As you can see below, I create a group, and then try and create a k8s cluster in this group, getting an error that 'default' doesn't exist. If i then wait another 15 minutes, the error changes. The 'DefaultResourceGroup-CCA' exists immediately, but not as 'defaultresourcegroup-cca', is this case sensitive?
Do you have a suggestion for either of these two errors?
If i delete the '--enable-addons monitoring', the 2nd error goes away, and it works (as long as I have waited ~15 minutes after the group create).
$ az group create --name socks --location canadacentral
{
"id": "/subscriptions/187362fc-9705-4173-9056-6bd387695cf0/resourceGroups/socks",
"location": "canadacentral",
"managedBy": null,
"name": "socks",
"properties": {
"provisioningState": "Succeeded"
},
"tags": null
}
don#cube:~/src-ag/corp-tools/gitlab-runner$ az group list
[
{
"id": "/subscriptions/187362fc-9705-4173-9056-6bd387695cf0/resourceGroups/DefaultResourceGroup-CCA",
"location": "canadacentral",
"managedBy": null,
"name": "DefaultResourceGroup-CCA",
"properties": {
"provisioningState": "Succeeded"
},
"tags": null
},
{
"id": "/subscriptions/187362fc-9705-4173-9056-6bd387695cf0/resourceGroups/socks",
"location": "canadacentral",
"managedBy": null,
"name": "socks",
"properties": {
"provisioningState": "Succeeded"
},
"tags": null
}
]
don#cube:~/src-ag/corp-tools/gitlab-runner$ az aks create --resource-group socks --name sock-shop --node-count 1 --node-vm-size Standard_F4s_v2 --enable-addons monitoring --generate-ssh-keys
Resource group 'defaultresourcegroup-cca' could not be found.
don#cube:~/src-ag/corp-tools/gitlab-runner$ az aks create --resource-group socks --name sock-shop --node-count 1 --node-vm-size Standard_F4s_v2 --enable-addons monitoring --generate-ssh-keys
Operation failed with status: 'Bad Request'. Details: Unable to get log analytics workspace info. Resource ID: /subscriptions/187362fc-9705-4173-9056-6bd387695cf0/resourcegroups/defaultresourcegroup-cca/providers/microsoft.operationalinsights/workspaces/defaultworkspace-187362fc-9705-4173-9056-6bd387695cf0-cca. Detail: operationalinsights.WorkspacesClient#GetSharedKeys: Failure responding to request: StatusCode=404 -- Original Error: autorest/azure: Service returned an error. Status=404 Code="ResourceNotFound" Message="The Resource 'Microsoft.OperationalInsights/workspaces/defaultworkspace-187362fc-9705-4173-9056-6bd387695cf0-cca' under resource group 'defaultresourcegroup-cca' was not found."
We are currently experiencing an outage in South Central US that is affecting ARM
https://azure.microsoft.com/en-us/status/
You will want to monitor the Azure Status Page for further updates. Unfortunately we cannot do anything until the problem has been mitigated by engineering.
Related
I try to execute the current ARM template for Storage static website fonctionnality activation :
{
"type": "Microsoft.Resources/deploymentScripts",
"apiVersion": "2019-10-01-preview",
"name": "[variables('scriptName')]",
"location": "[variables('regionName')]",
// "kind": "AzurePowerShell",
"kind": "AzureCLI",
"dependsOn": [
"[resourceId('Microsoft.Storage/storageAccounts', variables('storage'))]"
],
"identity": {
"type": "userAssigned",
"userAssignedIdentities": {
"/subscriptions/<MySubscription>/resourcegroups/<MyResourceGroup>/providers/Microsoft.ManagedIdentity/userAssignedIdentities/<MyIdentityID>": {}
}
},
"properties": {
"forceUpdateTag": "[parameters('utcNow')]",
"storageAccountSettings": {
"storageAccountName": "[variables('storage')]",
"storageAccountKey": "[listKeys(variables('storage'), '2019-04-01').keys[0].value]"
},
// "azPowerShellVersion": "3.0",
"azCliVersion": "2.5.0",
"scriptContent": "[concat('az storage blob service-properties update --account-name ', variables('storage'), ' --static-website --index-document index.html')]",
"timeout": "PT2M",
"cleanupPreference": "OnSuccess",
"retentionInterval": "PT1H"
}
},
To do so, I created a new Managed Identity, and I affected Contributor role to this identity for my resource group. But during the creation of the deploymentScripts resource, it stays in 'Deploying' mode during a long time, and then failed with this error :
Exceeded maximum wait time of '00:05:00'. Message: 'First-party app identity has not become effective yet.'. (Code: DeploymentScriptOperationFailed)
I follow this guide for getting the Identity ID so I'm pretty sure the userAssignedIdentities is correct.
