Gregory Suvalian
Reputation: 3832
How nested deployments are enforced
I have Azure ARM parent template which has nested deployment of Microsoft.Automation/automationAccounts which in turn has nested resource Configurations. I was able to successfully deploy entire template once, which in fact created configuration in automation Account. I manually deleted configuration inside automation account and tried running template again but this nested deployment is no longer triggered at all. There is no errors, just this nested deployment is not shown up at all in history. I would assume ARM thinks since it succeeded last time it does not need to deploy or something, not sure. What might be the problem?
Here is relevant parts of template. Neither ScaleSet no nested deployment WorkerNodeDSCConfiguration is triggered at all.
{
"type": "Microsoft.Compute/virtualMachineScaleSets",
"name": "[variables('namingInfix')]",
"location": "[resourceGroup().location]",
"apiVersion": "[variables('computeApiVersion')]",
"dependsOn": [
"[concat('Microsoft.Network/virtualNetworks/', variables('virtualNetworkName'))]",
"[concat('Microsoft.Network/applicationGateways/', variables('appGwName'))]",
"[concat('Microsoft.Network/loadBalancers/', variables('loadBalancerName'))]",
"WorkerNodeDscConfiguration"
],
"sku": {
"name": "[parameters('vmSku')]",
"tier": "Standard",
"capacity": "[parameters('instanceCount')]"
},
"properties": {
"overprovision": "false",
"singlePlacementGroup": "true",
"upgradePolicy": {
"mode": "Automatic"
},
"virtualMachineProfile": {
"licenseType": "[parameters('LicenseType')]",
"storageProfile": {
"osDisk": {
"caching": "ReadWrite",
"createOption": "FromImage"
},
"dataDisks": [],
"imageReference": "[variables('imageReference')]"
},
"osProfile": {
"computerNamePrefix": "[variables('namingInfix')]",
"adminUsername": "[parameters('adminUsername')]",
"adminPassword": "[parameters('adminPassword')]"
},
"networkProfile": {
"networkInterfaceConfigurations": [
{
"name": "[variables('nicName')]",
"properties": {
"primary": "true",
"ipConfigurations": [
{
"name": "[variables('ipConfigName')]",
"properties": {
"subnet": {
"id": "[concat('/subscriptions/', subscription().subscriptionId,'/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Network/virtualNetworks/', variables('virtualNetworkName'), '/subnets/', variables('subnetName'))]"
},
"loadBalancerBackendAddressPools": [
{
"id": "[concat('/subscriptions/', subscription().subscriptionId,'/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Network/loadBalancers/', variables('loadBalancerName'), '/backendAddressPools/', variables('bePoolName'))]"
}
],
"loadBalancerInboundNatPools": [
{
"id": "[concat('/subscriptions/', subscription().subscriptionId,'/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Network/loadBalancers/', variables('loadBalancerName'), '/inboundNatPools/', variables('natPoolName'))]"
}
],
"ApplicationGatewayBackendAddressPools": [
{
"id": "[concat('/subscriptions/', subscription().subscriptionId,'/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Network/applicationGateways/', variables('appGwName'), '/backendAddressPools/', variables('appGwBePoolName'))]"
}
]
}
}
]
}
}
]
},
"extensionProfile": {
"extensions": [
{
"name": "Microsoft.Powershell.DSC",
"properties": {
"autoUpgradeMinorVersion": true,
"typeHandlerVersion": "2.72",
"type": "DSC",
"publisher": "Microsoft.Powershell",
//"forceUpdateTag": "[parameters('DSCExtensionTagVersion')]",
"settings": {
"configurationArguments": {
"RegistrationKey": {
"UserName": "PLACEHOLDER_DONOTUSE",
"Password": "[parameters('registrationKey')]"
},
"RegistrationUrl": "[parameters('registrationUrl')]",
"NodeConfigurationName": "swarmHost",
"RebootNodeIfNeeded": true,
"ConfigurationMode": "ApplyAndAutoCorrect"
}
}
}
}
]
}
}
}
},
{
"name": "swarmmanagerdeployment",
"type": "Microsoft.Resources/deployments",
"apiVersion": "2016-09-01",
"dependsOn": [],
"properties": {
"mode": "Incremental",
"templateLink": {
"uri": "[concat(parameters('_artifactsLocation'), '/', variables('swarmmanagerdeploymentTemplateFolder'), '/', variables('swarmmanagerdeploymentTemplateFileName'), parameters('_artifactsLocationSasToken'))]",
"contentVersion": "1.0.0.0"
},
"parameters": {
"swarmmanager1Name": { "value": "[parameters('swarmmanager1Name')]" },
"swarmmanager1VmSize": { "value": "[variables('swarmmanager1VmSize')]" },
"adminUsername": { "value": "[parameters('adminUsername')]" },
"adminPassword": { "value": "[parameters('adminPassword')]" },
