search

F5Networks / f5-declarative-onboarding

F5 BIG-IP Declarative Onboarding
Apache License 2.0
58 stars 22 forks source link

BigIQ receives IPV6 linklocal address #300

Open torzillo opened 2 years ago

torzillo commented 2 years ago

Environment

Summary

The declarative onboarding script is used to reach out to BigIQ License Manager to grab a license. Before enabling IPV6 on the LTM VE's, this worked fine, but now the BigIQ is trying to connect to the IPV6 LinkLocal address.

Is there a way to specify to the BigIQ to connect to a specific address (ideally the public IPV4 address, which could be supplied to cloudinit to tell the BigIQ)?

Impact of this is that the VE doesn't get licensed because the BigIQ can't reach it.

Steps To Reproduce

Steps to reproduce the behavior:

  1. Submit the following declaration:
#cloud-config
write_files:
- content: |
    #!/bin/bash

      print "This is installation is done with cloud-init configured by remo@f5.com" >> /var/tmp/cloud-init-output

    # Wait for MCPD to be up before running tmsh commands
      source /usr/lib/bigstart/bigip-ready-functions
      wait_bigip_ready

        #  Begin BIG-IP configuration
        tmsh modify /sys global-settings mgmt-dhcp disabled
        tmsh modify /sys global-settings gui-setup disabled
        tmsh modify /sys sshd banner enabled banner-text 'Configured via Automation. All Sessions will be recorded!'
        tmsh modify /sys global-settings gui-security-banner-text 'Configured via Automation!'
        tmsh modify analytics global-settings \{ offbox-protocol tcp offbox-tcp-addresses add \{ 127.0.0.1 \} offbox-tcp-port 6514 use-offbox enabled \}
        tmsh save /sys config

  path: /config/custom-config.sh
  permissions: '0755'
  owner: root:root
  append: true
- content:
    path: /var/tmp/bootcmd_end
    owner: root:root
    permissions: '0644'
runcmd:
  - /config/custom-config.sh &
tmos_declared:
  enabled: true
  icontrollx_trusted_sources: false
  icontrollx_package_urls:
    - "$DOURL$"
    - "$AS3URL$"
    - "$TSURL$"
    - "$FASTURL$"
  do_declaration:
    schemaVersion: 1.0.0
    class: Device
    async: true
    label: Cloudinit Onboarding
    Common:
      hostname: $BigIP_Hostname$
      class: Tenant
      provisioningLevels:
        class: Provision
        ltm: nominal
        avr: nominal
      admin:
        class: User
        shell: bash
        userType: regular
      admin_debug:
        class: User
        shell: bash
        userType: regular
      poolLicense:
        class: License
        licenseType: licensePool
        bigIqHost: $HOST$
        bigIqUsername: $BigIQLicense_Username$
        bigIqPassword: $BigIQLicense_Password$
        licensePool: $LICENSEPOOL$
        skuKeyword1: $SKUKEY1$
        skuKeyword2: $SKUKEY2$
        unitOfMeasure: $UNITOFMEASURE$
        hypervisor: $HYPERVISOR$
        overwrite: true
        reachable: false
        bigIpUsername: $BigIPUser_Username$
        bigIpPassword: $BigIPUser_Password$
            <DOURL>
                https://github.com/F5Networks/f5-declarative-onboarding/releases/download/v1.21.1/f5-declarative-onboarding-1.21.1-2.noarch.rpm
            </DOURL>
            <AS3URL>
                https://github.com/F5Networks/f5-appsvcs-extension/releases/download/v3.26.1/f5-appsvcs-3.26.1-1.noarch.rpm
            </AS3URL>
            <TSURL>
                https://github.com/F5Networks/f5-telemetry-streaming/releases/download/v1.20.1/f5-telemetry-1.20.1-1.noarch.rpm
            </TSURL>
            <FASTURL>
                https://github.com/F5Networks/f5-appsvcs-templates/releases/download/v1.11.0/f5-appsvcs-templates-1.11.0-1.noarch.rpm
            </FASTURL>
            <Host>
                <!-- Big IQ Licensing Server IP -->
                Azure\Worldwide\Management\BigIQLicensingServer\Public
            </Host>
            <LicensePool>
                bigiq_4_2021
            </LicensePool>
            <SkuKey1>
                LTM
            </SkuKey1>
            <SkuKey2>
                10G
            </SkuKey2>
            <UnitOFMeasure>
                yearly
            </UnitOFMeasure>
            <Hypervisor>
                azure
            </Hypervisor>
  1. Observe the following error response:

BigIQ attempts to connect to fd00:db8:deca:a0::4/64 address and fails.

cat cloud-init-output.log 

Cloud-init v. 18.5 running 'init-local' at Wed, 23 Mar 2022 04:19:33 +0000. Up 41.00 seconds.
Cloud-init v. 18.5 running 'init' at Wed, 23 Mar 2022 04:19:34 +0000. Up 41.51 seconds.
ci-info: ++++++++++++++++++++++++++++++++++++++++Net device info++++++++++++++++++++++++++++++++++++++++
ci-info: +----------+-------+-----------------------------+---------------+--------+-------------------+
ci-info: |  Device  |   Up  |           Address           |      Mask     | Scope  |     Hw-Address    |
ci-info: +----------+-------+-----------------------------+---------------+--------+-------------------+
ci-info: |   eth0   |  True | fe80::20d:3aff:feb2:e5e4/64 |       .       |  link  | 00:0d:3a:b2:e5:e4 |
ci-info: |   eth1   | False |              .              |       .       |   .    | 00:0d:3a:b2:e1:20 |
ci-info: |   eth2   | False |              .              |       .       |   .    | 00:0d:3a:b2:ee:89 |
ci-info: | f5slave1 | False |              .              |       .       |   .    | 00:0d:3a:b2:e1:20 |
ci-info: | f5slave2 | False |              .              |       .       |   .    | 00:0d:3a:b2:ee:89 |
ci-info: |    lo    |  True |          127.0.0.1          | 255.255.255.0 |  host  |         .         |
ci-info: |    lo    |  True |          127.2.0.2          | 255.255.255.0 |  host  |         .         |
ci-info: |    lo    |  True |           ::1/128           |       .       |  host  |         .         |
ci-info: |   mgmt   |  True |         10.192.160.4        | 255.255.255.0 | global | 00:0d:3a:b2:e5:e4 |
ci-info: |   mgmt   |  True |    fd00:db8:deca:a0::4/64   |       .       | global | 00:0d:3a:b2:e5:e4 |
ci-info: |   mgmt   |  True | fe80::20d:3aff:feb2:e5e4/64 |       .       |  link  | 00:0d:3a:b2:e5:e4 |
ci-info: +----------+-------+-----------------------------+---------------+--------+-------------------+
ci-info: +++++++++++++++++++++++++++++++Route IPv4 info++++++++++++++++++++++++++++++++
ci-info: +-------+---------------+--------------+-----------------+-----------+-------+
ci-info: | Route |  Destination  |   Gateway    |     Genmask     | Interface | Flags |
ci-info: +-------+---------------+--------------+-----------------+-----------+-------+
ci-info: |   0   |    0.0.0.0    | 10.192.160.1 |     0.0.0.0     |    mgmt   |   UG  |
ci-info: |   1   |  10.192.160.0 |   0.0.0.0    |  255.255.255.0  |    mgmt   |   U   |
ci-info: |   2   | 168.63.129.16 | 10.192.160.1 | 255.255.255.255 |    mgmt   |  UGH  |
ci-info: +-------+---------------+--------------+-----------------+-----------+-------+
ci-info: ++++++++++++++++++++++++Route IPv6 info++++++++++++++++++++++++
ci-info: +-------+-----------------------+---------+-----------+-------+
ci-info: | Route |      Destination      | Gateway | Interface | Flags |
ci-info: +-------+-----------------------+---------+-----------+-------+
ci-info: |   9   | fd00:db8:deca:a0::/64 |    ::   |    mgmt   |   U   |
ci-info: |   10  |       fe80::/64       |    ::   |    eth0   |   U   |
ci-info: |   11  |       fe80::/64       |    ::   |    mgmt   |   U   |
ci-info: |   17  |        ff00::/8       |    ::   |    eth0   |   U   |
ci-info: |   18  |        ff00::/8       |    ::   |    mgmt   |   U   |
ci-info: +-------+-----------------------+---------+-----------+-------+
2022-03-23 04:19:34,752 - cc_write_files.py[WARNING]: No path provided to write for entry 2 in module write-files
Cloud-init v. 18.5 running 'modules:config' at Wed, 23 Mar 2022 04:19:35 +0000. Up 42.06 seconds.
2022-03-23 04:21:04,432 - tmos_onboard_utils.py[ERROR]: tmp extension: , is not a recognized package type
Cloud-init v. 18.5 running 'modules:final' at Wed, 23 Mar 2022 04:23:50 +0000. Up 297.70 seconds.
/config/custom-config.sh: line 3: print: command not found
Cloud-init v. 18.5 finished at Wed, 23 Mar 2022 04:23:50 +0000. Datasource DataSourceF5Azure [seed=None].  Up 297.88 seconds
Saving running configuration...
  /config/bigip.conf
  /config/bigip_base.conf
  /config/bigip_script.conf
  /config/bigip_user.conf
Saving Ethernet map ...done
Saving PCI map ...
 - verifying checksum .../var/run/f5pcimap: OK
done
 - saving ...done

Expected Behavior

Expect BigIQ to connect to IPV4 address.

Actual Behavior

BigIQ connects to IPV6 link local and fails.

Would like to be able to tell BigIQ what IP to connect to.

mdditt2000 commented 2 years ago

@torzillo we are reviewing this issue that you created. Are you still experiencing the problems with BIG-IP connecting to the IPV6 address. If so please email PM at automation_toolchain_pm@f5.com so we can prioritize.