Azure-alert: Unable to create azure alert in gov subscription - azure

Call the api to create an alert in Gov subscription:
ret = await HttpHelper.PutAsync(
new Uri($"https://{app.AzureManagementBaseUri}/subscriptions/{alert["SubscriptionId"]}/" +
$"resourcegroups/{alert["ResourceGroupName"]}/providers/microsoft.insights/" +
$"metricAlerts/{alert["Name"]}?api-version=2017-09-01-preview"),
alertJson, app.AccessToken, cancellationToken).ConfigureAwait(false);
But throws an error:
Error: 'Error while calling 'https://management.usgovcloudapi.net/subscriptions/subid/resourcegroups/ctxwsgs-appinsights/providers/microsoft.insights/alertrules/"alertName"'. StatusCode: BadRequest. Response: '{"code":"ResourceNotSupported","message":"The target resource id '/subscriptions/subid/resourceGroups/ not supported."
The same code works fine for others subscriptions, did I missed some configuration in the gov subscription?

This appears to be a known issue with enabling microsoft.insights in Azure Government. The only way to enable Application Insights via the traditional Add Application Insights Telemetry button in Visual Studio requires a small manual workaround. If you do not use this workaround you will get the error you described.
To mitigate the issue, you must perform these steps:
Switch Visual Studio to target the Azure Government cloud.
Create (or if already existing set) the User Environment variable for AzureGraphApiVersion as follows: (To create a User Environment variable go to Control Panel > System > Advanced system settings > Advanced > Environment Variables.)
Variable name: AzureGraphApiVersion Variable value: 2014-04-01
Make the appropriate Application Insights SDK endpoint modifications for either ASP.NET or ASP.NET Core depending on your project type.
Source: https://learn.microsoft.com/en-us/azure/azure-government/documentation-government-services-monitoringandmanagement

Related

Azure DevOps Release Pipeline Fails Every Time

Currently, trying to configure a release pipeline in Azure Devops. I've successfully created a CI pipeline that is working and running tests successfully. My release pipeline uses the artifacts from latest the CI build and should be deploying to azure. When I look at the logs I can see the the following were completed successfully:
Initialize Agent
Initialize job
Download arifact
and then the "Deploy to Azure App Service" fails with the logs showing the following details:
2019-02-07T19:06:57.5433805Z Got service connection details for Azure App Service:'MyApp'
2019-02-07T19:06:57.5487495Z ##[error]Error: Failed to get resource ID for resource type 'Microsoft.Web/Sites' and resource name 'MyAPP'. Error: Could not fetch access token for Managed Service Principal. Please configure Managed Service Identity (MSI) for virtual machine 'https://aka.ms/azure-msi-docs'. Status code: 400, status message: Bad Request
2019-02-07T19:06:57.5496340Z Failed to add release annotation. TypeError: Cannot read property 'getApplicationSettings' of undefined
I haven't been able to find much to help with this so far. I created the release pipeline by selecting Azure App Service deployment from the templates for stage 1 of the pipline (I only have one stage) and I added an artifact who's source is from my build pipeline. I then selected the Tasks tab and selected my Pay-as-you-go subscription under "Available Azure Service Connections". After selecting my subscription, my app service name became available in the "App service name" dropdown and I selected it. I then hit save and tried to create a release but every release fails with the above error message.
What can I do to overcome this?
Finally found a solution to my issue. The problem was in the way I set up my service connection. I went to:
project settings -> service connections -> new service connection -> selected azure resource manager -> selected service principal authentication INSTEAD OF managed identity authentication -> a popup came up that allowed me to log in and authorize.
Then I used that service connection when creating the release pipeline instead of the pre-existing Pay-As-You-Go subscription that I used last time.
Previously when I tried this, I had an adblocker running and it blocked the popup which allowed me to authorize when I selected service principal authentication. That resulted in an "Unable to authorize account" error message which is why I went with managed identity authentication in the first place.
In my case, it was related to a chrome extension I have added 'enable CORS' plugin. After disabling, release pipeline worked nicely

Can't log in service princible from VSTS, but works in TFS and Azure Portal state success