"dockerswarmstorageaccountName": { "value": "[variables('dockerswarmstorageaccountName')]" },
"dockerswarmstorageaccountType": { "value": "[parameters('dockerswarmstorageaccountType')]" },
"swarmmanager1NicName": { "value": "[variables('swarmmanager1NicName')]" },
"swarmmanagerpublicIPName": { "value": "[variables('swarmmanagerpublicIPName')]" },
"swarmmanager1SubnetRef": { "value": "[variables('swarmmanager1SubnetRef')]" },
"swarmmanager1ImagePublisher": { "value": "[variables('swarmmanager1ImagePublisher')]" },
"swarmmanager1ImageOffer": { "value": "[variables('swarmmanager1ImageOffer')]" },
"windowsOSVersion": { "value": "[parameters('windowsOSVersion')]" },
"swarmmanager1StorageAccountContainerName": { "value": "[variables('swarmmanager1StorageAccountContainerName')]" },
"swarmmanager1OSDiskName": { "value": "[variables('swarmmanager1OSDiskName')]" },
"swarmmanagerpublicIPDnsName": { "value": "[variables('swarmmanagerpublicIPName')]" },
"RegistrationKey": { "value": "[parameters('registrationKey')]" },
"RegistrationUrl": { "value": "[parameters('registrationUrl')]" },
"LicenseType": { "value": "[parameters('LicenseType')]" },
"_artifactsLocationSasToken": { "value": "[parameters('_artifactsLocationSasToken')]" },
"_artifactsLocation": { "value": "[parameters('_artifactsLocation')]" },
"privateKey": { "value": "[parameters('privateKey')]" },
"serverCert": { "value": "[parameters('serverCert')]" },
"CACert": { "value": "[parameters('CACert')]" }
}
}
},
{
"name": "WorkerNodeDscConfiguration",
"type": "Microsoft.Resources/deployments",
"apiVersion": "2017-05-10",
"resourceGroup": "[parameters('automationAccountRGName')]",
"dependsOn": [],
"properties": {
"mode": "Incremental",
"template": {
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.1",
"resources": [
{
"apiversion": "2015-10-31",
"location": "[resourceGroup().location]",
"name": "[parameters('automationAccountName')]",
"type": "Microsoft.Automation/automationAccounts",
"properties": {
"sku": {
"name": "Basic"
}
},
"tags": {
},
"resources": [
{
"name": "swarmhost",
"type": "configurations",
"apiVersion": "2018-01-15",
"location": "[resourceGroup().location]",
"dependsOn": [
"[concat('Microsoft.Automation/automationAccounts/', parameters('AutomationAccountName'))]"
],
"properties": {
"state": "Published",
"overwrite": "true",
"Source": {
"type": "uri",
"value": "[parameters('WorkerNodeDSCConfigURL')]"
}
}
},
{
"name": "[guid(resourceGroup().id, deployment().name)]",
"type": "Compilationjobs",
"apiVersion": "2015-10-31",
"tags": {},
"dependsOn": [
"[concat('Microsoft.Automation/automationAccounts/', parameters('AutomationAccountName'))]",
"[concat('Microsoft.Automation/automationAccounts/', parameters('AutomationAccountName'),'/Configurations/swarmhost')]"
],
"properties": {
"configuration": {
"SwarmManagerURI": "[reference('swarmmanagerdeployment').outputs.returnedIPAddress.value]"
}
}
}
]
}
]
}
}
}
Upvotes: 0
Views: 207
Answers (1)
4c74356b41
Reputation: 72171
its pretty hard to tell what is going on, but you can verify if something is going on by changing some vmss property, for example, to something else and running the template. it will revert it back to what it is in the template. It might be pretty tricky with the automation account stuff, because I would think it wouldnt trigger the compilation job, because the guid is the same and the resource is there already. you would need to provide a new guid each time (ARM cant help you with this, you need to do some randomization externally). Generally I prefer to use powershell to configure automation accounts compared to ARM.
You can also verify that the nested deployment is being triggered by looking at its timestamp, it should change (and it will). The resource is always deployed, but depending on your situation its properties might stay intact.
Upvotes: 1
Related Questions
- DeployIfNotExists policy at Subscription level
- Nested resources for nested resources
- Azure ARM template resourceId problem with nested deployments on subscription level
- Deploying Azure Resources Across Environments Using Azure DevOps
- How do we define azure policy rules for dependent resources?
- Azure ARM: Is a parent resource only complete after child resources complete?
- Test-AzureRmResourceGroupDeployment doesn't validate nested resource
- Azure ARM - Should Complete Deployment delete existing (child) Resources when omitted?
- Conditionally deploy a resource in resource manager
- Azure Resource Manager :: Nested Templates