Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Trusted Launch default and Arm64 #27975

Open
gjolly opened this issue Dec 6, 2023 · 4 comments
Open

Trusted Launch default and Arm64 #27975

gjolly opened this issue Dec 6, 2023 · 4 comments
Assignees
Labels
Auto-Assign Auto assign by bot Auto-Resolve Auto resolve by bot Azure CLI Team The command of the issue is owned by Azure CLI team Compute az vm/vmss/image/disk/snapshot customer-reported Issues that are reported by GitHub users external to the Azure organization. question The issue doesn't require a change to the product in order to be resolved. Most issues start as that Similar-Issue
Milestone

Comments

@gjolly
Copy link

gjolly commented Dec 6, 2023

Describe the bug

When launching Arm64 instances, the CLI tries to enable Trusted Launch but TS is not yet supported for Arm64 instances.

Related command

az vm create -g test-arm --name ubuntu-jammy --image "Canonical:0001-com-ubuntu-server-jammy:22_04-lts-arm64:latest" --ssh-key-values $SSH_KEY --size Standard_D4pls_v5 --admin-username ubuntu

Errors

{"status":"Failed","error":{"code":"DeploymentFailed","target":"/subscriptions/5059ce5a-a72d-4085-acb7-33b421daa1ee/resourceGroups/test-certify/providers/Microsoft.Resources/deployments/vm_deploy_T5wOKV7Zgk6xUQRqaxjOydnUsvHvvdj5","message":"At least one resource deployment operation failed. Please list deployment operations for details. Please see https://aka.ms/arm-deployment-operations for usage details.","details":[{"code":"BadRequest","message":"Use of TrustedLaunch setting is not supported for the provided image. Please select Trusted Launch Supported Gen2 OS Image. For more information, see https://aka.ms/TrustedLaunch-FAQ."}]}}

