Deployment via CloudShell failes leaving the Terraform State corrupt
cthoenes opened this issue · 2 comments
When deploying via cloud shell a timeout error could occour while obtaining a refresh token.
Error: waiting for Virtual Hub "microhack-we-hub" (Host Group Name "vwan-microhack-hub-rg") provisioning route: retrieving Virtual Hub "vwan-microhack-hub-rg" (Resource Group "microhack-we-hub"): azure.BearerAuthorizer#WithAuthorization: Failed to refresh the Token for request to https://management.azure.com/subscriptions/{subscription}/resourceGroups/vwan-microhack-hub-rg/providers/Microsoft.Network/virtualHubs/microhack-we-hub?api-version=2020-05-01: StatusCode=400 -- Original Error: adal: Refresh request failed. Status Code = '400'. Response body: {"error":{"code":"invalid_request","message":"Timeout waiting for token from portal. Audience: https://management.azure.com/"}}
on vwan.tf line 8, in resource "azurerm_virtual_hub" "microhack-we-hub":
8: resource "azurerm_virtual_hub" "microhack-we-hub" {
This will fail the terraform deployment and leaves the state in an corrupt state because the vwan is deployed but this is not reflected in the state file.
Redeploying will end up in an "already exists" error
Error: A resource with the ID "/subscriptions/{subscription}/resourceGroups/vwan-microhack-hub-rg/providers/Microsoft.Network/virtualHubs/microhack-we-hub" already exists - to be managed via Terraform this resource needs to be imported into the State. Please see the resource documentation for "azurerm_virtual_hub" for more information.
on vwan.tf line 8, in resource "azurerm_virtual_hub" "microhack-we-hub":
8: resource "azurerm_virtual_hub" "microhack-we-hub" {
This was reproduceable for me using the instructions in the repo.
Deploying from a local Terminal using Powershell Core will run through the deployment. This is a possible workaround.
Error: creating Windows Virtual Machine "spoke-addc-vm" (Resource Group "vwan-microhack-spoke-rg"): compute.VirtualMachinesClient#CreateOrUpdate: Failure sending request: StatusCode=0 -- Original Error: autorest/azure: Service returned an error. Status= Code="OperationNotAllowed" Message="Operation could not be completed as it results in exceeding approved Total Regional Cores quota. Additional details - Deployment Model: Resource Manager, Location: westeurope, Current Limit: 4, Current Usage: 4, Additional Required: 2, (Minimum) New Limit Required: 6. Submit a request for Quota increase at https://aka.ms/ProdportalCRP/#blade/Microsoft_Azure_Capacity/CapacityExperienceBlade/Parameters/%7B%22subscriptionId%22:%22142bc295-642a-47af-9a7d-6831a93e3abf%22,%22command%22:%22openQuotaApprovalBlade%22,%22quotas%22:[%7B%22location%22:%22westeurope%22,%22providerId%22:%22Microsoft.Compute%22,%22resourceName%22:%22cores%22,%22quotaRequest%22:%7B%22properties%22:%7B%22limit%22:6,%22unit%22:%22Count%22,%22name%22:%7B%22value%22:%22cores%22%7D%7D%7D%7D]%7D by specifying parameters listed in the ‘Details’ section for deployment to succeed. Please read more about quota limitsat https://docs.microsoft.com/en-us/azure/azure-supportability/regional-quota-requests"
│
│ with azurerm_windows_virtual_machine.spoke-addc-vm,
│ on spoke.tf line 540, in resource "azurerm_windows_virtual_machine" "spoke-addc-vm":
│ 540: resource "azurerm_windows_virtual_machine" "spoke-addc-vm" {
│
╵
╷
│ Error: creating Linux Virtual Machine "nva-iptables-vm" (Resource Group "vwan-microhack-spoke-rg"): compute.VirtualMachinesClient#CreateOrUpdate: Failure sending request: StatusCode=0 -- Original Error: autorest/azure: Service returned an error. Status= Code="OperationNotAllowed" Message="Operation could not be completed as it results in exceeding approved Total Regional Cores quota. Additional details - Deployment Model: Resource Manager, Location: westeurope, Current Limit: 4, Current Usage: 4, Additional Required: 2, (Minimum) New Limit Required: 6. Submit a request for Quota increase at https://aka.ms/ProdportalCRP/#blade/Microsoft_Azure_Capacity/CapacityExperienceBlade/Parameters/%7B%22subscriptionId%22:%22142bc295-642a-47af-9a7d-6831a93e3abf%22,%22command%22:%22openQuotaApprovalBlade%22,%22quotas%22:[%7B%22location%22:%22westeurope%22,%22providerId%22:%22Microsoft.Compute%22,%22resourceName%22:%22cores%22,%22quotaRequest%22:%7B%22properties%22:%7B%22limit%22:6,%22unit%22:%22Count%22,%22name%22:%7B%22value%22:%22cores%22%7D%7D%7D%7D]%7D by specifying parameters listed in the ‘Details’ section for deployment to succeed. Please read more about quota limitsat https://docs.microsoft.com/en-us/azure/azure-supportability/regional-quota-requests"
│
│ with azurerm_linux_virtual_machine.nva-iptables-vm,
│ on spoke.tf line 656, in resource "azurerm_linux_virtual_machine" "nva-iptables-vm":
│ 656: resource "azurerm_linux_virtual_machine" "nva-iptables-vm" {
│
╵
╷
│ Error: waiting for creation of Virtual Hub "microhack-we-hub-vng" (Resource Group "vwan-microhack-hub-rg"): Error retrieving VPN Gateway "microhack-we-hub-vng" (Resource Group "vwan-microhack-hub-rg"): azure.BearerAuthorizer#WithAuthorization: Failed to refresh the Token for request to https://management.azure.com/subscriptions/142bc295-642a-47af-9a7d-6831a93e3abf/resourceGroups/vwan-microhack-hub-rg/providers/Microsoft.Network/vpnGateways/microhack-we-hub-vng?api-version=2020-05-01: StatusCode=400 -- Original Error: adal: Refresh request failed. Status Code = '400'. Response body: {"error":{"code":"invalid_request","message":"Timeout waiting for token from portal. Audience: https://management.azure.com/"}}
│
│ with azurerm_vpn_gateway.microhack-we-hub-vng,
│ on vwan.tf line 16, in resource "azurerm_vpn_gateway" "microhack-we-hub-vng":
│ 16: resource "azurerm_vpn_gateway" "microhack-we-hub-vng" {
can some on help me with what needs to be done