Merge pull request Azure#453 from JCoreMS/JCore-AVD_Alerts_Fix_Dec2024

AVD Alerts - Alert for Host Pool Capacity would not fire
judyer28 · Dec 11, 2024 · 9eeb258 · 9eeb258
2 parents bbeed7c + 78f2776
commit 9eeb258
Show file tree

Hide file tree

Showing 5 changed files with 27 additions and 7 deletions.
diff --git a/docs/content/patterns/specialized/avd/Known-Issues.md b/docs/content/patterns/specialized/avd/Known-Issues.md
@@ -4,6 +4,13 @@ geekdocCollapseSection: true
 weight: 100
 ---
 
+## Host Pool Capacity Remaining not reporting
+After 3/21/24 there was a permission missing that did not allow the automation account to gather the information.
+(Fixed on: 12/10/2024)
+
+Fix without Redeploying:
+Simply assigning the identity tied to the Automation Account the Virtual Desktop Reader role on the Resource Group that houses the Host Pools.
+
 ## Remaining Storage Calculation always 99.xx% / INCORRECT
 Prior to 6/29/2024
 
diff --git a/docs/content/patterns/specialized/avd/Whats-New.md b/docs/content/patterns/specialized/avd/Whats-New.md
@@ -8,6 +8,13 @@ For information on what's new please refer to the [Releases](https://github.com/
 
 To update your current deployment with the content from the latest release, please refer to the [Update to new release](Update-to-new-Release.md) page.
 
+## 2024-12-10
+### After 3/21/2024 Host Pool Capacity Alert Rule would not fire
+An issue was discovered where the Automation Account Identity was not being assigned the Virtual Desktop Reader role on the Resource Group hosting all the AVD Resources. Thus, the output of the script was null which yielded no alerts, regardless of what the host pool capacity currently was. There was a condition on the role assignment that was adjusted so that it will be added at deployment.
+
+Fix without Redeploying:
+Simply assigning the identity tied to the Automation Account the Virtual Desktop Reader role on the Resource Group that houses the Host Pools.
+
 ## 2024-11-20
 ### Deployment Names over 64 characters
 An issue was discovered in which the deployment for some alerts would fail if the deployment name was over 64 characters. This was due to the Storage Account and/or ANF Volume names being too long and appended to the deployment name. Those names are now truncated if over 20 characters.

diff --git a/docs/content/patterns/specialized/avd/_index.md b/docs/content/patterns/specialized/avd/_index.md
@@ -8,7 +8,7 @@ geekdocCollapseSection: true
 This solution provides a baseline of alerts for AVD that are disabled by default and for ensuring administrators and staff get meaningful and timely alerts when there are problems related to an AVD deployment. The deployment has been tested in Azure Global and Azure US Government and will incorporate storage alerts for either or both Azure Files and/or Azure Netapp Files.  This solution initially was part of the Azure Virtual Desktop Solution Accelerator as a brownfield and moved to this location.
 
 **Current Version:**
-v2.1.6 (Nov 20, 2024)
+v2.1.7 (Dec 10, 2024)
 
 ## Alerts Table
 

diff --git a/patterns/avd/avdArm.json b/patterns/avd/avdArm.json
@@ -5,7 +5,7 @@
     "_generator": {
       "name": "bicep",
       "version": "0.31.92.45157",
-      "templateHash": "10824749438491777673"
+      "templateHash": "17094575244347820739"
     }
   },
   "parameters": {
@@ -154,7 +154,7 @@
       }
     ],
     "ActionGroupName": "[format('ag-avdmetrics-{0}-{1}', parameters('Environment'), parameters('Location'))]",
-    "AlertDescriptionHeader": "Automated AVD Alert Deployment Solution (v2.1.6)\n",
+    "AlertDescriptionHeader": "Automated AVD Alert Deployment Solution (v2.1.7)\n",
     "AutomationAccountName": "[format('aa-avdmetrics-{0}-{1}-{2}', parameters('Environment'), parameters('Location'), parameters('AlertNamePrefix'))]",
     "CloudEnvironment": "[environment().name]",
     "ResourceGroupCreate": "[if(equals(parameters('ResourceGroupStatus'), 'New'), true(), false())]",
@@ -5704,7 +5704,6 @@
       ]
     },
     {
-      "condition": "[parameters('AllResourcesSameRG')]",
       "type": "Microsoft.Resources/deployments",
       "apiVersion": "2022-09-01",
       "name": "[format('c_DsktpRead_{0}', split(parameters('AVDResourceGroupId'), '/')[4])]",

