in gcpdiag/runbook/gce/ops_agent.py [0:0]
def execute(self):
"""Decision point to investigate Logging and/or Monitoring related issues."""
if op.get(CHECK_LOGGING):
logging_api = gcp_gs.ServiceApiStatusCheck()
logging_api.api_name = 'logging'
logging_api.project_id = op.get(flags.PROJECT_ID)
logging_api.expected_state = constants.APIState.ENABLED
self.add_child(logging_api)
log_permission_check = iam_gs.IamPolicyCheck()
log_permission_check.project = op.get(flags.PROJECT_ID)
log_permission_check.principal = (
f'serviceAccount:{op.get(flags.SERVICE_ACCOUNT)}')
log_permission_check.roles = [
'roles/owner',
'roles/editor',
'roles/logging.logWriter',
'roles/logging.admin',
]
logging_api.add_child(log_permission_check)
logging_access_scope = gce_gs.VmScope()
logging_access_scope.project_id = op.get(flags.PROJECT_ID)
logging_access_scope.zone = op.get(flags.ZONE)
logging_access_scope.instance_name = op.get(flags.INSTANCE_NAME)
logging_access_scope.access_scopes = {
'https://www.googleapis.com/auth/logging.write',
'https://www.googleapis.com/auth/cloud-platform',
'https://www.googleapis.com/auth/logging.admin',
}
logging_api.add_child(logging_access_scope)
logging_subagent_check = gce_gs.VmHasOpsAgent()
logging_subagent_check.project_id = op.get(flags.PROJECT_ID)
logging_subagent_check.zone = op.get(flags.ZONE)
logging_subagent_check.instance_name = op.get(flags.INSTANCE_NAME)
logging_subagent_check.instance_id = op.get(flags.INSTANCE_ID)
logging_subagent_check.start_time = op.get(flags.START_TIME)
logging_subagent_check.end_time = op.get(flags.END_TIME)
logging_subagent_check.check_logging = True
logging_subagent_check.check_metrics = False
logging_access_scope.add_child(logging_subagent_check)
if op.get(CHECK_SERIAL_PORT_LOGGING):
logging_api.add_child(child=CheckSerialPortLogging())
if op.get(CHECK_MONITORING):
monitoring_api = gcp_gs.ServiceApiStatusCheck()
monitoring_api.project_id = op.get(flags.PROJECT_ID)
monitoring_api.api_name = 'monitoring'
monitoring_api.expected_state = constants.APIState.ENABLED
self.add_child(monitoring_api)
monitoring_permission_check = iam_gs.IamPolicyCheck()
monitoring_permission_check.project = op.get(flags.PROJECT_ID)
monitoring_permission_check.principal = f'serviceAccount:{op.get(flags.SERVICE_ACCOUNT)}'
monitoring_permission_check.roles = [
'roles/monitoring.metricWriter', 'roles/monitoring.admin',
'roles/monitoring.editor', 'roles/owner', 'roles/editor'
]
monitoring_api.add_child(child=monitoring_permission_check)
monitoring_access_scope = gce_gs.VmScope()
monitoring_access_scope.project_id = op.get(flags.PROJECT_ID)
monitoring_access_scope.zone = op.get(flags.ZONE)
monitoring_access_scope.instance_name = op.get(flags.INSTANCE_NAME)
monitoring_access_scope.access_scopes = {
'https://www.googleapis.com/auth/monitoring.write',
'https://www.googleapis.com/auth/cloud-platform',
'https://www.googleapis.com/auth/monitoring'
}
monitoring_api.add_child(monitoring_access_scope)
# Check if ops agent metric subagent is installed.
metric_subagent_check = gce_gs.VmHasOpsAgent()
metric_subagent_check.project_id = op.get(flags.PROJECT_ID)
metric_subagent_check.zone = op.get(flags.ZONE)
metric_subagent_check.instance_name = op.get(flags.INSTANCE_NAME)
metric_subagent_check.instance_id = op.get(flags.INSTANCE_ID)
metric_subagent_check.start_time = op.get(flags.START_TIME)
metric_subagent_check.end_time = op.get(flags.END_TIME)
metric_subagent_check.check_logging = False
metric_subagent_check.check_metrics = True
monitoring_access_scope.add_child(metric_subagent_check)