Is there anywhere in the service runtime that would tell me if I'm currently running on 'Staging' or 'Production'? Manually modifying the config to and from production seems a bit cumbersome.
You should really not change your configurations when you're based upon if you're in Prod or Staging. Staging area is not designed to be a "QA" environment but only a holding-area before production is deployed.
When you upload a new deployment, current deployment slot where you upload your package to is destroyed and is down for 10-15minutes while upload and start of VM's is happening. If you upload straight into production, that's 15 minutes of production downtime. Thus, Staging area was invented: you upload to staging, test the stuff, and click "Swap" button and your Staging environment magically becomes Production (virtual IP swap).
Thus, your staging should really be 100% the same as your production.
What I think you're looking for is QA/testing environment? You should open up a new service for Testing environment with its own Prod/Staging. In this case, you will want to maintain multiple configuration file sets, one set per deployment environment (Production, Testing, etc.)
There are many ways to manage configuration-hell that occurs, especially with Azure that has on top of .config files, its own *.cscfg files. The way I prefer to do it with Azure project is as follows:
Setup a small Config project, create folders there that match Deployment types. Inside each folder setup sets of *.config & *.cscfg files that match to particular deployment environment: Debug, Test, Release... these are setup in Visual Studio as well , as build target types. I have a small xcopy command that occurs during every compile of the Config project that copies all the files from Build Target folder of Config project into root folder of the Config project.
Then every other project in the solution, LINKS to the .config or .cscfg file from the root folder of the Config project.
Voila, my configs magically adapt to every build configuration automatically. I also use .config transformations to manage debugging information for Release vs. non-Release build targets.
If you've read all this and still want to get at the Production vs. Staging status at runtime, then:
Get deploymentId from RoleEnvironment.DeploymentId
Then use Management API with a proper X509 certificate to get at the Azure structure of your Service and call the GetDeployments method (it's rest api but there is an abstraction library).
Hope this helps
Edit: blog post as requested about the setup of configuration strings and switching between environments # http://blog.paraleap.com/blog/post/Managing-environments-in-a-distributed-Azure-or-other-cloud-based-NET-solution
Sometimes I wish people would just answer the question.. not explain ethics or best practices...
Microsoft has posted a code sample doing exactly this here: https://code.msdn.microsoft.com/windowsazure/CSAzureDeploymentSlot-1ce0e3b5
protected void Page_Load(object sender, EventArgs e)
{
// You basic information of the Deployment of Azure application.
string deploymentId = RoleEnvironment.DeploymentId;
string subscriptionID = "<Your subscription ID>";
string thrumbnail = "<Your certificate thumbnail print>";
string hostedServiceName = "<Your hosted service name>";
string productionString = string.Format(
"https://management.core.windows.net/{0}/services/hostedservices/{1}/deploymentslots/{2}",
subscriptionID, hostedServiceName, "Production");
Uri requestUri = new Uri(productionString);
// Add client certificate.
X509Store store = new X509Store(StoreName.My, StoreLocation.LocalMachine);
store.Open(OpenFlags.OpenExistingOnly);
X509Certificate2Collection collection = store.Certificates.Find(
X509FindType.FindByThumbprint, thrumbnail, false);
store.Close();
if (collection.Count != 0)
{
X509Certificate2 certificate = collection[0];
HttpWebRequest httpRequest = (HttpWebRequest)HttpWebRequest.Create(requestUri);
httpRequest.ClientCertificates.Add(certificate);
httpRequest.Headers.Add("x-ms-version", "2011-10-01");
httpRequest.KeepAlive = false;
HttpWebResponse httpResponse = httpRequest.GetResponse() as HttpWebResponse;
// Get response stream from Management API.
