Versions

Terraform v0.11.13
+ provider.azurestack v0.6.0

Stack Information

• ADFS enabled

Issue
I'm just running a simple test against our stack by creating a resource group using a service principal that has been assigned "contributor"permissions. However, when I run terraform plan, I receive the following error:

terraform : 
At line:1 char:1
terraform plan
~~~~~~~~~~~~~~
     CategoryInfo          : NotSpecified: , RemoteException
     FullyQualifiedErrorId : NativeCommandError
 
Error running plan: 1 error(s) occurred:
provider.azurestack: Unable to list provider registration status, it is possible that this is due to invalid credentials or the service principal does not have permission to use the Resource Manager API, Azure error: 
azure.BearerAuthorizer#WithAuthorization: Failed to refresh the Token for request to https://management.SSCCentral.dev.azs.cloud-nuage.gc.ca/subscriptions/7d9a264f-9ca7-4bcd-9e98-796b910bxxxx/providers?api-version=2016-02-01: 
StatusCode=404 -- Original Error: adal: Refresh request failed. Status Code = '404'. Response body: 
Not Found
HTTP Error 404. The requested resource is not found.

I have confirmed that the SP has the correct privileges as I'm able to authenticate and create a resource:

PS C:\Users\mcculls2\Desktop\AKS\aks\terraform> az group create -l ssccentral -n sdm-test-rg
{
  "id": "/subscriptions/7d9a264f-9ca7-4bcd-9e98-796b910bxxxx/resourceGroups/sdm-test-rg",
  "location": "ssccentral",
  "managedBy": null,
  "name": "sdm-test-rg",
  "properties": {
    "provisioningState": "Succeeded"
  },
  "tags": null,
  "type": null
}

Here is the contents of my tf file:

provider "azurestack" {
  # whilst the `version` attribute is optional, we'd recommend pinning to a particular version
  version = "=0.6.0"
  
  arm_endpoint    = "https://management.SSCCentral.dev.azs.cloud-nuage.gc.ca"
  subscription_id = "7d9a264f-9ca7-4bcd-9e98-796b910xxxxx"
  client_id       = "ddc55e30-9b0d-4131-be0a-3b45365xxxxx"
  client_secret   = "X2MPOeE5vY8qE_iuhPs0v5gJ1iW9l9IQe_xxxxxx"
  tenant_id       = "68d875cd-fb09-4d37-bf50-3b4a9e7xxxxx"
}

# Create a resource group
resource "azurestack_resource_group" "test" {
  name     = "tf-dev-rg"
  location = "ssccentral"
}

As part of the preparation for Terraform v0.12, we would like to migrate all providers to use Go Modules. We plan to continue checking dependencies into vendor/ to remain compatible with existing tooling/CI for a period of time, however go modules will be used for management. Go Modules is the official solution for the go programming language, we understand some providers might not want this change yet, however we encourage providers to begin looking towards the switch as this is how we will be managing all Go projects in the future. Would maintainers please react with 👍 for support, or 👎 if you wish to have this provider omitted from the first wave of pull requests. If your provider is in support, we would ask that you avoid merging any pull requests that mutate the dependencies while the Go Modules PR is open (in fact a total codefreeze would be even more helpful), otherwise we will need to close that PR and re-run go mod init. Once merged, dependencies can be added or updated as follows:

$ GO111MODULE=on go get github.com/some/module@master
$ GO111MODULE=on go mod tidy
$ GO111MODULE=on go mod vendor

GO111MODULE=on might be unnecessary depending on your environment, this example will fetch a module @ master and record it in your project's go.mod and go.sum files. It's a good idea to tidy up afterward and then copy the dependencies into vendor/. To remove dependencies from your project, simply remove all usage from your codebase and run:

$ GO111MODULE=on go mody tidy
$ GO111MODULE=on go mod vendor

Thank you sincerely for all your time, contributions, and cooperation!

Hello, I cannot get the azurestack_virtual_machine_extension working on a Windows VM.
The az vm extension image list --location someplace -o table command shows
Name Publisher Version

CustomScriptExtension Microsoft.Compute 1.9.3
CustomScript Microsoft.Azure.Extensions 2.0.6
CustomScriptForLinux Microsoft.OSTCExtensions 1.5.5

I used

publisher = "Microsoft.Compute"
type = "CustomScriptExtension"
type_handler_version = "1.9.3"

but keep getting the error:
Error: compute.VirtualMachineExtensionsClient#CreateOrUpdate: Failure sending request: StatusCode=400 -- Original Error: Code="InvalidParameter" Message="The value of parameter typeHandlerVersion is invalid." Target="typeHandlerVersion"

Can somebody please advise?
Thanks.

Hello,

I cannot find a resource type or method of creating storage tables and queues in the Azure Stack provider while it is supported using the Azure provider (azurerm_storage_table, azurerm_storage_queue).

I only see three available resource types in Azure Stack:

azurestack_storage_account
azurestack_storage_container
azurestack_storage_blob

Is there a plan to expand the available storage resource types for Azure Stack?

Thanks,
Luc

I'm starting to create my infrastructure in Azure using Terraform. In order to create a mirror from my azure account, I had created a list with all my vm sizes, founded a Azure equivalent for all the vms and checked if the vm's that i had chosen are available n the region west us 2.

Now, that I want to create some vm's, the terraform interface is showing me that

Please try another size or deploy to a different location or zones. See https://aka.ms/azureskunotavailable for details.

when I go to the Azure painel, I'm able to create the VM manually, in the same region.

I'm trying to create a Standard_A1 VM, in west us 2.

How can I find out the rigth name for the VM in terraform? Where is the documentation about it?

Hi,

I created a simple TF to provision a VM using an existing Resource Group, VNET, and Subnet:

data "azurestack_subnet" "vmsubnet" {
name = "***my RG's subnet ***"
virtual_network_name = "${data.azurestack_virtual_network.rgnetwork.name}"
resource_group_name = "${data.azurestack_resource_group.vmrg.name}"
}

but i get this odd error when it reaches VM NIC creation:

Error: Error: Subnet "**** My RG's subnet **" (Virtual Network " VNET Resource Group Name " / Resource Group " The VNET name ***") was not found

I tried switching it like so 🤣
data "azurestack_subnet" "vmsubnet" {
name = "*** my RG's subnet ***"
virtual_network_name = "${data.azurestack_resource_group.vmrg.name}"
resource_group_name = "${data.azurestack_virtual_network.rgnetwork.name}"

}

and it worked 🤣

Using:
Terraform v0.12.6

• provider.azurestack v0.8.1

Has someone come across this?

Thanks!

The terraform-provider-azurerm provider has moved the resource locking functionality into separate package back in Aug 2019. Having the terraform-provider-azurerm provider diverge makes it more difficult to create new resources on Azure Stack (ie #50) that are derived from the Azure Cloud. If the model in the Azure Cloud has stabilized, I propose starting migrating to similar packages in Azure Stack.

See issue #109

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Terraform (and AzureStack Provider) Version

Terraform v1.2.6
azurestack v1.0.0

Affected Resource(s)

• azurestack_resource_group

Terraform Configuration Files

provider "azurestack" {
  metadata_host = "management.local.azurestack.external"
  features {}
}

# Create a resource group
resource "azurestack_resource_group" "test" {
  name     = "test-rg"
  location = "local"
}

Debug Output

https://gist.github.com/matthorgan/27fecca7ee03b3e4ce8efaaf85479658

Expected Behaviour

A resource group should be created

Actual Behaviour

Error before RG is created

Steps to Reproduce

1. terraform apply

Important Factoids

Attempting to run Terraform on my ASDK environment produces the error Error: determining environment: unable to locate metadata for environment "stack" from custom metadata host "management.local.azurestack.external". I am using the az cli for authentication and have confirmed I can create resources via the az cli so the permissions are correct.

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Description

Please update the provider to support deploying Key Vault resource to Azure Stack Hub.

New or Affected Resource(s)

• azurestack_key_vault

Potential Terraform Configuration

resource "azurestack_key_vault" "kv" {
    name = var.kv_name
    resource_group_name = var.resource_group_name
    location = var.location
    sku_name = var.keyvault_sku
    enabled_for_deployment = var.enabled_for_deployment
    enabled_for_disk_encryption = var.enabled_for_disk_encryption
    enabled_for_template_deployment = var.enabled_for_template_deployment
    enable_rbac_authorization = var.enable_rbac_authorization
    soft_delete_retention_days = var.soft_delete_retention_days
    purge_protection_enabled = var.purge_protection_enabled
    tenant_id = var.tenant_id

  access_policy {
    tenant_id = data.azurestack_client_config.current.tenant_id
    object_id = data.azurestack_client_config.current.object_id

    key_permissions = [
      "create",
      "get",
      "list",
    ]

    secret_permissions = [
      "set",
      "get",
      "delete",
      "list",
      "purge",
    ]
    storage_permissions = [
      "set",
      "get",
      "delete",
      "list",
    ]
  }
}

References

None

• #0000

https://github.com/terraform-providers/terraform-provider-azurestack/blob/e9440bae2be3e8e06a42dddacea0898271a39df7/azurestack/resource_arm_virtual_machine.go#L998-L1001

And the vhd_uri is probably Required I think if that is the case?

https://github.com/terraform-providers/terraform-provider-azurestack/blob/e9440bae2be3e8e06a42dddacea0898271a39df7/azurestack/resource_arm_virtual_machine.go#L191-L208

It does look like managed disks may be supported now? https://azure.microsoft.com/en-us/updates/managed-disks-in-azure-stack/

I'm not sure how quickly people will have that installed (include us for testing).

Hi all,

I've been using terraform for azurestack and noticed that even though the Azure Portal allows specifying rule with multiple addresses delimited by commas, the current terraform provider for azurestack doesn't have the following argument references:
source_address_prefixes
destination_address_prefixes

This means to create a rule with multiple source address, you have to split the rules into multiple rules. The terraform provider for azurerm have the above argument references. Please implement them for azurestack. Thank you!

argument references taken from: https://registry.terraform.io/providers/hashicorp/azurestack/latest/docs/resources/network_security_rule

It would be great to have a data source for azurestack_subnet

Example terraform code:

data "azurestack_subnet" "test" {
  name                 = "backend"
  virtual_network_name = "production"
  resource_group_name  = "networking"
}

output "subnet_id" {
  value = "${data.azurestack_subnet.test.id}"
}

storage_os_disk - (Required) A Storage OS DFlag to enable deletion of the OS disk VHD blob when the VM is deleted, defaults to false (not yet supported).

Looks like there was a mixup in the text of delete_os_disk_on_termination flag and storage_os_disk block

Hi there ,
by following "Building The Provider", the step of "make build" failed on windows 2016 server as follows
any input ?

thanks
2018-12-19

C:\work\src\github.com\terraform-providers\terraform-provider-azurestack>make build
==> Checking that code complies with gofmt requirements...
gofmt needs running on the following files:
./azurestack/azurestack_sweeper_test.go
./azurestack/config.go
./azurestack/data_source_client_config.go
./azurestack/data_source_client_config_test.go
./azurestack/data_source_network_interface.go
./azurestack/data_source_network_interface_test.go
./azurestack/data_source_network_security_group.go
./azurestack/data_source_network_security_group_test.go
./azurestack/data_source_public_ip.go
./azurestack/data_source_public_ip_test.go
./azurestack/data_source_resource_group.go
./azurestack/data_source_resource_group_test.go
./azurestack/data_source_route_table.go
./azurestack/data_source_route_table_test.go
./azurestack/data_source_storage_account.go
./azurestack/data_source_storage_account_test.go
./azurestack/data_source_subnet.go
./azurestack/data_source_subnet_test.go
./azurestack/data_source_virtual_network.go
./azurestack/data_source_virtual_network_gateway.go
./azurestack/data_source_virtual_network_gateway_test.go
./azurestack/data_source_virtual_network_test.go
./azurestack/helpers/azure/resourceid.go
./azurestack/helpers/azure/resourceid_test.go
./azurestack/helpers/azure/validate.go
./azurestack/helpers/azure/validate_test.go
./azurestack/loadbalancer.go
./azurestack/location.go
./azurestack/locks.go
./azurestack/provider.go
./azurestack/provider_test.go
./azurestack/required_resource_providers.go
./azurestack/required_resource_providers_test.go
./azurestack/resourceid.go
./azurestack/resource_arm_availability_set.go
./azurestack/resource_arm_availability_set_test.go
./azurestack/resource_arm_dns_a_record.go
./azurestack/resource_arm_dns_a_record_test.go
./azurestack/resource_arm_dns_zone.go
./azurestack/resource_arm_dns_zone_test.go
./azurestack/resource_arm_loadbalancer.go
./azurestack/resource_arm_loadbalancer_backend_address_pool.go
./azurestack/resource_arm_loadbalancer_backend_address_pool_test.go
./azurestack/resource_arm_loadbalancer_nat_pool.go
./azurestack/resource_arm_loadbalancer_nat_pool_test.go
./azurestack/resource_arm_loadbalancer_nat_rule.go
./azurestack/resource_arm_loadbalancer_nat_rule_test.go
./azurestack/resource_arm_loadbalancer_probe.go
./azurestack/resource_arm_loadbalancer_probe_test.go
./azurestack/resource_arm_loadbalancer_rule.go
./azurestack/resource_arm_loadbalancer_rule_test.go
./azurestack/resource_arm_loadbalancer_test.go
./azurestack/resource_arm_local_network_gateway.go
./azurestack/resource_arm_local_network_gateway_test.go
./azurestack/resource_arm_managed_disk.go
./azurestack/resource_arm_network_interface.go
./azurestack/resource_arm_network_interface_test.go
./azurestack/resource_arm_network_security_group.go
./azurestack/resource_arm_network_security_group_test.go
./azurestack/resource_arm_network_security_rule.go
./azurestack/resource_arm_network_security_rule_test.go
./azurestack/resource_arm_public_ip.go
./azurestack/resource_arm_public_ip_test.go
./azurestack/resource_arm_resource_group.go
./azurestack/resource_arm_resource_group_test.go
./azurestack/resource_arm_route.go
./azurestack/resource_arm_route_table.go
./azurestack/resource_arm_route_table_test.go
./azurestack/resource_arm_route_test.go
./azurestack/resource_arm_storage_account.go
./azurestack/resource_arm_storage_account_test.go
./azurestack/resource_arm_storage_blob.go
./azurestack/resource_arm_storage_blob_test.go
./azurestack/resource_arm_storage_cointainer_test.go
./azurestack/resource_arm_storage_container.go
./azurestack/resource_arm_subnet.go
./azurestack/resource_arm_subnet_test.go
./azurestack/resource_arm_template_deployment.go
./azurestack/resource_arm_template_deployment_test.go
./azurestack/resource_arm_virtual_machine.go
./azurestack/resource_arm_virtual_machine_extension.go
./azurestack/resource_arm_virtual_machine_extension_test.go
./azurestack/resource_arm_virtual_machine_scale_set.go
./azurestack/resource_arm_virtual_machine_scale_set_test.go
./azurestack/resource_arm_virtual_machine_test.go
./azurestack/resource_arm_virtual_machine_unmanaged_disks_test.go
./azurestack/resource_arm_virtual_network.go
./azurestack/resource_arm_virtual_network_gateway.go
./azurestack/resource_arm_virtual_network_gateway_connection.go
./azurestack/resource_arm_virtual_network_gateway_connection_test.go
./azurestack/resource_arm_virtual_network_gateway_test.go
./azurestack/resource_arm_virtual_network_test.go
./azurestack/resource_group_name.go
./azurestack/tags.go
./azurestack/test_utils.go
./main.go
You can use the command: make fmt to reformat code.
make: *** [fmtcheck] Error 1

C:\work\src\github.com\terraform-providers\terraform-provider-azurestack>

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Terraform (and AzureStack Provider) Version

terraform v1.3.3
azurestack v1.0.0

I can use resource azurerm_network_interface_security_group_association to associate nic and nsg, but unable to do so in azurestack.

when trying the following definition, I get error

An argument named "network_security_group_id" is not expected here.

resource "azurestack_network_interface" "nics" {
  for_each                  = { for nic in var.nics : nic.id => nic }
  name                      = each.value.name
  location                  = data.azurestack_resource_group.rgs[each.value.resource_group_name].location
  resource_group_name       = data.azurestack_resource_group.rgs[each.value.resource_group_name].name
  network_security_group_id = azurestack_network_security_group.nsgs[each.value.nsg_resource_id].id


  ip_configuration {
    name                          = each.value.ip_configs[0].name
    subnet_id                     = each.value.ip_configs[0].subnet_resource_id
    private_ip_address_allocation = each.value.ip_configs[0].private_ip_address_allocation
    public_ip_address_id          = each.value.ip_configs[0].public_ip_address_resource_id
  }

}

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Terraform (and AzureStack Provider) Version

Terraform v1.2.6
on linux_amd64
+ provider registry.terraform.io/hashicorp/azurestack v1.0.0

Affected Resource(s)

• azurestack_image

Terraform Configuration Files

resource "azurestack_storage_blob" "azssb" {
  name                   = "centos-7-x86_64-genericcloud-2009.vhd"
  source                 = "/mnt/c/Users/klemghari/Downloads/CentOS-7-x86_64-GenericCloud-2009.vhd"
  storage_account_name   = "saosdisk"
  storage_container_name = "vhds"
  type                   = "Page"
}

resource "azurestack_image" "azsi" {
  name                = "centos-7-x86_64-genericcloud-2009"
  location            = "safi"
  resource_group_name = "rg-abda"

  os_disk {
    os_type  = "Linux"
    os_state = "Generalized"
    blob_uri = azurestack_storage_blob.azssb.url
    size_gb  = 30
    caching  = "None"
  }
}

Debug Output

Panic Output

Error: compute.ImagesClient#CreateOrUpdate: Failure sending request: StatusCode=0 -- Original Error: Code="InvalidParameter" Message="Required parameter 'hyperVGeneration' is missing (null)." Target="hyperVGeneration"

Expected Behaviour

azurestack_image.azsi: Creating...
azurestack_image.azsi: Still creating... [10s elapsed]
azurestack_image.azsi: Still creating... [20s elapsed]
azurestack_image.azsi: Still creating... [30s elapsed]
azurestack_image.azsi: Still creating... [40s elapsed]
azurestack_image.azsi: Creation complete after...

Actual Behaviour

azurestack_image.azsi: Creating...
╷
│ Warning: Argument is deprecated
│
│   with provider["registry.terraform.io/hashicorp/azurestack"],
│   on provider.tf line 1, in provider "azurestack":
│    1: provider "azurestack" {
│
│ `arm_endpoint` is deprecated in favour of `metadata_host` and will be removed in version 1.0 of the AzureStack provider.
╵
╷
│ Error: compute.ImagesClient#CreateOrUpdate: Failure sending request: StatusCode=0 -- Original Error: Code="InvalidParameter" Message="Required parameter 'hyperVGeneration' is missing (null)." Target="hyperVGeneration"
│
│   with azurestack_image.azsi,
│   on prototype.tf line 10, in resource "azurestack_image" "azsi":
│   10: resource "azurestack_image" "azsi" {
│
╵

Steps to Reproduce

1. terraform apply

Important Factoids

References

• hashicorp/terraform-provider-azurerm#6316
• hashicorp/terraform-provider-azurerm#9137

If this has been abandoned can it be made clear

Thanks

Hi and thanks for adding support for the Azure Stack provider!
You guys are doing a fantastic job.

I have, however, some issues....

1. In the documentation for the azurestack_virtual_machine, azurestack_managed_disk is listed as an option. As far as I can see, that's not supported by the provider?

2. I'm able to provision resource group, VNET and subnet without any problems, but today I had to add infra to our stack and virtual machine refuses to create. I'm even using the example from the documentation to limit personal screw-ups.

Error message: azurestack_virtual_machine.test: compute.VirtualMachinesClient#CreateOrUpdate: Invalid input: autorest/validation: validation failed: parameter=parameters.VirtualMachineProperties.StorageProfile.OsDisk.Vhd constraint=Null value=(*compute.VirtualHardDisk)(nil) details: value can not be null; required parameter

Workflow Name: Issue Opened Triage
Branch: main
Run URL: https://github.com/hashicorp/terraform-provider-azurestack/actions/runs/4641460268

save-state deprecation warnings: 0
set-output deprecation warnings: 0
node12 deprecation warnings: 1

Please review these deprecation warnings as soon as possible and merge in the necessary updates.

GitHub will be removing support for these commands and plan to fully disable them on 31st May 2023. At this time, any workflow that still utilizes these commands will fail. See https://github.blog/changelog/2022-10-11-github-actions-deprecating-save-state-and-set-output-commands/.

GitHub have not finalized a date for deprecating node12 yet but have indicated that this will be summer 2023. So it is advised to switch to node16 asap. See https://github.blog/changelog/2022-09-22-github-actions-all-actions-will-begin-running-on-node16-instead-of-node12/.

If you need any help, please reach out to us in #team-rel-eng.

My goals in my recent contributions, is trying to update the azurestack provider to be more closely aligned with the AzureRM provider. As mentioned in other issues, the less code that needs to be edited between the two providers allows for easier feature updates. I would like to be able to take the data source or resource providers for the missing components and just cut stuff out that is not supported on Azure Stack.

At this point, I am trying to make non-functional changes, that allow the two code bases to converge. However, it can be difficult because I am not aware of the road map or priorities for the azurerm provider. On my fork, I have an issue where I am brainstorming the changes that should be made.

• GNUmakefile changes for linting / tf linting
• ArmClient wrapping of resources in same client family (Network, Compute, ...)
  • separate packages for each client family
• addition of internal/services

My current work contract will allow me access to a Azure Stack instance through the end of the year, possibly longer. I would like to make headway on adding the additional resources like app service plan, app service and key vault.

Thoughts?

Add AKS Kubernetes cluster support.
AKS has come to the Azure Stack.
https://docs.microsoft.com/en-us/azure-stack/user/azure-stack-kubernetes-aks-engine-overview?view=azs-1910

Thank you,
Jeff Young

I all,
we recently moved to Azurestack 1905. i turns that some calls, specially storage, no longer work.

the error can be reproduced with the storage example
https://www.terraform.io/docs/providers/azurestack/r/storage_account.html

azurestack_storage_account.testsa: 1 error occurred:
* azurestack_storage_account.testsa: azurestack_storage_account.testsa: Error reading the state of AzurStack Storage Account "": storage.AccountsClient#GetProperties: Invalid input: autorest/validation: validation failed: parameter=accountName constraint=MinLength value="" details: value length must be greater than or equal to 3

Azurerm provider have gotten support for configuring active-active VPN connection in azurerm.virtual_network_gateway. Additionally you need two public IPs, and two ipconfiguration for the Virtual Network Gateway.

This would allow redundant VPN connections!

Some references for configuration with other methods:
Powershell: https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-activeactive-rm-powershell
Terraform AzureRM: https://www.terraform.io/docs/providers/azurerm/r/virtual_network_gateway.html

The terraform-provider-azurerm provider has moved the tag schema, validation and other functions into separate package back in Aug 2019. Having the terraform-provider-azurerm provider diverge makes it more difficult to create new resources on Azure Stack (ie #50) that are derived from the Azure Cloud. If the model in the Azure Cloud has stabilized, I propose starting migrating to similar packages in Azure Stack.

This issue is specifically for tags. Separate issues can be created for other kinds.

The complete list :

Once the new package is committed, a sweep of the source code can be completed to update references.

When using Terraform to deploy a VM on Azure Stack Hub, referencing a VM SKU which has an uppercase 'V' in the SKU name i.e. "Standard_F16s_V2" causes VM to have network performance issues and the ability to add additional NICs to the VM is not possible. Solution is to make sure the SKU being called has a lowercase 'v' in the name i.e. "Standard_F16s_v2" however I feel that this should be captured / reported back during the deployment that the SKU requested is invalid.

Add support to create a custom virtual machine image that can be used to create virtual machines.

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Terraform (and AzureStack Provider) Version

N/A

Affected Resource(s)

(https://registry.terraform.io/providers/hashicorp/azurestack/latest/docs/resources/virtual_machine_extension)

Terraform Configuration Files

N/A

Debug Output

N/A

Panic Output

N/A

Expected Behaviour

Actual Behaviour

Steps to Reproduce

N/A

Documentation for Azure Stack is incorrect on website. Publisher should be Microsoft.Compute. There also needs to be details warning users to check the installed Custom Extension version in the Azure Stack Hub Admin Portal. 2.0 is not valid for the Azure Stack. These instructions appear to have been copied from Azurerm.

Important Factoids

References

Azurestack provider seems to lack the option to attach ipsec_policy to the virtual_network_gateway_connection. Azurerm provider has that ipsec_policy block option available. Is the ipsec_policy block expected to become available for azurestack provider too?

Hi,

running apply on code

resource "azurerm_virtual_machine_extension" "vm-bootstrap" {
count = "1"
name = "bootstrap"
virtual_machine_id = ...
publisher = "Microsoft.Azure.Extensions"
type = "CustomScript"
type_handler_version = "2.1.6"
settings = <<SETTINGS
{
"script": "${filebase64("bootstrap.sh")}"
}
SETTINGS
}

returns the following error:

Code="InvalidParameter" Message="The value of parameter typeHandlerVersion is invalid." Target="typeHandlerVersion"

though it looks like version 2.1.6 exists:

az vm extension image list-versions -n CustomScript --publisher Microsoft.Azure.Extensions --lo
cation westeurope --query "[].name" -o tsv | sort -u
2.0.0
2.0.1
2.0.2
2.0.3
2.0.4
2.0.5
2.0.6
2.0.7
2.1.1
2.1.2
2.1.3
2.1.6

Can you please check?

Great to see that Azure Stack support is here!

I started reading through the resource documentation and there looks to be some functionality documented which I don't believe works in Azure Stack.

A document showing some of the differences are here:

https://docs.microsoft.com/en-us/azure/azure-stack/user/azure-stack-acs-differences

For example, in the documentation there shows support for GRS etc, but in Azure Stack only LRS is supported.

Happy to do a pull request and start pairing down the functionality, but wanted to make sure y'all weren't architecting for functionality soon to be released :)

I am attempting to assign tags to resource groups that we spin up using terraform, however I keep running into errors saying that the "tags" block is not a supported block type.

Error: Unsupported block type

  on main.tf line 5, in resource "azurestack_resource_group" "test":
   5:   tags {

Blocks of type "tags" are not expected here. Did you mean to define argument
"tags"? If so, use the equals sign to assign it a value.

Within the Azure Stack portal, I can add tags to the resource groups manually but this is not feasible nor is it good for automated deployments.

I should be able to do something like:

resource "azurestack_resource_group" "test" {
  name     = "${var.deployment_name}-rg"
  location = "${var.resource_group_location}"

  tags {
    lifecycle = "dev"
    owner = "[email protected]"
  }
}

This also does not work for virtual machines, even though in the documentation it shows that we can.

Is vNet Peering supported in the Azure Stack provider?

If not can I request support?

It is late in the day so I might be missing something.

Thanks.

Im trying to associate a load balancer to a vmss.

when looking at the documentation i would presume that the link to a backend pool would be done under the ip_configuration block in network profile.

but looking at the docs it seems to be missing

https://registry.terraform.io/providers/hashicorp/azurestack/latest/docs/resources/virtual_machine_scale_set#ip_configuration

as i cant see it on the page, could be me being blind.

Update:

I took and educated guess from the azurerm version and edded:
load_balancer_backend_address_pool_ids = [azurestack_lb_backend_address_pool.worker.id]

im also having difficulty providing an nsg to the network profile

Using the azure stack provider version 0.8.0 and terraform version 0.11.14, I get the following error when trying to plan and apply:

Error: Error running plan: 1 error occurred:
        * provider.azurestack: Unable to list provider registration status, it is possible that this is due to invalid credentials or the service principal does not have permission to use the Resource Manager API, Azure error: azure.BearerAuthorizer#WithAuthorization: Failed to refresh the Token for request to https://<endpoint_to_stack>/subscriptions/<sub_id>/providers?api-version=2016-02-01: StatusCode=0 -- Original Error: adal: Failed to execute the refresh request. Error = 'Post https://login.microsoftonline.com/.../oauth2/token?api-version=1.0: context canceled'

I have to forcefully CTRL+C out of the execution otherwise it just sits there and hangs. This originally started happening to me in version 0.7.0 of the stack provider as well. This works using version 0.6.0, however, that becomes null and void with stack build 1905 in the relating issue mentioned in the issue here #90

I think that this crash belongs with the provider rather than TF itself.

Terraform v0.11.10

• provider.azurestack v0.4.0

crash.log

The ressources were created by hand and imported.

PS H:\Documents\repos\cdc-test> terraform apply
azurestack_resource_group.nwk: Refreshing state... (ID: /subscriptions/0df96577-ae86-4a08-a1af-...resourceGroups/flk-ast-nrw-nwk-rgp-001)
azurestack_local_network_gateway.tieto: Refreshing state... (ID: /subscriptions/0df96577-ae86-4a08-a1af-...etworkGateways/flk-ast-nrw-nwk-lgw-001)
azurestack_virtual_network.nwk: Refreshing state... (ID: /subscriptions/0df96577-ae86-4a08-a1af-...irtualNetworks/flk-ast-nrw-nwk-vnt-001)
azurestack_public_ip.vgw: Refreshing state... (ID: /subscriptions/0df96577-ae86-4a08-a1af-...PAddresses/flk-ast-nrw-nwk-vgw-pip-001)
azurestack_subnet.gateway: Refreshing state... (ID: /subscriptions/0df96577-ae86-4a08-a1af-...-nrw-nwk-vnt-001/subnets/GatewaySubnet)
azurestack_virtual_network_gateway.vgw: Refreshing state... (ID: /subscriptions/0df96577-ae86-4a08-a1af-...etworkGateways/flk-ast-nrw-nwk-vgw-001)
azurestack_virtual_network_gateway_connection.s2s: Refreshing state... (ID: /subscriptions/0df96577-ae86-4a08-a1af-...rk/connections/flk-ast-nrw-nwk-s2s-001)

An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
  ~ update in-place

Terraform will perform the following actions:

  ~ azurestack_resource_group.nwk
      tags.%:                  "0" => "2"
      tags.environment:        "" => "STST"
      tags.service:            "" => "CDC"

  ~ azurestack_virtual_network_gateway.vgw
      ip_configuration.0.name: "default" => "vnetGatewayConfig"


Plan: 0 to add, 2 to change, 0 to destroy.

Do you want to perform these actions?
  Terraform will perform the actions described above.
  Only 'yes' will be accepted to approve.

  Enter a value: yes

azurestack_resource_group.nwk: Modifying... (ID: /subscriptions/0df96577-ae86-4a08-a1af-...resourceGroups/flk-ast-nrw-nwk-rgp-001)
  tags.%:           "0" => "2"
  tags.environment: "" => "STST"
  tags.service:     "" => "CDC"
azurestack_resource_group.nwk: Modifications complete after 1s (ID: /subscriptions/0df96577-ae86-4a08-a1af-...resourceGroups/flk-ast-nrw-nwk-rgp-001)
azurestack_virtual_network_gateway.vgw: Modifying... (ID: /subscriptions/0df96577-ae86-4a08-a1af-...etworkGateways/flk-ast-nrw-nwk-vgw-001)
  ip_configuration.0.name: "default" => "vnetGatewayConfig"

Error: Error applying plan:

1 error(s) occurred:

* azurestack_virtual_network_gateway.vgw: 1 error(s) occurred:

* azurestack_virtual_network_gateway.vgw: unexpected EOF

It seems current provider would work only with AAD deployed AZS. I haven't found anywhere how to configure SPN with certificate for ADFS deployed AZS.

Description

It would be great if there was a way to ignore an unknown certification authority.
I've seen something similar in other providers configuration.
Often azure stack is installed with self signed certificates: it is difficult to import them.

│ Error: Error retrieving Environment from Endpoint "https://****************/": Get "https://****************/metadata/endpoints?api-version=1.0": x509: certificate signed by unknown authority
│
│   with provider["registry.terraform.io/hashicorp/azurestack"],
│   on provider.tf line 1, in provider "azurestack":
│    1: provider "azurestack" {
│

New or Affected Resource(s)

• azurestack_0.10.0

Potential Terraform Configuration

provider "azurestack" {
  version = "=0.10.0"

  arm_endpoint    = var.endpoint
  subscription_id = var.subscription_id
  client_id       = var.client_id
  client_secret   = var.client_secret
  tenant_id       = var.tenant_id
  allow_unverified_ssl = true
}

References

• #0000

Unable to assign azurestack load balancer with a public ip address, copied the supporting documentation

resource "azurestack_lb" "lb" {
  name                              = var.lb_name
  location                          = var.location
  resource_group_name               = var.rg_name

  frontend_ip_configuration {
    name                            = "frontendIP"
    public_ip_address_id            = "${azurestack_public_ip.pips.id}"
  }

Keep getting the following error

Error: Cycle: azurestack_public_ip.pips, azurestack_lb.lb

I have tried the following:
different terraform versions 0.12.2 + 0.12.20 + 0.13.5
different stack provider versions 0.8.1 + 0.9.0

I can provision a public ip address and the load balancer but as soon as I assign the public ip address to the load balancer
public_ip_address_id = "${azurestack_public_ip.pips.id}"

I get the above error

I can successfully provision a AzureStack LB using private ip address etc.

