Merge pull request #202 from microsoft/main

Fork Sync: Update from parent repository

Author: AdamL-Microsoft

docs/unmnaged-nodes.md

@@ -87,4 +87,34 @@ onefuzz nodes get <machine_guid>
 ```
 
 This should return one entry. Verify that the `pool_name` matched the pool name created earlier.
-From here you will be able to schedule jobs on that pool and they will be running.
+From here you will be able to schedule jobs on that pool and they will be running.
+
+
+## Troubleshooting
+
+### increase the verbosity of the logs
+It can help when investigating issues to increase the log verbosity. you will need to set the [RUST_LOG](https://docs.rs/env_logger/latest/env_logger/#enabling-logging) environment variable when starting docker
+
+```
+docker run --rm --env RUST_LOG=<log_level> <image_name> --machine_id <machine_id>
+```
+log_level can be any of
+- error
+- warn
+- info
+- debug
+- trace
+
+
+### use the container interactively
+you can use the container interactively by with the following command
+
+windows
+```
+docker run --it --rm --entrypoint powershell <image_name>
+```
+
+linux
+```
+docker run --it --rm --entrypoint bash <image_name>
+```

src/ApiService/ApiService/onefuzzlib/Config.cs

@@ -320,10 +320,6 @@ public async Async.Task<ResultVoid<TaskConfigError>> CheckConfig(TaskConfig conf
             return ResultVoid<TaskConfigError>.Error(new TaskConfigError($"invalid pool: {config.Pool.PoolName}"));
         }
 
-        if ((config.Task.RebootAfterSetup ?? false) && !pool.OkV.Managed) {
-            return ResultVoid<TaskConfigError>.Error(new TaskConfigError("reboot_after_setup is not supported for unmanaged pools"));
-        }
-
         var checkTarget = await CheckTargetExe(config, definition);
         if (!checkTarget.IsOk) {
             return checkTarget;

src/agent/onefuzz-agent/src/reboot.rs

@@ -90,17 +90,22 @@ impl Reboot {
 
     #[cfg(target_family = "unix")]
     pub fn invoke(&self) -> Result<()> {
-        info!("invoking local reboot command");
-
-        Command::new("reboot").arg("-f").status()?;
-
-        self.wait_for_reboot()
+        match std::path::Path::new("/.dockerenv").try_exists() {
+            Ok(true) => {
+                info!("running inside docker, exiting instead of rebooting");
+                std::process::exit(0);
+            }
+            _ => {
+                info!("invoking local reboot command");
+                Command::new("reboot").arg("-f").status()?;
+                self.wait_for_reboot()
+            }
+        }
     }
 
     #[cfg(target_family = "windows")]
     pub fn invoke(&self) -> Result<()> {
         info!("invoking local reboot command");
-
         Command::new("powershell.exe")
             .arg("-Command")
             .arg("Restart-Computer")

src/cli/onefuzz/api.py

@@ -1281,7 +1281,7 @@ def get_config(self, pool_name: primitives.PoolName) -> models.AgentConfig:
                 client_secret="<client_secret>",
                 resource=self.onefuzz._backend.config.endpoint,
                 tenant=urlparse(self.onefuzz._backend.config.authority).path.strip("/"),
-                multi_tenant_domain=self.onefuzz._backend.config.tenant_domain,
+                multi_tenant_domain=self.onefuzz._backend.config.get_multi_tenant_domain(),
             )
 
         return pool.config

src/cli/onefuzz/backend.py

@@ -98,6 +98,12 @@ class BackendConfig(BaseModel):
     features: Set[str] = Field(default_factory=set)
     tenant_domain: str
 
+    def get_multi_tenant_domain(self) -> Optional[str]:
+        if "https://login.microsoftonline.com/common" in self.authority:
+            return self.tenant_domain
+        else:
+            return None
+
 
 class Backend:
     def __init__(
@@ -182,10 +188,11 @@ def get_access_token(self) -> Any:
         if not self.config.endpoint:
             raise Exception("endpoint not configured")
 
-        if "https://login.microsoftonline.com/common" in self.config.authority:
+        multi_tenant_domain = self.config.get_multi_tenant_domain()
+        if multi_tenant_domain is not None:
             endpoint = urlparse(self.config.endpoint).netloc.split(".")[0]
             scopes = [
-                f"api://{self.config.tenant_domain}/{endpoint}/.default",
+                f"api://{multi_tenant_domain}/{endpoint}/.default",
             ]
         else:
             netloc = urlparse(self.config.endpoint).netloc

src/deployment/deploylib/registration.py

@@ -307,12 +307,13 @@ def try_sp_create() -> None:
         error: Optional[Exception] = None
         for _ in range(10):
             try:
-                query_microsoft_graph(
+                service_principal = query_microsoft_graph(
                     method="POST",
                     resource="servicePrincipals",
                     body=service_principal_params,
                     subscription=subscription_id,
                 )
+                logger.info(f"created service principal:\n {service_principal}")
                 return
             except GraphQueryError as err:
                 # work around timing issue when creating service principal
@@ -654,8 +655,11 @@ def assign_instance_app_role(
 
     if len(onefuzz_service_principals) == 0:
         raise Exception("onefuzz app service principal not found")
-    onefuzz_service_principal = onefuzz_service_principals[0]
 
+    onefuzz_service_principal = onefuzz_service_principals[0]
+    logger.info(
+        f"Assigning app role instance service principal {onefuzz_service_principal['id']}"
+    )
     if isinstance(application_name, str):
         application_service_principals = query_microsoft_graph_list(
             method="GET",