I've some experience using Azure CLI, Az Module and ARM templates... Anyway I'm experimenting problems in setting a storage account to a web app.
This is the bicep source (still a work in progress):
@allowed([
'dev'
'qta'
'ppd'
'prd'
])
param targetEnv string = 'dev'
@allowed([
'southafricanorth'
'southafricawest'
'northeurope'
'westeurope'
'australiaeast'
'australiasoutheast'
'australiacentral'
'australiacentral2'
'eastasia'
'southeastasia'
'brazilsouth'
'brazilsoutheast'
'centralus'
'eastus'
'eastus2'
'westus'
'westus2'
'westus3'
'northcentralus'
'southcentralus'
])
param location string = 'westeurope'
param planName string = 'testplan1'
param planGroup string = 'rgdoftempdev'
var locationMap = {
'southafricanorth': 'af'
'southafricawest': 'af'
'northeurope': 'eu'
'westeurope': 'eu'
'australiaeast': 'pc'
'australiasoutheast': 'pc'
'australiacentral': 'pc'
'australiacentral2': 'pc'
'eastasia': 'as'
'southeastasia': 'as'
'brazilsouth': 'sa'
'brazilsoutheast': 'sa'
'centralus': 'us'
'eastus': 'us'
'eastus2': 'us'
'westus': 'us'
'westus2': 'us'
'westus3': 'us'
'northcentralus': 'us'
'southcentralus': 'us'
}
var locationAcr = locationMap[location]
// var hash = substring(uniqueString(subscription().subscriptionId), 0, 4)
var appName = 'bvdof'
var insightsName = '${appName}-appinsights-${locationAcr}-${targetEnv}'
var storageName = '${appName}sa${locationAcr}${targetEnv}'
var webAppName = '${appName}-webapp-${locationAcr}-${targetEnv}'
resource storageAccount 'Microsoft.Storage/storageAccounts@2021-06-01' = {
name: storageName
location: location
kind: 'StorageV2'
sku: {
name: 'Premium_LRS'
}
properties: {
minimumTlsVersion: 'TLS1_2'
allowBlobPublicAccess: true
networkAcls: {
bypass: 'AzureServices'
defaultAction: 'Allow'
}
supportsHttpsTrafficOnly: true
encryption: {
keySource: 'Microsoft.Storage'
services: {
blob: {
keyType: 'Account'
enabled: true
}
file: {
keyType: 'Account'
enabled: true
}
}
}
accessTier: 'Hot'
}
}
resource appInsights 'Microsoft.Insights/components@2020-02-02' = {
name: insightsName
location: location
kind: 'web'
properties: {
Application_Type: 'web'
publicNetworkAccessForIngestion: 'Enabled'
publicNetworkAccessForQuery: 'Enabled'
}
}
resource webApplication 'Microsoft.Web/sites@2021-02-01' = {
dependsOn: [
appInsights
storageAccount
]
name: webAppName
location: resourceGroup().location
kind: 'app'
properties: {
httpsOnly: true
serverFarmId: '/subscriptions/${subscription().id}/resourceGroups/${planGroup}/providers/Microsoft.Web/serverfarms/${planName}'
clientAffinityEnabled: true
siteConfig: {
appSettings: [
{
name: 'APPINSIGHTS_INSTRUMENTATIONKEY'
value: appInsights.properties.InstrumentationKey
}
// {
// name: 'AzureWebJobsDashboard'
// value: 'DefaultEndpointsProtocol=https;AccountName=${storageAccount.name};EndpointSuffix=${environment().suffixes.storage};AccountKey=${listKeys(storageAccount.id, storageAccount.apiVersion).keys[0].value}'
// }
// {
// name: 'AzureWebJobsStorage'
// value: 'DefaultEndpointsProtocol=https;AccountName=${storageAccount.name};EndpointSuffix=${environment().suffixes.storage};AccountKey=${listKeys(storageAccount.id, storageAccount.apiVersion).keys[0].value}'
// }
{
name: 'WEBSITE_CONTENTAZUREFILECONNECTIONSTRING'
value: 'DefaultEndpointsProtocol=https;AccountName=${storageName};AccountKey=${listKeys(storageAccount.id, storageAccount.apiVersion).keys[0].value}'
}
{
name: 'WEBSITE_CONTENTSHARE'
