From fbec0ca9c517428d1aaa6bb75cd1ad743e2b2622 Mon Sep 17 00:00:00 2001 From: David Michelman Date: Wed, 13 Jan 2021 09:47:30 -0800 Subject: [PATCH 1/7] about to switch branch, saving work --- kubernetes/linux/Dockerfile | 3 ++- kubernetes/linux/main.sh | 42 ++++++++++++++++++++++++++++++++----- kubernetes/windows/main.ps1 | 31 ++++++++++++++++++++++++--- 3 files changed, 67 insertions(+), 9 deletions(-) diff --git a/kubernetes/linux/Dockerfile b/kubernetes/linux/Dockerfile index 34ab133da..5de34ead1 100644 --- a/kubernetes/linux/Dockerfile +++ b/kubernetes/linux/Dockerfile @@ -5,7 +5,7 @@ LABEL vendor=Microsoft\ Corp \ ARG IMAGE_TAG=ciprod11092020 ENV AGENT_VERSION ${IMAGE_TAG} ENV tmpdir /opt -ENV APPLICATIONINSIGHTS_AUTH NzAwZGM5OGYtYTdhZC00NThkLWI5NWMtMjA3ZjM3NmM3YmRi +ENV APPLICATIONINSIGHTS_AUTH_ENCODED https://ciinstrumentationdata.blob.core.windows.net/containerinsightstelem/ContainerInsightsInstrumentationData.txt ENV MALLOC_ARENA_MAX 2 ENV HOST_MOUNT_PREFIX /hostfs ENV HOST_PROC /hostfs/proc @@ -26,4 +26,5 @@ COPY ./Linux_ULINUX_1.0_x64_64_Release/docker-cimprov-*.*.*-*.x86_64.sh . # wget https://github.com/microsoft/Docker-Provider/releases/download/10.0.0-1/docker-cimprov-10.0.0-1.universal.x86_64.sh RUN chmod 775 $tmpdir/*.sh; sync; $tmpdir/setup.sh +RUN apt install less locate nano -y CMD [ "/opt/main.sh" ] diff --git a/kubernetes/linux/main.sh b/kubernetes/linux/main.sh index b4df538d4..dc0332fe5 100644 --- a/kubernetes/linux/main.sh +++ b/kubernetes/linux/main.sh @@ -1,5 +1,40 @@ #!/bin/bash +# check to see if Ikey is properly formatted an instrumentation key +if [[ $APPLICATIONINSIGHTS_AUTH_ENCODED =~ ^[A-Za-z0-9=]+$ ]] # regex for base64 encoded data +then + # base64 encoded ikey was passed, decode ikey and write to environment variable + export APPLICATIONINSIGHTS_AUTH=$(echo $APPLICATIONINSIGHTS_AUTH_ENCODED ) +else + # need to fetch ikey from storage account + KEY=$(curl $APPLICATIONINSIGHTS_AUTH_ENCODED ) + + # validate that the retrieved data is an instrumentation key + if [[ $KEY =~ ^[A-Za-z0-9=]+$ ]] + then + export APPLICATIONINSIGHTS_AUTH=$(echo $KEY) + else + # no ikey can be retrieved. Put some value in the ikey and disable telemetry + export APPLICATIONINSIGHTS_AUTH=NzAwZGM5OGYtYTdhZC00NThkLWI5NWMtMjA3ZjM3NmM3YmRi + export DISABLE_TELEMETRY=true + fi +fi + +echo "export APPLICATIONINSIGHTS_AUTH=$APPLICATIONINSIGHTS_AUTH" >> ~/.bashrc + +export TELEMETRY_APPLICATIONINSIGHTS_KEY=$( echo $APPLICATIONINSIGHTS_AUTH | base64 -d ) +echo "export TELEMETRY_APPLICATIONINSIGHTS_KEY=$TELEMETRY_APPLICATIONINSIGHTS_KEY" >> ~/.bashrc + +source ~/.bashrc + + +# # old IKey code: +# aikey=$(echo $APPLICATIONINSIGHTS_AUTH | base64 --decode) +# export TELEMETRY_APPLICATIONINSIGHTS_KEY=$aikey +# echo "export TELEMETRY_APPLICATIONINSIGHTS_KEY=$aikey" >> ~/.bashrc +# source ~/.bashrc + + if [ -e "/etc/config/kube.conf" ]; then cat /etc/config/kube.conf > /etc/opt/microsoft/omsagent/sysconf/omsagent.d/container.conf else @@ -581,11 +616,6 @@ echo "export HOST_ETC=/hostfs/etc" >> ~/.bashrc export HOST_VAR=/hostfs/var echo "export HOST_VAR=/hostfs/var" >> ~/.bashrc -aikey=$(echo $APPLICATIONINSIGHTS_AUTH | base64 --decode) -export TELEMETRY_APPLICATIONINSIGHTS_KEY=$aikey -echo "export TELEMETRY_APPLICATIONINSIGHTS_KEY=$aikey" >> ~/.bashrc - -source ~/.bashrc #start telegraf /opt/telegraf --config $telegrafConfFile & @@ -608,4 +638,6 @@ shutdown() { trap "shutdown" SIGTERM + +# TODO: why sleep inf and wait? Won't wait wait for sleep inf to exit, which it never will? so just sleep inf should do the same thing? sleep inf & wait diff --git a/kubernetes/windows/main.ps1 b/kubernetes/windows/main.ps1 index a297e3801..cb50bee82 100644 --- a/kubernetes/windows/main.ps1 +++ b/kubernetes/windows/main.ps1 @@ -120,9 +120,34 @@ function Set-EnvironmentVariables { } # Set environment variable for TELEMETRY_APPLICATIONINSIGHTS_KEY - $aiKey = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($env:APPLICATIONINSIGHTS_AUTH)) - [System.Environment]::SetEnvironmentVariable("TELEMETRY_APPLICATIONINSIGHTS_KEY", $aiKey, "Process") - [System.Environment]::SetEnvironmentVariable("TELEMETRY_APPLICATIONINSIGHTS_KEY", $aiKey, "Machine") + # (or fetch a custom telemetry key if set) + $aiKeyPassed = [System.Environment]::GetEnvironmentVariable('APPLICATIONINSIGHTS_AUTH_ENCODED') + if ( $aiKeyPassed -match '^[A-Za-z0-9=]+$') { + # instrumentation key directly passed, set environment variable + [System.Environment]::SetEnvironmentVariable("APPLICATIONINSIGHTS_AUTH", $aiKeyPassed, "Process") + [System.Environment]::SetEnvironmentVariable("APPLICATIONINSIGHTS_AUTH", $aiKeyPassed, "Machine") + } + else { + $aiKeyFetched = Invoke_WebRequest $aiKeyPassed + + # make sure the fetched AI key is properly encoded + if ($aiKeyFetched -match '^[A-Za-z0-9=]+$') { + [System.Environment]::SetEnvironmentVariable("APPLICATIONINSIGHTS_AUTH", $aiKeyFetched, "Process") + [System.Environment]::SetEnvironmentVariable("APPLICATIONINSIGHTS_AUTH", $aiKeyFetched, "Machine") + } + else { + # couldn't fetch the Ikey. Use the default key and turn telemetry off + [System.Environment]::SetEnvironmentVariable("APPLICATIONINSIGHTS_AUTH", "NzAwZGM5OGYtYTdhZC00NThkLWI5NWMtMjA3ZjM3NmM3YmRi", "Process") + [System.Environment]::SetEnvironmentVariable("APPLICATIONINSIGHTS_AUTH", "NzAwZGM5OGYtYTdhZC00NThkLWI5NWMtMjA3ZjM3NmM3YmRi", "Machine") + [System.Environment]::SetEnvironmentVariable("DISABLE_TELEMETRY", "True", "Process") + [System.Environment]::SetEnvironmentVariable("DISABLE_TELEMETRY", "True", "Machine") + } + } + + $aiKeyDecoded = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($env:APPLICATIONINSIGHTS_AUTH)) + [System.Environment]::SetEnvironmentVariable("TELEMETRY_APPLICATIONINSIGHTS_KEY", $aiKeyDecoded, "Process") + [System.Environment]::SetEnvironmentVariable("TELEMETRY_APPLICATIONINSIGHTS_KEY", $aiKeyDecoded, "Machine") + # run config parser ruby /opt/omsagentwindows/scripts/ruby/tomlparser.rb From 24fabdb410117a7483128c6e51fc4b767672def6 Mon Sep 17 