Deploy a 1Password Connect server on Azure

I am trying to deploy a connect server on Azure and keep getting the log message

{"log_message":"(E) Server: (unable to get credentials and initialize API, retrying in 30s), Wrapped: (failed to FindCredentialsUniqueKey), Wrapped: (failed to loadCredentialsFile), Wrapped: (LoadLocalAuthV2 failed to credentialsDataFromDisk), open /home/opuser/.op/1password-credentials.json: no such file or directory","timestamp":"2021-12-03T16:43:37.100099966Z","level":1}

I have tried using file storage (blob and file) which only works at a directory level and then I get a "this is a directory not a file " error.

I have tried various full paths on the server and nothing seems to work. The error seems to being able to correctly point to the credentials file in the docker-compose.yaml

please help


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Referrer: forum-search:azure

Comments

  • David_agDavid_ag

    Team Member

    Hey @bretthenning -

    Sorry to hear this is causing trouble for you. Could you elaborate on what you're using for the file storage? Are you talking about mounting Azure Storage as the volume that contains your 1Password-credentials.json file?

    If you don't feel comfortable disclosing this in the forum, you can also reach out to our support team ([email protected]) and we'll discuss it there

  • Hi @David_ag ,

    Here is my docker compose:

    version: "3.4"

    services:
    op-connect-api:
    image: 1password/connect-api:latest
    ports:
    - "8080:8080"
    volumes:
    - "D:/home/site/wwwroot/1password-credentials.json:/home/opuser/.op/1password-credentials.json"
    - "data:/home/opuser/.op/data"
    op-connect-sync:
    image: 1password/connect-sync:latest
    ports:
    - "8081:8080"
    volumes:
    - "D:/home/site/wwwroot/1password-credentials.json:/home/opuser/.op/1password-credentials.json"
    - "data:/home/opuser/.op/data"

    volumes:
    data:

    I can get a heartbeat but when I try running anything with the bearer token I get the following message:
    {
    "status": 500,
    "message": "failed to initiate, review service logs for details"
    }

    The log states:
    {"log_message":"(E) Server: (unable to get credentials and initialize API, retrying in 30s), Wrapped: (failed to FindCredentialsUniqueKey), Wrapped: (failed to loadCredentialsFile), Wrapped: (LoadLocalAuthV2 failed to credentialsDataFromDisk), open /home/opuser/.op/1password-credentials.json: no such file or directory","timestamp":"2021-12-04T22:08:26.983980954Z","level":1}

    I see that the file is not being found. I have tried several variations but, as of yet, have had no successful. I have also tried using a storage mount on Azure but this is at a directory level and the returned error state: found directory not file.

    Any advice would be most appreciated.

  • Joris_1PJoris_1P

    Team Member

    Hi @bretthenning,

    Thank you for the extra info. The docker-compose.yml looks good at first glance.

    Maybe some extra info could help find out what the issue is.

    Running this can tell us whether the file is correctly mounted:

    docker run -v "D:/home/site/wwwroot/1password-credentials.json:/home/opuser/.op/1password-credentials.json" --entrypoint "" 1password/connect-api ls -al /home/opuser/.op/
    

    Could you share the output of that command?

    Also, could you tell me which Azure service you are using to run this on? If it's Azure VM: which OS are you using? This could help me trying to reproduce this issue locally.

  • I am running a Web App for Containers.

    System info
    System up time: 2.19:44:13.6900000
    OS version: Unix 5.4.0.1056
    64 bit system: True
    64 bit process: True
    Processor count: 1
    CLR version: 3.1.20

    Unfortunately, I am not sure where to run the command. SSH will not work for me. If you have any insights I would be grateful. Much access is denied behind the Azure services.

    The documentation states that you can use storage containers as a way to mount persistent data into docker instances but this is only allowed at a directory level. I don't seem to be able to make it work.

  • Hi,

    I wasn't able to get this working on Azure Web App for Containers and instead use a Linux VM.

    If this is useful to anyone else.

    I used the docker compose and then created a php api that sends curl requests to the localhost:8080 and returns the required data that way.

  • Joris_1PJoris_1P

    Team Member

    I just did some experimenting with deploying to Azure Web App for Containers. And there are indeed a few caveats.

    These are the steps I followed:
    1. Create a Web App for the following docker-compose.yml (you can change the compose file for an existing app in Deployment Center):

    version: '3.4'
    services:
      op-connect-api:
        image: '1password/connect-api:latest'
        ports:
          - '8080:8080'
        volumes:
          - ${WEBAPP_STORAGE_HOME}/op/1password-credentials.json:/home/opuser/.op/1password-credentials.json
          - 'data:/home/opuser/.op/data'
      op-connect-sync:
        image: '1password/connect-sync:latest'
        ports:
          - '8081:8080'
        volumes:
          - ${WEBAPP_STORAGE_HOME}/op/1password-credentials.json:/home/opuser/.op/1password-credentials.json
          - 'data:/home/opuser/.op/data'
    volumes:
      data:
    
    1. Go to the details of the App Service. This should look something like this:
    2. In Configuration, change WEBSITES_ENABLE_APP_SERVICE_STORAGE to true (or create it if it does not yet exist).
    3. Upload the 1password-credentials.json to the op/ directory by using the credentials displayed in Deployment Center -> FTP Credentials.
    4. Go to Overview and click Restart.
    5. Make a request to the app with a valid token (looking at the original post, it seems like you already got that right).

    For me, this resulted in a working Connect instance. Let me know if it also works for you. Some steps were a somewhat concise, don't hesitate to ask for more details if that helps.

  • This worked perfectly! Thank you so much :)

  • ag_anaag_ana 1Password Alumni

    On behalf of Joris, you are welcome @bretthenning! If you have any other questions, please feel free to reach out anytime.

    Have a wonderful day :)

Leave a Comment

BoldItalicStrikethroughOrdered listUnordered list
Emoji
Image
Align leftAlign centerAlign rightToggle HTML viewToggle full pageToggle lights
Drop image/file