Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

VMs not connecting to Log Analytics Workspace #1931

Closed
5 tasks done
Tracked by #1922
jemrobinson opened this issue Jun 7, 2024 · 1 comment · Fixed by #2279
Closed
5 tasks done
Tracked by #1922

VMs not connecting to Log Analytics Workspace #1931

jemrobinson opened this issue Jun 7, 2024 · 1 comment · Fixed by #2279
Assignees
@craddm
Labels
bug Problem when deploying a Data Safe Haven.
Milestone
Release 5.1.0

Comments

@jemrobinson
Copy link
Member

✅ Checklist

  • I have searched open and closed issues for duplicates.
  • This is a problem observed when deploying a Data Safe Haven.
  • I can reproduce this with the latest version.
  • I have read through the documentation.
  • This isn't an open-ended question (open a discussion if it is).

💻 System information

  • Operating System: macOS
  • Data Safe Haven version: develop @ 1a60d97

🚫 Describe the problem

VMs are not able to connect to the Log Analytics Workspace using the Azure Monitor Agent. This could be a problem with one of the following:

  • NSG rules
  • Installation of the agent on the VM
  • Configuration of the Data Collection Rule (DCR)
  • Configuration of the Data Collection Endpoint (DCE)
  • Association of the VM to the DCR
  • Association of the VM to the DCE
  • Need for another connection (e.g. diagnostic settings connection from the DCR to the workspace).

♻️ To reproduce

Deploy an SRE with an integrated workspace
@jemrobinson jemrobinson added the bug Problem when deploying a Data Safe Haven. label Jun 7, 2024
@jemrobinson jemrobinson mentioned this issue Jun 7, 2024
Merged
3 tasks
@jemrobinson jemrobinson added this to the Release 5.0.0rc2 milestone Jun 7, 2024
@JimMadge JimMadge mentioned this issue Aug 6, 2024
Closed
10 tasks
@JimMadge JimMadge modified the milestones: Release 5.0.0, Release 5.1.0 Aug 13, 2024
@craddm craddm self-assigned this Nov 4, 2024
@craddm
Copy link
Contributor

craddm commented Nov 4, 2024
edited
Loading

To date, this still is not working as deployed by Pulumi.

However, after manually creating another data collection rule, it does work.

I created a new data collection rule in the portal.

  1. creating a new data collection rule also automatically gave the VM a system-assigned managed identity.
  2. Even though when creating the rule I told it not to use a data collection endpoint, it still actually created the new rule with the existing data collection endpoint (which was created by pulumi). This means the new rule is fundamentally the same as the pulumi generated rule.
  3. Deleting the new rule does not stop the log analytics workspace collecting data from the VMs; thus, the old rule now works.
  4. Removing the managed identity from the VM doesn't stop the logs being collected
  5. Deleting the old rule and then reinstating it with Pulumi stops data collection
  6. Manually setting the workspace to have a system-assigned managed identity restarts data collection

It feels like it might be necessary for the VM to have managed identity for data collection to start.

@craddm craddm mentioned this issue Nov 6, 2024
Merged
3 tasks
@craddm craddm modified the milestones: Release 5.2.0, Release 5.1.0 Nov 15, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@craddm craddm

Labels
bug Problem when deploying a Data Safe Haven.
Projects
None yet
Milestone
Release 5.1.0
Development

Successfully merging a pull request may close this issue.

Enable monitoring agent to transmit to log analytics workspace craddm/data-safe-haven
3 participants
@jemrobinson @craddm @JimMadge