Closed mwardbopp closed 2 years ago
Thanks for reporting this bug. I was able to duplicate this issue and we are now tracking it with internal ID, ESECLDTPLT-2916.
What is status of this bug? I just hit same issue trying multiple attempts. Last update on this ticket is over 2 months ago.
Testing and I thought this might be related to the internal IP assignment or lack of security group for internal interface. It shouldn't matter, but that's what I'm testing. As first pass, I tried to leave internal IP dynamic. However, I still received the same error but this time for the dynamic internal interface block.
Embedded stack arn:aws:cloudformation:us-west-2:xxxx:stack/giroux-standalone1-BigipStandalone-xxxx/xxxx was not successfully created: The following resource(s) failed to create: [BigipInternalInterface].
@JeffGiroux, this bug has been fixed and will be released in our next release near the end of February.
@mwardbopp, when you failed at 2nic...probably due to MAC address retrieval failure during runtime init onboard. Maybe, maybe not. I just opened a ticket after trying 2nic, then I checked logs. Details here...
https://github.com/F5Networks/f5-aws-cloudformation-v2/issues/12
I validated this works with 2nic. Not 3nic due to same error on the internal NIC. On the support ticket side...I opened a ticket with AWS support to help troubleshoot the error as it's vague. High level, looks to be permission issue but I do not know why, so hopefully AWS support can see some additional debug logging on the backend.
For now, a workaround is to use 2nic.
If your requirement is a 2nic BIG-IP great. Update 'numNics' to 2, then update 'bigIpRuntimeInitConfig' to the 2nic yaml file, and your deployment will be successful!
Example in quickstart-parameters.json
{
"ParameterKey": "numNics",
"ParameterValue": "2"
},
{
"ParameterKey": "bigIpRuntimeInitConfig",
"ParameterValue": "https://f5-cft-v2.s3.amazonaws.com/f5-aws-cloudformation-v2/v1.1.0.0/examples/quickstart/bigip-configurations/runtime-init-conf-2nic-payg.yaml"
},
@shyawnkarim is there a workaround you can provide with code snippets for the 3nic?
For a quick workaround to get the 3nic working, update the quickstart parent template to pass the following parameters to bigip-standalone module:
internalSecurityGroupId: !If [3nic, !GetAtt [Dag, Outputs.appSecurityGroupId],
The Dag module does not support creation of internalSecurityGroup so we can use appSecurityGroup to make it work.
This workaround will not work, however, if having internalSecurityGroup is a requirement, since the Dag template would need to be updated to provision and output internalSecurityGroup.
Our next release address all of this.
Closing.
This bug fix was included with Release 2.0.0.0.
Do you already have an issue opened with F5 support? No
GitHub Issues are consistently monitored by F5 staff, but should be considered as best-effort only and you should not expect to receive the same level of response as provided by F5 Support. Please open a case with F5 if this is a critical issue.
Description
Describe the problem you're having or the enhancement you'd like to request.
When deploying the quickstart 3NIC I get the following error:
user xxx does not own a resource (Service: Ec2, Status Code: 400, Request ID: 5160a79f-edd2-4dd2-9bf1-13a90ef3a6b2, Extended Request ID: null)"
When trying to create BigipStaticInternalInterface
I've tried this a root account owner as well as my corp AWS login.
When I try 1NIC/2NIC, it fails/times out when trying to create BigipStandalone
Template
For bugs, enter the template with which you are experiencing issues below.
https://github.com/F5Networks/f5-aws-cloudformation-v2/tree/2806f11d05869bf31ce3cfa222eb5460ee3f3575/examples/quickstart
Severity Level
For bugs, enter the bug severity level. Do not set any labels.
Severity: 2
Severity level definitions: