Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

App Service VNET injection using ARM templates #43302

Closed
isaaccarrington opened this issue Nov 21, 2019 · 14 comments
Closed

App Service VNET injection using ARM templates #43302

isaaccarrington opened this issue Nov 21, 2019 · 14 comments
Assignees
@Alberto-Vega
Labels
cxp needs-more-info Pri3 triaged

Comments

@isaaccarrington
Copy link

isaaccarrington commented Nov 21, 2019
edited

In a Linux App Service Farm I have tried to use VNET injection for an App via ARM templates using the reference shown here

My error is

Deployment failed. Correlation ID: 956bdcf3-12f8-4e1d-bee8-4c6234a19a28. {
  "Code": "Conflict",
  "Message": "Swift network cannot be modified with this API call. Please use call /networkConfig/VirtualNetwork.",
  "Target": null,
  "Details": [
    {
      "Message": "Swift network cannot be modified with this API call. Please use call /networkConfig/VirtualNetwork."
    },
    {
      "Code": "Conflict"
    },
    {
      "ErrorEntity": {
        "ExtendedCode": "55930",
        "MessageTemplate": "Swift network cannot be modified with this API call. Please use call /networkConfig/VirtualNetwork.",
        "Parameters": [
          ""
        ],
        "Code": "Conflict",
        "Message": "Swift network cannot be modified with this API call. Please use call /networkConfig/VirtualNetwork."
      }
    }
  ],
  "Innererror": null
}

My code is

{
    "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
    "contentVersion": "1.0.0.0",
    "parameters": {
        "applicationGatewayName": {
            "type": "string"
        },
        "tier": {
            "type": "string"
        },
        "skuSize": {
            "type": "string"
        },
        "capacity": {
            "type": "int"
        },
        "zones": {
            "type": "array",
            "defaultValue": []
        },
        "publicIpAddressName": {
            "type": "string"
        },
        "sku": {
            "type": "string"
        },
        "allocationMethod": {
            "type": "string"
        },
        "publicIpZones": {
            "type": "array"
        },
        "autoScaleMaxCapacity": {
            "type": "int"
        },
        "addressPrefix": {
            "type": "string"
        },
        "appGatewaySubnetName": {
            "type": "string"
        },
        "appGatewaySubnetPrefix": {
            "type": "string"
        },
        "appServiceSubnetName": {
            "type": "string"
        },
        "appServiceSubnetPrefix": {
            "type": "string"
        },
        "virtualNetworkName": {
            "type": "string"
        },
        "hostingPlanName": {
            "type": "String"
        },
        "appsvcname": {
            "type": "array"
        },
        "hostingEnvironment": {
            "type": "string"
        },
        "alwaysOn": {
            "type": "bool"
        },
        "linuxFxVersion": {
            "type": "string"
        },
        "dockerRegistryUrl": {
            "type": "string"
        },
        "dockerRegistryUsername": {
            "type": "string"
        },
        "dockerRegistryPassword": {
            "type": "securestring"
        },
        "dockerRegistryStartupCommand": {
            "type": "string"
        }
    },
    "variables": {
        "virtualNetworks_externalid": "[concat('/subscriptions/', subscription().subscriptionId, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Network/virtualNetworks/', parameters('virtualNetworkName'))]"
    },
    "resources": [
        {
            "apiVersion": "2018-11-01",
            "name": "[concat('appsvc-', parameters('appsvcname')[copyIndex()])]",
            "type": "Microsoft.Web/sites",
            "location": "[resourceGroup().location]",
            "tags": {},
            "dependsOn": [],
            "copy": {
              "name": "appsvccopy",
              "count": "[length(parameters('appsvcname'))]"
            },
            "properties": {
                "name": "[concat('appsvc-', parameters('appsvcname')[copyIndex()])]",
                "siteConfig": {
                    "appSettings": [
                        {
                            "name": "DOCKER_REGISTRY_SERVER_URL",
                            "value": "[parameters('dockerRegistryUrl')]"
                        },
                        {
                            "name": "DOCKER_REGISTRY_SERVER_USERNAME",
                            "value": "[parameters('dockerRegistryUsername')]"
                        },
                        {
                            "name": "DOCKER_REGISTRY_SERVER_PASSWORD",
                            "value": "[parameters('dockerRegistryPassword')]"
                        },
                        {
                            "name": "WEBSITES_ENABLE_APP_SERVICE_STORAGE",
                            "value": "false"
                        }
                    ],
                    "linuxFxVersion": "[parameters('linuxFxVersion')]",
                    "appCommandLine": "[parameters('dockerRegistryStartupCommand')]",
                    "alwaysOn": "[parameters('alwaysOn')]"
                },
                "serverFarmId": "[concat('/subscriptions/', subscription().subscriptionId,'/resourcegroups/', resourceGroup().name, '/providers/Microsoft.Web/serverfarms/', parameters('hostingPlanName'))]",
                "hostingEnvironment": "[parameters('hostingEnvironment')]",
                "clientAffinityEnabled": false
            }
        },
        {
            "type": "Microsoft.Web/sites/virtualNetworkConnections",
            "apiVersion": "2018-11-01",
            "name": "[concat('appsvc-', parameters('appsvcname')[copyIndex()], '/', subscription().subscriptionId, '_', parameters('appServiceSubnetName'))]",
            "location": "Central US",
            "dependsOn": [
                "[resourceId('Microsoft.Web/sites', concat('appsvc-', parameters('appsvcname')[copyIndex()]))]"
            ],
            "copy": {
              "name": "appsvcvnetcopy",
              "count": "[length(parameters('appsvcname'))]"
            },
            "properties": {
                "vnetResourceId": "[concat(variables('virtualNetworks_externalid'), '/subnets/', parameters('appServiceSubnetName'))]",
                "isSwift": true
            }
        }
    ]
}

