[Error] - Cannot create machine catalog

[Xufuru]

I am encountering an issue when creating the machine catalog using the provided provider, i'm using terrakube and the provider name for the resource is "citrix_machine_catalog (Resource)". The reported error is as follows:

Error: Error creating Machine Catalog

with module.vdr["vdr1"].module.citrix.citrix_machine_catalog.wrkgpu-machine-catalog, on modules/citrix/main.tf line 94, in resource "citrix_machine_catalog" "wrkgpu-machine-catalog": 94: resource "citrix_machine_catalog" "wrkgpu-machine-catalog" {

Failed to resolve service offering Standard_NV18ads_A10_v5 on Azure, error: could not find resource

Error: Error creating Machine Catalog

with module.vdr["vdr1"].module.citrix.citrix_machine_catalog.wrkdoc-machine-catalog, on modules/citrix/main.tf line 144, in resource "citrix_machine_catalog" "wrkdoc-machine-catalog": 144: resource "citrix_machine_catalog" "wrkdoc-machine-catalog" {

Failed to resolve service offering Standard_D2s_v5 on Azure, error: could not find resource

For further clarification, if I create a machine catalog through the Citrix Cloud web interface, I can create it successfully.

I hope you might help, thanks in advance.

[aneeshk-citrix]

Hi @Xufuru,

Can you show us what the provisioning_scheme config looks like? Specifically I'm looking for hypervisor and hyerpvisor_resource_pool since these are the parameter values we use to look for service_offering

Thanks, Aneesh

[Xufuru]

Here is the provider for the machine catalog: resource "citrix_machine_catalog" "wrkgpu-machine-catalog" { name = "mc-wrkgpu" zone = citrix_zone.zone.id allocation_type = "Static" session_support = "SingleSession" provisioning_type = "MCS" minimum_functional_level = "L7_34" provisioning_scheme = { hypervisor = citrix_azure_hypervisor.azure-hypervisor.id hypervisor_resource_pool = citrix_azure_hypervisor_resource_pool.azure-hypervisor-resource-pool.id identity_type = "ActiveDirectory" machine_profile = var.vm_gpu_template_id machine_domain_identity = { domain = "#############" domain_ou = "OU=#####,OU=######,DC=######,DC=#####,DC=#####t" service_account = "########" service_account_password = "##########" } azure_machine_config = { storage_type = "Standard_LRS" use_managed_disks = true service_offering = "Standard_NV18ads_A10_v5" azure_master_image = { resource_group = var.resource_group_automation master_image = var.vm_gpu_osdisk_name } } network_mapping = [ { network_device = "0" network = var.subnet_vdi } ] number_of_total_machines = var.vm_gpu_count machine_account_creation_rules = { naming_scheme = "wrkgpu-##-${var.vdr_name}" naming_scheme_type = "Numeric" } } }

[aneeshk-citrix]

The config looks fine. I also tried creation of machine catalog with the same service offering and it was able to find it.

I will keep this issue open to add better error messages and transaction Id. In the meantime, can you make sure the subscription and region supports the service offering that you wish to use and that the values for hypervisor and resource pool shown in apply match with the expected resources.

[Xufuru]

I performed the required checks, and in the end, I realized that the problem was due to a bad installation of the cloud connector. However, after resolving that, the error seems to have changed, and it is now the following: Error: Error creating Machine Catalog ��� ��� with module.vdr["vdr1"].module.citrix.citrix_machine_catalog.wrkgpu-machine-catalog, ��� on modules/citrix/main.tf line 84, in resource "citrix_machine_catalog" "wrkgpu-machine-catalog": ��� 84: resource "citrix_machine_catalog" "wrkgpu-machine-catalog" { ��� ��� TransactionId: 6a88b438-2247-47aa-9137-9b333da39c21 ��� JobId: 690c5fe4-3d8c-4afc-8908-50176f2553cb ��� Error message: Failed to create the provisioning scheme.

The code of the provider is the same as the message before, i didn't add any changes.

[aneeshk-citrix]

The error I see is

The client clientId with object id objectId does not have authorization to perform action 'Microsoft.Resources/subscriptions/resourcegroups/write' over scope '/subscriptions/subscriptionId/resourcegroups/ResourceGroupName' or the scope is invalid. If access was recently granted, please refresh your credentials.

Can you make sure the app Id and secret that you are using have the correct permissions?

[Xufuru]

The credentials are correct because I use the same ones to create other objects in Azure and Citrix successfully. Additionally, I am able to manually create the machine catalog object (without using Terraform).

[aneeshk-citrix]

@Xufuru What is the value for network_mapping? I know you are using a variable, can you tell my what value shows up when you try to plan/apply?

I suspect an issue in the request for network_mapping

[Xufuru]

This is the output for the terraform plan

module.vdr["vdr1"].module.citrix.citrix_machine_catalog.wrkgpu-machine-catalog will be created

• resource "citrix_machine_catalog" "wrkgpu-machine-catalog" {
  • allocation_type = "Static"
  • description = ""
  • id = (known after apply)
  • minimum_functional_level = "L7_34"
  • name = "mc-wrkgpu"
  • provisioning_scheme = {
    • azure_machine_config = {
      • azure_master_image = {
        • master_image = (known after apply)
        • resource_group = "rg-itn-tecp-001-automation" }
      • license_type = "Windows_Client"
      • machine_profile = {
        • machine_profile_resource_group = "rg-itn-tecp-001-automation"
        • machine_profile_vm_name = "vmw-itn-tecp-00001-wrkgpu" }
      • master_image_note = ""
      • service_offering = "Standard_NV18ads_A10_v5"
      • storage_type = "Premium_LRS"
      • use_managed_disks = true
      • vda_resource_group = "rg-itn-tecp-001-vdr" }
    • hypervisor = (known after apply)
    • hypervisor_resource_pool = (known after apply)
    • identity_type = "ActiveDirectory"
    • machine_account_creation_rules = {
      • naming_scheme = "wrkgpu-##-vdr1"
      • naming_scheme_type = "Numeric" }
    • machine_domain_identity = {
      • domain = "advdr01.eni.intranet"
      • domain_ou = "OU=wrkgpu,OU=Citrix-vdr,DC=advdr01,DC=eni,DC=intranet"
      • service_account = "acnsupport"
      • service_account_password = (sensitive value) }
    • network_mapping = [
      • {
        • network = "sbn-itn-tecp-vdi-vdr1"
        • network_device = "0" }, ]
    • number_of_total_machines = 1 }
  • provisioning_type = "MCS"
  • scopes = []
  • session_support = "SingleSession"
  • zone = (known after apply) }

[aneeshk-citrix]

Are you able to create machine catalog manually using the WebStudio UI for the hypervisor and resource pool that was created using terraform?

[Xufuru]

Yes, i can create it manually, with all the previous resources created by terraform code

[aneeshk-citrix]

Hi @Xufuru,

Just wanted to update to let you know we are investigating this issue and will get back to you as soon as we have something.

Thanks, Aneesh

[aneeshk-citrix]

Hi @Xufuru,

After some investigation, we still think it's an authorization issue that I had previously posted. If you are sure the credentials are correct, here's what we can do -

1. Create a machine catalog via terraform. If it fails, record the transaction ID and perform step 2.
2. Create a machine catalog via WebStudio UI with the same parameters that you used in creating the machine catalog via Terraform and record the name of the catalog if successful.
3. Post the transaction Id from step 1 and catalog name from step 2.

We can take a look at the logs and find out what would be going wrong.

Thanks, Aneesh

[Xufuru]

I resolved the issue with the machine catalog. The error was due to a parameter that is marked as optional in the documentation, but in our case, it was mandatory to include it.

