# Options for mdsd
# Check 'mdsd -h' for details.

#
# The following IMDS URL will only work when running in Azure.
# For a similar approach with HIMDS in Azure Arc, see https://eng.ms/docs/products/geneva/collect/advanced/linuxconfig#linux-agent-identity
#
IMDS_CURL_CMD="curl -H Metadata:true --silent http://169.254.169.254/metadata/instance/compute/PARAM?api-version=2023-07-01&format=text"
MDSD_ROLE_PREFIX=/var/run/mdsd/default
MDSD_OPTIONS="-d -A -r ${MDSD_ROLE_PREFIX}"

# If this is changed, also change /etc/logrotate.d/mdsd
MDSD_LOG=/var/log

# This is where rsyslog and eventhub messages are spooled.
MDSD_SPOOL_DIRECTORY=/var/opt/microsoft/linuxmonagent

MDSD_OPTIONS="-A -c /etc/mdsd.d/mdsd.xml -d -r $MDSD_ROLE_PREFIX -S $MDSD_SPOOL_DIRECTORY/eh -e $MDSD_LOG/mdsd.err -w $MDSD_LOG/mdsd.warn -o $MDSD_LOG/mdsd.info -q $MDSD_LOG/mdsd.qos"

export MDSD_TCMALLOC_RELEASE_FREQ_SEC=1
#export MDSD_TCMALLOC_PRINT_STATS_FREQ_SEC=10

#SSL_CERT_DIR=
#SSL_CERT_FILE

# REQUIRED: Identity Configuration
# 
# By default, your Geneva configuration file should have the following element:
# <Identity type="TenantRole" />
#
# The above element instructs the agent to use the following MONITORING_* environment variables
# for setting the agent identity. These can be used to organize and identify your agent instances
# and can be set to any value you would like to use. **Each instance of the agent must have a 
# unique combination of Tenant/Role/RoleInstance.**
#
# For more information on Agent Identity and advanced configuration see:
# https://eng.ms/docs/products/geneva/collect/advanced/linuxconfig#linux-agent-identity
#
#export MONITORING_TENANT=Tenant1
#export MONITORING_ROLE=Role1
#export MONITORING_ROLE_INSTANCE=RoleInstance1
# 
# or, fetch the Subscription Id, Resource Group, and Resource name values from IMDS and use them for Tenant/Role/RoleInstance.
#export MONITORING_TENANT="$(${IMDS_CURL_CMD//PARAM/subscriptionId})"
#export MONITORING_ROLE="$(${IMDS_CURL_CMD//PARAM/resourceGroupName})"
#export MONITORING_ROLE_INSTANCE="$(${IMDS_CURL_CMD//PARAM/name})"
#

# For instructions on configuring mdsd for GCS, see:
# https://eng.ms/docs/products/geneva/getting_started/environments/linuxvm
# In order to enable GCS, uncomment and set all 5 GCS environment variables below

# REQUIRED
# Geneva environment. Examples: Test, FirstPartyProd, DiagnosticsProd
# For the full list of environments, see:
# https://eng.ms/docs/products/geneva/logs/resources/endpoints
#
#export MONITORING_GCS_ENVIRONMENT=Test

# REQUIRED
# Geneva Account name
#
#export MONITORING_GCS_ACCOUNT=GenevaAccountName

# REQUIRED
# The region GCS should use when it determines which storage account credentials it should return to MA. e.g. "westus", "eastus".
# Generally, it's best to obtain this value on the VM hosting the agent by querying the Azure Instance Metadata Service (IMDS) for the "location" value (see above code snippet).
#
#export MONITORING_GCS_REGION=westus
# or, pulling data from IMDS
#export MONITORING_GCS_REGION="$(${IMDS_CURL_CMD//PARAM/location})"

# REQUIRED: Credentials for Authentication to Geneva Account
# 
# Specify the following required settings for ONE of the following authentication schemes. See documentation links for more details.
#
# 1) Managed Identity: https://eng.ms/docs/products/geneva/collect/authentication/managedidentitylogs
# 2) Azure Key Vault Managed Certificates: https://eng.ms/docs/products/geneva/collect/authentication/keyvault
# 3) dSMS Managed Certificates: https://eng.ms/docs/products/geneva/collect/authentication/dsms
# 4) Unmanaged Certificates: https://eng.ms/docs/products/geneva/collect/authentication/unmanagedlinux

##################################
# OPTION 1 (Managed Identity)
#
# REQUIRED
#export MONITORING_GCS_AUTH_ID_TYPE=AuthMSIToken
#
# OPTIONAL: If MONITORING_GCS_AUTH_ID is unspecified, the default identity is used. For more details, see:
# https://docs.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/managed-identities-faq#what-identity-will-imds-default-to-if-dont-specify-the-identity-in-the-request
# May be set to client_id#<guid>, object_id#<guid>, or mi_res_id#<user-assigned managed identity resource id>
#export MONITORING_GCS_AUTH_ID=
##################################

##################################
# OPTION 2 (Azure Key Vault Managed Certificates)
#
# REQUIRED
#export MONITORING_GCS_AUTH_ID_TYPE=AuthKeyVault
#
# REQUIRED
#export MONITORING_GCS_AUTH_ID=<CertificateSAN>
##################################

##################################
# OPTION 3 (dSMS Managed Certificates)
#
# REQUIRED
#export MONITORING_GCS_AUTH_ID_TYPE=AuthDsmsUrl
#
# REQUIRED
#export MONITORING_GCS_AUTH_ID=<DsmsUrl>
##################################

##################################
# OPTION 4 (Unmanaged Certificates)
#
# REQUIRED: Full path to public certificate file used to authenticate mdsd with GCS service.
#export MONITORING_GCS_CERT_CERTFILE=/etc/mdsd.d/gcscert.pem
#
# REQUIRED: Full path to the private key file used to authenticate mdsd with GCS service.
#export MONITORING_GCS_CERT_KEYFILE=/etc/mdsd.d/gcskey.pem
##################################

# Below are to enable GCS config download. Update for your namespace and config version.
#export MONITORING_GCS_NAMESPACE=GenevaLogsNamespace
#export MONITORING_CONFIG_VERSION=1.0
#export MONITORING_USE_GENEVA_CONFIG_SERVICE=true
