Trying to deploy VM and web app using Azure Resource Group Deployment and Azure app service tasks in VSTS CI/CDP with Azure Stack.
The task is failing with following errors:
Error: unable to get local
issuer certificate
Any suggestion on this issue?
To ignore SSL error set a Variable of name VSTS_ARM_REST_IGNORE_SSL_ERRORS with value: true in the release definition
Reference: Azure App Service Task Documentation
Related
I have a docker container that accesses azure key vault. this works when I run it locally.
I set up an azure web app to host my container, and it cannot access the key vault
Forbidden (HTTP 403). Failed to complete operation. Message:
Client address is not authorized and caller is not a trusted service.
Client address: 51.142.174.224 Caller:
I followed the suggestion from https://www.youtube.com/watch?v=QIXbyInGXd8 and
I went to the web app in the portal to set status to on
Created an access policy
and then receive the same error with a different ip
Forbidden (HTTP 403). Failed to complete operation. Message:
Client address is not authorized and caller is not a trusted service.
Client address: 4.234.201.129 Caller:
My web app ip address would change every time an update were made, so are there any suggestions how to overcome this?
It might depend on your exact use case and what you want to achieve with your tests, but you could consider using a test double instead of the real Azure Key Vault while running your app locally or on CI.
If you are interested please feel free to check out Lowkey Vault.
I found solution by setting up a virtual network,
and then whitelisting it in the keyvault access rights
I am deploying a docker image from ACR to windows based App Service using Azure DevOps release pipeline (with Azure Web App on Container Deploy task). But getting the error as
"Error: Failed to patch App Service '[App Service Name]' configuration. Error: BadRequest - The parameter DOCKER_REGISTRY_SERVER_URL has an invalid value. Unexpected error when connecting to the registry. Cannot find available registry. https://[ACR Name].azurecr.io (CODE: 400) Error: Failed to update deployment history. Error: Ip Forbidden (CODE: 403)"
Both App Service and ACR are using private endpoint. We are using self hosted agent for our pipeline.
Please let me know how to fix this issue.
Here is a trouble shooting advice:
Please check the value of DOCKER_REGISTRY_SERVER_URL in your ARM template or config file.
What's more, if you are using ARM template, try to add "reserved": true to your properties.
I am using GitHub Action for CI/CD to Azure web app in .NET core 3.1 MVC. I am able to get the secrets from Azure key vault in localhost but when I browse the app hosted in azure portal (xyz.azurewebsites.net), I get HTTP Error 500.30 - ANCM In-Process Start Failure.
I have given permission to Key Vault to App from Access Policies with GET and LIST
My program.cs file is as below
We have the following scenario:
Current working setup
Web API project using a single DockerFile
A release pipe line with an 'Azure App Service deploy' task.
Proposed new setup
Web API project using multi container Docker Compose file
A release pipe line with an 'Azure Web App for Containers' task.
Upon deploying the new setup we receive the below error message:
ERROR - multi-container unit was not started successfully
Unhandled exception. System.AggregateException: One or more errors occurred.
(Parameters: Connection String: XXX, Resource: https://vault.azure.net, Authority:
https://login.windows.net/xxxxx. Exception Message:
Tried to get token using Managed Service Identity.
Access token could not be acquired. Connection refused)
The exception thrown is because it can't connect to Azure MSI (Managed Service Identity). It does this to obtain a token before connecting to key vault.
I have tried the following based upon some research and solutions others have found:
Connecting with "RunAs=App" (this seems to be the default parameter-less constructor anyway)
Building up the connection string myself manually by pulling the "MSI_SECRET" environment variable from the machine. This is always blank.
Restarting MSI.
Upgrading and downgrading AppAuthentication package
MSI appears to be configured correctly as it works perfectly with our current working setup so we can rule that out.
It's worth noting that this is System assigned identity not a user assigned one.
The documentation that states which services support managed identites only mentions 'Azure Container Instances' not 'Azure Managed Container Instances' and that is for Linux/Preview too so that it could be not supported.
Services that support managed identities for Azure resources
We've spent a considerable amount of time getting to this point with the configuration and deployment and it would be great if we could resolve this last issue.
Any help appreciated.
Unfortunately, there currently is no multi-container support for managed identities. The multi-container feature is in preview and so does not have all its functionality working yet.
However, the documentation you linked to is also not as clear about the supported scenarios, so I am working on getting this documentation updated to better clarify this. I can update this answer once that's done.
I am trying to deploy my project to IIS using TFS Winrm:IIS web app deployment task. I am new to this.
I am getting the following error'
"Deployment failed on machine xxx with following message : System.Management.Automation.Remoting.PSRemotingTransportException: Connecting to remote server xxx failed with the following error message : The client cannot connect to the destination specified in the request. Verify that the service on the destination is running and is accepting requests. Consult the logs and documentation for the WS-Management service running on the destination, most commonly IIS or WinRM. If the destination is the WinRM service, run the following command on the destination to analyze and configure the WinRM service: "winrm quickconfig". "
I was able deploy the project to the same remote server using TFS Winrm: windows machine file copy task which is the prior step for web app deployment to IIS. Winrm service is running and when it type the "winrm quickconfig i am getting "winrm is already been configured".
What am i missing here ? please suggest. Thanks in advance.
The Winrm:IIS task is actually MSDeploy from Machine A to Machine B so for this to work you need to install MSDeploy on Machine B. You should then be ok to deploy from Machine A. Check this article out for more information and to see if you have all the pre-requisite. Also these articles have a bit more info.
https://learn.microsoft.com/en-us/azure/devops/pipelines/apps/cd/deploy-webdeploy-iis-winrm?view=azure-devops
https://marketplace.visualstudio.com/items?itemName=ms-vscs-rm.iiswebapp
The issue was resolved when i enable remote powershell remoting my remote machine using the command Enable-PSRemoting –force