Support Questions

Find answers, ask questions, and share your expertise

Is it possible to tell Cloudbreak to create Azure Storage Accounts with "Secure transfer required" enabled?

New Contributor

Our digital security team has policy in place that requires storage accounts be created with secure transfer enabled. This is causing cluster deployment to fail almost immediately with the following error:

cloudbreak_1   | 2018-10-15 21:14:05,064 [RxIoScheduler-5] log:55 INFO  c.m.a.m.s.StorageAccounts create - [owner:spring] [type:springLog] [id:] [name:] [flow:] [tracking:] --> PUT<subscription>/resourceGroups/cloudbreak-images/providers...
cloudbreak_1   | 2018-10-15 21:14:05,244 [RxIoScheduler-5] log:55 INFO  c.m.a.m.s.StorageAccounts create - [owner:spring] [type:springLog] [id:] [name:] [flow:] [tracking:] <-- 403 Forbidden<subscription>/resourceGroups/cloudbreak-images/providers... (179 ms, 1581-byte body)
cloudbreak_1   | 2018-10-15 21:14:05,258 [reactorDispatcher-15] prepareImage:77 ERROR c.s.c.c.a.AzureSetup - [owner:11e84560-4e65-4883-ac27-d1229f87a9d0] [type:STACK] [id:6] [name:stefan-test-2] [flow:1549ed56-7093-4a88-8668-0a3583828def] [tracking:] Could not create image with the specified parameters
cloudbreak_1   | Resource 'cbimgne0af2cfef5d804171a' was disallowed by policy. Policy identifiers: '[{"policyAssignment":{"name":"[Custom] Ensure https traffic only for storage account","id":"/providers/Microsoft.Management/managementgroups/Root/providers/Microsoft.Authorization/policyAssignments/ab6676de3e234be08ae27478"},"policyDefinition":{"name":"[Custom] Ensure https traffic only for storage account","id":"/providers/Microsoft.Management/managementgroups/Root/providers/Microsoft.Authorization/policyDefinitions/[Custom] Ensure https traffic only for storage account"}}]'.

Is it possible to change this somewhere such that the storage account is created with secure transfer enabled? We really don't want to go after a policy "exception" if at all possible.



Cloudbreak does not support this azure feature yet, but can you please create manually the "cbimgne0af2cfef5d804171a" storage account under "cloudbreak-images" resource group before cluster install? Cloudbreak will recognize the resource group and storage account exists, so cloudbreak will not create this storage account.

New Contributor

Hi Peter,

Thanks for the suggestion! That got me a little further, but it still fails. It appears that it is trying to connect with http and not https.


cloudbreak_1   | Caused by: can't create container in storage, storage service error occurred
cloudbreak_1   |        at
cloudbreak_1   |        at
cloudbreak_1   |        at
cloudbreak_1   |        ... 23 common frames omitted
cloudbreak_1   | Caused by: The account being accessed does not support http.
cloudbreak_1   |        at
cloudbreak_1   |        at
cloudbreak_1   |        at
cloudbreak_1   |        at
cloudbreak_1   |        at
cloudbreak_1   |        at
cloudbreak_1   |        at
cloudbreak_1   |        at
cloudbreak_1   |        ... 25 common frames omitted


@Stefan Garrard

Your issue is valid, I've opened a PR with the fix:

May I ask which version of Cloudbreak are you using?

New Contributor

Hi @pdarvasi, Thanks for submitting the PR for us! We are running Cloudbreak 2.7.1.

@Stefan Garrard

You can upgrade to the newest version containing the fix following these steps:

1.Navigate to your deployment directory, typically /var/lib/cloudbreak-deployment

2.Edit and then run the following curl command:

export CBD_VERSION=2.7.3-rc.6
curl -Ls${CBD_VERSION}_$(uname)_x86_64.tgz | tar -xz -C /bin cbd

3.Verify the version:

cbd version 

4.Next, restart Cloudbreak by using:

cbd restart  

Hope this helps resolving your issue!

New Contributor

@pdarvasi I tried doing this a couple of days and also again today and ran into this error after downloading the new cbd version:

[root@hostname cloudbreak-deployment]# curl -Ls${CBD_VERSION}_$(uname)_x86_64.tgz | tar -xz -C /bin cbd
[root@hostname cloudbreak-deployment]#
[root@hostname cloudbreak-deployment]# cbd version
local version:2.7.3-rc.6-ce93c9d
latest release:2.7.2
docker images:
[root@hostname cloudbreak-deployment]# cbd start
generating docker-compose.yml
generating uaa.yml
Initialize and migrate databases
Starting cbreak_commondb_1 ... done
Pulling uluwatu (hortonworks/hdc-web:2.7.3-rc.6)...
Trying to pull repository ...
Trying to pull repository ...
manifest for not found

Is there something that I might be doing wrong?

Thanks again for your help so far!


@Stefan Garrard

You are right, the docker image build was not completed for that RC build.

Could you please try it out with 2.7.3-rc.16?

Sorry for the inconvenience!