Comments (23)
Hello - I recall having an issue with the resource processor not picking up messages when it was bundled and deployed from my machine (M1) but never got to the bottom of it - I generally used Codespaces (Linux) for working on the TRE. However, when I was experimenting with this I remember getting further when using QEMU and getting docker to build Linux/amd64 images so you could give this a try.
You can do this by modifying the Dockerfile.tmpl
of the bundle your building and deploying from:
FROM debian:bullseye-slim
to
FROM --platform=linux/amd64 debian:bullseye-slim
from azuretre.
I searched a completely different repo for a different project!
Maybe that's the solution we need... in /devops/scripts/bundle_runtime_image_build.sh
from azuretre.
@m1p1h you need to create a fork. Then a PR back if all is good. Thanks.
from azuretre.
I completely removed the existing TRE instance and did a 'make all' to start a fresh. It got as far as deploying the shared firewall bundle and then gave the same error as before:
Error message: Unable to find image '***acr.azurecr.io/tre-shared-service-firewall@sha256:50ec34d66b6297f4de21ca7bf73bb9828791fc71f55fcbb8c41c0d580b986b5c' locally exec /cnab/app/run: exec format error 2 errors occurred: * container exit code: 1, message: <nil>. fetching outputs failed: error copying outputs from container: Error response from daemon: Could not find the file /cnab/app/outputs in container 1b2a0af2e5f4ea4da6287dd88bdbc5aea83947c7239f4560795564e4106d10a4 * required output porter-state is missing and has no default ; Command executed: az cloud set --name AzureCloud && az login --identity -u 0e87ef80-6ba8-4887-a998-d1f4d9131075 && az acr login --name ***nwsdedevacr && porter install "873e7177-d3a7-4c29-8c92-9f5cd8749bed" --reference ***devacr.azurecr.io/tre-shared-service-firewall:v1.1.5 --param arm_environment="public" --param arm_use_msi="true" --param id="873e7177-d3a7-4c29-8c92-9f5cd8749bed" --param microsoft_graph_fqdn="graph.microsoft.com" --param tfstate_container_name="tfstate" --param tfstate_resource_group_name="rg-***dev-mgmt" --param tfstate_storage_account_name="***devmgmtstore" --param tre_id="***dev" --force --credential-set arm_auth --credential-set aad_auth
I am running make all from the devcontainer and my dev machine has a M2 chip. I can build and publish bundles ok. But unable to deploy them.
from azuretre.
Hi @m1p1h , I'll try and validate the first issue, user VM upgrades aren't something that happen very often as is a risk the VM will be replaced. What's the upgrade scenario?
For both issues, is there anything in the API logs? ( https://microsoft.github.io/AzureTRE/latest/troubleshooting-faq/app-insights-logs/ ) Also what release/branch are you deploying from?
Thanks.
from azuretre.
Hi @marrobi thanks for looking into this. I'm part of the nwsde dev team and I need a way to test changes locally within a running TRE instance (ideally without having to rebuild the whole thing every time). So in the initial case, I'm looking to update the windowsvm and linuxvm user resources. But I think there's a bigger issue in that, I'm finding any CNAB I build and deploy from my local machine I experience the error above. A colleague running the same make with the same code doesn't experience this issue where the resource_processor appears to be unable to see the bundles in the ACR even though I can see via the portal that they exist and are registered correctly in cosmos (by checking via the API).
My dev machine is a Mac Air (M2 chip) running Sonoma (14.2.1) with Docker Desktop (4.26.1, Engine: 24.0.7, using Rosetta emulation).
I'm running AzureTRE release 0.16.0.
The logs don't give much else (see attached).
query_data.csv
from azuretre.
Ok, so the "Unable to find image ... locally" is standard, Docker always shows this if an image does not exist locally, then pulls the image from the Docker Registry.
@jjgriff93 @martinpeck any comments on the Mac setup? (I run Windows and WSL so can't comment).
