search

Azure / azure-cli

Azure Command-Line Interface
MIT License
4.03k stars 3.01k forks source link

Trusted launch default and VMSS flex default conflict | az vmss create #27871

Open AjKundnani opened 1 year ago

AjKundnani commented 1 year ago

Describe the bug

Running command az vmss create generates below error as VMSS flex does not supports SystemAssigned identity. This could be due to implementation of Trusted launch as default and VMSS flex as default.

Command: az vmss create -n minvmss02 -g $rgName -l $loc Error: "message":"Required parameter 'platformFaultDomainCount' is missing (null)."

Command: az vmss create --name vmssname --resource-group rgname --image imagealias --vm-sku vmsize Error: [{"code":"InvalidParameter","target":"identity","message":"The value 'SystemAssigned' of parameter 'identity' is not allowed. Allowed values are: UserAssigned, None."}]}}

Related command

az vmss create

Errors

{"status":"Failed","error":{"code":"DeploymentFailed","target":"/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/cli1111rg/providers/Microsoft.Resources/deployments/vmss_deploy_ABoEgqebU41wMuCMFZTLjEEmovfylStS","message":"At least one resource deployment operation failed. Please list deployment operations for details. Please see https://aka.ms/arm-deployment-operations for usage details.","details":[{"code":"InvalidParameter","target":"platformFaultDomainCount","message":"Required parameter 'platformFaultDomainCount' is missing (null)."}]}}

{"status":"Failed","error":{"code":"DeploymentFailed","target":"/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/cli1111rg/providers/Microsoft.Resources/deployments/vmss_deploy_5VCbrHJ2JsnJMgYaeGFMg6xRPQ6KHoTO","message":"At least one resource deployment operation failed. Please list deployment operations for details. Please see https://aka.ms/arm-deployment-operations for usage details.","details":[{"code":"InvalidParameter","target":"identity","message":"The value 'SystemAssigned' of parameter 'identity' is not allowed. Allowed values are: UserAssigned, None."}]}}

Issue script & Debug output

Command: az vmss create -n minvmss02 -g $rgName -l $loc --vm-sku Standard_D2s_v3 --image Ubuntu2204 --debug****

Unable to copy content due to maximum 65536 characters limit.

Expected behavior

VMSS flex is deployed with Gen2 OS image and Trusted launch security type.

Environment Summary

azure-cli 2.54.0

core 2.54.0 telemetry 1.1.0

Dependencies: msal 1.24.0b2 azure-mgmt-resource 23.1.0b2

Python location 'C:\Program Files\Microsoft SDKs\Azure\CLI2\python.exe' Extensions directory 'C:\Users\ajkundna.azure\cliextensions'

Python (Windows) 3.11.5 (tags/v3.11.5:cce6ba9, Aug 24 2023, 14:38:34) [MSC v.1936 64 bit (AMD64)]

Legal docs and information: aka.ms/AzureCliLegal

Unable to check if your CLI is up-to-date. Check your internet connection.

Additional context

No response

yonzhan commented 1 year ago

Thank you for opening this issue, we will look into it.

yanzhudd commented 1 year ago

Command: az vmss create -n minvmss02 -g $rgName -l $loc Error: "message":"Required parameter 'platformFaultDomainCount' is missing (null)."

Command: az vmss create --name vmssname --resource-group rgname --image imagealias --vm-sku vmsize Error: [{"code":"InvalidParameter","target":"identity","message":"The value 'SystemAssigned' of parameter 'identity' is not allowed. Allowed values are: UserAssigned, None."}]}}

Hi @Jing-song, let me confirm with you if this behavior meets expectation. Should this command be used with specifying --orchestration-mode to Uniform in these scenarios?

Jing-song commented 1 year ago

@yanzhudd @AjKundnani Yes, since the default value of --orchestration-mode has changed, we need to manually add --orchestration-mode Uniform to have the same behavior as before

Command: az vmss create -n minvmss02 -g $rgName -l $loc --vm-sku Standard_D2s_v3 --image Ubuntu2204

The previous behavior of this command was equivalent to adding --orchestration-mode Uniform by default.

AjKundnani commented 1 year ago

@yanzhudd @AjKundnani Yes, since the default value of --orchestration-mode has changed, we need to manually add --orchestration-mode Uniform to have the same behavior as before

Command: az vmss create -n minvmss02 -g $rgName -l $loc --vm-sku Standard_D2s_v3 --image Ubuntu2204

The previous behavior of this command was equivalent to adding --orchestration-mode Uniform by default.

@yanzhudd @Jing-song - Ideally end user should not specify additional parameters for default. Request to debug cause of this conflict/error and add require fix to ensure SystemAssigned identity is not used.

TrustedLaunch VMs do not require SystemAssigned identity.

Jing-song commented 1 year ago

TrustedLaunch VMs do not require SystemAssigned identity.

@AjKundnani Flexible mode does not require SystemAssigned identity, does uniform mode still require it?

yanzhudd commented 1 year ago

Command: az vmss create --name vmssname --resource-group rgname --image imagealias --vm-sku vmsize Error: [{"code":"InvalidParameter","target":"identity","message":"The value 'SystemAssigned' of parameter 'identity' is not allowed. Allowed values are: UserAssigned, None."}]}}

Hi @AjKundnani, sorry I can't repro this error, could you please share the --image and --vm-sku you use?

AjKundnani commented 1 year ago

Command: az vmss create --name vmssname --resource-group rgname --image imagealias --vm-sku vmsize Error: [{"code":"InvalidParameter","target":"identity","message":"The value 'SystemAssigned' of parameter 'identity' is not allowed. Allowed values are: UserAssigned, None."}]}}

Hi @AjKundnani, sorry I can't repro this error, could you please share the --image and --vm-sku you use?

@yanzhudd - Command: az vmss create -n minvmss02 -g $rgName -l $loc --vm-sku Standard_D2s_v3 --image Ubuntu2204 Shared debug logs internally.

yanzhudd commented 1 year ago

Command: az vmss create -n minvmss02 -g $rgName -l $loc Error: "message":"Required parameter 'platformFaultDomainCount' is missing (null)."

Hi @AjKundnani, I agree that ideally end user should not specify additional parameters for default, but --orchestration-mode is set to Flexible by default. If we manually set to Uniform, it would become more complicated for our logic and inconsistent with the bahavior of setting to Flexible by default.

How about in this scenario CLI reporting a error message and suggesting users to input with --orchestration-mode Uniform?

AjKundnani commented 1 year ago

How about in this scenario CLI reporting a error message and suggesting users to input with --orchestration-mode Uniform?

@yanzhudd - No we should not recommend end users to use Uniform, it'll go against Flex-as-default principle. Per async discussion, will try this scenario on different VM and confirm if able to replicate this issue.