If Azure Databricks will be deleted by someone and which contains Notebooks as well. So, if we want to recover that databricks along with notebooks , is it possible?
If so please explain how we can achieve this type of condition.
If you are looking to prevent deletion, you can set Azure Resource locks. Specifically you can set the CanNotDelete lock. This lock means authorized users can still read and modify a resource, but they can't delete the resource.
Some Azure services, such as Azure Databricks, use managed applications to implement the service. In that case, the service creates two resource groups. One resource group contains an overview of the service and isn't locked. The other resource group contains the infrastructure for the service and is locked. You should lock the resource containing the service to prevent accidental deletion.
If you try to delete the infrastructure resource group, you get an error stating that the resource group is locked. If you try to delete the lock for the infrastructure resource group, you get an error stating that the lock can't be deleted because it's owned by a system application.
https://learn.microsoft.com/en-us/azure/azure-resource-manager/resource-group-lock-resources
Related
I need to reorganize my Azure resource groups and could move everything except the microsoft.web/certificates. When I try to move this you get a validation error
Resource move is not supported for resource types 'Microsoft.Web/certificates'. (Code: ResourceMoveNotSupported, Target: /subscriptions/{GUID}/resourceGroups/{Old Group Name}/providers/Microsoft.Web/certificates/{Name})
Anybody knows how to move these certificates or how I can regenerate/replace this certificate?
As I understand you’re attempting to move resources to a different/new Resource Group (RG).
There are some limitations and checklist/guidelines for moving resources.
Checkout this doc: Move App Service resources to a new resource group or subscription.
Also, note that Azure resource type Microsoft.web/certificates do not support move operation between RGs, but only supports move operations across subscriptions.
Reference: move-support-resources#microsoftweb
You may want to validate: For your Azure web app, select Diagnose and solve problems. Then, select Configuration and Management >> Select Migration Options.
Recently I was provisioning a new Azure Synapse resource, which ended up creating 2 different resource groups.
I understand a resource group is basically a container for related items, fair enough but thinking about it more I am actually confused why would Azure decide to create two separate resource groups instead of just putting it all into one?
The bigger burning question I have is after creating a number of resources - Lets say each one spawns multiple resource groups.
How can I tell which resource group is a "child" or a "parent" of another?
#rodneyc8063 Thanks for updating the concern of your question. Posting your discussion in the comments as an Answer to help other community members.
As said by Daniel Mann you are getting the additional resource group because your synapse workspace is creating the managed resource group.
A managed resource group is like a container which can hold the resources required by your resource. It is created by default when your workspace is created.
You can name it if you want, else its name will be created automatically.
When you delete the Main Resource Group of your resource, then the resources inside it also will be deleted.
The managed resource group also deleted when you delete the resource(managed application).
That’s why the second resource group is deleted when you delete the first one.
As far as I know apart from this there is no relationship between them.
References:
Overview of managed applications - Azure Managed Applications | Microsoft Docs
Blog from DataSimAntics about managed resource group.
Team,
Using Azure Pass - Sponsorship subscription i have created storage account.
Now after creating it when i go to Access keys tab i am getting below error.
Resource details:
Performance/Access tier:Standard/Hot
Replication:Read-access geo-redundant storage (RA-GRS) Account
kind:StorageV2 (general purpose v2)
Error message:
Access blocked
The resource is locked
Cannot access the data plane because of a read lock on the resource or its parent.
There is no locks applied for this resource.
Is storage account not available for my subscription?
How to resolve this error?
Please let me know if you need any other information.
You may check if you have reached spend limit in your Azure Pass - Sponsorship subscription. Here is a similar issue.
When your usage results in charges that exhaust your spending limit,
the services that you deployed are disabled for the rest of that
billing period.
I would assume this means the lock is on the parent, so on the resource group. remove the lock there and try again.
When I create an AKS cluster using Azure portal I can see that new resource groups are created. It seems that I have no control over how they are named, especially the one with with "MC_" prefix. I also don't see an option to change its name when using ARM template.
In addition, if I create a cluster in customer's subscription, where I only have access to 1 resource group, I don't even see the newly created RG and can't manage it.
Is there a way to force deployment of all AKS components into a single resource group?
No, there is no way to force it at this point in time. As for the access, you should request access to that RG. No real workarounds.
Secondary resource group name can be inferred, I think, its something like:
MC_original-resource-group-name_aks-resource-name_location
it also creates OMS resource group (if you enable OMS) and Network Watcher (this can be disabled, btw, but its a provider setting). you have no control over that as well.
there is a not implemented yet nodeResourceGroup property: https://learn.microsoft.com/en-us/rest/api/aks/managedclusters/createorupdate#examples
EDIT: this is actually working right now, so the nodeResourceGroup property can be used. But it would still be a new resource group, so you would still need to request access to that group and using this property is not possible with the portal (so ARM Templates\pulumi\terraform)
I tried following the Quickstart: Run a Spark job on Azure Databricks using the Azure portal as described at: https://learn.microsoft.com/en-us/azure/azure-databricks/quickstart-create-databricks-workspace-portal
But when I later try to delete resource group for that databricks resource I got the following two errors:
Delete resource group databricks-rg-mydatabricksws-5mlo3dio7wef2
failed The resource group databricks-rg-mydatabricksws-5mlo3dio7wef2
is locked and can't be deleted. Click here to manage locks for this
resource group.
UnauthorizedApplicationId "The management lock ... is owned by system
application"
See: https://aka.ms/arm-lock
Lock Deletion Failure The lock named mydatabricksws was unable to be
deleted for the following reasons: {"errorThrown":"Unavailable in
batch","jqXHR":{"responseJSON":{"error":{"code":"UnauthorizedApplicationId","message":"The
management lock 'mydatabricksws' is owned by system application(s)
'd9327919-6775-4843-9037-3fb0fb0473cb'.
I also encountered the same problem before. I get the answer from this link.
Log into your Azure Databricks workspace as the account owner (the user who created the service), and click the user profile Account icon at the top right.
Select Manage Account.
In the Azure Databricks service, click Azure Delete and then OK.
You also could get the Azure Databricks code demo from this document.