Transferred from kalalvishal#1

Transferred from kalalvishal#2

Set in app settings as zipVersion

Transferred from kalalvishal#66

TLS 1.2 should be set for the App Service.

Sendmail in the Deploy with your SMTP Relay option does not support TLS 1.1 and above. This causes the mail function to fail when using an SMTP relay that requires TLS 1.1 or 1.2. The included fake sendmail is no longer actively managed. To fix the issue I used a fork that adds support for TLS 1.1 and 1.2. The original fake sendmail dev also links to the same fork:

https://github.com/sendmail-tls1-2/main

• Key Vault
• MySQL Flexible Server
• Storage account

Transferred from kalalvishal#14

Hello! I have been trying deploy REDCap (v8.11.8) using the Deploy using SendGrid template and my deployment is failing with this error:

{
    "status": "Failed",
    "error": {
        "code": "ResourceDeploymentFailure",
        "message": "The resource operation completed with terminal provisioning state 'Failed'."
    }
}

I am new to Azure and would really appreciate some help. Please let me know if you need any additional information regarding my deployment.

Hi,

I have an error deploying RedCAP on Azure "Your deployment failed"

Error message is:

STATUS Conflict
STATUS MESSAGE {
"status": "Failed",
"error": {
"code": "ResourceDeploymentFailure",
"message": "L'opération de ressource s'est achevée avec l'état d'approvisionnement terminal « Failed »."
}
}
PROVISIONING STATE Failed
TIMESTAMP 4/26/2019, 5:11:03 PM
DURATION 39 seconds
TYPE Microsoft.Web/sites/sourcecontrols

Someone have an idea how to fix it?

May I download and join here the deployment details file?

Best regards,
Emmanuel

Transferred from kalalvishal#67

• Key Vault
• Storage
• Web App

MySQL Flexible Server won't be possible due to the private access configuration

Transferred from kalalvishal#17

Default to AAD join. Provide parameters required to perform AD join.

Params:

• Domain join username, password
• DNS IP address(es)
• Domain name
• OU path

Dependent on VNet peering to a hub VNet. #40

Transferred from kalalvishal#42

Transferred from kalalvishal#44

The virtualNetworkId is part of the peSubnetId value.

The name of the main deployment is (mostly) unique based on a timestamp. Each child deployment uses the same name every time. When executing multiple deployments simultaneously, this leads to problems.

Admittedly, this is a rare condition that is expected to happen only in sandbox environments, but the fix is easy enough to implement.

Transferred from kalalvishal#38

There are important files that Microsoft projects should all have that are not present in this repository. A pull request has been opened to add the missing file(s). When the pr is merged this issue will be closed automatically.

Microsoft teams can learn more about this effort and share feedback within the open source guidance available internally.

Merge this pull request

azurerm_app_service_plan is deprecated in version 3.x of the azurerm provider. The recommended guidance is to use the new azurerm_service_plan resource. Fortunately the update is relatively straightforward.

# the existing:
resource "azurerm_app_service_plan" "redcap" {
  name                = "${local.app_service_name}Plan"
  resource_group_name = azurerm_resource_group.redcap.name
  location            = azurerm_resource_group.redcap.location
  tags                = var.tags
  kind                = "Linux"
  reserved            = true

  sku {
    tier     = var.app_service_plan_tier
    size     = var.app_service_plan_size
    capacity = var.skuCapacity
  }
}

# becomes: 
resource "azurerm_service_plan" "redcap" {
  name                = "${local.app_service_name}Plan"
  resource_group_name = azurerm_resource_group.redcap.name
  location            = azurerm_resource_group.redcap.location
  os_type             = "Linux"
  sku_name            = var.app_service_plan_size
}

The app_service_plan_tier and skuCapacity arguments can then be removed.

Any existing projects updating from the one resource to the other will need to use terraform state move or terraform import to bring the existing resource under management of the new resource.

• Create all resource groups first
• Create all private DNS zones first
• Create names in parallel (requires using object instead of array, or creating individual module calls)

Transferred from kalalvishal#62

It's deployed in the ComputeSubnet instead of the PrivateLinkSubnet.

main.bicep:375

The recommended/sample abbreviation is log but the Bicep uses law.

