncAppName --nozip", but with the same result
Of course. Please notice that if the function is 'deployed' to Azure, what will be deployed is the compiled file.
For example, if you deploy C# function app, what will be deployed is the dll file. So this is why it is readonly.
Changes to the code should be done before compiling them into corresponding 'cannot be edited' files, which requires special attention.
But for the modification of the declarative part and the configuration part of the function, this is possible, the specific steps are as follows:
Declarative part:
Then click Debug Console > cmd:
Go to site\wwwroot[yourfunctionname], and there will be a function.json.
Click the 'pen' to edit and don't forget to save.
Configuration part:
You can change the settings from Azure Portal or by editing the application settings. FUNCTION_APP_EDIT_MODE allows values readwrite and readonly, a
Just deleted the Azure Function App, created a new one, transferred the code in the new one and deployed -> still read only, but now I was able to open "App Service Editor" and remove "generated by..." from function.json and then set "Read/Write" from Function App Settings -> Function app edit mode.
Still... I can't see/edit the code of the function, only of function.json and if I redeploy using Azure extensions of Visual Code or powershell with --nozip attribute, the "generated bla bla" appears again :(
When the application runs from package, the files are loaded from that package. Hence those files are not editable.
You need to set WEBSITE_RUN_FROM_PACKAGE : 0 in app settings and redeploy the application again to make the function app editable.
refer https://social.msdn.microsoft.com/Forums/en-US/972d843c-8bdc-4cfc-9c6d-263df196d37c/azure-function-app-readonly-mode?forum=AzureFunctions
UPDATED:
You can deploy functionapp through command line from visual studio code. Try below command.
func azure functionapp publish --nozip
The nozip flag would set Run-From-Package mode off .
you can access other information regarding that command with func azure functionapp publish --help
I am unable to run docker image dpage/pgadmin4 on azure web app (Linux) which is available on docker hub.
I have installed Docker in my Linux machine and was able to run that docker image locally. Then I created Web app in Azure with options as given below:
OS: Linux
Publish: Docker Image
App service plan: Linux app service
After creating web app, I added two env variables in App Settings section:
PGADMIN_DEFAULT_EMAIL : user#domain.com
PGADMIN_DEFAULT_PASSWORD : SuperSecret
Finally login screen is visible but when I enter above credentials, it doesn't work and keeps redirecting to login page.
Update: If login is working properly, screen appears as shown below.
!(pgadmin initial screen)
After several retries i once got an message (CSRF token invalid) displayed in the right-top corner of the login screen.
For CSRF to properly work there must be some serverside state? So I activated the "ARR affinity" in the "General Settings" on the azure "Configuration".
I also noticed in the explamples on documentation the two environment-variables PGADMIN_CONFIG_CONSOLE_LOG_LEVEL (which is in the example set to '10') and PGADMIN_CONFIG_ENHANCED_COOKIE_PROTECTION (which is in the example set to 'True').
After enabling "ARR" and setting PGADMIN_CONFIG_ENHANCED_COOKIE_PROTECTION to False the login started to work. I have no idea what PGADMIN_CONFIG_ENHANCED_COOKIE_PROTECTION is actually doing, so please take that with caution.
If thats not working for you, maybe setting PGADMIN_CONFIG_CONSOLE_LOG_LEVEL to 10 and enabling console debug logging can give you a clue whats happening.
For your issue, I do the test and find that it's really a strange thing. When I deploy the docker image dpage/pgadmin4 in Azure service Web App for Container through Azure CLI and set the app settings, there is no problem to log in with the user and password. But when I deploy it through the Azure portal, then I meet the same thing with you.
Not sure what is the reason, but the solution is that set the environment variables PGADMIN_DEFAULT_EMAIL and PGADMIN_DEFAULT_PASSWORD through the Azure CLI like below:
az webapp config appsettings set --resource-group <resource-group-name> --name <app-name> --settings PGADMIN_DEFAULT_EMAIL="user#domain.com" PGADMIN_DEFAULT_PASSWORD="SuperSecret"
If you really want to know the reason, then you can make feedback to Microsoft. Maybe it's a bug or some special settings.
Update
The screenshot of the test on my side here:
We've recently switched to using Azure package deployment for our sites (https://github.com/Azure/app-service-announcements/issues/84) - and it's great! It's a great feature which has radically simplified our deployments. However we have a second site which will not run when packaged (but does run when not packaged).
We followed the standard procedure for setting a site to run from a package;
created the folder /data/SitePackages from ftp,
drop the package in there along with the packagename.txt file
set the App config setting WEBSITE_RUN_FROM_PACKAGE=1
However we receive "You do not have permission to view this directory or page." on the homepage, and any other subsequent page we receive "The resource you are looking for has been removed, had its name changed, or is temporarily unavailable.". It's as though the site isn't loading the package at all? Azure Log stream show's "HTTP Error 401.3 - Unauthorized" on the home page and a standard 404 for anything else.
From the Azure portal, if i click console and ls to see a directory listing of the files it thinks it's running all I see is a single file;
FAILED TO DOWNLOAD ZIP FILE.txt
Turns out this was the azure portal not loading the package. Looking at our TeamCity setup, the step which generates the "packagename.txt" file has a typo, so the zip file Azure was trying to load did not exist.
This is a follow-up question to this question. The answer in the original question helped me, but I am stuck somewhere else. As a reminder, I want to deploy my application using a publish profile. My web app in Azure has two subfolders inside wwwroot and one of them is called backend. I want to deploy my application to that folder. I am not sure why msdeploy wants to create anything, since the web app is already there - I just need to get the artifacts inside the backend folder.
Here is the relevant part of the log (with some names changed to xyz):
2018-06-14T09:19:25.0295238Z Start executing msdeploy.exe
2018-06-14T09:19:25.0323018Z "C:\Program Files\IIS\Microsoft Web Deploy V3\msdeploy.exe" -source:package='D:\a\r1\a\artifacts\drop\xyz.zip' -dest:auto,computerName="https://xyz.scm.azurewebsites.net:443/msdeploy.axd?site=xyz/backend",userName="$xyz",password="***",authtype="basic",includeAcls="False" -verb:sync -disableLink:AppPoolExtension -disableLink:ContentExtension -disableLink:CertificateExtension -setParamFile:"D:\a\r1\a\artifacts\drop\xyz.SetParameters.xml"
-enableRule:DoNotDeleteRule -retryAttempts:6 -retryInterval:10000
2018-06-14T09:19:25.6154385Z Info: Using ID '89f1210b-39ba-4758-b7ee-76a06407a503' for connections to the remote server.
2018-06-14T09:19:28.0800802Z Info: Creating application (Default Web Site)
2018-06-14T09:19:28.2012951Z ##[debug]rc:1
2018-06-14T09:19:28.2013216Z ##[debug]rc:1
2018-06-14T09:19:28.2013360Z ##[debug]success:false
2018-06-14T09:19:28.2013523Z ##[debug]success:false
2018-06-14T09:19:28.2073234Z ##[error]Failed to deploy web package to App Service.
2018-06-14T09:19:28.2081930Z ##[debug]Processed: ##vso[task.issue type=error;]Failed to deploy web package to App Service.
2018-06-14T09:19:28.2082198Z ##[debug]{}
2018-06-14T09:19:28.2082470Z ##[debug]System.DefaultWorkingDirectory=D:\a\r1\a
2018-06-14T09:19:28.2083178Z ##[error]Error Code: ERROR_USER_NOT_AUTHORIZED_FOR_CREATEAPP More Information: Could not
complete an operation with the specified provider ("createApp") when
connecting using the Web Management Service. This can occur if the
server administrator has not authorized the user for this operation.
createApp http://go.microsoft.com/fwlink/?LinkId=178034 Learn more
at: http://go.microsoft.com/fwlink/?LinkId=221672#ERROR_USER_NOT_AUTHORIZED_FOR_CREATEAPP.
Error count: 1.
I managed to resolve the issue. According to this answer by #starian chen-MSFT, I needed to set the correct parameter in SetParameters.xml. I did this by adding the following to my Visual Studio Build task:
/p:DeployIisAppPath="xyz"
where xyz is the value of DeployIisAppPath element in the publish profile.
The reason is that Azure expecting that site name will be presented twice in scm.azurewebsites.net:443/msdeploy.axd?site=%SiteNameHere%" and the same value as a parameter, by default value from file SetParameters.xml is used for second.
So, you need to modify the value of IIS Web Application Name parameter in xxx.SetParameters.xml programming (e.g. PowerShell or other tasks), after that it should works fine.
Azure staging web deploy fails with ERROR_USER_NOT_AUTHORIZED_FOR_CREATEAPP but not for production