Oracle Cloud Infrastructure and Python 3.8 End of Support

[DavidT8777]

Describe the bug Unable to upgrade the python version for the Oracle Cloud Infrastructure function app. Changing the stack version above Python 3.8 generates errors.

To Reproduce Steps to reproduce the behavior:

1. Go to the OCI logs function app
2. Under Settings, select Configuration
3. In Configuration, select General Settings
4. Change the Python Version from Python 3.8 to 3.9.
5. Save the configuration
6. See error: Result: Failure Exception: ModuleNotFoundError: No module named '_cffi_backend' Stack: File "/azure-functions-host/workers/python/3.9/LINUX/X64/azure_functions_worker/dispatcher.py", line 505, in _handleinvocation_request call_result = await self._loop.run_in_executor( File "/usr/local/lib/python3.9/concurrent/futures/thread.py", line 58, in run result = self.fn(*self.args, self.kwargs) File "/azure-functions-host/workers/python/3.9/LINUX/X64/azure_functions_worker/dispatcher.py", line 778, in _run_sync_func return ExtensionManager.get_sync_invocation_wrapper(context, File "/azure-functions-host/workers/python/3.9/LINUX/X64/azure_functions_worker/extension.py", line 215, in _raw_invocation_wrapper result = function(args) File "/home/site/wwwroot/AzureFunctionOCILogs/main.py", line 46, in main stream_client = oci.streaming.StreamClient(config, service_endpoint=MessageEndpoint) File "/home/site/wwwroot/.python_packages/lib/site-packages/oci/streaming/stream_client.py", line 66, in init signer = Signer( File "/home/site/wwwroot/.python_packages/lib/site-packages/oci/signer.py", line 253, in init self.private_key = load_private_key(private_key_content, pass_phrase) File "/home/site/wwwroot/.python_packages/lib/site-packages/oci/signer.py", line 49, in load_private_key backend = default_backend() File "/home/site/wwwroot/.python_packages/lib/site-packages/cryptography/hazmat/backends/init.py", line 14, in default_backend from cryptography.hazmat.backends.openssl.backend import backend File "/home/site/wwwroot/.python_packages/lib/site-packages/cryptography/hazmat/backends/openssl/init__.py", line 6, in from cryptography.hazmat.backends.openssl.backend import backend File "/home/site/wwwroot/.python_packages/lib/site-packages/cryptography/hazmat/backends/openssl/backend.py", line 113, in from cryptography.hazmat.bindings.openssl import binding File "/home/site/wwwroot/.python_packages/lib/site-packages/cryptography/hazmat/bindings/openssl/binding.py", line 14, in from cryptography.hazmat.bindings._openssl import ffi, lib

Expected behavior Function should run without error. Reverting back to Python 3.8 resolves the issue, however, we've received emails from Azure that community support for Python is ending 14-Oct-2024 and to transition to Python 3.9+.

Screenshots If applicable, add screenshots to help explain your problem.

Desktop (please complete the following information):

• OS: Windows 11
• Browser: Edge
• Version: 123.0.2420.81 (Official build) (64-bit)

Smartphone (please complete the following information):

• Device: [e.g. iPhone6]
• OS: [e.g. iOS8.1]
• Browser [e.g. stock browser, safari]
• Version [e.g. 22]

Additional context Add any other context about the problem here.

[v-rusraut]

Hi @DavidT8777 , Thanks for flagging this issue, we will investigate this issue and get back to you with some updates by 16-04-2024. Thanks!

[v-rusraut]

Hi @DavidT8777, Working on replicating the issue, will update you. Thanks

[v-rusraut]

Hi @DavidT8777,

We tried to replicate the issue,We deployed function app with manual deployement and also through arm template. After that we changed python version from 3.8 to 3.9 ,but not getting this error - Exception: ModuleNotFoundError: No module named '_cffi_backend'. Please provide details steps about how to configure function app and also provide python_packages folder.you will get python_packages folder with below steps

1. Go to storage account
2. Search with your functionapp name
3. Data storage -> Containers ->scm-releases
4. download file - scm-latest-functionapp
5. share downloaded file

Thanks

[DavidT8777]

This function was originally installed via the Sentinel Content Hub with version 3.0.0. We've upgraded to version 3.0.1 due to issues we reported in #8313. We attempted the upgrade to python 3.9 from the General Settings tab on the function app. Looking at the scm-releases container in the storage account, it's empty.

The function app is running and we have current logging from the function.

Thanks!

[v-rusraut]

Hi @DavidT8777, We updated function app packages, please follow below steps for configuration.