Transferred from kalalvishal#72

azurerm_app_service is deprecated in version 3.x of the azurerm provider. The recommended guidance is to use the new azurerm_linux_web_app & azurerm_windows_web_app resources. These can be implemented via parallel resources (one for linux, one for windows) enabled/disabled via count with a conditional based on the parent app service resource's type, like so:

resource "azurerm_linux_web_app" "redcap" {
  count                     = var.os_type == "Linux" ? 1 : 0
  ...
}

...
resource "azurerm_windows_web_app" "redcap" {
  count                     = var.os_type != "Linux" ? 1 : 0
  ...
}

Note this does (unfortunately) require all dependent resources to include the same conditional and also use a index, like so:

resource "azurerm_private_endpoint" "web_app" {
  ...

  private_service_connection {
    name                           = "example"
    private_connection_resource_id = var.os_type == "Linux" ? (
      azurerm_linux_web_app.redcap[0].id 
    ) : ( 
      azurerm_windows_web_app.redcap[0].id
    )
    subresource_names              = ["sites"]
    is_manual_connection           = false
  }
  ...

}

This will help pave the road for using existing private DNS zones in a subscription/RG specified as parameters.

Transferred from kalalvishal#28

Hello,

E-signatures (an extension of the record locking/unlocking functionality) when toggled will prompt the user for their credentials, however, the credentials prompted for are not AAD credentials (we have Azure OAuth2 authentication method enabled).

We've used MySQL v8 on site and are trying to migrate to Azure. Only MySQL 5.6 & 5.7 are available. Can MySQL version 8 be added?

Transferred from kalalvishal#40

Transferred from kalalvishal#59

Transferred from kalalvishal#50

The need to use Pascal-case, not camel-case.

webapp.bicep lines 130-138.

Transferred from kalalvishal#70

After a completed deployment in Azure with no completion errors i am getting a forbidden error, i have looked to initialize the database with the steps provided in the readme, but the fires were not under /home, they were under /home/site/repository and none of them could execute becuase some files were amiss (failed to open /home/install.sql)

I can find most of the installation artefacts under the site/repository, and i am using the latest build of RedCap (13.,1.35 LTS)

Hi!
We have deployed RedCAP on Azure resources with the ARM Template. Everything seems to work except the emails. REDCap, in the configuration check page, says that it is able to send emails but no email are sent.
The SMTP configurations are correct (tested with a mail client). Any idea on how we could investigate on the cause of the problem?

Transferred from kalalvishal#11

As reported in the REDCap Community forums, building REDCap from scratch when using the latest 8.x version of MySQL is (sporadically) resulting in the following error:
YOUR REDCAP DATABASE STRUCTURE IS INCORRECT

The solution is to set the sql_generate_invisible_primary_key value on the MySQL flexible server to 'OFF' prior to running the REDCap install script for the database.

Via Terraform these could be implemented via an azurerm_mysql_flexible_server_configuration resource:

resource "azurerm_mysql_flexible_server_configuration" "disable_invisible_primary_key" {
  resource_group_name = azurerm_resource_group.redcap.name
  server_name         = azurerm_mysql_flexible_server.redcap.name
  name                = "sql_generate_invisible_primary_key"
  value               = "OFF"
}

I have not yet tested whether this has an impact when using prior version of MySQL: if so it could include a count = startswith(var.mysqlVersion, "8") ? 1 : 0. Or even better such a conditional used in a locals block should add a map an argument to a merge() function such as suggested in #50 (preferred).

To enable audit logs to a LAW in Azure, the following MySQL configuration entries are needed:
"audit_log_enabled" = "ON",
"audit_log_events" = "ADMIN,CONNECTION,DCL,DDL"

The latter may vary depend on what logging is desired from the server.

