New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Request for help] Removing load balancer nat rule from vmss #4698

Closed
ig-sinicyn opened this Issue Oct 2, 2017 · 11 comments

Comments

Projects
None yet
@ig-sinicyn

ig-sinicyn commented Oct 2, 2017

Cmdlet(s)

Set-AzureRmNetworkInterface

PowerShell Version

5.1.15063.608

Module Version

4.1.0 AzureRM.Network

OS Version

10.0.15063.608

Description

I'm trying to remove a NAT rule from a load balancer associated with VMSS.
the simple

    Remove-AzureRmLoadBalancerInboundNatPoolConfig -LoadBalancer $lb -Name 'webAppNatRule'
    Set-AzureRmLoadBalancer -LoadBalancer $lb

fails with

Set-AzureRmLoadBalancer : Cannot remove inbound nat pool webAppNatRule from load balancer since it is in use by virtual machine scale set ... vmssName.
StatusCode: 400
ReasonPhrase: Bad Request

the attempt to remove rule from NIC and update it fails with

Set-AzureRmNetworkInterface : Resource : {0}, not found
строка:17 знак:5
+     Set-AzureRmNetworkInterface -NetworkInterface $t
+     ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : CloseError: (:) [Set-AzureRmNetworkInterface], ArgumentException
    + FullyQualifiedErrorId : Microsoft.Azure.Commands.Network.SetAzureNetworkInterfaceCommand

full script:

$ErrorActionPreference = "Stop"
Set-StrictMode -Version Latest

function RemoveNAT {
    Param(
        [string]$resGroup,
        [string]$lbName,
        [string]$natRuleName,
        [string]$vmssName
    )

    $t = Get-AzureRmNetworkInterface -VirtualMachineScaleSetName $vmssName -ResourceGroupName $resGroup
    foreach ($c in $t.IpConfigurations[0].LoadBalancerInboundNatRules) { 
        if ($c.Id.Contains($natRuleName)) {
            echo "!!! Remove ($c.Id)"
            $t.IpConfigurations[0].LoadBalancerInboundNatRules.Remove($c)
            break
        }
    }
    Set-AzureRmNetworkInterface -NetworkInterface $t
    $t = Get-AzureRmNetworkInterface -VirtualMachineScaleSetName $vmssName -ResourceGroupName $resGroup
    echo "-------------"
    echo $t.IpConfigurations[0].LoadBalancerInboundNatRules
    echo "-------------"

    $lb = Get-AzureRmLoadBalancer -Name $lbName -ResourceGroupName $resGroup
    Remove-AzureRmLoadBalancerInboundNatPoolConfig -LoadBalancer $lb -Name $natRuleName
    Set-AzureRmLoadBalancer -LoadBalancer $lb
}
RemoveNAT 'someResGroup' 'someLoadBalancer' 'webAppNatRule' 'vmssName'

so is there any working way to remove inbound nat pool?

@cormacpayne

This comment has been minimized.

Member

cormacpayne commented Oct 2, 2017

@DeepakRajendranMsft Hey Deepak, would you mind taking a look at this issue?

@jakubkrzysztofsikora

This comment has been minimized.

jakubkrzysztofsikora commented Nov 3, 2017

Any update on this one? I'm having very similar problem. @cormacpayne @DeepakRajendranMsft

@rwwilden

This comment has been minimized.

rwwilden commented Feb 9, 2018

You could use Azure Resource Explorer to temporarily disconnect the VMSS and the NAT pool(s). Since they are no longer in use by the VMSS, you can now apply your changes. I wrote a blog post explaining this approach.

@wacsintegra

This comment has been minimized.

wacsintegra commented Sep 19, 2018

how is this stilllllll not fixed? Another fix is to move to aws where they actually fix thier bugs and help build out functionality that is important to todays businesses...

@praries880

This comment has been minimized.

Contributor

praries880 commented Sep 19, 2018

@MikhailTryakhov can you take a look at this issue?

@EvgenyAgafonchikov

This comment has been minimized.

