Closed ghost closed 2 years ago
ghost
commented
3 years ago My workaround for extracting the IP and MASK seperately:
tmsh create net self inband-mgmt address `printf {{{ MGMT_IP }}} | cut -d "/" -f1`%1/`printf {{{ MGMT_IP }}} | cut -d "/" -f2` vlan dataplane allow-service all
shyawnkarim
commented
3 years ago Thank you for reporting this issue. We are now tracking this internally with ID ESECLDTPLT-2730.
JeffGiroux
commented
3 years ago I'm trying to assign the self IP as a virtual server address. You cannot have anything other than a /32 when you assign the self IP as a virtual address. As a result of the metadata retrieval getting /mask, I get an error when I try posting AS3 with selfIP + mask.
What is status of this bug?
/Common/Shared/asg_healthCheck_vs destination 10.0.11.86 and netmask 255.255.255.0 are not valid
JeffGiroux
commented
3 years ago I do this before bigip runtime init posts the YAML.
in my bash file
# Retrieve self IP and update yaml declaration
SELF_IP=$(egrep fixed-address /var/lib/dhclient/dhclient.leases | head -1 | grep -oE '[^ ]+$' | tr -d ';' )
sed -i "s/\$SELF_IP/$SELF_IP/g" /config/cloud/runtime-init-conf.yamlMy yaml file has as3 snippet
Common:
class: Tenant
Shared:
class: Application
template: shared
asg_healthCheck_rule:
remark: Respond to ASG health check
class: iRule
iRule: "when CLIENT_ACCEPTED {\n TCP::close\n}"
asg_healthCheck_vs:
class: Service_TCP
remark: ASG Health Check VS
virtualPort: 8080
virtualAddresses:
- $SELF_IPWhen the yaml posts, it already includes the replaced IP with ONLY the self IP...no mask. This works for me for now.
JeffGiroux
commented
3 years ago This same thing happens in Azure for self IP. It pulls IP/mask.
f5-applebaum
commented
3 years ago the ipcalc filter needs to return "Address:"
ex. https://github.com/rs/node-netmask/blob/master/example/ipcalc.coffee#L7
$ ipcalc 192.168.1.11/24
Address: 192.168.1.11 11000000.10101000.00000001. 00001011
Netmask: 255.255.255.0 = 24 11111111.11111111.11111111. 00000000
Wildcard: 0.0.0.255 00000000.00000000.00000000. 11111111
=>
Network: 192.168.1.0/24 11000000.10101000.00000001. 00000000
HostMin: 192.168.1.1 11000000.10101000.00000001. 00000001
HostMax: 192.168.1.254 11000000.10101000.00000001. 11111110
Broadcast: 192.168.1.255 11000000.10101000.00000001. 11111111
Hosts/Net: 254 Class C, Private Internet
codygreen
commented
3 years ago Please prioritize this issue - it prevents us from creating a device group or device trust using runtime-init and DO.
codygreen
commented
3 years ago Another workaround:
runtime_parameters:
- name: MGMT_IP
type: url
value: http://169.254.169.254/latest/meta-data/local-ipv4Instructions on how to pull an IP address, without a mask, can be found on this page.
The ipcalc functionality provides the following transformation options. Use address in this use case.
address - The provided address without netmask prefix. base - The base address of the network block as a string (eg: 216.240.32.0). Base does not give an indication of the size of the network block. mask - The netmask as a string (eg: 255.255.255.0). hostmask - The host mask which is the opposite of the netmask (eg: 0.0.0.255). bitmask - The netmask as a number of bits in the network portion of the address for this block (eg: 24). size - The number of IP addresses in a block (eg: 256). broadcast - The blocks broadcast address (eg: 192.168.1.0/24 => 192.168.1.255). first - First useable address. last - Last useable address.
ghost
commented
3 years ago @shyawnkarim I tried using the "address" function of ipcalc to return just the IP address and received this error message:
2021-11-02T16:21:27.695Z [23272]: info: Configuration file: /config/cloud/runtime-init-conf.json
2021-11-02T16:21:27.701Z [23272]: info: F5 Telemetry is disabled.
