https://worldofeuc.com logo
Join Slack
Powered by
This message was deleted.
# citrix-app-layering
s
This message was deleted.
k
Rob, along the lines of SAS tokens. I am trying to create an Azure Deployments connector. It keeps failing on access to the blob, to create the packaging machine. We tried a System Managed and user Managed identity, assuming that is what generates the token. The documentation isn't clear on 'how' you set it up to generate that token. Hoping you have some insight on what I may be missing ?
r
Do you allow sas tokens on the storage account used by the appliance?
Did you assign the managed identity contributor on the app layering resource group
And network
I assume the storage account is in that resource group
Someone has been working for a week on this issue with support but i have not seen a resolution yet
I have not had any issues
And yes the appliance should be creating the token
k
That someone is me. 😁
r
Ah
Sorry
So i think all the questions I had are answered yes
k
Do you allow sas tokens on the storage account used by the appliance? -We assigned/tried a System managed and user managed identity, and didnt work.
r
Are your templates in the dame resouce group as the appliance
k
Did you assign the managed identity contributor on the app layering resource group - Assigned the identity on the appliance itself, as directed by support.
r
But the you need to use the idetity to give permission to the resource group and network
Just like you would with a service principal
k
The appliance, and storage, is in a RG in one sub, and we are trying to spin up the packaging machines were our SIG is located, which is in a different sub. For some reason, the ELM only sees that sub, where the SIG is located, which inst the same sub as where the ELM lives.
r
You do have to give it permissions
In both dubs
Subs
πŸ‘ 1
k
The templates live, in the sub where we want the machines to be spun up to author.
r
The managed identity is what you give permissions to
k
Should it be system or user ?
r
I use system but i tjink you can use either
So the appliance is trying to spin up a packaging machine in the other sub and cant create the fisk?
k
Correct. its def perms.
r
If you look at permissions on the storage account do you see the managed identity
k
Looking....
r
It should be listed with contributor
k
Well, i didn't create a storage blob in that RG, and that must be the reason.
r
Well thats def an issue but i have only used the storage account that goes with yhe appliance
Not sure how it would know to use a different one
Maybe if it’s defined in the template
But you ate really complicating this
k
I am an ELM n00b.Learning 😁
r
Whay not package in the othrr dub snd use the compute gallery to teplicate the images
k
The SIG, is where we have capabilities to automate and consume. Long story, but its environmental.
r
We are all learning this its brand new
k
Whay not package in the othrr dub snd use the compute gallery to teplicate the images <---We are going to try that route.
r
I think that will be much easier
I think to do what you want you would need to modify yhe templates to create bms in the other subscription and storage account
Plus create the storage account and permission it
If you use yhe appliance resource group it will ne easier
Sorry for typos im on my phone
k
Ok, one thing we didnt try, because of how we are setup globally, is contain everything into the same RG. We need more access for that.
I appreciate you answering on your day off.
r
Glad to help. Let us know how it goes
k
Fo Sho!
7 Views
Open in Slack
PreviousNext
Powered by