hashicorp / packer-plugin-azure

Packer plugin for Azure Virtual Machine Image Builders
https://www.packer.io/docs/builders/azure
Mozilla Public License 2.0
51 stars 80 forks source link

Can't build 2025-datacenter-azure-edition #453

Open mindfulmonk opened 2 weeks ago

mindfulmonk commented 2 weeks ago

Overview of the Issue

When trying to build Windows 2025 image I get

{"status":"Failed","error":{"code":"DeploymentFailed","target":"/subscriptions/","message":"At least one resource deployment operation failed. Please list deployment operations for details. Please see https://aka.ms/arm-deployment-operations for usage details.","details":[{"code":"InvalidParameter","target":"windowsConfiguration.patchSettings.patchMode","message":"The selected VM image is not supported for VM Guest patch operations. Learn more at: https://aka.ms/VMGuestPatchingCompatibility"}]}}

Reproduction Steps

  image_publisher = "MicrosoftWindowsServer"
  image_offer     = "WindowsServer"
  image_sku       = "2025-datacenter-azure-edition"

Plugin and Packer version

Packer v1.11.2 Plugin version = "~> 2.2.0"

This looks similar to a previous 2022 issue:

https://github.com/hashicorp/packer/issues/11746 https://github.com/hashicorp/packer-plugin-azure/issues/189

Gill-Bates commented 2 weeks ago

It seems to be an Azure thing. Building from the Portal ends up with the same error:

{ "code": "DeploymentFailed", "target": "/subscriptions/****/resourceGroups/rg-test/providers/Microsoft.Resources/deployments/CreateVm-MicrosoftWindowsServer.WindowsServer-202-20241107135051", "message": "At least one resource deployment operation failed. Please list deployment operations for details. Please see https://aka.ms/arm-deployment-operations for usage details.", "details": [ { "code": "InvalidParameter", "target": "windowsConfiguration.patchSettings.patchMode", "message": "The selected VM image is not supported for VM Guest patch operations. Learn more at: https://aka.ms/VMGuestPatchingCompatibility" } ] }

ryguy77 commented 1 week ago

I seem to be having the same issue.

"statusCode": "BadRequest", "serviceRequestId": null, "statusMessage": "{\"error\":{\"code\":\"InvalidParameter\",\"target\":\"windowsConfiguration.patchSettings.patchMode\",\"message\":\"The selected VM image is not supported for VM Guest patch operations. Learn more at: https://aka.ms/VMGuestPatchingCompatibility\"}}",

Is there a way to bypass this or disable this in order to deploy the OS? I have not had much luck.

JenGoldstrich commented 3 days ago

Hello all, thanks for reporting this issue, I did some local testing, I made some changes to the plugin to pass in a different patch mode and was able to build this image, but to be honest this felt a bit off, as if we don't pass in a patchMode (like the plugin currently doesn't) I would assume Azure would chose a sensible default for the image.

I found this issue https://learn.microsoft.com/en-us/answers/questions/2118030/cannot-create-a-azure-vm-with-windows-server-2025, where a user had the same issue, but not using Packer or this plugin, and I think this may have to do with the rollout of the 2025 datacenter image that was launched a few weeks ago. Going to these docs https://learn.microsoft.com/azure/virtual-machines/windows/automatic-vm-guest-patching#supported-os-images, I saw the following warning:

Not all regions currently support Windows Server 2025 images. Regions where support doesn't exist yet may return a HTTP 400 client error, indicating an unsupported status. Instead, use another region that does provide support, such as, UK South, East Asia, or West Central US.

When I tried to build again using UK South and West Central US, I was able to successfully build the image with the current released plugin (v2.2.0) with no changes

Quoting a Microsoft support person in the learn thread I linked earlier.

"It might still be partially available because some features are still being rolled out in the backend. According to the documentation, it should be fully available in a few days without any further issues. As you mentioned in the screenshot, What I understand there’s currently a temporary issue with deploying Windows Server 2025 Azure Edition, mainly in some regions. This is due to a configuration change that is still being rolled out. The issue is being resolved region by region, and most regions should be fully mitigated within the next 7-14 days based on your information it will be resolve as they mention date in notice. We’ll also check internally for any updates and keep you informed as soon as we have more details. "

So I could make a plugin change here to allow users to set the patch mode manually, but it seems like it may be better to wait here, and allow Azure to fully roll out this image. If we end up needing to modify the VM's patch mode otherwise we can definitely add this field to the plugin, but since this image successfully builds in some regions and not in others, it feels like this will be fixed by Azure upstream changes.

bobofett86 commented 10 hours ago

Would love to see an option to set this so able to get past this error if hot patching is not critical to usage vs. waiting for a upstream change from Microsoft that we are already past their original estimated time frame. Zero movement on any additional regions having support added so far.

JenGoldstrich commented 8 hours ago

Hey @bobofett86, Adding this option would be fairly brittle, it would require setting things in your template that would then change based on the planned future state of the images that the Azure API returns. I understand that there has been no movement on this, but that doesn't change that fact that in that support issue Azure recommended not using this image in unsupported regions, that means to me they are not confident that it is stable, and there may be some other issue. If you look at the other linked issue https://github.com/hashicorp/packer-plugin-azure/issues/189, you can see this same situation happened, where a specific base image failed one month, and succeeded the next month. If Azure says an image is unsupported in other regions, its unsupported, there may be other unintended issues that we don't know, preventing them from making this image fully supported. We need to wait to hear more from Azure before we proceed.

I will reach out to my Azure contacts after the Thanksgiving holiday to see if they can get some update from the teams rolling out this change.

https://learn-attachment.microsoft.com/api/attachments/89d7043d-abcd-4443-b8ef-f11df2b0d24c?platform=QnA