I've got a Windows Docker container (microsoft/aspnet) that is hosting a simple Web API. The web API accepts files from a form, saves them in a temp folder, does some processing, and then returns the result.
This works fine when deployed locally, but when done in my Docker container, I get a file permissions error on my temp folder (App_Data).
Is there a way to grant the IIS user the code is running as access to this file, or to open up the folder to any user for read/write access?
Current Docker file is below:
FROM microsoft/aspnet
COPY ./Deploy/ /inetpub/wwwroot
RUN mkdir /inetpub/wwwroot/App_Data
Error message snippet I get running API from docker image:
"InnerException":{"Message":"An error has occurred.","ExceptionMessage":"Access to the path 'C:\\inetpub\\wwwroot\\App_Data\\BodyPart_481b6424-f9a5-4608-894d-406145a48445' is denied.","ExceptionType":"System.UnauthorizedAccessException"
It looks like there is a bug open on the aspnet-docker github about this same issue. [link]
In the meantime, it looks like running cacls App_Data /G IIS_IUSRS:F after starting the container fixes the issue temporarily.
Unclear why, but cacls doesn't seem to be working when run as part of building the container. Switched to using icacls, and was able to grant the IIS_USRS permissions on the folder.
Line added to dockerfile:
RUN icacls 'C:\inetpub\wwwroot\App_Data' /grant 'IIS_IUSRS:(F)'
I can't comment as I don't have enough reputation, but if the answer by #Darendal doesn't work (which it did not for me), then try this syntax
RUN icacls C:\inetpub\wwwroot\App_Data /grant "BUILTIN\IIS_IUSRS:(OI)(CI)F" /t
My dockerfile did not accepted any of the other answers. Below is one more alernative.
FROM mcr.microsoft.com/dotnet/framework/aspnet:4.8
SHELL ["powershell"]
RUN & ICACLS "'C:\inetpub\wwwroot\App_Data' /grant 'IIS APPPOOL\DefaultAppPool:(OI)(CI)F' /T"
Related
I have a problem for few days now with the "dotnet hosting bundle" and AspNetCoreV2 IIS module in a dockerimage.
So, I creating a dockerimage with many IIS modules and requirements to execute our software. The dockerimage works good expect this AspNetCoreV2 module. When the container created, I check the modules installed with Get-WebGlobalModule and doesn't appear.
But, when I start the quiet (or passive) installation manualy, into the container, this module works and appear in the IIS Module list.
I tried many solutions to do that (multistage with aspnetcore Microsoft images, last version of dotnet_hosting_bundle.exe and many other, but same issue).
I tried to automatise the docker exec process to install this module manualy and commit it with Azure Pipelines and Windows agent in a VM, but doesn't work :(.
To try that, I use different way :
docker stop mycontainer
docker rm mycontainer
docker run --name mycontainer -d -it $(containerRegistry)/$(container_requirement_name):v1.0.$(Build.BuildId)
docker exec mycontainer powershell.exe -command Start-Process -FilePath 'C:\Program Files\MySoftware\PowerShell\Installer.Prerequisites\dotnet-hosting-3.1.2-win.exe' -ArgumentList "/passive","/install","/norestart" -PassThru -Wait
docker stop mycontainer
docker commit mycontainer $(containerRegistry)/$(container_requirement_name):v1.0.$(Build.BuildId).1
In the Start-Process, I can see :
The process is created but apparently not started
I also tried with : cmd 'C:\Program Files\MySoftware\PowerShell\Installer.Prerequisites\dotnet-hosting-3.1.2-win.exe' /quiet /install
This task in Azure Pipeline working without error, but when I download this new image (pushed after these instructions), the module doesn't appear in Get-WebGlobalModule
Also, the module is not presend into ProgramFiles
I don't really understand how can I install this module. All other modules working, expect this ...
Thanks you very much in advance for your advises.
Best
Set the preference variables with below command fixed above issue.
powershell -Command $ErrorActionPreference = 'Stop' $ProgressPreference = 'Continue'
The values of the preference variables affect how PowerShell operates and executes cmdLets. It might be because the default settings of the preference variables of the container that caused the PowerShell failing to complete the installation. You can override these preference variables in your script.
