Category Archives: Azure Container Registry

Creating SQL images in Azure with ACR Build – Part Two

~

EDIT โ€“ 2018-10 โ€“ ACR Build is now known as ACR Tasks

In Part One I detailed how we can use ACR Build to push SQL Server docker images to the Azure Container Registry.

But that all seems a bit manual, doesn’t it?

One of the cool things about ACR build is that we can hook it into GitHub so when we commit to a repository it will build us a new image (very, very cool ๐Ÿ™‚ ). Let’s run through how to set that up now…

There’s a couple of pre-reqs required to follow the code here. The first thing to do is fork and clone the following repository: –
https://github.com/dbafromthecold/AzureContainerRegistryBuild

The next thing to do is create a Personal Access Token (PAT) in GitHub.
Go to https://github.com/settings/tokens and select the following options for the new PAT: –

Scroll to the bottom of the page and hit Generate Token (make sure to copy the token)

Ok, now we’re set up to create a build task in ACR. I’m going to continue on from my previous post so will log into Azure: –

az login

 

N.B. – In Part One I used a powershell console however in this post I’ve switch to Bash for Windows. This is because if you try to create a build task in powershell, it’ll error out: –

I’ve played around a bit but couldn’t get it to work, so I cut my losses and jumped into bash. Probably shouldn’t be running the Azure-CLI commands in a powershell window but I needed to previously as I had to build a docker image locally, we don’t need to do that now.

 

Before we do anything else let’s just verify that we can see the existing repository created in Part One and the tagged image in it: –

az acr repository show-tags --name TestContainerRegistry01 --repository testimage<a

Great! Now let’s create the build task: –

az acr build-task create \
    --registry TestContainerRegistry01 \
    --name buildsqlimage \
    --image testimage:{{.Build.ID}} \
    --context https://github.com/<your-github-username>/AzureContainerRegistryBuild \
    --branch master \
    --git-access-token YOUR_PERSONAL_ACCESS_TOKEN


N.B. – The {{.Build.ID}} will generate a tag for the new image created within the repository (based on the number created by ACR Build)

Fantastic, one build task created! How easy was that??

Let’s test by running: –

az acr build-task run --registry TestContainerRegistry01 --name buildsqlimage

And the progress of the build task can be monitored: –

az acr build-task logs --registry TestContainerRegistry01

After a while (be patient ๐Ÿ™‚ ) a new tag will be in the repository: –

az acr repository show-tags --name TestContainerRegistry01 --repository testimage

Cool! Now let’s commit to the repository in GitHub and see if a new image is created. So navigate to where you cloned the repository: –

cd AzureContainerRegistryBuild

What we’re going to do is drop an environment variable into the dockerfile to change the port that SQL is listening on.

nano Dockerfile

Drop the following into the dockerfile:-

ENV MSSQL_TCP_PORT=15666

Now commit and push!

git add .
git commit -m "Changed the port for SQL Server"
git push

And then a new tag will be in the repository!

az acr repository show-tags --name TestContainerRegistry01 --repository testimage

Awesome! How cool is that?!

To make sure that it’s worked, let’s run an Azure Container Instance (using the credentials stored in the Key Vault created in Part One): –

az container create \
    --resource-group containers1 \
    --image testcontainerregistry01.azurecr.io/testimage:aa4 \
    --registry-username $(az keyvault secret show \
                        --vault-name aptestkeyvault01 \
                        --name testcontainerregistry-pull-usr \
                        --query value --output tsv) \
    --registry-password $(az keyvault secret show \
                        --vault-name aptestkeyvault01 \
                        --name testcontainerregistry-pull-pwd \
                        --query value --output tsv) \
    --name testcontainer2 \
    --cpu 2 --memory 4 \
    --environment-variables SA_PASSWORD=Testing1122 \
    --ip-address public \
    --ports 15666

N.B. – Make sure the image tag is correct!

Confirm that the ACI is up and running: –

az container show --name testcontainer2 --resource-group containers1

And BOOM! Connect to SQL Server: –

How. Cool. Is. That? Automatically creating SQL images in ACR with just a commit to a Github repo!

Thanks for reading!

Creating SQL images in Azure with ACR Build – Part One

~

EDIT – 2018-10 – ACR Build is now known as ACR Tasks

Whenever I’ve pushed images up to an Azure Container Registry I’ve been building them locally (using Docker for Windows) and then manually pushing them up. However, I don’t need to do this. What I can do instead is use the Azure Container Registry Build service.

Let’s have a look at how it works.

To follow along with the code here you will need the Azure-CLI installed and Docker for Windows running

First things first, log into azure: –

az login

Then create a resource group: –

az group create --resource-group containers1 --location eastus

Create a registry (the ACR): –

az acr create --resource-group containers1 --name TestContainerRegistry01 --sku Standard --location eastus

And then login to the registry: –

az acr login --name TestContainerRegistry01

Now create a directory on your local machine to hold the repo that we’re going to use to build the image: –

mkdir c:\git\dbafromthecold
cd c:\git\dbafromthecold

And then pull the repo down: –

git clone https://github.com/dbafromthecold/AzureContainerRegistryBuild.git


The dockerfile within this repo is pretty simple. All it’s going to do is build us an image that when run will have a database named TestDatabase already there. For more info on building images from a dockerfile, check out my blog here

Now navigate to the repo: –

cd c:\git\dbafromthecold\AzureContainerRegistryBuild

Great! We’re ready to build the image and push it to the Azure Container Registry.
To do this, run: –

az acr build --registry TestContainerRegistry01 --image testimage:latest .

Hmm…that does look like it hasn’t worked but trust me…it has (just wait a few minutes) ๐Ÿ™‚

To verify that the new repository has been created: –

az acr repository list --name TestContainerRegistry01 --output table

And to view the tagged image within it: –

az acr repository show-tags --name TestContainerRegistry01 --repository testimage

Awesome! Our custom image is in our ACR!

But has it worked? Has it really? Oh ye of little faith…

I guess the only way to find out is to run a container! So let’s run a Azure Container Instance from our new image.

I’ve already blogged about creating ACIs here so I’m just going to run through this quickly but don’t worry, everything you need to deploy an ACI is in the following code.

In order for the ACI to pull the image from our new ACR we need to store credentials that can be used to grant access. So first, create a keyvault: –

az keyvault create --resource-group containers1 --name aptestkeyvault01

Once the vault is created, we need to create a service principal with read permissions to the ACR and store its credentials in the vault: โ€“

az keyvault secret set `
  --vault-name aptestkeyvault01 `
  --name testcontainerregistry-pull-pwd `
  --value $(az ad sp create-for-rbac `
  			--name testcontainerregistry-pull `
  			--scopes $(az acr show --name testcontainerregistry01 --query id --output tsv) `
  			--role reader `
  			--query password `
  			--output tsv)

Then we grab the service principalโ€™s appId which will be the username passed to the Azure Container Registry: โ€“

az keyvault secret set `
  --vault-name aptestkeyvault01 `
  --name testcontainerregistry-pull-usr `
  --value $(az ad sp show `
  		--id http://testcontainerregistry-pull --query appId --output tsv)

Ok, now we can run a Azure Container Instance from our custom image!

az container create `
    --resource-group containers1 `
    --image testcontainerregistry01.azurecr.io/testimage:latest `
	--registry-username $(az keyvault secret show `
						--vault-name aptestkeyvault01 `
						--name testcontainerregistry-pull-usr `
						--query value --output tsv) `
	--registry-password $(az keyvault secret show `
						--vault-name aptestkeyvault01 `
						--name testcontainerregistry-pull-pwd `
						--query value --output tsv) `
	--name testcontainer1 `
	--cpu 2 --memory 4 `
	--environment-variables SA_PASSWORD=Testing1122 `
	--ip-address public `
	--ports 1433

Ok, we need to wait for the ACI to spin up. We can monitor for this by running: –

az container show --name testcontainer1 --resource-group containers1

Once the above command comes back with a status of Succeeded and an IP address we can drop that into SSMS: –

And boom! We’ve connected to an ACI created from our custom image built using Azure Container Registry Build!

So that’s an intro into ACR Build. There’s plenty more that we can do with it and I’ll explore that in future posts.

Thanks for reading!