We are trying to configure AntiMalware extensions for classic Azure Cloud Services by changing the service definition file (csdef). We know we can do this via powershell/portal, but we want this to be part of the definition so that re-deployments don't wipe out the config each time.
We've added the import entry:
<Import moduleName="AntiMalware" />
As well as the settings definitions:
<Setting name="Microsoft.WindowsAzure.Plugins.Antimalware.ServiceLocation" />
<Setting name="Microsoft.WindowsAzure.Plugins.Antimalware.EnableAntimalware" />
<Setting name="Microsoft.WindowsAzure.Plugins.Antimalware.EnableRealtimeProtection" />
<Setting name="Microsoft.WindowsAzure.Plugins.Antimalware.EnableWeeklyScheduledScans" />
<Setting name="Microsoft.WindowsAzure.Plugins.Antimalware.DayForWeeklyScheduledScans" />
<Setting name="Microsoft.WindowsAzure.Plugins.Antimalware.TimeForWeeklyScheduledScans" />
<Setting name="Microsoft.WindowsAzure.Plugins.Antimalware.ExcludedExtensions" />
<Setting name="Microsoft.WindowsAzure.Plugins.Antimalware.ExcludedPaths" />
<Setting name="Microsoft.WindowsAzure.Plugins.Antimalware.ExcludedProcesses" />
But when I try to build/package the cloud service using Visual Studio 2019 v16.8.2 and I get the following error:
Unable to import module AntiMalware. No manifest was found.
There seems to be virtually no documentation on this outside of very out dated blog posts. I'm wondering if the name of this module changed?
I agree that you provide the method in the link, use the definition and use the ps1 file to install AntiMalware.
Searching a lot of documents and materials, your needs should be achievable, and there are detailed steps in the 2012 official documents.
Microsoft Endpoint Protection for Windows Azure Customer Technology Preview Now Available For Free Download
There are also blogs explaining about this .csdef file, using <Import moduleName="AntiMalware" />.
How to Protect Against Malware on Windows Azure
Suggestions, raise a support ticket on the portal, and seek official final advice. Because this document is too old, I did not try it.
Related
When using NServiceBus the Transport connection string doesn't seem to be fetched from the applicable Cloud configuration first but immediately from the app.config.
Options I've tried:
Using the configuration section (:
cscfg
<ConfigurationSettings>
<Setting name="AzureServiceBusQueueConfig.ConnectionString" value="Endpoint=sb://xxx.servicebus.windows.net/;SharedAccessKeyName=RootManageSharedAccessKey;SharedAccessKey=yyy" />
</ConfigurationSettings>
app.config
<AzureServiceBusQueueConfig ConnectionString="Endpoint=sb://xxx.servicebus.windows.net/;SharedAccessKeyName=RootManageSharedAccessKey;SharedAccessKey=yyy" />
Using a custom connection string name:
cscfg
<ConfigurationSettings>
<Setting name="NServiceBus.Transport" value="Endpoint=sb://xxx.servicebus.windows.net/;SharedAccessKeyName=RootManageSharedAccessKey;SharedAccessKey=yyy" />
</ConfigurationSettings>
app.config
<connectionStrings>
<add name="NServiceBus.Transport" connectionString="Endpoint=sb://xxx.servicebus.windows.net/;SharedAccessKeyName=RootManageSharedAccessKey;SharedAccessKey=yyy"/>
</connectionStrings>
Also tried to override it by using the following line of code, since this issue is still open (https://github.com/Particular/NServiceBus.AzureServiceBus/issues/20):
configuration.UseTransport<AzureServiceBusTransport>().ConnectionString(CloudConfigurationManager.GetSetting("AzureServiceBusQueueConfig.ConnectionString"));
Or tried to set the connection string name manually, which works again using the app.config but doesn't let the cscfg override.
configuration.UseTransport<AzureServiceBusTransport>().ConnectionStringName("NServiceBus.Transport");
Did you turn the azure configuration source on? You can do so using following extension method on the bus configuration:
.AzureConfigurationSource()
I am writing a new Cloud Service in .NET using Azure SDK 2.5.
