Raising a RHEL support request in Azure

We've been using RHEL machines in Azure for a while now but had no cause to actually make use of the support option we're paying for with the licence/support included images we are using.

So how do you do this?

Well it's all integrated into the portal and on the VM screens you get a nice extra button - see pic below (one from bottom)

Clicking this then takes you to this screen

If you then click go to customer portal then this happens

AADSTS90094: The grant requires admin permission


So thats useful - i'm clearly missing some rights - but no idea which ones and there seems to be zero documentation about what is required.

So we raised a support ticket with Microsoft to ask what is required - they basically didn't know.....

After some messing about though we found that the following works - which does seem like total overkill and maybe there is some lesser role that makes this work but it's fine as a temporary grant i guess.......

So we go to Azure AD and grant the user global admin on the directory using the super user azure accounts......

This runs fine

Then we try again as the linux admin user

Now it's happy and we accept the proposal......

Now we get forwarded to relate this to our existing redhat account (or create a new one) - think something was a little screwy with the redhat webservers when i went to this - see screenshots below - but it still worked.

After that we get this nice message and it's all linked up and we can now raise tickets and access the redhat docs. We can now revoke the directory role and it still continues to work fine (even against new server we might raise tickets for - it's a one time grant).

So got there in the end. This needs better documenting i think to avoid people getting stuck on the same issue. Maybe there is some sort of assumption that the person raising tickets would also always have this global admin rights - but that really depends on how the Azure support teams are structured and how separation of duties is defined. For us at least os admins dont have full control in the Azure AD - they have limited roles in the portal to just do what they need to be able to.

I would think most large IT shops would work in a similiar way - unless they've been overrun with bearded hipsters who are devops rockstars and do everything everywhere themselves.......


Post a Comment