Issue script & Debug output

DEBUG: cli.knack.cli: Command arguments: ['vm', 'create', '--debug', '-g', 'test-certify', '-n', 'jammy-arm64-2', '--image', 'Canonical:0001-com-ubuntu-server-jammy:22_04-lts-arm64:latest', '--ssh-key-values', '/home/gauthier/canonical/enclave/ssh/canonical_rsa.pub', '--size', 'Standard_D4pls_v5', '--admin-username', 'ubuntu']
[...]
DEBUG: msal.telemetry: Generate or reuse correlation_id: 8a9e56ef-dc2a-415a-a310-076387e6d664
DEBUG: cli.azure.cli.core.sdk.policies: Request URL: 'https://management.azure.com/subscriptions/5059ce5a-a72d-4085-acb7-33b421daa1ee/resourcegroups/test-certify/providers/Microsoft.Resources/deployments/vm_deploy_Sj7414liWTGRcwLyM2ifyE8lhtCK3tN2?api-version=2022-09-01'
DEBUG: cli.azure.cli.core.sdk.policies: Request method: 'PUT'
DEBUG: cli.azure.cli.core.sdk.policies: Request headers:
DEBUG: cli.azure.cli.core.sdk.policies:     'Content-Type': 'application/json'
DEBUG: cli.azure.cli.core.sdk.policies:     'Content-Length': '3605'
DEBUG: cli.azure.cli.core.sdk.policies:     'Accept': 'application/json'
DEBUG: cli.azure.cli.core.sdk.policies:     'x-ms-client-request-id': '4146ba0b-9420-11ee-84f6-709cd161819f'
DEBUG: cli.azure.cli.core.sdk.policies:     'CommandName': 'vm create'
DEBUG: cli.azure.cli.core.sdk.policies:     'ParameterSetName': '--debug -g -n --image --ssh-key-values --size --admin-username'
DEBUG: cli.azure.cli.core.sdk.policies:     'User-Agent': 'AZURECLI/2.55.0 (DEB) azsdk-python-azure-mgmt-resource/23.1.0b2 Python/3.11.5 (Linux-6.5.0-14-generic-x86_64-with-glibc2.38)'
DEBUG: cli.azure.cli.core.sdk.policies:     'Authorization': '*****'
DEBUG: cli.azure.cli.core.sdk.policies: Request body:
DEBUG: cli.azure.cli.core.sdk.policies: {"properties": {"template": {"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#", "contentVersion": "1.0.0.0", "parameters": {}, "variables": {}, "resources": [{"type": "Microsoft.Network/networkSecurityGroups", "name": "jammy-arm64-2NSG", "apiVersion": "2015-06-15", "location": "westeurope", "tags": {}, "dependsOn": [], "properties": {"securityRules": [{"name": "default-allow-ssh", "properties": {"protocol": "Tcp", "sourcePortRange": "*", "destinationPortRange": "22", "sourceAddressPrefix": "*", "destinationAddressPrefix": "*", "access": "Allow", "priority": 1000, "direction": "Inbound"}}]}}, {"apiVersion": "2022-01-01", "type": "Microsoft.Network/publicIPAddresses", "name": "jammy-arm64-2PublicIP", "location": "westeurope", "tags": {}, "dependsOn": [], "properties": {"publicIPAllocationMethod": "Static"}, "sku": {"name": "Standard"}}, {"apiVersion": "2015-06-15", "type": "Microsoft.Network/networkInterfaces", "name": "jammy-arm64-2VMNic", "location": "westeurope", "tags": {}, "dependsOn": ["Microsoft.Network/networkSecurityGroups/jammy-arm64-2NSG", "Microsoft.Network/publicIpAddresses/jammy-arm64-2PublicIP"], "properties": {"ipConfigurations": [{"name": "ipconfigjammy-arm64-2", "properties": {"privateIPAllocationMethod": "Dynamic", "subnet": {"id": "/subscriptions/5059ce5a-a72d-4085-acb7-33b421daa1ee/resourceGroups/test-certify/providers/Microsoft.Network/virtualNetworks/nobleVNET/subnets/nobleSubnet"}, "publicIPAddress": {"id": "/subscriptions/5059ce5a-a72d-4085-acb7-33b421daa1ee/resourceGroups/test-certify/providers/Microsoft.Network/publicIPAddresses/jammy-arm64-2PublicIP"}}}], "networkSecurityGroup": {"id": "/subscriptions/5059ce5a-a72d-4085-acb7-33b421daa1ee/resourceGroups/test-certify/providers/Microsoft.Network/networkSecurityGroups/jammy-arm64-2NSG"}}}, {"apiVersion": "2022-11-01", "type": "Microsoft.Compute/virtualMachines", "name": "jammy-arm64-2", "location": "westeurope", "tags": {}, "dependsOn": ["Microsoft.Network/networkInterfaces/jammy-arm64-2VMNic"], "properties": {"hardwareProfile": {"vmSize": "Standard_D4pls_v5"}, "networkProfile": {"networkInterfaces": [{"id": "/subscriptions/5059ce5a-a72d-4085-acb7-33b421daa1ee/resourceGroups/test-certify/providers/Microsoft.Network/networkInterfaces/jammy-arm64-2VMNic", "properties": {"deleteOption": null}}]}, "storageProfile": {"osDisk": {"createOption": "fromImage", "name": null, "caching": "ReadWrite", "managedDisk": {"storageAccountType