Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

DOCKER_REGISTRY_SERVER_URL re-applied in every run #22379

Closed
1 task done
SebastianBalle opened this issue Jul 5, 2023 · 17 comments · Fixed by #23303 or #24221
Closed
1 task done

DOCKER_REGISTRY_SERVER_URL re-applied in every run #22379

SebastianBalle opened this issue Jul 5, 2023 · 17 comments · Fixed by #23303 or #24221

Comments

@SebastianBalle
Copy link

Is there an existing issue for this?

  • I have searched the existing issues

Community Note

  • Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
  • Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
  • If you are interested in working on this issue or have submitted a pull request, please leave a comment

Terraform Version

1.5.1

AzureRM Provider Version

3.63.0

Affected Resource(s)/Data Source(s)

azurerm_linux_web_app

Terraform Configuration Files

# New config
resource "azurerm_linux_web_app" "example" {

  name                = "example"
  resource_group_name = azurerm_resource_group.example.name
  location            = azurerm_resource_group.example.location
  service_plan_id = azurerm_service_plan.example.id

  site_config {
    application_stack {
      docker_image_name = "${local.docker_name}:${local.docker_tag}"
    }
  }
}

Debug Output/Panic Output

resource "azurerm_linux_web_app" "example" {
      ~ app_settings                      = {
          + "DOCKER_REGISTRY_SERVER_URL"               = "example.azurecr.io"
            # (XX unchanged elements hidden)
        }
        id                                = "example-id"
        name                              = "example"
        # (XX unchanged attributes hidden)

        # (X unchanged blocks hidden)
    }

Expected Behaviour

I would expect the DOCKER_REGISTRY_SERVER_URL to be saved correctly in the state so it does not re-apply the change to the App Service over and over again.

Recently switched from old config

resource "azurerm_linux_web_app" "example" {

  name                = "example"
  resource_group_name = azurerm_resource_group.example.name
  location            = azurerm_resource_group.example.location
  service_plan_id     = azurerm_service_plan.example.id

  site_config {
    application_stack {
      docker_image     = local.docker_name
      docker_image_tag = local.docker_tag
    }
  }
}

Actual Behaviour

Terraform applies the application setting even if it already exists.

Steps to Reproduce

terraform apply

Important Factoids

No response

References

No response

@SebastianBalle SebastianBalle changed the title DOCKER_REGISTRY_SERVER_URL not saved to state DOCKER_REGISTRY_SERVER_URL reapplied in every run Jul 5, 2023
@SebastianBalle SebastianBalle changed the title DOCKER_REGISTRY_SERVER_URL reapplied in every run DOCKER_REGISTRY_SERVER_URL re-applied in every run Jul 5, 2023
@cleverer
Copy link

cleverer commented Jul 5, 2023

I seem to have the same/a similar problem: #22003 (comment)

@xiaxyi
Copy link
Contributor

xiaxyi commented Jul 7, 2023

Thanks @SebastianBalle for raising this issue. Can you try putting the docker registry URL in app_setting like below code and try apply again?

 app_settings = {
    "DOCKER_REGISTRY_SERVER_URL"          = "https://index.docker.io"
    "DOCKER_REGISTRY_SERVER_USERNAME"     = ""
    "DOCKER_REGISTRY_SERVER_PASSWORD"     = ""
    "WEBSITES_ENABLE_APP_SERVICE_STORAGE" = "false"

@SebastianBalle
Copy link
Author

@xiaxyi

We are using Azure Container Registry for storing our images so or configuration looks as following:

app_settings = {
  "DOCKER_REGISTRY_SERVER_URL" = "${azurerm_container_registry.acr.name}.azurecr.io"
  "DOCKER_REGISTRY_SERVER_USERNAME" = [Not configured using Terraform]
  "DOCKER_REGISTRY_SERVER_PASSWORD" = [Not configured using Terraform]
 }

I tried adding the HTTPS protocol in from of the URL for ACR but this resulted in the same outcome.

Does the setting "WEBSITES_ENABLE_APP_SERVICE_STORAGE" have anything to do with this?
We will have to ignore this using:

lifecycle {
    ignore_changes = [
      app_settings["DOCKER_REGISTRY_SERVER_URL"],
    ]
  }

until #22484 has been merged and released.

@xiaxyi
Copy link
Contributor

xiaxyi commented Jul 31, 2023

@SebastianBalle Thanks for the feedbacks, I don't think this behavior is relate to the WEBSITES_ENABLE_APP_SERVICE_STORAGE. Did you go to the azure portal to see if the DOCKER_REGISTRY_SERVER_URL is set to app_setting after linux web app was created? If there wasn't any key-value pair in the app_setting, then I think the docker registry is not being set correctly and it should be fixed in the above-mentioned PR.

@SebastianBalle
Copy link
Author

Yes the DOCKER_REGISTRY_SERVER_URL setting was set to what initially specified. The setting works without the protocol specified as well.

@xiaxyi
Copy link
Contributor

xiaxyi commented Aug 1, 2023

@SebastianBalle so whatever value changed to the DOCKER_REGISTRY_SERVER_URL in TF config won't be reflected to Azure portal?

@SebastianBalle
Copy link
Author

@xiaxyi The configuration is changed in Azure Portal. The functionality remained the same with or without the HTTPS protocol.

@oletolshaveics
Copy link

I just tried updating to the recently released 3.74 and removed our workwaround and it worked exactly as hoped. Thanks a lot for fixing this!

@cleverer
Copy link

cleverer commented Sep 22, 2023

Didn't work for me unfortunately with 3.74. As soon as app_settings are changed, the docker settings are gone again and break the setup.

@xiaxyi
Copy link
Contributor

xiaxyi commented Oct 10, 2023

Hi @cleverer , Thanks for the feedback, can you let me know what setting was changed in the app_setting block?

@cleverer
Copy link

cleverer commented Oct 12, 2023

Hi @cleverer , Thanks for the feedback, can you let me know what setting was changed in the app_setting block?

It doesn't matter, you can change any app settings. I created a minimal reproduction config: https://github.com/Contactify-AG/terraform-bug-reproduction

@meaboutsoftware
Copy link

We observe similar behaviour as @cleverer - one change in app settings and docker settings are gone

@derSchtefan
Copy link

We have a similar issue.
DOCKER_REGISTRY_SERVER_URL
DOCKER_REGISTRY_SERVER_PASSWORD
DOCKER_REGISTRY_SERVER_USERNAME
are always detected as "missing" and re-applied, even though the SAME entries are already present.

@antgustech
Copy link

antgustech commented Feb 12, 2024

Same issue here.

Always says:

  ~ app_settings                                   = {
      + "DOCKER_REGISTRY_SERVER_PASSWORD"                                                        = "[MASKED]"
      + "DOCKER_REGISTRY_SERVER_USERNAME"                                                        = "registry"

Plan: 0 to add, 2 to change, 0 to destroy.

I apply and then nothing is changed as it should.

@aadamsx
Copy link

aadamsx commented Feb 19, 2024

Same issue

always tries to reapply:

  ~ app_settings                                   = {
      + "DOCKER_REGISTRY_SERVER_PASSWORD"                                                        = "[MASKED]"
      + "DOCKER_REGISTRY_SERVER_USERNAME"                                                        = "registry"

Plan: 0 to add, 2 to change, 0 to destroy.

I apply and then nothing is changed as it should.

then run

❯ az webapp config appsettings list --name <web app> --resource-group <resource group>

[
  {
    "name": "DOCKER_CUSTOM_IMAGE_NAME",
    "slotSetting": false,
    "value": "registryname.azurecr.io/containername:latest"
  },
  {
    "name": "DOCKER_REGISTRY_SERVER_PASSWORD",
    "slotSetting": false,
    "value": null <== always null, no matter how many times I apply
  },
  {
    "name": "DOCKER_REGISTRY_SERVER_URL",
    "slotSetting": false,
    "value": "https://registryname.azurecr.io"
  },
  {
    "name": "DOCKER_REGISTRY_SERVER_USERNAME",
    "slotSetting": false,
    "value": "registryusername"
  },
  {
    "name": "WEBSITES_ENABLE_APP_SERVICE_STORAGE",
    "slotSetting": false,
    "value": "false"
  },
  {
    "name": "WEBSITES_PORT",
    "slotSetting": false,
    "value": "80"
  },
  {
    "name": "WEBSITE_HEALTHCHECK_MAXPINGFAILURES",
    "slotSetting": false,
    "value": "0"
  }
]

@datton94
Copy link

Still encounter the same error in 3.95.0 provider

Copy link

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.
If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Apr 19, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.