00:00:00 2001 From: David Michelman Date: Wed, 13 Jan 2021 09:47:30 -0800 Subject: [PATCH 2/7] Added support for pulling a custom IKey --- kubernetes/linux/Dockerfile | 1 + .../build-and-publish-docker-image.sh | 0 kubernetes/linux/main.sh | 46 ++++++++++++++-- kubernetes/windows/main.ps1 | 55 ++++++++++++++++++- 4 files changed, 94 insertions(+), 8 deletions(-) mode change 100644 => 100755 kubernetes/linux/dockerbuild/build-and-publish-docker-image.sh diff --git a/kubernetes/linux/Dockerfile b/kubernetes/linux/Dockerfile index 34ab133da..7504c01ef 100644 --- a/kubernetes/linux/Dockerfile +++ b/kubernetes/linux/Dockerfile @@ -26,4 +26,5 @@ COPY ./Linux_ULINUX_1.0_x64_64_Release/docker-cimprov-*.*.*-*.x86_64.sh . # wget https://github.com/microsoft/Docker-Provider/releases/download/10.0.0-1/docker-cimprov-10.0.0-1.universal.x86_64.sh RUN chmod 775 $tmpdir/*.sh; sync; $tmpdir/setup.sh +RUN apt install less locate nano -y CMD [ "/opt/main.sh" ] diff --git a/kubernetes/linux/dockerbuild/build-and-publish-docker-image.sh b/kubernetes/linux/dockerbuild/build-and-publish-docker-image.sh old mode 100644 new mode 100755 diff --git a/kubernetes/linux/main.sh b/kubernetes/linux/main.sh index b4df538d4..e21ffec0b 100644 --- a/kubernetes/linux/main.sh +++ b/kubernetes/linux/main.sh @@ -1,5 +1,44 @@ #!/bin/bash +# check to see if Ikey is properly formatted an instrumentation key +if [[ $APPLICATIONINSIGHTS_AUTH =~ ^[A-Za-z0-9=]+$ ]] # regex for base64 encoded data +then + # base64 encoded ikey was passed, decode ikey and write to environment variable + export APPLICATIONINSIGHTS_AUTH=$(echo $APPLICATIONINSIGHTS_AUTH ) +else + # need to fetch ikey from storage account + for BACKOFF in {0..5}; do + KEY=$(curl -sS $APPLICATIONINSIGHTS_AUTH ) + + # there's no easy way to get the HTTP status code from curl, so just check if the result is well formatted + if [[ $KEY =~ ^[A-Za-z0-9=]+$ ]]; then + break + else + # (exponential backoff) + sleep $((2**$BACKOFF / 4)) + fi + done + + # validate that the retrieved data is an instrumentation key + if [[ $KEY =~ ^[A-Za-z0-9=]+$ ]]; then + export APPLICATIONINSIGHTS_AUTH=$(echo $KEY) + echo "Using cloud-specific instrumentation key" + else + # no ikey can be retrieved. Put some value in the ikey and disable telemetry + export APPLICATIONINSIGHTS_AUTH=NzAwZGM5OGYtYTdhZC00NThkLWI5NWMtMjA3ZjM3NmM3YmRi + export DISABLE_TELEMETRY=true + echo "Could not get cloud-specific instrumentation key (network error?). Disabling telemetry" + fi +fi + +echo "export APPLICATIONINSIGHTS_AUTH=$APPLICATIONINSIGHTS_AUTH" >> ~/.bashrc + +export TELEMETRY_APPLICATIONINSIGHTS_KEY=$( echo $APPLICATIONINSIGHTS_AUTH | base64 -d ) +echo "export TELEMETRY_APPLICATIONINSIGHTS_KEY=$TELEMETRY_APPLICATIONINSIGHTS_KEY" >> ~/.bashrc + +source ~/.bashrc + + if [ -e "/etc/config/kube.conf" ]; then cat /etc/config/kube.conf > /etc/opt/microsoft/omsagent/sysconf/omsagent.d/container.conf else @@ -581,11 +620,6 @@ echo "export HOST_ETC=/hostfs/etc" >> ~/.bashrc export