": null}}, "imageReference": {"publisher": "Canonical", "offer": "0001-com-ubuntu-server-jammy", "sku": "22_04-lts-arm64", "version": "latest"}}, "osProfile": {"computerName": "jammy-arm64-2", "adminUsername": "ubuntu", "linuxConfiguration": {"disablePasswordAuthentication": true, "ssh": {"publicKeys": [{"keyData": "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCwu2kUAGAuqH2LPGN1VO8H6MU2UK+PZNbLYQrQ1LAJF2qDAj9FU8FE/KjO6CvAt+kNnj9r/X2HypvVpA9AAa13n/0bY9TAi3zkAbaYK+WAu5ppRW6NYoXAi9+sPoxsqyZkfv5TpWBxaz4dCl0weZBO/tpzn84jW1OwRL27Uf+POZOSdg4LYMMukPbLxrnDZs0GyFBmUHghQM2sizPCI9egpx7UCUPmzPkar0bDz27C/bvpaFYdQ1mX4Y3tOcLl3Kk8+FmaztR0McV0lqzI9A7uWWh20n4BKcpL2NQjqd3ABa00tFhaY8QYFMqcgSbogZkPnrDInRJ+PqaoJ+hw2Ofxtx7Lg646mlVJpd54P3iWnrqJOeB2rkjVF8FcfHNiaZ5OS0EiMpNEYoIas6VCnHId162x/WHiESbHTrctUzRuynz4/1S+HR4zYlGUT/hr7ruKFuge8LrGx0Wom69s18amXz+PeNPSuoEOzYBFBbgllRFWYAmdCvPBeDx94vVr9ns= gauthier@canonical\n", "path": "/home/ubuntu/.ssh/authorized_keys"}]}}}, "securityProfile": {"securityType": "TrustedLaunch", "uefiSettings": {"secureBootEnabled": true, "vTpmEnabled": true}}}}], "outputs": {}}, "parameters": {}, "mode": "incremental"}}
DEBUG: urllib3.connectionpool: Starting new HTTPS connection (1): management.azure.com:443
DEBUG: urllib3.connectionpool: https://management.azure.com:443 "PUT /subscriptions/5059ce5a-a72d-4085-acb7-33b421daa1ee/resourcegroups/test-certify/providers/Microsoft.Resources/deployments/vm_deploy_Sj7414liWTGRcwLyM2ifyE8lhtCK3tN2?api-version=2022-09-01 HTTP/1.1" 201 2143
DEBUG: cli.azure.cli.core.sdk.policies: Response status: 201
DEBUG: cli.azure.cli.core.sdk.policies: Response headers:
DEBUG: cli.azure.cli.core.sdk.policies:     'Cache-Control': 'no-cache'
DEBUG: cli.azure.cli.core.sdk.policies:     'Pragma': 'no-cache'
DEBUG: cli.azure.cli.core.sdk.policies:     'Content-Length': '2143'
DEBUG: cli.azure.cli.core.sdk.policies:     'Content-Type': 'application/json; charset=utf-8'
DEBUG: cli.azure.cli.core.sdk.policies:     'Expires': '-1'
DEBUG: cli.azure.cli.core.sdk.policies:     'Azure-AsyncOperation': 'https://management.azure.com/subscriptions/5059ce5a-a72d-4085-acb7-33b421daa1ee/resourcegroups/test-certify/providers/Microsoft.Resources/deployments/vm_deploy_Sj7414liWTGRcwLyM2ifyE8lhtCK3tN2/operationStatuses/08584997492058693790?api-version=2022-09-01'
DEBUG: cli.azure.cli.core.sdk.policies:     'x-ms-ratelimit-remaining-subscription-writes': '1199'
DEBUG: cli.azure.cli.core.sdk.policies:     'x-ms-request-id': '165f4791-18d3-4a86-94c1-5e298f7d28df'
DEBUG: cli.azure.cli.core.sdk.policies:     'x-ms-correlation-request-id': '165f4791-18d3-4a86-94c1-5e298f7d28df'
DEBUG: cli.azure.cli.core.sdk.policies:     'x-ms-routing-request-id': 'FRANCECENTRAL:20231206T101440Z:165f4791-18d3-4a86-94c1-5e298f7d28df'
DEBUG: cli.azure.cli.core.sdk.policies:     'Strict-Transport-Security': 'max-age=31536000; includeSubDomains'
DEBUG: cli.azure.cli.core.sdk.policies:     'X-Content-Type-Options': 'nosniff'
DEBUG: cli.azure.cli.core.sdk.policies:     'X-Cache': 'CONFIG_NOCACHE'
DEBUG: cli.azure.cli.core.sdk.policies:     'X-MSEdge-Ref': 'Ref A: 5307892AF6F34B4E9EC68C0082C45D40 Ref B: AMS231020512031 Ref C: 2023-12-06T10:14:38Z'
DEBUG: cli.azure.cli.core.sdk.policies:     'Date': 'Wed, 06 Dec 2023 10:14:40 GMT'
DEBUG: cli.azure.cli.core.sdk.policies: Response content:
DEBUG: cli.azure.cli.core.sdk.policies: {"id":"/subscriptions/5059ce5a-a72d-4085-acb7-33b421daa1ee/resourceGroups/test-certify/providers/Microsoft.Resources/deployments/vm_deploy_Sj7414liWTGRcwLyM2ifyE8lhtCK3tN2","name":"vm_deploy_Sj7414liWTGRcwLyM2ifyE8lhtCK3tN2","type":"Microsoft.Resources/deployments","properties":{"templateHash":"14333805158764500841","parameters":{},"mode":"Incremental","provisioningState":"Accepted","timestamp":"2023-12-06T10:14:40.3453655Z","duration":"PT0.0001001S","correlationId":"165f4791-18d3-4a86-94c1-5e298f7d28df","providers":[{"namespace":"Microsoft.Network","resourceTypes":[{"resourceType":"networkSecurityGroups","locations":["westeurope"]},{"resourceType":"publicIPAddresses","locations":["westeurope"]},{"resourceType":"networkInterfaces","locations":["westeurope"]}]},{"namespace":"Microsoft.Compute","resourceTypes":[{"resourceType":"virtualMachines","locations":["westeurope"]}]}],"dependencies":[{"dependsOn":[{"id":"/subscriptions/5059ce5a-a72d-4085-acb7-33b421daa1ee/resourceGroups/test-certify/providers/Microsoft.Network/networkSecurityGroups/jammy-arm64-2NSG","resourceType":"Microsoft.Network/networkSecurityGroups","resourceName":"jammy-arm64-2NSG"},{"id":"/subscriptions/5059ce5a-a72d-4085-acb7-33b421daa1ee/resourceGroups/test-certify/providers/Microsoft.Network/publicIPAddresses/jammy-arm64-2PublicIP","resourceType":"Microsoft.Network/publicIPAddresses","resourceName":"jammy-arm64-2PublicIP"}],"id":"/subscriptions/5059ce5a-a72d-4085-acb7-33b421daa1ee/resourceGroups/test-certify/providers/Microsoft.Network/networkInterfaces/jammy-arm64-2VMNic","resourceType":"Microsoft.Network/networkInterfaces","resourceName":"jammy-arm64-2VMNic"},{"dependsOn":[{"id":"/subscriptions/5059ce5a-a72d-4085-acb7-33b421daa1ee/resourceGroups/test-certify/providers/Microsoft.Network/networkInterfaces/jammy-arm64-2VMNic","resourceType":"Microsoft.Network/networkInterfaces","resourceName":"jammy-arm64-2VMNic"}],"id":"/subscriptions/5059ce5a-a72d-4085-acb7-33b421daa1ee/resourceGroups/test-certify/providers/Microsoft.Compute/virtualMachines/jammy-arm64-2","resourceType":"Microsoft.Compute/virtualMachines","resourceName":"jammy-arm64-2"}]}}
DEBUG: cli.azure.cli.core.sdk.policies: Request URL: 'https://management.azure.com/subscriptions/5059ce5a-a72d-4085-acb7-33b421daa1ee/resourcegroups/test-certify/providers/Microsoft.Resources/deployments/vm_deploy_Sj7414liWTGRcwLyM2ifyE8lhtCK3tN2/operationStatuses/08584997492058693790?api-version=2022-09-01'
DEBUG: cli.azure.cli.core.sdk.policies: Request method: 'GET'
DEBUG: cli.azure.cli.core.sdk.policies: Request headers:
DEBUG: cli.azure.cli.core.sdk.policies:     'x-ms-client-request-id': '4146ba0b-9420-11ee-84f6-709cd161819f'
DEBUG: cli.azure.cli.core.sdk.policies:     'CommandName': 'vm create'
DEBUG: cli.azure.cli.core.sdk.policies:     'ParameterSetName': '--debug -g -n --image --ssh-key-values --size --admin-username'
DEBUG: cli.azure.cli.core.sdk.policies:     'User-Agent': 'AZURECLI/2.55.0 (DEB) azsdk-python-azure-mgmt-resource/23.1.0b2 Python/3.11.5 (Linux-6.5.0-14-generic-x86_64-with-glibc2.38)'
DEBUG: cli.azure.cli.core.sdk.policies:     'Authorization': '*****'
DEBUG: cli.azure.cli.core.sdk.policies: Request body:
DEBUG: cli.azure.cli.core.sdk.policies: This request has no body
DEBUG: urllib3.connectionpool: https://management.azure.com:443 "GET /subscriptions/5059ce5a-a72d-4085-acb7-33b421daa1ee/resourcegroups/test-certify/providers/Microsoft.Resources/deployments/vm_deploy_Sj7414liWTGRcwLyM2ifyE8lhtCK3tN2/operationStatuses/08584997492058693790?api-version=2022-09-01 HTTP/1.1" 200 21
DEBUG: cli.azure.cli.core.sdk.policies: Response status: 200
DEBUG: cli.azure.cli.core.sdk.policies: Response headers:
DEBUG: cli.azure.cli.core.sdk.policies:     'Cache-Control': 'no-cache'
DEBUG: cli.azure.cli.core.sdk.policies:     'Pragma': 'no-cache'
DEBUG: cli.azure.cli.core.sdk.policies:     'Content-Length': '21'
DEBUG: cli.azure.cli.core.sdk.policies:     'Content-Type': 'application/json; charset=utf-8'
DEBUG: cli.azure.cli.core.sdk.policies:     'Expires': '-1'
DEBUG: cli.azure.cli.core.sdk.policies:     'x-ms-ratelimit-remaining-subscription-reads': '11999'
DEBUG: cli.azure.cli.core.sdk.policies:     'x-ms-request-id': '0a1f7d86-8c7b-4c0d-8384-38549574cc43'
DEBUG: cli.azure.cli.core.sdk.policies:     'x-ms-correlation-request-id': '0a1f7d86-8c7b-4c0d-8384-38549574cc43'
DEBUG: cli.azure.cli.core.sdk.policies:     'x-ms-routing-request-id': 'FRANCECENTRAL:20231206T101440Z:0a1f7d86-8c7b-4c0d-8384-38549574cc43'
DEBUG: cli.azure.cli.core.sdk.policies:     'Strict-Transport-Security': 'max-age=31536000; includeSubDomains'
DEBUG: cli.azure.cli.core.sdk.policies:     'X-Content-Type-Options': 'nosniff'
DEBUG: cli.azure.cli.core.sdk.policies:     'X-Cache': 'CONFIG_NOCACHE'
DEBUG: cli.azure.cli.core.sdk.policies:     'X-MSEdge-Ref': 'Ref A: F6D3A7255AD54AD19DBF28AE090F0B87 Ref B: AMS231020512031 Ref C: 2023-12-06T10:14:40Z'
DEBUG: cli.azure.cli.core.sdk.policies:     'Date': 'Wed, 06 Dec 2023 10:14:40 GMT'
