Portworx Azure disk not getting deleted from when deployment fails for ARO

Ghosh, Sanu 1 Reputation point

When we deploy Portworx storage cluster on Azure redhat Openshift, In the backend Azure disks get created
for reference
Australia East
Premium SSD LRS

but portwox storage cluster and storage nodes fails

and when ever pod restarts it creates disks

now when we are trying to delete these disks we are not able to delete these disks

even owner and contributor can delete it
and getting below error


Failed to delete disk
Failed to delete disk 'PX-DO-NOT-DELETE-00332d5b-54ee-4f47-baa1-86b12a53d17d'. Error: The client 'sanu.ghosh@Yoshimi, Shimamura .com' with object id '540e5759-b7b6-4d74-87f3-ce5e9cef150e' has permission to perform action 'Microsoft.Compute/disks/delete' on scope 'aro-l92n0fqz/providers/Microsoft.Compute/disks/PX-DO-NOT-DELETE-00332d5b-54ee-4f47-baa1-86b12a53d17d'>PX-DO-NOT-DELETE-00332d5b-54ee-4f47-baa1-86b12a53d17d'; however, the access is denied because of the deny assignment with name '5901f0c2-9094-59b4-9a77-c83ca3b768ca' and Id '5901f0c2909459b49a77c83ca3b768ca' at scope '/subscriptions/6ed90f42-1fd7-4b6f-a72e-ff059edc9e8b/resourcegroups/aro-l92n0fqz'.


Azure Red Hat OpenShift
Azure Red Hat OpenShift
An Azure service that provides a flexible, self-service deployment of fully managed OpenShift clusters.
69 questions
Azure Role-based access control
Azure Role-based access control
An Azure service that provides fine-grained access management for Azure resources, enabling you to grant users only the rights they need to perform their jobs.
666 questions
0 comments No comments
{count} votes

2 answers

Sort by: Most helpful
  1. KarishmaTiwari-MSFT 18,367 Reputation points Microsoft Employee

    Which version of ARO are you using? Please try the latest version of ARO.
    Documentation link for ARO cluster creation: https://learn.microsoft.com/en-us/azure/openshift/tutorial-create-cluster

    ARO is a managed service and customer does not have full management right on the cluster so the RG is locked.

    If this doesn't help, I saw that you have a support ticket open for the same issue. The support engineers can look at the backend and further investigate the issue. Once you have a resolution, I would post the answer here for others to reference.

    0 comments No comments

  2. Andrew M Trice 1 Reputation point

    I am facing a similar permissions issue when I attempt to install Portworx into an ARO cluster. The pods within the StorageCluster never become available, and in the pod logs I see an error message almost identical to the one posted above. It looks like the permissions on the restricted resource group are preventing a successful Portworx deployment. Does anyone know what needs to be done to get Portworx to deploy successfully on the cluster?

    0 comments No comments