2021-11-02T16:21:27.701Z [23272]: info: Validating provided declaration
2021-11-02T16:21:27.751Z [23272]: error: Invalid declaration: "data.runtime_parameters[0].metadataProvider.ipcalc should be equal to one of the allowed values"My bigip-runtime-init.json file:
{
"runtime_parameters": [
{
"name": "MGMT_IP",
"type": "metadata",
"metadataProvider": {
"environment": "aws",
"type": "network",
"field": "local-ipv4s",
"index": 0,
"ipcalc": "address"
}
},
{
"name": "MGMT_CIDR_MASK",
"type": "metadata",
"metadataProvider": {
"environment": "aws",
"type": "network",
"field": "local-ipv4s",
"index": 0,
"ipcalc": "bitmask"
}
},
{
"name": "MGMT_GATEWAY",
"type": "metadata",
"metadataProvider": {
"environment": "aws",
"type": "network",
"field": "local-ipv4s",
"index": 0,
"ipcalc": "first"
}
}
],
"pre_onboard_enabled": [
{
"name": "provision_rest",
"type": "inline",
"commands": [
"/usr/bin/setdb provision.extramb 500",
"/usr/bin/setdb restjavad.useextramb true"
]
}
],
"bigip_ready_enabled": [
{
"name": "licensing",
"type": "inline",
"commands": [
"if [ \"PAYG\" = \"BYOL\" ]; then tmsh install sys license registration-key PAYG; fi"
]
}
],
"extension_packages": {
"install_operations": [
{
"extensionType": "do",
"extensionVersion": "1.21.1",
"extensionUrl": "https://github.com/F5Networks/f5-declarative-onboarding/releases/download/v1.21.1/f5-declarative-onboarding-1.21.1-2.noarch.rpm",
"extensionHash": "4ddf98bfec0f6272ac1c76a81b806fc1f16bae03f39a74e2468b2b0e7b96be09"
},
{
"extensionType": "as3",
"extensionVersion": "3.26.1",
"extensionUrl": "https://github.com/F5Networks/f5-appsvcs-extension/releases/download/v3.26.1/f5-appsvcs-3.26.1-1.noarch.rpm",
"extensionHash": "1a5c3c754165a6b7739a15e1f80e4caa678a1fa8fc1b3033e61992663295cf81"
}
]
},
"post_onboard_enabled": [
{
"name": "manual_tmsh_configuration",
"type": "inline",
"commands": [
"source /usr/lib/bigstart/bigip-ready-functions; wait_bigip_ready",
"tmsh modify sys provision ltm level nominal",
"source /usr/lib/bigstart/bigip-ready-functions; wait_bigip_ready",
"tmsh modify sys provision asm level nominal",
"source /usr/lib/bigstart/bigip-ready-functions; wait_bigip_ready",
"tmsh modify sys global-settings gui-setup disabled",
"tmsh modify auth user admin password <removed>",
"tmsh modify sys ntp servers add { 0.pool.ntp.org 1.pool.ntp.org 2.pool.ntp.org 3.pool.ntp.org }",
"tmsh create net vlan dataplane interfaces add { 1.1 { untagged }} mtu 9001",
"tmsh create net route-domain dataplane id 1 vlans add { dataplane }",
"tmsh create net self inband-mgmt address {{{ MGMT_IP }}}%1/{{{ MGMT_CIDR_MASK }}} vlan dataplane allow-service all",
"tmsh create net route dataplane-default network 0.0.0.0%1 gw {{{ MGMT_GATEWAY }}}%1",
"tmsh create net tunnels tunnel geneve local-address {{{ MGMT_IP }}}%1 remote-address any%1 profile geneve",
"tmsh modify net route-domain dataplane vlans add { geneve }",
"tmsh load sys config merge file /config/cloud/aws_gwlb_health_check.tcl",
"tmsh create ltm virtual aws_gwlb_health_check destination {{{ MGMT_IP }}}%1:65530 ip-protocol tcp mask 255.255.255.255 profiles add { http tcp } source 0.0.0.0%1/0 vlans-enabled vlans add { dataplane } rules { aws_gwlb_health_check }",
"tmsh create net self geneve-tunnel address 10.131.0.1%1/24 vlan geneve allow-service all",
"tmsh create net arp fake_arp_entry ip-address 10.131.0.2%1 mac-address ff:ff:ff:ff:ff:ff",
"tmsh create ltm node geneve-tunnel address 10.131.0.2%1 monitor none",
"tmsh create ltm pool geneve-tunnel members add { geneve-tunnel:0 } monitor none",
"tmsh create ltm virtual forwarding_vs destination 0.0.0.0%1:any ip-protocol any vlans-enabled vlans add { geneve } translate-address disabled source-port preserve-strict pool geneve-tunnel mask any",
"tmsh modify sys db provision.managementeth value eth1",
"tmsh save /sys config",
"sed -i 's/ 1\\.1 {/ 1\\.0 {/g' /config/bigip_base.conf",
"reboot"
]
}
]
}Disregard my last comment. I upgraded from 1.2.1 to 1.3.2 and utilized the "address" ipcalc function, which appears to have been introduced in 1.3.0. This is working fine for me now. I believe this issue can be closed.
shyawnkarim
commented
2 years ago Closing. Please reopen if needed.
When polling the AWS meta-data service for local-ipv4s, I receive back the full IP address of the interface. I see that in this implementation, the CIDR mask is being extracted from the local-subnet-ipv4-cidr string and appended. I have a use case where I need to create self IPs with a route-domain, and this makes it very difficult as I can't simply assign the IP to one variable and the mask to another, then concatenate them with a route domain %n added.