Contributor

EvgenyAgafonchikov commented Sep 20, 2018

@ig-sinicyn, @needcash, @zacharyhumphrey, @rwwilden,

You could perform similar actions as in the blog post mentioned using Azure PowerShell:

$vmss = Get-AzureRmVmss -ResourceGroupName MYRESOURCEGROUPSCALESET -VMScaleSetName myScaleSet

There should be items like this:

        LoadBalancerInboundNatPools[0]      :
          Id                                : /subscriptions/<subId>/resourceGroups/myResourceGroupScaleSet/providers/Microsoft.Network/loadBalancers/myLoadBalancer/inboundNatPools/myScaleSet3389
        LoadBalancerInboundNatPools[1]      :
          Id                                : /subscriptions/<subId>/resourceGroups/myResourceGroupScaleSet/providers/Microsoft.Network/loadBalancers/myLoadBalancer/inboundNatPools/myScaleSet5985

Next you need to remove InboundNatPools-related references. @hyonholee, please confirm there is no other way to remove this refs from VMSS, e.g. cmdlet.

$vmss.VirtualMachineProfile.NetworkProfile.NetworkInterfaceConfigurations[0].IpConfigurations[0].LoadBalancerInboundNatPools.RemoveAt(1)
$vmss.VirtualMachineProfile.NetworkProfile.NetworkInterfaceConfigurations[0].IpConfigurations[0].LoadBalancerInboundNatPools.RemoveAt(0)
Update-AzureRmVmss -ResourceGroupName $vmss.ResourceGroupName -VMScaleSetName $vmss.Name -VirtualMachineScaleSet $vmss

Note:
After all the InboundNatPools references are removed from VMSS, then there is no InboundNatRules in LB.
In case you still have InboundNatRules on LB, you would likely get. @chandrasekarsrinivasan, could you please add some clarifications on this VMSS+LB behavior?

Set-AzureRmLoadBalancer : Adding or updating NAT Rules when NAT pool is present on loadbalancer /subscriptions/<subId>/resourceGroups/myResourceGroupScaleSet/providers/Microsoft.Network/loadBalancers/myLoadBalancer is
not supported. To modify the load balancer, pass in all NAT rules unchanged or remove the LoadBalancerInboundNatRules property from your PUT request.

Working on LB updates:

Remove-AzureRmLoadBalancerInboundNatPoolConfig -Name myScaleSet5985 -LoadBalancer $lb
Set-AzureRmLoadBalancer -LoadBalancer $lb

Results in deletion of the LB InboundNatPool.

@EvgenyAgafonchikov

This comment has been minimized.

Contributor

EvgenyAgafonchikov commented Sep 20, 2018

+Adding some details on the initial message, i.e.

Set-AzureRmLoadBalancer : Cannot remove inbound nat pool webAppNatRule from load balancer since it is in use by virtual machine scale set ... vmssName.

This is expected behavior as there is no way to delete the resource A until it is used by another resources. So first you would need to delete or update (remove references) the resource which depends on the resource A. Otherwise there would be invalid references pointing to nowhere.

@wacsintegra

This comment has been minimized.

wacsintegra commented Sep 20, 2018

@EvgenyAgafonchikov that works for me and was successful! Could you kindly provide the article your referencing in your post?

@EvgenyAgafonchikov

This comment has been minimized.

Contributor

EvgenyAgafonchikov commented Sep 20, 2018

@zacharyhumphrey , sure. I believe you mean "blog post" I mentioned. It is created by @rwwilden and referred in this comment above: #4698 (comment)
Other PowerShell things are just results of investigation based on the blog post's approach.

@wacsintegra

This comment has been minimized.

wacsintegra commented Sep 20, 2018

@EvgenyAgafonchikov anyway to get a legit MSDN article? Your outline of the needed commands in powershell was the last piece that I needed assistance being outlined. I do know w/o your post here I would've been stuck. :)

@MikhailTryakhov

This comment has been minimized.

Contributor

MikhailTryakhov commented Sep 20, 2018

@zacharyhumphrey I'll take a look at the way to create MSDN article or something like that. I'll keep you updated here

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment