search

citrix / terraform-provider-citrix

Terraform provider for Citrix
Apache License 2.0
41 stars 5 forks source link

Building a Machine Catalog - Azure Compute Gallery image not found #58

Closed TimBennett13 closed 2 months ago

TimBennett13 commented 2 months ago

Hello, I just started using Terraform to build Machine Catalogs for Citrix DaaS in Azure. When i run terraform apply i get this error. I have tried various version names with no results.

citrix_machine_catalog.dev-MyTerraform-MC: Creating... ╷ │ Error: Error creating Machine Catalog │ │ with citrix_machine_catalog.dev-MyTerraform-MC, │ on Main.tf line 17, in resource "citrix_machine_catalog" "dev-MyTerraform-MC": │ 17: resource "citrix_machine_catalog" "dev-MyTerraform-MC" { │ │ Failed to locate Azure Image Gallery image of version 1.0.2 in gallery RIT_CTX_SAFE2_Prod_Image_EastUS_CG, error: could not find resource

The Terraform code is `terraform { required_providers { citrix = { source = "citrix/citrix" version = ">=0.5.4" } azurerm = { source = "azurerm" version = ">= 3.98.0" } } }

MCS Catalog

resource "citrix_machine_catalog" "dev-MyTerraform-MC" { name = "dev-MyTerraform-MC" description = "development single-session catalog on Azure hypervisor" zone = "xxxxxxxxxxxxxx" allocation_type = "Random" session_support = "SingleSession" is_power_managed = true is_remote_pc = false provisioning_type = "MCS" provisioning_scheme = { hypervisor = "xxxxxxxxxxxxxx" hypervisor_resource_pool = "xxxxxxxxxxxxxx" identity_type = "ActiveDirectory" machine_domain_identity = { domain = "mydomain" service_account = "admin" service_account_password = "mypw" } azure_machine_config = { storage_type = "Standard_LRS" resource_group = "MyRG-ImageManagement-EastUS-RG" vda_resource_group = "MyRG-Desktops-EastUS-RG" use_managed_disks = true service_offering = "Standard_D2_v2" gallery_image = { gallery = "RIT_CTX_SAFE2_Prod_Image_EastUS_CG" definition = "SAFE2.0-0228-W10-22H2" version = "1.0.2" } Machine_profile = { machine_profile_resource_group = "MyRG-ImageManagement-EastUS-RG" machine_profile_vm_name = "MyVMImageProfile" } writeback_cache = { wbc_disk_storage_type = "StandardSSD_LRS" persist_wbc = false persist_os_disk = true persist_vm = false writeback_cache_disk_size_gb = 16 writeback_cache_memory_size_mb = 1024 storage_cost_saving = false } } network_mapping = { network_device = "0" network = "AZ-MyRG-PROD-RG-CIDR" } availability_zones = "" number_of_total_machines = 1 machine_account_creation_rules ={ naming_scheme = "DEV##" naming_scheme_type ="Numeric" } }
}`

I look forward to your reply.

thanks, Tim

zhuolun-citrix commented 2 months ago

Hi @TimBennett13 ,

Thank you for bringing this to our attention. Can you please check if the gallery is in the same resource group that you specified in provisioning_scheme.azure_machine_config.resource_group?

After reviewing the code, we realized that if the gallery is not within the resource group you specified for the provisioning scheme, it will not be resolved properly. We will mark this as a bug regardless.

Thank you, Zhuolun

TimBennett13 commented 2 months ago

zhuolun, Thank you for your quick reply. Yes the image gallery is in the same RG specified in the provisioning_scheme.azure_machine_config.resource_group. Using the code above: In the azure_machine_config section, the computer gallery , "RIT_CTX_SAFE2_Prod_Image_EastUS_CG", is in the RG "MyRG-ImageManagement-EastUS-RG"

azure_machine_config = { storage_type = "Standard_LRS" resource_group = "MyRG-ImageManagement-EastUS-RG" vda_resource_group = "MyRG-Desktops-EastUS-RG" use_managed_disks = true service_offering = "Standard_D2_v2" gallery_image = { gallery = "RIT_CTX_SAFE2_Prod_Image_EastUS_CG" definition = "SAFE2.0-0228-W10-22H2" version = "1.0.2" } Machine_profile = { machine_profile_resource_group = "MyRG-ImageManagement-EastUS-RG" machine_profile_vm_name = "MyVMImageProfile" }

Thanks, Tim

zhuolun-citrix commented 2 months ago

Hi @TimBennett13 ,

After further debugging we just realized that the schema intended as the resource_group field is specifically for locating the gallery, which means that it's not really a bug but as designed.

I have also debugged with my own setup of image gallery and it worked fine. Could you please perform an IAM check to make sure that the Azure service account you used for creating the hypervisor has permission to access the image gallery and the image definitions?

Thank you.

TimBennett13 commented 2 months ago

I checked and the Azure service principal used for the Hosting Connection has a role of contributor on the ImageManagement-EastUS-RG Resource Group that the Compute gallery resides in. If it matters, we are using a multiple subscription model where the core infrastructure including the compute gallery is in one subscription and the VDA's are in different subscriptions. The Hosting connection does not connect to the core subscription but connects to the VDA subscription and the image is visible to the machine catalog because of the role set for the Azure Service Principal on the Image catalog in the ImageManagement-EastUS-RG Resource Group.

Thanks, Tim

TimBennett13 commented 2 months ago

Hello again. To troubleshoot I created a storage account and uploaded a vhd. Then changed the script to using the vhd.

_resource_group = "MyCoreSub-ImageManagement-EastUS-RG" /# using blob for image instead of gallery storage_account = "terraformtroubleshooting" container = "mcsvhd" masterimage = "mcs-master.vhd"

This failed saying it could not find the vhd. Then i moved the storage account to the VDA Resource Group that is in the sub defined in the Hosting Connection (the VDA subscription) and it found the vhd and started building the MC.

_resource_group = "MyVDASub-ImageManagement-EastUS-RG" /# using blob for image instead of gallery storage_account = "terraformtroubleshooting" container = "mcsvhd" masterimage = "mcs-master.vhd"

If it helps, in DaaS Studio when I get to the image selection point in creating a machine catalog i am presented with the option to choose the subscription where I can choose the core sub and can see the compute gallery. This is facilitated by adding a role for the Azure Service Principal to the image Resource Group in the core subscription.

Thanks, Tim

zhuolun-citrix commented 2 months ago

Hi @TimBennett13 ,

Looks like this is a use case that we have not supported in our Terraform Provider yet. We will mark this as enhancement instead and will work on supporting this in the next release.

Thank you very much for bring this to our attention.

Zhuolun

TimBennett13 commented 2 months ago

Hello Zhuolun,

Thank you for your reply and updating the ticket. Do you have a cadence for releases? I'm wondering how long it might take?

-Sincerely,

Tim

From: Zhuolun @.> Sent: Friday, April 12, 2024 10:59 AM To: citrix/terraform-provider-citrix @.> Cc: Tim Bennett @.>; Mention @.> Subject: Re: [citrix/terraform-provider-citrix] Building a Machine Catalog - Azure Compute Gallery image not found (Issue #58)

  External Email - Use Caution

Hi @TimBennett13https://github.com/TimBennett13 ,

Looks like this is a use case that we have not supported in our Terraform Provider yet. We will mark this as enhancement instead and will work on supporting this in the next release.

Thank you very much for bring this to our attention.

Zhuolun

- Reply to this email directly, view it on GitHubhttps://github.com/citrix/terraform-provider-citrix/issues/58#issuecomment-2051928272, or unsubscribehttps://github.com/notifications/unsubscribe-auth/AZYXPZVYU3QLFDFUR7CY3KLY47ZEJAVCNFSM6AAAAABGAS7ZN6VHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDANJRHEZDQMRXGI. You are receiving this because you were mentioned.Message ID: @.**@.>>

zhuolun-citrix commented 2 months ago

@TimBennett13 ,

We will publish a new version in ~2 weeks from now.

Please stay tuned.

Thank you.

j7lloyd commented 2 months ago

@zhuolun-citrix, excellent news! Out of interest, will any of the enhancements proposed in the 2 open PRs be included, too?