How do I configure App Insights instrumentation for an app service via Terraform? Is it all via app_settings, or is there a resource I am missing?
I create app insights resource:
resource "azurerm_application_insights" "app1" {
for_each = local.all_envs
application_type = "web"
location = azurerm_resource_group.rg-webapps.location
name = "appi-app1-${each.value}"
resource_group_name = azurerm_resource_group.rg-webapps.name
retention_in_days = 30
sampling_percentage = 0
workspace_id = azurerm_log_analytics_workspace.log-analytics-workspace[each.value].id
}
I tie it to my app service:
resource "azurerm_windows_web_app" "app1" {
name = "app1"
location = azurerm_resource_group.rg-webapps.location
resource_group_name = azurerm_resource_group.rg-webapps.name
...
app_settings = {
APPLICATIONINSIGHTS_ROLE_NAME = "role1"
APPINSIGHTS_INSTRUMENTATIONKEY = azurerm_application_insights.app1["dev"].instrumentation_key
APPLICATIONINSIGHTS_CONNECTION_STRING = azurerm_application_insights.app1["dev"].connection_string
}
...
}
But it says application insights is not fully enabled:
Is instrumentation controlled by these config keys, which I have to manually set?
Tried to check with appsettings for instrumentation key and connection string in my case and it was not enabled in portal.
app_settings = {
"APPINSIGHTS_INSTRUMENTATIONKEY" = azurerm_application_insights.<app>.instrumentation_key
"APPLICATIONINSIGHTS_CONNECTION_STRING" = azurerm_application_insights.<app>.connection_string
}
Also include ApplicationInsightsAgent_EXTENSION_VERSION in the app settings .
app_settings = {
"APPINSIGHTS_INSTRUMENTATIONKEY" = azurerm_application_insights.<app>.instrumentation_key
"APPLICATIONINSIGHTS_CONNECTION_STRING" = azurerm_application_insights.<app>.connection_string
"APPINSIGHTS_PORTALINFO" = "ASP.NET"
"APPINSIGHTS_PROFILERFEATURE_VERSION" = "1.0.0"
"ApplicationInsightsAgent_EXTENSION_VERSION" = "~2"
}
For working properly, your app may require additional settings from below: check what works for your app.
"APPINSIGHTS_INSTRUMENTATIONKEY"
"APPINSIGHTS_PROFILERFEATURE_VERSION"
"APPINSIGHTS_SNAPSHOTFEATURE_VERSION"
"APPLICATIONINSIGHTS_CONNECTION_STRING"
"ApplicationInsightsAgent_EXTENSION_VERSION"
"DiagnosticServices_EXTENSION_VERSION"
"InstrumentationEngine_EXTENSION_VERSION"
"SnapshotDebugger_EXTENSION_VERSION"
"XDT_MicrosoftApplicationInsights_BaseExtensions"
"XDT_MicrosoftApplicationInsights_Mode"
And try to set a tag on the azurerm_application_insights as said by nancy in SO reference
resource "azurerm_application_insights" "webapp-ka-repo" {
...
tags {
"hidden-link:/subscriptions/<subscription id>/resourceGroups/<rg name>/providers/Microsoft.Web/sites/<site name>": "Resource"
}
}
or
tags = {
"hidden-link:/subscriptions/${data.azurerm_subscription.current.subscription_id}/resourceGroups/${azurerm_resource_group.example.name}/providers/Microsoft.Web/sites/<sitename>” = "Resource"
}
and check if it is enabled.
Related
i get an error saying that nginx is unable to get my secret key noting that it does exists when i checked it in gcp
when i chekced the logs of nginx-ingress-controller , it gives me this error : Error getting SSL certificate "default/my-certs": local SSL certificate default/my-certs was not found. Using default certificate
module "nginx-controller" {
source = "terraform-iaac/nginx-controller/helm"
namespace = "default"
ip_address = data.google_compute_address.ingress_ip_address.address
depends_on=[kubernetes_secret.store_ssl_private_key]
}
service
resource "kubernetes_service_v1" "exposing_app" {
metadata {
name = "service${var.app}"
}
spec {
selector = {
app = var.app
}
port {
port = 80
target_port = 8080
protocol = "TCP"
name = "grpc-server"
}
}
}
creating secret
resource "kubernetes_secret" "store_ssl_private_key" {
metadata {
name = "my-certs"
}
data = {
"tls.crt" = var.CRT
"tls.key" = var.PRIV_KEY_SSL
"ca.crt" = var.CA
}
type = "kubernetes.io/tls"
}
ingress :
resource "kubernetes_ingress_v1" "exposing_app" {
metadata {
name = "exposingapp"
annotations = {
"kubernetes.io/ingress.class"= "nginx"
#"nginx.ingress.kubernetes.io/ssl-redirect"= "false"
#"nginx.ingress.kubernetes.io/ssl-redirect" = "true"
"nginx.org/grpc-services"= "service${var.app} grpc-server"
"nginx.ingress.kubernetes.io/backend-protocol"="GRPC"
"nginx.ingress.kubernetes.io/auth-tls-pass-certificate-to-upstream"= "true"
"nginx.ingress.kubernetes.io/auth-tls-secret"= "default/${kubernetes_secret.store_ssl_private_key.metadata.0.name}"
}
}
spec {
rule {
host = "${var.ENV == "staging" ? var.website_staging:var.website_production}"
http {
path {
backend {
service {
name = kubernetes_service_v1.exposing_app.metadata.0.name
port {
number = 80
}
}
}
path = "/*"
}
}
}
tls {
hosts = ["${var.ENV == "staging" ? var.website_staging:var.website_production}"]
secret_name = kubernetes_secret.store_ssl_private_key.metadata.0.name
}
}
depends_on = [
kubernetes_secret.store_ssl_private_key
]
}
At a first glance, it appears to potentially be related to the way you create the TLS secret in Terraform. In the kubernetes_secret.store_ssl_private_key resource you are setting the various data attributes to Terraform variables. Are you providing those as file() input or simply strings containing the path to the certificate files you have locally?
In order to successfully generate a certificate via Terraform and ensure that it contains the right data, you would have to declare a ca.crt secret attribute of type file, as you would create it via the CLI as indicated here
You could try to decode the base64 value of your secret to ensure that it's properly created. I also found this post that might be helpful in detailing how to create a TLS secret via Terraform.
EDIT1
Another thing that is specified in the official docs for using client certificates is that when they create the secrets they are of type generic and not tls. Could you maybe try and provision a new secret using the commands indicated in the official example? Make sure to also provide the full CA certificate chain for the ca.crt key.
In Corda we are using CordaRPCClient to initiate transaction from the client. Here we are passing username and password to start the connection. Right now I am using hardcoded user name and password. Can I map this to a user table which is there in DB. Please share if there any best practices exists.
Yes you can definitely have rpc users fetched from a database. All you would need is some configuration in the nodes configuration file (node.conf).
The users are generally defined in the security block. Below is how it can be configured.
security = {
authService = {
dataSource = {
type = "DB"
passwordEncryption = "SHIRO_1_CRYPT"
connection = {
jdbcUrl = "<jdbc connection string>"
username = "<db username>"
password = "<db user password>"
driverClassName = "<JDBC driver>"
}
}
options = {
cache = {
expireAfterSecs = 120
maxEntries = 10000
}
}
}
You could find more details in our documentation here.
I have a Cefsharp application which has Html pages with Javascript. Js makes API calls which happens fine if I open cef application in windows but most of API calls are not happening when I am opening same cef application through testcompelete.
On debugging application I am getting CORS warning.
I am using CefCustomScheme which has root folder path, schemeName and host name specified. And provided same shemeName and host name in Address in wpf: chromiumwebrowse tag. If I hard-code root folder path in Address Source binding, its working fine even in testcomplete.
private static CefCustomScheme GetAlmanacScheme(IAppSettings appSettings)
{
try
{
var almanacFolder = appSettings.Settings["ALMANAC_WIDGET_PATH"];
if (string.IsNullOrWhiteSpace(almanacFolder))
{
almanacFolder = Path.Combine(Environment.GetFolderPath(Environment.SpecialFolder.ProgramFiles), "Thermo", "InstConnectAgent", "AlmanacWidget");
}
var factory = new FolderSchemeHandlerFactory(almanacFolder, "thermo", "almanac");
return new CefCustomScheme() { SchemeName = "thermo", SchemeHandlerFactory = factory, IsCorsEnabled = true };
}
catch
{
return null;
}
}
and Source is
private const string WidgetUrl = "thermo://almanac";
public string Source
{
get
{
return WidgetUrl;
}
}
Let's say I have a website on www.website.com. My SaaS with signalr is hosted on www.signalr.com.
