针对Azure中VM的自定义指标
[英]Custom Metrics against a VM in Azure
问题描述
I am getting authorization error on 'Microsoft.Insights/Metrics/write' 
我在“ Microsoft.Insights / Metrics / write”上收到授权错误
I have a virtual machine resource and a service principle that has contributor role. 我有一个虚拟机资源和一个具有贡献者角色的服务原则。 I am trying to emit metrics against a virtual machine resource. 我正在尝试针对虚拟机资源发出指标。 Following the guide here: https://docs.microsoft.com/en-us/azure/azure-monitor/platform/metrics-store-custom-rest-api 请按照此处的指南进行操作: https : //docs.microsoft.com/zh-cn/azure/azure-monitor/platform/metrics-store-custom-rest-api
But I am getting this error: 但我收到此错误:
{"error":{"code":"AuthenticationFailed","message":"The Azure AD object '0f6a81eb-8950-43eb-989a-f715fb84e4e2' does not have permissions to perform action 'Microsoft.Insights/Metrics/write' over scope '/subscriptions/ba0583bb-4130-4d7b-bfe4-0c7597857323/resourceGroups/sample-PM-LA-resourceGrp/providers/Microsoft.Compute/virtualMachines/sample-PM-virtualMachine'. "}} {“错误”:{“代码”:“ AuthenticationFailed”,“消息”:“ Azure AD对象'0f6a81eb-8950-43eb-989a-f715fb84e4e2'没有执行操作'Microsoft.Insights / Metrics / write'的权限超出范围'/subscriptions/ba0583bb-4130-4d7b-bfe4-0c7597857323/resourceGroups/sample-PM-LA-resourceGrp/providers/Microsoft.Compute/virtualMachines/sample-PM-virtualMachine'。“}}
Here is what I am doing: 这是我在做什么:
curl -X POST https://westus2.monitoring.azure.com/subscriptions/ba0583bb-4130-4d7b-bfe4-0c7597857323/resourceGroups/sample-PM-LA-resourceGrp/providers/Microsoft.Compute/virtualMachines/sample-PM-virtualMachine/metrics -H "Content-Type: application/json" -H "Authorization: Bearer <auth-code>" -d @custommetric.json
and the error I get: 和我得到的错误:
{"error":{"code":"AuthenticationFailed","message":"The Azure AD object '0f6a81eb-8950-43eb-989a-f715fb84e4e2' does not have permissions to perform action 'Microsoft.Insights/Metrics/write' over scope '/subscriptions/ba0583bb-4130-4d7b-bfe4-0c7597857323/resourceGroups/sample-PM-LA-resourceGrp/providers/Microsoft.Compute/virtualMachines/sample-PM-virtualMachine'. "}}
Does any one know why this happens? 有谁知道为什么会这样吗? I have the required permissions and the service principle has also been given the permission. 我具有必需的权限,并且服务原则也已获得权限。
1 个解决方案
解决方案1
0 2019-04-04 21:16:22
I see that you mention that Service Principal created has Contributor role. 我看到您提到创建的服务主体具有Contributor角色。
Microsoft Documentation specifically calls for Monitoring Metrics Publisher role for the service principal. Microsoft文档专门要求服务主体具有Monitoring Metrics Publisher角色。
Additionaly, I see this GitHub thread very similar to your issue, where even the Owner role for resource doesn't carry this specific permission, so it might not be very intuitive. 另外,我看到这个GitHub线程与您的问题非常相似,即使资源的Owner角色也没有此特定权限,因此它可能不是很直观。
So try adding Monitoring Metrics Publisher role for Service Principal 因此,请尝试为Service Principal添加Monitoring Metrics Publisher角色
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.