hawkbit-extensions
hawkbit-extensions copied to clipboard
eclipse
Missing documentation for non-Kubernetes Azure setup
I would like to deploy Hawkbit on Azure using a Docker image on App Service.
I have it working with the standard Hawkbit Docker image connecting to an Azure SQL server by setting the environment variables like SPRING_DATASOURCE_URL, SPRING_DATASOURCE_USERNAME, ...
I want to configure the storage now, but there is very little documentation here on how to do that. I suppose I need to create an own docker image after building this project with Maven and publish that on a public Docker registry if I want to use Azure Storge. But what after that?
I created a Blob Storage Container on Azure, but how do I connect the deployed Hawkbit with that? How should the security of the Blob Storage be set up?
I suppose I need to create an own docker image after building this project with Maven
Exactly I think so too. Frankly speaking I do not know the state of this container and if it will work without Kubernetes.
@kaizimmerm can you maybe shed some light on this?
Hi, its ORG_ECLIPSE_HAWKBIT_REPOSITORY_AZURE_CONNECTION_STRING you can see all the variables here: https://github.com/eclipse/hawkbit-extensions/blob/master/hawkbit-extended-runtimes/hawkbit-update-server-azure/deployment/helm/hawkbit/templates/deployment.yaml
Thanks for that. How can I know the version of Hawkbit and the version of the used Hawkbit extensions for the images at https://hub.docker.com/r/hawkbit/hawkbit-update-server-azure ?
I can confirm I got it working by locally building this repo using Maven 3.6.3 and Java 1.8. After that, I pushed the image to Docker and used the ORG_ECLIPSE_HAWKBIT_REPOSITORY_AZURE_CONNECTION_STRING env variable on the Azure App Service that runs the Docker container.
For those wondering, the connection string can be found under 'Settings' > 'Access Keys' on the Azure Storage Account that you need to create first on Azure. There is no need to manually create a container inside the Storage Account, Hawkbit will do that on startup.
Hi @wimdeblauwe, i have a question on this. I've got a similar setup but i am using Azure Container Instances. As you already have described you connected the Azure SQL DB with the env variables SPRING_DATASOURCE_URL, SPRING_DATASOURCE_USERNAME & SPRING_DATASOURCE_PASSWORD. I did the same abut does your container start properly with that? My container seems to be connected to the DB (atleast i got no errors with DB the connection) but i get several errors like:
- Error creating bean with name 'org.eclipse.hawkbit.autoconfigure.security.SecurityManagedConfiguration$ControllerSecurityConfigurationAdapter'
- Error creating bean with name 'org.springframework.orm.jpa.SharedEntityManagerCreator#0
- Error creating bean with name 'controllerManagement': Unsatisfied dependency expressed through field 'entityManager' ans so on...
Did you also set the following env variables?
SERVER_USEFORWARDHEADERS=true
SPRING_JPA_DATABASE=SQL_SERVER
SPRING_DATASOURCE_DRIVERCLASSNAME=com.microsoft.sqlserver.jdbc.SQLServerDriver
Futher, I also set HAWKBIT_DMF_RABBITMQ_ENABLED=false to avoid a constant logging about rabbitmq (we are not using that, not sure why that is needed or for what people use that).
Not yet. I will try that out and edit my message here later.
Thanks a lot for your help!
edit: i added also these env variables unfortunately i still don't get the container running with that.
As already said the DB seems to be connected: o.f.core.internal.command.DbValidate : Successfully validated 10 migrations (execution time 00:00.103s)
But i get a lot of errors regarding this schema. I though flyway will create everything on it's own do i have to change something in the SQL settings?
Found non-empty schema(s) [dbo] without schema history table! Use baseline() or set baselineOnMigrate to true to initialize the schema history table.
at org.springframework.beans.factory.support.ConstructorResolver.createArgumentArray(ConstructorResolver.java:769) ~[spring-beans-5.1.6.RELEASE.jar!/:5.1.6.RELEASE]
Hi,
I have this successfully deployed on an Azure App Service (Web App For Containers).
If one of the maintainers can let me know what format you want that documentation in (Just in the README? Do you guys have docs pages?) I'd be happy to take a stab at writing it up.
Realistically I won't have time till next weekend but this issue has been open for a bit so I'm assuming folks won't mind the wait :)
@drewf7 you wouldn't happen to have any documentation written up on how to do the deployment on Azure App Services would you?
Hi @adamwendel
It's been a bit haha (almost a year from the comment timestamps)
I don't have anything concrete I can link you too. But here's what I can conjure up from memory, and a poke around our deployment.
I had the best luck bundling hawkbit into a container and deploying that way.
To do I pulled this repo https://github.com/eclipse/hawkbit-extensions.git
The folder that's of interest to you is hawkbit-extended-runtimes/hawkbit-update-server-azure
Before you run a build you'll likely want to change the default credentials. You can do that in src/main/resources/application.properties
I have the following block set in there. Whether it's still neccessary (or ever really was) I don't know.
# Override artifact ports to be compatible with app service
hawkbit.artifact.url.protocols.download-http.port=80
hawkbit.artifact.url.protocols.download-http.ref={protocol}://{hostnameRequest}:{port}/{tenant}/controller/v1/{controllerId}/softwaremodules/{softwareModuleId}/artifacts/{artifactFileName}
hawkbit.artifact.url.http.port=80
hawkbit.artifact.url.https.port=443
hawkbit.artifact.url.https.enabled=true
hawkbit.artifact.url.http.enabled=true
You'll eventually want to read https://www.eclipse.org/hawkbit/concepts/authentication/ to set up a better auth mechanism. But to get things up and running you can just set
# User Security
spring.security.user.name=<admin_username>
spring.security.user.password={noop}<admin_password>
Then from the hawkbit-update-server-azure you can just run a docker build and push to an ACR.
Up in Azure create a resource group to house hawkbit, and inside of it deploy.
- A VNET with at least one subnet that has Microsoft.Web, Microsoft.Sql, Microsoft.EventHub, and Microsoft.Storage service endpoints enabled. (You'll use this to connect all the other azure bits securely).
- An App Service plan / Web app for containers app service
- A SQL Server with one Database for hawkbit (Right now ours is just Standard S0: 10DTU's)
- An event hubs namespace
- An Azure storage account
Then deploy your hawkbit container to the app service, and set the below environment variables in the "Configuration" section
AZURE_EVENTHUB_CONNECTIONSTRING=Connection string to the event hub, starts with "Endpoint="
AZURE_EVENTHUBS_NAMESPACE=Name of your event hubs namespace
HAWKBIT_SERVER_BUILD_VERSION=The version of hawkbit you're running (Looks like they're on 0.3.0M7 right now)
MANAGEMENT_METRICS_EXPORT_AZUREMONITOR_ENABLED=false #We don't use azure monitor for monitoring our hawkbit. Can't help you if you do
ORG_ECLIPSE_HAWKBIT_REPOSITORY_AZURE_CONNECTION_STRING=The Connection string for you storage account. Starts with "DefaultEndpointsProtocol=". For more context see kaizimmerm's comment above. This is how I landed in this thread :)
SPRING_CLOUD_BUS_ENABLED=true
SPRING_DATASOURCE_DRIVER_CLASS_NAME=com.microsoft.sqlserver.jdbc.SQLServerDriver
SPRING_DATASOURCE_DRIVERCLASSNAME=com.microsoft.sqlserver.jdbc.SQLServerDriver # Never did figure out which of these was the right one
SPRING_DATASOURCE_PASSWORD=Your database users password
SPRING_DATASOURCE_URL=jdbc:sqlserver://<your_server_name>.database.windows.net:1433;databaseName=<your_database_name>;
SPRING_DATASOURCE_USERNAME=Your database users username
SPRING_JPA_DATABASE=SQL_SERVER
From there in theory you should be up and running. Although it's very possible I've missed something.
Hopefully that helps :)
Thank you so much @drewf7! I'm probably 90% of the way there. I've gotten all of the azure resources set up and the VNET and deployed the container on App Services. I can see usage on the SQL Server and the Event Hub, but it seems something with the storage has failed (I get an upload failed message when uploading an artifact). It doesn't seem that hawkbit has actually set up any containers in the storage account.
Is the following block supposed to be set as is?
hawkbit.artifact.url.protocols.download-http.ref={protocol}://{hostnameRequest}:{port}/{tenant}/controller/v1/{controllerId}/softwaremodules/{softwareModuleId}/artifacts/{artifactFileName}.
Edit: Turns out I had missed adding a NIC for the storage on the VNet.