From 4ef3455187133d26ca3c3f872fde7f5d42089713 Mon Sep 17 00:00:00 2001 From: Zaid Mohammad Date: Thu, 25 Jul 2024 21:34:28 -0400 Subject: [PATCH 1/5] update storage auth mode --- azure_jumpstart_arcbox/artifacts/installK3s.sh | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) diff --git a/azure_jumpstart_arcbox/artifacts/installK3s.sh b/azure_jumpstart_arcbox/artifacts/installK3s.sh index 7978d7a4ef..c65f15eafe 100644 --- a/azure_jumpstart_arcbox/artifacts/installK3s.sh +++ b/azure_jumpstart_arcbox/artifacts/installK3s.sh @@ -128,10 +128,9 @@ if [[ "$k3sControlPlane" == "true" ]]; then echo "k3sClusterIp: $publicIp" >> $k3sClusterNodeConfig sudo -u $adminUsername az extension add --upgrade -n storage-preview storageAccountRG=$(sudo -u $adminUsername az storage account show --name $stagingStorageAccountName --query 'resourceGroup' | sed -e 's/^"//' -e 's/"$//') - storageAccountKey=$(sudo -u $adminUsername az storage account keys list --resource-group $storageAccountRG --account-name $stagingStorageAccountName --query [0].value | sed -e 's/^"//' -e 's/"$//') - sudo -u $adminUsername az storage container create -n $storageContainerName --account-name $stagingStorageAccountName --account-key $storageAccountKey - sudo -u $adminUsername az storage azcopy blob upload --container $storageContainerName --account-name $stagingStorageAccountName --account-key $storageAccountKey --source $localPath - sudo -u $adminUsername az storage azcopy blob upload --container $storageContainerName --account-name $stagingStorageAccountName --account-key $storageAccountKey --source $k3sClusterNodeConfig + sudo -u $adminUsername az storage container create -n $storageContainerName --account-name $stagingStorageAccountName --auth-mode login + sudo -u $adminUsername az storage azcopy blob upload --container $storageContainerName --account-name $stagingStorageAccountName --auth-mode login --source $localPath + sudo -u $adminUsername az storage azcopy blob upload --container $storageContainerName --account-name $stagingStorageAccountName --auth-mode login --source $k3sClusterNodeConfig # # Registering Azure resource providers # echo "" @@ -181,8 +180,8 @@ else k3sClusterNodeConfig="k3sClusterNodeConfig.yaml" sudo -u $adminUsername az extension add --upgrade -n storage-preview storageAccountRG=$(sudo -u $adminUsername az storage account show --name $stagingStorageAccountName --query 'resourceGroup' | sed -e 's/^"//' -e 's/"$//') - storageAccountKey=$(sudo -u $adminUsername az storage account keys list --resource-group $storageAccountRG --account-name $stagingStorageAccountName --query [0].value | sed -e 's/^"//' -e 's/"$//') - sudo -u $adminUsername az storage azcopy blob download --container $storageContainerName --account-name $stagingStorageAccountName --account-key $storageAccountKey --source "$k3sClusterNodeConfig" --destination "/home/$adminUsername/$k3sClusterNodeConfig" + # storageAccountKey=$(sudo -u $adminUsername az storage account keys list --resource-group $storageAccountRG --account-name $stagingStorageAccountName --query [0].value | sed -e 's/^"//' -e 's/"$//') + sudo -u $adminUsername az storage azcopy blob download --container $storageContainerName --account-name $stagingStorageAccountName --auth-mode login --source "$k3sClusterNodeConfig" --destination "/home/$adminUsername/$k3sClusterNodeConfig" # Installing Rancher K3s cluster (single worker node) echo "" @@ -204,4 +203,4 @@ echo "" echo "Uploading the script logs to staging storage" echo "" log="/home/${adminUsername}/jumpstart_logs/installK3s.log" -sudo -u $adminUsername az storage azcopy blob upload --container $storageContainerName --account-name $stagingStorageAccountName --account-key $storageAccountKey --source $log --destination "installK3s-$vmName.log" \ No newline at end of file +sudo -u $adminUsername az storage azcopy blob upload --container $storageContainerName --account-name $stagingStorageAccountName --auth-mode login --source $log --destination "installK3s-$vmName.log" \ No newline at end of file From 13faedf983fe3685d8b0a3d498b793120a01948a Mon Sep 17 00:00:00 2001 From: Zaid Mohammad Date: Mon, 29 Jul 2024 09:43:29 -0400 Subject: [PATCH 2/5] add msi auth for storage --- .../artifacts/DataOpsLogonScript.ps1 | 9 ++-- .../artifacts/installK3s.sh | 42 ++++++++++++++----- .../bicep/clientVm/clientVm.bicep | 11 +++++ .../bicep/kubernetes/ubuntuRancher.bicep | 12 ++++++ .../bicep/kubernetes/ubuntuRancherNodes.bicep | 12 ++++++ 5 files changed, 71 insertions(+), 15 deletions(-) diff --git a/azure_jumpstart_arcbox/artifacts/DataOpsLogonScript.ps1 b/azure_jumpstart_arcbox/artifacts/DataOpsLogonScript.ps1 index 567a451dbd..7d3fad9fb2 100644 --- a/azure_jumpstart_arcbox/artifacts/DataOpsLogonScript.ps1 +++ b/azure_jumpstart_arcbox/artifacts/DataOpsLogonScript.ps1 @@ -3,6 +3,7 @@ $Env:ArcBoxLogsDir = "C:\ArcBox\Logs" $Env:ArcBoxVMDir = "F:\Virtual Machines" $Env:ArcBoxIconDir = "C:\ArcBox\Icons" $Env:ArcBoxTestsDir = "$Env:ArcBoxDir\Tests" +$Env:AZCOPY_AUTO_LOGIN_TYPE = "MSI" $clusters = @( [pscustomobject]@{clusterName = $Env:k3sArcDataClusterName; dataController = "$Env:k3sArcDataClusterName-dc" ; customLocation = "$Env:k3sArcDataClusterName-cl" ; storageClassName = 'longhorn' ; licenseType = 'LicenseIncluded' ; context = 'k3s' ; kubeConfig = "C:\Users\$Env:adminUsername\.kube\config-datasvc-k3s" } @@ -100,9 +101,9 @@ Write-Host "`n" # Downloading k3s Kubernetes cluster kubeconfig file Write-Header "Downloading k3s Kubeconfig" $sourceFile = "https://$Env:stagingStorageAccountName.blob.core.windows.net/$($Env:k3sArcDataClusterName.ToLower())/config" -$context = (Get-AzStorageAccount -ResourceGroupName $Env:resourceGroup).Context -$sas = New-AzStorageAccountSASToken -Context $context -Service Blob -ResourceType Container,Object -Permission racwdlup -$sourceFile = $sourceFile + "?" + $sas +# $context = (Get-AzStorageAccount -ResourceGroupName $Env:resourceGroup).Context +# $sas = New-AzStorageAccountSASToken -Context $context -Service Blob -ResourceType Container,Object -Permission racwdlup +# $sourceFile = $sourceFile + "?" + $sas azcopy cp --check-md5 FailIfDifferentOrMissing $sourceFile "C:\Users\$Env:adminUsername\.kube\config-datasvc-k3s" azcopy cp --check-md5 FailIfDifferentOrMissing $sourceFile "C:\Users\$Env:adminUsername\.kube\config" @@ -112,7 +113,7 @@ azcopy cp --check-md5 FailIfDifferentOrMissing $sourceFile "C:\Users\$Env:admin # Downloading 'installk3s.log' log file Write-Header "Downloading k3s Install Logs" $sourceFile = "https://$Env:stagingStorageAccountName.blob.core.windows.net/$($Env:k3sArcDataClusterName.ToLower())/*" -$sourceFile = $sourceFile + "?" + $sas +# $sourceFile = $sourceFile + "?" + $sas azcopy cp --check-md5 FailIfDifferentOrMissing $sourceFile "$Env:ArcBoxLogsDir\" --include-pattern "*.log" Start-Sleep -Seconds 10 diff --git a/azure_jumpstart_arcbox/artifacts/installK3s.sh b/azure_jumpstart_arcbox/artifacts/installK3s.sh index c65f15eafe..b164921b72 100644 --- a/azure_jumpstart_arcbox/artifacts/installK3s.sh +++ b/azure_jumpstart_arcbox/artifacts/installK3s.sh @@ -50,6 +50,22 @@ sudo curl -v -o /etc/profile.d/welcomeK3s.sh ${templateBaseUrl}artifacts/welcome sudo -u $adminUsername mkdir -p /home/${adminUsername}/jumpstart_logs while sleep 1; do sudo -s rsync -a /var/lib/waagent/custom-script/download/0/installK3s.log /home/${adminUsername}/jumpstart_logs/installK3s.log; done & +# Downloading azcopy +echo "" +echo "Downloading azcopy" +echo "" +wget -O azcopy.tar.gz https://aka.ms/downloadazcopy-v10-linux +if [[ $? -ne 0 ]]; then + echo "ERROR: Failed to download azcopy" + exit 1 +fi + +tar -xf azcopy.tar.gz +sudo mv azcopy_linux_amd64_*/azcopy /usr/local/bin/azcopy +sudo chmod +x /usr/local/bin/azcopy +# Authorize azcopy by using a system-wide managed identity +export AZCOPY_AUTO_LOGIN_TYPE=MSI + # Installing Azure CLI & Azure Arc extensions curl -sL https://aka.ms/InstallAzureCLIDeb | sudo bash @@ -126,11 +142,14 @@ if [[ "$k3sControlPlane" == "true" ]]; then k3sClusterNodeConfig="/home/$adminUsername/k3sClusterNodeConfig.yaml" echo "k3sNodeToken: $(sudo cat /var/lib/rancher/k3s/server/node-token)" >> $k3sClusterNodeConfig echo "k3sClusterIp: $publicIp" >> $k3sClusterNodeConfig - sudo -u $adminUsername az extension add --upgrade -n storage-preview - storageAccountRG=$(sudo -u $adminUsername az storage account show --name $stagingStorageAccountName --query 'resourceGroup' | sed -e 's/^"//' -e 's/"$//') - sudo -u $adminUsername az storage container create -n $storageContainerName --account-name $stagingStorageAccountName --auth-mode login - sudo -u $adminUsername az storage azcopy blob upload --container $storageContainerName --account-name $stagingStorageAccountName --auth-mode login --source $localPath - sudo -u $adminUsername az storage azcopy blob upload --container $storageContainerName --account-name $stagingStorageAccountName --auth-mode login --source $k3sClusterNodeConfig + # sudo -u $adminUsername az extension add --upgrade -n storage-preview + # storageAccountRG=$(sudo -u $adminUsername az storage account show --name $stagingStorageAccountName --query 'resourceGroup' | sed -e 's/^"//' -e 's/"$//') + # sudo -u $adminUsername az storage container create -n $storageContainerName --account-name $stagingStorageAccountName --auth-mode login + # sudo -u $adminUsername az storage azcopy blob upload --container $storageContainerName --account-name $stagingStorageAccountName --auth-mode login --source $localPath + # sudo -u $adminUsername az storage azcopy blob upload --container $storageContainerName --account-name $stagingStorageAccountName --auth-mode login --source $k3sClusterNodeConfig + + azcopy cp $localPath "https://$stagingStorageAccountName.blob.core.windows.net/$storageContainerName/config" + azcopy cp $k3sClusterNodeConfig "https://$stagingStorageAccountName.blob.core.windows.net/$storageContainerName/k3sClusterNodeConfig.yaml" # # Registering Azure resource providers # echo "" @@ -177,18 +196,19 @@ else echo "" echo "Downloading k3s control plane details" echo "" - k3sClusterNodeConfig="k3sClusterNodeConfig.yaml" - sudo -u $adminUsername az extension add --upgrade -n storage-preview - storageAccountRG=$(sudo -u $adminUsername az storage account show --name $stagingStorageAccountName --query 'resourceGroup' | sed -e 's/^"//' -e 's/"$//') + k3sClusterNodeConfigYaml="k3sClusterNodeConfig.yaml" + # sudo -u $adminUsername az extension add --upgrade -n storage-preview + # storageAccountRG=$(sudo -u $adminUsername az storage account show --name $stagingStorageAccountName --query 'resourceGroup' | sed -e 's/^"//' -e 's/"$//') # storageAccountKey=$(sudo -u $adminUsername az storage account keys list --resource-group $storageAccountRG --account-name $stagingStorageAccountName --query [0].value | sed -e 's/^"//' -e 's/"$//') - sudo -u $adminUsername az storage azcopy blob download --container $storageContainerName --account-name $stagingStorageAccountName --auth-mode login --source "$k3sClusterNodeConfig" --destination "/home/$adminUsername/$k3sClusterNodeConfig" + # sudo -u $adminUsername az storage azcopy blob download --container $storageContainerName --account-name $stagingStorageAccountName --auth-mode login --source "$k3sClusterNodeConfigYaml" --destination "/home/$adminUsername/$k3sClusterNodeConfigYaml" + azcopy cp --check-md5 FailIfDifferentOrMissing "https://$stagingStorageAccountName.blob.core.windows.net/$storageContainerName/$k3sClusterNodeConfigYaml" "/home/$adminUsername/$k3sClusterNodeConfigYaml" # Installing Rancher K3s cluster (single worker node) echo "" echo "Installing Rancher K3s cluster node" echo "" - k3sNodeToken=$(grep 'k3sNodeToken' "/home/$adminUsername/$k3sClusterNodeConfig" | awk '{print $2}') - k3sClusterIp=$(grep 'k3sClusterIp' "/home/$adminUsername/$k3sClusterNodeConfig" | awk '{print $2}') + k3sNodeToken=$(grep 'k3sNodeToken' "/home/$adminUsername/$k3sClusterNodeConfigYaml" | awk '{print $2}') + k3sClusterIp=$(grep 'k3sClusterIp' "/home/$adminUsername/$k3sClusterNodeConfigYaml" | awk '{print $2}') curl -sfL https://get.k3s.io | K3S_URL=https://${k3sClusterIp}:6443 K3S_TOKEN=${k3sNodeToken} sh - if [[ $? -ne 0 ]]; then echo "ERROR: Failed to add k3s worker nodes" diff --git a/azure_jumpstart_arcbox/bicep/clientVm/clientVm.bicep b/azure_jumpstart_arcbox/bicep/clientVm/clientVm.bicep index 3a3cf50c19..4a2cd263bb 100644 --- a/azure_jumpstart_arcbox/bicep/clientVm/clientVm.bicep +++ b/azure_jumpstart_arcbox/bicep/clientVm/clientVm.bicep @@ -256,5 +256,16 @@ resource vmRoleAssignment_Owner 'Microsoft.Authorization/roleAssignments@2022-04 } } +// Add role assignment for the VM: Storage Blob Data Contributor +resource vmRoleAssignment_Storage 'Microsoft.Authorization/roleAssignments@2022-04-01' = { + name: guid(vm.id, 'Microsoft.Authorization/roleAssignments', 'Storage Blob Data Contributor') + scope: resourceGroup() + properties: { + principalId: vm.identity.principalId + roleDefinitionId: resourceId('Microsoft.Authorization/roleDefinitions', 'ba92f5b4-2d11-453d-a403-e96b0029c9fe') + principalType: 'ServicePrincipal' + } +} + output adminUsername string = windowsAdminUsername output publicIP string = deployBastion == false ? concat(publicIpAddress.properties.ipAddress) : '' diff --git a/azure_jumpstart_arcbox/bicep/kubernetes/ubuntuRancher.bicep