I am attempting to deploy new resources and update to existing using my original ARM Templates that I deployed with a few months ago. Unfortunately, the deployment does not get to Azure, as I do not see a deployment entry in my resource group. The error that is presented is local before things start calling into Azure.
I am deploying using the Visual Studio 2017 Arm Template Deployment Context menu.
Here is the error that is output. I get this and a nearly identical one when running the validation command as well.
08:58:22 - VERBOSE: Performing the operation "Creating Deployment" on target "MigrationPlaybook_Prod".
08:58:23 - New-AzureRmResourceGroupDeployment : Multiple error occurred: Forbidden,Forbidden. Please see details.
08:58:23 - At C:\workspaces\Migration Playbook\MigrationPlaybookRegion\ProductionResourceGroup\bin\Debug\staging\ProductionResourc
08:58:23 - eGroup\Deploy-AzureResourceGroup.ps1:108 char:5
08:58:23 - + New-AzureRmResourceGroupDeployment -Name ((Get-ChildItem $Templat ...
08:58:23 - + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
08:58:23 - + CategoryInfo : CloseError: (:) [New-AzureRmResourceGroupDeployment], CloudException
08:58:23 - + FullyQualifiedErrorId : Microsoft.Azure.Commands.ResourceManager.Cmdlets.Implementation.NewAzureResourceGroupDep
08:58:23 - loymentCmdlet
08:58:23 -
08:58:24 -
08:58:24 - Template deployment returned the following errors:
08:58:24 - Multiple error occurred: Forbidden,Forbidden. Please see details.
Mitigations:
The template involves a KeyVault - I made sure that the ARM Template permission was Enabled
The project is several months old - I generated a new project to make sure that the PowerShell script, that is generated into the project at creation time, did not have any significant change
Account permissions - I have verified that my account permissions on the subscription has not changed in a way to prevent me from adding/modifying resources
While the mitigations address issues that arise when the ARM Template is being deployed the error, and its resulting records, suggest that there is an issue before it gets to Azure.
What could be the issue here and what can I do to remedy this?
I have seen the same error message when using a Key Vault to store username and password secrets but forgot to 'Enable for template deployment' on the Key Vault resource, and then referencing those secrets to pass credentials in the deployment of SQL server. Have you ensured that the Key Vault section in the ARM template has the option enabled where "enabledForTemplateDeployment": true?
Mine looks something like:
{
"type": "Microsoft.KeyVault/vaults",
"apiVersion": "2016-10-01",
"name": "[variables('keyVaultName')]",
"location": "[resourceGroup().location]",
"tags": "[parameters('baseParameters').tagValues]",
"scale": null,
"dependsOn": [],
"properties": {
"sku": {
"family": "A",
"name": "standard"
},
"tenantId": "[subscription().tenantId]",
"accessPolicies": [],
"enabledForDeployment": true,
"enabledForDiskEncryption": false,
"enabledForTemplateDeployment": true
}
},
When enabled, it will look like the following in the portal:
Just to check, I intentionally removed (disabled) the setting and the result looks similar to your error. Using the arguments -Verbose -Debug helped me to see the details.
I know that this isn't a real answer, but I don't have enough reputation yet to just comment. I've seen similar error messages in a subscription that had a limited number of cores and when I was trying to deploy more VMs. However I also am not convinced that this is your problem ...
what I wanted to ask was what happens when you try and deploy the ARM template from the Azure portal using the "Deploy a Custom Template"? This might give you some better hints as to what exactly is going wrong.
Related
I've tried everything I can think of to get this to work but in every attempt NO errors are returned (the logs say everything succeeded and one file was uploaded) but in artifactory, although the build info is published, nothing appears in the target repo.
I tried using powershell and the rest api to publish, but that just gave me (502 gateway error). Again, no matter what combination of values I used, always this useless error.
I have been forced to revert to using the 'legacy patterns' because this is the only thing that works AT ALL.
The pattern I am using is:
%ProjectPublishDir%\**\*.* => path/to/my/APP/%Major-Version%.%Minor-Version%/%ArtifactNamePrefix%/%ArtifactFileName%
Where all these values are parameters defined in TeamCity. This works like a charm.
However, if I add this at the end of my powershell to create the artifact:
#Write-Host "##teamcity[publishArtifacts '%ProjectPublishDir%\**\*.* => %ArtifactsDir%\%ArtifactFileName%']"
Then I replace legacy patterns with file specs for my powershell step, then I use this file spec:
{
"files": [
{
"pattern": "%ArtifactsDir%\%ArtifactFileName%",
"target": "my_repo_name/path/to/my/APP/%Major-Version%.%Minor-Version%/%ArtifactNamePrefix%/",
"props": "type=zip;status=ready"
}
]
}
The log says the artifact was generated (which I verified on the build agent is true) and that it was sent to Artifactory successfully, but when I check in artifactory, the build info is there but the artifact is missing.
Every example everywhere I can find is too simple and from the basic examples out there, what I have above should work. So what are the docs missing that I am not doing/doing incorrectly?
I was trying the free trial version of recaptcha solver by apify for the following page https://www.google.com/recaptcha/api2/demo
Input :
{
"key": "apify_api_KKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKK",
"webUrl": "https://www.google.com/recaptcha/api2/demo",
"siteKey": "6Le-wvkSAAAAAPBMRTvw0Q4Muexq9bi0DJwx_mJ-"
}
I tried running the same with the above inputs, but I get the error
2022-08-14T10:13:34.970Z ACTOR: Pulling Docker image from repository.
2022-08-14T10:13:35.109Z ACTOR: Creating Docker container.
2022-08-14T10:13:35.168Z ACTOR: Starting Docker container.
2022-08-14T10:13:36.323Z
2022-08-14T10:13:36.327Z WARNING: The npm start script not found in package.json. Using "node main.js" instead. Please update your package.json file. For more information see https://github.com/apifytech/apify-cli/blob/master/MIGRATIONS.md
2022-08-14T10:13:36.330Z
2022-08-14T10:13:38.579Z Solving re-captcha with Anticaptcha: https://www.google.com/recaptcha/api2/demo
2022-08-14T10:13:38.780Z User function threw an exception:
2022-08-14T10:13:38.782Z Account authorization key not found in the system
You need to have an anti-captcha subscription to be able to use it. https://apify.com/petr_cermak/anti-captcha-recaptcha
"key": ANTI_CAPTCHA_KEY
You trying to use Apify API key to authorize access to anti-captcha.com service, it fails with error Account authorization key not found in the system
I have set up kong in dbless mode on RHEL by following the below documentation
https://docs.konghq.com/gateway/latest/install-and-run/rhel/
Kong gateway is successfully started. Below are the configurations I added in kong.conf file where database is turned to off and path to declarative kong.yaml is specified
declarative_config = /temp/kong/kong.yml
database = off
Also, below is current .yaml file where I created a service using below link
https://docs.konghq.com/gateway/2.8.x/get-started/comprehensive/expose-services/
_format_version: "1.1"
services:
- host: mockbin.org
name: example_service
port: 80
protocol: http
routes:
- name: mocking
paths:
- /mock
strip_path: true
I have also installed deck to sync this the declarative configuration.
However, when I use the deck sync command to add this service to kong, I get below error
creating service example_service
Summary:
Created: 0
Updated: 0
Deleted: 0
Error: 1 errors occurred:
while processing event: {Create} service example_service failed: HTTP status 405 (message: "cannot create or update 'services' entities when not using a database")
Kindly need ideas on what could be wrong as I believe we can create a service in dbless mode, and I also think that this is the declarative format which should work. Looking forward to hear. Thanks
Kindly need ideas on what could be wrong as I believe we can create a service in dbless mode, and I also think that this is the declarative format which should work. Looking forward to hear. Thanks
You are correct that we can create a service in dbless mode, however the approach will be different.
If you already have the new config file in yaml format. you can load it to Kong using /config endpoint
I also think that decK should be process-agnostic and can be used with both db and dbless mode, But as it stands, loading yaml config file with /config endpoint looks like the best option.
I am trying to deploy Firebase functions project, on two different target projects on Firebase. One is in region "us-cenral" and the other one is "europe-west".
I'm using only functions and RTDB from Firebase, I don't have a need for "hosting".
At the start, I was having only one Firebase project region:"us-central" and I was able to deploy functions without problem. I have created another project recently in region:"europe-west" on the same billing account. And also in the local project I have added that another project using command:
firebase use --add project2
Since I didn't deploy functions for a couple of months and there was no need to check if deployment is still working on "project1" I have not checked if this functionally is working.
After adding "project2" I have issued command to deploy for the first time on another region.
When using command: "firebase deploy --only functions"
command ended with the following error:
There was an issue deploying your functions. Verify that your project has a Google App Engine instance setup at https://console.cloud.google.com/appengine and try again. If this issue persists, please contact support.
! functions: Upload Error: HTTP Error: 403, Permission denied on 'locations/null' (or it may not exist).
Error: HTTP Error: 403, Permission denied on 'locations/null' (or it may not exist).
[2022-05-11T19:32:17.580Z] Error Context: {
"body": {
"error": {
"code": 403,
"message": "Permission denied on 'locations/null' (or it may not exist).",
"status": "PERMISSION_DENIED"
}
},
"response": {
"statusCode": 403
}
}
Switching back to project1 and trying to deploy the same thing, I got the same error.
So now I'm stuck. Does anyone have experience with this problem and how to overcome it.
Google support suggest to create "App Engine application", I cannot see how this can help as I didn't had that thing in the 1st place and everything was working. Now with the second project I have this error that suggest permissions problem. Since I have OWNER account on both of these projects what could be wrong?
What I have done so far:
installed the latest firebase tools (same problem)
defined default region on both projects (as stated above)
checked that I'm logged with the OWNER account (also switched between different owner account but the same issue)
checked permissions and din't find anything useful
default service accounts exist on both projects with rights
visited suggested link: https://console.cloud.google.com/appengine
on both projects (and still have the same error although not sure if I need to deploy?!? - I don't have anything there to deploy or do I?)
Config package.json:
{
"name": "functions",
"description": "Cloud Functions for Firebase",
"engines": {
"node": "10"
},
"dependencies": {
"canvas": "^2.6.1",
"firebase-admin": "^10.2.0",
"firebase-functions": "^3.21.0",
"jsbarcode": "^3.11.0",
"qrcode": "^1.4.4"
},
"devDependencies": {
"eslint": "^5.16.0",
"eslint-plugin-promise": "^4.0.1",
"firebase-functions-test": "^0.2.0"
},
"private": true
}
Configuration didn't changed from the 1st deploy to project1 when everything was working fine.
At the end I found out the reason for my problem, and posting just to help the others if they end up with the same error.
The problem was not deployment script "per se" but the function that was connected to fetch data from RTDB on the project. Method "region" was supposed to get configured "region(fnRegion)" value, but that variable value was "null" and resulted with the error posted above during deployment.
function selectDatabaseReference(path = '/') {
return functions
.region(fnRegion) // Sets function region
.database
.ref(path); // Sets database reference path
}
It would be nice if I could get more descriptive error to the real cause of the error (I'm not truly sure, what would be the content of that error message though).
Anyway it's good I was not able to deploy functions because of this.
The last phase of the installer fails with this message:
Installation Incomplete
The installer was interrupted before [project] could be installed. You need to restart the installer to try again.
Running msiexec /i installer.msi /l*vx setup.log shows the following entries in the setup log:
INFO : [...] [ApplyWebFolderProperties]: Getting web folder property token...
INFO : [...] [ApplyWebFolderProperties]: Token is '/LM/W3SVC/1/ROOT/ProjectDir/DynamicData/Filters'.
INFO : [...] [ApplyWebFolderProperties]: Getting METADATA_HANDLE for the directory '/LM/W3SVC/1/ROOT/ProjectDir/DynamicData/Filters'.
ERROR : [...] [ApplyWebFolderProperties]: FAILED: -2147024893
ERROR : [...] [ApplyWebFolderProperties]: FAILED: -2147024893
ERROR : [...] [ApplyWebFolderProperties]: Custom Action failed with code: '3'
ERROR : [...] [ApplyWebFolderProperties]: Custom Action failed with code: '3'
INFO : [...] [ApplyWebFolderProperties]: Custom Action completed with return code: '3'
The same web application had no problems being installed with a web setup project before. The issue started after upgrading the web application from .NET 3.5 SP1 to .NET 4.0.
This blog entry points out the issue:
Which got me started thinking, I have
a subfolder named filters. Changing
nothing else but renaming the filters
subfolder made it finish properly. I'm
assuming you might have the same
problems with folders named apppools,
info, or 1 as well.
(Emphasis mine)
Unfortunately, Filters is a hard-coded folder name in Dynamic Data. If you look at FilterFactory, there doesn't appear to be any way to override that value, seeing as how the FilterFactory property of MetaModel is not marked virtual. If we can't change the folder name, then we have to look at fixing the installer...
The installer error is being raised by the ApplyWebFolderProperties custom action. That action isn't built-in to Windows Installer—it's added by the Web Setup Project. That's helpful, because it means we can remove it with WiRunSQL.vbs:
cscript WiRunSQL.vbs installer.msi "DELETE FROM CustomAction WHERE Action='WEBCA_ApplyWebFolderProperties'"
Note that the actual name of ApplyWebFolderProperties is WEBCA_ApplyWebFolderProperties. Seeing as how the action doesn't appear to be documented anywhere, caveat emptor. It doesn't appear to be too terribly important though.
To automate the workaround, you could add the command to the setup project's PostBuildEvent like so:
cscript.exe "$(ProjectDir)..\WiRunSQL.vbs" "$(BuiltOuputPath)" "DELETE FROM CustomAction WHERE Action='WEBCA_ApplyWebFolderProperties'"
If anyone knows a better way to install a folder named Filters, I'd love to hear it.