From 2d0b2b1230595681593afe71668bd028947c4863 Mon Sep 17 00:00:00 2001 From: Bhuvaneswari Santharam Date: Sun, 11 Aug 2019 11:45:14 -0700 Subject: [PATCH 1/5] Changes to get resource group as user input --- diagnosis/getkuberneteslogs.sh | 74 ++++++++++++++-------------------- 1 file changed, 30 insertions(+), 44 deletions(-) diff --git a/diagnosis/getkuberneteslogs.sh b/diagnosis/getkuberneteslogs.sh index 7ba0655..c080034 100755 --- a/diagnosis/getkuberneteslogs.sh +++ b/diagnosis/getkuberneteslogs.sh @@ -18,16 +18,14 @@ printUsage() echo " $0 -i id_rsa -m 192.168.102.34 -u azureuser -n default -n monitoring --disable-host-key-checking" echo " $0 --identity-file id_rsa --user azureuser --vmd-host 192.168.102.32" echo " $0 --identity-file id_rsa --master-host 192.168.102.34 --user azureuser --vmd-host 192.168.102.32" - echo " $0 --identity-file id_rsa --master-host 192.168.102.34 --user azureuser --vmd-host 192.168.102.32 --spn-client-id 00000000-aaaa-aaaa-0000-aaaaaaaaaaaa --spn-client-secret 00000000-aaaa-aaaa-0000-aaaaaaaaaaaa --tenant-id 00000000-0000-0000-0000-000000000000 --upload-logs" + echo " $0 --identity-file id_rsa --master-host 192.168.102.34 --user azureuser --vmd-host 192.168.102.32 --resource-group myresgrp --upload-logs" echo "" echo "Options:" echo " -u, --user User name associated to the identifity-file" echo " -i, --identity-file RSA private key tied to the public key used to create the Kubernetes cluster (usually named 'id_rsa')" echo " -m, --master-host A master node's public IP or FQDN (host name starts with 'k8s-master-')" echo " -d, --vmd-host The DVM's public IP or FQDN (host name starts with 'vmd-')" - echo " --spn-client-id Service Principal client Id used to create the Kubernetes cluster" - echo " --spn-client-secret Service Principal client secret used to create the Kubernetes cluster" - echo " -t, --tenant-id Tenant Id" + echo " -r, --resource-group Resource group of kubernetes cluster" echo " -n, --user-namespace Collect logs for containers in the passed namespace (kube-system logs are always collected)" echo " --all-namespaces Collect logs for all containers. Overrides the user-namespace flag" echo " --upload-logs Stores the retrieved logs in an Azure Stack storage account" @@ -66,16 +64,8 @@ do USER="$2" shift 2 ;; - --spn-client-id) - SPN_CLIENT_ID="$2" - shift 2 - ;; - --spn-client-secret) - SPN_CLIENT_SECRET="$2" - shift 2 - ;; - -t|--tenant-id) - TENANT_ID="$2" + -g|--resource-group) + RESOURCE_GROUP="$2" shift 2 ;; -n|--user-namespace) @@ -138,28 +128,14 @@ else || { echo "The identity file $IDENTITYFILE is not a RSA Private Key file."; echo "A RSA private key file starts with '-----BEGIN [RSA|OPENSSH] PRIVATE KEY-----''"; exit 1; } fi -if [ -z "$SPN_CLIENT_ID" -a -z "$SPN_CLIENT_SECRET" ] && [ -n "$UPLOAD_LOGS" ] +if [ -z "$RESOURCE_GROUP" ] && [ -n "$UPLOAD_LOGS" ] then echo "" - echo "[ERR] Service Principal details should be provided if logs are stored in a storage account" + echo "[ERR] Resource group should be provided if logs are stored in a storage account" printUsage exit 1 fi -if [ -z "$TENANT_ID" ] && [ -n "$UPLOAD_LOGS" ] -then - echo "" - echo "[ERR] Tenant Id should be provided if logs are stored in a storage account" - printUsage -fi - -if [ -z "$LOCATION" ] && [ -n "$UPLOAD_LOGS" ] -then - echo "" - echo "[ERR] Location should be provided if logs are stored in a storage account" - printUsage -fi - test $ALLNAMESPACES -eq 0 && unset NAMESPACES # Print user input @@ -168,9 +144,7 @@ echo "user: $USER" echo "identity-file: $IDENTITYFILE" echo "master-host: $MASTER_HOST" echo "vmd-host: $DVM_HOST" -echo "spn-client-id: $SPN_CLIENT_ID" -echo "spn-client-secret: $SPN_CLIENT_SECRET" -echo "tenant-id: $TENANT_ID" +echo "resource-group: $RESOURCE_GROUP" echo "upload-logs: $UPLOAD_LOGS" echo "namespaces: ${NAMESPACES:-all}" echo "" @@ -191,6 +165,29 @@ if [ $? -ne 0 ]; then exit 1 fi +if [ -n "$UPLOAD_LOGS" ]; then + #checks if azure-cli is installed + requirements + + #workaround for SSL interception + export AZURE_CLI_DISABLE_CONNECTION_VERIFICATION=1 + export ADAL_PYTHON_SSL_NO_VERIFY=1 + + #Validate resource-group + location=$(az group show -n $RESOURCE_GROUP --query location) + if [ $? -ne 0 ]; then + echo "[$(date +%Y%m%d%H%M%S)][ERR] Specified Resource group not found." + exit 1 + fi + + #Get the master nodes from the resource group + master_nodes=$(az resource list -g $RESOURCE_GROUP --resource-type "Microsoft.Compute/virtualMachines" --query "[?tags.poolName=='master'].{Name:name}" --output table) + if [ $? -ne 0 ]; then + echo "[$(date +%Y%m%d%H%M%S)][ERR] Kubernetes master nodes not found in the resource group." + exit 1 + fi +fi + if [ -n "$MASTER_HOST" ] then echo "[$(date +%Y%m%d%H%M%S)][INFO] About to collect cluster logs" @@ -259,14 +256,3 @@ fi echo "[$(date +%Y%m%d%H%M%S)][INFO] Done collecting Kubernetes logs" echo "[$(date +%Y%m%d%H%M%S)][INFO] Logs can be found in this location: $LOGFILEFOLDER" - -if [ -n "$UPLOAD_LOGS" ]; then - #checks if azure-cli is installed - requirements - echo "[$(date +%Y%m%d%H%M%S)][INFO] Logging into AzureStack using Azure CLI" - #login into azurestack using spn id and secret - az login --service-principal -u $spn_id -p $spn_secret --tenant $tenant_id - if [ $? -ne 0 ]; then - echo "[$(date +%Y%m%d%H%M%S)][ERR] Error logging into AzureStack" - fi -fi From aa4c041437c2bfbe2074f78eb1a231ce5fec5cb0 Mon Sep 17 00:00:00 2001 From: Bhuvaneswari Santharam Date: Sun, 11 Aug 2019 11:56:15 -0700 Subject: [PATCH 2/5] check the resource group feild --- diagnosis/getkuberneteslogs.sh | 38 ++++++++++++++++------------------ 1 file changed, 18 insertions(+), 20 deletions(-) diff --git a/diagnosis/getkuberneteslogs.sh b/diagnosis/getkuberneteslogs.sh index c080034..8a333ae 100755 --- a/diagnosis/getkuberneteslogs.sh +++ b/diagnosis/getkuberneteslogs.sh @@ -128,10 +128,10 @@ else || { echo "The identity file $IDENTITYFILE is not a RSA Private Key file."; echo "A RSA private key file starts with '-----BEGIN [RSA|OPENSSH] PRIVATE KEY-----''"; exit 1; } fi -if [ -z "$RESOURCE_GROUP" ] && [ -n "$UPLOAD_LOGS" ] +if [ -z "$RESOURCE_GROUP" ] then echo "" - echo "[ERR] Resource group should be provided if logs are stored in a storage account" + echo "[ERR] Resource group should be provided" printUsage exit 1 fi @@ -165,27 +165,25 @@ if [ $? -ne 0 ]; then exit 1 fi -if [ -n "$UPLOAD_LOGS" ]; then - #checks if azure-cli is installed - requirements +#checks if azure-cli is installed +requirements - #workaround for SSL interception - export AZURE_CLI_DISABLE_CONNECTION_VERIFICATION=1 - export ADAL_PYTHON_SSL_NO_VERIFY=1 +#workaround for SSL interception +export AZURE_CLI_DISABLE_CONNECTION_VERIFICATION=1 +export ADAL_PYTHON_SSL_NO_VERIFY=1 - #Validate resource-group - location=$(az group show -n $RESOURCE_GROUP --query location) - if [ $? -ne 0 ]; then - echo "[$(date +%Y%m%d%H%M%S)][ERR] Specified Resource group not found." - exit 1 - fi +#Validate resource-group +location=$(az group show -n $RESOURCE_GROUP --query location) +if [ $? -ne 0 ]; then + echo "[$(date +%Y%m%d%H%M%S)][ERR] Specified Resource group not found." + exit 1 +fi - #Get the master nodes from the resource group - master_nodes=$(az resource list -g $RESOURCE_GROUP --resource-type "Microsoft.Compute/virtualMachines" --query "[?tags.poolName=='master'].{Name:name}" --output table) - if [ $? -ne 0 ]; then - echo "[$(date +%Y%m%d%H%M%S)][ERR] Kubernetes master nodes not found in the resource group." - exit 1 - fi +#Get the master nodes from the resource group +master_nodes=$(az resource list -g $RESOURCE_GROUP --resource-type "Microsoft.Compute/virtualMachines" --query "[?tags.poolName=='master'].{Name:name}" --output table) +if [ $? -ne 0 ]; then + echo "[$(date +%Y%m%d%H%M%S)][ERR] Kubernetes master nodes not found in the resource group." + exit 1 fi if [ -n "$MASTER_HOST" ] From 2b3b72b4f2b9cce6a82beb1881f524776c4295d0 Mon Sep 17 00:00:00 2001 From: Bhuvaneswari Santharam Date: Sun, 11 Aug 2019 11:59:42 -0700 Subject: [PATCH 3/5] usage correction --- diagnosis/getkuberneteslogs.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/diagnosis/getkuberneteslogs.sh b/diagnosis/getkuberneteslogs.sh index 8a333ae..2904c7d 100755 --- a/diagnosis/getkuberneteslogs.sh +++ b/diagnosis/getkuberneteslogs.sh @@ -25,7 +25,7 @@ printUsage() echo " -i, --identity-file RSA private key tied to the public key used to create the Kubernetes cluster (usually named 'id_rsa')" echo " -m, --master-host A master node's public IP or FQDN (host name starts with 'k8s-master-')" echo " -d, --vmd-host The DVM's public IP or FQDN (host name starts with 'vmd-')" - echo " -r, --resource-group Resource group of kubernetes cluster" + echo " -r, --resource-group Kubernetes cluster resource group" echo " -n, --user-namespace Collect logs for containers in the passed namespace (kube-system logs are always collected)" echo " --all-namespaces Collect logs for all containers. Overrides the user-namespace flag" echo " --upload-logs Stores the retrieved logs in an Azure Stack storage account" From 944d1727db65c48d667f37cd5afc16cb66027e5c Mon Sep 17 00:00:00 2001 From: Bhuvaneswari Santharam Date: Sun, 11 Aug 2019 20:49:40 -0700 Subject: [PATCH 4/5] Adding rollback to AzureCLI variables --- diagnosis/getkuberneteslogs.sh | 26 ++++++++++++++++++-------- 1 file changed, 18 insertions(+), 8 deletions(-) diff --git a/diagnosis/getkuberneteslogs.sh b/diagnosis/getkuberneteslogs.sh index 2904c7d..08f979a 100755 --- a/diagnosis/getkuberneteslogs.sh +++ b/diagnosis/getkuberneteslogs.sh @@ -1,6 +1,16 @@ #!