diff --git a/patterns/avd/templates/deploy.bicep b/patterns/avd/templates/deploy.bicep
@@ -73,7 +73,7 @@ param ANFVolumeResourceIds array = []
 param Tags object = {}
 
 var ActionGroupName = 'ag-avdmetrics-${Environment}-${Location}'
-var AlertDescriptionHeader = 'Automated AVD Alert Deployment Solution (v2.1.6)\n' // DESCRIPTION HEADER AND VERSION <-----------------------------
+var AlertDescriptionHeader = 'Automated AVD Alert Deployment Solution (v2.1.7)\n' // DESCRIPTION HEADER AND VERSION <-----------------------------
 var AutomationAccountName = 'aa-avdmetrics-${Environment}-${Location}-${AlertNamePrefix}'
 var CloudEnvironment = environment().name
 var ResourceGroupCreate = ResourceGroupStatus == 'New' ? true : false
@@ -2225,6 +2225,8 @@ module automationAccount 'carml/1.3.0/Microsoft.Automation/automationAccounts/de
   dependsOn: ResourceGroupCreate ? [resourceGroupAVDMetricsCreate] : [resourceGroupAVDMetricsExisting]
 }
 
+// Assign role to Automation Account for Desktop Virtualization Reader to account for all AVD VMs if in different Resource Groups
+// (Needed for Automation Account)
 module roleAssignment_AutoAcctDesktopRead 'carml/1.3.0/Microsoft.Authorization/roleAssignments/resourceGroup/deploy.bicep' = [
   for RG in HostPoolInfo: if (!AllResourcesSameRG) {
     scope: resourceGroup(split(RG.colVMResGroup, '/')[4])
@@ -2242,8 +2244,9 @@ module roleAssignment_AutoAcctDesktopRead 'carml/1.3.0/Microsoft.Authorization/r
   }
 ]
 
-module roleAssignment_AutoAcctDesktopReadSameRG 'carml/1.3.0/Microsoft.Authorization/roleAssignments/resourceGroup/deploy.bicep' =
-  if (AllResourcesSameRG) {
+// Assign role to Automation Account for Desktop Virtualization Reader to account for all AVD Resources and VMs if in the same Resource Group
+// (Needed for Automation Account)
+module roleAssignment_AutoAcctDesktopReadSameRG 'carml/1.3.0/Microsoft.Authorization/roleAssignments/resourceGroup/deploy.bicep' ={
     scope: resourceGroup(split(AVDResourceGroupId, '/')[4])
     name: 'c_DsktpRead_${split(AVDResourceGroupId, '/')[4]}'
     params: {
@@ -2258,6 +2261,8 @@ module roleAssignment_AutoAcctDesktopReadSameRG 'carml/1.3.0/Microsoft.Authoriza
     ]
   }
 
+// Assign role to Automation Account for Log Analytics Contributor to allow Automation Account to write to Log Analytics
+// (Needed for Automation Account)
 module roleAssignment_LogAnalytics 'carml/1.3.0/Microsoft.Authorization/roleAssignments/resourceGroup/deploy.bicep' = {
   scope: resourceGroup(split(LogAnalyticsWorkspaceResourceId, '/')[2], split(LogAnalyticsWorkspaceResourceId, '/')[4])
   name: 'c_LogContrib_${split(LogAnalyticsWorkspaceResourceId, '/')[4]}'
@@ -2273,6 +2278,8 @@ module roleAssignment_LogAnalytics 'carml/1.3.0/Microsoft.Authorization/roleAssi
   ]
 }
 
+// Assign role to Automation Account for Storage Account Contributor to allow Automation Account to gather Storage Statistics
+// (Needed for Automation Account)
 module roleAssignment_Storage 'carml/1.3.0/Microsoft.Authorization/roleAssignments/resourceGroup/deploy.bicep' = [
   for StorAcctRG in StorAcctRGs: {
     scope: resourceGroup(StorAcctRG)