Prerequisites:
DevTest Lab with Azure Repos connected (as a source for ARM Templates)
working ARM template
Custom images in that DTLab
You try to deploy an ARM template and all deployments fail with error:
Please note, that the mentioned in error message snapshot ("mshasstupiderrors") is not mentioned in ARM template (in my case, I've used only standard Windows Server 2019).
The fix is to check if there is a custom image in that DTLab with the name "mshasstupiderrors" which is missing a connected snapshot.
This post is triggered by 7 months of support case battle with MS - they agreed that this an issue (ARM template deployment validation?), but were not able to find a reason asked to close the ticket...
Related
I am new to deploying ARM templates. Before I created the ARM template I created a simple infrastructure consisting of 1 VM, 1 VNet, and 1 storage account. Once I finished provisioning the infrastructure, I decided to make a template for future use. I went under automation scripts, and I saved it to the library and I saved the changes and then I decided to test it out by deploying the template. After this, I got an error code that says the following:
Deployment template validation failed: 'Circular dependency detected on resource: '/subscriptions/7b790d29-944d-4f0f-861b-928e4774cde9/resourceGroups/SimpleRev2/providers/Microsoft.Network/networkInterfaces/simplevm18'. Please see https://aka.ms/arm-template/#resources for usage details.'. (Code: InvalidTemplate)
So what should i do please guide?
I need to change the Azure DSC configuration that has been previously assigned to a VM.
I'm trying to do this programatically because it's part of an automation I'm developing and because of this, I'm using ARM Templates.
However, redeploying the same VM DSC extension by ARM Template results in an error stating a VM can't have two of the same extensions, which sounds logical.
What I want to know if it's possible to, by ARM Template, "update" or "modify" the current extension with just one setting changed: The configuration name.
Is this possible?
Sure - you can update the existing VM extension by providing new configuration in your ARM template. As you have found out, you cannot use a different name for the extension - that would result in two VM extensions of the same type on the VM. Instead, you need to reuse the same name of the existing VM extension when performing the update.
I have a release setup that I'm trying get out through Azure Devops release pipelines. This is based on another release that I've cloned and works fine.
The issue is that the template is failing a validation check and not going any further. Strange thing is i'm able to check the syntax successfully with new-AzResourceGroupDeployment and test-AzResourceGroupDeployment. It reports no errors and has been deploying fine.
Using Azure Devops release the error coming back is:
2020-02-26T12:26:16.2632844Z ==============================================================================
2020-02-26T12:26:16.2633634Z Task : ARM template deployment
2020-02-26T12:26:16.2634204Z Description : Deploy an Azure Resource Manager (ARM) template to all the deployment scopes
2020-02-26T12:26:16.2634534Z Version : 3.1.19
2020-02-26T12:26:16.2634945Z Author : Microsoft Corporation
2020-02-26T12:26:16.2635504Z Help : https://learn.microsoft.com/azure/devops/pipelines/tasks/deploy/azure-resource-group-deployment
2020-02-26T12:26:16.2635948Z ==============================================================================
2020-02-26T12:26:16.8677026Z ARM Service Conection deployment scope - Subscription
2020-02-26T12:26:16.8760315Z Checking if the following resource group exists: myResourceGroup.
2020-02-26T12:26:17.2234188Z Resource group exists: true.
2020-02-26T12:26:17.2259290Z Creating deployment parameters.
2020-02-26T12:26:17.2558066Z The detected encoding for file 'd:\a\r1\a\_Azure-Infrastructure\myResourceGroup\deployment\azuredeploy.json' is 'utf-8'
2020-02-26T12:26:17.2561303Z The detected encoding for file 'd:\a\r1\a\_Azure-Infrastructure\myResourceGroup\deployment\param.dev.json' is 'utf-8'
2020-02-26T12:26:17.5304032Z Starting template validation.
2020-02-26T12:26:17.5304834Z Deployment name is Release-vstfs:///ReleaseManagement/Release/95
2020-02-26T12:26:17.5877973Z ##[warning]Validation errors were found in the Azure Resource Manager template. This can potentially cause template deployment to fail. Template validation failed. Error: {"message":"No HTTP resource was found that matches the request URI 'https://management.azure.com/subscriptions/mySubscription/resourcegroups/myResourceGroup/providers/Microsoft.Resources/deployments/Release-vstfs:/ReleaseManagement/Release/95/validate?api-version=2017-05-10'."}.. Please follow https://learn.microsoft.com/en-us/azure/azure-resource-manager/templates/template-syntax
2020-02-26T12:26:17.5890527Z Starting Deployment.
2020-02-26T12:26:17.5891348Z Deployment name is Release-vstfs:///ReleaseManagement/Release/95
2020-02-26T12:26:17.6289831Z There were errors in your deployment. Error code: undefined.
2020-02-26T12:26:17.6291819Z ##[error][object Object]
2020-02-26T12:26:17.6295387Z ##[error]Task failed while creating or updating the template deployment.
2020-02-26T12:26:17.6399260Z ##[section]Finishing: ARM Template deployment: Resource Group scope
​Looking the log above, I'm not sure if it's failing on the validation errors or on the error near the end with a undefined error code.
The task is from another subscription and it's listed in the Azure Resource Manager connection on the task and also lists the subscription and the resource groups in the subscription.
Anyone any ideas on how I can get this working or where to start troubleshooting?
your deployment name is:
Release-vstfs:/ReleaseManagement/Release/95
fairly certain that's not allowed (/). so you need to set your deployment name to something reasonable.
ps. : might not be allowed as well
Did you look at the Activity Log in Azure portal?
All deployment attempts are logged here. Look in particular at the JSON pane, often the real issue is only displayed here.
Otherwise, if it doesn't reach Azure, can you double check the service connection in Azure DevOps? (in particular the related user permission in Azure)
In Azure pipeline when creating a VM through deployment template, we have the option to 'Configure with WinRM agent' as given below.
This acts as a custom extension behind the scenes. But the downloading of this custom extension can be blocked by an internal vnet in Azure. This is the error we are getting.
<datetime> Adding extension 'WinRMCustomScriptExtension' on virtual machine <vmname>
<datetime> Failed to add the extension to the vm: <vmname>. Error: "VM has reported a failure when processing extension 'WinRMCustomScriptExtension'. Error message: \"Failed to download all specified files. Exiting. Error Message: The underlying connection was closed: An unexpected error occurred on a send.\"\r\n\r\nMore information on troubleshooting is available at https://aka.ms/VMExtensionCSEWindowsTroubleshoot "
Since the files cannot be downloaded, I am thinking of a couple of solutions:
How can I know which powershell files azure is using to setup winrm?
Location to store files would be storage account (same vnet as VM)
Perhaps not use WinRM at all and use custom script extension to resolve
everything (with all files from storage account). I hope error from extension stops the pipeline if it happens.
Is there a better solution to resolve this? To me it looks like a bad design by azure as it is not covering non-public VMs.
EDIT:
Found answer to #1) https://aka.ms/vstsconfigurewinrm. This was shown in Raw logs of the pipeline when diagnostics were enabled
Even if you know - how does it help you? It won't be able to download them anyway and you cant really tell it to use local files
If you enable service endpoins and allow your subnet to talk to the storage account - it should work
there is a way to configure WinRM when you create the VM. Keyvault example
You could use script extension like you wanted to as well, but script extension has to download stuff to the Vm as well. Example
I am trying to replicate an existing Azure resource group using arm templates from the automation script section but running into a warning message about 10 resources types cannot be exported yet. One being Azure data factory. After searching online I found that templates for some resource types are not yet available. While looking at the Deployment section in my resource group, I am able to see a deployment details download link for each resource.
Can those be used to recreate each resource into a new resource group? Or is my best bet downloading the template from the automation script section and manually adding the resources for which the template are not yet available?
Any help would be appreciated.
Some of the warnings I got:
ResourceTypeSchemaNotFound:
***The schema of resource type 'Microsoft.DataFactory/dataFactories' is not available. Resources of this type will not be exported to the
template. (Code: ResourceTypeSchemaNotFound, Target:
Microsoft.DataFactory/dataFactories
ExportTemplateProviderError: all related to sql server
***Could not get resources of the type 'Microsoft.Sql/servers/connectionPolicies'. Resources of this type
will not be exported. (Code: ExportTemplateProviderError, Target:
Microsoft.Sql/servers/connectionPolicies)
***Could not get resources of the type 'Microsoft.Sql/servers/backupLongTermRetentionVaults'
***Could not get resources of the type 'Microsoft.Sql/servers/extendedAuditingSettings'.
The Azure resource group ARM templates from the automation script section are not as comprehensive as they should probably be. For example, it is quite possible to deploy a Data Factory instance from ARM. It provides a reasonable starting point but you will find resources that don't deploy as well as a lot of superfluous cruft.
The approach I take is to start from a clean template in Visual Studio and then construct a project from a blank template or quick-start, then refer to the template documentation and build up from scratch, using your exported ARM template from your resource group to help work out how it should look. This results in a nice clean reusable template project.
Unfortunately I have not found an better way yet.