/bin/bash +restoreAzureCLIVariables() +{ + EXIT_CODE=$? + #restoring Azure CLI values + export AZURE_CLI_DISABLE_CONNECTION_VERIFICATION=0 + export ADAL_PYTHON_SSL_NO_VERIFY=0 + exit $EXIT_CODE +} + +trap restoreAzureCLIVariables EXIT -requirements() +checkRequirements() { azureversion=$(az --version) if [ $? -eq 0 ]; then @@ -131,7 +141,7 @@ fi if [ -z "$RESOURCE_GROUP" ] then echo "" - echo "[ERR] Resource group should be provided" + echo "[ERR] --resource-group should be provided" printUsage exit 1 fi @@ -166,7 +176,7 @@ if [ $? -ne 0 ]; then fi #checks if azure-cli is installed -requirements +checkRequirements #workaround for SSL interception export AZURE_CLI_DISABLE_CONNECTION_VERIFICATION=1 @@ -175,15 +185,15 @@ export ADAL_PYTHON_SSL_NO_VERIFY=1 #Validate resource-group location=$(az group show -n $RESOURCE_GROUP --query location) if [ $? -ne 0 ]; then - echo "[$(date +%Y%m%d%H%M%S)][ERR] Specified Resource group not found." - exit 1 + echo "[$(date +%Y%m%d%H%M%S)][ERR] Specified Resource group not found." + exit 1 fi #Get the master nodes from the resource group -master_nodes=$(az resource list -g $RESOURCE_GROUP --resource-type "Microsoft.Compute/virtualMachines" --query "[?tags.poolName=='master'].{Name:name}" --output table) +master_nodes=$(az resource list -g $RESOURCE_GROUP --resource-type "Microsoft.Compute/virtualMachines" --query "[?tags.poolName=='master'].{Name:name}" --output tsv) if [ $? -ne 0 ]; then - echo "[$(date +%Y%m%d%H%M%S)][ERR] Kubernetes master nodes not found in the resource group." - exit 1 + echo "[$(date +%Y%m%d%H%M%S)][ERR] Kubernetes master nodes not found in the resource group." + exit 1 fi if [ -n "$MASTER_HOST" ] From 8395256846de7ad76733e4159e5f37fbf4055a62 Mon Sep 17 00:00:00 2001 From: Bhuvaneswari Santharam Date: Mon, 12 Aug 2019 11:37:05 -0700 Subject: [PATCH 5/5] Restoring user values to azure-cli varaibles --- diagnosis/getkuberneteslogs.sh | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/diagnosis/getkuberneteslogs.sh b/diagnosis/getkuberneteslogs.sh index 08f979a..7f664d6 100755 --- a/diagnosis/getkuberneteslogs.sh +++ b/diagnosis/getkuberneteslogs.sh @@ -3,8 +3,8 @@ restoreAzureCLIVariables() { EXIT_CODE=$? #restoring Azure CLI values - export AZURE_CLI_DISABLE_CONNECTION_VERIFICATION=0 - export ADAL_PYTHON_SSL_NO_VERIFY=0 + export AZURE_CLI_DISABLE_CONNECTION_VERIFICATION=$USER_AZURE_CLI_DISABLE_CONNECTION_VERIFICATION + export ADAL_PYTHON_SSL_NO_VERIFY=$USER_ADAL_PYTHON_SSL_NO_VERIFY exit $EXIT_CODE } @@ -175,11 +175,15 @@ if [ $? -ne 0 ]; then exit 1 fi -#checks if azure-cli is installed +#checks if azure-cli is installed checkRequirements +#get user values of azure-cli variables +USER_AZURE_CLI_DISABLE_CONNECTION_VERIFICATION=$AZURE_CLI_DISABLE_CONNECTION_VERIFICATION +USER_ADAL_PYTHON_SSL_NO_VERIFY=$ADAL_PYTHON_SSL_NO_VERIFY + #workaround for SSL interception -export AZURE_CLI_DISABLE_CONNECTION_VERIFICATION=1 +export AZURE_CLI_DISABLE_CONNECTION_VERIFICATION=1 export ADAL_PYTHON_SSL_NO_VERIFY=1 #Validate resource-group