VM has reported a failure when processing extension 'config-app'.

[cwhd]

When I try to deploy from the template the controllerNode fails with the status code "Conflict" and the error, "VM has reported a failure when processing extension 'config-app'.". This is the full error:

        "code": "Conflict",
        "message": "{\r\n  \"status\": \"Failed\",\r\n  \"error\": {\r\n    \"code\": \"ResourceDeploymentFailure\",\r\n    \"message\": \"The resource operation completed with terminal provisioning state 'Failed'.\",\r\n    \"details\": [\r\n      {\r\n        \"code\": \"DeploymentFailed\",\r\n        \"message\": \"At least one resource deployment operation failed. Please list deployment operations for details. Please see https://aka.ms/arm-debug for usage details.\",\r\n        \"details\": [\r\n          {\r\n            \"code\": \"Conflict\",\r\n            \"message\": \"{\\r\\n  \\\"status\\\": \\\"Failed\\\",\\r\\n  \\\"error\\\": {\\r\\n    \\\"code\\\": \\\"ResourceDeploymentFailure\\\",\\r\\n    \\\"message\\\": \\\"The resource operation completed with terminal provisioning state 'Failed'.\\\",\\r\\n    \\\"details\\\": [\\r\\n      {\\r\\n        \\\"code\\\": \\\"VMExtensionProvisioningError\\\",\\r\\n        \\\"message\\\": \\\"VM has reported a failure when processing extension 'config-app'. Error message: \\\\\\\"Enable failed: failed to execute command: command terminated with exit status=1\\\\n[stdout]\\\\nes currently installed.)\\\\r\\\\nPreparing to unpack .../libapr1_1.5.2-3_amd64.deb ...\\\\r\\\\nUnpacking libapr1:amd64 (1.5.2-3) ...\\\\r\\\\nSelecting previously unselected package libaprutil1:amd64.\\\\r\\\\nPreparing to unpack .../libaprutil1_1.5.4-1build1_amd64.deb ...\\\\r\\\\nUnpacking libaprutil1:amd64 (1.5.4-1build1) ...\\\\r\\\\nSelecting previously unselected package apache2-utils.\\\\r\\\\nPreparing to unpack .../apache2-utils_2.4.18-2ubuntu3.5_amd64.deb ...\\\\r\\\\nUnpacking apache2-utils (2.4.18-2ubuntu3.5) ...\\\\r\\\\nSelecting previously unselected package aufs-tools.\\\\r\\\\nPreparing to unpack .../aufs-tools_1%3a3.2+20130722-1.1ubuntu1_amd64.deb ...\\\\r\\\\nUnpacking aufs-tools (1:3.2+20130722-1.1ubuntu1) ...\\\\r\\\\nSelecting previously unselected package cgroupfs-mount.\\\\r\\\\nPreparing to unpack .../cgroupfs-mount_1.2_all.deb ...\\\\r\\\\nUnpacking cgroupfs-mount (1.2) ...\\\\r\\\\nSelecting previously unselected package libltdl7:amd64.\\\\r\\\\nPreparing to unpack .../libltdl7_2.4.6-0.1_amd64.deb ...\\\\r\\\\nUnpacking libltdl7:amd64 (2.4.6-0.1) ...\\\\r\\\\nSelecting previously unselected package docker-ce.\\\\r\\\\nPreparing to unpack .../docker-ce_17.12.0~ce-0~ubuntu_amd64.deb ...\\\\r\\\\nUnpacking docker-ce (17.12.0~ce-0~ubuntu) ...\\\\r\\\\nSelecting previously unselected package openresty-zlib.\\\\r\\\\nPreparing to unpack .../openresty-zlib_1.2.11-3~xenial1_amd64.deb ...\\\\r\\\\nUnpacking openresty-zlib (1.2.11-3~xenial1) ...\\\\r\\\\nSelecting previously unselected package openresty-openssl.\\\\r\\\\nPreparing to unpack .../openresty-openssl_1.0.2k-2~xenial1_amd64.deb ...\\\\r\\\\nUnpacking openresty-openssl (1.0.2k-2~xenial1) ...\\\\r\\\\nSelecting previously unselected package openresty-pcre.\\\\r\\\\nPreparing to unpack .../openresty-pcre_8.41-1~xenial1_amd64.deb ...\\\\r\\\\nUnpacking openresty-pcre (8.41-1~xenial1) ...\\\\r\\\\nSelecting previously unselected package openresty.\\\\r\\\\nPreparing to unpack .../openresty_1.13.6.1-1~xenial1_amd64.deb ...\\\\r\\\\nUnpacking openresty (1.13.6.1-1~xenial1) ...\\\\r\\\\nSelecting previously unselected package openresty-resty.\\\\r\\\\nPreparing to unpack .../openresty-resty_1.13.6.1-1~xenial1_all.deb ...\\\\r\\\\nUnpacking openresty-resty (1.13.6.1-1~xenial1) ...\\\\r\\\\nSelecting previously unselected package openresty-opm.\\\\r\\\\nPreparing to unpack .../openresty-opm_1.13.6.1-1~xenial1_amd64.deb ...\\\\r\\\\nUnpacking openresty-opm (1.13.6.1-1~xenial1) ...\\\\r\\\\nSelecting previously unselected package unzip.\\\\r\\\\nPreparing to unpack .../unzip_6.0-20ubuntu1_amd64.deb ...\\\\r\\\\nUnpacking unzip (6.0-20ubuntu1) ...\\\\r\\\\nSelecting previously unselected package azure-cli.\\\\r\\\\nPreparing to unpack .../azure-cli_2.0.23-1_all.deb ...\\\\r\\\\nUnpacking azure-cli (2.0.23-1) ...\\\\r\\\\nProcessing triggers for libc-bin (2.23-0ubuntu4) ...\\\\r\\\\nProcessing triggers for man-db (2.7.5-1) ...\\\\r\\\\nProcessing triggers for ureadahead (0.100.0-19) ...\\\\r\\\\nProcessing triggers for systemd (229-4ubuntu12) ...\\\\r\\\\nProcessing triggers for mime-support (3.59ubuntu1) ...\\\\r\\\\nSetting up libapr1:amd64 (1.5.2-3) ...\\\\r\\\\nSetting up libaprutil1:amd64 (1.5.4-1build1) ...\\\\r\\\\nSetting up apache2-utils (2.4.18-2ubuntu3.5) ...\\\\r\\\\nSetting up aufs-tools (1:3.2+20130722-1.1ubuntu1) ...\\\\r\\\\nSetting up cgroupfs-mount (1.2) ...\\\\r\\\\nSetting up libltdl7:amd64 (2.4.6-0.1) ...\\\\r\\\\nSetting up docker-ce (17.12.0~ce-0~ubuntu) ...\\\\r\\\\nsent invalidate(passwd) request, exiting\\\\r\\\\nsent invalidate(group) request, exiting\\\\r\\\\nsent invalidate(group) request, exiting\\\\r\\\\nSetting up openresty-zlib (1.2.11-3~xenial1) ...\\\\r\\\\nSetting up openresty-openssl (1.0.2k-2~xenial1) ...\\\\r\\\\nSetting up openresty-pcre (8.41-1~xenial1) ...\\\\r\\\\nSetting up openresty (1.13.6.1-1~xenial1) ...\\\\r\\\\nSetting up openresty-resty (1.13.6.1-1~xenial1) ...\\\\r\\\\nSetting up openresty-opm (1.13.6.1-1~xenial1) ...\\\\r\\\\nSetting up unzip (6.0-20ubuntu1) ...\\\\r\\\\nSetting up azure-cli (2.0.23-1) ...\\\\r\\\\nProcessing triggers for libc-bin (2.23-0ubuntu4) ...\\\\r\\\\nProcessing triggers for systemd (229-4ubuntu12) ...\\\\r\\\\nProcessing triggers for ureadahead (0.100.0-19) ...\\\\r\\\\nLogin Azure CLI\\\\n[\\\\n  {\\\\n    \\\\\\\"cloudName\\\\\\\": \\\\\\\"AzureCloud\\\\\\\",\\\\n    \\\\\\\"id\\\\\\\": \\\\\\\"c3b1cff0-ca62-4c69-b0ba-3a6b354e94f1\\\\\\\",\\\\n    \\\\\\\"isDefault\\\\\\\": true,\\\\n    \\\\\\\"name\\\\\\\": \\\\\\\"Microsoft Azure Internal Consumption\\\\\\\",\\\\n    \\\\\\\"state\\\\\\\": \\\\\\\"Enabled\\\\\\\",\\\\n    \\\\\\\"tenantId\\\\\\\": \\\\\\\"72f988bf-86f1-41af-91ab-2d7cd011db47\\\\\\\",\\\\n    \\\\\\\"user\\\\\\\": {\\\\n      \\\\\\\"name\\\\\\\": \\\\\\\"7459e9cc-d8e6-4034-814e-50477a47bb24\\\\\\\",\\\\n      \\\\\\\"type\\\\\\\": \\\\\\\"servicePrincipal\\\\\\\"\\\\n    }\\\\n  }\\\\n]\\\\n\\\\n[stderr]\\\\ngpg: requesting key 417A0893 from hkp server packages.microsoft.com\\\\ngpg: key 417A0893: public key \\\\\\\"MS Open Tech <interop@microsoft.com>\\\\\\\" imported\\\\ngpg: Total number processed: 1\\\\ngpg:               imported: 1  (RSA: 1)\\\\ndebconf: unable to initialize frontend: Dialog\\\\ndebconf: (Dialog frontend will not work on a dumb terminal, an emacs shell buffer, or without a controlling terminal.)\\\\ndebconf: falling back to frontend: Readline\\\\ndebconf: unable to initialize frontend: Readline\\\\ndebconf: (This frontend requires a controlling tty.)\\\\ndebconf: falling back to frontend: Teletype\\\\ndpkg-preconfigure: unable to re-open stdin: \\\\n\\\\\\\".\\\"\\r\\n      }\\r\\n    ]\\r\\n  }\\r\\n}\"\r\n          }\r\n        ]\r\n      }\r\n    ]\r\n  }\r\n}"

[yaweiw]

@cwhd thanks for asking. Did you deploy the solution template from Azure marketplace? The error is likely due to invalid service principal or insufficient permission of the service principal you used to deploy azure resources. You can refer to the first few steps in our document for creating the right service principal to be used.

@yuczho

[cwhd]

I did deploy the solution from the marketplace and I double checked my principal and I followed the instructions and have one that has contributor rights to my account. I just tried to create an ACS cluster for Kubernetes with that principal and that worked fine. Any other ideas?

[yaweiw]

@yuwzho

[yuwzho]

I m looking into this issue, but I confirm that this is not the AAD issue, the ACS cluster should be created successfully, but something wrong happened when adding security rule to the new created ACS.

@cwhd Could you please share the log on the controllervm? You can find the log at /tmp/output.log. And check the security rule whose name starts with k8s-master-, has the rule 102?

[cwhd]

output.log Ok, here is the log and a screenshot of the rules from the k8-master NSG. I don't see 102 in there.

[yaweiw]

@cwhd we will take a look. Meanwhile if you didn't deploy thru Azure marketplace solution, could you please do so? Simply go to Azure marketplace and find "Elastic stack on Kubernetes" and create the solution. this reduces risks of supplying incorrect parameters to Azure resource manager.

[cwhd]

I deleted the whole thing and started again. I did use the "Elastic stack on Kubernetes" from the marketplace and I went through the whole section of creating a principal and giving it the appropriate permissions. After that I still get an error deploying the controllerNode, in the end it's status is "Conflict" and in the error log I still see "VM has reported a failure when processing extension 'config-app'".

[yaweiw]

@cwhd just want to double check the new resource group you used for deployment was "kubtest_kubtest_westus2"? Could you upload the new output.log again please? We'll get back to you first thing Tuesday.

[cwhd]

output.log Here is the latest log. In the last deployment I created a new resource group and named it elaskub. The script created a new resource group named elaskub_containerservice-elaskub_westus2. kubtest was a container registry I created just to make sure I could create a k8s container registry, so I did not use it in this deployment.

[yuwzho]

@cwhd Thanks for sharing your log. I notice that your SSH private key is double base64 encoded (It should be decode twice to be a private key).

Also I find your ACS doesn't have a k8s-master rule in your new deployment, I m not sure why this happen and still explore. I now add a check to check whether the rule exist, and will be released a new one later.

[cwhd]

output.log I made sure the key was decoded properly this time but I the controller still fails to deploy. Here is the latest log.

[yuwzho]

@cwhd We now find the problem is the westus2 region not support the Azure Container Service(AKS) according to azure.com, you can try it using east us or central us.

For other regions, we are working on the exception you reported, also will have a test to figure out waht region we supported. Thanks very much for your reporting.

[cwhd]

Awesome, that worked, thanks!