Implementing Linux Container specialization

Author: mathewc

src/WebJobs.Script.WebHost/Management/InstanceManager.cs

@@ -7,6 +7,7 @@
 using System.IO.Compression;
 using System.Net.Http;
 using System.Threading.Tasks;
+using Microsoft.Azure.WebJobs.Script.Config;
 using Microsoft.Azure.WebJobs.Script.WebHost.Models;
 using Microsoft.Extensions.Logging;
 
@@ -19,17 +20,24 @@ public class InstanceManager : IInstanceManager
 
         private readonly WebHostSettings _webHostSettings;
         private readonly ILogger _logger;
+        private readonly ScriptSettingsManager _settingsManager;
         private readonly HttpClient _client;
 
-        public InstanceManager(WebHostSettings webHostSettings, ILoggerFactory loggerFactory, HttpClient client)
+        public InstanceManager(ScriptSettingsManager settingsManager, WebHostSettings webHostSettings, ILoggerFactory loggerFactory, HttpClient client)
         {
+            _settingsManager = settingsManager;
             _webHostSettings = webHostSettings;
             _logger = loggerFactory.CreateLogger(nameof(InstanceManager));
             _client = client;
         }
 
         public bool StartAssignment(HostAssignmentContext assignmentContext)
         {
+            if (!WebScriptHostManager.InStandbyMode)
+            {
+                return false;
+            }
+
             if (_assignmentContext == null)
             {
                 lock (_assignmentLock)
@@ -57,11 +65,10 @@ private async Task Specialize(HostAssignmentContext assignmentContext)
         {
             try
             {
-                // download zip
                 var zip = assignmentContext.ZipUrl;
-
                 if (!string.IsNullOrEmpty(zip))
                 {
+                    // download zip and extract
                     var filePath = Path.GetTempFileName();
 
                     await DownloadAsync(new Uri(zip), filePath);
@@ -75,7 +82,9 @@ private async Task Specialize(HostAssignmentContext assignmentContext)
                     assignmentContext.ApplyAppSettings();
                 }
 
-                // TODO: specialize
+                // set flags which will trigger specialization
+                _settingsManager.SetSetting(EnvironmentSettingNames.AzureWebsitePlaceholderMode, "0");
+                _settingsManager.SetSetting(EnvironmentSettingNames.AzureWebsiteContainerReady, "1");
             }
             catch (Exception ex)
             {

src/WebJobs.Script.WebHost/Models/EncryptedHostAssignmentContext.cs

@@ -12,10 +12,20 @@ public class EncryptedHostAssignmentContext
         [JsonProperty("encryptedContext")]
         public string EncryptedContext { get; set; }
 
+        public static EncryptedHostAssignmentContext Create(HostAssignmentContext context, string key)
+        {
+            string json = JsonConvert.SerializeObject(context);
+            var encryptionKey = Convert.FromBase64String(key);
+            string encrypted = SimpleWebTokenHelper.Encrypt(json, encryptionKey);
+
+            return new EncryptedHostAssignmentContext { EncryptedContext = encrypted };
+        }
+
         public HostAssignmentContext Decrypt(string key)
         {
             var encryptionKey = Convert.FromBase64String(key);
             var decrypted = SimpleWebTokenHelper.Decrypt(encryptionKey, EncryptedContext);
+
             return JsonConvert.DeserializeObject<HostAssignmentContext>(decrypted);
         }
     }

src/WebJobs.Script.WebHost/Security/SimpleWebTokenHelper.cs

@@ -21,9 +21,11 @@ public static class SimpleWebTokenHelper
         /// <returns>a SWT signed by this app</returns>
         public static string CreateToken(DateTime validUntil) => Encrypt($"exp={validUntil.Ticks}");
 
-        internal static string Encrypt(string value)
+        internal static string Encrypt(string value, byte[] key = null)
         {
-            using (var aes = new AesManaged { Key = GetWebSiteAuthEncryptionKey() })
+            key = key ?? GetWebSiteAuthEncryptionKey();
+
+            using (var aes = new AesManaged { Key = key })
             {
                 // IV is always generated for the key every time
                 aes.GenerateIV();

src/WebJobs.Script.WebHost/StandbyManager.cs

@@ -36,9 +36,8 @@ public static async Task<HttpResponseMessage> WarmUp(HttpRequest request, WebScr
 