A seperate tip though, if iterating locally, it's often possible to just deploy the terraform (as long as no VNet access is required), which means can iterate faster. You need to ensure is a deploy.sh script, and .env file is correct, but can use make terraform-deploy
from azuretre.
@m1p1h those logs are all resource processor logs, not API logs, can you check with AppRoleName set to API when searching the logs. Thanks.
from azuretre.
Here's the logs for api and resource_processor...
query_data(2).csv
from azuretre.
Doesn't give much away. can you set debug on the API and try again? https://microsoft.github.io/AzureTRE/latest/troubleshooting-faq/debug-api/
The other thing would be to jump onto the resource processor and watch the logs as the bundle is installed, see "Logs" at https://microsoft.github.io/AzureTRE/latest/troubleshooting-faq/troubleshooting-rp/
from azuretre.
Hmm, I think that is covered in build.sh
:
ARCHITECTURE=$(uname -m)
if [ "${ARCHITECTURE}" == "arm64" ]; then
DOCKER_BUILD_COMMAND="docker buildx build --platform linux/amd64"
else
DOCKER_BUILD_COMMAND="docker build"
fi
@m1p1h what does uname -m
return on your machine?
from azuretre.
Returns arm64. I can also see that docker buildx is being used.
from azuretre.
Although looking at the built images it does look like for some bundles the arch is still being built as arm64...
Resource processor does get built for amd64 arch but for tre-shared-service-firewall (where the error happens) its being built as arm64
sha256:e87f74ca090dfe5d43ac71e18fbffa13c7c69f79d565ec97344f1c631701a89b [] amd64
sha256:21ff037dcd01b258762df05946ff7d254a45292a60abf5c13395e7c6e29e6cbe [***acr.azurecr.io/microsoft/azuretre/resource-processor-vm-porter:0.7.1] amd64
sha256:a4ef98b87bbc78fed1a9c6e9f53dac014becb106882259567a9fe0cd1405d4cd [] amd64
sha256:6fff07427dc49e31a62d034e33635c680a0ad9349d3967cb8343e87827dff196 [***acr.azurecr.io/microsoft/azuretre/api:0.16.9] amd64
sha256:f4a266371ab5aa46a914d278dd79f43c037947c76c06e88afba82c5773ce2511 [azuretre/tre-shared-service-firewall:porter-1cd9bd2322c189592902d3951c82358c ***acr.azurecr.io/tre-shared-service-firewall:porter-a0b51da0df4008e46e7def3ae3a54624] arm64
sha256:f4a266371ab5aa46a914d278dd79f43c037947c76c06e88afba82c5773ce2511 [azuretre/tre-shared-service-firewall:porter-1cd9bd2322c189592902d3951c82358c nwsdedevacr.azurecr.io/tre-shared-service-firewall:porter-a0b51da0df4008e46e7def3ae3a54624] arm64
from azuretre.
Hmm, I think that is covered in
build.sh
:ARCHITECTURE=$(uname -m) if [ "${ARCHITECTURE}" == "arm64" ]; then DOCKER_BUILD_COMMAND="docker buildx build --platform linux/amd64" else DOCKER_BUILD_COMMAND="docker build" fi@m1p1h what does
uname -m
return on your machine?
In cli/scripts/build.sh I dont see this. Am I looking in the wrong place?
from azuretre.
@m1p1h let us know if that works, be great if you can do a PR - as I'm on Windows can't test.
However think I've found a related bug here - #3824
from azuretre.
@marrobi will do. I did quickly try with code above in bundle_runtime_image_build.sh but it still built some bundle images as arm64 archs resutling in the same error. But might be because in the devcontainer 'uname -m' returns x86_64.
from azuretre.
Hmm, interesting. Wonder if a way to find the Docker architecture.
from azuretre.
I think we can use docker info --format '{{ .Architecture }}' which will give aarch64 for docker instances running on arm64.
from azuretre.
