microsoft · ganga1980 · Jul 19, 2021 · Jun 14, 2021 · Jun 14, 2021 · Jun 14, 2021
@@ -147,6 +147,9 @@ MAINTAINER:              'Microsoft Corporation'
 
 /etc/fluent/plugin/omslog.rb;                                                           source/plugins/utils/omslog.rb; 644; root; root
 /etc/fluent/plugin/oms_common.rb;                                                       source/plugins/utils/oms_common.rb; 644; root; root
+/etc/fluent/plugin/extension.rb;                                                        source/plugins/utils/extension.rb; 644; root; root
+/etc/fluent/plugin/extension_utils.rb;                                                  source/plugins/utils/extension_utils.rb; 644; root; root
+
 
 /etc/fluent/kube.conf;			                                                          build/linux/installer/conf/kube.conf;                  644; root; root
 /etc/fluent/container.conf;			                                                    build/linux/installer/conf/container.conf;                  644; root; root

@@ -58,6 +58,10 @@ else
       echo "export customResourceId=$AKS_RESOURCE_ID" >> ~/.bashrc
       source ~/.bashrc
       echo "customResourceId:$customResourceId"     
+      export customRegion=$AKS_REGION 
+      echo "export customRegion=$AKS_REGION" >> ~/.bashrc
+      source ~/.bashrc
+      echo "customRegion:$customRegion"  
 fi
 
 #set agent config schema version
@@ -445,33 +449,58 @@ DOCKER_CIMPROV_VERSION=$(dpkg -l | grep docker-cimprov | awk '{print $3}')
 echo "DOCKER_CIMPROV_VERSION=$DOCKER_CIMPROV_VERSION"
 export DOCKER_CIMPROV_VERSION=$DOCKER_CIMPROV_VERSION
 echo "export DOCKER_CIMPROV_VERSION=$DOCKER_CIMPROV_VERSION" >> ~/.bashrc
-echo "*** activating oneagent in legacy auth mode ***"
-CIWORKSPACE_id="$(cat /etc/omsagent-secret/WSID)"     
-#use the file path as its secure than env
-CIWORKSPACE_keyFile="/etc/omsagent-secret/KEY"   
+
+#skip imds lookup since not used either legacy or aad msi auth path
+export SKIP_IMDS_LOOKUP_FOR_LEGACY_AUTH="true"
+echo "export SKIP_IMDS_LOOKUP_FOR_LEGACY_AUTH=$SKIP_IMDS_LOOKUP_FOR_LEGACY_AUTH" >> ~/.bashrc  
 cat /etc/mdsd.d/envmdsd | while read line; do
-     echo $line >> ~/.bashrc
+   echo $line >> ~/.bashrc
 done
-source /etc/mdsd.d/envmdsd
-echo "setting mdsd workspaceid & key for workspace:$CIWORKSPACE_id"
-export CIWORKSPACE_id=$CIWORKSPACE_id
-echo "export CIWORKSPACE_id=$CIWORKSPACE_id" >> ~/.bashrc      
-export CIWORKSPACE_keyFile=$CIWORKSPACE_keyFile
-echo "export CIWORKSPACE_keyFile=$CIWORKSPACE_keyFile" >> ~/.bashrc
-export OMS_TLD=$domain
-echo "export OMS_TLD=$OMS_TLD" >> ~/.bashrc      
-export MDSD_FLUENT_SOCKET_PORT="29230"
-echo "export MDSD_FLUENT_SOCKET_PORT=$MDSD_FLUENT_SOCKET_PORT" >> ~/.bashrc
-
-#skip imds lookup since not used in legacy auth path  
-export SKIP_IMDS_LOOKUP_FOR_LEGACY_AUTH="true"
-echo "export SKIP_IMDS_LOOKUP_FOR_LEGACY_AUTH=$SKIP_IMDS_LOOKUP_FOR_LEGACY_AUTH" >> ~/.bashrc
-
+source /etc/mdsd.d/envmdsd 
+MDSD_AAD_MSI_AUTH_ARGS=""
+# check if its AAD Auth MSI mode via USING_AAD_MSI_AUTH 
+export AAD_MSI_AUTH_MODE=false 
+if [ "${USING_AAD_MSI_AUTH}" == "true" ]; then
+   echo "*** activating oneagent in aad auth msi mode ***"   
+   # msi auth specific args
+   MDSD_AAD_MSI_AUTH_ARGS="-a -A"    
+   export AAD_MSI_AUTH_MODE=true
+   echo "export AAD_MSI_AUTH_MODE=true" >> ~/.bashrc        
+
+   export MDSD_FLUENT_SOCKET_PORT="28230"
+   echo "export MDSD_FLUENT_SOCKET_PORT=$MDSD_FLUENT_SOCKET_PORT" >> ~/.bashrc
+   export MCS_ENDPOINT="handler.control.monitor.azure.com"
+   echo "export MCS_ENDPOINT=$MCS_ENDPOINT" >> ~/.bashrc
+   export AZURE_ENDPOINT="https://monitor.azure.com/"
+   echo "export AZURE_ENDPOINT=$AZURE_ENDPOINT" >> ~/.bashrc
+   export ADD_REGION_TO_MCS_ENDPOINT="true"
+   echo "export ADD_REGION_TO_MCS_ENDPOINT=$ADD_REGION_TO_MCS_ENDPOINT" >> ~/.bashrc
+   export ENABLE_MCS="true"
+   echo "export ENABLE_MCS=$ENABLE_MCS" >> ~/.bashrc
+   export MONITORING_USE_GENEVA_CONFIG_SERVICE="false"
+   echo "export MONITORING_USE_GENEVA_CONFIG_SERVICE=$MONITORING_USE_GENEVA_CONFIG_SERVICE" >> ~/.bashrc
+   export MDSD_USE_LOCAL_PERSISTENCY="false"
+   echo "export MDSD_USE_LOCAL_PERSISTENCY=$MDSD_USE_LOCAL_PERSISTENCY" >> ~/.bashrc   
+else 
+  echo "*** activating oneagent in legacy auth mode ***"
+  CIWORKSPACE_id="$(cat /etc/omsagent-secret/WSID)"  
+  #use the file path as its secure than env
+  CIWORKSPACE_keyFile="/etc/omsagent-secret/KEY"  
+  echo "setting mdsd workspaceid & key for workspace:$CIWORKSPACE_id"
+  export CIWORKSPACE_id=$CIWORKSPACE_id
+  echo "export CIWORKSPACE_id=$CIWORKSPACE_id" >> ~/.bashrc   
+  export CIWORKSPACE_keyFile=$CIWORKSPACE_keyFile
+  echo "export CIWORKSPACE_keyFile=$CIWORKSPACE_keyFile" >> ~/.bashrc
+  export OMS_TLD=$domain
+  echo "export OMS_TLD=$OMS_TLD" >> ~/.bashrc   
+  export MDSD_FLUENT_SOCKET_PORT="29230"
+  echo "export MDSD_FLUENT_SOCKET_PORT=$MDSD_FLUENT_SOCKET_PORT" >> ~/.bashrc  
+fi
 source ~/.bashrc
 
 dpkg -l | grep mdsd | awk '{print $2 " " $3}'
 
-if [ "${CONTAINER_TYPE}" == "PrometheusSidecar" ]; then   
+if [ "${CONTAINER_TYPE}" == "PrometheusSidecar" ]; then
     echo "starting mdsd with mdsd-port=26130, fluentport=26230 and influxport=26330 in legacy auth mode in sidecar container..."                 
     #use tenant name to avoid unix socket conflict and different ports for port conflict
     #roleprefix to use container specific mdsd socket
@@ -482,11 +511,11 @@ if [ "${CONTAINER_TYPE}" == "PrometheusSidecar" ]; then
     source ~/.bashrc
     mkdir /var/run/mdsd-${CONTAINER_TYPE}
     # add -T 0xFFFF for full traces
-    mdsd -r ${MDSD_ROLE_PREFIX} -p 26130 -f 26230 -i 26330 -e ${MDSD_LOG}/mdsd.err -w ${MDSD_LOG}/mdsd.warn -o ${MDSD_LOG}/mdsd.info -q ${MDSD_LOG}/mdsd.qos &
-else          
-   echo "starting mdsd in legacy auth mode in main container..."
-   # add -T 0xFFFF for full traces
-   mdsd -e ${MDSD_LOG}/mdsd.err -w ${MDSD_LOG}/mdsd.warn -o ${MDSD_LOG}/mdsd.info -q ${MDSD_LOG}/mdsd.qos &  
+    mdsd ${MDSD_AAD_MSI_AUTH_ARGS} -r ${MDSD_ROLE_PREFIX} -p 26130 -f 26230 -i 26330 -e ${MDSD_LOG}/mdsd.err -w ${MDSD_LOG}/mdsd.warn -o ${MDSD_LOG}/mdsd.info -q ${MDSD_LOG}/mdsd.qos &
+else      
+    echo "starting mdsd in legacy auth mode in main container..."
+    # add -T 0xFFFF for full traces
+    mdsd ${MDSD_AAD_MSI_AUTH_ARGS} -e ${MDSD_LOG}/mdsd.err -w ${MDSD_LOG}/mdsd.warn -o ${MDSD_LOG}/mdsd.info -q ${MDSD_LOG}/mdsd.qos &
 fi
 
 # no dependency on fluentd for prometheus side car container  

@@ -10,7 +10,7 @@ sed -i -e 's/# en_US.UTF-8 UTF-8/en_US.UTF-8 UTF-8/' /etc/locale.gen && \
     update-locale LANG=en_US.UTF-8
 
 #install oneagent - Official bits (05/17/2021)
-wget https://github.com/microsoft/Docker-Provider/releases/download/05172021-oneagent/azure-mdsd_1.10.1-build.master.213_x86_64.deb
+wget https://github.com/microsoft/Docker-Provider/raw/gangams/ci-aad-auth-msi/oneagent-dev/azure-mdsd_1.10.1-build.dev_x86_64.deb
 
 /usr/bin/dpkg -i $TMPDIR/azure-mdsd*.deb
 cp -f $TMPDIR/mdsd.xml /etc/mdsd.d

@@ -43,6 +43,7 @@ function Start-FileSystemWatcher {
 
 function Set-EnvironmentVariables {
     $domain = "opinsights.azure.com"
+    $mcs_endpoint = "monitor.azure.com"
     $cloud_environment = "public"
     if (Test-Path /etc/omsagent-secret/DOMAIN) {
         # TODO: Change to omsagent-secret before merging
@@ -53,10 +54,14 @@ function Set-EnvironmentVariables {
     # Set DOMAIN
     [System.Environment]::SetEnvironmentVariable("DOMAIN", $domain, "Process")
     [System.Environment]::SetEnvironmentVariable("DOMAIN", $domain, "Machine")
+
+    # Set MCS Endpoint
+    [System.Environment]::SetEnvironmentVariable("MCS_ENDPOINT", $mcs_endpoint, "Process")
+    [System.Environment]::SetEnvironmentVariable("MCS_ENDPOINT", $mcs_endpoint, "Machine")
 
     # Set CLOUD_ENVIRONMENT
     [System.Environment]::SetEnvironmentVariable("CLOUD_ENVIRONMENT", $cloud_environment, "Process")
-    [System.Environment]::SetEnvironmentVariable("CLOUD_ENVIRONMENT", $cloud_environment, "Machine")
+    [System.Environment]::SetEnvironmentVariable("CLOUD_ENVIRONMENT", $cloud_environment, "Machine")      
 
