由于与准备网络意图策略相关的错误,托管实例部署失败
Managed Instance deployment failed due to error related to preparation of network intent policy
关注 Pulumi 文档 Create managed instance with all properties 并尝试使用以下代码创建托管实例:
//
// spokeManagedInstanceSubnet -> delegated to "Microsoft.Sql/managedInstances"
// spokeManagedInstanceSubnet -> does not have any other resource (i.e. VM)
//
var spokeManagedInstanceSubnet = new Subnet($"{SpokeVirtualNetwork}.{ManagedInstanceSubnet}", new AzureNative.Network.SubnetArgs {
// ... ... ...
}, new CustomResourceOptions { DependsOn = { spokeVnet } });
//
// Create Managed Instance
//
var mainManagedInstanceArgs = config.RequireObject<JsonElement>(MainManagedInstanceArgs);
var mainMiName = mainManagedInstanceArgs.GetName();
var mainMiSku = mainManagedInstanceArgs.GetSku();
var mainMiTier = mainManagedInstanceArgs.GetTier();
var mainMiVCores = mainManagedInstanceArgs.GetInt(VCores);
var mainMiStorageSizeInGB = mainManagedInstanceArgs.GetInt(StorageSizeInGB);
var mainMiStorageAccountType = mainManagedInstanceArgs.GetString(StackConfigKeys.StorageAccountType);
var mainMiAdminId = mainManagedInstanceArgs.GetString(AdministratorLoginId);
var mainMiAdminPassword = mainManagedInstanceArgs.GetString(AdministratorLoginPassword);
var mainMiLicenseType = mainManagedInstanceArgs.GetString(StackConfigKeys.LicenseType);
var mainMiCollation = mainManagedInstanceArgs.GetString(Collation);
var mainMiTimezoneId = mainManagedInstanceArgs.GetString(TimezoneId);
var mainMiMinimalTlsVersion = mainManagedInstanceArgs.GetString(MinimalTlsVersion);
var mainMiPublicDataEndpointEnabled = mainManagedInstanceArgs.GetBool(PublicDataEndpointEnabled);
var mainMiTags = mainManagedInstanceArgs.GetTags();
var mainManagedInstance = new ManagedInstance(MainManagedInstance, new ManagedInstanceArgs {
ResourceGroupName = mainResourceGroup.Name,
SubnetId = spokeManagedInstanceSubnet.Id,
ManagedInstanceName = mainMiName,
Sku = new AzureNative.Sql.Inputs.SkuArgs {
Name = mainMiSku,
Tier = mainMiTier,
},
VCores = mainMiVCores,
StorageSizeInGB = mainMiStorageSizeInGB,
StorageAccountType = mainMiStorageAccountType,
ManagedInstanceCreateMode = ManagedServerCreateMode.Default,
AdministratorLogin = mainMiAdminId,
AdministratorLoginPassword = mainMiAdminPassword,
LicenseType = mainMiLicenseType,
ProxyOverride = ManagedInstanceProxyOverride.Default,
Collation = mainMiCollation,
TimezoneId = mainMiTimezoneId,
MinimalTlsVersion = mainMiMinimalTlsVersion,
PublicDataEndpointEnabled = mainMiPublicDataEndpointEnabled,
Tags = mainMiTags
}, new CustomResourceOptions { DependsOn = { spokeManagedInstanceSubnet } });
出现以下错误:
Pulumi Error: error: update failed. Code="Failed" Message="The async operation failed."
Error shown in Azure portal: managed Instance create operation failed
Virtual network activity log: Managed Instance deployment failed due to conflict with the following error related to preparation of network intent policy: Network security group is required for subnet
有相关问题here但没有解决我的问题
如何在委托子网中创建托管实例?
根据微软 doc
To address customer security and manageability requirements, SQL Managed Instance is transitioning from manual to service-aided subnet configuration.
因此,用户只需要委托子网(我这样做了),然后 Azure (ARM) 应该负责其余部分(NSG、路由 table 等)
更新 2021.11.21
我将 NSG 和路由 table 添加到 ManagedInstanceSubnet 并获得以下内容(在 Azure 门户中):
Step 1/3 Request validation: Completed
Step 2/3 Virtual Cluster resize/creation: Completed
Step 3/3 SQL Instance Cleanup: Failed
我能够通过执行以下操作创建 Azure SQL 托管实例(对于“操作超时”问题,请参阅下面的更新以解决):
- 已将“
SQL Managed Instance Contributor”角色分配给 Pulumi 使用的服务主体
- 创建了 NSG 并添加了 NSG 规则(忽略 属性
NetworkSecurityGroupArgs.SecurityRules)
- 板条箱路线Table(忽略属性
RouteTableArgs.Routes)
- 托管实例子网:
- 子网委托给
"Microsoft.Sql/managedInstances"
- NSG 附加到子网
- 路由 Table 连接到子网
更新 2021.12.03 - 解决“操作超时错误”
var operationTimeoutLimit = TimeSpan.FromHours(24);
var fpManagedInstance = new ManagedInstance(
name: "FailoverPartnerManagedInstance",
args: new ManagedInstanceArgs {
// props
},
options: new CustomResourceOptions {
CustomTimeouts = new CustomTimeouts {
Create = operationTimeoutLimit,
Update = operationTimeoutLimit,
Delete = operationTimeoutLimit,
}
}
);
超时相关问答:
关注 Pulumi 文档 Create managed instance with all properties 并尝试使用以下代码创建托管实例:
//
// spokeManagedInstanceSubnet -> delegated to "Microsoft.Sql/managedInstances"
// spokeManagedInstanceSubnet -> does not have any other resource (i.e. VM)
//
var spokeManagedInstanceSubnet = new Subnet($"{SpokeVirtualNetwork}.{ManagedInstanceSubnet}", new AzureNative.Network.SubnetArgs {
// ... ... ...