DEBUG: cli.azure.cli.core.sdk.policies: Response content:
DEBUG: cli.azure.cli.core.sdk.policies: {"status":"Accepted"}
DEBUG: cli.azure.cli.core.sdk.policies: Request URL: 'https://management.azure.com/subscriptions/5059ce5a-a72d-4085-acb7-33b421daa1ee/resourcegroups/test-certify/providers/Microsoft.Resources/deployments/vm_deploy_Sj7414liWTGRcwLyM2ifyE8lhtCK3tN2/operationStatuses/08584997492058693790?api-version=2022-09-01'
DEBUG: cli.azure.cli.core.sdk.policies: Request method: 'GET'
DEBUG: cli.azure.cli.core.sdk.policies: Request headers:
DEBUG: cli.azure.cli.core.sdk.policies:     'x-ms-client-request-id': '4146ba0b-9420-11ee-84f6-709cd161819f'
DEBUG: cli.azure.cli.core.sdk.policies:     'CommandName': 'vm create'
DEBUG: cli.azure.cli.core.sdk.policies:     'ParameterSetName': '--debug -g -n --image --ssh-key-values --size --admin-username'
DEBUG: cli.azure.cli.core.sdk.policies:     'User-Agent': 'AZURECLI/2.55.0 (DEB) azsdk-python-azure-mgmt-resource/23.1.0b2 Python/3.11.5 (Linux-6.5.0-14-generic-x86_64-with-glibc2.38)'
DEBUG: cli.azure.cli.core.sdk.policies:     'Authorization': '*****'
DEBUG: cli.azure.cli.core.sdk.policies: Request body:
DEBUG: cli.azure.cli.core.sdk.policies: This request has no body
DEBUG: urllib3.connectionpool: https://management.azure.com:443 "GET /subscriptions/5059ce5a-a72d-4085-acb7-33b421daa1ee/resourcegroups/test-certify/providers/Microsoft.Resources/deployments/vm_deploy_Sj7414liWTGRcwLyM2ifyE8lhtCK3tN2/operationStatuses/08584997492058693790?api-version=2022-09-01 HTTP/1.1" 200 642
DEBUG: cli.azure.cli.core.sdk.policies: Response status: 200
DEBUG: cli.azure.cli.core.sdk.policies: Response headers:
DEBUG: cli.azure.cli.core.sdk.policies:     'Cache-Control': 'no-cache'
DEBUG: cli.azure.cli.core.sdk.policies:     'Pragma': 'no-cache'
DEBUG: cli.azure.cli.core.sdk.policies:     'Content-Length': '642'
DEBUG: cli.azure.cli.core.sdk.policies:     'Content-Type': 'application/json; charset=utf-8'
DEBUG: cli.azure.cli.core.sdk.policies:     'Expires': '-1'
DEBUG: cli.azure.cli.core.sdk.policies:     'x-ms-ratelimit-remaining-subscription-reads': '11993'
DEBUG: cli.azure.cli.core.sdk.policies:     'x-ms-request-id': '87a9ba34-4de1-432b-a2e2-4524f348ca85'
DEBUG: cli.azure.cli.core.sdk.policies:     'x-ms-correlation-request-id': '87a9ba34-4de1-432b-a2e2-4524f348ca85'
DEBUG: cli.azure.cli.core.sdk.policies:     'x-ms-routing-request-id': 'FRANCECENTRAL:20231206T101510Z:87a9ba34-4de1-432b-a2e2-4524f348ca85'
DEBUG: cli.azure.cli.core.sdk.policies:     'Strict-Transport-Security': 'max-age=31536000; includeSubDomains'
DEBUG: cli.azure.cli.core.sdk.policies:     'X-Content-Type-Options': 'nosniff'
DEBUG: cli.azure.cli.core.sdk.policies:     'X-Cache': 'CONFIG_NOCACHE'
DEBUG: cli.azure.cli.core.sdk.policies:     'X-MSEdge-Ref': 'Ref A: 578A08CE34024D399DDAA89AF65F26F9 Ref B: AMS231020512031 Ref C: 2023-12-06T10:15:10Z'
DEBUG: cli.azure.cli.core.sdk.policies:     'Date': 'Wed, 06 Dec 2023 10:15:10 GMT'
DEBUG: cli.azure.cli.core.sdk.policies: Response content:
DEBUG: cli.azure.cli.core.sdk.policies: {"status":"Failed","error":{"code":"DeploymentFailed","target":"/subscriptions/5059ce5a-a72d-4085-acb7-33b421daa1ee/resourceGroups/test-certify/providers/Microsoft.Resources/deployments/vm_deploy_Sj7414liWTGRcwLyM2ifyE8lhtCK3tN2","message":"At least one resource deployment operation failed. Please list deployment operations for details. Please see https://aka.ms/arm-deployment-operations for usage details.","details":[{"code":"BadRequest","message":"Use of TrustedLaunch setting is not supported for the provided image. Please select Trusted Launch Supported Gen2 OS Image. For more information, see https://aka.ms/TrustedLaunch-FAQ."}]}}
DEBUG: cli.azure.cli.core.azclierror: Traceback (most recent call last):
  File "/opt/az/lib/python3.11/site-packages/azure/core/polling/base_polling.py", line 517, in run
    self._poll()
  File "/opt/az/lib/python3.11/site-packages/azure/core/polling/base_polling.py", line 557, in _poll
    raise OperationFailed("Operation failed or canceled")
azure.core.polling.base_polling.OperationFailed: Operation failed or canceled

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/opt/az/lib/python3.11/site-packages/azure/cli/core/commands/__init__.py", line 697, in _run_job
    result = cmd_copy(params)
             ^^^^^^^^^^^^^^^^
  File "/opt/az/lib/python3.11/site-packages/azure/cli/core/commands/__init__.py", line 333, in __call__
    return self.handler(*args, **kwargs)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/opt/az/lib/python3.11/site-packages/azure/cli/core/commands/command_operation.py", line 121, in handler
    return op(**command_args)
           ^^^^^^^^^^^^^^^^^^
  File "/opt/az/lib/python3.11/site-packages/azure/cli/command_modules/vm/custom.py", line 1181, in create_vm
    LongRunningOperation(cmd.cli_ctx)(client.begin_create_or_update(resource_group_name, deployment_name, deployment))
  File "/opt/az/lib/python3.11/site-packages/azure/cli/core/commands/__init__.py", line 1013, in __call__
    raise exception
  File "/opt/az/lib/python3.11/site-packages/azure/cli/core/commands/__init__.py", line 1000, in __call__
    result = poller.result()
             ^^^^^^^^^^^^^^^
  File "/opt/az/lib/python3.11/site-packages/azure/core/polling/_poller.py", line 255, in result
    self.wait(timeout)
  File "/opt/az/lib/python3.11/site-packages/azure/core/tracing/decorator.py", line 78, in wrapper_use_tracer
    return func(*args, **kwargs)
           ^^^^^^^^^^^^^^^^^^^^^
  File "/opt/az/lib/python3.11/site-packages/azure/core/polling/_poller.py", line 275, in wait
    raise self._exception # type: ignore
    ^^^^^^^^^^^^^^^^^^^^^
  File "/opt/az/lib/python3.11/site-packages/azure/core/polling/_poller.py", line 192, in _start
    self._polling_method.run()
  File "/opt/az/lib/python3.11/site-packages/azure/core/polling/base_polling.py", line 535, in run
    raise HttpResponseError(
azure.core.exceptions.HttpResponseError: (DeploymentFailed) At least one resource deployment operation failed. Please list deployment operations for details. Please see https://aka.ms/arm-deployment-operations for usage details.
Code: DeploymentFailed
Message: At least one resource deployment operation failed. Please list deployment operations for details. Please see https://aka.ms/arm-deployment-operations for usage details.
Target: /subscriptions/5059ce5a-a72d-4085-acb7-33b421daa1ee/resourceGroups/test-certify/providers/Microsoft.Resources/deployments/vm_deploy_Sj7414liWTGRcwLyM2ifyE8lhtCK3tN2
Exception Details:	(BadRequest) Use of TrustedLaunch setting is not supported for the provided image. Please select Trusted Launch Supported Gen2 OS Image. For more information, see https://aka.ms/TrustedLaunch-FAQ.
	Code: BadRequest
	Message: Use of TrustedLaunch setting is not supported for the provided image. Please select Trusted Launch Supported Gen2 OS Image. For more information, see https://aka.ms/TrustedLaunch-FAQ.

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/opt/az/lib/python3.11/site-packages/azure/cli/core/commands/arm.py", line 109, in handle_template_based_exception
    raise CLIError(ex.inner_exception.error.message)
                   ^^^^^^^^^^^^^^^^^^^^^^^^
AttributeError: 'OperationFailed' object has no attribute 'error'

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/opt/az/lib/python3.11/site-packages/knack/cli.py", line 233, in invoke
    cmd_result = self.invocation.execute(args)
                 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/opt/az/lib/python3.11/site-packages/azure/cli/core/commands/__init__.py", line 663, in execute
    raise ex
  File "/opt/az/lib/python3.11/site-packages/azure/cli/core/commands/__init__.py", line 726, in _run_jobs_serially
    results.append(self._run_job(expanded_arg, cmd_copy))
                   ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/opt/az/lib/python3.11/site-packages/azure/cli/core/commands/__init__.py", line 718, in _run_job
    return cmd_copy.exception_handler(ex)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/opt/az/lib/python3.11/site-packages/azure/cli/core/commands/arm.py", line 112, in handle_template_based_exception
    raise_subdivision_deployment_error(ex.response.internal_response.text, ex.error.code if ex.error else None)
  File "/opt/az/lib/python3.11/site-packages/azure/cli/core/commands/arm.py", line 104, in raise_subdivision_deployment_error
    raise DeploymentError(error_message)
azure.cli.core.azclierror.DeploymentError: {"status":"Failed","error":{"code":"DeploymentFailed","target":"/subscriptions/5059ce5a-a72d-4085-acb7-33b421daa1ee/resourceGroups/test-certify/providers/Microsoft.Resources/deployments/vm_deploy_Sj7414liWTGRcwLyM2ifyE8lhtCK3tN2","message":"At least one resource deployment operation failed. Please list deployment operations for details. Please see https://aka.ms/arm-deployment-operations for usage details.","details":[{"code":"BadRequest","message":"Use of TrustedLaunch setting is not supported for the provided image. Please select Trusted Launch Supported Gen2 OS Image. For more information, see https://aka.ms/TrustedLaunch-FAQ."}]}}

