search

MicrosoftDocs / azure-docs

Open source documentation of Microsoft Azure
https://docs.microsoft.com/azure
Creative Commons Attribution 4.0 International
10.2k stars 21.36k forks source link

App Service VNET injection using ARM templates #43302

Closed isaaccarrington closed 4 years ago

isaaccarrington commented 4 years ago

In a Linux App Service Farm I have tried to use VNET injection for an App via ARM templates using the reference shown here

My error is

Deployment failed. Correlation ID: 956bdcf3-12f8-4e1d-bee8-4c6234a19a28. {
  "Code": "Conflict",
  "Message": "Swift network cannot be modified with this API call. Please use call /networkConfig/VirtualNetwork.",
  "Target": null,
  "Details": [
    {
      "Message": "Swift network cannot be modified with this API call. Please use call /networkConfig/VirtualNetwork."
    },
    {
      "Code": "Conflict"
    },
    {
      "ErrorEntity": {
        "ExtendedCode": "55930",
        "MessageTemplate": "Swift network cannot be modified with this API call. Please use call /networkConfig/VirtualNetwork.",
        "Parameters": [
          ""
        ],
        "Code": "Conflict",
        "Message": "Swift network cannot be modified with this API call. Please use call /networkConfig/VirtualNetwork."
      }
    }
  ],
  "Innererror": null
}

My code is

{
    "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
    "contentVersion": "1.0.0.0",
    "parameters": {
        "applicationGatewayName": {
            "type": "string"
        },
        "tier": {
            "type": "string"
        },
        "skuSize": {
            "type": "string"
        },
        "capacity": {
            "type": "int"
        },
        "zones": {
            "type": "array",
            "defaultValue": []
        },
        "publicIpAddressName": {
            "type": "string"
        },
        "sku": {
            "type": "string"
        },
        "allocationMethod": {
            "type": "string"
        },
        "publicIpZones": {
            "type": "array"
        },
        "autoScaleMaxCapacity": {
            "type": "int"
        },
        "addressPrefix": {
            "type": "string"
        },
        "appGatewaySubnetName": {
            "type": "string"
        },
        "appGatewaySubnetPrefix": {
            "type": "string"
        },
        "appServiceSubnetName": {
            "type": "string"
        },
        "appServiceSubnetPrefix": {
            "type": "string"
        },
        "virtualNetworkName": {
            "type": "string"
        },
        "hostingPlanName": {
            "type": "String"
        },
        "appsvcname": {
            "type": "array"
        },
        "hostingEnvironment": {
            "type": "string"
        },
        "alwaysOn": {
            "type": "bool"
        },
        "linuxFxVersion": {
            "type": "string"
        },
        "dockerRegistryUrl": {
            "type": "string"
        },
        "dockerRegistryUsername": {
            "type": "string"
        },
        "dockerRegistryPassword": {
            "type": "securestring"
        },
        "dockerRegistryStartupCommand": {
            "type": "string"
        }
    },
    "variables": {
        "virtualNetworks_externalid": "[concat('/subscriptions/', subscription().subscriptionId, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Network/virtualNetworks/', parameters('virtualNetworkName'))]"
    },
    "resources": [
        {
            "apiVersion": "2018-11-01",
            "name": "[concat('appsvc-', parameters('appsvcname')[copyIndex()])]",
            "type": "Microsoft.Web/sites",
            "location": "[resourceGroup().location]",
            "tags": {},
            "dependsOn": [],
            "copy": {
              "name": "appsvccopy",
              "count": "[length(parameters('appsvcname'))]"
            },
            "properties": {
                "name": "[concat('appsvc-', parameters('appsvcname')[copyIndex()])]",
                "siteConfig": {
                    "appSettings": [
                        {
                            "name": "DOCKER_REGISTRY_SERVER_URL",
                            "value": "[parameters('dockerRegistryUrl')]"
                        },
                        {
                            "name": "DOCKER_REGISTRY_SERVER_USERNAME",
                            "value": "[parameters('dockerRegistryUsername')]"
                        },
                        {
                            "name": "DOCKER_REGISTRY_SERVER_PASSWORD",
                            "value": "[parameters('dockerRegistryPassword')]"
                        },
                        {
                            "name": "WEBSITES_ENABLE_APP_SERVICE_STORAGE",
                            "value": "false"
                        }
                    ],
                    "linuxFxVersion": "[parameters('linuxFxVersion')]",
                    "appCommandLine": "[parameters('dockerRegistryStartupCommand')]",
                    "alwaysOn": "[parameters('alwaysOn')]"
                },
                "serverFarmId": "[concat('/subscriptions/', subscription().subscriptionId,'/resourcegroups/', resourceGroup().name, '/providers/Microsoft.Web/serverfarms/', parameters('hostingPlanName'))]",
                "hostingEnvironment": "[parameters('hostingEnvironment')]",
                "clientAffinityEnabled": false
            }
        },
        {
            "type": "Microsoft.Web/sites/virtualNetworkConnections",
            "apiVersion": "2018-11-01",
            "name": "[concat('appsvc-', parameters('appsvcname')[copyIndex()], '/', subscription().subscriptionId, '_', parameters('appServiceSubnetName'))]",
            "location": "Central US",
            "dependsOn": [
                "[resourceId('Microsoft.Web/sites', concat('appsvc-', parameters('appsvcname')[copyIndex()]))]"
            ],
            "copy": {
              "name": "appsvcvnetcopy",
              "count": "[length(parameters('appsvcname'))]"
            },
            "properties": {
                "vnetResourceId": "[concat(variables('virtualNetworks_externalid'), '/subnets/', parameters('appServiceSubnetName'))]",
                "isSwift": true
            }
        }
    ]
}

Firstly I suprised that a feature in preview has non-preview arm template reference documentation. Secondly, where is /networkConfig/VirtualNetwork ?

Alberto-Vega commented 4 years ago

@isaaccarrington Thanks for reaching out. I see the document you are linking to. Were you also following a tutorial or document? If that is the case can you please share the link? That way, we can pass your feedback to the appropriate content author.

We try to reserve these issues for documentation feedback. If you are looking for help (vs provide feedback for a tutorial) can you please open a thread on the dev forums like StackOverflow or MSDN? There unlike here we have a dev community + engineering team that can help.

isaaccarrington commented 4 years ago

Hi @Alberto-Vega-MSFT. I wasn't following any tutorial or document. Thanks for the feedback, I guess I should address my queries for implementation there. Feel free to close this, but to be consistent I would suggest either removing vnet injection as its preview for linux or make some note of it. Cheers

Alberto-Vega commented 4 years ago

@isaaccarrington Thanks for the feedback. If for some reason you do not get traction on the forum please tag me here and link me to the thread.

kilasuit commented 4 years ago

Having come across this today i have to second this

Secondly, where is /networkConfig/VirtualNetwork ?

isaaccarrington commented 4 years ago

I have carried on the thread in https://stackoverflow.com/questions/54534924/arm-template-for-to-configure-app-services-with-new-vnet-integration-feature/59057622#59057622

imsiddsingh commented 4 years ago

I am also facing this issue with ARM template deployment. I generated the template from azure portal by adding VNet Integration manually for azure function app (Add Vnet is in preview). My code is given below: -

      {
        "type": "Microsoft.Web/sites/virtualNetworkConnections",
        "apiVersion": "2018-11-01",
        "name": "[concat(parameters('funcAppName'),'/',parameters('subnetName'))]",
        "location": "[parameters('location')]",
        "dependsOn": [
          "[concat('Microsoft.Web/sites/', parameters('funcAppName'))]"
        ],
        "properties": {
          "vnetResourceId": "[variables('subnetRef')]",
          "isSwift": true
        }
      }

Error: -

{ "Code": "Conflict", "Message": "Swift network cannot be modified with this API call. Please use call /networkConfig/VirtualNetwork.", "Target": null, "Details": [ { "Message": "Swift network cannot be modified with this API call. Please use call /networkConfig/VirtualNetwork." }, { "Code": "Conflict" }, { "ErrorEntity": { "ExtendedCode": "55930", "MessageTemplate": "Swift network cannot be modified with this API call. Please use call /networkConfig/VirtualNetwork.", "Parameters": [ "" ], "Code": "Conflict", "Message": "Swift network cannot be modified with this API call. Please use call /networkConfig/VirtualNetwork." } } ], "Innererror": null }

Linaa commented 4 years ago

same issue here 

...
        {
            "type": "Microsoft.Web/sites/virtualNetworkConnections",
            "apiVersion": "2018-11-01",
            "name": "[concat(parameters('name'), '/', parameters('vnet_name'))]",
            "location": "[parameters('location')]",
            "dependsOn": [
                "[resourceId('Microsoft.Web/sites', parameters('name'))]"
            ],
            "properties": {
                "vnetResourceId": "[concat(parameters('vnet_id'), '/subnets/', parameters('subnet_name'))]",
                "isSwift": true
            }
        }
    ]
...

results in:

dw-admin-iac az group deployment create --resource-group $rgname --parameters ./dev/functionapp.json --template-file ./templates/functionapp.json
Deployment failed. Correlation ID: ac15c066-cd70-470e-9c1f-a0958d8248b2. {
  "Code": "Conflict",
  "Message": "Swift network cannot be modified with this API call. Please use call /networkConfig/VirtualNetwork.",
  "Target": null,
  "Details": [
    {
      "Message": "Swift network cannot be modified with this API call. Please use call /networkConfig/VirtualNetwork."
    },
    {
      "Code": "Conflict"
    },
    {
      "ErrorEntity": {
        "ExtendedCode": "55930",
        "MessageTemplate": "Swift network cannot be modified with this API call. Please use call /networkConfig/VirtualNetwork.",
        "Parameters": [
          ""
        ],
        "Code": "Conflict",
        "Message": "Swift network cannot be modified with this API call. Please use call /networkConfig/VirtualNetwork."
      }
    }
  ],
  "Innererror": null
}
markusfoss commented 4 years ago

I also have the same issue when trying to create a Premium Azure Function w/VNET integration. My arm template:

{ "type": "Microsoft.Web/sites/virtualNetworkConnections", "apiVersion": "2018-11-01", "name": "[concat(variables('functionname'), '/', parameters('name'), '_functions')]", "location": "West Europe", "dependsOn": [ "[resourceId('Microsoft.Web/sites', variables('functionname'))]" ], "properties": { "vnetResourceId": "[concat(variables('vnetname'), '/subnets/functions')]", "isSwift": true } }

Results in: { "ErrorEntity": { "ExtendedCode": "55930", "MessageTemplate": "Swift network cannot be modified with this API call. Please use call /networkConfig/VirtualNetwork.", "Parameters": [ "" ], "Code": "Conflict", "Message": "Swift network cannot be modified with this API call. Please use call /networkConfig/VirtualNetwork." } }

@Linaa or @imsiddsingh : Did you manage to resolve it?

It seems this is not supported in ARM - but it it possible to work around it and add vnet support to the function using Az Powershell / Az Cli ?

CaioCavalcanti commented 4 years ago

I had the same problem here and was able to solve with this: https://github.com/ScottHolden/ARMExamples/blob/master/AppService-VnetNew-Storage/deploy.json

{
        "apiVersion": "2016-08-01",
        "type": "Microsoft.Web/sites",
        "kind": "app",
        "name": "[variables('webAppName')]",
        "location": "[parameters('location')]",
        "properties": {
          "serverFarmId": "[resourceId('Microsoft.Web/serverfarms', variables('appServicePlanName'))]"
        },
        "resources": [
            {
                "name": "virtualNetwork",
                "type": "config",
                "apiVersion": "2018-02-01",
                "location": "[parameters('location')]",
                "dependsOn": [
                  "[concat('Microsoft.Web/sites/', variables('WebAppName'))]",
                  "[concat('Microsoft.Network/virtualNetworks/', variables('vnetName'))]"
                ],
                "properties":
                {
                    "subnetResourceId": "[variables('subnetRef')]",
                    "swiftSupported": true
                }
              }
        ],
        "dependsOn": [
          "[resourceId('Microsoft.Web/serverfarms', variables('appServicePlanName'))]"
        ]
      }
vplauzon commented 4 years ago

Thank you Caio! I just used your solution and it fixed my problem right away!

Cheers,

Vincent-Philippe

fabito commented 4 years ago

Another important detail: don't forget to enable delegation in the target subnet.

vplauzon commented 4 years ago

I did (copied it from your sample). What I found odd is that if I removed the service endpoint from your sample, it doesn't work. I thought that integration was independent from service endpoint but it doesn't seem to be the case.

markuskonrad commented 4 years ago

Are there any updates available for this issue? Having the same problem with a Web App / Microsoft.Web/sites.

I assume this is still a problem with the "Preview" status? I already expected problems when I exportet the template and found the "name" value with a static GUID.

{ "name": "[concat(parameters('webAppName'), '/fa2c00c5-e0c8-423b-8079-8848864adc41_', parameters('subnetName'))]", }

Update:

Sorry missted the Stackoverflow link in between. A workaround from a MS Engineer is to replace the full node

... "type": "Microsoft.Web/sites/virtualNetworkConnections", ...

with

{ "type": "Microsoft.Web/sites/networkConfig", "name": "[concat(parameters('webAppName'),'/VirtualNetwork')]", "apiVersion": "2016-08-01", "properties": { "subnetResourceId": "[parameters('subnetResourceId')]" } }

Deployment was working for me with this setup.

mrserverless commented 3 years ago

The Microsoft quick starter template worked for me for regional VNet injection: https://github.com/Azure/azure-quickstart-templates/blob/master/101-function-premium-vnet-integration/azuredeploy.json#L190

However, you must enable delegation on the target subnet first as @fabito pointed out. In my case, I got an internal server error until I enabled delegation.