search

Azure / azure-functions-docker

This repo contains the base Docker images for working with azure functions
MIT License
258 stars 117 forks source link

Not starting properly if using non-root dotnet image #1095

Closed klemen-df closed 6 days ago

klemen-df commented 3 months ago

I have this and it's working:

FROM mcr.microsoft.com/dotnet/sdk:6.0 AS builder
WORKDIR /build
COPY ./ ./
RUN dotnet publish --configuration Release --output /dist/
RUN dotnet test

FROM mcr.microsoft.com/azure-functions/dotnet:4
ENV AzureWebJobsScriptRoot=/home/site/wwwroot \
    ASPNETCORE_URLS=http://+:5000 \
    DOTNET_EnableDiagnostics=0
COPY --from=builder /dist/ /home/site/wwwroot
EXPOSE 5000

It's working and in the logs I can clearly see:

Host.Triggers.Warmup[0]
      Initializing Warmup Extension.
...
Host.Startup[0]
      Job host started
Hosting environment: Production
Content root path: /azure-functions-host
Now listening on: http://[::]:5000
Application started. Press Ctrl+C to shut down.
Host.General[337]
      Host lock lease acquired by instance ID '000000000000000000000000BC38EC15'.

Then I transform the image to a non-root:

FROM mcr.microsoft.com/dotnet/sdk:6.0 AS builder
WORKDIR /build
COPY ./ ./
RUN dotnet publish --configuration Release --output /dist/
RUN dotnet test

FROM mcr.microsoft.com/azure-functions/dotnet:4
ENV AzureWebJobsScriptRoot=/home/site/wwwroot \
    ASPNETCORE_URLS=http://+:5000 \
    DOTNET_EnableDiagnostics=0
COPY --from=builder /dist/ /home/site/wwwroot

RUN apt-get update && apt-get install -y procps
RUN groupadd nonroot -g 2000 && \
    useradd -r -M -s /sbin/nologin -g nonroot -c nonroot nonroot -u 1000
RUN chown -R nonroot:nonroot /azure-functions-host && \
        chown -R nonroot:nonroot /home/site/wwwroot 

USER nonroot
EXPOSE 5000

Then the only logs I see are this 4 lines:

Hosting environment: Production
Content root path: /azure-functions-host
Now listening on:
http://[::]:5000/
Application started. Press Ctrl+C to shut down.

Can't seem to find anything in the logs, no errors...don't know where to look anymore. Any ideas?

pragnagopa commented 1 week ago

Flagging for discussion with @vivekjilla @CooperLink

CooperLink commented 6 days ago

@klemen-df could you please help me by validating the state of this issue? I attempted to reproduce this locally but I was unsuccessful. For my local testing, i generated a dotnet project with an http trigger using func init --docker. Then I copied the two definitions that you have here and tweaked them slightly for my folder structure. I did not receive console logs from either image definition that you provided regardless of the user. I would like to add that you have correctly setup the non-root user for this app

When I added AzureFunctionsJobHost__Logging__Console__IsEnabled=true to the environment of the image regardless of the user I started to get the expected console logs. This worked for both my root and non-root image definition. This appsetting is added by default to dockerfiles for FunctionApps created as I created mine using func init.

If you are able. Could you please check if you are getting logs from the file definition that starts in root? I believe that you are not getting console logs from that image. Adding the environment variable above should resolve this problem for you . Closing issue will reopen if there are further questions