Loading source
Pulling the file list, source metadata, and syntax-aware rendering for this listing.
Source from repo
Build and deploy AI applications on Azure AI Foundry using Microsoft's model catalog and AI services
Files
Skill
Size
Entrypoint
Format
Open file
Syntax-highlighted preview of this file as included in the skill package.
resource/private-network/references/deploy.md
1# Deploy & Track2Applies to all private network deployments.4## Deploy6```bash8az deployment group create \9--resource-group <rg> \10--template-file main.bicep \11--parameters main.bicepparam \12--name <deployment-name>13```14> ⚠️ Capability host provisioning is **asynchronous** (10–20 min). The CLI produces no output during this phase.16## Monitor Progress18Use exponential backoff — do NOT poll every 30 seconds.20| Poll | Wait |22|------|------|23| 1st | 1 min after deploy starts |24| 2nd | 3 min after 1st |25| 3rd | 5 min after 2nd |26| 4th+ | Every 5 min |27```bash29# Overall state30az deployment group show \31--resource-group <rg> --name <deployment-name> \32--query "{state:properties.provisioningState,error:properties.error}" -o json33# Per-resource progress35az deployment operation group list \36--resource-group <rg> --name <deployment-name> \37--query "[].{resource:properties.targetResource.resourceType,state:properties.provisioningState}" -o table38```39Or block with timeout:41```bash43az deployment group wait \44--resource-group <rg> --name <deployment-name> \45--created --timeout 180046```47## Error Recovery49When a deployment fails, follow this workflow:51### Step 1 — Identify the error53```bash55az deployment operation group list \56--resource-group <rg> \57--name <deployment-name> \58--query "[?properties.provisioningState=='Failed'].{resource:properties.targetResource.resourceType,error:properties.statusMessage}" \59-o json60```61### Step 2 — Resolve63Use `microsoft_docs_search` with the error code or message to find current remediation. The legionservicelink retry rule is documented in the main workflow's Error Handling section.65| Error | Likely cause | Fix |67|-------|-------------|-----|68| `legionservicelink` / subnet in use | Orphaned service link from prior attempt | Use a new `vnetName` — do not reuse the prior VNet |69| `AuthorizationFailed` on `validate/action` | Missing Contributor role | Assign Contributor + User Access Administrator to deploying identity |70| `SubnetDelegationAlreadyExists` | Agent subnet already delegated to another resource | Use a new VNet or open a support ticket to remove the delegation |71| `disableLocalAuth` policy violation | Template defaults to `false` | Set `disableLocalAuth: true` in Bicep params |72| `defaultOutboundAccess` policy violation | Subnets missing the property | Add `defaultOutboundAccess: false` to subnet properties |73### Step 3 — Present fix to user and get approval75Before re-deploying, show the user:77- What failed and why78- What file/parameter will be changed79- The new `vnetName` to use (must be different from the failed run)80### Step 4 — Re-deploy with a new deployment name82```bash84# Update main.bicepparam: change vnetName to a new unique name85az deployment group create \86--resource-group <rg> \87--template-file main.bicep \88--parameters main.bicepparam \89--name <deployment-name>-retry90```91