From cdaa3d5f977c47a8d222b2305615829f66f954e5 Mon Sep 17 00:00:00 2001 From: Venkata Chintala <29983008+chintalavr@users.noreply.github.com> Date: Mon, 8 Jul 2024 18:57:56 -0400 Subject: [PATCH] Fixed Azure Monitor permissions and SQL MI AD auth issues. --- azure_jumpstart_arcbox/artifacts/DataOpsLogonScript.ps1 | 2 +- azure_jumpstart_arcbox/artifacts/DeploySQLMIADAuth.ps1 | 3 ++- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/azure_jumpstart_arcbox/artifacts/DataOpsLogonScript.ps1 b/azure_jumpstart_arcbox/artifacts/DataOpsLogonScript.ps1 index fefb3dca6a..923f444cf5 100644 --- a/azure_jumpstart_arcbox/artifacts/DataOpsLogonScript.ps1 +++ b/azure_jumpstart_arcbox/artifacts/DataOpsLogonScript.ps1 @@ -428,7 +428,7 @@ foreach($cluster in $clusters){ $clusterName = $cluster.clusterName $dataController = $cluster.dataController $Env:MSI_OBJECT_ID = (az k8s-extension show --resource-group $Env:resourceGroup --cluster-name $clusterName --cluster-type connectedClusters --name arc-data-services | convertFrom-json).identity.principalId - az role assignment create --assignee $Env:MSI_OBJECT_ID --role 'Monitoring Metrics Publisher' --scope "/subscriptions/$Env:subscriptionId/resourceGroups/$Env:resourceGroup" + az role assignment create --assignee-object-id $Env:MSI_OBJECT_ID --assignee-principal-type ServicePrincipal --role 'Monitoring Metrics Publisher' --scope "/subscriptions/$Env:subscriptionId/resourceGroups/$Env:resourceGroup" az arcdata dc update --name $dataController --resource-group $Env:resourceGroup --auto-upload-metrics true az arcdata dc update --name $dataController --resource-group $Env:resourceGroup --auto-upload-logs true } diff --git a/azure_jumpstart_arcbox/artifacts/DeploySQLMIADAuth.ps1 b/azure_jumpstart_arcbox/artifacts/DeploySQLMIADAuth.ps1 index 3e8ab8abd8..aadbe42458 100644 --- a/azure_jumpstart_arcbox/artifacts/DeploySQLMIADAuth.ps1 +++ b/azure_jumpstart_arcbox/artifacts/DeploySQLMIADAuth.ps1 @@ -161,8 +161,9 @@ $sqlInstances | Foreach-Object -ThrottleLimit 5 -Parallel { ktpass /princ ${samaccountname}@${domain_name} /ptype KRB5_NT_PRINCIPAL /crypto aes256-sha1 /mapuser ${domain_netbios_name}\${samaccountname} /in $keytab_file /out $keytab_file -setpass -setupn /pass $arcsapass ktpass /princ ${samaccountname}@${domain_name} /ptype KRB5_NT_PRINCIPAL /crypto rc4-hmac-nt /mapuser ${domain_netbios_name}\${samaccountname} /in $keytab_file /out $keytab_file -setpass -setupn /pass $arcsapass + # Convert key tab file into base64 data - $keytabrawdata = Get-Content $keytab_file -Encoding byte + $keytabrawdata = Get-Content $keytab_file -AsByteStream $b64keytabtext = [System.Convert]::ToBase64String($keytabrawdata) # Grant permission to DSA account on SQLMI OU }