I'm aware that there have been some significant changes to diagnostics with the 2.5 SDK rekesae.
Where I am getting conflicting information is whether or not I can still use Azure Diagnostics to capture Trace.* output to WADLogsTable in Azure Table Storage?
I'm aware that I can use ETW as an alternative, but that's now what I'm asking for.
According to this article I can still use Trace to capture my logs with Azure Diagnostics 1.3 - which I understand has shipped with SDK 2.5.
Unfortunately I cannot get it to work.
The app.config of my worker role looks like:
<?xml version="1.0" encoding="utf-8" ?>
<configuration>
<system.diagnostics>
<trace>
<listeners>
<add type="Microsoft.WindowsAzure.Diagnostics.DiagnosticMonitorTraceListener, Microsoft.WindowsAzure.Diagnostics, Version=2.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"
name="AzureDiagnostics">
<filter type="" />
</add>
</listeners>
</trace>
</system.diagnostics>
</configuration>
Throughout the code in my worker role I have tracing code that looks like this:
Trace.TraceInformation("Something happened");
My public diagnostics.wadcfg file looks like this:
<?xml version="1.0" encoding="utf-8"?>
<PublicConfig xmlns="http://schemas.microsoft.com/ServiceHosting/2010/10/DiagnosticsConfiguration">
<WadCfg>
<DiagnosticMonitorConfiguration overallQuotaInMB="4096">
<Logs scheduledTransferPeriod="PT1M" scheduledTransferLogLevelFilter="Information" />
</DiagnosticMonitorConfiguration>
</WadCfg>
<StorageAccount>mystorageAccount</StorageAccount>
</PublicConfig>
I have used this file to configure the diagnostics service extension using the PowerShell command:
Set-AzureServiceDiagnosticsExtension
No WADLogsTable is ever created.
If I enable other diagnostics services such as Perf Counter then the relevant tables (WADPerformanceCountersTable) are created and populated.
I am using:
Visual Studio 2012
.NET 4.5.1
Azure Powershell (latest v from Web Platform Installer)
Azure SDK 2.5
Can anyone put me out of my misery?
Many Thanks
How are you deploying? On the same setup (VS2012, Azure 2.5 SDK), I only saw the WADLogsTable get created using the Visual Studio "Publish" wizard, which apparently configures the diagnostics extension for you. See:
https://msdn.microsoft.com/en-us/library/azure/dn873976.aspx
Diagnostics configuration must be applied separately after deployment - Because Azure SDK version 2.5 uses the extension model, the diagnostics extension and configuration are no longer part of the deployment package and must be applied separately after the deployment. Visual Studio will apply the extension and configuration for you when you use the Publish wizard to deploy your application [...]
I wasn't able to get the PowerShell cmdlets to work (didn't put much effort into that, honestly) but as a workaround, when I deployed using the VS "Publish" wizard, the WADLogsTable was created and I could see my logs flowing. This didn't happen when I packaged and uploaded through the Azure Portal.
It may be this way for the foreseeable future; the situation doesn't seem to have changed in the 2.6 SDK (though they fixed a lot of the irksomeness with diagnostics in 2.5): https://msdn.microsoft.com/en-us/library/azure/dn186185.aspx
I just created a default worker role that is producing trace logs and I noticed one difference in the public config
<?xml version="1.0" encoding="utf-8"?>
<PublicConfig xmlns="http://schemas.microsoft.com/ServiceHosting/2010/10/DiagnosticsConfiguration">
<WadCfg>
<DiagnosticMonitorConfiguration overallQuotaInMB="4096">
<WindowsEventLog scheduledTransferPeriod="PT1M">
<DataSource name="Application!*" />
</WindowsEventLog>
<Logs scheduledTransferPeriod="PT1M" scheduledTransferLogLevelFilter="Information" />
</DiagnosticMonitorConfiguration>
</WadCfg>
<StorageAccount>mystorageAccount</StorageAccount>
</PublicConfig>
I've got a web.config that contains my SQL connection string and my Azure Blob storage connection string.