Firstly I suprised that a feature in preview has non-preview arm template reference documentation. Secondly, where is /networkConfig/VirtualNetwork ?
@Alberto-Vega
Copy link
Contributor

@isaaccarrington Thanks for reaching out. I see the document you are linking to. Were you also following a tutorial or document? If that is the case can you please share the link? That way, we can pass your feedback to the appropriate content author.

We try to reserve these issues for documentation feedback. If you are looking for help (vs provide feedback for a tutorial) can you please open a thread on the dev forums like StackOverflow or MSDN? There unlike here we have a dev community + engineering team that can help.

@Alberto-Vega Alberto-Vega self-assigned this Nov 21, 2019
@isaaccarrington
Copy link
Author

Hi @Alberto-Vega-MSFT. I wasn't following any tutorial or document. Thanks for the feedback, I guess I should address my queries for implementation there. Feel free to close this, but to be consistent I would suggest either removing vnet injection as its preview for linux or make some note of it. Cheers

@Alberto-Vega
Copy link
Contributor

@isaaccarrington Thanks for the feedback. If for some reason you do not get traction on the forum please tag me here and link me to the thread.

@kilasuit
Copy link
Contributor

Having come across this today i have to second this

Secondly, where is /networkConfig/VirtualNetwork ?

@isaaccarrington
Copy link
Author

I have carried on the thread in
https://stackoverflow.com/questions/54534924/arm-template-for-to-configure-app-services-with-new-vnet-integration-feature/59057622#59057622

@imsiddsingh
Copy link

I am also facing this issue with ARM template deployment. I generated the template from azure portal by adding VNet Integration manually for azure function app (Add Vnet is in preview). My code is given below: -

      {
        "type": "Microsoft.Web/sites/virtualNetworkConnections",
        "apiVersion": "2018-11-01",
        "name": "[concat(parameters('funcAppName'),'/',parameters('subnetName'))]",
        "location": "[parameters('location')]",
        "dependsOn": [
          "[concat('Microsoft.Web/sites/', parameters('funcAppName'))]"
        ],
        "properties": {
          "vnetResourceId": "[variables('subnetRef')]",
          "isSwift": true
        }
      }

Error: -

{
"Code": "Conflict",
"Message": "Swift network cannot be modified with this API call. Please use call /networkConfig/VirtualNetwork.",
"Target": null,
"Details": [
{
"Message": "Swift network cannot be modified with this API call. Please use call /networkConfig/VirtualNetwork."
},
{
"Code": "Conflict"
},
{
"ErrorEntity": {
"ExtendedCode": "55930",
"MessageTemplate": "Swift network cannot be modified with this API call. Please use call /networkConfig/VirtualNetwork.",
"Parameters": [
""
],
"Code": "Conflict",
"Message": "Swift network cannot be modified with this API call. Please use call /networkConfig/VirtualNetwork."
}
}
],
"Innererror": null
}

@Linaa
Copy link

Linaa commented Dec 13, 2019

same issue here

...
        {
            "type": "Microsoft.Web/sites/virtualNetworkConnections",
            "apiVersion": "2018-11-01",
            "name": "[concat(parameters('name'), '/', parameters('vnet_name'))]",
            "location": "[parameters('location')]",
            "dependsOn": [
                "[resourceId('Microsoft.Web/sites', parameters('name'))]"
            ],
            "properties": {
                "vnetResourceId": "[concat(parameters('vnet_id'), '/subnets/', parameters('subnet_name'))]",
                "isSwift": true
            }
        }
    ]
...

