search

F5Networks / f5-cloud-failover-extension

F5 Cloud Failover Extension
Apache License 2.0
15 stars 2 forks source link

Error: No valid S3 Buckets found #22

Closed harrykleinb closed 4 years ago

harrykleinb commented 4 years ago

Hi,

I’m trying to use CFE in AWS and I get the error below in the CFE logs (Mode Silly).

severe: [f5-cloud-failover] Failover initialization failed: No valid S3 Buckets found! Error: No valid S3 Buckets found!

The S3 bucket is existing with the correct tag.

A VPC Gateway End-Point for service com.amazonaws.us-east-1.s3 is existing too. That Gateway End Point is attached to the main route table of the VPC where the BIGIPs instances are deployed.

I’ve also created the required IAM role for my BIGIP instances (I least it seems to be a good role with the correct policy attached to it).

Can you help me to understand/debug what’s wrong with my setup ?

The setup is: Region: us-east-1 BIGIP: v15.1.0.2 CFE: 1.3.0

Complete Logs from CFE are below:

Sun, 31 May 2020 10:47:33 GMT - finest: socket 233 opened Sun, 31 May 2020 10:47:33 GMT - fine: [f5-cloud-failover] HTTP Request - POST /declare Sun, 31 May 2020 10:47:33 GMT - fine: [f5-cloud-failover] Successfully validated declaration Sun, 31 May 2020 10:47:33 GMT - info: [f5-cloud-failover] Global logLevel set to 'silly' Sun, 31 May 2020 10:47:33 GMT - finest: [f5-cloud-failover] Modifying existing data group f5-cloud-failover-state with body {"name":"f5-cloud-failover-state","type":"string","records":[{"name":"state","data":"eyJjb25maWciOnsiY2xhc3MiOiJDbG91ZF9GYWlsb3ZlciIsImVudmlyb25tZW50IjoiYXdzIiwiZXh0ZXJuYWxTdG9yYWdlIjp7InNjb3BpbmdUYWdzIjp7ImY1X2Nsb3VkX2ZhaWxvdmVyX2xhYmVsIjoiaGFycnlrLWNmZSJ9fSwiZmFpbG92ZXJBZGRyZXNzZXMiOnsiZW5hYmxlZCI6ZmFsc2UsInNjb3BpbmdUYWdzIjp7ImY1X2Nsb3VkX2ZhaWxvdmVyX2xhYmVsIjoiaGFycnlrLWNmZSJ9fSwiZmFpbG92ZXJSb3V0ZXMiOnsiZW5hYmxlZCI6dHJ1ZSwic2NvcGluZ1RhZ3MiOnsiZjVfY2xvdWRfZmFpbG92ZXJfbGFiZWwiOiJoYXJyeWstY2ZlIn0sInNjb3BpbmdBZGRyZXNzUmFuZ2VzIjpbeyJyYW5nZSI6IjEwLjAuMC4wLzI0In1dLCJkZWZhdWx0TmV4dEhvcEFkZHJlc3NlcyI6eyJkaXNjb3ZlcnlUeXBlIjoic3RhdGljIiwiaXRlbXMiOlsiMTcyLjQyLjMwLjExIiwiMTcyLjQyLjMwLjEyIl19fSwiY29udHJvbHMiOnsiY2xhc3MiOiJDb250cm9scyIsImxvZ0xldmVsIjoic2lsbHkifSwic2NoZW1hVmVyc2lvbiI6IjEuMy4wIn19"}]} Sun, 31 May 2020 10:47:36 GMT - info: [f5-cloud-failover] Successfully wrote Failover trigger scripts to filesystem Sun, 31 May 2020 10:47:36 GMT - fine: [f5-cloud-failover] Performing failover - initialization Sun, 31 May 2020 10:47:36 GMT - fine: [f5-cloud-failover] config: {"class":"Cloud_Failover","environment":"aws","externalStorage":{"scopingTags":{"f5_cloud_failover_label":"harryk-cfe"}},"failoverAddresses":{"enabled":false,"scopingTags":{"f5_cloud_failover_label":"harryk-cfe"}},"failoverRoutes":{"enabled":true,"scopingTags":{"f5_cloud_failover_label":"harryk-cfe"},"scopingAddressRanges":[{"range":"10.0.0.0/24"}],"defaultNextHopAddresses":{"discoveryType":"static","items":["172.42.30.11","172.42.30.12"]}},"controls":{"class":"Controls","logLevel":"silly"},"schemaVersion":"1.3.0"} Sun, 31 May 2020 10:47:38 GMT - fine: [f5-cloud-failover] Filtered Buckets: {} Sun, 31 May 2020 10:47:38 GMT - severe: [f5-cloud-failover] Failover initialization failed: No valid S3 Buckets found! Error: No valid S3 Buckets found! at _getAllS3Buckets.then.then.then.then (/var/config/rest/iapps/f5-cloud-failover/nodejs/providers/aws/cloud.js:1113:43) at tryCatcher (/usr/share/rest/node/node_modules/bluebird/js/release/util.js:16:23) at Promise._settlePromiseFromHandler (/usr/share/rest/node/node_modules/bluebird/js/release/promise.js:512:31) at Promise._settlePromise (/usr/share/rest/node/node_modules/bluebird/js/release/promise.js:569:18) at Promise._settlePromise0 (/usr/share/rest/node/node_modules/bluebird/js/release/promise.js:614:10) at Promise._settlePromises (/usr/share/rest/node/node_modules/bluebird/js/release/promise.js:693:18) at Promise._fulfill (/usr/share/rest/node/node_modules/bluebird/js/release/promise.js:638:18) at Promise._resolveCallback (/usr/share/rest/node/node_modules/bluebird/js/release/promise.js:454:14) at Promise._settlePromiseFromHandler (/usr/share/rest/node/node_modules/bluebird/js/release/promise.js:524:17) at Promise._settlePromise (/usr/share/rest/node/node_modules/bluebird/js/release/promise.js:569:18) at Promise._settlePromise0 (/usr/share/rest/node/node_modules/bluebird/js/release/promise.js:614:10) at Promise._settlePromises (/usr/share/rest/node/node_modules/bluebird/js/release/promise.js:693:18) at Promise._fulfill (/usr/share/rest/node/node_modules/bluebird/js/release/promise.js:638:18) at Promise._resolveCallback (/usr/share/rest/node/node_modules/bluebird/js/release/promise.js:454:14) at Promise._settlePromiseFromHandler (/usr/share/rest/node/node_modules/bluebird/js/release/promise.js:524:17) at Promise._settlePromise (/usr/share/rest/node/node_modules/bluebird/js/release/promise.js:569:18) at Promise._settlePromise0 (/usr/share/rest/node/node_modules/bluebird/js/release/promise.js:614:10) at Promise._settlePromises (/usr/share/rest/node/node_modules/bluebird/js/release/promise.js:693:18) at Promise._fulfill (/usr/share/rest/node/node_modules/bluebird/js/release/promise.js:638:18) at PromiseArray._resolve (/usr/share/rest/node/node_modules/bluebird/js/release/promise_array.js:126:19) at PromiseArray._promiseFulfilled (/usr/share/rest/node/node_modules/bluebird/js/release/promise_array.js:144:14) at Promise._settlePromise (/usr/share/rest/node/node_modules/bluebird/js/release/promise.js:574:26) Sun, 31 May 2020 10:47:38 GMT - severe: [f5-cloud-failover] Sending telemetry failed: Digital asset id of ff423876-1d37-504b-ab92-8f277c36465d is already registered Sun, 31 May 2020 10:47:43 GMT - finest: socket 233 closed

Thanks

Harry

harrykleinb commented 4 years ago

Last important piece of information: The EC2 instances haven't been deployed with the CFT. They have been deployed using Terraform, with TMOS v15 cloudinit and DO. So I haven't installed any cloudlibs packages.

shyawnkarim commented 4 years ago

When an S3 bucket can't be found, it is almost always a permissions issue. Try double and triple checking those. The 2nd most common issue is mistyped tags, for example, a space in front of the tag label that is hard to see.

The great thing about CFE is that it doesn't rely on cloud-libs, which gives you the flexiblility to deploy your instances anyway that makes sense.

harrykleinb commented 4 years ago

I've solved the issue by modifying the IAM role created and attached to the BIGIP instances:

I've compared my setup with the one deployed by the latest supported F5 CFT.

I noticed one difference:

I changed my setup to get an inline policy instead of a managed policy.

After that modification, the CFE declaration is deployed with success and without any errors.