     $wsID = ""
     if (Test-Path /etc/omsagent-secret/WSID) {
@@ -229,6 +234,22 @@ function Set-EnvironmentVariables {
         Write-Host "Failed to set environment variable HOSTNAME for target 'machine' since it is either null or empty"
     }
 
+    # check if its AAD Auth MSI mode via USING_AAD_MSI_AUTH environment variable
+    $isAADMSIAuth = [System.Environment]::GetEnvironmentVariable("USING_AAD_MSI_AUTH", "process")
+    if (![string]::IsNullOrEmpty($isAADMSIAuth)) {
+        [System.Environment]::SetEnvironmentVariable("AAD_MSI_AUTH_MODE", $isAADMSIAuth, "Process")
+        [System.Environment]::SetEnvironmentVariable("AAD_MSI_AUTH_MODE", $isAADMSIAuth, "Machine")
+        Write-Host "Successfully set environment variable AAD_MSI_AUTH_MODE - $($isAADMSIAuth) for target 'machine'..."      
+    }    
+
+    # check if use token proxy endpoint set via USE_IMDS_TOKEN_PROXY_END_POINT environment variable
+    $useIMDSTokenProxyEndpoint = [System.Environment]::GetEnvironmentVariable("USE_IMDS_TOKEN_PROXY_END_POINT", "process")
+    if (![string]::IsNullOrEmpty($useIMDSTokenProxyEndpoint)) {
+        [System.Environment]::SetEnvironmentVariable("USE_IMDS_TOKEN_PROXY_END_POINT", $useIMDSTokenProxyEndpoint, "Process")
+        [System.Environment]::SetEnvironmentVariable("USE_IMDS_TOKEN_PROXY_END_POINT", $useIMDSTokenProxyEndpoint, "Machine")
+        Write-Host "Successfully set environment variable USE_IMDS_TOKEN_PROXY_END_POINT - $($useIMDSTokenProxyEndpoint) for target 'machine'..."          
+    }      
+
     # run config parser
     ruby /opt/omsagentwindows/scripts/ruby/tomlparser.rb
     .\setenv.ps1

