Azure Functions with EF Core Recommended

This is a questions more about if I should more than if I can. I’ve got an existing Azure App Service which started off as a simple rest api that managed communications between mobile apps and multiple instances of an on-premise multi-tenanted ERP system. Probably due to a bit of bad design it’s kind of morphed over recent times to include file hosting, marketing websites and an unrelated web app.

So, my plan is to to pull this api out of the current app service into it’s own to keep maintenance etc a little more streamlined. I was looking at rather than using another App Service, Azure Functions. However, my current api uses a SQL DB (Again hosted in Azure) and EF to store some settings and transactional data.

Now the question is, considering Azure Functions are supposed to be stateless is it considered “Best Practice” to have Functions accessing SQL data via EF (or at all). I’ve seen lots of info telling me how, but no one really seems to say if you should. Or am I just over thinking the “Stateless” thing?

sudo: /etc/sudoers is world writable – ubuntu azure

Although there are many answers for this problem but the scenario is different here.

Im using

  • ubuntu 18.04 on azure

by mistake i made sudoers file to world writable sudo chmod o+w /etc/sudoers and appropriate way to fix is explained here. For this I need ubuntu user password.

enter image description here

whereas the authentication mode chosen while deploying VM was SSH based. There are other ways to fix as described here. Neither I couldn’t reset the password for ubuntu nor the azure cli is accisble.

Let me know how i can fix this or if you need further information on this

Ambiente Azure – VM Linux Centos 7 com Virtual Host no Apache [pendente]

Boa tarde. Configurei o Virtual Host no Apache no SO Linux Centos 7, fiz testes incluindo os ips e os nomes no arquivo host do windows, o broswer acessa os dois sistemas sem problema, agora estou tentando utilizar o DNS da Azure para resolver o nome, fiz testes com o comando nslookup com sucesso, mas o browser não encontra do ip, como posso resolver este problema?

Standard approach for tracking half-done features in Azure DevOps

We practice Scrum (SAFe) and use Azure DevOps to track features and PBIs. The team is unsure of how to handle features which have been started but not finished at the end of a program increment.

Half the team wants to move the feature back to the program backlog, but we then lose the ability to report on effort already spent on the feature, and the fact that our forecasts were wrong.

The other half of the team wants to clone the feature…which polluted our backlogs.

Is there any standard way to do this? I’d like an approach that doesn’t confuse new team members if possible.

Can you see the Firewall Rule that was triggered on Azure Application Gateway WAF

We’re using the Application Gateway WAF in prevention mode and it’s blocking some of our Mobile App Client requests. I switched the WAF into Detection mode and output the logs to Log Analytics. I can see some information about the requests being made and the WAF being triggered, but can’t see which rule was triggered.

Is there a way to see what rule was being triggered? It’s difficult to narrow down the source of the problem without knowing why it’s failing!

Modificar el timeout del ARR Front-End en Azure App Service

Tengo un sitio (AspNet MVC 5) en Azure App Service; en algunos casos, algunos request toman más de 4 minutos (Debido a procesos “pesados” que realizan en el backend).

Luego de los 4 minutos de duración del request, se recibe un código de estado http 502 con el siguiente mensaje:

“502 – Web server received an invalid response while acting as a gateway or proxy server.”

Luego de muchas pruebas y de leer en varias partes, entiendo que los sitios alojados con Azure App Service se ejecutan “detrás” del módulo de ARR (Application Request Routing) de IIS haciendo este último las veces de “proxy”.

Entiendo también que ARR tiene un timeout pre-configurado de 4 minutos y esta es la causa aparente del error. (Según lo que he leído, este timeout no es configurable).

Dentro de las cosas que he intentado para “saltar” esta restricción están:

  1. Modificar límites en el web.config de la aplicación.
  2. Modificar los parámetros (limites) del applicationHost.config (fue difícil encontrar cómo hacerlo, pero lo logré).
  3. Agregar algunos parámetros de ARR (específicamente la configuración de Proxy) del ARR en el mismo applicationHost.config.
  4. Deshabilitar la “Afinidad ARR” en el sitio. (Es extraño, lo único que hace esto es quitar una cookie de ARR, pero el servicio de ARR sigue actuando como proxy… o eso parece).

Sin embargo, ninguno de estos intentos me ha servido para “pasar de largo” esta restricción.

Si bien es cierto que, según lo recomiendan, debería llevar los trabajos de larga duración a un BackgroundWorker (Hangfire, AzureJobs, Functions, etc) u optimizar el código del backend que supone un timeout. Desafortunadamente, en el estado actual de la aplicación es un poco difícil (Es una aplicación a punto de entrar a ambiente productivo).

Agradezco si alguien sabe o se le ocurre algún hack o configuración para modificar el timeout del Front-End de ARR en Azure App Service.