I'm sitting in a project where I will move from TFS to VSTS so we do have a working release definition.
But when I try deploying a service fabric cluster i get the following error:
2018-08-28T09:02:59.8922249Z ##[error]An error occurred attempting to acquire an Azure Active Directory token. Ensure that your service endpoint is configured properly with valid credentials. Error message: Exception calling "AcquireToken" with "3" argument(s): "AADSTS50079: Due to a configuration change made by your administrator, or because you moved to a new location, you must enroll in multi-factor authentication to access '< service principle Id >'.
Trace ID: < guid1 is here >
Correlation ID: < guid2 is here >
Then I go to the azure portal -> AAD -> Sign In -> look up my specific sign in (based on correlation Id) and there it state that Sign-in status is Success
Considering this works for our TFS instance i assume the service principle is correctly set up. But since the build/deploy agents is now on a VM in azure instead of on prem for TFS, is there anything i need to change?
Traffic should be OK, i can navigate to the https-adress to the cluster from the VM with agents.
I've tried google it, but to no success so hopefully someone can point me to the right direction where to look.
And in portal, 'MFA is required' is no, so multi factor should not be neccesary.
Just try using certificate based authentication instead of using AAD Authentication in the service endpoint configuration.
Reference the same issue here: https://github.com/Microsoft/vsts-tasks/issues/7714
If that still not work, just try to create a new endpoint, then try it again.

Azure portal application settings: "Failed to load settings" (ReadOnlyDisabledSubscription)

In the Azure portal I select my web app and then "Application settings" and it shows this:
An error message, "Failed to load settings", for application settings and also for connection strings.
How do I fix this?
Additional information:
Another user with the same privileges than me is also experiencing this issue when going to the same Application settings page. Also I'm able to deploy so I have the privilege to modify web.config
Additional information #2:
So I used Chrome Inspector as suggested and its trying to get application settings with a POST to https://management.azure.com/subscriptions/xxxxxxxxxxx/resourceGroups/xxx/providers/Microsoft.Web/sites/xxx/config/appSettings/list?api-version=2015-08-01
This is the JSON response:
{
"error": {
"code":"ReadOnlyDisabledSubscription",
"message":"The subscription 'xxxxxxxxxx' is disabled and therefore marked as read only. You cannot perform any write actions on this subscription until it is re-enabled."
}
}
Sometimes the Azure portal has bugs.
Also try https://preview.portal.azure.com, occasionally that works for me when the main portal has errors.

How can I programatically (C#) read the autoscale settings for a WebApp?

I'm trying to build a small program to change the autoscale settings for our Azure WebApps, using the Microsoft.WindowsAzure.Management.Monitoring and Microsoft.WindowsAzure.Management.WebSites NuGet packages.
I have been roughly following the guide here.
However, we are interested in scaling WebApps / App Services rather than Cloud Services, so I am trying to use the same code to read the autoscale settings but providing a resource ID for our WebApp. I have already got the credentials required for making a connection (using a browser window popup for Active Directory authentication, but I understand we can use X.509 management certificates for non-interactive programs).
This is the request I'm trying to make. Credentials already established, and an exception is thrown earlier if they're not valid.
AutoscaleClient autoscaleClient = new AutoscaleClient(credentials);
var resourceId = AutoscaleResourceIdBuilder.BuildWebSiteResourceId(webspaceName: WebSpaceNames.NorthEuropeWebSpace, serverFarmName: "Default2");
AutoscaleSettingGetResponse get = autoscaleClient.Settings.Get(resourceId); // exception here
The WebApp (let's call it "MyWebApp") is part of an App Service Plan called "Default2" (Standard: 1 small), in a Resource Group called "WebDevResources", in the North Europe region. I expect that my problem is that I am using the wrong names to build the resourceId in the code - the naming conventions in the library don't map well onto what I can see in the Azure Portal.
I'm assuming that BuildWebSiteResourceId is the correct method to call, see MSDN documentation here.
However the two parameters it takes are webspaceName and serverFarmName, neither of which match anything in the Azure portal (or Google). I found another example which seemed to be using the WebApp's geo region for webSpaceName, so I've used the predefined value for North Europe where our app is hosted.
While trying to find the correct value for serverFarmName in the Azure Portal, I found the Resource ID for the App Service Plan, which looks like this:
/subscriptions/{subscription-guid}/resourceGroups/WebDevResources/providers/Microsoft.Web/serverfarms/Default2
That resource ID isn't valid for the call I'm trying to make, but it does support the idea that a 'serverfarm' is the same as an App Service Plan.
When I run the code, regardless of whether the resourceId parameters seem to be correct or garbage, I get this error response:
<string xmlns="http://schemas.microsoft.com/2003/10/Serialization/">
{"Code":"SettingNotFound","Message":"Could not find the autoscale settings."}
</string>
So, how can I construct the correct resource ID for my WebApp or App Service Plan? Or alternatively, is there a different tree I should be barking up to programatially manage WebApp scaling?
Update:
The solution below got the info I wanted. I also found the Azure resource explorer at resources.azure.com extremely useful to browse existing resources and find the correct names. For example, the name for my autoscale settings is actually "Default2-WebDevResources", i.e. "{AppServicePlan}-{ResourceGroup}" which I wouldn't have expected.
There is a preview service https://resources.azure.com/ where you can inspect all your resources easily. If you search for autoscale in the UI you will easily find the settings for your resource. It will also show you how to call the relevant REST Api endpoint to read or update that resorce.
It's a great tool for revealing a lot of details for your deployed resources and it will actually give you an ARM template stub for the resource you are looking at.
And to answer your question, you could programmatically call the REST API from a client with updated settings for autoscale. The REST API is one way of doing this, the SDK another and PowerShell a third.
The guide which you're following is based on the Azure Service Management model, aka Classic mode, which is deprecated and only exists mainly for backward compatibility support.
You should use the latest
Microsoft.Azure.Insights nuget package for getting the autoscale settings.
Sample code using the nuget above is as below:
using Microsoft.Azure.Management.Insights;
using Microsoft.Rest;
//... Get necessary values for the required parameters
var client = new InsightsManagementClient(new TokenCredentials(token));
client.AutoscaleSettings.Get(resourceGroupName, autoScaleSettingName);
Besides, the autoscalesettings is a resource under the "Microsoft.Insights" provider and not under the "Microsoft.Web" provider, which explains why you are not able to find it with your serverfarm resourceId.
See the REST API Reference below for getting the autoscale settings.
GET
https://management.azure.com/subscriptions/{subscription-id}/resourceGroups/{resource-group-name}/providers/microsoft.insights/autoscaleSettings/{autoscale-setting-name}?api-version={api-version}

Azure Cloud Service (Classic) Roles do not start when I have Swashbuckle and ANY implementation of IOperationFilter

We have an asp.net web api project deployed to an Azure Cloud Service (classic) that has been running fine using Swashbuckle for almost a year. We configure it like so...
GlobalConfiguration.Configuration
.EnableSwagger(c =>
{
c.SingleApiVersion("v1", "PartnerAPI");
c.UseFullTypeNameInSchemaIds();
}).EnableSwaggerUi(c => { });
Recently we needed to tweak the swagger generated output by plugging in an IOperationFilter. However our Azure Cloud Service (Classic) instance will not start if we create a class that implements the IOperationFilter. We don't even try to configure Swagger to use it. Just the fact that there is a class that implements that interface in our solution causes the deploy to fail stating...
2016-12-29T16:10:26.1066042Z ##[error]BadRequest : Your role instances have recycled a number of times during an update or upgrade operation. This indicates that the new version of your service or the configuration settings you provided when configuring the service prevent the role instances from running. Verify your code does not throw unhandled exceptions and that your configuration settings are correct and then start another update or upgrade operation.
Some Notes:
Everything runs fine on my machine, directly and in the azure emulator
Everything runs fine on teammates machine same as above
The following message appears to be related in the event logs on the azure machine when I rdp into it.
File Server Resource Manager was unable to access the following file or volume: 'E:'. This file or volume might be locked by another application right now, or you might need to give Local System access to it.
Same problem in Swashbuckle versions 5 and 5.5
No new nuget packages or references to the project
Only a "using Swashbuckle.Swagger;' that was added to the SwaggerConfig.cs
The Azure Portal reports the following for the "Instance Status Message"...
[12/29T16:43Z]Failed to load role entrypoint. System.Reflection.ReflectionTypeLoadException: Unable to load one or more of the requested types. Retrieve the LoaderExceptions property for more information. at System.Reflection.RuntimeModule.GetTypes(RuntimeModule module) at System.Reflection.Assembly.GetTypes() at Microsoft.WindowsAzure.ServiceRuntime.RoleEnvironment.GetRoleEntryPoint(Assembly entryPointAssembly) --- End of inner exception stack trace --- at Microsoft.WindowsAzure.ServiceRuntime.RoleEnvironment.GetRoleEntryPoint(Assembly entryPointAssembly) at Microsoft.WindowsAzure.ServiceRuntime.RoleEnvironment.CreateRoleEntryPoint(RoleType roleTypeEnum) at Microsoft.WindowsAzure.ServiceRuntime.RoleEnvironment.InitializeRoleInternal(RoleType roleTypeEnum)' Last exit time: [2016/12/29, 16:43:59.525]. Last exit code: 0.

Resources