value: webAppName
}
{
name: 'ANCM_ADDITIONAL_ERROR_PAGE_LINK'
value: 'https://${webAppName}.scm.azurewebsites.net/detectors?type=tools&name=eventviewer'
}
{
name: 'APPINSIGHTS_PROFILERFEATURE_VERSION'
value: '1.0.0'
}
{
name: 'APPINSIGHTS_SNAPSHOTFEATURE_VERSION'
value: '1.0.0'
}
{
name: 'APPLICATIONINSIGHTS_CONNECTION_STRING'
value: 'InstrumentationKey=${appInsights.properties.InstrumentationKey};IngestionEndpoint=https://${location}.in.applicationinsights.azure.com/'
}
]
}
}
}
This is the error I get after partially failed deployment (storage and app insights created):
{"status":"Failed","error":{"code":"DeploymentFailed","message":"At least one resource deployment operation failed. Please list deployment operations for details. Please see https://aka.ms/DeployOperations for usage details.","details":[{"code":"BadRequest","message":"{\r\n \"Code\": \"BadRequest\",\r\n \"Message\": \"There was a conflict. The remote name could not be resolved: 'bvdofsaeudev.file.core.windows.net'\",\r\n \"Target\": null,\r\n \"Details\": [\r\n {\r\n \"Message\": \"There was a conflict. The remote name could not be resolved: 'bvdofsaeudev.file.core.windows.net'\"\r\n },\r\n {\r\n \"Code\": \"BadRequest\"\r\n },\r\n {\r\n \"ErrorEntity\": {\r\n \"ExtendedCode\": \"01020\",\r\n
\"MessageTemplate\": \"There was a conflict. {0}\",\r\n \"Parameters\": [\r\n \"The remote name could not be resolved: 'bvdofsaeudev.file.core.windows.net'\"\r\n ],\r\n \"Code\": \"BadRequest\",\r\n \"Message\": \"There was a conflict. The remote name could not be resolved: 'bvdofsaeudev.file.core.windows.net'\"\r\n }\r\n }\r\n ],\r\n \"Innererror\": null\r\n}"}]}}
What is wrong with this definition?
Thanks to anyone who'll help.
Best regards
Giacomo S. S.
CodePudding user response:
I tested your code and faced the same error as you can see below:
The error in the code is that you are using a Premium_LRS sku and kind is storageV2 . So , it doesn't create a File service in the Storage account only Blob service . For which reason , app is not able to find the remote name of the storage account file server.
There can be two solutions as below:
- Just Changing the Sku name from
Premium_LRStoStandard_LRSin the storage account resource as below:
resource storageAccount 'Microsoft.Storage/storageAccounts@2021-06-01' = {
name: storageName
location: location
kind: 'StorageV2'
sku: {
name: 'Standard_LRS'
}
properties: {
minimumTlsVersion: 'TLS1_2'
allowBlobPublicAccess: true
networkAcls: {
bypass: 'AzureServices'
defaultAction: 'Allow'
}
supportsHttpsTrafficOnly: true
encryption: {
keySource: 'Microsoft.Storage'
services: {
blob: {
keyType: 'Account'
enabled: true
}
file: {
keyType: 'Account'
enabled: true
}
}
}
accessTier: 'Hot'
}
}
Output:
- If you want to use
Premium_LRSthen Change the Kind toFileStorageinstead ofStorageV2as below, so that it create a premium storage account with File service and not Blob service:
resource storageAccount 'Microsoft.Storage/storageAccounts@2021-06-01' = {
name: storageName
location: location
kind: 'FileStorage'
sku: {
name: 'Premium_LRS'
}
properties: {
minimumTlsVersion: 'TLS1_2'
allowBlobPublicAccess: true
networkAcls: {
bypass: 'AzureServices'
defaultAction: 'Allow'
}
supportsHttpsTrafficOnly: true
encryption: {
keySource: 'Microsoft.Storage'
services: {
blob: {
keyType: 'Account'
enabled: true
}
file: {
keyType: 'Account'
enabled: true
}
}
}
accessTier: 'Hot'
}
}
Outputs:
