Skip to content

Commit

Permalink
feat(new): Added Azure.Azure.VMSS.AutoInstanceRepairs (Azure#2897)
Browse files Browse the repository at this point in the history
* feat(new): Added Azure.Azure.VMSS.AutoInstanceRepairs

* fix: Fixed wrong issue reference

---------

Co-authored-by: Bernie White <[email protected]>
  • Loading branch information
BenjaminEngeset and BernieWhite authored May 30, 2024
1 parent 0e8ad12 commit 1e28104
Show file tree
Hide file tree
Showing 5 changed files with 164 additions and 0 deletions.
3 changes: 3 additions & 0 deletions docs/CHANGELOG-v1.md
Original file line number Diff line number Diff line change
Expand Up @@ -33,6 +33,9 @@ See [upgrade notes][1] for helpful information when upgrading from previous vers
- Log Analytics:
- Check that workspaces have workspace replication enabled by @BenjaminEngeset.
[#2893](https://github.com/Azure/PSRule.Rules.Azure/issues/2893)
- Virtual Machine Scale Sets:
- Check that automatic instance repairs are enabled by @BenjaminEngeset.
[#2895](https://github.com/Azure/PSRule.Rules.Azure/issues/2895)

## v1.37.0-B0034 (pre-release)

Expand Down
94 changes: 94 additions & 0 deletions docs/en/rules/Azure.VMSS.AutoInstanceRepairs.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,94 @@
---
severity: Important
pillar: Reliability
category: RE:07 Self-preservation
resource: Virtual Machine Scale Sets
online version: https://azure.github.io/PSRule.Rules.Azure/en/rules/Azure.VMSS.AutoInstanceRepairs/
---

# Automatic instance repairs

## SYNOPSIS

Automatic instance repairs are enabled.

## DESCRIPTION

Enabling automatic instance repairs helps to achieve high application availability by automatically detecting and recovering unhealthy VM instances at runtime.

The automatic instance repair feature relies on health monitoring of individual VM instances in a scale set.
VM Instances in a scale set can be configured to emit application health status using either the Application Health extension or Load balancer health probes.
If an VM instance is found to be unhealthy, the scale set will perform a preconfigured repair action on the unhealthy VM instance.
Automatic instance repairs can be enabled in the Virtual Machine Scale Set model by using the `automaticRepairsPolicy` object.

See documentation references below for additional limitations and important information.

## RECOMMENDATION

Consider enabling automatic instance repairs to achieve high application availability by maintaining a set of healthy VM instances.

## EXAMPLES

### Configure with Azure template

To deploy virtual machine scale sets that pass this rule:

- Set the `properties.automaticRepairsPolicy.enabled` property to `true`.

For example:

```json
{
"type": "Microsoft.Compute/virtualMachineScaleSets",
"apiVersion": "2023-09-01",
"name": "[parameters('name')]",
"location": "[parameters('location')]",
"sku": {
"name": "b2ms",
"tier": "Standard",
"capacity": 1
},
"properties": {
"automaticRepairsPolicy": {
"enabled": true
}
}
}
```

### Configure with Bicep

To deploy virtual machine scale sets that pass this rule:

- Set the `properties.automaticRepairsPolicy.enabled` property to `true`.

For example:

```bicep
resource vmss 'Microsoft.Compute/virtualMachineScaleSets@2023-09-01' = {
name: name
location: location
sku: {
name: 'b2ms'
tier: 'Standard'
capacity: 1
}
properties: {
automaticRepairsPolicy: {
enabled: true
}
}
}
```

## NOTES

This feature for virtual machine scale sets is currently in preview.

In order for automatic repairs policy to work properly, ensure that all the requirements for opting in to this feature are met.

## LINKS

- [RE:07 Self-preservation](https://learn.microsoft.com/azure/well-architected/reliability/self-preservation)
- [Automatic instance repairs](https://learn.microsoft.com/azure/virtual-machine-scale-sets/virtual-machine-scale-sets-automatic-instance-repairs)
- [Azure resource deployment](https://learn.microsoft.com/azure/templates/microsoft.compute/virtualmachinescalesets#automaticrepairspolicy)
28 changes: 28 additions & 0 deletions src/PSRule.Rules.Azure/rules/Azure.VMSS.Rule.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,28 @@
# Copyright (c) Microsoft Corporation.
# Licensed under the MIT License.

