Autoscale instances standalone instead of HA - Githubissues

fortinet / fortigate-autoscale-aws

AWS Transit Gateway can be used to connect Amazon Virtual Private Clouds (VPCs) and their on-premises networks to a single gateway. FortiGate Autoscale with Transit Gateway integration extends the protection to all networks connected to the Transit Gateway.

MIT License

10 stars 9 forks source link

Autoscale instances standalone instead of HA #83

Closed Malakii closed 2 years ago

Malakii commented 2 years ago

Instances deployed via the Autoscale group seem to be in a standalone configuration, not in an HA setup as expected.

There is no "AutoscaleRole" tag available to determine which instance is primary
The admin password once changed on one server, doesn't propagate the change to the other server
After connecting to one of the instances, going to System -> HA shows the instance in Standalone mode

Malakii commented 2 years ago

The PrimaryElection DynamoDB table doesn't have any items either.

JaydenLiang commented 2 years ago

Hi @Malakii could you please provide information about the deployment parameter you used?

Malakii commented 2 years ago

Thanks for the reply @JaydenLiang, below are the parameters used with the Cloudformation template for a PAYG-only model. Instances were set to 1 for testing, but the ASG was later upped to 2 for desired capacity, min, and max. This deployment was in GovCloud if that's relevant.

Let me know if there's any other info or logs I can provide! Thanks for the help!

Key | Value | Resolved value AutoscaleNotificationSubscriberEmail | * | - CustomAssetContainer | - | - CustomAssetDirectory | - | - CustomIdentifier | fgtASG | - FgtAsgCooldown | 300 | - FgtAsgDesiredCapacityByol | 0 | - FgtAsgDesiredCapacityPayg | 1 | - FgtAsgHealthCheckGracePeriod | 300 | - FgtAsgMaxSizeByol | 0 | - FgtAsgMaxSizePayg | 1 | - FgtAsgMinSizeByol | 0 | - FgtAsgMinSizePayg | 1 | - FgtAsgScaleInThreshold | 25 | - FgtAsgScaleOutThreshold | 80 | - FortiAnalyzerAutoscaleAdminPassword | *** | - FortiAnalyzerAutoscaleAdminUsername | - | - FortiAnalyzerCustomPrivateIpAddress | - | - FortiAnalyzerInstanceType | t2.medium | - FortiAnalyzerIntegrationOptions | no | - FortiAnalyzerVersion | 6.4.7 | - FortiGateAdminCidr | | - FortiGateAdminPort | 8443 | - FortiGateInstanceType | t2.small | - FortiGatePskSecret | | - FortiOSVersion | 7.0.3 | - GetLicenseGracePeriod | 600 | - HeartBeatDelayAllowance | 2 | - HeartBeatInterval | 30 | - HeartBeatLossCount | 10 | - InternalLoadBalancerDnsName | - | - InternalLoadBalancingOptions | add a new internal load balancer | - InternalTargetGroupHealthCheckPath | / | - KeyPairName | ** | - LifecycleHookTimeout | 480 | - LoadBalancingHealthCheckThreshold | 3 | - LoadBalancingTrafficPort | 443 | - LoadBalancingTrafficProtocol | HTTPS | - PrimaryElectionTimeout | 300 | - PrivateSubnet1 | subnet- | - PrivateSubnet2 | subnet-** | - PrivateSubnetRouteTable | - | - PublicSubnet1 | subnet- | - PublicSubnet2 | subnet-* | - ResourceTagPrefix | fgtASG | - S3BucketName | ***** | - S3KeyPrefix | deployment-package/ | - SyncRecoveryCount | 3 | - TerminateUnhealthyVm | no | - UseCustomAssetLocation | no | - VpcCidr | ** | - VpcEndpointId | vpce-0935f1a52cf6e6d5c | - VpcId | vpc-*****