Azure API Management
Overviewβ
Azure API Management allows you to create, manage and publish APIs for existing back-end services.
The Centreon Plugin Pack Azure API Management can rely on Azure API or Azure CLI to collect the metrics related to the API Management service.
Pack Assetsβ
Monitored Objectsβ
- Azure API Management instances :
- Capacity
- Events
- Requests
- Requests duration
Discovery rulesβ
The Centreon Plugin Pack Azure API Management includes a Host Discovery provider to automatically discover the Azure instances of a given subscription and add them to the Centreon configuration. This provider is named Microsoft Azure API Management:
This discovery feature is only compatible with the 'api' custom mode. 'azcli' is not supported yet.
More information about the Host Discovery module is available in the Centreon documentation: Host Discovery
Collected metrics & statusβ
- Capacity
- Events
- Events-Duration
- Total-Requests
Metric Name | Description | Unit |
---|---|---|
apimanagement.capacity.percentage | Capacity Statistics Percentage | % |
Metric Name | Description | Unit |
---|---|---|
apimanagement.events.dropped.count | Dropped EventHub Events | Count |
apimanagement.events.rejected.count | Rejected EventHub Events | Count |
apimanagement.events.successful.count | Successful EventHub Events | Count |
apimanagement.events.throttled.count | Throttled EventHub Events | Count |
apimanagement.events.timedout.count | Timed Out EventHub Events | Count |
apimanagement.events.total.usage.bytes | Size of EventHub Events | Bytes |
apimanagement.events.total.count | Total EventHub Events | Count |
apimanagement.events.failed.count | Failed EventHub Events | Count |
Metric Name | Description | Unit |
---|---|---|
apimanagement.requests.backend.duration.milliseconds | Duration of Backend Requests | ms |
apimanagement.requests.duration.milliseconds | Overall Duration of Gateway Requests | ms |
Metric Name | Description | Unit |
---|---|---|
apimanagement.requests.count | Number of requests | count |
You can filter the type of requests (eg. failed or successful requests) with the "FILTERDIMENSION" service Macro.
Prerequisitesβ
To get data from Azure Services, following methods are available:
- Azure API ('api')
- Azure CLI ('azcli')
Centreon recommends to use the API instead of the CLI for the following reasons:
- API is much more efficient by avoiding CLI binary execution
- API supports application authentication while CLI does not (yet)
- Azure Monitor API
- Azure AZ CLI
To use the 'api' custom mode, make sure to obtain the required information using the how-to below. Keep it safe until including it in a Host or Host Template definition.
Create an application in Azure Active Directory:
- Log in to your Azure account.
- Select Azure Active directory in the left sidebar.
- Click on App registrations.
- Click on + Add.
- Enter Centreon as the application name (or any name of your choice), select application type(api) and sign-on-url.
- Click on the Create button.
Get Subscription ID
- Log in to your Azure account.
- Select Subscriptions in the left sidebar.
- Select whichever subscription is needed.
- Click on Overview.
- Copy the Subscription ID.
Get Tenant ID
- Log in to your Azure account.
- Select Azure Active directory in the left sidebar.
- Click on Properties.
- Copy the directory ID.
Get Client ID
- Log in to your Azure account.
- Select Azure Active directory in the left sidebar.
- Click on Enterprise applications.
- Click on All applications.
- Select the application previously created.
- Click on Properties.
- Copy the Application ID.
Get Client secret
- Log in to your Azure account.
- Select Azure Active directory in the left sidebar.
- Click on App registrations.
- Select the application previously created.
- Click on All settings.
- Click on Keys.
- Enter the key description and select the duration.
- Click on Save.
- Copy and store the key value. You won't be able to retrieve it after you leave this page.
To use the 'azcli' custom mode, install the required packages on every Centreon poller expected to monitor Azure Resources using CLI:
- The CLI needs at least Python version 2.7 (https://github.com/Azure/azure-cli/blob/dev/doc/install_linux_prerequisites.md).
On RPM-Based distributions, use the command below to install it using root or 'sudo':
sudo rpm --import https://packages.microsoft.com/keys/microsoft.asc
sudo echo -e "[azure-cli]\nname=Azure CLI\nbaseurl=https://packages.microsoft.com/yumrepos/azure-cli\nenabled=1\ngpgcheck=1\ngpgkey=https://packages.microsoft.com/keys/microsoft.asc" > /etc/yum.repos.d/azure-cli.repo
sudo yum install azure-cli
Then, use the centreon-engine account to obtain a token using command below:
su - centreon-engine
az login
The shell will output this message including an authentication code:
*To sign in, use a web browser to open the page https://microsoft.com/devicelogin*
*and enter the code CWT4WQZAD to authenticate.*
Go to https://microsoft.com/devicelogin and enter the code.
Connect using a monitoring service account, as a result, the shell should prompt information below:
[
{
"cloudName": "AzureCloud",
"id": "0ef83f3a-d83e-2039-d930-309df93acd93d",
"isDefault": true,
"name": "N/A(tenant level account)",
"state": "Enabled",
"tenantId": "0ef83f3a-03cd-2039-d930-90fd39ecd048",
"user": {
"name": "email@mycompany.onmicrosoft.com",
"type": "user"
}
}
]
Credentials are now stored locally in the .accessTokens.json file so the Plugin can use it.
Setupβ
- Online License
- Offline License
- Install the Centreon Plugin package on every Centreon poller expected to monitor Azure API Management resources:
yum install centreon-plugin-Cloud-Azure-Management-ApiManagement-Api
- On the Centreon Web interface, install the Azure API Management Centreon Plugin Pack on the "Configuration > Plugin Packs > Manager" page
- Install the Centreon Plugin package on every Centreon poller expected to monitor Azure API Management resources:
yum install centreon-plugin-Cloud-Azure-Management-ApiManagement-Api
- Install the Centreon Plugin Pack RPM on the Centreon Central server:
yum install centreon-pack-cloud-azure-management-apimanagement.noarch
- On the Centreon Web interface, install the Azure API Management Centreon Plugin Pack on the "Configuration > Plugin Packs > Manager" page
Configurationβ
Hostβ
Log into Centreon and add a new Host through "Configuration > Hosts".
In the IP Address/FQDN field, set the following IP address: '127.0.0.1'.
Select the Cloud-Azure-Management-ApiManagement-custom template to apply to the Host.
Once the template applied, some Macros marked as 'Mandatory' hereafter have to be configured. These mandatory Macros differ regarding the custom mode used.
Two methods can be used to set the Macros:
- full ID of the Resource (
/subscriptions/<subscription_id>/resourceGroups/<resourcegroup_id>/providers/Microsoft.Network/<resource_type>/<resource_name>
) in AZURERESOURCE- Resource Name in AZURERESOURCE associated with Resource Group (in AZURERESOURCEGROUP) and Resource Type (in AZURERESOURCETYPE)
- Azure Monitor API
- Azure AZ CLI
Mandatory | Nom | Description |
---|---|---|
X | AZURECUSTOMMODE | Custom mode 'api' |
X | AZURESUBSCRIPTION | Subscription ID |
X | AZURETENANT | Tenant ID |
X | AZURECLIENTID | Client ID |
X | AZURECLIENTSECRET | Client secret |
X | AZURERESOURCE | ID or name of the API Management resource |
AZURERESOURCEGROUP | Associated Resource Group if resource name is used | |
AZURERESOURCETYPE | Associated Resource Type if resource name is used |
Mandatory | Nom | Description |
---|---|---|
X | AZURECUSTOMMODE | Custom mode 'azcli' |
X | AZURESUBSCRIPTION | Subscription ID |
X | AZURERESOURCE | ID or name of the API Management resource |
AZURERESOURCEGROUP | Associated Resource Group if resource name is used | |
AZURERESOURCETYPE | Associated Resource Type if resource name is used |
How to check in the CLI that the configuration is OK and what are the main options for ?β