Stream stream = httpResponse.GetResponseStream();
string result = string.Empty;
using (StreamReader reader = new StreamReader(stream))
{
result = reader.ReadToEnd();
}
if (result == null || result.Trim() == string.Empty)
{
return;
}
XDocument document = XDocument.Parse(result);
string serverID = string.Empty;
var list = from item
in document.Descendants(XName.Get("PrivateID",
"http://schemas.microsoft.com/windowsazure"))
select item;
serverID = list.First().Value;
Response.Write("Check Production: ");
Response.Write("DeploymentID : " + deploymentId
+ " ServerID :" + serverID);
if (deploymentId.Equals(serverID))
lbStatus.Text = "Production";
else
{
// If the application not in Production slot, try to check Staging slot.
string stagingString = string.Format(
"https://management.core.windows.net/{0}/services/hostedservices/{1}/deploymentslots/{2}",
subscriptionID, hostedServiceName, "Staging");
Uri stagingUri = new Uri(stagingString);
httpRequest = (HttpWebRequest)HttpWebRequest.Create(stagingUri);
httpRequest.ClientCertificates.Add(certificate);
httpRequest.Headers.Add("x-ms-version", "2011-10-01");
httpRequest.KeepAlive = false;
httpResponse = httpRequest.GetResponse() as HttpWebResponse;
stream = httpResponse.GetResponseStream();
result = string.Empty;
using (StreamReader reader = new StreamReader(stream))
{
result = reader.ReadToEnd();
}
if (result == null || result.Trim() == string.Empty)
{
return;
}
document = XDocument.Parse(result);
serverID = string.Empty;
list = from item
in document.Descendants(XName.Get("PrivateID",
"http://schemas.microsoft.com/windowsazure"))
select item;
serverID = list.First().Value;
Response.Write(" Check Staging:");
Response.Write(" DeploymentID : " + deploymentId
+ " ServerID :" + serverID);
if (deploymentId.Equals(serverID))
{
lbStatus.Text = "Staging";
}
else
{
lbStatus.Text = "Do not find this id";
}
}
httpResponse.Close();
stream.Close();
}
}
Staging is a temporary deployment slot used mainly for no-downtime upgrades and ability to roll back an upgrade.
It is advised not to couple your system (either in code or in config) with such Azure specifics.
Since Windows Azure Management Libraries and thanks to #GuaravMantri answer to another question you can do it like this :
using System;
using System.Linq;
using System.Security.Cryptography.X509Certificates;
using Microsoft.Azure;
using Microsoft.WindowsAzure.Management.Compute;
using Microsoft.WindowsAzure.Management.Compute.Models;
namespace Configuration
{
public class DeploymentSlotTypeHelper
{
static string subscriptionId = "<subscription-id>";
static string managementCertContents = "<Base64 Encoded Management Certificate String from Publish Setting File>";// copy-paste it
static string cloudServiceName = "<your cloud service name>"; // lowercase
static string ns = "http://schemas.microsoft.com/ServiceHosting/2008/10/ServiceConfiguration";
public DeploymentSlot GetSlotType()
{
var managementCertificate = new X509Certificate2(Convert.FromBase64String(managementCertContents));
var credentials = new CertificateCloudCredentials(subscriptionId, managementCertificate);
var computeManagementClient = new ComputeManagementClient(credentials);
var response = computeManagementClient.HostedServices.GetDetailed(cloudServiceName);
return response.Deployments.FirstOrDefault(d => d.DeploymentSlot == DeploymentSlot.Production) == null ? DeploymentSlot.Staging : DeploymentSlot.Production;
}
}
}
An easy way to solve this problem is setting at your instances an key to identify which environment it is running.
1) Set at your production slot:
Set it Settings >> Application settings >> App settings
And create a key named SLOT_NAME and value "production". IMPORTANT: check Slot setting.
2) Set at your staging slot:
Set it Settings >> Application settings >> App settings
And create a key named SLOT_NAME and value "staging". IMPORTANT: check Slot setting.
Access from your application the variable and identify which environment the application is running. In Java you can access:
String slotName = System.getenv("APPSETTING_SLOT_NAME");
Here are 4 points to consider
VIP swap only makes sense when your service faces the outside world. AKA, when it exposes an API and reacts to requests.
If all your service does is pull messages from a queue and process them, then your services is proactive and VIP swap is not a good solution for you.
If your service is both reactive and proactive, you may want to reconsider your design. Perhaps split the service into 2 different services.
Eric's suggestion of modifying the cscfg files pre- and post- VIP swap is good if the proactive part of your service can take a short down time (Because you first configure both Staging and Production to not pull messages, then perform VIP Swap, and then update Production's configuration to start pulling messages).