ERROR: cli.azure.cli.core.azclierror: {"status":"Failed","error":{"code":"DeploymentFailed","target":"/subscriptions/5059ce5a-a72d-4085-acb7-33b421daa1ee/resourceGroups/test-certify/providers/Microsoft.Resources/deployments/vm_deploy_Sj7414liWTGRcwLyM2ifyE8lhtCK3tN2","message":"At least one resource deployment operation failed. Please list deployment operations for details. Please see https://aka.ms/arm-deployment-operations for usage details.","details":[{"code":"BadRequest","message":"Use of TrustedLaunch setting is not supported for the provided image. Please select Trusted Launch Supported Gen2 OS Image. For more information, see https://aka.ms/TrustedLaunch-FAQ."}]}}
ERROR: az_command_data_logger: {"status":"Failed","error":{"code":"DeploymentFailed","target":"/subscriptions/5059ce5a-a72d-4085-acb7-33b421daa1ee/resourceGroups/test-certify/providers/Microsoft.Resources/deployments/vm_deploy_Sj7414liWTGRcwLyM2ifyE8lhtCK3tN2","message":"At least one resource deployment operation failed. Please list deployment operations for details. Please see https://aka.ms/arm-deployment-operations for usage details.","details":[{"code":"BadRequest","message":"Use of TrustedLaunch setting is not supported for the provided image. Please select Trusted Launch Supported Gen2 OS Image. For more information, see https://aka.ms/TrustedLaunch-FAQ."}]}}
[...]

Expected behavior

The CLI should not default to Trusted Launch for Arm64 instances/images.

Environment Summary

{
  "azure-cli": "2.55.0",
  "azure-cli-core": "2.55.0",
  "azure-cli-telemetry": "1.1.0",
  "extensions": {}
}

Additional context

No response

@gjolly gjolly added the bug This issue requires a change to an existing behavior in the product in order to be resolved. label Dec 6, 2023
@microsoft-github-policy-service microsoft-github-policy-service bot added customer-reported Issues that are reported by GitHub users external to the Azure organization. Compute az vm/vmss/image/disk/snapshot labels Dec 6, 2023
@microsoft-github-policy-service microsoft-github-policy-service bot added Auto-Assign Auto assign by bot Azure CLI Team The command of the issue is owned by Azure CLI team question The issue doesn't require a change to the product in order to be resolved. Most issues start as that labels Dec 6, 2023
@yonzhan
Copy link
Collaborator

yonzhan commented Dec 6, 2023

Thank you for opening this issue, we will look into it.

Copy link

Hi @gjolly
Find similar issue #27871.

Issue title Trusted launch default and VMSS flex default conflict
Create time 2023-11-17
Comment number 1

Please confirm if this resolves your issue.

@gjolly
Copy link
Author

gjolly commented Dec 6, 2023

No, same root cause but different issue.

@yonzhan yonzhan removed the bug This issue requires a change to an existing behavior in the product in order to be resolved. label Dec 6, 2023
@yonzhan yonzhan added this to the Backlog milestone Dec 6, 2023
@AjKundnani
Copy link

This is a known limitation, please use --security-type=Standard to bypass Trusted launch security type as workaround.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Auto-Assign Auto assign by bot Auto-Resolve Auto resolve by bot Azure CLI Team The command of the issue is owned by Azure CLI team Compute az vm/vmss/image/disk/snapshot customer-reported Issues that are reported by GitHub users external to the Azure organization. question The issue doesn't require a change to the product in order to be resolved. Most issues start as that Similar-Issue
Projects
None yet
Development

No branches or pull requests

5 participants