         public static bool IsWarmUpRequest(HttpRequest request)
         {
-            return ScriptSettingsManager.Instance.IsAppServiceEnvironment &&
-                WebScriptHostManager.InStandbyMode &&
-                request.IsAntaresInternalRequest() &&
+            return WebScriptHostManager.InStandbyMode &&
+                ((ScriptSettingsManager.Instance.IsAppServiceEnvironment && request.IsAntaresInternalRequest()) || ScriptSettingsManager.Instance.IsLinuxContainerEnvironment) &&
                 (request.Path.StartsWithSegments(new PathString($"/api/{WarmUpFunctionName}")) ||
                 request.Path.StartsWithSegments(new PathString($"/api/{WarmUpAlternateRoute}")));
         }

src/WebJobs.Script.WebHost/Startup.cs

@@ -4,6 +4,7 @@
 using System;
 using Microsoft.AspNetCore.Builder;
 using Microsoft.AspNetCore.Hosting;
+using Microsoft.Azure.WebJobs.Script.Config;
 using Microsoft.Extensions.Configuration;
 using Microsoft.Extensions.DependencyInjection;
 using Microsoft.Extensions.Logging;
@@ -15,6 +16,12 @@ public class Startup
         public Startup(IConfiguration configuration)
         {
             Configuration = configuration;
+
+            if (ScriptSettingsManager.Instance.IsLinuxContainerEnvironment)
+            {
+                // Linux containers always start out in placeholder mode
+                ScriptSettingsManager.Instance.SetSetting(EnvironmentSettingNames.AzureWebsitePlaceholderMode, "1");
+            }
         }
 
         public IConfiguration Configuration { get; }

test/WebJobs.Script.Tests.Integration/Host/StandbyManagerTests.cs

@@ -7,14 +7,18 @@
 using System.Linq;
 using System.Net;
 using System.Net.Http;
+using System.Text;
 using System.Threading.Tasks;
 using System.Web.Http;
 using Microsoft.AspNetCore.TestHost;
 using Microsoft.Azure.WebJobs.Script.Config;
 using Microsoft.Azure.WebJobs.Script.WebHost;
+using Microsoft.Azure.WebJobs.Script.WebHost.Authentication;
+using Microsoft.Azure.WebJobs.Script.WebHost.Models;
 using Microsoft.Extensions.DependencyInjection;
 using Microsoft.Extensions.Logging;
 using Microsoft.WebJobs.Script.Tests;
+using Newtonsoft.Json;
 using Xunit;
 
 namespace Microsoft.Azure.WebJobs.Script.Tests
@@ -42,6 +46,10 @@ public void IsWarmUpRequest_ReturnsExpectedValue()
             };
             using (var env = new TestScopedEnvironmentVariable(vars))
             {
+                // in this test we're forcing a transition from non-placeholder mode to placeholder mode
+                // which can't happen in the wild, so we force a reset here
+                WebScriptHostManager.ResetStandbyMode();
+
                 _settingsManager.SetSetting(EnvironmentSettingNames.AzureWebsitePlaceholderMode, "1");
                 Assert.False(StandbyManager.IsWarmUpRequest(request));
 
@@ -58,6 +66,24 @@ public void IsWarmUpRequest_ReturnsExpectedValue()
                 request = HttpTestHelpers.CreateHttpRequest("POST", "http://azure.com/api/foo");
                 Assert.False(StandbyManager.IsWarmUpRequest(request));
             }
+
+            vars = new Dictionary<string, string>
+            {
+                { EnvironmentSettingNames.AzureWebsitePlaceholderMode, "0" },
+                { EnvironmentSettingNames.AzureWebsiteInstanceId, null }
+            };
+            using (var env = new TestScopedEnvironmentVariable(vars))
+            {
+                WebScriptHostManager.ResetStandbyMode();
+
+                _settingsManager.SetSetting(EnvironmentSettingNames.AzureWebsitePlaceholderMode, "1");
+                Assert.False(StandbyManager.IsWarmUpRequest(request));
+
+                request = HttpTestHelpers.CreateHttpRequest("POST", "http://azure.com/api/warmup");
+                _settingsManager.SetSetting(EnvironmentSettingNames.ContainerName, "TestContainer");
+                Assert.True(_settingsManager.IsLinuxContainerEnvironment);
+                Assert.True(StandbyManager.IsWarmUpRequest(request));
+            }
         }
 
         [Fact]
@@ -161,6 +187,123 @@ await TestHelpers.Await(() =>
             }
         }
 
