Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

hubNetworking module deployment fails when DDoS is disabled #860

Closed
2 tasks done
cconstantin opened this issue Sep 21, 2024 · 2 comments
Closed
2 tasks done

hubNetworking module deployment fails when DDoS is disabled #860

cconstantin opened this issue Sep 21, 2024 · 2 comments
Labels
Area: Networking 🌐 Issues / PR's related to Networking Type: Bug 🪲 Something isn't working

Comments

@cconstantin
Copy link
Contributor

What happened? Provide a clear and concise description of the bug, including deployment details.

hubNetworking module deployment fails when DDoS is disabled. This appears to be caused by the DDoS plan reference in the outputs.

Please provide the correlation id associated with your error or bug.

xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx

What was the expected outcome?

Hub networking resources have been created/updated successfully, and DDoS has been disabled on hub vnet.

Relevant log output

Status Message: Resource /subscriptions/<****>/resourceGroups/rg-aci-connectivity/providers/Microsoft.Network/ddosProtectionPlans/alz-ddos-plan not found. (Code: NotFound)

Check previous GitHub issues

  • I have searched the issues for this item and found no duplicate

Code of Conduct

  • I agree to follow this project's Code of Conduct
@cconstantin cconstantin mentioned this issue Sep 21, 2024
Merged
10 tasks
@oZakari oZakari closed this as completed Sep 23, 2024
@oZakari oZakari added Type: Bug 🪲 Something isn't working Area: Networking 🌐 Issues / PR's related to Networking labels Sep 23, 2024
@kasimrehman
Copy link

Hi, I would like to reopen this issue again. I am having this after deploying ALZ with DDOS protection enabled and then setting parDdosEnabled to false and redeploying. I am working with the newest release.

What I find odd, is that I get the same status message as above when trying to disable the plan, saying alz-ddos-plan not found whereas the default value for the DDOS protection name should have included a company prefix (which was not "alz" for me), so I am not sure where "alz-ddos-plan" is coming from. It's neither the actual DDOS plan I have, nor the default value of parDdosPlanName in my case. In fact I get the same message when I try to disable the DDOS protection plan from the portal. Deleting the association to the hub vnet fails because it says it cannot find "alz-ddos-plan". Well, that plan never existed. The only plan that exists is called alz-ddos-plan-germanywestcentral, which is the name the accelerator generated for parDdosPlanName.

@oZakari
Copy link
Contributor

oZakari commented Nov 12, 2024

Hi @kasimrehman, please ensure that you have also set parDdosEnabled to false in the ALZ Defaults Policy Assignment module parameters file. You'll get the error you mentioned as there is a policy assignment that DDoS plan name.

You'll also need to manually remove the policy assignments as Bicep will not be able to remove them after the fact. There will be one policy assignment scoped at the platform's connectivity management group AND another one at the landing zones management group.

Please reach out if you run into any other issues and apologies for any confusion.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Area: Networking 🌐 Issues / PR's related to Networking Type: Bug 🪲 Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@cconstantin @oZakari @kasimrehman