A Web.Config transformation replaces my Local SQL connection string with the Azure one.
When I publish the site to Azure, the Blob storage connection string is deleted and replaced with a duplicate SQL connection string, but with the blob storage string's name.
The only way I've found to fix is to log in via FTP and manually change the erroneous Storage connection string with the correct one from my local machine.
How do I get VS to publish my web config to Azure and leave it alone!!!
Web.Config
<connectionStrings>
<add name="DefaultConnection" connectionString="Data Source=(LocalDB)\v11.0;AttachDbFilename=|DataDirectory|\.mdf;Integrated Security=True" providerName="System.Data.SqlClient" />
<add name="StorageConnectionString" connectionString="DefaultEndpointsProtocol=https;AccountName=;AccountKey=" />
</connectionStrings>
Web.Release.Config
<connectionStrings>
<add name="DefaultConnection"
connectionString="Server=.database.windows.net,1433;Database=;User ID=#;Password=!;Trusted_Connection=False;Encrypt=True;Connection Timeout=30;"
providerName="System.Data.SqlClient"
xdt:Transform="SetAttributes" xdt:Locator="Match(name)"/>
I had a similar issue to yours. I'm not sure why but when you define the connection strings in the "Configure tab" in the azure portal and associate a "Linked Resource" on the linked resource tab it may override certain properties in the Web.config transform causing unexpected results. One of the options when you set up a new azure website is linking to (or creating a new) database to associate with your website - thereby automatically assigning the related connection string which may try to override your transform operation defined in the Web.Release.config.
Check and see if removing all connection strings and linked resources inside the "Azure Portal" fixes your problem. Just make sure that you have both your production database and storage connections strings defined properly in the Web.Release.config.
I struggled with this problem this morning and I came up with a solution for VS2015/17.
So I have an Azure VM, and to publish my web app on this machine, I used the Web deploy to an Azure VM proposed by VS.
I put my connection strings in an external file, so the useful part of my web.config looks like this :
</entityFramework>
<connectionStrings configSource="ConnectionStrings.config">
</connectionStrings>
</configuration>
in order to prevent VS of adding some connection strings during publication (ADO.Net code first MSSQL database connection string in my case), you can edit the following file in your project :
...\MyProject\Properties\PublishProfiles\YourPublishProfile - WebDeploy.pubxml
In this file look into the ItemGroup part and edit it to delete the connection strings you don't need:
<PublishDatabaseSettings>
<Objects xmlns="">
<ObjectGroup Name="MyProject.Models.MSSQL_DB" Order="1" Enabled="False">
<Destination Path="" />
<Object Type="DbCodeFirst">
<Source Path="DBContext" DbContext="MyProject.Models.MSSQL_DB, MyProject" Origin="Convention" />
</Object>
</ObjectGroup>
</Objects>
</PublishDatabaseSettings>
</PropertyGroup>
<ItemGroup>
<here are some entries delete the ones you don't need/>
</ItemGroup>
Be careful, if you add a file in this repertory, there is chances that it breaks the publication process on VS. Don't add file, just edit.
My Azure project have Web Role and a worker Role. Both roles have some common configurations.
How I could share the configurations instead repeating for both roles.
Now the cscfg file looks like this
<ServiceConfiguration serviceName="xxx" ....>
<Role name="WebRole1">
<Instances count="1" />
<ConfigurationSettings>
....
<Setting name="setting1" value="" />
<Setting name="setting2" value="" />
</ConfigurationSettings>
<Certificates>
.....
</Certificates>
</Role>
<Role name="WorkerRole1">
<Instances count="1" />
<ConfigurationSettings>
....
<Setting name="setting1" value="" />
<Setting name="setting2" value="" />
</ConfigurationSettings>
<Certificates>
.....