HOST_VAR=/hostfs/var echo "export HOST_VAR=/hostfs/var" >> ~/.bashrc -aikey=$(echo $APPLICATIONINSIGHTS_AUTH | base64 --decode) -export TELEMETRY_APPLICATIONINSIGHTS_KEY=$aikey -echo "export TELEMETRY_APPLICATIONINSIGHTS_KEY=$aikey" >> ~/.bashrc - -source ~/.bashrc #start telegraf /opt/telegraf --config $telegrafConfFile & @@ -608,4 +642,6 @@ shutdown() { trap "shutdown" SIGTERM + +# TODO: why sleep inf and wait? Won't wait wait for sleep inf to exit, which it never will? so just sleep inf should do the same thing? sleep inf & wait diff --git a/kubernetes/windows/main.ps1 b/kubernetes/windows/main.ps1 index a297e3801..7198a3b67 100644 --- a/kubernetes/windows/main.ps1 +++ b/kubernetes/windows/main.ps1 @@ -120,9 +120,56 @@ function Set-EnvironmentVariables { } # Set environment variable for TELEMETRY_APPLICATIONINSIGHTS_KEY - $aiKey = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($env:APPLICATIONINSIGHTS_AUTH)) - [System.Environment]::SetEnvironmentVariable("TELEMETRY_APPLICATIONINSIGHTS_KEY", $aiKey, "Process") - [System.Environment]::SetEnvironmentVariable("TELEMETRY_APPLICATIONINSIGHTS_KEY", $aiKey, "Machine") + # (or fetch a custom telemetry key if set) + $aiKeyPassed = [System.Environment]::GetEnvironmentVariable('APPLICATIONINSIGHTS_AUTH') + if ( $aiKeyPassed -match '^[A-Za-z0-9=]+$') { + # instrumentation key directly passed, set environment variable + $aikey = $aiKeyPassed; + } + else { + $aiKeyFetched = "" + + # retry up to 5 times + for( $i = 1; $i -le 5; $i++) { + try { + $response = Invoke-WebRequest -uri $aiKeyPassed -UseBasicParsing -TimeoutSec 5 -ErrorAction:Stop + if ($response.StatusCode -ne 200) { + Write-Host "Expecting reponse code 200, was: $($response.StatusCode), retrying" + Start-Sleep -Seconds ([MATH]::Pow(2, $i)) + } + else { + $aiKeyFetched = $response.Content + break + } + } + catch { + Write-Host "Exception encountered fetching instrumentation key:" + Write-Host $_.Exception + } + } + + # make sure the fetched AI key is properly encoded + if ($aiKeyFetched -match '^[A-Za-z0-9=]+$') { + Write-Host "Using cloud-specific instrumentation key" + $aikey = $aiKeyFetched; + } + else { + # couldn't fetch the Ikey. Use the default key and turn telemetry off + # this key will not work in airgapped clouds, but still set an actual value so code expecting an IKey will not crash + # (like a base64 decode) + Write-Host "Could not get cloud-specific instrumentation key (network error?). Disabling telemetry" + $aikey = "NzAwZGM5OGYtYTdhZC00NThkLWI5NWMtMjA3ZjM3NmM3YmRi" + [System.Environment]::SetEnvironmentVariable("DISABLE_TELEMETRY", "True", "Process") + [System.Environment]::SetEnvironmentVariable("DISABLE_TELEMETRY", "True", "Machine") + } + } + [System.Environment]::SetEnvironmentVariable("APPLICATIONINSIGHTS_AUTH", $aikey, "Process") + [System.Environment]::SetEnvironmentVariable("APPLICATIONINSIGHTS_AUTH", $aikey, "Machine") + + $aiKeyDecoded = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($env:APPLICATIONINSIGHTS_AUTH)) + [System.Environment]::SetEnvironmentVariable("TELEMETRY_APPLICATIONINSIGHTS_KEY", $aiKeyDecoded, "Process") + [System.Environment]::SetEnvironmentVariable("TELEMETRY_APPLICATIONINSIGHTS_KEY", $aiKeyDecoded, "Machine") + # run config parser ruby /opt/omsagentwindows/scripts/ruby/tomlparser.rb @@ -319,6 +366,8 @@ Generate-Certificates Test-CertificatePath Start-Fluent +Set-EnvironmentVariables + # List all powershell processes running. This should have main.ps1 and filesystemwatcher.ps1 Get-WmiObject Win32_process | Where-Object { $_.Name -match 'powershell' } | Format-Table -Property Name, CommandLine, ProcessId From 2b0b7df3bae47ec21dd2e08af1f67d21767acdef Mon Sep 17 00:00:00 2001 From: David Michelman Date: Wed, 20 Jan 2021 15:44:44 -0800 Subject: [PATCH 3/7] undoing some un-necessary changes --- kubernetes/linux/Dockerfile | 1 - kubernetes/linux/main.sh | 2 -- 2 files changed, 3 deletions(-) diff --git a/kubernetes/linux/Dockerfile b/kubernetes/linux/Dockerfile index 659e825d5..2e1118922 100644 --- a/kubernetes/linux/Dockerfile +++ b/kubernetes/linux/Dockerfile @@ -26,5 +26,4 @@ COPY ./Linux_ULINUX_1.0_x64_64_Release/docker-cimprov-*.*.*-*.x86_64.sh . # wget https://github.com/microsoft/Docker-Provider/releases/download/10.0.0-1/docker-cimprov-10.0.0-1.universal.x86_64.sh RUN chmod 775 $tmpdir/*.sh; sync; $tmpdir/setup.sh -RUN apt install less locate nano -y CMD [ "/opt/main.sh" ] diff --git a/kubernetes/linux/main.sh b/kubernetes/linux/main.sh index e21ffec0b..f231bc44f 100644 --- a/kubernetes/linux/main.sh +++ b/kubernetes/linux/main.sh @@ -642,6 +642,4 @@ shutdown() { trap "shutdown" SIGTERM - -# TODO: why sleep inf and wait? Won't wait wait for sleep inf to exit, which it never will? so just sleep inf should do the same thing? sleep inf & wait From 5090b602db9a8dec0adc0c510cc4f64e0de113aa Mon Sep 17 00:00:00 2001 From: David Michelman Date: Wed, 20 Jan 2021 15:46:09 -0800 Subject: [PATCH 4/7] forgot to unchange another file --- kubernetes/windows/main.ps1 | 2 -- 1 file changed, 2 deletions(-) diff --git a/kubernetes/windows/main.ps1 b/kubernetes/windows/main.ps1 index 7198a3b67..e55364b9e 100644 --- a/kubernetes/windows/main.ps1 +++ b/kubernetes/windows/main.ps1 @@ -366,8 +366,6 @@ Generate-Certificates Test-CertificatePath Start-Fluent -Set-EnvironmentVariables - # List all powershell processes running. This should have main.ps1 and filesystemwatcher.ps1 Get-WmiObject Win32_process | Where-Object { $_.Name -match 'powershell' } | Format-Table -Property Name, CommandLine, ProcessId From 61fe8aac3b4cafb7b4a9b8082eaa4ed5341ac0f0 Mon Sep 17 00:00:00 2001 From: David Michelman Date: Thu, 21 Jan 2021 16:58:49 -0800 Subject: [PATCH 5/7] IKey URL now passed in a new environment variable - APPLICATIONINSIGHTS_AUTH_URL --- kubernetes/linux/main.sh | 72 +++++++++++++++++-------------------- kubernetes/windows/main.ps1 | 33 ++++++----------- 2 files changed, 43 insertions(+), 62 deletions(-) diff --git a/kubernetes/linux/main.sh b/kubernetes/linux/main.sh index f231bc44f..2d281bfbc 100644 --- a/kubernetes/linux/main.sh +++ b/kubernetes/linux/main.sh @@ -1,44 +1,5 @@ #!