@@ -0,0 +1,186 @@
+# 1 - ContainerLogV2
+> Note- Please note, this table uses NG schema
+```
+stream-id: Microsoft-ContainerLogV2
+data-type: CONTAINERINSIGHTS_CONTAINERLOGV2
+intelligence-pack: ContainerInsights
+solutions: ContainerInsights
+platform: Any
+la-table-name: ContainerLogV2
+alias-stream-id: Microsoft-ContainerLogV2
+contact-alias: [email protected]
+stage: to review
+tags: agent
+```
+
+# 2 - InsightsMetrics
+```
+stream-id: Microsoft-InsightsMetrics
+data-type: INSIGHTS_METRICS_BLOB
+intelligence-pack: ContainerInsights
+solutions: ContainerInsights
+platform: Any
+la-table-name: InsightsMetrics
+alias-stream-id: Microsoft-InsightsMetrics
+contact-alias: [email protected]
+stage: to review
+tags: agent
+```
+
+# 3 - ContainerInventory
+
+```
+stream-id: Microsoft-ContainerInventory
+data-type: CONTAINER_INVENTORY_BLOB
+intelligence-pack: ContainerInsights
+solutions: ContainerInsights
+platform: Any
+la-table-name: ContainerInventory
+alias-stream-id: Microsoft-ContainerInventory
+contact-alias: [email protected]
+stage: to review
+tags: agent
+```
+
+# 4 - ContainerLog
+
+```
+stream-id: Microsoft-ContainerLog
+data-type: CONTAINER_LOG_BLOB
+intelligence-pack: Containers
+solutions: ContainerInsights
+platform: Any
+la-table-name: ContainerLog
+alias-stream-id: Microsoft-ContainerLog
+contact-alias: [email protected]
+stage: to review
+tags: agent
+```
+
+# 5 - ContainerNodeInventory
+
+```
+stream-id: Microsoft-ContainerNodeInventory
+data-type: CONTAINER_NODE_INVENTORY_BLOB
+intelligence-pack: ContainerInsights
+solutions: ContainerInsights
+platform: Any
+la-table-name: ContainerNodeInventory
+alias-stream-id: Microsoft-ContainerNodeInventory
+contact-alias: [email protected]
+stage: to review
+tags: agent
+```
+
+# 6 - KubePodInventory
+```
+stream-id: Microsoft-KubePodInventory
+data-type: KUBE_POD_INVENTORY_BLOB
+intelligence-pack: ContainerInsights
+solutions: ContainerInsights
+platform: Any
+la-table-name: KubePodInventory
+alias-stream-id: Microsoft-KubePodInventory
+contact-alias: [email protected]
+stage: to review
+tags: agent
+```
+
+# 7 - KubeNodeInventory
+```
+stream-id: Microsoft-KubeNodeInventory
+data-type: KUBE_NODE_INVENTORY_BLOB
+intelligence-pack: ContainerInsights
+solutions: ContainerInsights
+platform: Any
+la-table-name: KubeNodeInventory
+alias-stream-id: Microsoft-KubeNodeInventory
+contact-alias: [email protected]
+stage: to review
+tags: agent
+```
+
+# 8 - KubePVInventory
+```
+stream-id: Microsoft-KubePVInventory
+data-type: KUBE_PV_INVENTORY_BLOB
+intelligence-pack: ContainerInsights
+solutions: ContainerInsights
+platform: Any
+la-table-name: KubePVInventory
+alias-stream-id: Microsoft-KubePVInventory
+contact-alias: [email protected]
+stage: to review
+tags: agent
+```
+
+# 9 - KubeEvents
+```
+stream-id: Microsoft-KubeEvents
+data-type: KUBE_EVENTS_BLOB
+intelligence-pack: ContainerInsights
+solutions: ContainerInsights
+platform: Any
+la-table-name: KubeEvents
+alias-stream-id: Microsoft-KubeEvents
+contact-alias: [email protected]
+stage: to review
+tags: agent
+```
+
+# 10 - KubeServices
+```
+stream-id: Microsoft-KubeServices
+data-type: KUBE_SERVICES_BLOB
+intelligence-pack: ContainerInsights
+solutions: ContainerInsights
+platform: Any
+la-table-name: KubeServices
+alias-stream-id: Microsoft-KubeServices
+contact-alias: [email protected]
+stage: to review
+tags: agent
+```
+
+# 11 - KubeMonAgentEvents
+```
+stream-id: Microsoft-KubeMonAgentEvents
+data-type: KUBE_MON_AGENT_EVENTS_BLOB
+intelligence-pack: Containers
+solutions: ContainerInsights
+platform: Any
+la-table-name: KubeMonAgentEvents
+alias-stream-id: Microsoft-KubeMonAgentEvents
+contact-alias: [email protected]
+stage: to review
+tags: agent
+```
+
+# 12 - KubeHealth
+```
+stream-id: Microsoft-KubeHealth
+data-type: KUBE_HEALTH_BLOB
+intelligence-pack: ContainerInsights
+solutions: ContainerInsights
+platform: Any
+la-table-name: KubeHealth
+alias-stream-id: Microsoft-KubeHealth
+contact-alias: [email protected]
+stage: to review
+tags: agent
+```
+
+# 13 - Perf
+```
+> Note - This stream already exists
+stream-id: Microsoft-Perf
+data-type: LINUX_PERF_BLOB
+intelligence-pack: LogManagement
+solutions: ContainerInsights
+platform: Any
+la-table-name: LogManagement
+alias-stream-id: Microsoft-Perf
+contact-alias: [email protected]
+stage: to review
+tags: agent
+```