Azure / azure-cli

Azure Command-Line Interface
MIT License
4.01k stars 2.98k forks source link

cannot run az network firewall ip-config create using Azure CLI in powershell 6 Locally #12082

Closed bmukes closed 4 years ago

bmukes commented 4 years ago

Describe the bug cannot run az network firewall ip-config create in powershell on local Windows 10 PC. Error returned from the script is request failed: Error occurred in request., RetryError: HTTPSConnectionPool(host='management.azure.com', port=443): Max retries exceeded with url: /subscriptions/xxxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/Test-FW-RG/providers/Microsoft.Network/azureFirewalls/Test-FW01?api-version=2019-09-01 (Caused by ResponseError('too many 500 error responses',))

To Reproduce The IP addresses and code is copied from Deploy and configure Azure Firewall using Azure CLI The web page assumes you are using the BASH shell but I removed the line continuations for powershell

az extension add -n azure-firewall
az group create --name Test-FW-RG --location eastus
az network vnet create --name Test-FW-VN --resource-group Test-FW-RG --location eastus --address-prefix 10.0.0.0/16 --subnet-name AzureFirewallSubnet --subnet-prefix 10.0.1.0/26
az network vnet subnet create --name Workload-SN --resource-group Test-FW-RG --vnet-name Test-FW-VN --address-prefix 10.0.2.0/24
az network vnet subnet create --name Jump-SN --resource-group Test-FW-RG --vnet-name Test-FW-VN --address-prefix 10.0.3.0/24
az network firewall create --name Test-FW01 --resource-group Test-FW-RG --location eastus
az network public-ip create --name fw-pip --resource-group Test-FW-RG --location eastus --allocation-method static --sku standard
az network firewall ip-config create --firewall-name Test-FW01 --name FW-config --public-ip-address fw-pip --resource-group Test-FW-RG --vnet-name Test-FW-VN

Expected behavior When running the code in Azure Portal Cloud Shell BASH or PowerShell it works correctly; However, the ip-config create command takes up to 5 minutes to complete. I believe the timeouts for the CLI in the Cloud Shell are different than powershell 6 running locally which would explain why it executes successfully in the Cloud Shell. When running in PowerShell under Windows 10 you get the error mentioned above:

Environment summary

Windows 10 Enterprise 
Version 1903
OS build 18362.449
az --version
azure-cli                         2.0.81

command-modules-nspkg              2.0.3
core                              2.0.81
nspkg                              3.0.4
telemetry                          1.0.4

Extensions:
azure-firewall                     0.1.8

Python location 'C:\Program Files (x86)\Microsoft SDKs\Azure\CLI2\python.exe'
Extensions directory 'C:\Users\bdm0609\.azure\cliextensions'

Python (Windows) 3.6.6 (v3.6.6:4cf1f54eb7, Jun 27 2018, 02:47:15) [MSC v.1900 32 bit (Intel)]

Legal docs and information: aka.ms/AzureCliLegal

Your CLI is up-to-date.

Please let us know how we are doing: https://aka.ms/clihats
$psversiontable

Name                           Value
----                           -----
PSVersion                      6.2.4
PSEdition                      Core
GitCommitId                    6.2.4
OS                             Microsoft Windows 10.0.18362
Platform                       Win32NT
PSCompatibleVersions           {1.0, 2.0, 3.0, 4.0…}
PSRemotingProtocolVersion      2.3
SerializationVersion           1.1.0.1
WSManStackVersion              3.0

Visual Studio Code Environment

Version: 1.41.1
Commit: 26076a4de974ead31f97692a0d32f90d735645c0
Date: 2019-12-18T14:58:56.166Z
Electron: 6.1.5
Chrome: 76.0.3809.146
Node.js: 12.4.0
V8: 7.6.303.31-electron.0
OS: Windows_NT x64 10.0.18362

Additional context I normally run Powershell under Visual Studio Code but you will get the same error if running under the PowerShell Command Environment.

bmukes commented 4 years ago

Another update. I have a previously created resource group, firewall, vnet and correct subnet AzureFirewallSubnet 172.20.216.0/26

I Tried to run az network firewall ip-config create on the firewall and getting the same error as mentioned in the previous post. The difference is that I executed the command within the Cloud Shell in both BASH and PowerShell.

az network firewall ip-config create --firewall-name "nxt-aaa-devnxt-wu2-afw" --name "IpConf"  --public-ip-address "nxt-aaa-devnxt-wu2-pip" --resource-group "nxt-aaa-devnxt-wu2-rg"  --vnet-name "nxt-aaa-devnxt-wu2-vnet"
request failed: Error occurred in request., RetryError: HTTPSConnectionPool(host='management.azure.com', port=443): Max retries exceeded with url: /subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/nxt-aaa-devnxt-wu2-rg/providers/Microsoft.Network/azureFirewalls/nxt-aaa-devnxt-wu2-afw?api-version=2019-11-01 (Caused by ResponseError('too many 500 error responses',))
arrownj commented 4 years ago

Hi @MyronFanQiu , could you please help take a look at this ?

yonzhan commented 4 years ago

add to S166.

mmyyrroonn commented 4 years ago

@bmukes Hello. Let's confirm the problem.

  1. running the full scripts within cloudshell in bash/powershell will success.
  2. running the full scripts in local powershell will fail.
  3. running the command with existed RG/Vnet/IP within cloudshell will fail. Am I right?
bmukes commented 4 years ago

Yes confirmed

mmyyrroonn commented 4 years ago

@bmukes Hello. It's quite strange because azure cli doesn't do anything special. Do you still meet such problem? Do you try to create new RG, Vnet and IP?

bmukes commented 4 years ago

I stopped trying to create a firewall using CLI for now because they cost approximarely $1000 per month which is a bit much for a development environment.

BRIAN MUKES | Architect INSURANCE TECHNOLOGIES t: +1 719.442.6400 | f: +1 719.442.0600 [cid:image001.png@01D5E63C.DAD58430]https://www.insurancetechnologies.com/

From: MyronFanQiu notifications@github.com Sent: Monday, February 17, 2020 10:37 PM To: Azure/azure-cli azure-cli@noreply.github.com Cc: Mukes, Brian BMukes@InsuranceTechnologies.com; Mention mention@noreply.github.com Subject: Re: [Azure/azure-cli] cannot run az network firewall ip-config create using Azure CLI in powershell 6 Locally (#12082)

@bmukeshttps://github.com/bmukes Hello. It's quite strange because azure cli doesn't do anything special. Do you still meet such problem? Do you try to create new RG, Vnet and IP?

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHubhttps://github.com/Azure/azure-cli/issues/12082?email_source=notifications&email_token=AAU2RRKNIB4PUGAP7KZU3TDRDNXWNA5CNFSM4KRBMMS2YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOEMAUVSY#issuecomment-587287243, or unsubscribehttps://github.com/notifications/unsubscribe-auth/AAU2RRIMUI2OZ25VV54RNI3RDNXWNANCNFSM4KRBMMSQ.

• Confidential and proprietary information may be contained in this communication, including attachments. If you are not the intended recipient, you must not use, copy, disclose, distribute or retain this communication or any part of it. Any unauthorized use, dissemination of the information, or copying of this message is prohibited. If you are not the intended addressee, please notify the sender immediately by return e-mail and permanently delete this message and any attachments.

mmyyrroonn commented 4 years ago

@bmukes Hello. Thanks for opening this issue. Currently, we don't have enough tests for different terminals. We will consider this issue and add more tests for it in the future . I would close this issue first since it's not a blocker right now. Feel free to open a new issue if you have any more question.