terraform-provider-azurerm
terraform-provider-azurerm copied to clipboard
hashicorp
azurerm_windows_web_app using a azurerm_service_plan with WindowsContainer gives 500 when access app
Is there an existing issue for this?
- [X] I have searched the existing issues
Community Note
- Please vote on this issue by adding a :thumbsup: reaction to the original issue to help the community and maintainers prioritize this request
- Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
- If you are interested in working on this issue or have submitted a pull request, please leave a comment
Terraform Version
1.2.2
AzureRM Provider Version
3.10.0
Affected Resource(s)/Data Source(s)
azurerm_windows_web_app
Terraform Configuration Files
resource "random_string" "string_8" {
length = 8
special = false
}
resource "random_id" "rng" {
keepers = {
first = "${timestamp()}"
}
byte_length = 8
}
resource "azurerm_resource_group" "resource_group" {
name = "rg-bug-tf"
location = "East US"
}
resource "azurerm_service_plan" "windows_container_plan" {
name = "plan-bugtf-${random_string.string_8.result}"
location = azurerm_resource_group.resource_group.location
resource_group_name = azurerm_resource_group.resource_group.name
sku_name = "P1v3"
os_type = "WindowsContainer"
}
resource "azurerm_windows_web_app" "windows_webapp_container_bad" {
name = "app-bugtf-${random_string.string_8.result}-bad"
location = azurerm_resource_group.resource_group.location
resource_group_name = azurerm_resource_group.resource_group.name
service_plan_id = azurerm_service_plan.windows_container_plan.id
https_only = true
site_config {
always_on = true
application_stack {
docker_container_name = "dotnet/samples"
docker_container_tag = "aspnetapp"
}
}
app_settings = {
DOCKER_REGISTRY_SERVER_USERNAME = ""
DOCKER_REGISTRY_SERVER_PASSWORD = ""
DOCKER_REGISTRY_SERVER_URL = "https://mcr.microsoft.com"
WEBSITES_ENABLE_APP_SERVICE_STORAGE = "false"
WEBSITES_PORT = 80
}
}
resource "azurerm_resource_group_template_deployment" "windows_webapp_container_good" {
name = "good-app-${random_id.rng.hex}"
resource_group_name = azurerm_resource_group.resource_group.name
deployment_mode = "Incremental"
template_content = <<TEMPLATE
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"variables": {},
"resources": [
{
"apiVersion": "2018-11-01",
"name": "app-bugtf-${random_string.string_8.result}-good",
"type": "Microsoft.Web/sites",
"location": "${azurerm_resource_group.resource_group.location}",
"properties": {
"name": "app-bugtf-${random_string.string_8.result}-good",
"httpsOnly": true,
"siteConfig": {
"appSettings": [
{
"name": "DOCKER_REGISTRY_SERVER_URL",
"value": "https://mcr.microsoft.com"
},
{
"name": "DOCKER_REGISTRY_SERVER_USERNAME",
"value": ""
},
{
"name": "DOCKER_REGISTRY_SERVER_PASSWORD",
"value": ""
},
{
"name": "WEBSITES_ENABLE_APP_SERVICE_STORAGE",
"value": "false"
},
{
"name": "WEBSITES_PORT",
"value": "80"
}
],
"windowsFxVersion": "DOCKER|dotnet/samples:aspnetapp",
"alwaysOn": "true"
},
"serverFarmId": "${azurerm_service_plan.windows_container_plan.id}",
"clientAffinityEnabled": false,
"virtualNetworkSubnetId": null
}
}
],
"outputs": {}
}
TEMPLATE
}
Debug Output/Panic Output
https://gist.github.com/DOMZE/6d8976d45b4ae5f9ae12ffb3b4553061
Expected Behaviour
The web app should be accessible and not throw 500 when accessed.
Actual Behaviour
The web app throws 500.
Compared the ARM JSON from the bad and good resource and no value (apart from names) differ. Configurations as well as identical.
