Closed JeffGiroux closed 2 years ago
Using my repo here... https://github.com/JeffGiroux/f5_terraform/tree/main/Azure/HA_via_api
This onboarding file which contains the runtime init yaml https://github.com/JeffGiroux/f5_terraform/blob/main/Azure/HA_via_api/f5_onboard.tmpl
yaml snippet...
runtime_parameters:
- name: HOST_NAME
type: metadata
metadataProvider:
environment: azure
type: compute
field: name
- name: REGION
type: url
value: http://169.254.169.254/metadata/instance/compute/location?api-version=2021-05-01&format=text
headers:
- name: Metadata
value: true
- name: USER_NAME
type: static
value: ${f5_username}
- name: ADMIN_PASS
type: static
value: ${f5_password}
- name: SSH_KEYS
type: static
value: ${ssh_keypair}
- name: LAW_ID
type: static
value: ${law_id}
- name: LAW_PRIMKEY
type: static
value: ${law_primkey}
- name: FAILOVER_LABEL
type: static
value: ${f5_cloud_failover_label}
- name: MANAGED_ROUTE
type: static
value: ${managed_route}
- name: LOCAL_SELFIP_EXT
type: static
value: ${local_selfip_ext}
- name: REMOTE_SELFIP_EXT
type: static
value: ${remote_selfip_ext}
- name: LOCAL_SELFIP_INT
type: static
value: ${local_selfip_int}
- name: REMOTE_SELFIP_INT
type: static
value: ${remote_selfip_int}
- name: DNS_SERVER
type: static
value: ${dns_server}
- name: NTP_SERVER
type: static
value: ${ntp_server}
- name: TIMEZONE
type: static
value: ${timezone}
- name: GATEWAY
type: static
value: ${gateway}
- name: HOST1
type: static
value: ${host1}
- name: HOST2
type: static
value: ${host2}
- name: PUBLIC_VIP
type: static
value: ${public_vip}
pre_onboard_enabled:
- name: provision_rest
type: inline
commands:
- /usr/bin/setdb provision.extramb 500
- /usr/bin/setdb restjavad.useextramb true
- /usr/bin/setdb setup.run false
extension_packages:
install_operations:
- extensionType: do
extensionVersion: ${DO_VER}
extensionUrl: ${DO_URL}
- extensionType: as3
extensionVersion: ${AS3_VER}
extensionUrl: ${AS3_URL}
- extensionType: ts
extensionVersion: ${TS_VER}
extensionUrl: ${TS_URL}
- extensionType: cf
extensionVersion: ${CFE_VER}
extensionUrl: ${CFE_URL}
extension_services:
service_operations:
- extensionType: do
type: inline
value:
schemaVersion: 1.0.0
class: Device
async: true
label: Onboard BIG-IP into an HA Pair
Common:
class: Tenant
dbVars:
class: DbVariables
restjavad.useextramb: true
provision.extramb: 500
config.allow.rfc3927: enable
ui.advisory.enabled: true
ui.advisory.color: blue
ui.advisory.text: '{{{ HOST_NAME }}}.example.com'
mySystem:
autoPhonehome: true
class: System
hostname: '{{{ HOST_NAME }}}.example.com'
'{{{ USER_NAME }}}':
class: User
partitionAccess:
all-partitions:
role: admin
password: '{{{ ADMIN_PASS }}}'
shell: bash
userType: regular
keys:
- '{{{ SSH_KEYS }}}'
myDns:
class: DNS
nameServers:
- '{{{ DNS_SERVER }}}'
- 2001:4860:4860::8844
search:
- f5.com
myNtp:
class: NTP
servers:
- '{{{ NTP_SERVER }}}'
- 1.pool.ntp.org
- 2.pool.ntp.org
timezone: '{{{ TIMEZONE }}}'
myProvisioning:
class: Provision
ltm: nominal
external:
class: VLAN
tag: 4094
mtu: 1500
interfaces:
- name: 1.1
tagged: false
external-localself:
class: SelfIp
address: '{{{ LOCAL_SELFIP_EXT }}}/24'
vlan: external
allowService: default
trafficGroup: traffic-group-local-only
internal:
class: VLAN
tag: 4093
mtu: 1500
interfaces:
- name: 1.2
tagged: false
internal-localself:
class: SelfIp
address: '{{{ LOCAL_SELFIP_INT }}}/24'
vlan: internal
