0

I've deployed a virtual machine scale set (VMSS) to Azure as part of a Service Fabric cluster. When I try to redeploy the template, slightly enhanced to update the VMSS with an additional secret, I get the following error. I've verified that the parameters I'm using are all correct.

"type": "Microsoft.Compute/virtualMachineScaleSets",
// ...
"osProfile": {
  // ...
  "secrets": [
    {
      "sourceVault": {
        "id": "[parameters('sourceVaultValue')]"
      },
      "vaultCertificates": [
        {
          "certificateStore": "[parameters('certificateStoreValue')]",
          "certificateUrl": "[parameters('certificateUrlValue')]"
        },
        { // ******* ADDED *******
          "certificateStore": "[parameters('certificateStoreValue')]",
          "certificateUrl": "[parameters('sslCertificateUrlValue')]"
        } // ******* ADDED *******
      ]
    }
  ]
}, // ...

New-AzureRmResourceGroupDeployment : 5:46:20 PM - Resource Microsoft.Compute/virtualMachineScaleSets 'Primary' failed with message
'VHD Containers currently being used by any Virtual Machine Scale Set VM instances may not be removed. To remove a VHD Container, all
Virtual Machine Scale Set VM instances using it must first be deleted.'
At D:\myapp\deploy\deploy.ps1:104 char:5
+     New-AzureRmResourceGroupDeployment -ResourceGroupName $resourceGr ...
+     ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (:) [New-AzureRmResourceGroupDeployment], Exception
    + FullyQualifiedErrorId : Microsoft.Azure.Commands.Resources.NewAzureResourceGroupDeploymentCommand
Lars Kemmann
  • 5,509
  • 3
  • 35
  • 67
  • Does your ARM template contain more than just the ScaleSet ? Based on your error message it seems like it wants to delete a VHD container. I haven't had this issue myself. – anderso May 30 '16 at 08:04
  • It's a mostly default Service Fabric template (based on what the Azure marketplace GA template is). I've made minor adjustments to use an existing public IP, that's about it. – Lars Kemmann May 30 '16 at 14:31
  • 1
    I would suggest that you go and look at your actual deployed template, and see if there are mismatches with your local one. You can find your deployed resources at https://resources.azure.com and then just navigating the tree. – anderso May 30 '16 at 22:07
  • Thank you, I will try that. That's a fantastic tool! – Lars Kemmann May 31 '16 at 17:42

1 Answers1

0

I've managed to work around this using PowerShell instead, based on this answer. But I would still really like to find a way to have the ARM template deployment add new certificates or other secrets to an existing VMSS deployment.

UPDATE: Turns out that when I had copied down the ARM template I had modified the storage account parameters, but Service Fabric was already configured to use the prior autogenerated names.

Community
  • 1
  • 1
Lars Kemmann
  • 5,509
  • 3
  • 35
  • 67