hashicorp / terraform-provider-azurerm

Terraform provider for Azure Resource Manager
https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs
Mozilla Public License 2.0
4.6k stars 4.65k forks source link

The provided gallery image only supports creation of VMs and VM Scale Sets with 'TrustedLaunch' security type #23148

Open dharmendar11 opened 1 year ago

dharmendar11 commented 1 year ago

Is there an existing issue for this?

Community Note

Terraform Version

1.5.3

AzureRM Provider Version

3.65.0

Affected Resource(s)/Data Source(s)

azurerm_virtual_machine

Terraform Configuration Files

data "azurerm_shared_image_version" "existing" {
  name                = "1.0.0"
  image_name          = "XXX"
  gallery_name        = "XXX"
  resource_group_name = "XXX"
}

resource "azurerm_virtual_machine" "vm" {
  name                = var.name
  resource_group_name = var.resource_group_name
  location            = var.location

  vm_size               = var.vm_size
  network_interface_ids = [azurerm_network_interface.nic.id]
  license_type          = "Windows_Server"

  boot_diagnostics {
    enabled     = true
    storage_uri = ""
  }

  storage_image_reference {
    id = data.azurerm_shared_image_version.existing.id
  }
  storage_os_disk {
    name              = "sqlvm-os"
    caching           = "ReadWrite"
    create_option     = "FromImage"
    managed_disk_type = "Standard_LRS"
  }

  tags = var.tags
}

Debug Output/Panic Output

Error: compute.VirtualMachinesClient#CreateOrUpdate: Failure sending request: StatusCode=400 -- Original Error: Code="BadRequest" Message="The provided gallery image only supports creation of VMs and VM Scale Sets with 'TrustedLaunch' security type."

Expected Behaviour

A new VM should be created from the gallery image.

Actual Behaviour

When trying to create a VM with a gallery image using Terraform got the error "The provided gallery image only supports creation of VMs and VM Scale Sets with 'TrustedLaunch' security type."

Although the image is created using a Trusted launch and there is no option to add code to the terraform script for Trusted Lunch (Tried security_type - An argument named "security_type" is not expected here, trusted_launch_enabled - An argument named "trusted_launch_enabled" is not expected here, extended_security_configuration - Blocks of type "extended_security_configuration" are not expected here) after applying all 3 options still no luck.

Steps to Reproduce

No response

Important Factoids

No response

References

No response

dharmendar11 commented 1 year ago

@rcskosir Any update on the above issue.

DongXue-Trimble commented 1 year ago

Running into this error too. Anyone has any workaround please?

dharmendar11 commented 1 year ago

@DongXue-Trimble The workaround I tried is to run a PowerShell script in Terraform using the null_resource resource block of Terraform.

s-nakagaki commented 5 months ago

I tried azurerm_virtual_machine because azurerm_windows_virtual_machine is required admin_username and admin_password and Specialized images do not accept admin_username and admin_password. Could you tell me any workaround?

dharmendar11 commented 5 months ago

@s-nakagaki The workaround I tried is to run a PowerShell script in Terraform using the null_resource resource block of Terraform.

s-nakagaki commented 5 months ago

The workaround I tried is to run a PowerShell script in Terraform using the null_resource resource block of Terraform.

thanks, dharmendar11. You mean az command with null_resource? If so, sounds not like a workaround. But your way is one of solution for this issue.

if az command solves it, I think azapi solves it too.

GameHab commented 2 weeks ago

In your terraform code, when you want to create a Linux VM, you can use the following code:

variable "Ubuntu22_CIS_Agent" {
  default ="/subscriptions/xxxxxx/resourceGroups/your_resource/providers/Microsoft.Compute/galleries/your_img_gallery/images/Ubuntu22_CIS/versions/1.0.0"
}

resource "azurerm_linux_virtual_machine" "vm-test" {
    name ="vm-test"
  # (resource arguments)
    resource_group_name = data.azurerm_resource_group.your_resource.name
    location            = data.azurerm_resource_group.your_resource.location
    size                = "Standard_B1s"
    admin_username      = "azureuser"
    network_interface_ids = [
        azurerm_network_interface.your_nic_name.id,,
    ]
    os_disk {
        caching              = "None"
        storage_account_type = "Premium_LRS"
    }
    source_image_id = var.Ubuntu22_CIS_Agent
    secure_boot_enabled = true
    vtpm_enabled = true
    encryption_at_host_enabled =false
}
GameHab commented 2 weeks ago

In your terraform code, when you want to create a Linux VM, you can use the following code:

variable "Ubuntu22_CIS_Agent" {
  default ="/subscriptions/xxxxxx/resourceGroups/your_resource/providers/Microsoft.Compute/galleries/your_img_gallery/images/Ubuntu22_CIS/versions/1.0.0"
}

resource "azurerm_linux_virtual_machine" "vm-test" {
    name ="vm-test"
  # (resource arguments)
    resource_group_name = data.azurerm_resource_group.your_resource.name
    location            = data.azurerm_resource_group.your_resource.location
    size                = "Standard_B1s"
    admin_username      = "azureuser"
    network_interface_ids = [
        azurerm_network_interface.your_nic_name.id,,
    ]
    os_disk {
        caching              = "None"
        storage_account_type = "Premium_LRS"
    }
    source_image_id = var.Ubuntu22_CIS_Agent
    secure_boot_enabled = true
    vtpm_enabled = true
    encryption_at_host_enabled =false
}