Velero | Storage Target Location Unavailable | The provided subscription identifier '<sub_id>]' is malformed or invalid
search cancel

Velero | Storage Target Location Unavailable | The provided subscription identifier '<sub_id>]' is malformed or invalid

book

Article ID: 389240

calendar_today

Updated On:

Products

VMware Tanzu Mission Control

Issue/Introduction

During the deployment of Velero plugins for Microsoft Azure, the following error is encountered:

level=error msg="Current BackupStorageLocations available/unavailable/unknown: 0/1/0, BackupStorageLocation 'azure-blob' is unavailable: rpc error: code = Unknown desc = failed to get storage account access key: failed to list storage account access keys: POST https://management.azure.com/subscriptions/<sub_id>]/resourceGroups/<group_id>/providers/Microsoft.Storage/storageAccounts/alicsstorageprodna/listKeys

RESPONSE 400: 400 Bad Request
ERROR CODE: InvalidSubscriptionId

{
    "error": {
  "code": "InvalidSubscriptionId",
  "message": "The provided subscription identifier '<sub_id>]' is malformed or invalid."
  }
}

Environment

VMware Tanzu Mission Control

Cause

The issue occurs due to incorrect syntax in the Velero documentation, where square brackets are included in configuration commands. These brackets are not required and cause installation failures.

For example, the incorrect format includes brackets:

[,resourceGroup=$AZURE_BACKUP_RESOURCE_GROUP,subscriptionId=$AZURE_BACKUP_SUBSCRIPTION_ID]

The correct format should be a simple comma-separated list without brackets:

resourceGroup=$AZURE_BACKUP_RESOURCE_GROUP,subscriptionId=$AZURE_BACKUP_SUBSCRIPTION_ID

Resolution

To resolve this issue, ensure that square brackets are removed from the configuration commands when setting up Velero for Azure.

Incorrect (with brackets, causes failure):

velero install \
    --provider azure \
    --plugins velero/velero-plugin-for-microsoft-azure:v1.11.0 \
    --bucket $BLOB_CONTAINER \
    --secret-file ./credentials-velero \
    --backup-location-config useAAD="true",resourceGroup=$AZURE_BACKUP_RESOURCE_GROUP,storageAccount=$AZURE_STORAGE_ACCOUNT_ID[,subscriptionId=$AZURE_BACKUP_SUBSCRIPTION_ID] \
    --snapshot-location-config apiTimeout=<YOUR_TIMEOUT>[,resourceGroup=$AZURE_BACKUP_RESOURCE_GROUP,subscriptionId=$AZURE_BACKUP_SUBSCRIPTION_ID]

Correct (without brackets, works as expected):

velero install \
    --provider azure \
    --plugins velero/velero-plugin-for-microsoft-azure:v1.11.0 \
    --bucket $BLOB_CONTAINER \
    --secret-file ./credentials-velero \
    --backup-location-config useAAD="true",resourceGroup=$AZURE_BACKUP_RESOURCE_GROUP,storageAccount=$AZURE_STORAGE_ACCOUNT_ID[,subscriptionId=$AZURE_BACKUP_SUBSCRIPTION_ID] \
    --snapshot-location-config apiTimeout=<YOUR_TIMEOUT>,resourceGroup=$AZURE_BACKUP_RESOURCE_GROUP,subscriptionId=$AZURE_BACKUP_SUBSCRIPTION_ID

The same correction applies to the backup-location create command.

Incorrect:

velero backup-location create <bsl-name> \
  --provider azure \
  --bucket $BLOB_CONTAINER \
  --config resourceGroup=$AZURE_BACKUP_RESOURCE_GROUP,storageAccount=$AZURE_STORAGE_ACCOUNT_ID,storageAccountKeyEnvVar=AZURE_STORAGE_ACCOUNT_ACCESS_KEY[,subscriptionId=$AZURE_BACKUP_SUBSCRIPTION_ID] \
  --credential=bsl-credentials=azure

Correct:

velero backup-location create <bsl-name> \
  --provider azure \
  --bucket $BLOB_CONTAINER \
  --config resourceGroup=$AZURE_BACKUP_RESOURCE_GROUP,storageAccount=$AZURE_STORAGE_ACCOUNT_ID,storageAccountKeyEnvVar=AZURE_STORAGE_ACCOUNT_ACCESS_KEY,subscriptionId=$AZURE_BACKUP_SUBSCRIPTION_ID \
  --credential=bsl-credentials=azure

Additional Information

For further reference, check the official Velero documentation:

https://github.com/vmware-tanzu/velero-plugin-for-microsoft-azure

Powered by Wolken Software