I am currently provisioning a new resource group using Azure Arm template and Powershell
New-AzureRmResourceGroupDeployment
The resource group template defines all the resources.
A couple of different app service resources are provisioned as part of this resource group. Each app service resource has app settings.
The resource group gets provisioned sucessfully including its app service but from time to time, the app settings are missing on the newly provisioned app service. I am required to teardown and re-create the resource group and it works fine.
When the custom app settings are missing then, in the portal, there is only one app setting visible: WEBSITE_NODE_DEFAULT_VERSION
Any pointers for how I can troubleshoot this so the environment provisioning process is consistent?
Are you using the -DeploymentDebugLogLevel parameter in the PowerShell command you are using for the deployment? There are different values for that parameter that control how much debugging information you get. I have used it in the past to help troubleshoot IaaS deployments using ARM templates. More information is here: https://azure.microsoft.com/en-us/blog/debugging-arm-template-deployments/
Does the app have slots? If yes, are the appsettings tied to specific slots? When we perform a swap slot, then the appsettings can disappear, if the settings are slot specific. Also, are you performing an Incremental upgrade or Complete? As Tom commented, sharing the template will help in understanding whats going on.
Related
I have a service fabric application that hosts api’s with app insights enabled. The api services are .Net framework 4.8 webapi projects and they are native fabric stateless and stateful services. I don’t use the app insights service fabric specific packages, but do have the standard app insights for webapi packages. I have always been in Azure commercial and logs have worked just fine there.
Now that we are in azure gov, the only way to point a .Net Framework app to the gov app insights endpoints is by modifying the ApplicationInsights.config file.
So I’ve modified the file as per msdn, verified it is deployed with the fabric deploy package and its there next to the rest of the dlls on the vms. Yet my services still won’t log to azure gov app insight instances. Nothing is coming through. We set the instrumentation key programmatically, not in applicationinsights.config, could that be an issue? I noticed some of the msdn examples showed instrumentationkey being included in the config file, but would think that is optional.
Had anyone had experience pointing .net 4.8 fabric services to gov app insights?
When using a government cloud, you need to use a connection string instead of an instrumentation key.
Important
Sovereign clouds, such as Azure Government, require the use of the
Application Insights connection string
(APPLICATIONINSIGHTS_CONNECTION_STRING) instead of the instrumentation
key. To learn more, see the APPLICATIONINSIGHTS_CONNECTION_STRING
reference.
More info here and here.
This ended up being an issue with my gov configuration file. The MSDN document wasn't very clear on where the new config sections go. It made it look like they are all nested under the top level node of the config file. Turns out the TelementyChannel override has to go inside the default TelemenySinks node. I contacted microsoft on github about clarifying this in their docs.
Link to the unclear documentation
https://learn.microsoft.com/en-us/azure/azure-monitor/app/custom-endpoints?tabs=net
Link to github issue to get it fixed
https://github.com/MicrosoftDocs/azure-docs/issues/80066
I have been trying to understand the appsettings.json method of use for some time now as I am building an ASP.NET Core 3.1 API that is to be published to Azure.
When I'm publishing the project to my web app my settings don't seem to get copied to the App Service configurations list in the Azure App Service resource.
Is this how it is supposed to work or am I missing something here?
I've read about appconfigurationbuilder and such, but as I understand it it's for telling the application which appsettings.json file to use depending on what environment is defined in the environment variable (ASPNETCORE_ENVIRONMENT) for example.
Though having a bunch of Key Vault references in my config, this doesn't work as my references of type:
#Microsoft.Keyvault(SecretUri=[KEY VAULT SECRET URL])
Can't fetch the secret from keyvault by only being the the appsettings.env.json file and not being copied to the app service configurations where they connect to keyvault through identity principal.
What am I missing or have I misunderstood the whole thing with appsettings.json?
So short recap: what I'm trying to do is understand if app settings can work like this:
appSettings.Env.json --> publish project to Azure app service --> settings are set automatically in app service configuration.
As mentioned in the comment, the app settings will not be copied to the azure app service when published, you need to specify the values in it manually.
Follow this doc - https://learn.microsoft.com/en-us/aspnet/core/fundamentals/environments?view=aspnetcore-5.0#azure-app-service
If we are deploying a basic WebApp / WebApi, both these tasks from Microsoft appear to do the same thing - deploy to an appservice.
AzureWebAppV1
AzureRmWebAppDeploymentV4
How do you choose which one to use in a new YAML release pipeline? I just want to make sure I am using the version that is most future-proof - I have 25 release pipelines and don't want to have to re-do them unless necessary.