allowService: default
trafficGroup: traffic-group-local-only
default:
class: Route
gw: '{{{ GATEWAY }}}'
network: default
mtu: 1500
configsync:
class: ConfigSync
configsyncIp: /Common/internal-localself/address
failoverAddress:
class: FailoverUnicast
address: /Common/internal-localself/address
failoverGroup:
class: DeviceGroup
type: sync-failover
members:
- '{{{ HOST1 }}}.example.com'
- '{{{ HOST2 }}}.example.com'
owner: /Common/failoverGroup/members/0
autoSync: true
saveOnAutoSync: false
networkFailover: true
fullLoadOnSync: false
asmSync: false
trust:
class: DeviceTrust
localUsername: '{{{ USER_NAME }}}'
localPassword: '{{{ ADMIN_PASS }}}'
remoteHost: '{{{ REMOTE_SELFIP_INT }}}'
remoteUsername: '{{{ USER_NAME }}}'
remotePassword: '{{{ ADMIN_PASS }}}'
- extensionType: as3
type: inline
value:
class: AS3
action: deploy
persist: true
declaration:
class: ADC
schemaVersion: 3.0.0
label: Sample 1
remark: An HTTP sample application
Sample_01:
class: Tenant
A1:
class: Application
template: http
serviceMain:
class: Service_HTTP
virtualAddresses:
- '{{{ PUBLIC_VIP }}}'
pool: web_pool
web_pool:
class: Pool
monitors:
- tcp
members:
- servicePort: 80
addressDiscovery: fqdn
autoPopulate: true
hostname: httpbin.org
- extensionType: cf
type: inline
value:
class: Cloud_Failover
environment: azure
externalStorage:
scopingTags:
f5_cloud_failover_label: '{{{ FAILOVER_LABEL }}}'
failoverAddresses:
enabled: true
scopingTags:
f5_cloud_failover_label: '{{{ FAILOVER_LABEL }}}'
failoverRoutes:
enabled: true
scopingTags:
f5_cloud_failover_label: '{{{ FAILOVER_LABEL }}}'
scopingAddressRanges:
- range: '{{{ MANAGED_ROUTE }}}'
defaultNextHopAddresses:
discoveryType: static
items:
- '{{{ LOCAL_SELFIP_EXT }}}'
- '{{{ REMOTE_SELFIP_EXT }}}'
- extensionType: ts
type: inline
value:
class: Telemetry
My_System:
class: Telemetry_System
systemPoller:
interval: 60
My_Listener:
class: Telemetry_Listener
port: 6514
My_Consumer:
class: Telemetry_Consumer
type: Azure_Log_Analytics
workspaceId: '{{{ LAW_ID }}}'
passphrase:
cipherText: '{{{ LAW_PRIMKEY }}}'
useManagedIdentity: false
region: '{{{ REGION }}}'
post_onboard_enabled:
- name: create_misc_routes
type: inline
commands:
- tmsh save sys config
Need better logging in runtime init. Simply showing task async error and 500 code doesn't help much. Are there any other more detailed logging steps you can enable to see more than a 500 error?
Instructions for how to configure the logging level can be seen here.
Were you using 'silly' when you saw the 500 error?
It was a slew of problems when I was initially going through my HA BIG-IP builds. I eventually had storage bucket issues or permissions and few other syntax things wrong in the runtime yaml file. I can't say for sure if I did silly logging or not, but I remember trying everything to figure out why it wasn't working.
I can't reproduce the problem now...most likely because of fixed yaml/declaration. Good to know on the logging level documentation. thx...closing. If I get task 500 error again i'll reopen.
Sounds good. Thanks.
I have a runtime init yaml file that includes DO, AS3, TS, CFE. The onboarding appears to have applied the declarations successfully. The as3 VIP is there, the DO made the self IPs, etc. The HA pair formed. However, I receive async task executing errors in the startup-log.
Should I make the DO ask async=false instead of true?