ARM template deployments fail with Code: LinkedInvalidPropertyId

[huzer1]

Describe the bug

When trying to deploy from the ARM template (blue button) I get an error off of either the full stack template or the Existing Stack template.

Current behavior

Template fails with the following error: Property id 'https://cdn.f5.com/product/cloudsolutions/f5-bigip-runtime-init/v2.0.1/dist/f5-bigip-runtime-init-2.0.1-1.gz.run' at path '' is invalid. Expect fully qualified resource Id that start with '/subscriptions/{subscriptionId}' or '/providers/{resourceProviderNamespace}/'. (Code: LinkedInvalidPropertyId)

Steps to reproduce

Here's the parameters I was using to deploy with. The full stack version.

This was all under a newly created resource group. { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", "contentVersion": "1.0.0.0", "parameters": { "templateBaseUrl": { "value": "https://cdn.f5.com/product/cloudsolutions/" }, "allowUsageAnalytics": { "value": true }, "artifactLocation": { "value": "[concat('f5-azure-arm-templates-v2/v', deployment().properties.template.contentVersion, '/examples/')]" }, "uniqueString": { "value": "lab-11524-3445" }, "bigIpHostname": { "value": "bigip01.local" }, "bigIpImage": { "value": "f5-networks:f5-big-ip-byol:f5-big-all-2slot-byol:17.1.100002" }, "bigIpInstanceType": { "value": "Standard_D8s_v4" }, "bigIpLicenseKey": { "value": "N****-******-*****-******-******P" }, "sshKey": { "value": "ssh-rsa AAAAB3NzaC1yc***********L rsa-key-20240115" }, "appContainerName": { "value": "f5devcentral/f5-demo-app:latest" }, "numNics": { "value": 3 }, "provisionPublicIpMgmt": { "value": true }, "restrictedSrcAddressMgmt": { "value": "47.*.*.*" }, "restrictedSrcAddressApp": { "value": "*" }, "bigIpRuntimeInitConfig": { "value": "https://raw.githubusercontent.com/F5Networks/f5-azure-arm-templates-v2/v3.0.0.0/examples/quickstart/bigip-configurations/runtime-init-conf-3nic-payg-with-app.yaml" }, "bigIpRuntimeInitPackageUrl": { "value": "https://cdn.f5.com/product/cloudsolutions/f5-bigip-runtime-init/v2.0.1/dist/f5-bigip-runtime-init-2.0.1-1.gz.run" }, "useAvailabilityZones": { "value": null }, "bigIpUserAssignManagedIdentity": { "value": "https://cdn.f5.com/product/cloudsolutions/f5-bigip-runtime-init/v2.0.1/dist/f5-bigip-runtime-init-2.0.1-1.gz.run" }, "bigIpPasswordSecretId": { "value": null }, "bigIpPasswordSecretValue": { "value": "somepassword" }, "tagValues": { "value": { "application": "f5demoapp", "cost": "f5cost", "environment": "f5env", "group": "f5group", "owner": "f5owner" } } } }

Your Environment

This is a completely new environment. There's nothing else here besides what I'm trying to deploy with the azure template.

[mikeshimkus]

Hi @huzer1, in your parameters you have https://cdn.f5.com/product/cloudsolutions/f5-bigip-runtime-init/v2.0.1/dist/f5-bigip-runtime-init-2.0.1-1.gz.run for bigIpUserAssignManagedIdentity. This value needs to either be empty (the default - no identity is used and no RBAC roles are available) or it needs to be a valid Azure managed identity ID.

[huzer1]

Autofill got the best of me there.

I'm not sure if it's appropriate to put this in the same bug report but I now have a different error: error: Device is not licensed yet {"code":"DeploymentFailed","message":"At least one resource deployment operation failed. Please list deployment operations for details. Please see https://aka.ms/arm-deployment-operations for usage details.","details":[{"code":"VMExtensionProvisioningError","message":"VM has reported a failure when processing extension 'onboarder' (publisher 'Microsoft.Azure.Extensions' and type 'CustomScript'). Error message: \"Enable failed: failed to execute command: command terminated with exit status=1\n[stdout]\nme\":true,\"hostname\":\"bigip01.local\"},\"admin\":{\"class\":\"User\",\"userType\":\"regular\",\"password\":\"********\",\"shell\":\"bash\"},\"default\":{\"class\":\"ManagementRoute\",\"gw\":\"10.0.0.1\",\"network\":\"default\"},\"dhclient_route1\":{\"class\":\"ManagementRoute\",\"gw\":\"10.0.0.1\",\"network\":\"168.63.129.16/32\"},\"azureMetadata\":{\"class\":\"ManagementRoute\",\"gw\":\"10.0.0.1\",\"network\":\"169.254.169.254/32\"},\"defaultRoute\":{\"class\":\"Route\",\"gw\":\"10.0.1.1\",\"network\":\"default\"},\"external\":{\"class\":\"VLAN\",\"tag\":4094,\"mtu\":1500,\"interfaces\":[{\"name\":\"1.1\",\"tagged\":false}]},\"external-self\":{\"class\":\"SelfIp\",\"address\":\"10.0.1.11/24\",\"vlan\":\"external\",\"allowService\":\"none\",\"trafficGroup\":\"traffic-group-local-only\"},\"internal\":{\"class\":\"VLAN\",\"tag\":4093,\"mtu\":1500,\"interfaces\":[{\"name\":\"1.2\",\"tagged\":false}]},\"internal-self\":{\"class\":\"SelfIp\",\"address\":\"10.0.2.11/24\",\"vlan\":\"internal\",\"allowService\":\"none\",\"trafficGroup\":\"traffic-group-local-only\"}}}\n2024-01-16T16:56:36.473Z [21217]: info: Creating - as3 3.48.0 {\"class\":\"ADC\",\"schemaVersion\":\"3.0.0\",\"label\":\"Quickstart\",\"remark\":\"Quickstart\",\"Tenant_1\":{\"class\":\"Tenant\",\"Shared\":{\"class\":\"Application\",\"template\":\"shared\",\"Shared_Pool\":{\"class\":\"Pool\",\"remark\":\"Service 1 shared pool\",\"members\":[{\"serverAddresses\":[\"10.0.3.4\"],\"servicePort\":80}],\"monitors\":[\"http\"]},\"Custom_HTTP_Profile\":{\"class\":\"HTTP_Profile\",\"xForwardedFor\":true},\"Custom_WAF_Policy\":{\"class\":\"WAF_Policy\",\"url\":\"https://raw.githubusercontent.com/F5Networks/f5-azure-arm-templates-v2/v3.0.0.0/examples/quickstart/bigip-configurations/Rapid_Deployment_Policy_13_1.xml\",\"enforcementMode\":\"blocking\",\"ignoreChanges\":false},\"Service_Address_01\":{\"class\":\"Service_Address\",\"virtualAddress\":\"10.0.1.101\"}},\"HTTP_Service\":{\"class\":\"Application\",\"template\":\"http\",\"serviceMain\":{\"class\":\"Service_HTTP\",\"virtualAddresses\":[{\"use\":\"/Tenant_1/Shared/Service_Address_01\"}],\"snat\":\"auto\",\"profileHTTP\":{\"use\":\"/Tenant_1/Shared/Custom_HTTP_Profile\"},\"policyWAF\":{\"use\":\"/Tenant_1/Shared/Custom_WAF_Policy\"},\"pool\":\"/Tenant_1/Shared/Shared_Pool\"}},\"HTTPS_Service\":{\"class\":\"Application\",\"template\":\"https\",\"serviceMain\":{\"class\":\"Service_HTTPS\",\"virtualAddresses\":[{\"use\":\"/Tenant_1/Shared/Service_Address_01\"}],\"snat\":\"auto\",\"profileHTTP\":{\"use\":\"/Tenant_1/Shared/Custom_HTTP_Profile\"},\"policyWAF\":{\"use\":\"/Tenant_1/Shared/Custom_WAF_Policy\"},\"pool\":\"/Tenant_1/Shared/Shared_Pool\",\"serverTLS\":{\"bigip\":\"/Common/clientssl\"},\"redirect80\":false}}}}\n2024-01-16T16:57:01.160Z [21217]: warn: Task creation failed; response code: 422\n2024-01-16T16:57:01.163Z [21217]: error: {\"results\":[{\"code\":422,\"message\":\"declaration failed\",\"response\":\"01070356:3: Priority based member activation load balancing feature not licensed.\",\"host\":\"localhost\",\"tenant\":\"Tenant_1\",\"runTime\":19839}],\"declaration\":{\"class\":\"ADC\",\"schemaVersion\":\"3.0.0\",\"label\":\"Quickstart\",\"remark\":\"Quickstart\",\"id\":\"autogen_1b46421f-56f8-4c29-9d1b-225deb478a20\",\"updateMode\":\"selective\",\"controls\":{\"archiveTimestamp\":\"2024-01-16T16:56:57.712Z\"}},\"code\":422}\n2024-01-16T16:57:01.179Z [21217]: info: Sending F5 Teem report for failure case.\n2024-01-16T16:57:01.944Z [21217]: warn: Problem with getting data from /mgmt/tm/sys/license endpoint. Leaving regKey with default value\n2024-01-16T16:57:01.945Z [21217]: info: {\"id\":\"a1335768-a09c-5349-4fbd588ca1c2\",\"product\":\"BIG-IP\",\"cpuCount\":8,\"diskSize\":86016,\"memoryInMb\":32176,\"version\":\"17.1.1\",\"nicCount\":3,\"platformId\":\"Z100\",\"hostname\":\"bigip01.local\",\"management\":\"10.0.0.11/24\",\"provisionedModules\":{\"asm\":\"nominal\",\"ltm\":\"nominal\"},\"installedPackages\":{\"f5-service-discovery-1.16.0-2.noarch\":\"1.16.0\",\"f5-declarative-onboarding-1.41.0-8.noarch\":\"1.41.0\",\"f5-appsvcs-3.48.0-10.noarch\":\"3.48.0\",\"f5-telemetry-1.33.0-1.noarch\":\"1.33.0\",\"f5-appsvcs-templates-1.25.0-1.noarch\":\"1.25.0\"},\"environment\":{\"pythonVersion\":\"Python 2.7.5\",\"pythonVersionDetailed\":\"2.7.5 (default, Oct 20 2023, 04:12:19) \\n[GCC 4.8.5 20150623 (Red Hat 4.8.5-16)]\",\"nodeVersion\":\"v6.9.1\",\"libraries\":{\"ssh\":\"OpenSSH_7.4p1, OpenSSL 1.0.2za-fips 24 Aug 2021\"}}}\n2024-01-16T16:57:02.318Z [21217]: error: Device is not licensed yet\n\n[stderr]\n\". More information on troubleshooting is available at https://aka.ms/VMExtensionCSELinuxTroubleshoot. "}]}

[mikeshimkus]

Looks like the AS3 config failed with this error: Priority based member activation load balancing feature not licensed

It's odd because that AS3 config doesn't use priority group activation. Does your license include ASM? It's required for this template.

[huzer1]

I double checked the license. It's a 45 day trial license with Best Bundle, VE-1G - Advanced Protocols, VE Best Bundle, VE-1G - SSL Orchestrator, VE (25MB/200MB/1G) Best Bundle, VE-1G - VE SSL Compression Offload, Medium Best Bundle, VE-1G - Best Bundle, VE-1G Best Bundle, VE-1G - Best, 1 Gbps -3 Gbps Upgrade

[mikeshimkus]

I think Best should cover it, however I'm not 100% sure. I would contact F5 support and ask them to look into it further (assuming your license didn't get activated on the first try...it shouldn't have ever gotten to creating the instance so that should not have happened). It doesn't appear to be a template issue per se. You could validate that by trying one of the PAYG images...the default f5-networks:f5-big-ip-best:f5-big-best-plus-hourly-25mbps:17.1.100002, for example.

[huzer1]

This is indeed an issue with license. Deploying with pay as you go works as intended. Thanks for the assistance.