However, now, in the creation of the delivery groups, I have another error, which is very generic and does not explain anything:

Error: Error creating Delivery Group

with module.vdr["vdr1"].module.citrix.citrix_delivery_group.wrkgpu-delivery-group, on modules/citrix/main.tf line 133, in resource "citrix_delivery_group" "wrkgpu-delivery-group": 133: resource "citrix_delivery_group" "wrkgpu-delivery-group" {

TransactionId: 267e0033-6c82-402b-aab4-f63e896a7781 Error message: An error occurred. The operation you performed is not allowed.

[aneeshk-citrix]

Hey @Xufuru,

Are you using policy sets for the delivery group? This feature is not officially supported yet through the provider and has been noted in the provider documentation.

Are you able to create the delivery group with policy set through the WebStudio UI?

Aneesh

[Xufuru]

I am creating delivery groups using the Terraform provider, and the policy sets already exist in the Citrix environment, so I am trying to pass the policy set ID for use in the delivery groups. If I wanted to, could I create the policy sets using Terraform and then use them within the delivery groups also created through Terraform?

[aneeshk-citrix]

I am not sure that will work. What I am asking is, can you try to create a delivery group with the same policy set using WebStudio UI?

[Xufuru]

Yes, the actions through the Citrix web interface for creating delivery groups and policy sets work fine, but my requirement is to automate everything using Terraform.

[aneeshk-citrix]

Yes I understand. However, the provider does not support policy sets yet and needs more changes/fixes to make it work. The reason I asked if you can create through WebStudio UI is to see if there can be a workaround in the Provider.

[Xufuru]

I retrieved the GUID of the policy set I created via the Citrix web interface using a REST call and used it in the delivery group created by Terraform. It didn't work, resulting in the error reported in the previous messages. So, is this not possible either?

[aneeshk-citrix]

Yes I know you did not create policy set through terraform. Since policy set is not supported for cloud, creation of delivery group with policy sets has not been tested/guaranteed to work.

If you created a delivery group (with policy sets) through the web interface, can you share the name of this delivery group? We can take a look to compare what might be different and see if we can fix it in the Provider and unblock you.

[aneeshk-citrix]

Hi @Xufuru,

Do you still have the policy set in the Citrix Web environment? Can you tell us what type of policy set was created? Policy sets of type DeliveryGroupPolicies only can be assigned to a Delivery Group.

[Xufuru]

Unfortunately, I am unable to adapt the use of the provider to my specific case, so I will proceed manually for now. I will wait for a future update to manage the policy set in the cloud environment.

[aneeshk-citrix]

@Xufuru Sure. But in order to be able to better support this feature in future releases, we'd like to know what error you were facing.

I understand that you might not have the environment now but if you are able to reproduce the issue or face this issue again, let us know.

Thanks, Aneesh

[Xufuru]

As i posted before, this was the error:

Error: Error creating Delivery Group

with module.vdr["vdr1"].module.citrix.citrix_delivery_group.wrkgpu-delivery-group, on modules/citrix/main.tf line 133, in resource "citrix_delivery_group" "wrkgpu-delivery-group": 133: resource "citrix_delivery_group" "wrkgpu-delivery-group" {

TransactionId: 267e0033-6c82-402b-aab4-f63e896a7781 Error message: An error occurred. The operation you performed is not allowed.

It happend when i try to give set_policy_id value (in the delivery group terraform resource), the GUID of my policy created manually.

[aneeshk-citrix]

Yes I noted that error. I was asking if you know what kind of policy set was created or if the policy set still exists in the Citrix environment. Maybe we can take a further look.

[Xufuru]

Two user-setting and one computer-setting types.

[aneeshk-citrix]

Ok maybe that's the issue. From what I understand, the type needs to be DeliveryGroupPolicies. Do you think you can try that?

[Xufuru]

I will see if I can take the test, if so, I will provide updates.

[aneeshk-citrix]

Hi @Xufuru,

Due to inactivity, we're closing this issue. If you are able to reproduce this again, please open a new issue and we will take a look.

Thanks, Aneesh