You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
> The PrivateAccessID should exactly match the "resourceID" used to create the CSPA resource in Step 1.
142
142
143
-
## Step 4: Update host VM to map the communications endpoint to the private endpoint
144
-
145
-
During the Preview of this feature, customers need to update the Agent VM extensions settings to point to the communication endpoint that supports traffic over a private network. Customers need to update the host entry on the actual VM to map the communication endpoint to the private IP generated during the private endpoint creation. You can get the IP address from the "DNS Configuration" tab in the Private Endpoint resource seen in the following screenshot:
146
-
147
-
[](images/dns-config.png#lightbox)
148
-
149
-
After noting the IP address, you need to open the "hosts" file on your host VM and update it with the following entry:
> **Path of hosts file on Windows:** C:\Windows\System32\drivers\etc
157
-
>
158
-
>
159
-
> **Path of hosts file on Linux:** /etc/hosts
160
-
161
-
Example of what the "hosts" file should look like. The IP address and Azure region change for your scenario:
162
-
163
-
[](images/cspa-hosts.png#lightbox)
164
-
165
-
Save and close the file.
166
-
167
-
## Step 5: Update the communication endpoint in agentSettings and agentInstanceConfig JSON files
168
-
169
-
In this step, you need to continue to edit files on the host VM machine. You need to update the "agentSettings.json" and "agentInstanceConfig.json" files to include the communication endpoint based on the region in which the VM targets were created in the previous steps.
170
-
171
-
### Updating the agentSettings.json
172
-
173
-
> [!NOTE]
174
-
> **Path of agentSettings.json file on Windows:** C:\Packages\Plugins\Microsoft.Azure.Chaos.ChaosWindowsAgent-\<Version\>\win-x64\agentSettings.json
175
-
>
176
-
>
177
-
> **Path of agentSettings.json file on Linux:** /var/lib/waagent/Microsoft.Azure.Chaos.ChaosLinuxAgent-\<Version\>\linux-x64
[](images/agent-instance-config-json.png#lightbox)
207
-
208
-
## Step 5.5: Disable CRL verification in agentSettings.JSON
209
-
210
-
**IF** you blocked outbound access to Microsoft Certificate Revocation List (CRL) verification endpoints, then you need to update agentSettings.JSON to disable CRL verification check in the agent.
211
-
212
-
By default this field is set to **true**, so you can either remove this field or set the value to false. See [here](chaos-studio-tutorial-agent-based-cli.md) for more details.
213
-
214
-
```
215
-
"communicationApi": {
216
-
"checkCertRevocation": false
217
-
}
218
-
```
219
-
220
-
The final agentSettings.JSON should appear as shown:
221
-
222
-
[](images/agent-settings-crl.png#lightbox)
223
-
224
-
If outbound access to Microsoft CRL verification endpoints is not blocked, then you can ignore this step.
225
-
226
-
## Step 6: Restart the Azure Chaos Agent service in the VM
143
+
## Step 4: Restart the Azure Chaos Agent service in the VM
227
144
228
145
After making all the required changes to the host, restart the Azure Chaos Agent Service in the VM
[](images/restart-linux-vm.png#lightbox)
243
160
244
-
## Step 7: Run your Agent-based experiment using private endpoints
161
+
## Step 5: Run your Agent-based experiment using private endpoints
245
162
246
163
After the restart, the Chaos agent should be able to communicate with the Agent Communication data plane service and the agent registration to the data plane should be successful. After successful registration, the agent will be able to heartbeat its status and you can go ahead and run the chaos agent-based experiments using private endpoints!
0 commit comments