Gangams/enable arc onboarding to ff (#478)

* wip * updates * trigger login if the ctx cloud not same as specified cloud * add missed commit
microsoft · Dec 18, 2020 · 9cb058c · 9cb058c
1 parent 064bc06
commit 9cb058c
Show file tree

Hide file tree

Showing 5 changed files with 130 additions and 21 deletions.
diff --git a/scripts/onboarding/managed/disable-monitoring.ps1 b/scripts/onboarding/managed/disable-monitoring.ps1
@@ -15,6 +15,8 @@
         tenantId of the service principal which will be used for the azure login
     .PARAMETER kubeContext (optional)
         kube-context of the k8 cluster to install Azure Monitor for containers HELM chart
+    .PARAMETER azureCloudName (optional)
+        Name of the Azure cloud name. Supported Azure cloud Name is AzureCloud or AzureUSGovernment
 
     Pre-requisites:
       -  Azure Managed cluster Resource Id
@@ -34,7 +36,9 @@ param(
     [Parameter(mandatory = $false)]
     [string]$tenantId,
     [Parameter(mandatory = $false)]
-    [string]$kubeContext
+    [string]$kubeContext,
+    [Parameter(mandatory = $false)]
+    [string]$azureCloudName
 )
 
 $helmChartReleaseName = "azmon-containers-release-1"
@@ -46,6 +50,21 @@ $isAksCluster =  $false
 $isAroV4Cluster = $false
 $isUsingServicePrincipal = $false
 
+if ([string]::IsNullOrEmpty($azureCloudName) -eq $true) {
+    Write-Host("Azure cloud name parameter not passed in so using default cloud as AzureCloud")
+    $azureCloudName = "AzureCloud"
+} else {
+    if(($azureCloudName.ToLower() -eq "azurecloud" ) -eq $true) {
+        Write-Host("Specified Azure Cloud name is : $azureCloudName")
+    } elseif (($azureCloudName.ToLower() -eq "azureusgovernment" ) -eq $true) {
+        Write-Host("Specified Azure Cloud name is : $azureCloudName")
+    } else {
+        Write-Host("Specified Azure Cloud name is : $azureCloudName")
+        Write-Host("Only supported Azure clouds are : AzureCloud and AzureUSGovernment")
+        exit
+    }
+}
+
 # checks the required Powershell modules exist and if not exists, request the user permission to install
 $azAccountModule = Get-Module -ListAvailable -Name Az.Accounts
 $azResourcesModule = Get-Module -ListAvailable -Name Az.Resources
@@ -226,14 +245,19 @@ Write-Host("Cluster SubscriptionId : '" + $clusterSubscriptionId + "' ") -Foregr
 if ($isUsingServicePrincipal) {
     $spSecret = ConvertTo-SecureString -String $servicePrincipalClientSecret -AsPlainText -Force
     $spCreds = New-Object -TypeName "System.Management.Automation.PSCredential" -ArgumentList $servicePrincipalClientId,$spSecret
-    Connect-AzAccount -ServicePrincipal -Credential $spCreds -Tenant $tenantId -Subscription $clusterSubscriptionId
+    Connect-AzAccount -ServicePrincipal -Credential $spCreds -Tenant $tenantId -Subscription $clusterSubscriptionId -Environment $azureCloudName
 }
 
 try {
     Write-Host("")
     Write-Host("Trying to get the current Az login context...")
     $account = Get-AzContext -ErrorAction Stop
-    Write-Host("Successfully fetched current AzContext context...") -ForegroundColor Green
+    $ctxCloud = $account.Environment.Name
+    if(($azureCloudName.ToLower() -eq $ctxCloud.ToLower() ) -eq $false) {
+        Write-Host("Specified azure cloud name is not same as current context cloud hence setting account to null to retrigger the login" ) -ForegroundColor Green
+        $account = $null
+    }
+    Write-Host("Successfully fetched current AzContext context and azure cloud name: $azureCloudName" ) -ForegroundColor Green
     Write-Host("")
 }
 catch {
@@ -249,10 +273,10 @@ if ($null -eq $account.Account) {
         if ($isUsingServicePrincipal) {
             $spSecret = ConvertTo-SecureString -String $servicePrincipalClientSecret -AsPlainText -Force
             $spCreds = New-Object -TypeName "System.Management.Automation.PSCredential" -ArgumentList $servicePrincipalClientId,$spSecret
-            Connect-AzAccount -ServicePrincipal -Credential $spCreds -Tenant $tenantId -Subscription $clusterSubscriptionId
+            Connect-AzAccount -ServicePrincipal -Credential $spCreds -Tenant $tenantId -Subscription $clusterSubscriptionId -Environment $azureCloudName
         } else {
            Write-Host("Please login...")
-          Connect-AzAccount -subscriptionid $clusterSubscriptionId
+          Connect-AzAccount -subscriptionid $clusterSubscriptionId -Environment $azureCloudName
         }
     }
     catch {

diff --git a/scripts/onboarding/managed/disable-monitoring.sh b/scripts/onboarding/managed/disable-monitoring.sh
@@ -280,10 +280,27 @@ done
 
 }
 
+validate_and_configure_supported_cloud() {
+  echo "get active azure cloud name configured to azure cli"
+  azureCloudName=$(az cloud show --query name -o tsv | tr "[:upper:]" "[:lower:]")
+  echo "active azure cloud name configured to azure cli: ${azureCloudName}"
+  if [ "$isArcK8sCluster" = true ]; then
+    if [ "$azureCloudName" != "azurecloud" -a  "$azureCloudName" != "azureusgovernment" ]; then
+      echo "-e only supported clouds are AzureCloud and AzureUSGovernment for Azure Arc enabled Kubernetes cluster type"
+      exit 1
+    fi
+  else
+    # For ARO v4, only supported cloud is public so just configure to public to keep the existing behavior
+    configure_to_public_cloud
+  fi
+}
 
 # parse args
 parse_args $@
 
+# validate and configure azure cloud
+validate_and_configure_supported_cloud
+
 # parse cluster resource id
 clusterSubscriptionId="$(echo $clusterResourceId | cut -d'/' -f3 | tr "[:upper:]" "[:lower:]")"
 clusterResourceGroup="$(echo $clusterResourceId | cut -d'/' -f5)"

diff --git a/scripts/onboarding/managed/enable-monitoring.ps1 b/scripts/onboarding/managed/enable-monitoring.ps1
@@ -22,6 +22,8 @@
     .PARAMETER proxyEndpoint (optional)
         Provide Proxy endpoint if you have K8s cluster behind the proxy and would like to route Azure Monitor for containers outbound traffic via proxy.
         Format of the proxy endpoint should be http(s://<user>:<password>@<proxyhost>:<port>
+    .PARAMETER azureCloudName (optional)
+       Name of the Azure cloud name. Supported Azure cloud Name is AzureCloud or AzureUSGovernment
 
      Pre-requisites:
       -  Azure Managed cluster Resource Id
@@ -46,7 +48,9 @@ param(
     [Parameter(mandatory = $false)]
     [string]$workspaceResourceId,
     [Parameter(mandatory = $false)]
-    [string]$proxyEndpoint
+    [string]$proxyEndpoint,
+    [Parameter(mandatory = $false)]
+    [string]$azureCloudName
 )
 
 $solutionTemplateUri = "https://raw.githubusercontent.com/microsoft/Docker-Provider/ci_dev/scripts/onboarding/templates/azuremonitor-containerSolution.json"
@@ -63,6 +67,24 @@ $mcr = "mcr.microsoft.com"
 $mcrChartVersion = "2.7.9"
 $mcrChartRepoPath = "azuremonitor/containerinsights/preview/azuremonitor-containers"
 $helmLocalRepoName = "."
+$omsAgentDomainName="opinsights.azure.com"
+
+if ([string]::IsNullOrEmpty($azureCloudName) -eq $true) {
+    Write-Host("Azure cloud name parameter not passed in so using default cloud as AzureCloud")
+    $azureCloudName = "AzureCloud"
+} else {
+    if(($azureCloudName.ToLower() -eq "azurecloud" ) -eq $true) {
+        Write-Host("Specified Azure Cloud name is : $azureCloudName")
+        $omsAgentDomainName="opinsights.azure.com"
+    } elseif (($azureCloudName.ToLower() -eq "azureusgovernment" ) -eq $true) {
+        Write-Host("Specified Azure Cloud name is : $azureCloudName")
+        $omsAgentDomainName="opinsights.azure.us"
+    } else {
+        Write-Host("Specified Azure Cloud name is : $azureCloudName")
+        Write-Host("Only supported azure clouds are : AzureCloud and AzureUSGovernment")
+        exit
+    }
+}
 
 # checks the required Powershell modules exist and if not exists, request the user permission to install
 $azAccountModule = Get-Module -ListAvailable -Name Az.Accounts
@@ -244,14 +266,19 @@ Write-Host("Cluster SubscriptionId : '" + $clusterSubscriptionId + "' ") -Foregr
 if ($isUsingServicePrincipal) {
     $spSecret = ConvertTo-SecureString -String $servicePrincipalClientSecret -AsPlainText -Force
     $spCreds = New-Object -TypeName "System.Management.Automation.PSCredential" -ArgumentList $servicePrincipalClientId, $spSecret
-    Connect-AzAccount -ServicePrincipal -Credential $spCreds -Tenant $tenantId -Subscription $clusterSubscriptionId
+    Connect-AzAccount -ServicePrincipal -Credential $spCreds -Tenant $tenantId -Subscription $clusterSubscriptionId -Environment $azureCloudName
 }
 
 try {
     Write-Host("")
     Write-Host("Trying to get the current Az login context...")
     $account = Get-AzContext -ErrorAction Stop
-    Write-Host("Successfully fetched current AzContext context...") -ForegroundColor Green
+    $ctxCloud = $account.Environment.Name
+    if(($azureCloudName.ToLower() -eq $ctxCloud.ToLower() ) -eq $false) {
+        Write-Host("Specified azure cloud name is not same as current context cloud hence setting account to null to retrigger the login" ) -ForegroundColor Green
+        $account = $null
+    }
+    Write-Host("Successfully fetched current AzContext context and azure cloud name: $azureCloudName" ) -ForegroundColor Green
     Write-Host("")
 }
 catch {
@@ -266,11 +293,12 @@ if ($null -eq $account.Account) {
         if ($isUsingServicePrincipal) {
             $spSecret = ConvertTo-SecureString -String $servicePrincipalClientSecret -AsPlainText -Force
             $spCreds = New-Object -TypeName "System.Management.Automation.PSCredential" -ArgumentList $servicePrincipalClientId, $spSecret
-            Connect-AzAccount -ServicePrincipal -Credential $spCreds -Tenant $tenantId -Subscription $clusterSubscriptionId
+
+            Connect-AzAccount -ServicePrincipal -Credential $spCreds -Tenant $tenantId -Subscription $clusterSubscriptionId -Environment $azureCloudName
         }
         else {
             Write-Host("Please login...")
-            Connect-AzAccount -subscriptionid $clusterSubscriptionId
+            Connect-AzAccount -subscriptionid $clusterSubscriptionId -Environment $azureCloudName
         }
     }
     catch {
@@ -380,7 +408,8 @@ if ([string]::IsNullOrEmpty($workspaceResourceId)) {
         "westeurope"         = "westeurope" ;
         "westindia"          = "centralindia" ;
         "westus"             = "westus" ;
-        "westus2"            = "westus2"
+        "westus2"            = "westus2";
+        "usgovvirginia"      = "usgovvirginia"
     }
 
     $workspaceRegionCode = "EUS"
@@ -531,7 +560,7 @@ try {
 
     Write-Host("helmChartRepoPath is : ${helmChartRepoPath}")
 
-    $helmParameters = "omsagent.secret.wsid=$workspaceGUID,omsagent.secret.key=$workspacePrimarySharedKey,omsagent.env.clusterId=$clusterResourceId,omsagent.env.clusterRegion=$clusterRegion"
+    $helmParameters = "omsagent.domain=$omsAgentDomainName,omsagent.secret.wsid=$workspaceGUID,omsagent.secret.key=$workspacePrimarySharedKey,omsagent.env.clusterId=$clusterResourceId,omsagent.env.clusterRegion=$clusterRegion"
     if ([string]::IsNullOrEmpty($proxyEndpoint) -eq $false) {
         Write-Host("using proxy endpoint since its provided")
         $helmParameters = $helmParameters + ",omsagent.proxy=$proxyEndpoint"

diff --git a/scripts/onboarding/managed/enable-monitoring.sh b/scripts/onboarding/managed/enable-monitoring.sh
@@ -38,8 +38,10 @@
 set -e
 set -o pipefail
 
-# default to public cloud since only supported cloud is azure public clod
+# default to public cloud since only supported cloud is azure public cloud
 defaultAzureCloud="AzureCloud"
+# default domain will be for public cloud
+omsAgentDomainName="opinsights.azure.com"
 
 # released chart version in mcr
 mcrChartVersion="2.7.9"
@@ -307,6 +309,25 @@ parse_args() {
 
 }
 
+validate_and_configure_supported_cloud() {
+  echo "get active azure cloud name configured to azure cli"
+  azureCloudName=$(az cloud show --query name -o tsv | tr "[:upper:]" "[:lower:]")
+  echo "active azure cloud name configured to azure cli: ${azureCloudName}"
+  if [ "$isArcK8sCluster" = true ]; then
+    if [ "$azureCloudName" != "azurecloud" -a  "$azureCloudName" != "azureusgovernment" ]; then
+      echo "-e only supported clouds are AzureCloud and AzureUSGovernment for Azure Arc enabled Kubernetes cluster type"
+      exit 1
+    fi
+    if [ "$azureCloudName" = "azureusgovernment" ]; then
+      echo "setting omsagent domain as opinsights.azure.us since the azure cloud is azureusgovernment "
+      omsAgentDomainName="opinsights.azure.us"
+    fi
+  else
+    # For ARO v4, only supported cloud is public so just configure to public to keep the existing behavior
+    configure_to_public_cloud
+  fi
+}
+
 configure_to_public_cloud() {
   echo "Set AzureCloud as active cloud for az cli"
   az cloud set -n $defaultAzureCloud
@@ -398,8 +419,10 @@ create_default_log_analytics_workspace() {
     [westindia]=centralindia
     [westus]=westus
     [westus2]=westus2
+    [usgovvirginia]=usgovvirginia
   )
 
+  echo "cluster Region:"$clusterRegion
   if [ -n "${AzureCloudRegionToOmsRegionMap[$clusterRegion]}" ]; then
     workspaceRegion=${AzureCloudRegionToOmsRegionMap[$clusterRegion]}
   fi
@@ -433,6 +456,7 @@ create_default_log_analytics_workspace() {
 
   workspaceResourceId=$(az resource show -g $workspaceResourceGroup -n $workspaceName --resource-type $workspaceResourceProvider --query id)
   workspaceResourceId=$(echo $workspaceResourceId | tr -d '"')
+  echo "workspace resource Id: ${workspaceResourceId}"
 }
 