Cannot create/destroy Azure VMs anymore (OSProvisioningInternalError)

I’m using Jenkins to run my terraform scripts. It worked fine for a few days, but after destroying & (re-)creating my VM multiple times, it does not work anymore. On Creation, I get:

* azurerm_virtual_machine.windows: Code="OSProvisioningInternalError" Message="OS Provisioning failed for VM 'e2r2s08ibld0001' due to an internal error." 

Deletion also doesn’t work:

* azurerm_network_interface.windows: Error deleting Network Interface "e2r2s08ibld0001-nic" (Resource Group "Buildslaves_rg"): network.InterfacesClient#Delete: Failure sending request: StatusCode=400 -- Original Error: Code="NicInUse" Message="Network Interface /subscriptions/****/resourceGroups/Buildslaves_rg/providers/Microsoft.Network/networkInterfaces/e2r2s08ibld0001-nic is used by existing resource /subscriptions/****/resourceGroups/Buildslaves_rg/providers/Microsoft.Compute/virtualMachines/e2r2s08ibld0001. In order to delete the network interface, it must be dissociated from the resource. To learn more, see aka.ms/deletenic." Details=[] 

OK it says “nic in use” but I expected terraform to delete all resource in the correct order? I can successfully delete my resources using the Azure Portel.

But then, again I get the same error when I try to (re-)create the VM via terraform.

I also tried to delete my tfstate file, but the error stays the same.

Here is the relevant part of my main.tf:

resource "azurerm_network_interface" "windows" {   name                          = "$  {var.vm_windows["name"]}-nic"   location                      = "$  {azurerm_resource_group.main.location}"   resource_group_name           = "$  {azurerm_resource_group.main.name}" #  network_security_group_id     = "$  {azurerm_network_security_group.main.id}"   tags                          = "$  {var.tags}"   enable_accelerated_networking = true    ip_configuration {     name                          = "ipconfig1"     subnet_id                     = "$  {data.azurerm_subnet.main.id}"     private_ip_address_allocation = "Dynamic" #    private_ip_address            = "$  {var.vm_windows["private_ip_address"]}"   } }  resource "azurerm_virtual_machine" "windows" {   name                  = "$  {var.vm_windows["name"]}"   location              = "$  {azurerm_resource_group.main.location}"   resource_group_name   = "$  {azurerm_resource_group.main.name}"   network_interface_ids = ["$  {azurerm_network_interface.windows.id}"]   vm_size               = "$  {var.vm_windows["size"]}"   tags     = "$  {var.tags}"    # This means the OS Disk will be deleted when Terraform destroys the Virtual Machine   # NOTE: This may not be optimal in all cases.   delete_os_disk_on_termination = true   delete_data_disks_on_termination = true    storage_image_reference {     publisher = "MicrosoftWindowsServer"     offer     = "WindowsServer"     sku       = "2019-Datacenter"     version   = "latest"   }    storage_os_disk {     name              = "$  {var.vm_windows["name"]}-os"     caching           = "ReadWrite"     create_option     = "FromImage"     managed_disk_type = "$  {var.vm_windows["disk_os_type"]}"   }    storage_data_disk {     name              = "$  {var.vm_windows["name"]}-data"     caching           = "ReadOnly"     create_option     = "Empty"     disk_size_gb      = "$  {var.vm_windows["disk_data_size"]}"     lun               = 0     managed_disk_type = "$  {var.vm_windows["disk_data_type"]}"   }    os_profile {     computer_name  = "$  {var.vm_windows["name"]}"     admin_username = "$  {var.vm_admin_username}"     admin_password = "$  {var.vm_admin_password}" #    custom_data    = "$  {local.custom_data_content}"   }    os_profile_windows_config {     provision_vm_agent        = true     enable_automatic_upgrades = true      # Auto-Login's required to configure WinRM     additional_unattend_config {       pass         = "oobeSystem"       component    = "Microsoft-Windows-Shell-Setup"       setting_name = "AutoLogon"       content      = "<AutoLogon><Password><Value>$  {var.vm_admin_password}</Value></Password><Enabled>true</Enabled><LogonCount>1</LogonCount><Username>$  {var.vm_admin_username}</Username></AutoLogon>"     }      # See https://github.com/terraform-providers/terraform-provider-azurerm/tree/master/examples/virtual-machines/provisioners/windows     additional_unattend_config {       pass         = "oobeSystem"       component    = "Microsoft-Windows-Shell-Setup"       setting_name = "FirstLogonCommands"       content      = "$  {file("./files/FirstLogonCommands.xml")}"     }   } } 

Separate Azure B2C for each App

On azure, I use resource group to consolidate an app resources. So I have multiple resource groups containing what are necessary to run an app.

When creating a new Azure AD B2C, it starts fresh with no resource groups.

It’s not like if I can create multiple Azure B2C, save them in their respective resource group, to be used by a specific App : and all under the same subscription.

I can use one Azure B2C and create multiple app under it but that would mix users between apps.

Am i right when I am saying that azure is designed for one organization which have only one set of app users ? In other words, if you’re a startup, resource group is not useful to you since you have to switch between directories ?