Cohesity Cloud Scale Technology Deployment Guide Using Terraform for Microsoft Azure

1

Error:

"psql: error: connection to server at "smveritas1-postgres.postgres.database.azure.com" 
(10.119.74.36), port 5432 failed: FATAL:  no pg_hba.conf entry for host "10.119.72.151", 
user "nbdbadmin", database "postgres", no encryption"

The deployment scripts request the db password to encrypt the password using SCRAM_SHA-256 method but Azure encrypts it using MD5.

Resolution: You may have to re-encrypt the passwords after deploying the AKS and DBaaS infrastructure.

2

The Terraform supports the podman-based Cloud Scale Technology deployments which will not support the docker implemented nbbuilder script for engineering binary installations.

Resolution: The Podman does not support engineering binary installation as the nbbuilder script supports only docker installation.

3

Even after executing the destroy command, execute the manual steps provided in the resolution if there are any folders that are not removed from the en4vironment.

If you want to delete the entire infrastructure, using the Azure Portal:

For the clean deployment next time, ensure that you have also deleted the following:

4

Error: Azure API returned the following

Error: updating Flexible Server 
(Subscription: "1afb8748-7dc0-4ddc-8faf-e453dccb7ca3"
 │ Resource Group Name: "rg-ananmainldbrem"
 │ Flexible Server Name: "anshadbrem-postgres"): 
polling after Update: polling failed: the Azure API 
returned the following error: │ │ Status: "Failed" │ 
Code: "Failed" │ Message: "Server anshadbrem-postgres
 is busy with other operations. Please try later" │

Resolution: Retry the base deployment.

5

Before executing the terraform destroy command, execute the following command:

"TOKEN=$(az acr login --name acr_name --expose-token --output tsv --query accessToken);helm registry login acr_name --username 00000000-0000-0000-0000-000000000000 --password $TOKEN""

Reason:As per official documentation from Microsoft, it is recommended to run the az acr login command before executing any docker command as the acr login expires after 3 hours.

6

Following warning messages are displayed during the addon deployment:

W1002 14:51:24.301599   27385 warnings.go:70] spec.privateKey.rotationPolicy: In cert-manager >= v1.18.0, the default value changed from `Never` to `Always`.
null_resource.install_trust_manager (local-exec): :warning:  WARNING: Consider increasing the Helm value `replicaCount` to 2 if you require high availability.
null_resource.install_trust_manager (local-exec): :warning:  WARNING: Consider setting the Helm value `podDisruptionBudget.enabled` to true if you require high 
availability.

Ignore these warnings and proceed further.

7

Following error message is displayed when deploying with RG/MC_group creation time:

Status 400 (400 Bad Request) with response: {
│   "code": "InvalidParameter",
│   "details": null,
│   "message": "The length of the node resource group name is too long. The maximum length is 80 and the length of the value provided is 84. Please see 
https://aka.ms/aks-naming-rules for more details.",
│   "subcode": "",
│   "target": "name"
│  }
│
│   with module.cloudscale_aks.azurerm_kubernetes_cluster.cloudscale,
│   on modules/cloudscale-aks/main.tf line 11, in resource "azurerm_kubernetes_cluster" "cloudscale":
│   11: resource "azurerm_kubernetes_cluster" "cloudscale" {
│

To avoid errors, ensure that you follow the guidelines listed in the following documentation while creating RG/MC_group:

Naming restrictions for AKS resources and parameters