After some discussions with a Software Engineer from Microsoft, it seems that I have to wait that the Managed Identity replicates to multiple servers internally on Azure so that my scripts can found the Identity to execute properly.
I created the Managed Identity manually, waited 1 day and after that the script ran properly.
When...
creating a new service principal using something like az ad sp create-for-rbac -n 'test' --sdk-auth
...then...
listing the new service principal attributes using !az role assignment list --assignee 'serv_princ_obj_id'
[
{
"canDelegate": null,
"id": "/subscriptions/redact/providers/Microsoft.Authorization/roleAssignments/redact",
"name": "redact",
"principalId": "redact",
"principalName": "http://test",
"principalType": "ServicePrincipal",
"roleDefinitionId": "/subscriptions/redact/providers/Microsoft.Authorization/roleDefinitions/redact",
"roleDefinitionName": "Contributor",
"scope": "/subscriptions/redact",
"type": "Microsoft.Authorization/roleAssignments"
}
]
...or assigning a system-assigned managed identity...
using az functionapp identity assign -g MyResourceGroup -n MyUniqueApp)...
There is often a --scope option. I can't find a list of these scopes and descriptions anywhere.
Looking for something like az account list-locations --query [].displayName but substitute [].scopes instead.
Does anyone know where these can be found?
In "az ad sp" command '--scopes' parameter refers to the target resource(with Subscription, Resource Group details) to which you want to attach the Service Principle.
Ex: az ad sp create-for-rbac -n "test" --role contributor
--scopes /subscriptions/{SubID}/resourceGroups/{ResourceGroupName}
So listing of scopes mean, you need to list resources within subscriptions you have access to. Below command might help:
az resource list --subscription --resource-group
Please refer this azure cli page.
Thank you #megh-6789. To expand on your answer, after running az resource list --subscription $sub_id, I can see the id for the resource matches the --scopes syntax I was looking for.
Example:
{
"id": "/subscriptions/redact/resourceGroups/redact/providers/Microsoft.Maps/accounts/redact",
"identity": null,
"kind": null,
"location": "global",
"managedBy": null,
"name": "redact",
"plan": null,
"properties": null,
"resourceGroup": "redact",
"sku": {
"capacity": null,
"family": null,
"model": null,
"name": "s1",
"size": null,
"tier": "Standard"
},
"tags": null,
"type": "Microsoft.Maps/accounts"
}
It looks like its possible to set scope to a subscription, resource group or resource-level.
I'm not able to create a SendGrid resource in Azure using a JSON template - I get a ResourcePurchaseValidationFailed error. I am able to create other Azure resources e.g. storage.
To reproduce:
az login
az group create --name MyResourceGroup --location "uksouth"
az group deployment create `
--name MyDeployment `
--resource-group MyResourceGroup `
--template-file template.json `
template.json:
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"resources": [
{
"apiVersion": "2015-01-01",
"name": "mysendgrid",
"type": "Sendgrid.Email/accounts",
"location": "uksouth",
"plan": {
"name": "free",
"publisher": "Sendgrid",
"product": "sendgrid_azure",
"promotionCode": ""
},
"properties": {
"password": "mypassword",
"acceptMarketingEmails": false,
"email": "me#myemail.com",
"firstName": "John",
"lastName": "Smith",
"company":"My Company",
"website": "",
}
}
]
}
Error:
"error": {
"code": "ResourcePurchaseValidationFailed",
"message": "User failed validation to purchase resources. Error message: '{\"error\":{\"code\":\"InvalidSubscriptionId\",\"message\":\"Invalid subscription identifier provided.\"}}'"
}
I don't know how to provide any other subscription ID.
Maybe, your account has more than one subscription and by default, you logging into a subscription that doesn't have access to the SendGrid?
You can display all your subscriptions using the command:
az account list
And then set the correct one:
az account set --subscription <name or id>
It seems that it was some problem at sendgrid end. Since this is not a docs-related issue, please contact our Support team directly and they can help you out. You can access support contact options by logging into https://support.sendgrid.com.
You could try to point out subscription ID by add subscription parameters.
az group deployment create `
--name MyDeployment `
--resource-group MyResourceGroup `
--template-file template.json `
--subscription subId
I am trying to provision some resources on Azure using the Azure Resource Manager with a template I have put together;
I am provisioning several web apps with independent Service Plans concurrently. Of course each web app resource "dependsOn" its Service plan.
Everyone once in a while when I deploy using Powershell I get the following error:
New-AzureRmResourceGroupDeployment : 4:21:22 PM - Resource Microsoft.Web/serverfarms 'ServicePlanA' failed with message 'Cannot find Web space
ExampleResourceGroup-AustraliaEastwebspace for subscription ...'
This fails randomly on one or more of the Service Plans.
I also found this GitHub issue, but since I am not using the CLI I couldn't see how this would help https://github.com/Azure/azure-xplat-cli/issues/1646
I also have the latest AzureRM packages from https://www.powershellgallery.com/packages/AzureRM/
The API version I am using is "2015-08-01", and the schema of the deployment template is https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#
Here is a segment from the template that creates the mentioned resources:
{
"name": "[variables('WebFrontServicePlanAName')]",
"type": "Microsoft.Web/serverfarms",
"location": "[parameters('DataCenterALocation')]",
"apiVersion": "2015-08-01",
"dependsOn": [ ],
"tags": {
"displayName": "WebFrontServicePlanA"
},
"sku": {
"name": "[parameters('WebFrontServicePlanSKU')]"
},
"properties": {
"name": "[variables('WebFrontServicePlanAName')]",
"workerSize": "[parameters('WebFrontServicePlanAWorkerSize')]",
"numberOfWorkers": 1
}
},
....
{
"name": "[variables('webAppName')]",
"type": "Microsoft.Web/sites",
"location": "[parameters('DataCenterALocation')]",
"apiVersion": "2015-08-01",
"dependsOn": [
"[concat('Microsoft.Web/serverfarms/', variables('WebFrontServicePlanAName'))]"
],
"tags": {
"[concat('hidden-related:', resourceGroup().id, '/providers/Microsoft.Web/serverfarms/', variables('WebFrontServicePlanAName'))]": "Resource",
"displayName": "webApp"
},
"properties": {
"name": "[variables('webAppName')]",
"serverFarmId": "[resourceId('Microsoft.Web/serverfarms/', variables('WebFrontServicePlanAName'))]"
},
}
Do you already have an existing resource group that you're deploying to? If not try using the cmdlet New-AzureRmResourceGroupinstead of New-AzureRmResourceGroupDeployment.
In Azure Web Apps, resource groups are backed by webspaces. Thus a resource group may contain multiple webspaces each in a different geo region. If you don't have the resource group, and you're not creating it, then you wouldn't have the corresponding webspace, which would cause the error you're seeing.
When i run the "Get-AzureVirtualNetworkGatewayConnection -Name Connection -ResourceGroupName POC -Debug" cmdlet the Provisionstate is Failed. I have delete the connection serveral times without any success.
Here the results:
{
"name": "GWConnection1",
"id": "/subscriptions/ed9cc7cb-a0e4-455c-8a65/resourceGroups/POC/providers/Microsoft.Network/connections/GWConnection1",
"etag": "W/\"e66d8c6f-d4a5-4bb1-80d2\"",
"type": "Microsoft.Network/connections",
"location": "eastus2",
"properties": {
"provisioningState": "Failed",
"resourceGuid": "1d6261cc-6a03-4efe-a492",
"virtualNetworkGateway1": {
"id": "/subscriptions/ed9cc7cb-a0e5-455c/resourceGroups/POC/providers/Microsoft.Network/virtualNetworkGateways/Gateway"
},
"localNetworkGateway2": {
"id": "/subscriptions/ed9cc7cb-a0e4/resourceGroups/POC/providers/Microsoft.Network/localNetworkGateways/PR-Network"
},
"connectionType": "IPsec",
"routingWeight": 10,
"sharedKey": "308201A006092A864886F70D010703A08201913082018D0201003182014930820145020100302D3019311730150603550403130E6E72702D656E6372797074696F6E021072E532F90B53108C4B29C242F8C9C148300D06092A864886F70D010101050004820100089C2DE40C535B5B43E641E5B867618E099169D567CD4BA6",
"connectionStatus": "Unknown",
"ingressBytesTransferred": 0,
"egressBytesTransferred": 0
}
}
NVM, I found the problem. I think it was that my local network is 192.168.0.0/24 and the azure network was 192.168.0.0/16 and the subnet was 192.168.1.0/24 and the gateway subnet was 192.168.3.0/24.
Although the local network and subnetworks dont overlap the address space was overlapping.