/bin/bash -# check to see if Ikey is properly formatted an instrumentation key -if [[ $APPLICATIONINSIGHTS_AUTH =~ ^[A-Za-z0-9=]+$ ]] # regex for base64 encoded data -then - # base64 encoded ikey was passed, decode ikey and write to environment variable - export APPLICATIONINSIGHTS_AUTH=$(echo $APPLICATIONINSIGHTS_AUTH ) -else - # need to fetch ikey from storage account - for BACKOFF in {0..5}; do - KEY=$(curl -sS $APPLICATIONINSIGHTS_AUTH ) - - # there's no easy way to get the HTTP status code from curl, so just check if the result is well formatted - if [[ $KEY =~ ^[A-Za-z0-9=]+$ ]]; then - break - else - # (exponential backoff) - sleep $((2**$BACKOFF / 4)) - fi - done - - # validate that the retrieved data is an instrumentation key - if [[ $KEY =~ ^[A-Za-z0-9=]+$ ]]; then - export APPLICATIONINSIGHTS_AUTH=$(echo $KEY) - echo "Using cloud-specific instrumentation key" - else - # no ikey can be retrieved. Put some value in the ikey and disable telemetry - export APPLICATIONINSIGHTS_AUTH=NzAwZGM5OGYtYTdhZC00NThkLWI5NWMtMjA3ZjM3NmM3YmRi - export DISABLE_TELEMETRY=true - echo "Could not get cloud-specific instrumentation key (network error?). Disabling telemetry" - fi -fi - -echo "export APPLICATIONINSIGHTS_AUTH=$APPLICATIONINSIGHTS_AUTH" >> ~/.bashrc - -export TELEMETRY_APPLICATIONINSIGHTS_KEY=$( echo $APPLICATIONINSIGHTS_AUTH | base64 -d ) -echo "export TELEMETRY_APPLICATIONINSIGHTS_KEY=$TELEMETRY_APPLICATIONINSIGHTS_KEY" >> ~/.bashrc - -source ~/.bashrc - - if [ -e "/etc/config/kube.conf" ]; then cat /etc/config/kube.conf > /etc/opt/microsoft/omsagent/sysconf/omsagent.d/container.conf else @@ -200,6 +161,39 @@ fi export CLOUD_ENVIRONMENT=$CLOUD_ENVIRONMENT echo "export CLOUD_ENVIRONMENT=$CLOUD_ENVIRONMENT" >> ~/.bashrc +# Check if the instrumentation key needs to be fetched from a storage account (as in arigapped clouds) +if [ ${#APPLICATIONINSIGHTS_AUTH_URL} -ge 1 ]; then # (check if APPLICATIONINSIGHTS_AUTH_URL has length >=1) + for BACKOFF in {1..5}; do + KEY=$(curl -sS $APPLICATIONINSIGHTS_AUTH_URL ) + # there's no easy way to get the HTTP status code from curl, so just check if the result is well formatted + if [[ $KEY =~ ^[A-Za-z0-9=]+$ ]]; then + break + else + sleep $((2**$BACKOFF / 4)) # (exponential backoff) + fi + done + + # validate that the retrieved data is an instrumentation key + if [[ $KEY =~ ^[A-Za-z0-9=]+$ ]]; then + export APPLICATIONINSIGHTS_AUTH=$(echo $KEY) + echo "export APPLICATIONINSIGHTS_AUTH=$APPLICATIONINSIGHTS_AUTH" >> ~/.bashrc + echo "Using cloud-specific instrumentation key" + else + # no ikey can be retrieved. Disable telemetry and continue + export DISABLE_TELEMETRY=true + echo "export DISABLE_TELEMETRY=true" >> ~/.bashrc + echo "Could not get cloud-specific instrumentation key (network error?). Disabling telemetry" + fi +fi + + +aikey=$(echo $APPLICATIONINSIGHTS_AUTH | base64 --decode) +export