#
# Validation rules for Azure Virtual Machine Scale Sets
#

#region Rules

---
# Synopsis: Automatic instance repairs are enabled.
apiVersion: github.com/microsoft/PSRule/v1
kind: Rule
metadata:
name: Azure.VMSS.AutoInstanceRepairs
ref: AZR-000426
tags:
release: preview
ruleSet: 2024_06
Azure.WAF/pillar: Reliability
spec:
type:
- Microsoft.Compute/virtualMachineScaleSets
condition:
field: properties.automaticRepairsPolicy.enabled
equals: true

#endregion Rules
19 changes: 19 additions & 0 deletions tests/PSRule.Rules.Azure.Tests/Azure.VMSS.Tests.ps1
Original file line number Diff line number Diff line change
Expand Up @@ -130,6 +130,25 @@ Describe 'Azure.VMSS' -Tag 'VMSS' {
$ruleResult.Length | Should -Be 2;
$ruleResult.TargetName | Should -BeIn 'vmss-001', 'vmss-003';
}

It 'Azure.VMSS.AutoInstanceRepairs' {
$dataPath = Join-Path -Path $here -ChildPath 'Resources.VMSS.json';
$result = Invoke-PSRule @invokeParams -InputPath $dataPath;
$filteredResult = $result | Where-Object { $_.RuleName -eq 'Azure.VMSS.AutoInstanceRepairs' };

# Fail
$ruleResult = @($filteredResult | Where-Object { $_.Outcome -eq 'Fail' });
$ruleResult.Length | Should -Be 2;
$ruleResult.TargetName | Should -BeIn 'vmss-001', 'vmss-002';

$ruleResult[0].Reason | Should -BeExactly "Path properties.automaticRepairsPolicy.enabled: The field 'properties.automaticRepairsPolicy.enabled' does not exist.";
$ruleResult[1].Reason | Should -BeExactly "Path properties.automaticRepairsPolicy.enabled: Is set to 'False'.";

# Pass
$ruleResult = @($filteredResult | Where-Object { $_.Outcome -eq 'Pass' });
$ruleResult.Length | Should -Be 3;
$ruleResult.TargetName | Should -BeIn 'vmss-003', 'vmss-004', 'vmss-005';
}
}

Context 'Resource name - Azure.VMSS.Name' {
Expand Down
20 changes: 20 additions & 0 deletions tests/PSRule.Rules.Azure.Tests/Resources.VMSS.json
Original file line number Diff line number Diff line change
Expand Up @@ -191,6 +191,11 @@
"upgradePolicy": {
"mode": "Manual"
},
"automaticRepairsPolicy": {
"enabled": false,
"gracePeriod": "PT10M",
"repairAction": "Replace"
},
"virtualMachineProfile": {
"osProfile": {
"computerNamePrefix": "vmss-002",
Expand Down Expand Up @@ -366,6 +371,11 @@
"upgradePolicy": {
"mode": "Manual"
},
"automaticRepairsPolicy": {
"enabled": true,
"gracePeriod": "PT10M",
"repairAction": "Replace"
},
"virtualMachineProfile": {
"osProfile": {
"computerNamePrefix": "vmss-003",
Expand Down Expand Up @@ -524,6 +534,11 @@
"upgradePolicy": {
"mode": "Manual"
},
"automaticRepairsPolicy": {
"enabled": true,
"gracePeriod": "PT10M",
"repairAction": "Replace"
},
"virtualMachineProfile": {
"osProfile": {
"computerNamePrefix": "vmss-004",
Expand Down Expand Up @@ -683,6 +698,11 @@
"upgradePolicy": {
"mode": "Manual"
},
"automaticRepairsPolicy": {
"enabled": true,
"gracePeriod": "PT10M",
"repairAction": "Replace"
},
"virtualMachineProfile": {
"osProfile": {
"computerNamePrefix": "vmss-005",
Expand Down

0 comments on commit 1e28104

Please sign in to comment.