Related
I'm running an Azure App Service on a Standard App Service Plan which allows usage of max 50 GB of file storage. The application uses quite a lot of disk space for image cache. Currently the consumption level lies at around 15 GB but if cache cleaning policy fails for some reason it will grow up to the top very fast.
Vertical autoscaling (scaling up) is not a common practice as it often requires some service downtime according to this Microsoft article:
https://learn.microsoft.com/en-us/azure/architecture/best-practices/auto-scaling
So the question is:
Is there any way to set up an alert on low disk space for Azure App Service?
I can't find anything related to disk space in the options available under Alerts tab.
Is there any way to set up an alert on low disk space for Azure App Service?
I can't find anything related to disk space in the options available under Alerts tab.
As far as I know, the alter tab doesn't contain the web app's quota selection. So I suggest you could write your own logic to set up an alert on low disk space for Azure App Service.
You could use azure web app's webjobs to run a background task to check your web app's usage.
I suggest you could use webjob timertrigger(you need install webjobs extension from nuget) to run a scheduled job. Then you could send a rest request to azure management api to get your web app current usage. You could send e-mail or something else according your web app current usage.
More details, you could refer to below code sample:
Notice: If you want to use rest api to get the current web app's usage, you need firstly create an Azure Active Directory application and service principal. After you generate the service principal, you could get the applicationid,access key and talentid. More details, you could refer to this article.
Code:
// Runs once every 5 minutes
public static void CronJob([TimerTrigger("0 */5 * * * *" ,UseMonitor =true)] TimerInfo timer,TextWriter log)
{
if (GetCurrentUsage() > 25)
{
// Here you could write your own code to do something when the file exceed the 25GB
log.WriteLine("fired");
}
}
private static double GetCurrentUsage()
{
double currentusage = 0;
string tenantId = "yourtenantId";
string clientId = "yourapplicationid";
string clientSecret = "yourkey";
string subscription = "subscriptionid";
string resourcegroup = "resourcegroupbane";
string webapp = "webappname";
string apiversion = "2015-08-01";
string authContextURL = "https://login.windows.net/" + tenantId;
var authenticationContext = new AuthenticationContext(authContextURL);
var credential = new ClientCredential(clientId, clientSecret);
var result = authenticationContext.AcquireTokenAsync(resource: "https://management.azure.com/", clientCredential: credential).Result;
if (result == null)
{
throw new InvalidOperationException("Failed to obtain the JWT token");
}
string token = result.AccessToken;
HttpWebRequest request = (HttpWebRequest)HttpWebRequest.Create(string.Format("https://management.azure.com/subscriptions/{0}/resourceGroups/{1}/providers/Microsoft.Web/sites/{2}/usages?api-version={3}", subscription, resourcegroup, webapp, apiversion));
request.Method = "GET";
request.Headers["Authorization"] = "Bearer " + token;
request.ContentType = "application/json";
//Get the response
var httpResponse = (HttpWebResponse)request.GetResponse();
using (var streamReader = new StreamReader(httpResponse.GetResponseStream()))
{
string jsonResponse = streamReader.ReadToEnd();
dynamic ob = JsonConvert.DeserializeObject(jsonResponse);
dynamic re = ob.value.Children();
foreach (var item in re)
{
if (item.name.value == "FileSystemStorage")
{
currentusage = (double)item.currentValue / 1024 / 1024 / 1024;
}
}
}
return currentusage;
}
Result:
I am trying to programmatically change the ApplicationPool - Identity property of the IIS server where my azure web app is hosted.
Why am I doing this?
I need to provide X.509 certificate. Implementing this certificate requires some local system data.
What have I done so far?