+        [Fact]
+        public async Task StandbyMode_EndToEnd_LinuxContainer()
+        {
+            byte[] bytes = TestHelpers.GenerateKeyBytes();
+            var encryptionKey = Convert.ToBase64String(bytes);
+
+            var vars = new Dictionary<string, string>
+            {
+                { EnvironmentSettingNames.ContainerName, "TestContainer" },
+                { EnvironmentSettingNames.ContainerEncryptionKey, encryptionKey },
+                { EnvironmentSettingNames.AzureWebsiteContainerReady, null },
+                { "AzureWebEncryptionKey", "0F75CA46E7EBDD39E4CA6B074D1F9A5972B849A55F91A248" }
+            };
+            using (var env = new TestScopedEnvironmentVariable(vars))
+            {
+                var httpConfig = new HttpConfiguration();
+
+                var testRootPath = Path.Combine(Path.GetTempPath(), "StandbyModeTest_Linux");
+                await FileUtility.DeleteDirectoryAsync(testRootPath, true);
+
+                var loggerProvider = new TestLoggerProvider();
+                var loggerProviderFactory = new TestLoggerProviderFactory(loggerProvider);
+                var webHostSettings = new WebHostSettings
+                {
+                    IsSelfHost = true,
+                    LogPath = Path.Combine(testRootPath, "Logs"),
+                    SecretsPath = Path.Combine(testRootPath, "Secrets"),
+                    ScriptPath = Path.Combine(testRootPath, "WWWRoot")
+                };
+
+                var loggerFactory = new LoggerFactory();
+                loggerFactory.AddProvider(loggerProvider);
+
+                var webHostBuilder = Program.CreateWebHostBuilder()
+                    .ConfigureServices(c =>
+                    {
+                        c.AddSingleton(webHostSettings)
+                        .AddSingleton<ILoggerProviderFactory>(loggerProviderFactory)
+                        .AddSingleton<ILoggerFactory>(loggerFactory);
+                    });
+
+                var httpServer = new TestServer(webHostBuilder);
+                var httpClient = httpServer.CreateClient();
+                httpClient.BaseAddress = new Uri("https://localhost/");
+
+                TestHelpers.WaitForWebHost(httpClient);
+
+                var traces = loggerProvider.GetAllLogMessages().ToArray();
+                Assert.NotNull(traces.Single(p => p.FormattedMessage.StartsWith("Starting Host (HostId=placeholder-host")));
+                Assert.NotNull(traces.Single(p => p.FormattedMessage.StartsWith("Host is in standby mode")));
+
+                // issue warmup request and verify
+                var request = new HttpRequestMessage(HttpMethod.Get, "api/warmup");
+                var response = await httpClient.SendAsync(request);
+                Assert.Equal(HttpStatusCode.OK, response.StatusCode);
+                string responseBody = await response.Content.ReadAsStringAsync();
+                Assert.Equal("WarmUp complete.", responseBody);
+
+                // issue warmup request with restart and verify
+                request = new HttpRequestMessage(HttpMethod.Get, "api/warmup?restart=1");
+                response = await httpClient.SendAsync(request);
+                Assert.Equal(HttpStatusCode.OK, response.StatusCode);
+                responseBody = await response.Content.ReadAsStringAsync();
+                Assert.Equal("WarmUp complete.", responseBody);
+
+                // Now specialize the host by invoking assign
+                var secretManager = httpServer.Host.Services.GetService<ISecretManager>();
+                var masterKey = (await secretManager.GetHostSecretsAsync()).MasterKey;
+                string uri = "admin/instance/assign";
+                request = new HttpRequestMessage(HttpMethod.Post, uri);
+                var environment = new Dictionary<string, string>();
+                var assignmentContext = new HostAssignmentContext
+                {
+                    SiteId = 1234,
+                    SiteName = "TestSite",
+                    Environment = environment
+                };
+                var encryptedAssignmentContext = EncryptedHostAssignmentContext.Create(assignmentContext, encryptionKey);
+                string json = JsonConvert.SerializeObject(encryptedAssignmentContext);
+                request.Content = new StringContent(json, Encoding.UTF8, "application/json");
+                request.Headers.Add(AuthenticationLevelHandler.FunctionsKeyHeaderName, masterKey);
+                response = await httpClient.SendAsync(request);
+                Assert.Equal(HttpStatusCode.Accepted, response.StatusCode);
+
+                // give time for the specialization to happen
+                string[] logLines = null;
+                await TestHelpers.Await(() =>
+                {
+                    // wait for the trace indicating that the host has been specialized
+                    logLines = loggerProvider.GetAllLogMessages().Where(p => p.FormattedMessage != null).Select(p => p.FormattedMessage).ToArray();
+                    return logLines.Contains("Generating 0 job function(s)");
+                }, userMessageCallback: () => string.Join(Environment.NewLine, loggerProvider.GetAllLogMessages().Select(p => $"[{p.Timestamp.ToString("HH:mm:ss.fff")}] {p.FormattedMessage}")));
+
+                httpServer.Dispose();
+                httpClient.Dispose();
+
+                await Task.Delay(2000);
+
+                var hostConfig = WebHostResolver.CreateScriptHostConfiguration(webHostSettings, true);
+                var expectedHostId = hostConfig.HostConfig.HostId;
+
+                // verify the rest of the expected logs
+                string text = string.Join(Environment.NewLine, logLines);
+                Assert.True(logLines.Count(p => p.Contains("Stopping Host")) >= 1);
+                Assert.Equal(1, logLines.Count(p => p.Contains("Creating StandbyMode placeholder function directory")));
+                Assert.Equal(1, logLines.Count(p => p.Contains("StandbyMode placeholder function directory created")));
+                Assert.Equal(2, logLines.Count(p => p.Contains("Starting Host (HostId=placeholder-host")));
+                Assert.Equal(2, logLines.Count(p => p.Contains("Host is in standby mode")));
+                Assert.Equal(2, logLines.Count(p => p.Contains("Executed 'Functions.WarmUp' (Succeeded")));
+                Assert.Equal(1, logLines.Count(p => p.Contains("Starting host specialization")));
+                Assert.Equal(1, logLines.Count(p => p.Contains($"Starting Host (HostId={expectedHostId}")));
+                Assert.Contains("Generating 0 job function(s)", logLines);
+
+                WebScriptHostManager.ResetStandbyMode();
+            }
+        }
+
         public void Dispose()
         {
         }