The way the help is written, hard to compare feature to feature to spot the key "must-haves". Some Microsoft online examples use both. Both are still marked as "In Development" in the readme and both are >1 year old since last check in.
The simplest way to deploy to an Azure Web App is to use the Azure Web App Deploy (AzureWebApp) task.
By default, your deployment happens to the root application in the Azure Web App. You can deploy to a specific virtual application by using the VirtualApplication property of the AzureRmWebAppDeployment task.
Azure App Service Deploy task allows users to modify configuration settings in configuration files (*.config files) inside web packages and XML parameters files (parameters.xml), based on the stage name specified.
Just my two cents, but I just noticed Web App Deploy takes much less time than Service App Deploy. I was wondering how come a simple zip deploy (Service App Deploy) can take so long. So I looked around and found there's also that Web App Deploy, so I tested it.
My project (React/Next small sized app) normally takes 6-10 min to deploy with Azure Service App Deploy (v4). With Azure Web App Deploy (v1) it took a little more than a minute. Wow.
The concrete question
For those who just want the direct questions:
Is there a way to temporarily disable default services on a ServiceFabric application type so that a new application can be installed (using Powershell) without automatically installing any default services?
A proposed solution here is to remove the default services from the manifest and later restoring them. I am able to write a PowerShell script to adjust the application manifest accordingly, but how do I update the application type using Powershell - assuming I already have altered the manifest?
Any solution that solves the contextual problem without requiring manual config meddling is acceptable - my proposed solution is probably not the only possible solution. We do explicitly want to avoid manual meddling.
When allowing meddling, we are already able to just comment out the default services when we need to. We're specifically looking for a solution that requires no meddling as this reduces bugs and debugging issues.
The context
I'm running into an issue with using the application manifest's default services during local development.
I am aware of the general "don't use default services" advice, and it is being followed. During CI build, the default services are removed and will not be relied upon for any of our clusters in Azure. The only exception here is local developer machines, which use default services to keep the developer F5 experience nicer by enabling all services when starting a debug session.
We have written specialized scripts that provision a new tenant (SF application) with their own set of services (SF service). Not every tenant should get every service, we want to opt-in to the services, which is what the script already does (based on a mapping that we manage elsewhere, which is not part of the current question as the provisioning script exists and works).
However, when default services are enabled, every tenant already gets every service and the actual opt-in provisioning is useless. This is the issue we're trying to fix.
This same script works in our production cluster since there are no default services configured there. The question is solely focus on the local development environment.
Essentially, we're dealing with two scenarios during local development:
When debugging, we want the default services to be on because it allows us to run all of our services by pressing F5 (and not requiring any further action)
When testing our provisioning script, we don't want default services because it gets in the way of our selective provisioning behavior
I'm aware that commenting the default services out of the manifest solves the issue, but this requires developers constantly toggling the content of the manifest and reinstalling the application type, which we'd like to avoid.
Ideally, we want to have the default services in the manifest (as is currently the case) but then have the provisioning script "disable" the default services for its own runtime (and restore the default services before exiting), as this gets us the desired behavior in both cases.
What is the solution that requires the least manual developer meddling to get the desired behavior in both scenarios?
I'm currently trying to implement it so that the provisioning script:
Copies the application manifest to a backup location
Removes the default services from the real manifest
Updates the application type using the new manifest (i.e. without default services)
Runs the provisioning logic
Restores the real manifest using the backup manifest from step 1
Updates the application type using the restored manifest (i.e. with default services)
It is specifically steps 3 and 6 that I do not know how to implement.
Consider having two sfproj projects in the solution. One with default services, one without.
Also look into using a start-service.ps1 script instead of default services. This way the two projects can use the same application manifest.
https://learn.microsoft.com/en-us/azure/service-fabric/service-fabric-debugging-your-application#running-a-script-as-part-of-debugging
We have now come to the point in our Service Fabric application development where we need to add a custom parameter that can be overridden at run time (as described in https://azure.microsoft.com/en-us/documentation/articles/service-fabric-manage-multiple-environment-app-configuration/). We're still in the development stage...no azure production environment, yet, so this question mainly concerns running the service fabric cluster from visual studio or thru a powershell script in a VM. I know that Deploy-FabricApplication.ps1 is ran during debug and per its usage instructions in that file I can override custom parameters. However, I can't seem to figure out where I do that in Visual Studio so that when different developers start a debug session they can set the custom parameter value to whatever makes sense in their dev environment. Any ideas? We have a task to research how to better handle secrets storage but we're not quite there, yet.
You can add multiple publish profiles (optionally without checking them in). One for every developer if needed.
For secrets: you can encrypt settings and/or use Azure Key Vault combined with a Service Principal, similar to what is shown here.