Comments (9)
Docker is passed through the container so the creds should pass through. I'm sure I tested it.
But, yes, fix if it is an issue is to add the login commands to to the explain command.
from azuretre.
You can recreate this bug without having to deploy a fresh TRE by:
- SSHing into the resource processor VM (via the jump box):
- logging in to the running resource processor docker container shell
- clearing down the porter cache (which holds the manifests & parameters) by issuing
cd /root/.porter.cache
thenrm -rf *
- issuing a
docker logout <TRE_ID>acr.azurecr.io
which will remove the credentials docker holds to connect to the container register (resetting it to as it was when it was first deployed). - then try and deploy a workspace
- you will get the error on the first deploy
- the second deploy will succeed because the credentials have now been cached
from azuretre.
I can remember looking at this at the time. Weird you have seen it as was a while ago and don't think I've come across the issue and our E2E PR tests would fail. So I'm confused why seeing this now, and not in the tests.
Looking at the code needs running once on RP start-up and is done here -
Looking at your logs I think your actual error is Error message: parameter "tre_id" is required
. Is this a custom bundle, if so think you are missing passing tre_id
somewhere.
from azuretre.
I've see this too recently
from azuretre.
@jonnyry I think I've seen this before when deploying a workspace, as as you say subsequent deploys work, thats been our "workaround".
from azuretre.
@jonnyry I think I've seen this before when deploying a workspace, as as you say subsequent deploys work, thats been our "workaround".
yes - also our workaround :-) just thought i'd get it logged as seen it several times now
from azuretre.
Looking at the code needs running once on RP start-up and is done here -
I notice the az acr login
is run on the VM itself rather than inside the resource processor docker container - is the az "session" shared inside the docker container?
- az acr login --name ${docker_registry_server}
- docker run -d -p 8080:8080 -v /var/run/docker.sock:/var/run/docker.sock
--restart always --env-file .env
--name resource_processor1
--log-driver local
${docker_registry_server}/${resource_processor_vmss_porter_image_repository}:${resource_processor_vmss_porter_image_tag}
Looking at your logs I think your actual error is
Error message: parameter "tre_id" is required
. Is this a custom bundle, if so think you are missing passingtre_id
somewhere.
The logs in the issue description are for a custom bundle, however it also happens for standard bundles, this is from a test I ran just now after resetting the cache & docker credentials inside the resource processor container -
1) Main step for 28b8b4b2-8840-4eac-89d9-ab6294ac1aa2
28b8b4b2-8840-4eac-89d9-ab6294ac1aa2: Error message: parameter "address_spaces" is required ; Command executed: porter install "28b8b4b2-8840-4eac-89d9-ab6294ac1aa2" --reference XXXXX.azurecr.io/tre-workspace-airlock-import-review:v0.12.16 --force --credential-set arm_auth --credential-set aad_auth
from azuretre.
It looks like az login & az acr login are called when running a constructed porter command (install etc):
AzureTRE/resource_processor/vmss_porter/runner.py
Lines 100 to 109 in ddbbffe
But not when calling porter explain, prior to the above code running:
AzureTRE/resource_processor/resources/commands.py
Lines 106 to 107 in ddbbffe
from azuretre.
OK just checking the creds on the VM and inside the resource processor container... the two are not the same, at least on my instance :-D
from azuretre.
Related Issues (20)
- Key Vaults should use RBAC instead of access policies for access control
- Storage accounts should use infrastructure encryption
- Azure resources should support customer-managed key for encryption at rest
- How Porter is used in Azure TRE link not working HOT 1
- Core deployment errors - Error: reading blob properties for Storage Account HOT 15
- Gitea shared service MySQL DB is destroyed if the shared service is upgraded
- Support .jsonc for template_schema files
- Add ability to reference core IP groups as destination in firewall rules
- Name of Airlock Notifier subnet is misspelled
- Use telemetry via the customer-attribution method to track deployments
- Inconsistent VM state between TRE and Azure portal leaves running VMs that can't be managed via the TRE HOT 1
- Troubleshooting Slurm Workload Manager Deployment Steps HOT 9
- Gitea container crashes and restarts HOT 1
- CycleCloud shared service does not deploy HOT 1
- Documentation does not render ending emoji Properly HOT 1
- Support "plan" mode deployment HOT 1
- How to scan large files for malware in the airlock? HOT 1
- Route Guacamole traffic through the app gateway HOT 3
- AppServiceFileAuditLogs diagnostic setting - remove?
- Data exfiltration via DNS tunneling HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from azuretre.