}, new CustomResourceOptions { DependsOn = { spokeVnet } });
//
// Create Managed Instance
//
var mainManagedInstanceArgs = config.RequireObject<JsonElement>(MainManagedInstanceArgs);
var mainMiName = mainManagedInstanceArgs.GetName();
var mainMiSku = mainManagedInstanceArgs.GetSku();
var mainMiTier = mainManagedInstanceArgs.GetTier();
var mainMiVCores = mainManagedInstanceArgs.GetInt(VCores);
var mainMiStorageSizeInGB = mainManagedInstanceArgs.GetInt(StorageSizeInGB);
var mainMiStorageAccountType = mainManagedInstanceArgs.GetString(StackConfigKeys.StorageAccountType);
var mainMiAdminId = mainManagedInstanceArgs.GetString(AdministratorLoginId);
var mainMiAdminPassword = mainManagedInstanceArgs.GetString(AdministratorLoginPassword);
var mainMiLicenseType = mainManagedInstanceArgs.GetString(StackConfigKeys.LicenseType);
var mainMiCollation = mainManagedInstanceArgs.GetString(Collation);
var mainMiTimezoneId = mainManagedInstanceArgs.GetString(TimezoneId);
var mainMiMinimalTlsVersion = mainManagedInstanceArgs.GetString(MinimalTlsVersion);
var mainMiPublicDataEndpointEnabled = mainManagedInstanceArgs.GetBool(PublicDataEndpointEnabled);
var mainMiTags = mainManagedInstanceArgs.GetTags();
var mainManagedInstance = new ManagedInstance(MainManagedInstance, new ManagedInstanceArgs {
ResourceGroupName = mainResourceGroup.Name,
SubnetId = spokeManagedInstanceSubnet.Id,
ManagedInstanceName = mainMiName,
Sku = new AzureNative.Sql.Inputs.SkuArgs {
Name = mainMiSku,
Tier = mainMiTier,
},
VCores = mainMiVCores,
StorageSizeInGB = mainMiStorageSizeInGB,
StorageAccountType = mainMiStorageAccountType,
ManagedInstanceCreateMode = ManagedServerCreateMode.Default,
AdministratorLogin = mainMiAdminId,
AdministratorLoginPassword = mainMiAdminPassword,
LicenseType = mainMiLicenseType,
ProxyOverride = ManagedInstanceProxyOverride.Default,
Collation = mainMiCollation,
TimezoneId = mainMiTimezoneId,
MinimalTlsVersion = mainMiMinimalTlsVersion,
PublicDataEndpointEnabled = mainMiPublicDataEndpointEnabled,
Tags = mainMiTags
}, new CustomResourceOptions { DependsOn = { spokeManagedInstanceSubnet } });
出现以下错误:
Pulumi Error:
error: update failed. Code="Failed" Message="The async operation failed."
Error shown in Azure portal:managed Instance create operation failed
Virtual network activity log:Managed Instance deployment failed due to conflict with the following error related to preparation of network intent policy: Network security group is required for subnet
有相关问题here但没有解决我的问题
如何在委托子网中创建托管实例?
根据微软 doc
To address customer security and manageability requirements, SQL Managed Instance is transitioning from manual to service-aided subnet configuration.
因此,用户只需要委托子网(我这样做了),然后 Azure (ARM) 应该负责其余部分(NSG、路由 table 等)
更新 2021.11.21
我将 NSG 和路由 table 添加到 ManagedInstanceSubnet 并获得以下内容(在 Azure 门户中):
Step 1/3 Request validation: Completed
Step 2/3 Virtual Cluster resize/creation: Completed
Step 3/3 SQL Instance Cleanup: Failed
我能够通过执行以下操作创建 Azure SQL 托管实例(对于“操作超时”问题,请参阅下面的更新以解决):
- 已将“
SQL Managed Instance Contributor”角色分配给 Pulumi 使用的服务主体 - 创建了 NSG 并添加了 NSG 规则(忽略 属性
NetworkSecurityGroupArgs.SecurityRules) - 板条箱路线Table(忽略属性
RouteTableArgs.Routes) - 托管实例子网:
- 子网委托给
"Microsoft.Sql/managedInstances" - NSG 附加到子网
- 路由 Table 连接到子网
- 子网委托给
更新 2021.12.03 - 解决“操作超时错误”
var operationTimeoutLimit = TimeSpan.FromHours(24);
var fpManagedInstance = new ManagedInstance(
name: "FailoverPartnerManagedInstance",
args: new ManagedInstanceArgs {
// props
},
options: new CustomResourceOptions {
CustomTimeouts = new CustomTimeouts {
Create = operationTimeoutLimit,
Update = operationTimeoutLimit,
Delete = operationTimeoutLimit,
}
}
);
超时相关问答: