search

F5Networks / f5-aws-cloudformation

CloudFormation Templates for quickly deploying BIG-IP services in Amazon Web Services EC2
112 stars 118 forks source link

[HA cross-AZ] f5.aws_advanced_ha issue #30

Closed tkam8 closed 6 years ago

tkam8 commented 6 years ago

Description

After deploying the below template, log in and confirm the HA iApp settings. The "AZ1 VIP:" field is "/Common/" , which is missing the actual IP of the secondary IP used for the VIP on BIG-IP1 in AZ1.

Failover issues can arise if user is not aware that this field needs to be "reconfigured" in the iApp.

Template

https://github.com/F5Networks/f5-aws-cloudformation/tree/master/supported/cluster/2nic/across-az-ha

Severity Level

Severity: 4

Troubleshooting:

I am looking here: https://github.com/F5Networks/f5-aws-cloudformation/blob/d04fcc4ed7982410840cd456682a7dea068cab99/supported/cluster/2nic/across-az-ha/f5-existing-stack-across-az-cluster-byol-2nic-bigip.template

line 891 "\"tmsh create /sys application service HA_Across_AZs template f5.aws_advanced_ha.v1.4.0rc1 tables add { eip_mappings__mappings { column-names { eip az1_vip az2_vip } rows { { row { ${VIPEIP} /Common/${EXTPRIVIP} /Common/${PEER_EXTPRIVIP} } } } } } variables add { eip_mappings__inbound { value yes } }\"\n",

It should be grabbing the value of /Common/${EXTPRIVIP} , but I don't see it defined anywhere. I think should have something like this somewhere:

"EXTPRIVIP='",
           {
            "Fn::Select": [
             "0",
             {
              "Fn::GetAtt": [
               "Bigip1subnet1Az1Interface",
               "SecondaryPrivateIpAddresses"
              ]
             }
            ]
},

Attempt to failover to the BIG-IP1 unit without this properly configured, and you will get below error, adn the EIP remap will not succeed despite the log saying "EIP takeover completed"....:

/var/log/ltm

Feb 18 21:49:28 ip-10-0-0-197 info aws_advanced_failover: EIP takeover started. Feb 18 21:49:28 ip-10-0-0-197 notice logger: /usr/libexec/aws/aws-failover-tgactive.sh (traffic-group-1): Started. Feb 18 21:49:28 ip-10-0-0-197 info aws_advanced_failover: Setting Environmental Variables. Feb 18 21:49:28 ip-10-0-0-197 info aws_advanced_failover: Environmental Variables Set. Feb 18 21:49:28 ip-10-0-0-197 info aws_advanced_failover: No Secret and Key found, attempting to use IAM Feb 18 21:49:31 ip-10-0-0-197 err tmsh[2945]: 01420006:3: a single IP address must be specified. Feb 18 21:49:31 ip-10-0-0-197 debug aws_advanced_failover: command: tmsh show net route lookup ended with status 1 had stdout: and stderr: Data Input Error: a single IP address must be specified. Feb 18 21:49:31 ip-10-0-0-197 err aws_advanced_failover: Failed command: "tmsh show net route lookup " Feb 18 21:49:31 ip-10-0-0-197 err aws_advanced_failover: There is no good matching VIP for EIP x.x.x.x <----!!!!!!!!!!!!! Feb 18 21:49:31 ip-10-0-0-197 info aws_advanced_failover: No VIP to EIP mapping exists. Feb 18 21:49:31 ip-10-0-0-197 info aws_advanced_failover: No reconfiguration of AWS routes was requested. Feb 18 21:49:31 ip-10-0-0-197 info aws_advanced_failover: EIP takeover completed.

tkam8 commented 6 years ago

image

kskoh commented 6 years ago

This has been corrected in our latest release v2.9.0. See: https://github.com/F5Networks/f5-aws-cloudformation/blob/v2.9.0/supported/cluster/2nic/across-az-ha/f5-existing-stack-across-az-cluster-byol-2nic-bigip.template Thank you

kskoh commented 6 years ago

Close