一切為了安全,所有的雲上資源如支援内網資源通路,則都可以加入虛拟網絡
問題描述
使用Azure Function處理Storage Account中Blob 新增,更新,删除等情況。Storage Account啟用虛拟網絡中的服務終結點(Service Endpoint)後,可以實作隻能從内網通路。同時,Azure Function也支援內建内網。并且可支援在虛拟網絡中被Storage Account所觸發。是以根據門戶中一步一步的操作,配置完Azure Function和Storage Account的Virtul Network後,發現Function無法啟動。在日志中發現問題是:
2021-06-30T10:56:00.895 [Error] An unhandled exception has occurred. Host is shutting down.
Microsoft.Azure.Storage.StorageException : This request is not authorized to perform this operation.
at async Microsoft.Azure.Storage.Core.Executor.Executor.ExecuteAsync[T](RESTCommand`1 cmd,IRetryPolicy policy,OperationContext operationContext,CancellationToken token)
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at async Microsoft.Azure.WebJobs.Extensions.Storage.TimeoutHandler.ExecuteWithTimeout[T](String operationName,String clientRequestId,IWebJobsExceptionHandler exceptionHandler,ILogger logger,CancellationToken cancellationToken,Func`1 operation) at C:\projects\azure-webjobs-sdk-rqm4t\src\Microsoft.Azure.WebJobs.Extensions.Storage\TimeoutHandler.cs : 56
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at async Microsoft.Azure.WebJobs.Host.Queues.Listeners.QueueListener.ExecuteAsync(CancellationToken cancellationToken) at C:\projects\azure-webjobs-sdk-rqm4t\src\Microsoft.Azure.WebJobs.Extensions.Storage\Queues\Listeners\QueueListener.cs : 201
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at async Microsoft.Azure.WebJobs.Host.Timers.TaskSeriesTimer.RunAsync(CancellationToken cancellationToken) at C:\projects\azure-webjobs-sdk-rqm4t\src\Microsoft.Azure.WebJobs.Host\Timers\TaskSeriesTimer.cs : 147
2021-06-30T10:56:00.921 [Information] Stopping JobHost
2021-06-30T10:56:00.921 [Information] Stopping the listener 'Microsoft.Azure.WebJobs.Host.Listeners.CompositeListener' for function 'BlobTrigger1'
2021-06-30T10:56:00.942 [Information] Stopped the listener 'Microsoft.Azure.WebJobs.Host.Listeners.CompositeListener' for function 'BlobTrigger1'
2021-06-30T10:56:00.943 [Information] Job host stopped
(日志可通過進階工具Kudu擷取:Kudu位址為:https://<your function app name>.scm.chinacloudsites.cn/DebugConsole 日志路徑為:D:\home\LogFiles\Application\Functions\Host\xxxxxxxx.log)
問題分析
根據日志發現了:
1) Function Host遇見了異常,導緻它被關閉.
2)異常的原因是因為通路Storage沒有權限 (Microsoft.Azure.Storage.StorageException : This request is not authorized to perform this operation.)
那麼問題根源就出現在Azure Function通路Stroage時,走的是公網通路,而公網的通路在Storage中式拒絕的。是以要修改Funciton的配置,讓其通過内網的形式通路Storage。在檢視官方說明文檔後,有發現兩個非常重要的配置:
- WEBSITE_VNET_ROUTE_ALL:設定為1。它會将Azure Function的所有出站調用發送到 VNet。
- WEBSITE_DNS_SERVER:預設值為168.63.129.16。用與虛拟網絡內建時,它将使用與虛拟網絡相同的 DNS 伺服器。 函數應用需要此設定才能與 Azure DNS 專用區域配合使用。 此設定和 WEBSITE_VNET_ROUTE_ALL 會将應用中的所有出站調用發送到虛拟網絡。
問題解決
在Azure Funciton的設定頁面,添加WEBSITE_VNET_ROUTE_ALL和WEBSITE_DNS_SERVER兩個參數,配置如下:
修改完成後,再次檢視Function Host的啟動日志,就可見 “Loading functions metadata” 和 “1 functions loaded”等消息。這就表明,Function Host啟動成功。
2021-06-30T10:57:00.006 [Information] Initializing Warmup Extension.
2021-06-30T10:57:00.069 [Information] Initializing Host. OperationId: '93cf4ed0-d598-4308-9241-dca5ba6a55ee'.
2021-06-30T10:57:00.073 [Information] Host initialization: ConsecutiveErrors=0, StartupCount=1, OperationId=93cf4ed0-d598-4308-9241-dca5ba6a55ee
2021-06-30T10:57:00.106 [Information] LoggerFilterOptions
{
"MinLevel": "None",
"Rules": [
{
"ProviderName": null,
"CategoryName": null,
"LogLevel": null,
"Filter": "<AddFilter>b__0"
},
{
"ProviderName": "Microsoft.Azure.WebJobs.Script.WebHost.Diagnostics.SystemLoggerProvider",
"CategoryName": null,
"LogLevel": "None",
"Filter": null
},
{
"ProviderName": "Microsoft.Azure.WebJobs.Script.WebHost.Diagnostics.SystemLoggerProvider",
"CategoryName": null,
"LogLevel": null,
"Filter": "<AddFilter>b__0"
}
]
}
2021-06-30T10:57:00.107 [Information] FunctionResultAggregatorOptions
{
"BatchSize": 1000,
"FlushTimeout": "00:00:30",
"IsEnabled": true
}
2021-06-30T10:57:00.107 [Information] SingletonOptions
{
"LockPeriod": "00:00:15",
"ListenerLockPeriod": "00:00:15",
"LockAcquisitionTimeout": "10675199.02:48:05.4775807",
"LockAcquisitionPollingInterval": "00:00:05",
"ListenerLockRecoveryPollingInterval": "00:01:00"
}
2021-06-30T10:57:00.107 [Information] QueuesOptions
{
"BatchSize": 16,
"NewBatchThreshold": 8,
"MaxPollingInterval": "00:00:02",
"MaxDequeueCount": 5,
"VisibilityTimeout": "00:00:00"
}
2021-06-30T10:57:00.107 [Information] BlobsOptions
{
"CentralizedPoisonQueue": false
}
2021-06-30T10:57:00.108 [Information] Starting JobHost
2021-06-30T10:57:00.110 [Information] Starting Host (HostId=lbfunctionforvnet01, InstanceId=05efd41a-013d-428c-b839-fb4b69127366, Version=3.0.15733.0, ProcessId=5480, AppDomainId=1, InDebugMode=True, InDiagnosticMode=False, FunctionsExtensionVersion=~3)
2021-06-30T10:57:00.121 [Information] Loading functions metadata
2021-06-30T10:57:00.137 [Information] 1 functions loaded
2021-06-30T10:57:01.348 [Information] Generating 1 job function(s)
2021-06-30T10:57:01.373 [Information] Found the following functions:
Host.Functions.BlobTrigger1 最後在Storage Blob中上傳檔案進行測試,Function能成功被觸發及擷取到正确的Blob資訊
2021-06-30T11:02:22.273 [Information] Executing 'Functions.BlobTrigger1' (Reason='New blob detected: samples-workitems/local_error.log', Id=79bc13b9-5aed-487f-b5de-02bb4ff7b8c6)
2021-06-30T11:02:22.276 [Information] Trigger Details: MessageId: f6dd9893-f6c6-41af-a469-f6b2e21e09bc, DequeueCount: 1, InsertionTime: 2021-06-30T11:02:22.000+00:00, BlobCreated: 2021-06-30T11:02:13.000+00:00, BlobLastModified: 2021-06-30T11:02:13.000+00:00
2021-06-30T11:02:22.283 [Information] C# Blob trigger function Processed blob
Name:local_error.log
Size: 420588 Bytes
2021-06-30T11:02:22.291 [Information] Executed 'Functions.BlobTrigger1' (Succeeded, Id=79bc13b9-5aed-487f-b5de-02bb4ff7b8c6, Duration=37ms) 參考資料
具有虛拟網絡觸發器的進階計劃 :https://docs.azure.cn/zh-cn/azure-functions/functions-networking-options#premium-plan-with-virtual-network-triggers
配置函數應用設定:https://docs.azure.cn/zh-cn/azure-functions/functions-create-vnet#configure-your-function-app-settings
當在複雜的環境中面臨問題,格物之道需:濁而靜之徐清,安以動之徐生。 雲中,恰是如此!
![【Azure 應用服務】Azure Function 不能被觸發[圖]](data:image/gif;base64,R0lGODlhAQABAIAAAP///wAAACwAAAAAAQABAAACAkQBADs=)