I am looking at creating a sql server failover group using the azure cli. The following command is being used :
az sql failover-group create --name sql1-fg --resource-group sql1 --server sql1 --partner-server sq1l-dr --partner-resource-group sql1-dr --failover-policy Manual
However I get the following error :
Grace period value should not be provided when failover policy Manual
is selected for the read-write endpoint
I have not passed in this parameter but with grace-period being a default parameter with a value of 1, my query is how do I exclude this from the command line. I have tried setting to 0, -1, $false, $null, etc.
I can reproduce your issue on my side, I think it may be a bug of Azure CLI, because it is unreasonable.
Even if I create the failover group with Automatic first, then use the az sql failover-group update to set the --failover-policy to Manual, it always gives the same error message.
I have opened a new issue in the Github, you could check it. Or you could create the Automatic group first, and set it to Manual in the portal.
Related
I created the aks cluster with azure service principal id and i provided the contributer role according to the subscription and resource group.
For each and every time when i executed the pipeline the sign-in is asking and after i authenticated it is getting the data.
Also the "kubectl get" task is taking more than 30 min and is getting "Kubectl Server Version: Could not find kubectl server version"
To sign in, use a web browser to open the page https://microsoft.com/devicelogin and enter the code CRA2XssWEXUUA to authenticate
Thanks in advance
What is the version of the created cluster?
I'm assuming from your snapshot that you are using az in order to get credentials for it.
Old azure auth plugin is deprecated in V1.22+. If you are using V1.22 or above you should use kubelogin in order authenticate.
You will also need to update your kube config accordingly:
kubelogin convert-kubeconfig
and specifically if you're logging via az:
kubelogin convert-kubeconfig -l azurecli
Note that the flag -l azurecli is important here: the default value is "devicecode" which will not consider your az as a logging method - and you will still be requested a browser authentication.
Alternatively, you can set environment variable:
AAD_LOGIN_METHOD=azurecli
Because you are getting sign in request and not the deprecation warning for the auth plugin, I suspect that you already have kubelogin installed on your agent, and you just need to update the kube config file
What task are you using? There is official kubectl task: https://learn.microsoft.com/en-us/azure/devops/pipelines/tasks/deploy/kubernetes?view=azure-devops
It requires the service connection.
If you still want to execute kubectl directly, you should run the following before the kubectl inside the AzureCLI task:
az aks get-credentials --resource-group "$(resourceGroup)" --name "$(k8sName)" --overwrite-existing
Please use Selfhosted agents for executing your commands. looks like you have private endpoints for your AKS and requests are only allowed from trusted devices.
I ran into the same issue and for me the fix was to change the Connection Type in the stage definition from Azure Resource Manager to Kubernetes Service Connection - check on the screenshot below.
Then you should be able to also specify the connection type in each of the tasks where you are running kubectl or helm commands. For example, in a kubectl task, under Kubernetes Cluster --> Service connection type use the Kubernetes Service Connection:
As mentioned by #DevOpsEngg, the problem could be related to private endpoints but I wouldn't say that it is regarding selfhosted agents, because I'm using these. As an extra comment - this started happening when I added more than one user to the cluster, so you might want to check user permissions and authentication. Unfortunately, I'm still getting used to K8s so I don't have more info about that.
I've deployed a blank Private DNS Zone ARM Template with the standards SOA recordset. I now need to add additional recordsets to this private dns zone using the Azure CLI commands.
The issue is the following error message:
az network dns record-set a add-record -g "MyResourceGroup" -z "MyPrivateDNSZoneName.net" -n "MyRecordSetName" -a "AnIP"
Can not perform requested operation on nested resource. parent resource '' not
found.
It isn't an access issue because I can add the recordset in the portal. I also get the same issue using the powershell commands. Is there something wrong with the way these strings are being passed to the portal?
According to the details of the error, it shows the parent resource can't be found. So the possible reasons here:
You set the wrong subscription
You set the wrong resource group
You set the wrong DNS zone name
So you need to check the above options to make sure if they're alright.
I am trying to create a sql database using cloud shell
Note: I am able to create the sql database in the same resource group without any issues.
When i execute the command from the the cloud shell I get the following error message.
PS /home/xxx> az sql db create -g akshandsonlab -s aksdatabase -n mhcdb --service-objective S0
ResourceNotFoundError: The Resource 'Microsoft.Sql/servers/aksdatabase' under resource group 'akshandsonlab' was not found. For more details please go to https://aka.ms/ARMResourceNotFoundFix
I have followed the above link but I am reaching a dead end.
Can any one shed some light on this
Regards
Sudlo
You could check if you have selected the correct subscription when you create the SQL database via az account show.
If not, you could list the subscription(az account list) then set the subscription(az account set -s <subscriptionID>) that you want to create the resource.
If not, you could double-check the Resource name and Resource group name.
For more information, please refer to https://learn.microsoft.com/en-us/azure/azure-resource-manager/templates/error-not-found
Note: I am able to create the sql database in the same resource group
without any issues.
It looks like you want to create your database in a different resource group than that of your SQL server, which is not possible as of today. The SQL server and DB must exist in the same resource group.
This is most likely the reason you're seeing this error. Instead, run the command passing the resource group where your SQL server exists.
az sql db create -g <sql-server-resource-group> -s aksdatabase -n mhcdb --service-objective S0
I have used the following powershell script to delete a database:
Remove-AzureRmSqlDatabase -ServerName $server -ResourceGroupName $rgname -DatabaseName $dbname
(first setting the variables)
and have tried using the Azure Portal
The port indicates a success in deletion, as does the activity logs, however
the resource is not being deleted?
Screenshot of activity log:
The deletes (on a number of occasions after the db comes back) show successful, however there is an audit policy that seems to be doing something.
There are no Locks on the resrouce group.
UPDATE:
I have deleted from SSMS, and is not showing there or in the portal anymore..
(will wait to see if it comes back, as it did when deleting via portal and powershell)
UPDATE 2:
Database is now back, so this is the database having been deleted 3 ways, portal, powershell and via SSMS.
It turns out the web application uses EF migrations which is recreating the database.
Note: The bigger issue is that the database is created on a much higher, and much more expensive tier.
Do you happen to have a rogue policy somewhere? It seems something is running a Policy Effect: deployIfNotExist on the resource. Without access to your environment, there's not much I could recommend.
Check the documentation here: https://learn.microsoft.com/en-us/azure/governance/policy/concepts/effects#audit
Deployment error to ACS - BadRequestFormat. How do I get past this? This is my nth attempt to make the tutorial work end to end https://learn.microsoft.com/en-us/azure/machine-learning/preview/tutorial-classifying-iris-part-1.
az ml env setup -n gopenv --location westcentralus -c
Subscription set to Visual Studio Premium with MSDN
Continue with this subscription (Y/n)? y
Resource group gopenvrg already exists, skipping creation.
creating service principal.........done
Created a service principal: %s 96f6dd9e-c9d6-4856-9f8b-5426c7a757ea
waiting for AAD role to propagate.done
Provisioning compute resources...
BadRequestFormat: The request format was invalid. Details: Updating clusters with cluster type Local is not supported
I got the same error when I ran the command again after it had already run successfully once. Considering that your output says, "Resource group gopenvrg already exists", it looks like that might be true for you too.
If you change "-n gopenv" to something else like "-n gopenv2", it might work for you. It did for me.
You can see if you already have any deployment environments by running "az ml env list".