test/WebJobs.Script.Tests.Shared/TestHelpers.cs

@@ -8,6 +8,7 @@
 using System.Linq;
 using System.Net;
 using System.Net.Http;
+using System.Security.Cryptography;
 using System.Text;
 using System.Threading.Tasks;
 using Microsoft.WindowsAzure.Storage.Blob;
@@ -31,6 +32,20 @@ public static string FunctionsTestDirectory
             }
         }
 
+        public static byte[] GenerateKeyBytes()
+        {
+            using (var aes = new AesManaged())
+            {
+                aes.GenerateKey();
+                return aes.Key;
+            }
+        }
+
+        public static string GenerateKeyHexString(byte[] key = null)
+        {
+            return BitConverter.ToString(key ?? GenerateKeyBytes()).Replace("-", string.Empty);
+        }
+
         public static string NewRandomString(int length = 10)
         {
             return new string(

test/WebJobs.Script.Tests/Helpers/SimpleWebTokenTests.cs

@@ -31,8 +31,8 @@ public void EncryptShouldThrowIdNoEncryptionKeyDefined()
         [InlineData("value")]
         public void EncryptShouldGenerateDecryptableValues(string valueToEncrypt)
         {
-            var key = GenerateBytesKey();
-            var stringKey = GenerateKeyHexString(key);
+            var key = TestHelpers.GenerateKeyBytes();
+            var stringKey = TestHelpers.GenerateKeyHexString(key);
             Environment.SetEnvironmentVariable("WEBSITE_AUTH_ENCRYPTION_KEY", stringKey);
 
             var encrypted = SimpleWebTokenHelper.Encrypt(valueToEncrypt);
@@ -45,8 +45,8 @@ public void EncryptShouldGenerateDecryptableValues(string valueToEncrypt)
         [Fact]
         public void CreateTokenShouldCreateAValidToken()
         {
-            var key = GenerateBytesKey();
-            var stringKey = GenerateKeyHexString(key);
+            var key = TestHelpers.GenerateKeyBytes();
+            var stringKey = TestHelpers.GenerateKeyHexString(key);
             var timeStamp = DateTime.UtcNow;
             Environment.SetEnvironmentVariable("WEBSITE_AUTH_ENCRYPTION_KEY", stringKey);
 
@@ -56,20 +56,6 @@ public void CreateTokenShouldCreateAValidToken()
             Assert.Equal($"exp={timeStamp.Ticks}", decrypted);
         }
 
-        public static byte[] GenerateBytesKey()
-        {
-            using (var aes = new AesManaged())
-            {
-                aes.GenerateKey();
-                return aes.Key;
-            }
-        }
-
-        public static string GenerateKeyHexString(byte[] key = null)
-        {
-                return BitConverter.ToString(key ?? GenerateBytesKey()).Replace("-", string.Empty);
-        }
-
         public void Dispose()
         {
             // Clean up