</Certificates>
</Role>
</ServiceConfiguration>
After googling I found this http://www.simple-talk.com/blogs/2011/03/16/sharing-configuration-settings-between-windows-azure-roles/ - is there any simple way to achieve the same?
What you've found is really interesting approach, but the mentioned attachment is missing anyway. It is also questionable what will happen if I still have some role-specific settings and I add it(them) to the specific role. That approach (most probably) is limited to providing same settings for all the roles.
What I would do to achieve your goal is a bit different. I would use an Azure Table Storage to store my configuration settings. This might be a bit harder to implement the first time, but from then on, you are free to reuse it in all the projects. The harder bit is that you have to implement your own monitoring logic to monitor for configuration changes. And that's it. You have a common store for settings. You can read/update settings with any free or paid Azure Storage *explorer like tool.
I'm using Windows Azure to host my python project and I'm trying to enable the diagnostics without good results.
As I'm using python and not .NET, the only way I can actually configure it is through config files.
Below my config files:
ServiceDefinition.csdef
...
<Imports>
<Import moduleName="Diagnostics" />
</Imports>
...
ServiceConfiguration.Cloud.cscfg
....
<Setting name="Microsoft.WindowsAzure.Plugins.Diagnostics.ConnectionString" value="DefaultEndpointsProtocol=https;AccountName=<my-account-name>;AccountKey=<my-account-key"/>
....
diagnostics.wadcfg:
<DiagnosticMonitorConfiguration xmlns="http://schemas.microsoft.com/ServiceHosting/2010/10/DiagnosticsConfiguration"
configurationChangePollInterval="PT10M"
overallQuotaInMB="1200">
<DiagnosticInfrastructureLogs bufferQuotaInMB="100"
scheduledTransferLogLevelFilter="Warning"
scheduledTransferPeriod="PT5M" />
<Logs bufferQuotaInMB="200"
scheduledTransferLogLevelFilter="Warning"
scheduledTransferPeriod="PT5M" />
<Directories bufferQuotaInMB="600"
scheduledTransferPeriod="PT5M">
<CrashDumps container="wad-crash-dumps" directoryQuotaInMB="200" />
<FailedRequestLogs container="wad-frq" directoryQuotaInMB="200" />
<IISLogs container="wad-iis" directoryQuotaInMB="200" />
</Directories>
<WindowsEventLog bufferQuotaInMB="200"
scheduledTransferLogLevelFilter="Warning"
scheduledTransferPeriod="PT5M">
<DataSource name="System!*" />
</WindowsEventLog>
</DiagnosticMonitorConfiguration>
In Diagnostics Manager, I can't actually see any data.
Thanks.
May i ask where your diagnostics.wadcfg located? For a regular worker role the diagnostics.wadcfg must be in the root folder and because you don't have worker role module in your project the location of the architecture of your role folder is very important. Be sure to have exact same folder structure in your Python application as a regular worker role and then drop the diagnostics.wadcfg in the role root folder. (add that info back to your question to verify)
Do you see a diagnostics configuration XML is created in your Windows Azure Blob storage which is configured in the *.Diagnostics.ConnectionString. This is a check which suggests that the diagnostics component in the Azure role was able to read the provided configuration and could create the configuration XML at destination blob stroage (same Azure Storage will be use to write log Azure Table storage). Please verify.
Finally your diagnostics.wadcfg need some more work. As this is a non .net worker role you have configured IIS logging (do you really have IIS running in worker role? ) and also have System event log scheduled to transfer "warning only" so if there are no warnings. Finally the log transfer time is set to 5 minutes which is long during test.
What i can suggest as below to test if diagnostics is working or not:
Remove the IIS log if you dont have IIS running the Azure VM
Replace event log DataSource from System!* to Application!* and set filter to Info level
Change the log transfer time to less then a minutes
Run the exact same code in Development Fabric with Diagnostics connection string connected to Actual Azure Storage.
Add custom event log in your machine and see if they are transferred within the time limit to Azure Table storage and specific tables are created
Above should help you to troubleshoot the problem.