Skip to content

Commit

Permalink
Fixed Azure Monitor permissions and SQL MI AD auth issues.
Browse files Browse the repository at this point in the history
  • Loading branch information
chintalavr committed Jul 8, 2024
1 parent d070e8b commit cdaa3d5
Show file tree
Hide file tree
Showing 2 changed files with 3 additions and 2 deletions.
2 changes: 1 addition & 1 deletion azure_jumpstart_arcbox/artifacts/DataOpsLogonScript.ps1
Original file line number Diff line number Diff line change
Expand Up @@ -428,7 +428,7 @@ foreach($cluster in $clusters){
$clusterName = $cluster.clusterName
$dataController = $cluster.dataController
$Env:MSI_OBJECT_ID = (az k8s-extension show --resource-group $Env:resourceGroup --cluster-name $clusterName --cluster-type connectedClusters --name arc-data-services | convertFrom-json).identity.principalId
az role assignment create --assignee $Env:MSI_OBJECT_ID --role 'Monitoring Metrics Publisher' --scope "/subscriptions/$Env:subscriptionId/resourceGroups/$Env:resourceGroup"
az role assignment create --assignee-object-id $Env:MSI_OBJECT_ID --assignee-principal-type ServicePrincipal --role 'Monitoring Metrics Publisher' --scope "/subscriptions/$Env:subscriptionId/resourceGroups/$Env:resourceGroup"
az arcdata dc update --name $dataController --resource-group $Env:resourceGroup --auto-upload-metrics true
az arcdata dc update --name $dataController --resource-group $Env:resourceGroup --auto-upload-logs true
}
Expand Down
3 changes: 2 additions & 1 deletion azure_jumpstart_arcbox/artifacts/DeploySQLMIADAuth.ps1
Original file line number Diff line number Diff line change
Expand Up @@ -161,8 +161,9 @@ $sqlInstances | Foreach-Object -ThrottleLimit 5 -Parallel {

ktpass /princ ${samaccountname}@${domain_name} /ptype KRB5_NT_PRINCIPAL /crypto aes256-sha1 /mapuser ${domain_netbios_name}\${samaccountname} /in $keytab_file /out $keytab_file -setpass -setupn /pass $arcsapass
ktpass /princ ${samaccountname}@${domain_name} /ptype KRB5_NT_PRINCIPAL /crypto rc4-hmac-nt /mapuser ${domain_netbios_name}\${samaccountname} /in $keytab_file /out $keytab_file -setpass -setupn /pass $arcsapass

# Convert key tab file into base64 data
$keytabrawdata = Get-Content $keytab_file -Encoding byte
$keytabrawdata = Get-Content $keytab_file -AsByteStream
$b64keytabtext = [System.Convert]::ToBase64String($keytabrawdata)
# Grant permission to DSA account on SQLMI OU
}
Expand Down

0 comments on commit cdaa3d5

Please sign in to comment.