 add_container_insights_solution() {
@@ -504,18 +528,18 @@ install_helm_chart() {
     echo "using proxy endpoint since proxy configuration passed in"
     if [ -z "$kubeconfigContext" ]; then
       echo "using current kube-context since --kube-context/-k parameter not passed in"
-      helm upgrade --install $releaseName --set omsagent.proxy=$proxyEndpoint,omsagent.secret.wsid=$workspaceGuid,omsagent.secret.key=$workspaceKey,omsagent.env.clusterId=$clusterResourceId,omsagent.env.clusterRegion=$clusterRegion $helmChartRepoPath
+      helm upgrade --install $releaseName --set omsagent.domain=$omsAgentDomainName,omsagent.proxy=$proxyEndpoint,omsagent.secret.wsid=$workspaceGuid,omsagent.secret.key=$workspaceKey,omsagent.env.clusterId=$clusterResourceId,omsagent.env.clusterRegion=$clusterRegion $helmChartRepoPath
     else
       echo "using --kube-context:${kubeconfigContext} since passed in"
-      helm upgrade --install $releaseName --set omsagent.proxy=$proxyEndpoint,omsagent.secret.wsid=$workspaceGuid,omsagent.secret.key=$workspaceKey,omsagent.env.clusterId=$clusterResourceId,omsagent.env.clusterRegion=$clusterRegion $helmChartRepoPath --kube-context ${kubeconfigContext}
+      helm upgrade --install $releaseName --set omsagent.domain=$omsAgentDomainName,omsagent.proxy=$proxyEndpoint,omsagent.secret.wsid=$workspaceGuid,omsagent.secret.key=$workspaceKey,omsagent.env.clusterId=$clusterResourceId,omsagent.env.clusterRegion=$clusterRegion $helmChartRepoPath --kube-context ${kubeconfigContext}
     fi
   else
     if [ -z "$kubeconfigContext" ]; then
       echo "using current kube-context since --kube-context/-k parameter not passed in"
-      helm upgrade --install $releaseName --set omsagent.secret.wsid=$workspaceGuid,omsagent.secret.key=$workspaceKey,omsagent.env.clusterId=$clusterResourceId,omsagent.env.clusterRegion=$clusterRegion $helmChartRepoPath
+      helm upgrade --install $releaseName --set omsagent.domain=$omsAgentDomainName,omsagent.secret.wsid=$workspaceGuid,omsagent.secret.key=$workspaceKey,omsagent.env.clusterId=$clusterResourceId,omsagent.env.clusterRegion=$clusterRegion $helmChartRepoPath
     else
       echo "using --kube-context:${kubeconfigContext} since passed in"
-      helm upgrade --install $releaseName --set omsagent.secret.wsid=$workspaceGuid,omsagent.secret.key=$workspaceKey,omsagent.env.clusterId=$clusterResourceId,omsagent.env.clusterRegion=$clusterRegion $helmChartRepoPath --kube-context ${kubeconfigContext}
+      helm upgrade --install $releaseName --set omsagent.domain=$omsAgentDomainName,omsagent.secret.wsid=$workspaceGuid,omsagent.secret.key=$workspaceKey,omsagent.env.clusterId=$clusterResourceId,omsagent.env.clusterRegion=$clusterRegion $helmChartRepoPath --kube-context ${kubeconfigContext}
     fi
   fi
 
@@ -560,8 +584,8 @@ enable_aks_monitoring_addon() {
 # parse and validate args
 parse_args $@
 
-# configure azure cli for public cloud
-configure_to_public_cloud
+# validate and configure azure cli for cloud
+validate_and_configure_supported_cloud
 
 # parse cluster resource id
 clusterSubscriptionId="$(echo $clusterResourceId | cut -d'/' -f3 | tr "[:upper:]" "[:lower:]")"

diff --git a/scripts/onboarding/managed/upgrade-monitoring.sh b/scripts/onboarding/managed/upgrade-monitoring.sh
@@ -281,11 +281,26 @@ set_azure_subscription() {
   echo "successfully configured subscription id: ${subscriptionId} as current subscription for the azure cli"
 }
 
+validate_and_configure_supported_cloud() {
+  echo "get active azure cloud name configured to azure cli"
+  azureCloudName=$(az cloud show --query name -o tsv | tr "[:upper:]" "[:lower:]")
+  echo "active azure cloud name configured to azure cli: ${azureCloudName}"
+  if [ "$isArcK8sCluster" = true ]; then
+    if [ "$azureCloudName" != "azurecloud" -a  "$azureCloudName" != "azureusgovernment" ]; then
+      echo "-e only supported clouds are AzureCloud and AzureUSGovernment for Azure Arc enabled Kubernetes cluster type"
+      exit 1
+    fi
+  else
+    # For ARO v4, only supported cloud is public so just configure to public to keep the existing behavior
+    configure_to_public_cloud
+  fi
+}
+
 # parse and validate args
 parse_args $@
 
-# configure azure cli for public cloud
-configure_to_public_cloud
+# configure azure cli for cloud
+validate_and_configure_supported_cloud
 
 # parse cluster resource id
 clusterSubscriptionId="$(echo $clusterResourceId | cut -d'/' -f3 | tr "[:upper:]" "[:lower:]")"