When re-running apply, the bad resource gets changes as such. Not sure if it's relevant or can help.
~ site_config {
# (24 unchanged attributes hidden)
~ application_stack {
~ docker_container_name = "dotnet" -> "dotnet/samples"
# (1 unchanged attribute hidden)
}
}
Steps to Reproduce
terraform apply -auto-approve
Important Factoids
No response
References
No response
@DOMZE I tried the same TF config as you provided and the app service can be created and accessed without any issues, no 500 error received neither. Can you confirm your environment is corrected setup?
@xiaxyi what could differ in terms of environment ? if the azurerm provider is sending out JSON payload to the ARM management plane?
And are you making sure you tested out the "bad" instance and not the good?
@DOMZE This is the TF script that I used for windows web app docker, the web app is working fine:
provider "azurerm" {
features {}
}
resource azurerm_resource_group "test" {
name = "tftest-dockerapp"
location = "east us"
}
resource "azurerm_storage_account" "test" {
name = "tftestsa"
resource_group_name = azurerm_resource_group.test.name
location = azurerm_resource_group.test.location
account_tier = "Standard"
account_replication_type = "LRS"
}
resource "azurerm_service_plan" "test" {
name = "tftestASP-windows-docker"
location = azurerm_resource_group.test.location
resource_group_name = azurerm_resource_group.test.name
os_type = "Windows"
sku_name = "P1v2"
}
resource "azurerm_windows_web_app" "test" {
name = "xtftestWA-docker-mcr"
location = azurerm_resource_group.test.location
resource_group_name = azurerm_resource_group.test.name
service_plan_id = azurerm_service_plan.test.id
https_only = true
app_settings = {
DOCKER_REGISTRY_SERVER_USERNAME = ""
DOCKER_REGISTRY_SERVER_PASSWORD = ""
DOCKER_REGISTRY_SERVER_URL = "https://mcr.microsoft.com"
WEBSITES_ENABLE_APP_SERVICE_STORAGE = "false"
WEBSITES_PORT = 80
}
site_config {
application_stack {
docker_container_name = "dotnet/samples"
docker_container_tag = "aspnetapp"
}
}
}
@xiaxyi If you navigate to the web app you will get the default web app quickstart. You won't get the image itself. Your os_type should be WindowsContainer as the serverFarm should have kind "app,windows,container" otherwise it won't be able to run docker images.
I've tried your exact TF script (minus the storage account) and changed the os_type to WindowsContainer and changed the sku to P1v3 as Apps running on Windows Containers are available only in Hyper-V Container enabled SKU. I was able to reproduce the problem.
The following is the image you should see when deploying
@DOMZE Can you try to set the property to v6.0 manually and see if the TF created docker app can be accessed?
calling the api by PUT method: PUT https://management.azure.com/subscriptions/xxx/resourceGroups/tftest-dockerapp/providers/Microsoft.Web/sites/wdpPortal/config/web?api-version=2021-02-01
"netFrameworkVersion": "v6.0",
@xiaxyi
PUT with body
{
"properties": {
"netFrameworkVersion": "v6.0"
}
}
worked. The webapp was available once that setting was set. Also confirmed by destroying the resources and settings the dotnet_version to "v.6.0" in the application_stack.
Perhaps something you guys should flag when it's not set but docker_container_name and docker_container_tag are set.
@DOMZE This property is for the asp.net application, let me confirm internally to see why the property is affecting the docker stack. It may takes some times for the communications. I'll let you know once there is any update.
Any news @xiaxyi ? Would be great for the code to take this in consideration automatically :-). If not a remark in the docs.
@DOMZE Thanks for the suggestion, I'm working on it. Since there are some other issues that may relate to the runtime related properties. I'm working on the evaluations, once it's done, I will update the code accordingly. Thanks for your patience! I'll let you know how it goes.
@xiaxyi Thank you for contributing on this issue, what was the result of your evaluations? Was something resolved in a newer version?
