search

F5Networks / f5-aws-cloudformation-v2

AWS Cloudformation Templates for quickly deploying BIG-IP services in AWS
13 stars 22 forks source link

Error launching quickstart #8

Closed mwardbopp closed 2 years ago

mwardbopp commented 2 years ago

Do you already have an issue opened with F5 support? No

GitHub Issues are consistently monitored by F5 staff, but should be considered as best-effort only and you should not expect to receive the same level of response as provided by F5 Support. Please open a case with F5 if this is a critical issue.

Description

Describe the problem you're having or the enhancement you'd like to request.

When deploying the quickstart 3NIC I get the following error:

user xxx does not own a resource (Service: Ec2, Status Code: 400, Request ID: 5160a79f-edd2-4dd2-9bf1-13a90ef3a6b2, Extended Request ID: null)"

When trying to create BigipStaticInternalInterface

I've tried this a root account owner as well as my corp AWS login.

When I try 1NIC/2NIC, it fails/times out when trying to create BigipStandalone

Template

For bugs, enter the template with which you are experiencing issues below.

https://github.com/F5Networks/f5-aws-cloudformation-v2/tree/2806f11d05869bf31ce3cfa222eb5460ee3f3575/examples/quickstart

Severity Level

For bugs, enter the bug severity level. Do not set any labels.

Severity: 2

Severity level definitions:

  1. Severity 1 (Critical) : Defect is causing systems to be offline and/or nonfunctional. Immediate attention is required.
  2. Severity 2 (High) : Defect is causing major obstruction of system operations.
  3. Severity 3 (Medium) : Defect is causing intermittent errors in system operations.
  4. Severity 4 (Low) : Defect is causing infrequent interuptions in system operations.
  5. Severity 5 (Trivial) : Defect is not causing any interuptions to system operations is still a bug.
shyawnkarim commented 2 years ago

Thanks for reporting this bug. I was able to duplicate this issue and we are now tracking it with internal ID, ESECLDTPLT-2916.

JeffGiroux commented 2 years ago

What is status of this bug? I just hit same issue trying multiple attempts. Last update on this ticket is over 2 months ago.

JeffGiroux commented 2 years ago

Testing and I thought this might be related to the internal IP assignment or lack of security group for internal interface. It shouldn't matter, but that's what I'm testing. As first pass, I tried to leave internal IP dynamic. However, I still received the same error but this time for the dynamic internal interface block.

Embedded stack arn:aws:cloudformation:us-west-2:xxxx:stack/giroux-standalone1-BigipStandalone-xxxx/xxxx was not successfully created: The following resource(s) failed to create: [BigipInternalInterface].
shyawnkarim commented 2 years ago

@JeffGiroux, this bug has been fixed and will be released in our next release near the end of February.

JeffGiroux commented 2 years ago

@mwardbopp, when you failed at 2nic...probably due to MAC address retrieval failure during runtime init onboard. Maybe, maybe not. I just opened a ticket after trying 2nic, then I checked logs. Details here...

https://github.com/F5Networks/f5-aws-cloudformation-v2/issues/12

JeffGiroux commented 2 years ago

I validated this works with 2nic. Not 3nic due to same error on the internal NIC. On the support ticket side...I opened a ticket with AWS support to help troubleshoot the error as it's vague. High level, looks to be permission issue but I do not know why, so hopefully AWS support can see some additional debug logging on the backend.

For now, a workaround is to use 2nic.

Workaround

If your requirement is a 2nic BIG-IP great. Update 'numNics' to 2, then update 'bigIpRuntimeInitConfig' to the 2nic yaml file, and your deployment will be successful!

Example in quickstart-parameters.json

  {
    "ParameterKey": "numNics",
    "ParameterValue": "2"
  },
  {
    "ParameterKey": "bigIpRuntimeInitConfig",
    "ParameterValue": "https://f5-cft-v2.s3.amazonaws.com/f5-aws-cloudformation-v2/v1.1.0.0/examples/quickstart/bigip-configurations/runtime-init-conf-2nic-payg.yaml"
  },
JeffGiroux commented 2 years ago

@shyawnkarim is there a workaround you can provide with code snippets for the 3nic?

shyawnkarim commented 2 years ago

For a quick workaround to get the 3nic working, update the quickstart parent template to pass the following parameters to bigip-standalone module:

internalSecurityGroupId: !If [3nic, !GetAtt [Dag, Outputs.appSecurityGroupId],

The Dag module does not support creation of internalSecurityGroup so we can use appSecurityGroup to make it work.

This workaround will not work, however, if having internalSecurityGroup is a requirement, since the Dag template would need to be updated to provision and output internalSecurityGroup.

Our next release address all of this.

shyawnkarim commented 2 years ago

Closing.

This bug fix was included with Release 2.0.0.0.