1. Go to Setting section of your function app

   

2. Click on Environment variables

   

3. Under the App setting click on WEBSITE_RUN_FROM_PACKAGE

   

4. Replace the value with below url (Copy existing value and paste it in notepad)

https://github.com/Azure/Azure-Sentinel/raw/vrusraut/OCIDataConnector/Solutions/Oracle%20Cloud%20Infrastructure/Data%20Connectors/OCILogsConn.zip

5. Apply changes

6. Go to Configuration section -> General settings

   

7. Change python version from 3.8 -> 3.9

8. Click on Save.

9. Restart function app

   

10. Check log in Monitor Section

[DavidT8777]

Hi, @v-rusraut,

I've made the changes you requested to the function app Configuration\Application settings (I don't see an "Environment variables" in the portal) and restarted the app at approximately 10:10am EST.

I'm showing the following error on the Overview page:

I've had one invocation of the function since the changes were made and nothing since.

I'll revert the changes so that we don't miss any logging.

thanks! David

[v-rusraut]

Hi @DavidT8777, Please follow above steps again, update below url in WEBSITE_RUN_FROM_PACKAGE and verify. https://github.com/Azure/Azure-Sentinel/raw/v-rusraut/OCI/Solutions/Oracle%20Cloud%20Infrastructure/Data%20Connectors/OCILogsConn.zip Thanks

[DavidT8777]

Thanks, @v-rusraut.

I made the change and now I'm back to the ModuleNotFound '_cffi_backend' error.

2024-04-22 13:30:00.125 Result: Failure Exception: ModuleNotFoundError: No module named '_cffi_backend' Stack: File "/azure-functions-host/workers/python/3.9/LINUX/X64/azure_functions_worker/dispatcher.py", line 541, in _handleinvocation_request call_result = await self._loop.run_in_executor( File "/usr/local/lib/python3.9/concurrent/futures/thread.py", line 58, in run result = self.fn(*self.args, self.kwargs) File "/azure-functions-host/workers/python/3.9/LINUX/X64/azure_functions_worker/dispatcher.py", line 821, in _run_sync_func return ExtensionManager.get_sync_invocation_wrapper(context, File "/azure-functions-host/workers/python/3.9/LINUX/X64/azure_functions_worker/extension.py", line 215, in _raw_invocation_wrapper result = function(args) File "/home/site/wwwroot/AzureFunctionOCILogs/main.py", line 46, in main stream_client = oci.streaming.StreamClient(config, service_endpoint=MessageEndpoint) File "/home/site/wwwroot/.python_packages/lib/site-packages/oci/streaming/stream_client.py", line 66, in init signer = Signer( File "/home/site/wwwroot/.python_packages/lib/site-packages/oci/signer.py", line 253, in init self.private_key = load_private_key(private_key_content, pass_phrase) File "/home/site/wwwroot/.python_packages/lib/site-packages/oci/signer.py", line 49, in load_private_key backend = default_backend() File "/home/site/wwwroot/.python_packages/lib/site-packages/cryptography/hazmat/backends/init.py", line 14, in default_backend from cryptography.hazmat.backends.openssl.backend import backend File "/home/site/wwwroot/.python_packages/lib/site-packages/cryptography/hazmat/backends/openssl/init__.py", line 6, in from cryptography.hazmat.backends.openssl.backend import backend File "/home/site/wwwroot/.python_packages/lib/site-packages/cryptography/hazmat/backends/openssl/backend.py", line 113, in from cryptography.hazmat.bindings.openssl import binding File "/home/site/wwwroot/.python_packages/lib/site-packages/cryptography/hazmat/bindings/openssl/binding.py", line 14, in from cryptography.hazmat.bindings._openssl import ffi, lib

[v-rusraut]

Hi @DavidT8777, For this solution supporting packages will be update before 14 Oct 2024, so till that time you can use python 3.8. Once packages will update, we will notify you. currently closing this issue. Thanks

[v-sudkharat]

Hey @DavidT8777, could you please check once with below package and let me know if error fixed: Select python 3.9 version and then updated below link in path of WEBSITE_RUN_FROM_PACKAGE -

https://github.com/Azure/Azure-Sentinel/raw/82fbb2afd404176623de5dd9133f72bf8d2a828e/Solutions/Oracle%20Cloud%20Infrastructure/Data%20Connectors/OCILogsConn.zip

[DavidT8777]

hi @v-sudkharat, aside from one error immediately after implementation, all further invocations of the function have been successful using the provided .zip and the python version set to 3.9.

[v-sudkharat]

Hey @DavidT8777, It would be great if you could share function app invocation logs with us, so we can check on that.

Thanks!

[DavidT8777]

@v-sudkharat will do... I didn't get a screen shot but pulled the information from the logs in the attached .txt file.

10265-Error After Additional Script and Python 3.9.txt 10265-Error After Additional Script and Python 3.9.txt

[v-sudkharat]

Thanks @DavidT8777 for sharing logs, Just want to know one more info from you, After updating 3.9 version in invocation tab its show as status Success right like below screenshot? and also logs are receiving into the workspace correct?-

[DavidT8777]

Hi @v-sudkharat, yes I've confirmed that we have current data in the custom log (OCI_Logs_CL) in the log analytics workspace. Invocations are all showing success.