Portworx Azure disk not getting deleted from when deployment fails for ARO

Ghosh, Sanu 1 Reputation point
2021-06-18T14:03:17.957+00:00

When we deploy Portworx storage cluster on Azure redhat Openshift, In the backend Azure disks get created
for reference
ARO-L92N0FQZ
Australia East
PX-DO-NOT-DELETE-00332d5b-54ee-4f47-baa1-86b12a53d17d
Premium SSD LRS
150

but portwox storage cluster and storage nodes fails

and when ever pod restarts it creates disks

now when we are trying to delete these disks we are not able to delete these disks

even owner and contributor can delete it
and getting below error

=============================================================

Failed to delete disk
Failed to delete disk 'PX-DO-NOT-DELETE-00332d5b-54ee-4f47-baa1-86b12a53d17d'. Error: The client 'sanu.ghosh@Yoshimi, Shimamura .com' with object id '540e5759-b7b6-4d74-87f3-ce5e9cef150e' has permission to perform action 'Microsoft.Compute/disks/delete' on scope 'aro-l92n0fqz/providers/Microsoft.Compute/disks/PX-DO-NOT-DELETE-00332d5b-54ee-4f47-baa1-86b12a53d17d'>PX-DO-NOT-DELETE-00332d5b-54ee-4f47-baa1-86b12a53d17d'; however, the access is denied because of the deny assignment with name '5901f0c2-9094-59b4-9a77-c83ca3b768ca' and Id '5901f0c2909459b49a77c83ca3b768ca' at scope '/subscriptions/6ed90f42-1fd7-4b6f-a72e-ff059edc9e8b/resourcegroups/aro-l92n0fqz'.

================================================================

Azure Red Hat OpenShift
Azure Red Hat OpenShift
An Azure service that provides a flexible, self-service deployment of fully managed OpenShift clusters.
71 questions
Azure Role-based access control
Azure Role-based access control
An Azure service that provides fine-grained access management for Azure resources, enabling you to grant users only the rights they need to perform their jobs.
671 questions
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. KarishmaTiwari-MSFT 18,522 Reputation points Microsoft Employee
    2021-06-18T23:42:53.22+00:00

    Which version of ARO are you using? Please try the latest version of ARO.
    Documentation link for ARO cluster creation: https://learn.microsoft.com/en-us/azure/openshift/tutorial-create-cluster

    ARO is a managed service and customer does not have full management right on the cluster so the RG is locked.

    If this doesn't help, I saw that you have a support ticket open for the same issue. The support engineers can look at the backend and further investigate the issue. Once you have a resolution, I would post the answer here for others to reference.

    0 comments
  2. Andrew M Trice 1 Reputation point
    2022-03-09T13:48:14.173+00:00

    I am facing a similar permissions issue when I attempt to install Portworx into an ARO cluster. The pods within the StorageCluster never become available, and in the pod logs I see an error message almost identical to the one posted above. It looks like the permissions on the restricted resource group are preventing a successful Portworx deployment. Does anyone know what needs to be done to get Portworx to deploy successfully on the cluster?

    0 comments