terraform-provider-azurerm: Error deleting a VM linked to a backend address pool association

Community Note

Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
Please do not leave “+1” or “me too” comments, they generate extra noise for issue followers and do not help prioritize the request
If you are interested in working on this issue or have submitted a pull request, please leave a comment

Terraform (and AzureRM Provider) Version

Terraform v0.12.5
provider.azurerm v1.33.0

Affected Resource(s)

azurerm_network_interface_backend_address_pool_association
azurerm_lb_backend_address_pool
azurerm_virtual_machine

Terraform Configuration Files

provider "azurerm" {
  version = "~> 1.33"
}

variable "prefix" {
  default = "tfvmex"
}

resource "azurerm_resource_group" "test" {
  name     = "example-resources"
  location = "West Europe"
}

resource "azurerm_virtual_network" "test" {
  name                = "example-network"
  address_space       = ["10.0.0.0/16"]
  location            = "${azurerm_resource_group.test.location}"
  resource_group_name = "${azurerm_resource_group.test.name}"
}

resource "azurerm_subnet" "test" {
  name                 = "internal"
  resource_group_name  = "${azurerm_resource_group.test.name}"
  virtual_network_name = "${azurerm_virtual_network.test.name}"
  address_prefix       = "10.0.2.0/24"
}

resource "azurerm_public_ip" "test" {
  name                = "example-pip"
  location            = "${azurerm_resource_group.test.location}"
  resource_group_name = "${azurerm_resource_group.test.name}"
  allocation_method   = "Static"
}

resource "azurerm_lb" "test" {
  name                = "example-lb"
  location            = "${azurerm_resource_group.test.location}"
  resource_group_name = "${azurerm_resource_group.test.name}"

  frontend_ip_configuration {
    name                 = "primary"
    public_ip_address_id = "${azurerm_public_ip.test.id}"
  }
}

resource "azurerm_lb_backend_address_pool" "test" {
  resource_group_name = "${azurerm_resource_group.test.name}"
  loadbalancer_id     = "${azurerm_lb.test.id}"
  name                = "acctestpool"
}

resource "azurerm_network_interface" "test" {
  name                = "example-nic"
  location            = "${azurerm_resource_group.test.location}"
  resource_group_name = "${azurerm_resource_group.test.name}"

  ip_configuration {
    name                          = "testconfiguration1"
    subnet_id                     = "${azurerm_subnet.test.id}"
    private_ip_address_allocation = "Dynamic"
  }
}

resource "azurerm_network_interface_backend_address_pool_association" "test" {
  network_interface_id    = "${azurerm_network_interface.test.id}"
  ip_configuration_name   = "testconfiguration1"
  backend_address_pool_id = "${azurerm_lb_backend_address_pool.test.id}"
}

resource "azurerm_virtual_machine" "main" {
  name                  = "${var.prefix}-vm"
  location              = "${azurerm_resource_group.test.location}"
  resource_group_name   = "${azurerm_resource_group.test.name}"
  network_interface_ids = ["${azurerm_network_interface.test.id}"]
  vm_size               = "Standard_DS1_v2"

  delete_os_disk_on_termination = true
  delete_data_disks_on_termination = true

  storage_image_reference {
    publisher = "Canonical"
    offer     = "UbuntuServer"
    sku       = "16.04-LTS"
    version   = "latest"
  }
  storage_os_disk {
    name              = "myosdisk1"
    caching           = "ReadWrite"
    create_option     = "FromImage"
    managed_disk_type = "Standard_LRS"
  }
  os_profile {
    computer_name  = "hostname"
    admin_username = "testadmin"
    admin_password = "Password1234!"
  }
  os_profile_linux_config {
    disable_password_authentication = false
  }
  tags = {
    environment = "staging"
  }
}

Expected Behavior

The resources can be successfully created and terraform apply and deleted with terraform destroy.

Actual Behavior

terraform destroy fails with

Error waiting for removal of Backend Address Pool Association for NIC "example-nic" 
(Resource Group "example-resources"): Code="OperationNotAllowed" 
Message="Operation 'startTenantUpdate' is not allowed on VM 'tfvmex-vm' since 
the VM is marked for deletion. You can only retry the Delete operation (or wait for an 
ongoing one to complete)." Details=[]

Since there’s no dependency between the VM and the Backend Address Pool resources, the pool is deleted before the VM, which causes to VM deletion errror. VM deletion should handle this situation gracefully. Alternatively, the resource model should be adjusted to prevent the backend pool association to be deleted before the VM.

Steps to Reproduce

terraform apply
terraform destroy

About this issue

Original URL
State: closed
Created 5 years ago
Reactions: 3
Comments: 15 (7 by maintainers)

Most upvoted comments

Could someone explain why this is closed? We’re seeing more dependency issues suddenly appearing in this same vein. I’ll work on some reproduction code if needed, but this is clearly not a solved issue.

dbilleci-lightstream on Sep 25, 2019

@tombuildsstuff I upgraded to 1.34, tried again, and the destruction still fails for me with the same error:

azurerm_virtual_machine.main: Still destroying... [id=/subscriptions/...soft.Compute/virtualMachines/tfvmex-vm, 2m30s elapsed]
azurerm_virtual_machine.main: Destruction complete after 2m31s

Error: Error waiting for removal of Backend Address Pool Association for NIC "example-nic" 
(Resource Group "example-resources"): Code="OperationNotAllowed" Message="Operation 
'startTenantUpdate' is not allowed on VM 'tfvmex-vm' since the VM is marked for deletion. 
You can only retry the Delete operation (or wait for an ongoing one to complete)." Details=[]

Ran apply-destroy 3 times, got 3 errors. A subsequent destroy after the failure succeeds.

I’m on Terraform 0.12.8 on Windows, running the copy-pasted script from the above (updated to ~> 1.34).

mikhailshilkov on Sep 20, 2019