I've deployed a virtual machine scale set (VMSS) to Azure as part of a Service Fabric cluster. When I try to redeploy the template, slightly enhanced to update the VMSS with an additional secret, I get the following error. I've verified that the parameters I'm using are all correct.
"type": "Microsoft.Compute/virtualMachineScaleSets",
// ...
"osProfile": {
// ...
"secrets": [
{
"sourceVault": {
"id": "[parameters('sourceVaultValue')]"
},
"vaultCertificates": [
{
"certificateStore": "[parameters('certificateStoreValue')]",
"certificateUrl": "[parameters('certificateUrlValue')]"
},
{ // ******* ADDED *******
"certificateStore": "[parameters('certificateStoreValue')]",
"certificateUrl": "[parameters('sslCertificateUrlValue')]"
} // ******* ADDED *******
]
}
]
}, // ...
New-AzureRmResourceGroupDeployment : 5:46:20 PM - Resource Microsoft.Compute/virtualMachineScaleSets 'Primary' failed with message
'VHD Containers currently being used by any Virtual Machine Scale Set VM instances may not be removed. To remove a VHD Container, all
Virtual Machine Scale Set VM instances using it must first be deleted.'
At D:\myapp\deploy\deploy.ps1:104 char:5
+ New-AzureRmResourceGroupDeployment -ResourceGroupName $resourceGr ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [New-AzureRmResourceGroupDeployment], Exception
+ FullyQualifiedErrorId : Microsoft.Azure.Commands.Resources.NewAzureResourceGroupDeploymentCommand
I've managed to work around this using PowerShell instead, based on this answer. But I would still really like to find a way to have the ARM template deployment add new certificates or other secrets to an existing VMSS deployment.
UPDATE: Turns out that when I had copied down the ARM template I had modified the storage account parameters, but Service Fabric was already configured to use the prior autogenerated names.