Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Enable VMSS diagnostic logs #1797

Closed
StephanTLavavej opened this issue Apr 1, 2021 · 1 comment
Closed

Enable VMSS diagnostic logs #1797

StephanTLavavej opened this issue Apr 1, 2021 · 1 comment
Labels
fixed Something works now, yay! high priority Important! infrastructure Related to repository automation

Comments

@StephanTLavavej
Copy link
Member

We've been informed that there's a Microsoft policy requiring us to enable diagnostic logs for our Virtual Machine Scale Sets. As we regularly create new VMSSes (every time there's a new VS Preview), we need to make this part of our script azure-devops/create-vmss.ps1. We received the following instructions:

You can use AzCLI to enable diagnostic logging but it will require some minor pre-requisites. You will need to have a storage account and a SAS token from said storage account as it will need a place to dump the logs.

  • Depending on the OS you plan to monitor, you will need to run the following to generate the config file:
    • Linux: az vmss diagnostics get-default-config > vmssconfig.json
    • Windows: az vmss diagnostics get-default-config --is-windows-os > vmssconfig.json
    • The configuration can stay static and can be re-used for other machines of the same OS.
  • You will need to create a protectedsettings.json file with the storage account name and saskey like this: 
    {
"storageAccountName": "__STORAGE_ACCOUNT_NAME__",
"storageAccountSasToken": "__SAS_TOKEN_WITH_LEADING_QUESTION_MARK__"
}
  • When you have the above, you can just run:
    • az vmss diagnostics set --resource-group networkwatcherrg --vmss-name testlinuxvmss --settings vmssconfig.json --protected-settings vmssprotected.json
  • Once you have the protectedsettings.json and vmssconfig.json files created, they can be reused for subsequent vm scale sets (as long as they are in the same sub).

These instructions were in terms of Azure CLI, but I believe they can be translated to Azure PowerShell. az vmss diagnostics set appears to be Add-AzVmssDiagnosticsExtension. I can't seem to find an analogue of az vmss diagnostics get-default-config but it sounds like we could generate it once with Azure CLI and commit vmssconfig.json, or perhaps we could run Azure CLI from PowerShell.

I assume that we would need to somehow store the "SAS token" in a shared secret, or we would need to add checklist instructions to generate it once and store it in a gitignored file (much like the Status Chart instructions for .env) which would be much easier.
@StephanTLavavej StephanTLavavej added high priority Important! infrastructure Related to repository automation work in progress labels Apr 1, 2021
@StephanTLavavej StephanTLavavej added fixed Something works now, yay! and removed work in progress labels Aug 11, 2021
@StephanTLavavej
Copy link
Member Author

This was fixed by #1884.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
fixed Something works now, yay! high priority Important! infrastructure Related to repository automation
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@StephanTLavavej