I want to enable Malware protection/Virus scanning in my PaaS.
For example i have a Web Api for file upload and store the files to Blob staorage. I want to scan the files before store it using symantec. I dint find any article or code for the same.
Thanks in advance,
Subbiah K
Firstable you need to resolve the licensing with Symantec. Once that is resolved you must configure some startup Tasks for your compute instance.
This Tasks are intended to run every time the application is started including when the package is deployed and when the instance is destroyed-recreated by azure maintenance or error conditions.
The startup Task purpose should be to copy / install symantec products to be accessible by the cloud service. As I previously say this Task run everytime the package is deployed including instance reconstruction by azure.
Once the symantec product is installed you only need to run the scan each X time, probably this process should be called from a Worker Role.
Create the Task is quite easy , you need to include something like this in the service definition file
<Startup>
<Task commandLine="Startup.cmd" executionContext="limited" taskType="simple" >
<Environment>
<Variable name="MyVersionNumber" value="1.0.0.0" />
</Environment>
</Task>
</Startup>
the cmd file is a windows batch file created to call the Symantec product installer. This Will ensure that the product is installed on each instance even after instance recreation or package deployment.
This link goes to Azure documentation with more detailed information
How to configure and run startup tasks for a cloud service
Related
our team adopted agile development style. We have desktop application which is installed on more than 5 thousands computers. These computers are in customer network. In network there are distribution points but one point is main. It means we copy binary files into main point and then there are distributed into all distribution points to install client computers.
For us it means a lot of manual work. We have own Azure DevOps server (TFS) which is not connected with customer newtork because of source code security. We can copy binary files by some shared folder but nothing else.
How we do application deployment? There are steps:
1) Copy binary files to main distribution point.
2) Create deltas by xdelta tool.
3) Copy all new files to all distribution points by robocopy.
4) When copy is done we change version in manifest file and copy again.
5) We have manually created database alter file so we upgrade database by this file.
I wanted to use Jenkins to automate these steps. Problem is that customer said he don't want to install any other software to his servers. All steps need to be done in customer network.
What devops tool should I use to automate these steps by pipeline? When we copy to distribution points it is parallel as same as database deployment because there are more than 70 database instances.
It is not about one application. We have more application which we would like to deploy more effective.
Thank you.
SOLUTION: I solved this problem by using MSDeploy tool. I wrote own small application which can read simple XML configuration tool and launches MSDeploy through MSDeploy API. DacPac deployment is solved by SqlPackage.exe. So I can deploy whole application with all references and dependent parts.
I think you need a configuration managment tool to roll out desktop software Windows clients.
Microsoft inhouse solution is this: https://learn.microsoft.com/en-us/configmgr/
Failed to deploy web package to IIS website
I have created one ASP.NET Core application and Azure DevOps continuous integration (CI) and continuous delivery (CD) pipeline.
I have created and configure the Self-hosted Windows agents in my local machine as a service. It is working as expected.
When I run the CI/CD pipeline for the first time it is working successfully, and the web application published to my local IIS successfully.
The issue is when I commit another update to Azure DevOps git repository it is failed to deploy web package to my local IIS website with the following errors and warnings
2019-08-21T10:56:59.1480862Z ##[error]Failed to deploy web package to IIS website.
2019-08-21T10:56:59.1492670Z ##[warning]Can\'t find loc string for key: Trytodeploywebappagainwithrenamefileoptionselected
2019-08-21T10:56:59.1493093Z ##[warning]Trytodeploywebappagainwithrenamefileoptionselected
2019-08-21T10:56:59.1493421Z ##[error]Error Code: ERROR_FILE_IN_USE
More Information: Web Deploy cannot modify the file 'DemoWebApp.dll' on the destination because it is locked by an external process. In order to allow the publish operation to succeed, you may need to either restart your application to release the lock, or use the AppOffline rule handler for .Net applications on your next publish attempt. Learn more at: http://go.microsoft.com/fwlink/?LinkId=221672#ERROR_FILE_IN_USE.
Error count: 1.
I have configured the appOffline rule in the publishing profile (.pubxml) and add the EnableMSDeployAppOffline element to the PropertyGroup like this:
<PropertyGroup>
<EnableMSDeployAppOffline>true</EnableMSDeployAppOffline>
</PropertyGroup>
As described in More Information’s learn more URL http://go.microsoft.com/fwlink/?LinkId=221672#ERROR_FILE_IN_USE.
Still it is failed to deploy web package to my local IIS website with the same errors and warnings.
When I trying to redeploy manually few times then it is working successfully other wise failed with same errors and warnings. Because I think the file is locked for some time in my local machine process.
It is also working successfully when I manually delete all the files from IIS release folder with that locked file.
Needs help, the file is locked by any one local process. I couldn’t find that local process. I couldn’t figure out the issue. I also don’t know if I found that process any how then how to figure out the issue. Is this just local issue?
Can anyone help me out?
Recycle the application pool immediately before your 'Deploy IIS App' task.
Add a 'WinRM - IIS Web App Management' task to you release pipeline. Set the Configuration type to 'IIS Application Pool', set the 'Action' to Recycle, and type in the app pool name in the 'Application pool name' field.