Can I connect to www.signalr.com signalr server from www.website.com ?
Instead of :
var connection = $.hubConnection();
var contosoChatHubProxy = connection.createHubProxy('contosoChatHub');
Something like :
var connection = $.hubConnection();
var contosoChatHubProxy = connection.createHubProxy('www.signalr.com/contosoChatHub');
Short answer: Yes - As the SinalR documentation exemplifies.
The first step is enabling cross domain on your server. Now, you can either enable calls from all domains, or only from specified ones. (See this SO post on this matter)
public void Configuration(IAppBuilder app)
{
var policy = new CorsPolicy()
{
AllowAnyHeader = true,
AllowAnyMethod = true,
SupportsCredentials = true
};
policy.Origins.Add("domain"); //be sure to include the port:
//example: "http://localhost:8081"
app.UseCors(new CorsOptions
{
PolicyProvider = new CorsPolicyProvider
{
PolicyResolver = context => Task.FromResult(policy)
}
});
app.MapSignalR();
}
The next step is configuring the client to connect to a specific domain.
Using the generated proxy(see the documentation for more information), you would connect to a hub named TestHub in the following way:
var hub = $.connection.testHub;
//here you define the client methods (at least one of them)
$.connection.hub.start();
Now, the only thing you have to do is specify the URL where SignalR is configured on the server. (basically the server).
By default, if you don't specify it, it is assumed that it is the same domain as the client.
`var hub = $.connection.testHub;
//here you specify the domain:
$.connection.hub.url = "http://yourdomain/signalr" - with the default routing
//if you routed SignalR in other way, you enter the route you defined.
//here you define the client methods (at least one of them)
$.connection.hub.start();`
And that should be it. Hope this helps. Best of luck!
All works fine on my dev machine but if deployed to IIS the process doesn't get started. I am starting a powershell script by
private void RunScript()
{
Process process = null;
try
{
int timeout = 1800000;
var startInfo = new ProcessStartInfo
{
FileName = #"powershell.exe",
Arguments = string.Format("{0} {1}", "\path\toscript", "myParam"),
UseShellExecute = false,
CreateNoWindow = true
};
process = Process.Start(startInfo);
process.WaitForExit(timeout);
}
finally
{
if (!process.HasExited)
{
if (process.Responding)
process.CloseMainWindow();
else
process.Kill();
}
if (process != null)
{
process.Close();
process.Dispose();
}
}
}
Here's what's configured for the app pool this is running under.
Process Model
->Identity = domain user who is a Domain Admin.
->Load User Profile = True
Web App
Authentication is Windows
What else do I need to configure to so that I can run the Process?
As Start-Automating suggested I eventually ended up doing this:
using (Runspace runSpace = RunspaceFactory.CreateRunspace())
{
try
{
runSpace.Open();
RunspaceInvoke scriptInvoker = new RunspaceInvoke(runSpace);
scriptInvoker.Invoke("Set-ExecutionPolicy Unrestricted");
using (Pipeline pipeLine = runSpace.CreatePipeline())
{
var myCommand = new Command(scriptPath);
var myParam1 = new CommandParameter("-paramName", "someValue");
myCommand.Parameters.Add(myParam1);
pipeLine.Commands.Add(myCommand);
pipeLine.Commands.Add("Out-String");
Collection<PSObject> returnObjects = pipeLine.Invoke();
runSpace.Close();
return returnObjects;
}
}
finally
{
runSpace.Close();
}
}
On the IIS server I executed the following powershell command "Set-ExecutionPolicy RemoteSigned"
It's much better to embed the PowerShell APIs the call the .exe
Here's an old link that will get you a PowerShell runspace embedded in ASP.NET per user:
http://powershellpipeworks.com/
Check the permissions of the file system where powershell.exe lives.
Also, check the Security Log in the Event Viewer for authentication errors and access violations.