From a01b946fdc88f8d7883ac0cabb175043b9e734aa Mon Sep 17 00:00:00 2001 From: vishwanath Date: Mon, 17 May 2021 19:05:53 -0700 Subject: [PATCH 1/3] Add wait time for telegraf and also force mdm egress to use tls 1.2 --- kubernetes/linux/main.sh | 46 ++++++++++++++++++++++++++++++++++ source/plugins/ruby/out_mdm.rb | 1 + 2 files changed, 47 insertions(+) diff --git a/kubernetes/linux/main.sh b/kubernetes/linux/main.sh index f03318ad1..d75b185fa 100644 --- a/kubernetes/linux/main.sh +++ b/kubernetes/linux/main.sh @@ -1,5 +1,43 @@ #!/bin/bash +waitforlisteneronTCPport() { + local sleepdurationsecs=1 + local totalsleptsecs=0 + local port=$1 + local waittimesecs=$2 + local numeric='^[0-9]+$' + local varlistener="" + + if [ -z "$1" ] || [ -z "$2" ]; then + echo "${FUNCNAME[0]} called with incorrect arguments<$1 , $2>. Required arguments <#port, #wait-time-in-seconds>" + return -1 + else + + if [[ $port =~ $numeric ]] && [[ $waittimesecs =~ $numeric ]]; then + #local varlistener=$(netstat -lnt | awk '$6 == "LISTEN" && $4 ~ ":25228$"') + while true + do + if [ $totalsleptsecs -gt $waittimesecs ]; then + echo "${FUNCNAME[0]} giving up waiting for listener on port:$port after $totalsleptsecs secs" + return 1 + fi + varlistener=$(netstat -lnt | awk '$6 == "LISTEN" && $4 ~ ":'"$port"'$"') + if [ -z "$varlistener" ]; then + echo "${FUNCNAME[0]} waiting for $sleepdurationsecs more sec for listener on port:$port ..." + sleep $sleepdurationsecs + totalsleptsecs=$(($totalsleptsecs+1)) + else + echo "${FUNCNAME[0]} found listener on port:$port in $totalsleptsecs secs" + return 0 + fi + done + else + echo "${FUNCNAME[0]} called with non-numeric arguments<$1 , $2>. Required arguments <#port, #wait-time-in-seconds>" + return -1 + fi + fi +} + if [ -e "/etc/config/kube.conf" ]; then cat /etc/config/kube.conf > /etc/opt/microsoft/omsagent/sysconf/omsagent.d/container.conf elif [ "${CONTAINER_TYPE}" == "PrometheusSidecar" ]; then @@ -689,6 +727,14 @@ echo "export HOST_ETC=/hostfs/etc" >> ~/.bashrc export HOST_VAR=/hostfs/var echo "export HOST_VAR=/hostfs/var" >> ~/.bashrc +if [ ! -e "/etc/config/kube.conf" ]; then + if [ "${CONTAINER_TYPE}" == "PrometheusSidecar" ]; then + echo "Skip waiting for listener on tcp #25228" + else + echo "checking for listener on tcp #25228 and waiting for 30 secs if not.." + waitforlisteneronTCPport 25228 30 + fi +fi #start telegraf /opt/telegraf --config $telegrafConfFile & diff --git a/source/plugins/ruby/out_mdm.rb b/source/plugins/ruby/out_mdm.rb index 6238eb51a..7eaa6e5f5 100644 --- a/source/plugins/ruby/out_mdm.rb +++ b/source/plugins/ruby/out_mdm.rb @@ -102,6 +102,7 @@ def start else @http_client = Net::HTTP.new(@post_request_uri.host, @post_request_uri.port) end + @http_client.instance_eval { @ssl_context = OpenSSL::SSL::SSLContext.new(:TLSv1_2) } @http_client.use_ssl = true @log.info "POST Request url: #{@@post_request_url}" ApplicationInsightsUtility.sendCustomEvent("AKSCustomMetricsMDMPluginStart", {}) From 9813dbebc63d1e7d884cf60ee9a5eb336c557073 Mon Sep 17 00:00:00 2001 From: vishwanath Date: Mon, 17 May 2021 23:21:27 -0700 Subject: [PATCH 2/3] add wait for all telegraf dependencies across all containers (ds & rs) --- kubernetes/linux/main.sh | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/kubernetes/linux/main.sh b/kubernetes/linux/main.sh index d75b185fa..c7d939034 100644 --- a/kubernetes/linux/main.sh +++ b/kubernetes/linux/main.sh @@ -23,7 +23,7 @@ waitforlisteneronTCPport() { fi varlistener=$(netstat -lnt | awk '$6 == "LISTEN" && $4 ~ ":'"$port"'$"') if [ -z "$varlistener" ]; then - echo "${FUNCNAME[0]} waiting for $sleepdurationsecs more sec for listener on port:$port ..." + #echo "${FUNCNAME[0]} waiting for $sleepdurationsecs more sec for listener on port:$port ..." sleep $sleepdurationsecs totalsleptsecs=$(($totalsleptsecs+1)) else @@ -729,11 +729,17 @@ echo "export HOST_VAR=/hostfs/var" >> ~/.bashrc if [ ! -e "/etc/config/kube.conf" ]; then if [ "${CONTAINER_TYPE}" == "PrometheusSidecar" ]; then - echo "Skip waiting for listener on tcp #25228" + echo "checking for listener on tcp #25229 and waiting for 30 secs if not.." + waitforlisteneronTCPport 25229 30 else + echo "checking for listener on tcp #25226 and waiting for 30 secs if not.." + waitforlisteneronTCPport 25226 30 echo "checking for listener on tcp #25228 and waiting for 30 secs if not.." waitforlisteneronTCPport 25228 30 fi +else + echo "checking for listener on tcp #25226 and waiting for 30 secs if not.." + waitforlisteneronTCPport 25226 30 fi #start telegraf From e4bdf4d10ee8cb18bd9c232152b166f4b1dbd731 Mon Sep 17 00:00:00 2001 From: vishwanath Date: Tue, 18 May 2021 11:39:27 -0700 Subject: [PATCH 3/3] remove ssl change so we dont include as part of the other fix until we test with att nodes. --- source/plugins/ruby/out_mdm.rb | 1 - 1 file changed, 1 deletion(-) diff --git a/source/plugins/ruby/out_mdm.rb b/source/plugins/ruby/out_mdm.rb index 7eaa6e5f5..6238eb51a 100644 --- a/source/plugins/ruby/out_mdm.rb +++ b/source/plugins/ruby/out_mdm.rb @@ -102,7 +102,6 @@ def start else @http_client = Net::HTTP.new(@post_request_uri.host, @post_request_uri.port) end - @http_client.instance_eval { @ssl_context = OpenSSL::SSL::SSLContext.new(:TLSv1_2) } @http_client.use_ssl = true @log.info "POST Request url: #{@@post_request_url}" ApplicationInsightsUtility.sendCustomEvent("AKSCustomMetricsMDMPluginStart", {})