b/azure_jumpstart_arcbox/bicep/kubernetes/ubuntuRancher.bicep index e2e3e787d0..b3e276d753 100644 --- a/azure_jumpstart_arcbox/bicep/kubernetes/ubuntuRancher.bicep +++ b/azure_jumpstart_arcbox/bicep/kubernetes/ubuntuRancher.bicep @@ -148,6 +148,17 @@ resource vmRoleAssignment_Owner 'Microsoft.Authorization/roleAssignments@2022-04 } } +// Add role assignment for the VM: Storage Blob Data Contributor +resource vmRoleAssignment_Storage 'Microsoft.Authorization/roleAssignments@2022-04-01' = { + name: guid(vm.id, 'Microsoft.Authorization/roleAssignments', 'Storage Blob Data Contributor') + scope: resourceGroup() + properties: { + principalId: vm.identity.principalId + roleDefinitionId: resourceId('Microsoft.Authorization/roleDefinitions', 'ba92f5b4-2d11-453d-a403-e96b0029c9fe') + principalType: 'ServicePrincipal' + } +} + resource vmInstallscriptK3s 'Microsoft.Compute/virtualMachines/extensions@2022-03-01' = { parent: vm name: 'installscript_k3s' @@ -167,5 +178,6 @@ resource vmInstallscriptK3s 'Microsoft.Compute/virtualMachines/extensions@2022-0 } dependsOn: [ vmRoleAssignment_Owner + vmRoleAssignment_Storage ] } diff --git a/azure_jumpstart_arcbox/bicep/kubernetes/ubuntuRancherNodes.bicep b/azure_jumpstart_arcbox/bicep/kubernetes/ubuntuRancherNodes.bicep index 8a5846f8d6..156e869ca0 100644 --- a/azure_jumpstart_arcbox/bicep/kubernetes/ubuntuRancherNodes.bicep +++ b/azure_jumpstart_arcbox/bicep/kubernetes/ubuntuRancherNodes.bicep @@ -126,6 +126,17 @@ resource vmRoleAssignment_Owner 'Microsoft.Authorization/roleAssignments@2022-04 } } +// Add role assignment for the VM: Storage Blob Data Contributor +resource vmRoleAssignment_Storage 'Microsoft.Authorization/roleAssignments@2022-04-01' = { + name: guid(vm.id, 'Microsoft.Authorization/roleAssignments', 'Storage Blob Data Contributor') + scope: resourceGroup() + properties: { + principalId: vm.identity.principalId + roleDefinitionId: resourceId('Microsoft.Authorization/roleDefinitions', 'ba92f5b4-2d11-453d-a403-e96b0029c9fe') + principalType: 'ServicePrincipal' + } +} + resource vmInstallscriptK3s 'Microsoft.Compute/virtualMachines/extensions@2022-03-01' = { parent: vm name: 'installscript_k3s' @@ -145,5 +156,6 @@ resource vmInstallscriptK3s 'Microsoft.Compute/virtualMachines/extensions@2022-0 } dependsOn: [ vmRoleAssignment_Owner + vmRoleAssignment_Storage ] } From dfe7aef854ea39cced87e405d4df12dba3a2f988 Mon Sep 17 00:00:00 2001 From: Zaid Mohammad Date: Mon, 29 Jul 2024 13:14:45 -0400 Subject: [PATCH 3/5] create container and upload logs --- azure_jumpstart_arcbox/artifacts/installK3s.sh | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/azure_jumpstart_arcbox/artifacts/installK3s.sh b/azure_jumpstart_arcbox/artifacts/installK3s.sh index b164921b72..3076255d4a 100644 --- a/azure_jumpstart_arcbox/artifacts/installK3s.sh +++ b/azure_jumpstart_arcbox/artifacts/installK3s.sh @@ -148,6 +148,7 @@ if [[ "$k3sControlPlane" == "true" ]]; then # sudo -u $adminUsername az storage azcopy blob upload --container $storageContainerName --account-name $stagingStorageAccountName --auth-mode login --source $localPath # sudo -u $adminUsername az storage azcopy blob upload --container $storageContainerName --account-name $stagingStorageAccountName --auth-mode login --source $k3sClusterNodeConfig + azcopy make "https://$stagingStorageAccountName.blob.core.windows.net/$storageContainerName" azcopy cp $localPath "https://$stagingStorageAccountName.blob.core.windows.net/$storageContainerName/config" azcopy cp $k3sClusterNodeConfig "https://$stagingStorageAccountName.blob.core.windows.net/$storageContainerName/k3sClusterNodeConfig.yaml" @@ -223,4 +224,5 @@ echo "" echo "Uploading the script logs to staging storage" echo "" log="/home/${adminUsername}/jumpstart_logs/installK3s.log" -sudo -u $adminUsername az storage azcopy blob upload --container $storageContainerName --account-name $stagingStorageAccountName --auth-mode login --source $log --destination "installK3s-$vmName.log" \ No newline at end of file +# sudo -u $adminUsername az storage azcopy blob upload --container $storageContainerName --account-name $stagingStorageAccountName --auth-mode login --source $log --destination "installK3s-$vmName.log" +azcopy cp $log "https://$stagingStorageAccountName.blob.core.windows.net/$storageContainerName/installK3s-$vmName.log" \ No newline at end of file From df557196d95a41c3e2c8019ac27a349d01b90e1d Mon Sep 17 00:00:00 2001 From: Zaid Mohammad Date: Mon, 29 Jul 2024 16:06:00 -0400 Subject: [PATCH 4/5] cleanup code --- .../artifacts/DataOpsLogonScript.ps1 | 4 --- .../artifacts/installK3s.sh | 29 +------------------ 2 files changed, 1 insertion(+), 32 deletions(-) diff --git a/azure_jumpstart_arcbox/artifacts/DataOpsLogonScript.ps1 b/azure_jumpstart_arcbox/artifacts/DataOpsLogonScript.ps1 index 7d3fad9fb2..4e23ce6d3a 100644 --- a/azure_jumpstart_arcbox/artifacts/DataOpsLogonScript.ps1 +++ b/azure_jumpstart_arcbox/artifacts/DataOpsLogonScript.ps1 @@ -101,9 +101,6 @@ Write-Host "`n" # Downloading k3s Kubernetes cluster kubeconfig file Write-Header "Downloading k3s Kubeconfig" $sourceFile = "https://$Env:stagingStorageAccountName.blob.core.windows.net/$($Env:k3sArcDataClusterName.ToLower())/config" -# $context = (Get-AzStorageAccount -ResourceGroupName $Env:resourceGroup).Context -# $sas = New-AzStorageAccountSASToken -Context $context -Service Blob -ResourceType Container,Object -Permission racwdlup -# $sourceFile = $sourceFile + "?" + $sas azcopy cp --check-md5 FailIfDifferentOrMissing $sourceFile "C:\Users\$Env:adminUsername\.kube\config-datasvc-k3s" azcopy cp --check-md5 FailIfDifferentOrMissing $sourceFile "C:\Users\$Env:adminUsername\.kube\config" @@ -113,7 +110,6 @@ azcopy cp --check-md5 FailIfDifferentOrMissing $sourceFile "C:\Users\$Env:admin # Downloading 'installk3s.log' log file Write-Header "Downloading k3s Install Logs" $sourceFile = "https://$Env:stagingStorageAccountName.blob.core.windows.net/$($Env:k3sArcDataClusterName.ToLower())/*" -# $sourceFile = $sourceFile + "?" + $sas azcopy cp --check-md5 FailIfDifferentOrMissing $sourceFile "$Env:ArcBoxLogsDir\" --include-pattern "*.log" Start-Sleep -Seconds 10 diff --git a/azure_jumpstart_arcbox/artifacts/installK3s.sh b/azure_jumpstart_arcbox/artifacts/installK3s.sh index 3076255d4a..46d1f590bd 100644 --- a/azure_jumpstart_arcbox/artifacts/installK3s.sh +++ b/azure_jumpstart_arcbox/artifacts/installK3s.sh @@ -11,9 +11,6 @@ sudo echo "staginguser:ArcPassw0rd" | sudo chpasswd # Injecting environment variables echo '#!/bin/bash' >> vars.sh echo $adminUsername:$1 | awk '{print substr($1,2); }' >> vars.sh -# echo $SPN_CLIENT_ID:$2 | awk '{print substr($1,2); }' >> vars.sh -# echo $SPN_CLIENT_SECRET:$3 | awk '{print substr($1,2); }' >> vars.sh -# echo $SPN_TENANT_ID:$4 | awk '{print substr($1,2); }' >> vars.sh echo $subscriptionId:$2 | awk '{print substr($1,2); }' >> vars.sh echo $vmName:$3 | awk '{print substr($1,2); }' >> vars.sh echo $location:$4 | awk '{print substr($1,2); }' >> vars.sh @@ -25,9 +22,6 @@ echo $k3sControlPlane:$9 | awk '{print substr($1,2); }' >> vars.sh sed -i '2s/^/export adminUsername=/' vars.sh -# sed -i '3s/^/export SPN_CLIENT_ID=/' vars.sh -# sed -i '4s/^/export SPN_CLIENT_SECRET=/' vars.sh -# sed -i '5s/^/export SPN_TENANT_ID=/' vars.sh sed -i '3s/^/export subscriptionId=/' vars.sh sed -i '4s/^/export vmName=/' vars.sh sed -i '5s/^/export location=/' vars.sh @@ -142,27 +136,11 @@ if [[ "$k3sControlPlane" == "true" ]]; then k3sClusterNodeConfig="/home/$adminUsername/k3sClusterNodeConfig.yaml" echo "k3sNodeToken: $(sudo cat /var/lib/rancher/k3s/server/node-token)" >> $k3sClusterNodeConfig echo "k3sClusterIp: $publicIp" >> $k3sClusterNodeConfig - # sudo -u $adminUsername az extension add --upgrade -n storage-preview - # storageAccountRG=$(sudo -u $adminUsername az storage account show --name $stagingStorageAccountName --query 'resourceGroup' | sed -e 's/^"//' -e 's/"$//') - # sudo -u $adminUsername az storage container create -n $storageContainerName --account-name $stagingStorageAccountName --auth-mode login - # sudo -u $adminUsername az storage azcopy blob upload --container $storageContainerName --account-name $stagingStorageAccountName --auth-mode login --source $localPath - # sudo -u $adminUsername az storage azcopy blob upload --container $storageContainerName --account-name $stagingStorageAccountName --auth-mode login --source $k3sClusterNodeConfig - + # Copying kubeconfig file to staging storage account azcopy make "https://$stagingStorageAccountName.blob.core.windows.net/$storageContainerName" azcopy cp $localPath "https://$stagingStorageAccountName.blob.core.windows.net/$storageContainerName/config" azcopy cp $k3sClusterNodeConfig "https://$stagingStorageAccountName.blob.core.windows.net/$storageContainerName/k3sClusterNodeConfig.yaml" - # # Registering Azure resource providers - # echo "" - # echo "Registering Azure resource providers" - # echo "" - # sudo -u $adminUsername az provider register --namespace 'Microsoft.Kubernetes' --wait - # sudo -u $adminUsername az provider register --namespace 'Microsoft.KubernetesConfiguration' --wait - # sudo -u $adminUsername az provider register --namespace 'Microsoft.PolicyInsights' --wait - # sudo -u $adminUsername az provider register --namespace 'Microsoft.ExtendedLocation' --wait - # sudo -u $adminUsername az provider register --namespace 'Microsoft.AzureArcData' --wait - - # sudo service sshd restart # Onboard the cluster to Azure Arc echo "" echo "Onboarding the cluster to Azure Arc" @@ -198,10 +176,6 @@ else echo "Downloading k3s control plane details" echo "" k3sClusterNodeConfigYaml="k3sClusterNodeConfig.yaml" - # sudo -u $adminUsername az extension add --upgrade -n storage-preview - # storageAccountRG=$(sudo -u $adminUsername az storage account show --name $stagingStorageAccountName --query 'resourceGroup' | sed -e 's/^"//' -e 's/"$//') - # storageAccountKey=$(sudo -u $adminUsername az storage account keys list --resource-group $storageAccountRG --account-name $stagingStorageAccountName --query [0].value | sed -e 's/^"//' -e 's/"$//') - # sudo -u $adminUsername az storage azcopy blob download --container $storageContainerName --account-name $stagingStorageAccountName --auth-mode login --source "$k3sClusterNodeConfigYaml" --destination "/home/$adminUsername/$k3sClusterNodeConfigYaml" azcopy cp --check-md5 FailIfDifferentOrMissing "https://$stagingStorageAccountName.blob.core.windows.net/$storageContainerName/$k3sClusterNodeConfigYaml" "/home/$adminUsername/$k3sClusterNodeConfigYaml" # Installing Rancher K3s cluster (single worker node) @@ -224,5 +198,4 @@ echo "" echo "Uploading the script logs to staging storage" echo "" log="/home/${adminUsername}/jumpstart_logs/installK3s.log" -# sudo -u $adminUsername az storage azcopy blob upload --container $storageContainerName --account-name $stagingStorageAccountName --auth-mode login --source $log --destination "installK3s-$vmName.log" azcopy cp $log "https://$stagingStorageAccountName.blob.core.windows.net/$storageContainerName/installK3s-$vmName.log" \ No newline at end of file From 9647cfa3083e0f581bedffe175317467fae3290b Mon Sep 17 00:00:00 2001 From: Zaid Mohammad Date: Mon, 29 Jul 2024 16:06:24 -0400 Subject: [PATCH 5/5] remove devops storage sastoken --- azure_jumpstart_arcbox/artifacts/DevOpsLogonScript.ps1 | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-) diff --git a/azure_jumpstart_arcbox/artifacts/DevOpsLogonScript.ps1 b/azure_jumpstart_arcbox/artifacts/DevOpsLogonScript.ps1 index b5e39730c2..9e5aea8e3a 100644 --- a/azure_jumpstart_arcbox/artifacts/DevOpsLogonScript.ps1 +++ b/azure_jumpstart_arcbox/artifacts/DevOpsLogonScript.ps1 @@ -9,6 +9,7 @@ $osmReleaseVersion = "1.1.1-1" $osmCLIReleaseVersion = "v1.2.3" $osmMeshName = "osm" $ingressNamespace = "ingress-nginx" +$Env:AZCOPY_AUTO_LOGIN_TYPE = "MSI" # $certname = "ingress-cert" $certdns = "arcbox.devops.com" @@ -49,9 +50,6 @@ az account set -s $env:subscriptionId # Downloading ArcBox-DataSvc-K3s Kubernetes cluster kubeconfig file Write-Header "Downloading ArcBox-DataSvc-K3s K8s Kubeconfig" $sourceFile = "https://$Env:stagingStorageAccountName.blob.core.windows.net/$($Env:k3sArcDataClusterName.ToLower())/config" -$context = (Get-AzStorageAccount -ResourceGroupName $Env:resourceGroup).Context -$sas = New-AzStorageAccountSASToken -Context $context -Service Blob -ResourceType Container,Object -Permission racwdlup -$sourceFile = $sourceFile + "?" + $sas azcopy cp --check-md5 FailIfDifferentOrMissing $sourceFile "C:\Users\$Env:USERNAME\.kube\config" # Downloading ArcBox-DataSvc-K3s log file @@ -63,9 +61,6 @@ azcopy cp --check-md5 FailIfDifferentOrMissing $sourceFile "$Env:ArcBoxLogsDir\ # Downloading ArcBox-K3s cluster kubeconfig file Write-Header "Downloading ArcBox-K3s Kubeconfig" $sourceFile = "https://$Env:stagingStorageAccountName.blob.core.windows.net/$($Env:k3sArcClusterName.ToLower())/config" -$context = (Get-AzStorageAccount -ResourceGroupName $Env:resourceGroup).Context -$sas = New-AzStorageAccountSASToken -Context $context -Service Blob -ResourceType Container,Object -Permission racwdlup -$sourceFile = $sourceFile + "?" + $sas azcopy cp --check-md5 FailIfDifferentOrMissing $sourceFile "C:\Users\$Env:USERNAME\.kube\config-k3s" $Env:KUBECONFIG="C:\users\$Env:USERNAME\.kube\config"