The recycle should unlock the dll and allow it to be deleted and replaced in the deployment step.
I encountered this same error despite having the Take App Offline option set for ages. That can't be the solution. There's some phantom bug going on here, but I did get it resolved without rebooting the server.
In PROCMON, I searched Associated Handles for the file in use. There were none.
I tried deleting the app's DLL file outright; an error message said it was in use by w3wp.exe even though the website was offline and the app pool stopped.
I confirmed this by opening IIS and looking at the worker processes panel. None of the active w3wp.exe PIDs were related to the application I was trying to update.
I opened PROCMON and sorted by Image name to find any W3WP.exe instances still running. There was one Suspended instance that it wouldn't let me terminate (despite running PROCMON as an admin/with elevation). It simply said "Access is denied."
I restarted the Agent on the server via the Services window.
At that point, I was able to delete the application DLL from the target directory and deploy normally from DevOps pipelines.
Hopefully this doesn't happen in production.
I had the same error .
I splved by checking the "enable IIS" to my task , like this :
Now my lob suuccseded
I was deploying my web app on local iis using IIS Web App Deploy task.I was able to reproduce the same error. I found this error occurred if i was visiting my website when i was trying to deploy a new version. And the deploy task failed to update the .dll file, since it was in use.
I fixed this error by checking this option “Take App Offline”, See below pic.
Please let me know If you are using different tasks to deploy your web app.
I am not clear enough yet how Service Fabric allows deployment.
From the applications being created in a single VS solution, let me try to ask with file formats for better understanding.
In a single Visual Studio solution, there are
a single .sln
a single .sfproj
multiple .csproj(s)
As I see these files, multiple services (.csproj files) are bound to a single Service Fabric application (.sfproj file), which is under single solution file (.sln file).
Can I individually deploy a .csproj project to the Service Fabric cluster, or are these now bound to a .sfproj so that I have to deploy multiple services (each created with .csproj and bound to .sfproj) together?
The answer to your question is yes and no at the same time. Let me explain it in detail.
Can I individually deploy .csproj project to the Service Fabric cluster
The answer is no you can't deploy a service - in term of Service Fabric the minimal unit of deployment is the application (the .sfproj one). So no matter what changes you have you still need to deploy the application.
But as we all understand performing a full deployment of all application services is very hard, consumes lots of time and causes lots of disturbance to the cluster. To avoid this massive update, all Service Fabric components have their own versions (you can take a closer look at ServiceManifest.xml and ApplicationManifest.xml). So each time application is deployed to the cluster, Service Fabric goes through all services included in the application and updates only components that have been changed (i.e. have different version).
This approach allows you to perform updates of very high granularity i.e. you can update only <Config /> package of the single service.
I am using a library which searches in registry for a dll. That dll can be installed by running MSI in the Service Fabric cluster and this path will be set.
But I wanted to avoid the installation of MSI in the cluster, and provided the required dlls in the package itself. During start up of the service, I am creating the registry entry and giving the location of the dll in my package. Everything is working as expected.
Is this approach ideal? Are we allowed to make changes to registry? If not, how do we solve this problem? Any pointers are appreciated.
If the library has to use the registry, there is nothing you can do about it other than register the values. If you could change the DLL to retrieve this information from the configuration file would be the ideal solution.
You can do it in SF, the right way to do it is using the SetupEntryPoint option of the ServiceManifest to do these management tasks, and from the Application manifest you can set the policies to specify which user you should run these policies. it is described here with more details
The main issue you have on SF with this approach is that you application might move around the cluster and you have to register it on every node, and maybe also remove it when the application is not running there anymore to avoid garbage in the registry.
We have WCF services deployed in azure cloud and runnig. We have some changes in some dlls and want to update in VM but dont want to go through regular deployment/redeployment process.
We are thinking of manually coping dlls to approot and siteroot folders. Will it work?
Will it pick up new dlls when VM restart anytime in future?
To answer your questions
Will manually copying dlls to approot and sitesroot folders work: Yes (make sure you do this on each instance if you have multiple instances running)
Will these dlls survive a reboot: Yes (see Reboot Role Instance: ... Any data that is written to the local disk is persisted across reboots. ...)
But I would suggest to only do this if you're planning to test some things while developing your service.
Do NOT plan to use this for production deployments, because if something goes wrong with your instance, the Fabric Controller might decide to destroy that instance and deploy a new one (same could apply for Windows Updates). This new instance would go back to the initial state of your deployment (the content of the cspkg you deployed).
To make your development deployments even easier you could also activate WebDeploy on your Web Role to deploy from Visual Studio: Enabling Web Deploy for Windows Azure Web Roles with Visual Studio (again, do not use this for real deployments, this is only for when you're testing out some things).
Note: Web Deploy will not work with multiple instances.
No,
And this is not the way to go. If you want to be more dynamic, you have to take the approach of Windows Azure Accelerator for WebRoles. Although not anymore supported and developed project, it will give you a good foundation of dynamically loading assemblies (in this case entire sites) from Blob storage.