Please see this document for more information about Preference Variables.
I am trying to set up auto-deployment from GitHub to AWS, using EC2.
I set Role with CodeDeployServiceRole auto policy
After following the Tutorial: Use AWS CodeDeploy to Deploy an Application from GitHub, my deployment fails at the ApplicationStop event, after trying for couple of minutes with error code HEALTH_CONSTRAINT. I'm not sure how to troubleshoot the issue/where to look.
These are few hints of how you can navigate your way
Logs as mentioned in comments in /var/log/aws/codedeploy-agent
As AWS support recommend you can add for one time --ignore-application-stop-failures so it will skip that step in case it failed last time and seeŘ because the application stop Lifecycle event uses the appspec file from the last successful build so if that one is corrupted somehow this step will fail in the following builds
(not recommended) you can delete the file, that CodeDeploy uses to keep track of the previous successful deployment in the following path /opt/codedeploy-agent/deployment-root/deployment-instructions/
Check the latest logs at /var/log/aws/codedeploy-agent
If your deployment is failing at ApplicationStop event, then most likely the issue is your EC2 instance does not have the necessary permissions to get the artifacts from S3 bucket.
Your EC2 instance must have an IAM role attached which gives it enough permissions to download the artifacts from S3 bucket
Your EC2 must be started with an IAM role. So you may have to reboot your instance after attaching the role to it.
From your configuration, looks like you have provided permissions to CodeDeploy to perform certain actions on your EC2. You may want to check if your EC2 also has the necessary permissions to download packages from S3 bucket.
Another reason for this error is that the CodeDeploy Service is not running on your machine. On Windows machines, Code Deploy Service terminates sometimes, and as a result, the deployment is not downloaded on the machine. Nothing appears in the logs either.
Run services.msc and check the code deploy agent service. If it is not running, start it and retry the deployment.
I had the same issue and solved it by solving codedeploy-agent that wasn't working on my EC2 instance.
sudo service {httpd/apache2} status
Something might have cause the agent not to run properly
Hope it will help
I had the same issue. You also need to make sure that your EC2 instance has code-deploy-agent installed.
Follow the below aws guide. It worked for me.
AWS guide to install code agent in linux server
Check if the codedeploy-agent is running.
sudo service codedeploy-agent status
if not running then use below command to run
sudo service codedeploy-agent start
If you are using aws Windows server, check the logs at :
C:\ProgramData\Amazon\CodeDeploy\log\codedeploy-agent-log.txt
AWS Docs
To check if the codedeployagent running in windows. Open powersheel command window and run these command.
powershell.exe -Command Get-Service -Name codedeployagent
Better to stop and start again.
powershell.exe -Command Stop-Service -Name codedeployagent
powershell.exe -Command Start-Service -Name codedeployagent
Or Restarting also works
powershell.exe -Command Restart-Service -Name codedeployagent
For me I had to uninstall the codedeployagent on windows by uninstalling and deleting old files of codedeploy.
Run the below command in powershell one by one to uninstall.
wmic
product where name="CodeDeploy Host Agent" call uninstall /nointeractive
exit
After this delete the codedeploy folder at this location.
C:\ProgramData/Amazon/CodeDeploy/
Now install codedeployagent on windows.
Start the codedeployagent again.
powershell.exe -Command Start-Service -Name codedeployagent
Many people asking about problem with
Service 'web' failed to build: COPY failed: stat /var/lib/docker/tmp/docker-builder
This problem exist, when you trying to build Docker image from autogenerated Dockerfile for Linux in Visual Studio. I resolved that. Because many questions are not connected with ASP.NET directly i will help you, and tell what to do in this case in answer.
I tried to change:
COPY ["Divorcer/Divorcer.csproj", "Divorcer/"] to:
COPY ["/Divorcer/Divorcer.csproj", "Divorcer/"],
COPY ["./Divorcer/Divorcer.csproj", "Divorcer/"],
even to
COPY ["~/.Divorcer/Divorcer.csproj", "Divorcer/"]
Problem still exist.
So, as i told you Randomly generated path is like above.
