Azure deployment fails on accessTemplate

[karavuchz]

Describe the bug

Azure deployment fails on accessTemplate.

Expected behavior

I have created a Resource group I am the owner of and all object are going in that resource group Expecting the deployment to completed and build the all objects

Current behavior

Most of the objects have been deployed but BigIPs are not

Possible solution

Steps to reproduce

1. 2. 3. 4.

Screenshots

Intput For deployment

Result when deploying

Context

I am unable to deploy this solution. The F5 VE are not deployed.

Your Environment

• Version used:
• Environment name and version (e.g. Chrome 59, node.js 5.4, python 3.7.3): Chrome 100
• Operating System and version (desktop or mobile): Windows 10
• Link to your project:

[mikeshimkus]

@karavuchz Hi, thanks for reporting this. When you created this deployment, did the f5halab-useridentity user identity already exist? If so it would cause an error because the role assigned to the identity cannot be updated. Using a unique value for uniqueString should prevent this.

[karavuchz]

Thank you @mikeshimkus for the quick reply. I can confirm that, that user identity does not exist prior to the deployment. I have tried deploy this with different names to no avail.

[mikeshimkus]

I created internal issue #3064 to track this. Can you provide the following additional info:

• The actual inputs used for the access template (should be able to drill down into the deployment to get these)
• The version of the ARM template you are using

Also confirm that your account has the required permissions to create a role assignment (Microsoft.Authorization/roleAssignments/write permission or Owner/Contributor role at the resource group scope). thanks

[karavuchz]

@mikeshimkus Based on your first comment I went ahead and create a brand new resource group to re-deploy. Somehow I went a little further this time. I feel like the issue might be a delete object that was not fully flushed by Azure But then I get this error on the bigIptemplate specific to the appseclab-bigip-vm01/onboarder and appseclab-bigip-vm02/onboarder

I am running the Azure Arm Temple v2 Release 21.7.0 and I am Owner on the Resource group { "status": "Failed", "error": { "code": "VMExtensionProvisioningError", "message": "VM has reported a failure when processing extension 'onboarder'. Error message: \"Enable failed: failed to execute command: command terminated with exit status=1\n[stdout]\ninit-azure/src/lib/validator.js\n./f5-bigip-runtime-init-azure/src/schema\n./f5-bigip-runtime-init-azure/src/schema/base_schema.json\n./f5-bigip-runtime-init-azure/src/version\n55917 blocks\n2022-04-22T14:35:23 - Getting lastest AT metadata at https://cdn.f5.com/product/cloudsolutions/f5-extension-metadata/latest/metadata.json\n % Total % Received % Xferd Average Speed Time Time Time Current\n Dload Upload Total Spent Left Speed\n\r 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0\r 0 0 0 0 0 0 0 0 --:--:-- 0:00:01 --:--:-- 0\r 0 0 0 0 0 0 0 0 --:--:-- 0:00:02 --:--:-- 0\r100 42823 100 42823 0 0 15864 0 0:00:02 0:00:02 --:--:-- 15866\n2022-04-22T14:35:25 - Creating command utility.\n2022-04-22T14:35:25 - RPM installation is completed.\n2022-04-22T21:35:26.537Z [20552]: info: Configuration file: /config/cloud/runtime-init.conf\n2022-04-22T21:35:26.550Z [20552]: info: Processing controls parameters\n2022-04-22T21:35:26.554Z [20552]: info: Validating provided declaration\n2022-04-22T21:35:26.662Z [20552]: info: Successfully validated declaration\n2022-04-22T21:35:26.663Z [20552]: info: Executing custom pre_onboard_enabled commands\n2022-04-22T21:35:26.679Z [20552]: info: Executing inline shell command: /usr/bin/setdb provision.extramb 1000\n2022-04-22T21:35:27.116Z [20552]: info: Shell command: /usr/bin/setdb provision.extramb 1000 execution completed; response: \n2022-04-22T21:35:27.122Z [20552]: info: Executing inline shell command: /usr/bin/setdb restjavad.useextramb true\n2022-04-22T21:35:27.283Z [20552]: info: Shell command: /usr/bin/setdb restjavad.useextramb true execution completed; response: \n2022-04-22T21:35:37.362Z [20552]: info: Resolving parameters\n2022-04-22T21:35:37.716Z [20552]: info: Interface:1.2\n2022-04-22T21:35:37.719Z [20552]: info: MAC adddress is not populated on 1.2 BIGIP interface. Trying to re-fecth interface data. Left attempts: 99\n2022-04-22T21:35:37.725Z [20552]: info: Interface:1.1\n2022-04-22T21:35:37.725Z [20552]: info: MAC adddress is not populated on 1.1 BIGIP interface. Trying to re-fecth interface data. Left attempts: 99\n2022-04-22T21:35:38.421Z [20552]: error: AKV10032: Invalid issuer. Expected one of https://sts.windows.net/139d88d5-107c-403d-a07b-68f731d96b8e/, https://sts.windows.net/f8cdef31-a31e-4b4a-93e4-5f571e91255a/, https://sts.windows.net/e2d54eb5-3869-4f70-8578-dee5fc7331f4/, found https://sts.windows.net/53049b77-3e8f-4792-977f-0a3e5f23891b/.\n2022-04-22T21:35:38.422Z [20552]: info: Sending F5 Teem report for failure case.\n2022-04-22T21:35:39.126Z [20552]: info: {\"id\":\"4213ec74-8dd6-2e4f-6a29a5c174a7\",\"product\":\"BIG-IP\",\"cpuCount\":8,\"diskSize\":149504,\"memoryInMb\":32176,\"version\":\"16.1.0\",\"nicCount\":3,\"regKey\":\"KVKMY-TGVEZ-FXDLU-ZBKMY-FMAYERM\",\"platformId\":\"Z100\",\"hostname\":\"bigip1\",\"management\":\"10.0.0.11/24\",\"provisionedModules\":{\"ltm\":\"nominal\"},\"installedPackages\":{},\"environment\":{\"pythonVersion\":\"Python 2.7.5\",\"pythonVersionDetailed\":\"2.7.5 (default, Jun 22 2021, 22:47:51) \n[GCC 4.8.5 20150623 (Red Hat 4.8.5-16)]\",\"nodeVersion\":\"v6.9.1\",\"libraries\":{\"ssh\":\"OpenSSH_7.4p1, OpenSSL 1.0.2u-fips 20 Dec 2019\"}}}\n2022-04-22T21:35:47.735Z [20552]: info: Interface:1.2\n2022-04-22T21:35:47.735Z [20552]: info: MAC adddress is not populated on 1.2 BIGIP interface. Trying to re-fecth interface data. Left attempts: 98\n2022-04-22T21:35:47.752Z [20552]: info: Interface:1.1\n2022-04-22T21:35:47.753Z [20552]: info: MAC adddress is not populated on 1.1 BIGIP interface. Trying to re-fecth interface data. Left attempts: 98\n2022-04-22T21:35:48.822Z [20552]: info: F5 Teem report was successfully sent for failure case.\n2022-04-22T21:35:48.822Z [20552]: info: AKV10032: Invalid issuer. Expected one of https://sts.windows.net/139d88d5-107c-403d-a07b-68f731d96b8e/, https://sts.windows.net/f8cdef31-a31e-4b4a-93e4-5f571e91255a/, https://sts.windows.net/e2d54eb5-3869-4f70-8578-dee5fc7331f4/, found https://sts.windows.net/53049b77-3e8f-4792-977f-0a3e5f23891b/.\n\n[stderr]\n\"\r\n\r\nMore information on troubleshooting is available at https://aka.ms/VMExtensionCSELinuxTroubleshoot " } }

[mikeshimkus]

Looks like you may have hit this issue: https://github.com/F5Networks/f5-azure-arm-templates-v2/issues/11#issuecomment-1063236067

The runtime init configuration file needs to be updated to point to the ID of your secret (the same secret provided for bigIpPasswordSecretId in the template input params).

The next template release will better document this requirement.

[karavuchz]

That did it. I've completely overlook that. Creating a runtime init config with the right secret value in it correct the issue. My deployment is now successful. Thank you so much for your help