I use this particular code (pretty much the same from here https://stackoverflow.com/a/9341347/2900305)
private void SetAppPoolIdentity()
{
string appPoolUser = "myRDP_admin_user";
string appPoolPass = "my_super_secure_password";
Action<string> iis7fix = (appPoolName) =>
{
bool committed = false;
while (!committed)
{
try
{
using (ServerManager sm = new ServerManager())
{
var applicationPool = sm.ApplicationPools[appPoolName];
applicationPool.ProcessModel.IdentityType = ProcessModelIdentityType.SpecificUser;
//applicationPool.ProcessModel.IdentityType = ProcessModelIdentityType.LocalSystem;
applicationPool.ProcessModel.UserName = appPoolUser;
applicationPool.ProcessModel.Password = appPoolPass;
sm.CommitChanges();
committed = true;
}
}
catch (FileLoadException fle)
{
Trace.TraceError("Trying again because: " + fle.Message);
}
}
};
var appPoolNames = new ServerManager().Sites.First().Applications.Select(x => x.ApplicationPoolName).ToList();
appPoolNames.ForEach(iis7fix);
}
My problem is that my user does not have enough permissions to change the ApplicationPool - Identity to LocalSystem.
And I do not have username and password for specific user (admin or local admin) on azure hosted web app.
Any different approach or idea or workaround are welcomed.
You cannot change the App Pool identity that an Azure Web App runs under. Web Apps execute in a sandboxed environment that generally don't allow this kind of modifications.
There are ways of uploading certificates, and you may want to ask that question specifically if that is what you're trying to achieve.
If you use auto scaling with Azure Web Sites do you need to set the machine key so encrypted authentication tokens can be shared between machines?
There is a question here which appears to be the same as the one I am asking. However that question refers to Azure Web Roles. I am asking about Azure Web Sites.
No you don't need to. Azure Website will set the same machine key for all your instances when they are running on 2 (or 10) different VMs.
If you want a quick and dirty way to verify this, have the following bit of code in your Application_Start() basically this writes the machine key into a file called %WEBSITE_INSTANCE_ID% this is a unique environment variable per instance. Scale to 2 machines, turn on Always On setting and within a minute 2 files should be written in your D:\home\site\wwwroot folder that have a long guid for names (the instance id for the 2 machines) and they will contain the same key.
code credit goes to this
protected void Application_Start()
{
var section = (MachineKeySection)
ConfigurationManager.GetSection("system.web/machineKey");
BindingFlags flags =
BindingFlags.Instance |
BindingFlags.NonPublic |
BindingFlags.GetProperty;
Func<string, byte[]> propertyReader = name => (byte[])section
.GetType()
.GetProperty(name, flags)
.GetValue(section, null);
using (
var writer =
new StreamWriter(Environment.ExpandEnvironmentVariables(#"%HOME%\site\wwwroot\%WEBSITE_INSTANCE_ID%.log")))
{
var key = ConvertToHex(
propertyReader("DecryptionKeyInternal"));
writer.WriteLine("DecryptKey: {0}", key);
var iv = ConvertToHex(
propertyReader("ValidationKeyInternal"));
writer.WriteLine("ValidationKey: {0}", iv);
}
}
private string ConvertToHex(byte[] binary)
{
return binary.Aggregate(
new StringBuilder(),
(acc, c) => acc.AppendFormat("{0:x2}", c),
acc => acc.ToString());
}
I have a worker role in my hosted service.
The worker is sending e-mail daily bases.
But in the hosted service, there are 2 environment, Staging and Production.
So my worker role sends e-mail 2 times everyday.
I'd like to know how to detect if the worker is in stagning or production.
Thanks in advance.
As per my question here, you'll see that there is no fast way of doing this. Also, unless you really know what you are doing, I strongly suggest you not do this.
However, if you want to, you can use a really nice library (Azure Service Management via C#) although we did have some trouble with WCF using it.
Here's a quick sample on how to do it (note, you need to include the management certificate as a resource in your code & deploy it to Azure):
private static bool IsStaging()
{
try
{
if (!CloudEnvironment.IsAvailable)
return false;
const string certName = "AzureManagement.pfx";
const string password = "Pa$$w0rd";
// load certificate
var manifestResourceStream = typeof(ProjectContext).Assembly.GetManifestResourceStream(certName);
if (manifestResourceStream == null)
{
// should we panic?
return true;
}
var bytes = new byte[manifestResourceStream.Length];
manifestResourceStream.Read(bytes, 0, bytes.Length);
var cert = new X509Certificate2(bytes, password);
var serviceManagementChannel = Microsoft.Toolkit.WindowsAzure.ServiceManagement.ServiceManagementHelper.
CreateServiceManagementChannel("WindowsAzureServiceManagement", cert);
using (new OperationContextScope((IContextChannel)serviceManagementChannel))
{
var hostedServices =
serviceManagementChannel.ListHostedServices(WellKnownConfiguration.General.SubscriptionId);
// because we don't know the name of the hosted service, we'll do something really wasteful
// and iterate
foreach (var hostedService in hostedServices)
{
var ad =
serviceManagementChannel.GetHostedServiceWithDetails(
WellKnownConfiguration.General.SubscriptionId,
hostedService.ServiceName, true);
var deployment =
ad.Deployments.Where(
x => x.PrivateID == Zebra.Framework.Azure.CloudEnvironment.CurrentRoleInstanceId).
FirstOrDefault
();
if (deployment != null)
{
return deployment.DeploymentSlot.ToLower().Equals("staging");
}
}
}
return false;
}
catch (Exception e)
{
// if something went wrong, let's not panic
TraceManager.AzureFrameworkTraceSource.TraceData(System.Diagnostics.TraceEventType.Error, "Exception", e);
return false;
}
}
If you're using an SQL server (either Azure SQL or SQL Server hosted in VM), you could stop the Staging worker role from doing work by only allowing the public IP of the Production instance access to the database server.
As part of starting up a WebRole on Windows Azure I would like to access files on the website being started and I would like to do this in RoleEntryPoint.OnStart(). This will for instance enable me to influence ASP.NET config before the ASP.NET AppDomain is loaded.
When running locally with Azure SDK 1.3 and VS2010 the sample code below do the trick, but the code has the stench of hack around it and it does not do the trick when deploying to Azure.
XNamespace srvDefNs = "http://schemas.microsoft.com/ServiceHosting/2008/10/ServiceDefinition";
DirectoryInfo di = new DirectoryInfo(AppDomain.CurrentDomain.BaseDirectory);
string roleRoot = di.Parent.Parent.FullName;
XDocument roleModel = XDocument.Load(Path.Combine(roleRoot, "RoleModel.xml"));
var propertyElements = roleModel.Descendants(srvDefNs + "Property");
XElement sitePhysicalPathPropertyElement = propertyElements.Attributes("name").Where(nameAttr => nameAttr.Value == "SitePhysicalPath").Single().Parent;
string pathToWebsite = sitePhysicalPathPropertyElement.Attribute("value").Value;
How can I get the WebRole site root path from RoleEntryPoint.OnStart() in a way that work in both dev and on Azure?
This seem to work in both dev and on Windows Azure:
private IEnumerable<string> WebSiteDirectories
{
get
{
string roleRootDir = Environment.GetEnvironmentVariable("RdRoleRoot");
string appRootDir = Path.GetDirectoryName(AppDomain.CurrentDomain.BaseDirectory);
XDocument roleModelDoc = XDocument.Load(Path.Combine(roleRootDir, "RoleModel.xml"));
var siteElements = roleModelDoc.Root.Element(_roleModelNs + "Sites").Elements(_roleModelNs + "Site");
return
from siteElement in siteElements
where siteElement.Attribute("name") != null
&& siteElement.Attribute("name").Value == "Web"
&& siteElement.Attribute("physicalDirectory") != null
select Path.Combine(appRootDir, siteElement.Attribute("physicalDirectory").Value);
}
}
If anyone use this to manipulate files in the ASP.NET app, you should know that the files written by RoleEntryPoint.OnStart() will have ACL settings that prevent the ASP.NET application from updating them.
If you need to write to such files from ASP.NET this code show how you can change file permissions so this is possible:
SecurityIdentifier sid = new SecurityIdentifier(WellKnownSidType.WorldSid, null);
IdentityReference act = sid.Translate(typeof(NTAccount));
FileSecurity sec = File.GetAccessControl(testFilePath);
sec.AddAccessRule(new FileSystemAccessRule(act, FileSystemRights.FullControl, AccessControlType.Allow));
File.SetAccessControl(testFilePath, sec);
Take a look at:
Environment.GetEnvironmentVariable("RoleRoot")
Does that give you what you're looking for?