由于与准备网络意图策略相关的错误,托管实例部署失败

Posted

技术标签:

【中文标题】由于与准备网络意图策略相关的错误,托管实例部署失败【英文标题】:Managed Instance deployment failed due to error related to preparation of network intent policy 【发布时间】:2021-12-29 20:48:00 【问题描述】:

按照 Pulumi doc Create managed instance with all properties 并尝试使用以下代码创建托管实例:

//
// spokeManagedInstanceSubnet -> delegated to "Microsoft.Sql/managedInstances"
// spokeManagedInstanceSubnet -> does not have any other resource (i.e. VM)
// 
var spokeManagedInstanceSubnet = new Subnet($"SpokeVirtualNetwork.ManagedInstanceSubnet", new AzureNative.Network.SubnetArgs 
    // ... ... ...
, new CustomResourceOptions  DependsOn =  spokeVnet  );


//
// Create Managed Instance
//
var mainManagedInstanceArgs = config.RequireObject<JsonElement>(MainManagedInstanceArgs);

var mainMiName = mainManagedInstanceArgs.GetName();
var mainMiSku = mainManagedInstanceArgs.GetSku();
var mainMiTier = mainManagedInstanceArgs.GetTier();
var mainMiVCores = mainManagedInstanceArgs.GetInt(VCores);
var mainMiStorageSizeInGB = mainManagedInstanceArgs.GetInt(StorageSizeInGB);
var mainMiStorageAccountType = mainManagedInstanceArgs.GetString(StackConfigKeys.StorageAccountType);
var mainMiAdminId = mainManagedInstanceArgs.GetString(AdministratorLoginId);
var mainMiAdminPassword = mainManagedInstanceArgs.GetString(AdministratorLoginPassword);
var mainMiLicenseType = mainManagedInstanceArgs.GetString(StackConfigKeys.LicenseType);
var mainMiCollation = mainManagedInstanceArgs.GetString(Collation);
var mainMiTimezoneId = mainManagedInstanceArgs.GetString(TimezoneId);
var mainMiMinimalTlsVersion = mainManagedInstanceArgs.GetString(MinimalTlsVersion);
var mainMiPublicDataEndpointEnabled = mainManagedInstanceArgs.GetBool(PublicDataEndpointEnabled);
var mainMiTags = mainManagedInstanceArgs.GetTags();

var mainManagedInstance = new ManagedInstance(MainManagedInstance, new ManagedInstanceArgs 
    ResourceGroupName = mainResourceGroup.Name,
    SubnetId = spokeManagedInstanceSubnet.Id,
    ManagedInstanceName = mainMiName,
    Sku = new AzureNative.Sql.Inputs.SkuArgs 
        Name = mainMiSku,
        Tier = mainMiTier,
    ,
    VCores = mainMiVCores,
    StorageSizeInGB = mainMiStorageSizeInGB,
    StorageAccountType = mainMiStorageAccountType,
    ManagedInstanceCreateMode = ManagedServerCreateMode.Default,
    AdministratorLogin = mainMiAdminId,
    AdministratorLoginPassword = mainMiAdminPassword,
    LicenseType = mainMiLicenseType,
    ProxyOverride = ManagedInstanceProxyOverride.Default,
    Collation = mainMiCollation,
    TimezoneId = mainMiTimezoneId,
    MinimalTlsVersion = mainMiMinimalTlsVersion,
    PublicDataEndpointEnabled = mainMiPublicDataEndpointEnabled,
    Tags = mainMiTags
, new CustomResourceOptions  DependsOn =  spokeManagedInstanceSubnet  );

出现以下错误:

Pulumi 错误:error: update failed. Code="Failed" Message="The async operation failed." Azure 门户中显示的错误:managed Instance create operation failed 虚拟网络活动日志:Managed Instance deployment failed due to conflict with the following error related to preparation of network intent policy: Network security group is required for subnet

有一个相关的问题here但没有解决我的问题。

如何在委派子网中创建托管实例?

据微软doc

为满足客户的安全性和可管理性要求,SQL 托管实例正在从手动配置过渡到服务辅助子网配置。

所以,用户只需要委派子网(我做了),然后 Azure (ARM) 应该负责其余的工作(NSG、路由表等)

2021.11.21 更新

我将 NSG 和路由表添加到 ManagedInstanceSubnet 并获得以下信息(在 Azure 门户中):

第 1/3 步请求验证:已完成 步骤 2/3 虚拟集群调整大小/创建:已完成 第 3/3 步 SQL 实例清理:失败

【问题讨论】:

【参考方案1】:

我能够通过执行以下操作创建 Azure SQL 托管实例(对于“操作超时”问题,请参阅下面的更新以解决):

    将“SQL Managed Instance Contributor”角色分配给 Pulumi 使用的服务主体 创建 NSG 并添加 NSG 规则(忽略属性 NetworkSecurityGroupArgs.SecurityRules) 板条箱路由表(忽略属性RouteTableArgs.Routes) 托管实例子网: 子网被委派给"Microsoft.Sql/managedInstances" NSG 已附加到子网 路由表附加到子网

2021.12.03 更新 - “操作超时错误”的解决方案

var operationTimeoutLimit = TimeSpan.FromHours(24);

var fpManagedInstance = new ManagedInstance(
    name: "FailoverPartnerManagedInstance",
    args: new ManagedInstanceArgs 
        // props
    ,
    options: new CustomResourceOptions 
        CustomTimeouts = new CustomTimeouts 
            Create = operationTimeoutLimit,
            Update = operationTimeoutLimit,
            Delete = operationTimeoutLimit,
        
    
);

超时相关问答:Pulumi stack update failed due to operation timed out error

【讨论】:

以上是关于由于与准备网络意图策略相关的错误,托管实例部署失败的主要内容,如果未能解决你的问题,请参考以下文章

由于 AWS 市场相关错误,Terraform Apply 在尝试使用 CoreOS AMI ID 创建 AWS 实例时失败

管道错误40建立与SQL Server的连接时发生与网络相关或特定于实例的错误

sql server 2008 在与 SQL Server 提示建立连接时出现与网络相关的或特定于实例的错误

在与 SQL Server 建立连接时出现与网络相关的或特定于实例的错误。未找到或无法訪问server。请验证实例名称是否正确而且 SQL Server 已配置为同意远程连接。

“未能从策略 Default Domain Policy 中删除应用程序 Microsoft Office Professional Plus 2010”错误解决

无法连接到服务器 - 与网络相关或特定于实例的错误