Via Terraform these could be implemented via a pair of azurerm_mysql_flexible_server_configuration resources:

resource "azurerm_mysql_flexible_server_configuration" "audit_log_enabled" {
  resource_group_name = azurerm_resource_group.redcap.name
  server_name         = azurerm_mysql_flexible_server.redcap.name
  name                = "audit_log_enabled"
  value               = "ON"
}

resource "azurerm_mysql_flexible_server_configuration" "audit_log_events" {
  resource_group_name = azurerm_resource_group.redcap.name
  server_name         = azurerm_mysql_flexible_server.redcap.name
  name                = "audit_log_events"
  value               = "ADMIN,CONNECTION,DCL,DDL"
}

These could either be enabled via an option variable in the variables.tf file (e.g. enable_audit_log), or even better such a variable could add the above defined in locals as an argument to a merge() function such as suggested in #50 (preferred).

This will also require a diagnostic setting resource and a LAW to house logs. In Terraform:

resource "azurerm_monitor_diagnostic_setting" "logging" {
  count                      = var.enable_audit_log
  name                       = "mds-mysql-redcap"
  target_resource_id         = azurerm_mysql_flexible_server.redcap.id
  log_analytics_workspace_id = var.log_analytics_workspace_id

  # https://learn.microsoft.com/en-us/azure/azure-monitor/essentials/resource-logs-categories#microsoftdbformysqlflexibleservers
  enabled_log {
    category = "MySQLAuditLogs"
  }

  metric {
    category = "AllMetrics"
  }
}

Transferred from kalalvishal#74

Since this is for App Service (old name is Azure Website), do we still need to configure for PEAR package ? if yes, how we can enable it in Kudu ?

Currently, the deployment script dumps the database connection values in database.php. This means that after deployment, it's not possible to update those values. Moreover, those values are available in plain text in database.php.

We need to use something like $_ENV['db_username'].

Instead of scraping the SQL script, calling install.php?auto=1 should deploy the database automatically.

Transferred from kalalvishal#73

Transferred from kalalvishal#71

modify the PowerShell script for error handling and verify if the user is logged in to Azure.

Transferred from kalalvishal#54

Unzip takes too long on blob storage.

Considering mounting Premium file share and unzipping there, then copying files to /home/site

Alternatively, build a REDCap container image

Transferred from kalalvishal#5

Hi,

How can I upgrade an existing Redcap Azure deployment to a higher version. In other words, what steps to take to install the latest version.

Thanks in advance

Sijtze van Dellen

Terraform supports MySQL Flexible server configuration using azurerm_mysql_flexible_server_configuration resources, one for each configuration entry. An addition to the variables.tf file with a supporting variable in addition to the configuration resource using a for_each loop would be ideal.

Example implementation (including locals for universal defaults):
variables.tf

variable "mysql_configuration_items" {
  description = "(Optional) Map of MySQL configurations to enable on the flexible server.  Defaults to `{}`"
  type        = map(string)
  default     = {}
}

main.tf
(see #51 & #52 for why these locals could be included as defaults)

locals {
  mysql_logging_configuration = var.enable_audit_log ? {
    "audit_log_enabled" = "ON",
    "audit_log_events" = "ADMIN,CONNECTION,DCL,DDL",
  } : {}
  mysql_default_configuration_items = merge( local.mysql_logging_configuration, {
    "sql_generate_invisible_primary_key" = "OFF",  # resolves recent issues reported by REDCap database checks when using MySQL v8
  }
}

...

resource "azurerm_mysql_flexible_server_configuration" "config_item" {
  for_each            = merge(local.mysql_default_configuration_items, var.mysql_configuration_items)
  resource_group_name = azurerm_resource_group.redcap.name
  name                = each.key
  server_name         = azurerm_mysql_flexible_server.redcap.name
  value               = each.value
}

While not as familiar with the other deployment options, I assume an analog could be created for those deployment options as well.

This will facilitate a number of other features, including enabling audit logging on the MySQL server, addressing the sql_generate_invisible_primary_key issue with MySQL 8.x (see REDCap community entries on that issue), and others.

Example usage in a tfvars file:

mysql_configuration_items = {
  "max_connections" = 255
}

Transferred from kalalvishal#60

Naming convention depends on nameModule and string array workloads that require the array order to match. Need to modify this into object or else in order to prevent changes to workload name from breaking

Transferred from kalalvishal#45