Solution is in Solution. When you creating new project named "Divorcer" VStudio making
Solution
-- Project
Directories. This problem was resolved with simply bash commands (if you using screen OS you can do it with your mouse).
cd /Path/To/Solution/Project
mv Dockerfile ../
Its simply coping Dockerfile to Solution directory from Project directory. Now you can use docker build -t "someproject" . and it working.
Make sure that you are in Solution directory! Have fun.
I have a meteor app that needs to periodically read a file located on the host's file system, outside of the app package. I am using node's fs to accomplish this, and it works fine on my (macOS) development machine.
However, when I run mup deploy to deploy it to my (Ubuntu 14) server, mup returns the following error after starting meteor:
Error: ENOENT: no such file or directory, open '/home/sam/data/all_data.json'
at Object.fs.openSync (fs.js:652:18)
at Object.fs.readFileSync (fs.js:553:33)
Does anyone know why this might be happening?
you should follow mup documentation closely. Have you seen volumes setup in mup config? Try this to solve your issue.
Reason: mup runs app in docker without any access to host file system unless specified. Volumes setup does this for you with mup deployment.
Below is the part of mup config from http://meteor-up.com/docs.html, Everything Configured, read more to get a better idea.
name: 'app',
path: '../app',
// lets you add docker volumes (optional). Can be used to
// store files between app deploys and restarts.
volumes: {
// passed as '-v /host/path:/container/path' to the docker run command
'/host/path': '/container/path',
'/second/host/path': '/second/container/path'
},
The user you have that is running your meteor build on the server needs to have access to that folder - read access. I would store the file in a different directory than the home one, because you don't want to mess it up. Either way doing something like chmod -R 444 /home/sam/data should give read access to any user for all files in that directory. You are probably running meteor as your local user(sam?) in development mode on your macOS, but the built up gets run as meteor or some other user on ubuntu, because of mup and forever.
I had v1 of msdeploy installed and I uninstalled it to install the v2.
Now my vs2010 packages fail when I run the deploy.cmd because it can't find the registry entry - even though I've created an MSDeployPath environment variable pointing to the v2 path?
I have MSDeployPath set to "C:\Program Files\IIS\Microsoft Web Deploy V2" in the Advanced System Settings/Environment Variables under My Computer/Properties.
The error I get when I run the VS2010 deploy.cmd file is:
Files\IIS\Microsoft was unexpected at this time.
Anyone know how to fix this? The vs2010 package's deploy.cmd looks for /1 in the registry.
So how do I change this to look for /2 if the path variable doesn't work
Edit the .cmd file to look for the correct registry path. /2 instead of /1.
My understanding is that TFS 2010 sp1 fixes this.
The line from the cmd file for pre SP1 builds looks like this:
for /F "usebackq tokens=2*" %%i in (`reg query "HKLM\SOFTWARE\Microsoft\IIS Extensions\MSDeploy\1" /v InstallPath`) do (
post SP1 it looks like this
for /F "usebackq tokens=1,2,*" %%h in (`reg query "HKLM\SOFTWARE\Microsoft\IIS Extensions\MSDeploy" /s ^| findstr -i "InstallPath"`) do (
I also get the same issue when I am trying to deploy the web site using bath file under the package created by MSbuild. Only difference is I am doing it remotely.that is I assign that task to my build server and once a build is successful then it execute the command
MVC-Client.deploy.cmd /y /M:es-websrv01
Although the set parameter xml is available it complains the it is unexpected.Normally it says for a remote web deployment we dont need admin privileges.(In my case build server is running with out admin privileges).Then I remotely logged to the build server machine and then using a command line try to to the deployment manually.But end up with the same issue.Then what I try was just copy the package in to a desktop and then did the remote deployment.It was successfully transferred the files into target IIS location.
Location where build server tries to to the deployment : C:\Program Files (x86)\Jenkins\jobs\Exile-LibrarySystem\workspace\Exile-LibrarySystem\Exile-LibrarySystem\obj\Staging\Package
I think since this folder has limits access it cant do the operation.Otherwise I should have end up with the same issue when I was trying to do the deployment in the desktop in build server machine. Is there any work around where I can get this deployment job done with in the build server location ?
Thanks