Once the Plugin installed, log into your Centreon Poller CLI using the centreon-engine user account and test the Plugin by running the following command:
/usr/lib/centreon/plugins/centreon_azure_management_apimanagement_api.pl \
--plugin=cloud::azure::management::apimanagement::plugin \
--mode=requests \
--custommode=api \
--subscription='xxxxxxxxx' \
--tenant='xxxxxxxxx' \
--client-id='xxxxxxxxx' \
--client-secret='xxxxxxxxx' \
--resource='APP001ABCD' \
--resource-group='RSG1234' \
--timeframe='900' \
--interval='PT5M' \
--aggregation='Total' \
--warning-requests='80' \
--critical-requests='90' \
--filter-dimension="GatewayResponseCodeCategory eq '4XX'"
Expected command output is shown below:
OK: Instance 'APP001ABCD' Statistic 'total' Metrics Failed Requests: 0.00, Total Requests: 523.00 |
'APP001ABCD~total#appgateway.requests.failed.count'=0.00;0:80;0:90;0; 'APP001ABCD~total#appgateway.requests.total.count'=523.00;;;0;
The command above checks the requests of an Azure API Management instance using the 'api' custom-mode
(--plugin=cloud::azure::management::apimanagement::plugin --mode=requests --custommode=api
).
This Event Hub instance is identified by its id (--resource='APP001ABCD'
) and its associated group (--resource-group='RSG1234'
).
The authentication parameters to be used with the custom mode are specified in the options (--subscription='xxxxxxxxx'
--tenant='xxxxxxx' --client-id='xxxxxxxx' --client-secret='xxxxxxxxxx'
).
The calculated metrics are the total values (--aggregation='Total'
) of a 900 secondes / 15 min period (--timeframe='900'
)
with one sample per 5 minutes (--interval='PT5M'
).
This command would trigger a WARNING alarm if the number of failed requests
(--filter-dimension="GatewayResponseCodeCategory eq '2XX'"
) is reported as over 80 (--warning-requests='80'
)
and a CRITICAL alarm over 90 requests (--critical-requests='90'
).
All the available options for a given mode can be displayed by adding the --help
parameter to the command:
/usr/lib/centreon/plugins/centreon_azure_management_apimanagement_api.pl \
--plugin=cloud::azure::management::apimanagement::plugin \
--mode=requests \
--help
Troubleshootingβ
The Azure credentials have changed and the Plugin does not work anymoreβ
The Plugin is using a cache file to keep connection information and avoid an authentication at each call. If some of the authentication parameters change, you must delete the cache file.
The cache file can be found within /var/lib/centreon/centplugins/
folder with a name similar to azureapi<md5>_<md5>_<md5>_<md5>
.
UNKNOWN: Login endpoint API returns error code 'ERROR_NAME' (add --debug option for detailed message)
β
It means that some parameters used to authenticate the API request are wrong. The 'ERROR_NAME' string gives some hints about where the problem stands.
As an example, if my Client ID or Client Secret are wrong, 'ERROR_DESC' value will be 'invalid_client'.
UNKNOWN: 500 Can't connect to login.microsoftonline.com:443
β
This error message means that the Centreon Plugin couldn't successfully connect to the Azure Login API. Check that no third party
device (such as a firewall) is blocking the request. A proxy connection may also be necessary to connect to the API.
This can be done by using this option in the command: --proxyurl='http://proxy.mycompany:8080'
.
UNKNOWN: No metrics. Check your options or use --zeroed option to set 0 on undefined values
β
This command result means that Azure does not have any value for the requested period.
This result can be overriden by adding the --zeroed
option in the command. This will force a value of 0 when no metric has
been collected and will prevent the UNKNOWN error message.