Enable debug logging
To troubleshoot a deployment error, enable debug logging to get more information. Debug logging works for deployments using Bicep files or Azure Resource Manager templates (ARM templates). You can get data about a deployment's request and response to learn the cause of a problem.
Warning
Debug logging can expose secrets like passwords or listKeys. Only enable debug logging when you need to troubleshoot a deployment error.
Set up debug logging
Use Azure PowerShell to enable debug logging and view the results with Azure PowerShell or Azure CLI.
For a resource group deployment, use New-AzResourceGroupDeployment to set the DeploymentDebugLogLevel parameter to All, ResponseContent, or RequestContent.
When debug logging is enabled, a warning is displayed that secrets like passwords or listKeys can be logged and displayed when you get deployment operations with commands like Get-AzResourceGroupDeploymentOperation.
New-AzResourceGroupDeployment `
-Name exampledeployment `
-ResourceGroupName examplegroup `
-TemplateFile main.bicep `
-DeploymentDebugLogLevel All
The output shows the debug logging level.
DeploymentDebugLogLevel : RequestContent, ResponseContent
The DeploymentDebugLogLevel parameter is available for other deployment scopes: subscription, management group, and tenant.
Get debug information
After debug logging is enabled, you can get more information from the deployment operations.
For a resource group deployment, use Get-AzResourceGroupDeploymentOperation to get deployment operations.
Get-AzResourceGroupDeploymentOperation `
-DeploymentName exampledeployment `
-ResourceGroupName examplegroup
You can specify a property, like StatusMessage or StatusCode to filter the output.
(Get-AzResourceGroupDeploymentOperation `
-DeploymentName exampledeployment `
-ResourceGroupName examplegroup).StatusMessage
For more information, see the documentation for deployment operation scopes: subscription, management group, and tenant.
Remove debug deployment history
When you're finished debugging, you can remove deployment history to prevent anyone who has access from seeing sensitive information that might have been logged. If you used multiple deployment names during debugging, run the command for each deployment name.
To remove deployment history for a resource group deployment, use Remove-AzResourceGroupDeployment.
Remove-AzResourceGroupDeployment -ResourceGroupName examplegroup -Name exampledeployment
The command returns True when it's successful.
For more information about deployment history, see the documentation for the deployment scopes: subscription, management group, and tenant.
Nested template
To log debug information for a nested ARM template, use the Microsoft.Resources/deployments debugSetting property.
{
"type": "Microsoft.Resources/deployments",
"apiVersion": "2020-10-01",
"name": "nestedTemplate",
"properties": {
"mode": "Incremental",
"templateLink": {
"uri": "{template-uri}",
"contentVersion": "1.0.0.0"
},
"debugSetting": {
"detailLevel": "requestContent, responseContent"
}
}
}
Bicep uses modules rather than nested templates.
Next steps
Maklum balas
Kirim dan lihat maklum balas untuk