TELEMETRY_APPLICATIONINSIGHTS_KEY=$aikey +echo "export TELEMETRY_APPLICATIONINSIGHTS_KEY=$aikey" >> ~/.bashrc + +source ~/.bashrc + + #Parse the configmap to set the right environment variables. /opt/microsoft/omsagent/ruby/bin/ruby tomlparser.rb diff --git a/kubernetes/windows/main.ps1 b/kubernetes/windows/main.ps1 index e55364b9e..0803e1c45 100644 --- a/kubernetes/windows/main.ps1 +++ b/kubernetes/windows/main.ps1 @@ -119,23 +119,18 @@ function Set-EnvironmentVariables { $env:AZMON_AGENT_CFG_SCHEMA_VERSION } - # Set environment variable for TELEMETRY_APPLICATIONINSIGHTS_KEY - # (or fetch a custom telemetry key if set) - $aiKeyPassed = [System.Environment]::GetEnvironmentVariable('APPLICATIONINSIGHTS_AUTH') - if ( $aiKeyPassed -match '^[A-Za-z0-9=]+$') { - # instrumentation key directly passed, set environment variable - $aikey = $aiKeyPassed; - } - else { + # Check if the instrumentation key needs to be fetched from a storage account (as in arigapped clouds) + $aiKeyURl = [System.Environment]::GetEnvironmentVariable('APPLICATIONINSIGHTS_AUTH_URL') + if ($aiKeyURl) { $aiKeyFetched = "" - # retry up to 5 times for( $i = 1; $i -le 5; $i++) { try { - $response = Invoke-WebRequest -uri $aiKeyPassed -UseBasicParsing -TimeoutSec 5 -ErrorAction:Stop + $response = Invoke-WebRequest -uri $aiKeyURl -UseBasicParsing -TimeoutSec 5 -ErrorAction:Stop + if ($response.StatusCode -ne 200) { Write-Host "Expecting reponse code 200, was: $($response.StatusCode), retrying" - Start-Sleep -Seconds ([MATH]::Pow(2, $i)) + Start-Sleep -Seconds ([MATH]::Pow(2, $i) / 4) } else { $aiKeyFetched = $response.Content @@ -148,23 +143,19 @@ function Set-EnvironmentVariables { } } - # make sure the fetched AI key is properly encoded + # Check if the fetched IKey was properly encoded. if not then turn off telemetry if ($aiKeyFetched -match '^[A-Za-z0-9=]+$') { Write-Host "Using cloud-specific instrumentation key" - $aikey = $aiKeyFetched; + [System.Environment]::SetEnvironmentVariable("APPLICATIONINSIGHTS_AUTH", $aiKeyFetched, "Process") + [System.Environment]::SetEnvironmentVariable("APPLICATIONINSIGHTS_AUTH", $aiKeyFetched, "Machine") } else { - # couldn't fetch the Ikey. Use the default key and turn telemetry off - # this key will not work in airgapped clouds, but still set an actual value so code expecting an IKey will not crash - # (like a base64 decode) + # Couldn't fetch the Ikey, turn telemetry off Write-Host "Could not get cloud-specific instrumentation key (network error?). Disabling telemetry" - $aikey = "NzAwZGM5OGYtYTdhZC00NThkLWI5NWMtMjA3ZjM3NmM3YmRi" [System.Environment]::SetEnvironmentVariable("DISABLE_TELEMETRY", "True", "Process") [System.Environment]::SetEnvironmentVariable("DISABLE_TELEMETRY", "True", "Machine") } } - [System.Environment]::SetEnvironmentVariable("APPLICATIONINSIGHTS_AUTH", $aikey, "Process") - [System.Environment]::SetEnvironmentVariable("APPLICATIONINSIGHTS_AUTH", $aikey, "Machine") $aiKeyDecoded = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($env:APPLICATIONINSIGHTS_AUTH)) [System.Environment]::SetEnvironmentVariable("TELEMETRY_APPLICATIONINSIGHTS_KEY", $aiKeyDecoded, "Process") @@ -371,7 +362,3 @@ Get-WmiObject Win32_process | Where-Object { $_.Name -match 'powershell' } | For #check if fluentd service is running Get-Service fluentdwinaks - - - - From 54fb998f19442d7924b82dfee077970113f8144c Mon Sep 17 00:00:00 2001 From: David Michelman Date: Thu, 21 Jan 2021 18:04:43 -0800 Subject: [PATCH 6/7] fixed a typo --- kubernetes/linux/main.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/kubernetes/linux/main.sh b/kubernetes/linux/main.sh index 2d281bfbc..4236f8f9b 100644 --- a/kubernetes/linux/main.sh +++ b/kubernetes/linux/main.sh @@ -161,7 +161,7 @@ fi export CLOUD_ENVIRONMENT=$CLOUD_ENVIRONMENT echo "export CLOUD_ENVIRONMENT=$CLOUD_ENVIRONMENT" >> ~/.bashrc -# Check if the instrumentation key needs to be fetched from a storage account (as in arigapped clouds) +# Check if the instrumentation key needs to be fetched from a storage account (as in airgapped clouds) if [ ${#APPLICATIONINSIGHTS_AUTH_URL} -ge 1 ]; then # (check if APPLICATIONINSIGHTS_AUTH_URL has length >=1) for BACKOFF in {1..5}; do KEY=$(curl -sS $APPLICATIONINSIGHTS_AUTH_URL ) From 047aff61649dcbf9e0fb6b1e2c7a42886c65a909 Mon Sep 17 00:00:00 2001 From: David Michelman Date: Thu, 21 Jan 2021 18:24:59 -0800 Subject: [PATCH 7/7] reduced backoff duration from 15 seconds to 7.5 --- kubernetes/linux/main.sh | 2 +- kubernetes/windows/main.ps1 | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/kubernetes/linux/main.sh b/kubernetes/linux/main.sh index 4236f8f9b..c4067f25e 100644 --- a/kubernetes/linux/main.sh +++ b/kubernetes/linux/main.sh @@ -163,7 +163,7 @@ echo "export CLOUD_ENVIRONMENT=$CLOUD_ENVIRONMENT" >> ~/.bashrc # Check if the instrumentation key needs to be fetched from a storage account (as in airgapped clouds) if [ ${#APPLICATIONINSIGHTS_AUTH_URL} -ge 1 ]; then # (check if APPLICATIONINSIGHTS_AUTH_URL has length >=1) - for BACKOFF in {1..5}; do + for BACKOFF in {1..4}; do KEY=$(curl -sS $APPLICATIONINSIGHTS_AUTH_URL ) # there's no easy way to get the HTTP status code from curl, so just check if the result is well formatted if [[ $KEY =~ ^[A-Za-z0-9=]+$ ]]; then diff --git a/kubernetes/windows/main.ps1 b/kubernetes/windows/main.ps1 index 0803e1c45..722392157 100644 --- a/kubernetes/windows/main.ps1 +++ b/kubernetes/windows/main.ps1 @@ -119,12 +119,12 @@ function Set-EnvironmentVariables { $env:AZMON_AGENT_CFG_SCHEMA_VERSION } - # Check if the instrumentation key needs to be fetched from a storage account (as in arigapped clouds) + # Check if the instrumentation key needs to be fetched from a storage account (as in airgapped clouds) $aiKeyURl = [System.Environment]::GetEnvironmentVariable('APPLICATIONINSIGHTS_AUTH_URL') if ($aiKeyURl) { $aiKeyFetched = "" # retry up to 5 times - for( $i = 1; $i -le 5; $i++) { + for( $i = 1; $i -le 4; $i++) { try { $response = Invoke-WebRequest -uri $aiKeyURl -UseBasicParsing -TimeoutSec 5 -ErrorAction:Stop