@thetonymaster @katbyte
Sorry for the ping, but is the Terraform Azurestack Provider at its final release?

There have been features such as Key Vault & Azure Monitor in Azure stack Hub, albeit only accessible from the Azure Stack Hub Portal which isn't ideal :

1. https://docs.microsoft.com/en-us/azure-stack/user/azure-stack-key-vault-intro?view=azs-2008
2. https://docs.microsoft.com/en-us/azure-stack/user/azure-stack-metrics-azure-data?view=azs-2008

However, the Terraform Azurestack Provider at the moment provided no way to access the key vault & azure monitor which is important, especially from a security point of view.

Another feature that I would like to request:
The ability to define source/destination port rangeS, as well as source/destination _address_prefixES
those are very important, otherwise we would have a lot of rules. Thank you.

Thank you.

Run Terraform 0.12.2 with Azure Stack configuration file.

Error reported from "Terraform init":

Provider "azurestack" v0.7.0 is not compatible with Terraform 0.12.2.

Provider version 0.6.0 is the latest compatible version. Select it with
the following constraint:

version = "~> 0.6"

Terraform checked all of the plugin versions matching the given constraint:
~> 0.6

Consult the documentation for this provider for more information on
compatibility between provider and Terraform versions.

Alternatively, upgrade to the latest version of Terraform for compatibility with newer provider releases.

So question is what is the Terraform version we need to use for Azure Stack provider 0.7?

I have read the docs but seem currently Azure-stack haven't provide support for App Service on Azure-stack yet. Is there any plan?

Hi all,

We tried to create Availability Sets with VMs having managed disks. Unfortunately we have an error, specifying that the Availability Sets must have the Sku "Aligned".
However, according to the Provider's source code, this option is not available (apparently commented).

Would it be possible to add this feature?

Error with Terraform:

Error: compute.VirtualMachinesClient#CreateOrUpdate: Failure sending request: StatusCode=0 -- Original Error: autorest/azure: Service returned an error. Status= Code="OperationNotAllowed" Message="Addition of a VM with managed disks to non-managed Availability Set or addition of a VM with blob based disks to managed Availability Set is not supported. Please create an Availability Set with 'Aligned' SKU in order to add a VM with managed disks to it." Target="vm-test-001"

Use custom-built images for booting up VMs and VMSS without publishing them as platform images.

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Terraform (and AzureStack Provider) Version

Terraform v0.13.3
Azurestack v1.0.0

Affected Resource(s)

• resource "azurestack_network_interface

Description

network_security_group_id argument is missing in Azurestack 1.0.0 with no documents.

Output

Error: Unsupported argument

  on modules/bastion/main.tf line 63, in resource "azurestack_network_interface" "bastion":
  63:   network_security_group_id = azurestack_network_security_group.bastion_ssh.id

An argument named "network_security_group_id" is not expected here.

Steps to Reproduce

1. terraform apply

Workflow Name: Issue Comment Created Triage
Branch: main
Run URL: https://github.com/hashicorp/terraform-provider-azurestack/actions/runs/3961489735

save-state deprecation warnings: 0
set-output deprecation warnings: 0
node12 deprecation warnings: 1

Please review these deprecation warnings as soon as possible and merge in the necessary updates.

GitHub will be removing support for these commands and plan to fully disable them on 31st May 2023. At this time, any workflow that still utilizes these commands will fail. See https://github.blog/changelog/2022-10-11-github-actions-deprecating-save-state-and-set-output-commands/.

GitHub have not finalized a date for deprecating node12 yet but have indicated that this will be summer 2023. So it is advised to switch to node16 asap. See https://github.blog/changelog/2022-09-22-github-actions-all-actions-will-begin-running-on-node16-instead-of-node12/.

If you need any help, please reach out to us in #team-rel-eng.

when creating either a windows vm or a linux vm, the user isnt being added.

even though the terraform apply works and the tasks complete im not seeing any errors.

I was comparing the options between azurerm and azure stack, and being involved with a support call today made me look deeper... I noticed azure stack nics have capabilities for enabling accelerated networking - but when I looked in terraform, I did not see the option.

Is this feature going to be implemented in the future? Is it already enabled?

The reference link is here

Thanks!