search

microsoft / oxa-tools

Open edX on Azure Tools
MIT License
36 stars 103 forks source link

Unable to execute the KeyVault Deployment to * #344

Closed shadowdancerx3 closed 6 years ago

shadowdancerx3 commented 6 years ago

Hi all,

Anyone had similar problem during deployment?

New-AzureRmResourceGroupDeployment : 3:22:31 PM - Resource Microsoft.KeyVault/vaults 'ecntrix-kv' failed with message '{ "error": { "code": "BadRequest", "message": "An invalid value was provided for 'accessPolicies'." } }' At C:\laas\oxa-tools\scripts\Common.ps1:727 char:33

New-AzureRmResourceGroupDeployment : 3:22:31 PM - Template output evaluation skipped: at least one resource deployment operation failed. Please list deployment operations for details. Please see https://aka.ms/arm-debug for usage details. At C:\laas\oxa-tools\scripts\Common.ps1:727 char:33

New-AzureRmResourceGroupDeployment : 3:22:31 PM - Template output evaluation skipped: at least one resource deployment operation failed. Please list deployment operations for details. Please see https://aka.ms/arm-debug for usage details. At C:\laas\oxa-tools\scripts\Common.ps1:727 char:33

VERBOSE: 3:22:31 PM - Checking deployment status in 5 seconds New-AzureRmResourceGroupDeployment : 3:22:37 PM - Resource Microsoft.Resources/deployments 'keyVault' failed with message '{ "status": "Failed", "error": { "code": "ResourceDeploymentFailure", "message": "The resource operation completed with terminal provisioning state 'Failed'.", "details": [ { "code": "DeploymentFailed", "message": "At least one resource deployment operation failed. Please list deployment operations for details. Please see https://aka.ms/arm-debug for usage details.", "details": [ { "code": "BadRequest", "message": "{\r\n \"error\": {\r\n \"code\": \"BadRequest\",\r\n \"message\": \"An invalid value was provided for 'accessPolicies'.\"\r\n }\r\n}" } ] } ] } }' At C:\laas\oxa-tools\scripts\Common.ps1:727 char:33

New-AzureRmResourceGroupDeployment : 3:22:37 PM - At least one resource deployment operation failed. Please list deployment operations for details. Please see https://aka.ms/arm-debug for usage details. At C:\laas\oxa-tools\scripts\Common.ps1:727 char:33

eltoncarr commented 6 years ago

You may want to check your inputs...

shadowdancerx3 commented 6 years ago

Dear Elton,

Inputs are correct. We tried to deploy to 3 different environments with 3 different sets of parameters and 3 different approaches..every time we would get the very same error.

We already had to change some lines because Find-AzureRmResource command was not working...but with this error we are in the pitch dark. We also tried to create vault manually and add all permissions to service application, but even then script won't complete successfully...

Since we are using latest master files, can anyone send us sample files that were working on their environment (for testing and debugging purpose) or help us in more details?

(We also tried to use AzureRM module 5.0.1 with the same output)

Many thanks!

eltoncarr commented 6 years ago

It does look like you are a part of the partner program. Could you instead escalate the issue via that channel?

shadowdancerx3 commented 6 years ago

We tried... days ago...still waiting for response.

We think that the problem is maybe with KeyVault AccessPolicy. Can this help us: https://github.com/Azure/azure-quickstart-templates/blob/master/201-key-vault-secret-create/azuredeploy.parameters.json ???

Please help, because we have no idea whom to call.

eltoncarr commented 6 years ago

We are taking another look into this but the underlying issue is most likely a prior error in resolving the object Id for the user that will be granted keyvault access.

shadowdancerx3 commented 6 years ago

We used another .ps1 script without some parameters. We managed to deploy Edx successfully, but smtp settings for office 365 still not working. Azure activity log shows all successful deployments, but none email came from edx..Still troubleshooting.

eltoncarr commented 6 years ago

Having looked into the issue, the most likely reason for this is is if the service account used (web app) could not be resolved. You should seen a related error. Please double check your inputs and look out for the resolution error. Make sure you have the suggested cmdlets installed (see #336 for details)