cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Azure App Service Windows automate OneAgent update through ActiveGate

g_kat
Helper

Hello,

we have some Azure App Services for Windows located inside a private network. The Dynatrace Extension has been installed and they communicate with our Dynatrace SaaS tenant through an AG, which is the only resource that can access internet in the subnet. We need to automate the OneAgent updates on the extensions, and for this reason I have developed a PS script to invoke the Kudu REST API(I have attached the script).

When I try it, I get the following output in the App Service log(code tag cuts out part of the log so I text-pasted it here):


System.Net.WebException: The SSL connection could not be established, see inner exception. Authentication failed because the remote party has closed the transport stream. ---> System.Net.Http.HttpRequestException: The SSL connection could not be established, see inner exception. ---> System.IO.IOException: Authentication failed because the remote party has closed the transport stream.
at System.Net.Security.SslState.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.PartialFrameCallback(AsyncProtocolRequest asyncRequest)
--- End of stack trace from previous location where exception was thrown ---
at System.Net.Security.SslState.ThrowIfExceptional()
at System.Net.Security.SslState.InternalEndProcessAuthentication(LazyAsyncResult lazyResult)
at System.Net.Security.SslState.EndProcessAuthentication(IAsyncResult result)
at System.Net.Security.SslStream.EndAuthenticateAsClient(IAsyncResult asyncResult)
at System.Net.Security.SslStream.<>c.<AuthenticateAsClientAsync>b__47_1(IAsyncResult iar)
at System.Threading.Tasks.TaskFactory`1.FromAsyncCoreLogic(IAsyncResult iar, Func`2 endFunction, Action`1 endAction, Task`1 promise, Boolean requiresSynchronization)
--- End of stack trace from previous location where exception was thrown ---
at System.Net.Http.ConnectHelper.EstablishSslConnectionAsyncCore(Stream stream, SslClientAuthenticationOptions sslOptions, CancellationToken cancellationToken)
--- End of inner exception stack trace ---
at System.Net.Http.ConnectHelper.EstablishSslConnectionAsyncCore(Stream stream, SslClientAuthenticationOptions sslOptions, CancellationToken cancellationToken)
at System.Threading.Tasks.ValueTask`1.get_Result()
at System.Net.Http.HttpConnectionPool.CreateConnectionAsync(HttpRequestMessage request, CancellationToken cancellationToken)
at System.Threading.Tasks.ValueTask`1.get_Result()
at System.Net.Http.HttpConnectionPool.WaitForCreatedConnectionAsync(ValueTask`1 creationTask)
at System.Threading.Tasks.ValueTask`1.get_Result()
at System.Net.Http.HttpConnectionPool.SendWithRetryAsync(HttpRequestMessage request, Boolean doRequestAuth, CancellationToken cancellationToken)
at System.Net.Http.RedirectHandler.SendAsync(HttpRequestMessage request, CancellationToken cancellationToken)
at System.Net.Http.HttpClient.FinishSendAsyncUnbuffered(Task`1 sendTask, HttpRequestMessage request, CancellationTokenSource cts, Boolean disposeCts)
at System.Net.HttpWebRequest.SendRequest()
at System.Net.HttpWebRequest.EndGetResponse(IAsyncResult asyncResult)
--- End of inner exception stack trace ---
at System.Net.HttpWebRequest.EndGetResponse(IAsyncResult asyncResult)
at System.Net.WebClient.GetWebResponse(WebRequest request, IAsyncResult result)
at System.Net.WebClient.GetWebResponseTaskAsync(WebRequest request)
at System.Net.WebClient.DownloadBitsAsync(WebRequest request, Stream writeStream, AsyncOperation asyncOp, Action`3 completionDelegate)
at Dynatrace.AzureSiteExtension.InstallationService.DownloadAgentAsync(InstallationContext context) in C:\workspace\124911\src\Dynatrace.AzureSiteExtension\InstallationService.cs:line 499
at Dynatrace.AzureSiteExtension.InstallationService.ApplyAsync(InstallationContext context) in C:\workspace\124911\src\Dynatrace.AzureSiteExtension\InstallationService.cs:line 353

 

I have attached the log file as well, where it's seen that it first communicates with the AG and then with the environment.

What I gather from this is that the extension hits AG first and gets notified there is a newer version of OneAgent so it starts the download procedure, but it attempts to download directly from https://{environmentid}.live.dynatrace.com/api  thus failing. This was confirmed by enabling internet access for this specific endpoint on the subnet resulting into the successful upgrade of OneAgent, as it can be seen on the log file.

Allowing internet access isn't a viable option for production so I want to know if there is a way to force the upgrade procedure to happen through the AG e.g. as it's with manual download of the agent.

 

Thank you,

George

2 REPLIES 2

ChadTurner
DynaMight Legend
DynaMight Legend

we had a similar issue where we couldn't reach out to get the most recent Oneagent Version. So what we had to do was put the install file in a local repo where once it failed, it would fail back to the local repo and install the OneAgent. But this method you will have to keep the repo updated. 

-Chad

Hi Chad,

 

Thank you for your reply and this is definitely a way to do this. But, considering that the AG has direct access to the environment it should be possible to use it.

What I ended up doing was putting the environment AG info on the apiURL parameter of the script and setting the sslMode parameter to AcceptAll in order to avoid the SSL error due to the self-signed certificate used internally in the communication between the App Service agent and the AG.

 

Thanks,

George

Featured Posts