Just to confirm the change to the docker build would work i hardcoded the build command in devops/scripts/bundle_runtime_image_build.sh to:
docker buildx build --platform linux/amd64 --build-arg BUILDKIT_INLINE_CACHE=1 \
-t "${FULL_IMAGE_NAME_PREFIX}/${image_name}:${version}" \
"${docker_cache[@]}" -f "${docker_file}" "${docker_context}"
But I still see the same issue where some bundles (tre-shared-service-firewall) are still built with an arm64 arch. This would suggest some bundle images are being built elsewhere? I notice in the Makefile there is a 'build_image' function defined but looks like that is used to build the api, resource processor and airlock processors only.
sha256:001f66786a65ed20a8353dd73c613b996c087de99a61acea83638b08d6d02385 [***acr.azurecr.io/microsoft/azuretre/airlock-processor:0.7.0] amd64
sha256:1c7196ff44bd2eec2bafe43732b68d57ec3cecd4191861f2c8fa37673aae2e94 [***acr.azurecr.io/microsoft/azuretre/resource-processor-vm-porter:0.7.1] amd64
sha256:1b4c2d41d42075c489cf80eac1796e1efdba4e6e058c400a04efb300acbe27da [***acr.azurecr.io/microsoft/azuretre/api:0.16.9] amd64
sha256:f4a266371ab5aa46a914d278dd79f43c037947c76c06e88afba82c5773ce2511 [azuretre/tre-shared-service-firewall:porter-1cd9bd2322c189592902d3951c82358c ***acr.azurecr.io/tre-shared-service-firewall:porter-a0b51da0df4008e46e7def3ae3a54624] arm64
sha256:f4a266371ab5aa46a914d278dd79f43c037947c76c06e88afba82c5773ce2511 [azuretre/tre-shared-service-firewall:porter-1cd9bd2322c189592902d3951c82358c ***acr.azurecr.io/tre-shared-service-firewall:porter-a0b51da0df4008e46e7def3ae3a54624] arm64
from azuretre.
Thinking about it, the --platform linux/amd64
does not need to be conditional, no reason that can't be used every time docker buildx build
is run.
Ah, actually its porter build
that builds the bundles, not docker, wonder if that has architecture options.
from azuretre.
Looks like answer is need to add to each porter bundle's Dockerfile - getporter/porter#2021 (comment)
Can you try this with templates/shared_services/firewall/Dockerfile.tmpl
?
from azuretre.
Actually, this is caused by us having custom Dockerfile.tmpl
files that don't specify platform.
from azuretre.
@marrobi, could you give me access to create a branch?
from azuretre.
Related Issues (20)
- Security updates November 2023
- bundle-build target doesn't work without setting DOCKER_CONTEXT=default for porter HOT 3
- building Docker images which require pip to install psutils fails unless gcc is installed HOT 7
- Inconsistent versions of AZ CLI installed in porter.yaml within templates. HOT 1
- File ownership error building TRE CLI in devcontainer HOT 5
- Show TRE version & deployment time in UI status bar HOT 16
- Azure Open AI deployability as a workspace service within Azure TRE HOT 7
- Unable to connect to Linux VM through Guacamole HOT 9
- Getting Airlock SAS URL into workspace VM HOT 2
- If Guacamole fails on install, upgrade does not recreate firewall rules.
- module.airlock_resources.azurerm_service_plan.airlock_plan can take over 30 minutes to deploy HOT 2
- Workspace service link s not working in left nav
- Connect button shows when no connection uri
- Cannot upgrade user reources
- Granular Role Permissions HOT 9
- Error when creating an Airlock Workspace HOT 4
- Airlock: Creating an import/export request causes a routing error HOT 12
- pip cannot resolve requirements to be able to build devcontainer HOT 2
- Issue Post-Deployment: Access Denied - Error in Resource Retrieval - Missing Roles ['TREUser', 'TREAdmin'] for Workspace Access HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from azuretre.