results in:

dw-admin-iac az group deployment create --resource-group $rgname --parameters ./dev/functionapp.json --template-file ./templates/functionapp.json
Deployment failed. Correlation ID: ac15c066-cd70-470e-9c1f-a0958d8248b2. {
  "Code": "Conflict",
  "Message": "Swift network cannot be modified with this API call. Please use call /networkConfig/VirtualNetwork.",
  "Target": null,
  "Details": [
    {
      "Message": "Swift network cannot be modified with this API call. Please use call /networkConfig/VirtualNetwork."
    },
    {
      "Code": "Conflict"
    },
    {
      "ErrorEntity": {
        "ExtendedCode": "55930",
        "MessageTemplate": "Swift network cannot be modified with this API call. Please use call /networkConfig/VirtualNetwork.",
        "Parameters": [
          ""
        ],
        "Code": "Conflict",
        "Message": "Swift network cannot be modified with this API call. Please use call /networkConfig/VirtualNetwork."
      }
    }
  ],
  "Innererror": null
}

@markusfoss
Copy link

I also have the same issue when trying to create a Premium Azure Function w/VNET integration. My arm template:

{ "type": "Microsoft.Web/sites/virtualNetworkConnections", "apiVersion": "2018-11-01", "name": "[concat(variables('functionname'), '/', parameters('name'), '_functions')]", "location": "West Europe", "dependsOn": [ "[resourceId('Microsoft.Web/sites', variables('functionname'))]" ], "properties": { "vnetResourceId": "[concat(variables('vnetname'), '/subnets/functions')]", "isSwift": true } }

Results in:
{ "ErrorEntity": { "ExtendedCode": "55930", "MessageTemplate": "Swift network cannot be modified with this API call. Please use call /networkConfig/VirtualNetwork.", "Parameters": [ "" ], "Code": "Conflict", "Message": "Swift network cannot be modified with this API call. Please use call /networkConfig/VirtualNetwork." } }

@Linaa or @imsiddsingh : Did you manage to resolve it?

It seems this is not supported in ARM - but it it possible to work around it and add vnet support to the function using Az Powershell / Az Cli ?

@CaioCavalcanti
Copy link

I had the same problem here and was able to solve with this: https://github.com/ScottHolden/ARMExamples/blob/master/AppService-VnetNew-Storage/deploy.json

{
        "apiVersion": "2016-08-01",
        "type": "Microsoft.Web/sites",
        "kind": "app",
        "name": "[variables('webAppName')]",
        "location": "[parameters('location')]",
        "properties": {
          "serverFarmId": "[resourceId('Microsoft.Web/serverfarms', variables('appServicePlanName'))]"
        },
        "resources": [
            {
                "name": "virtualNetwork",
                "type": "config",
                "apiVersion": "2018-02-01",
                "location": "[parameters('location')]",
                "dependsOn": [
                  "[concat('Microsoft.Web/sites/', variables('WebAppName'))]",
                  "[concat('Microsoft.Network/virtualNetworks/', variables('vnetName'))]"
                ],
                "properties":
                {
                    "subnetResourceId": "[variables('subnetRef')]",
                    "swiftSupported": true
                }
              }
        ],
        "dependsOn": [
          "[resourceId('Microsoft.Web/serverfarms', variables('appServicePlanName'))]"
        ]
      }

@vplauzon
Copy link
Contributor

vplauzon commented Feb 1, 2020

Thank you Caio! I just used your solution and it fixed my problem right away!

Cheers,

Vincent-Philippe

@fabito
Copy link

fabito commented Feb 2, 2020

Another important detail: don't forget to enable delegation in the target subnet.

@vplauzon
Copy link
Contributor

vplauzon commented Feb 2, 2020

I did (copied it from your sample). What I found odd is that if I removed the service endpoint from your sample, it doesn't work. I thought that integration was independent from service endpoint but it doesn't seem to be the case.

@markuskonrad
Copy link

markuskonrad commented Mar 1, 2020
edited

Are there any updates available for this issue? Having the same problem with a Web App / Microsoft.Web/sites.

I assume this is still a problem with the "Preview" status? I already expected problems when I exportet the template and found the "name" value with a static GUID.

{ "name": "[concat(parameters('webAppName'), '/fa2c00c5-e0c8-423b-8079-8848864adc41_', parameters('subnetName'))]", }

Update:

Sorry missted the Stackoverflow link in between. A workaround from a MS Engineer is to replace the full node

... "type": "Microsoft.Web/sites/virtualNetworkConnections", ...

with

{ "type": "Microsoft.Web/sites/networkConfig", "name": "[concat(parameters('webAppName'),'/VirtualNetwork')]", "apiVersion": "2016-08-01", "properties": { "subnetResourceId": "[parameters('subnetResourceId')]" } }

Deployment was working for me with this setup.

@mrserverless
Copy link

The Microsoft quick starter template worked for me for regional VNet injection: https://github.com/Azure/azure-quickstart-templates/blob/master/101-function-premium-vnet-integration/azuredeploy.json#L190

However, you must enable delegation on the target subnet first as @fabito pointed out. In my case, I got an internal server error until I enabled delegation.

@es-alt es-alt mentioned this issue May 12, 2021
Closed
@o-l-a-v o-l-a-v mentioned this issue May 5, 2022
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@Alberto-Vega Alberto-Vega

Labels
cxp needs-more-info Pri3 triaged
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests