search

memes / terraform-google-f5-bigip

Terraform modules for deploying F5 BIG-IP on Google Cloud Platform. Community supported.
Apache License 2.0
3 stars 4 forks source link

public IP getting assigned to external interface in GCP #83

Open monemhamid opened 3 years ago

monemhamid commented 3 years ago

Hello and thank you for using our Terraform modules. Please complete this form and we'll try to address the issue.

Describe the bug

while trying to bootstrap two F5 in gcp, one of them randomly gets assigned public ip to its external NIC. This leads to internet connectivity issue during declarative onboarding, and i see errors like this

declarativeOnboarding.sh: Info: get_secret_google_secret_manager: 5: Curl failed to get secret from Secret Manager: exit code: 7; sleeping before retry
2021-02-10T23:16:32.443+0000: declarativeOnboarding.sh: Info: get_secret_google_secret_manager: 5: Curl failed to get secret from Secret Manager: exit code: 7; sleeping before retry

once up, the vm with this issue fails to connect to internet. updates, license checks fails. The external NIC config looks like below

external: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 35.x.x.x  netmask 255.255.255.255  broadcast 35.x.x.x

Terraform modules used

GCP environment

Any other details we need to know?

my setup is such that i call vm creation from a TFVARS with multiple instance variables, so each do-builder runs only once. The loop function is essentially not used and the num_instance variable is 1

variable "num_instances" {
  type    = number
  default = 1
}

f5 image being used is 

https://www.googleapis.com/compute/v1/projects/f5-7626-networks-public/global/images/f5-bigip-16-0-1-0-0-3-byol-all-modules-2boot-loc-201020174709

Additional context

Add any other context about the problem here. Sanitised snippets of logs are welcome, but we prefer that you upload larger files to a third-party host (Pastebin, GCS bucket, etc.) and provide a link instead.

NOTE: Include the output of the following commands:

terraform -version
terraform providers

DO NOT UPLOAD OR LINK TO FILES WITH SENSITIVE INFORMATION, SERVICE ACCOUNT KEYS, ETC.

memes commented 3 years ago

Thanks for the details @monemhamid. Assigning a public IP is triggered by provision_external_public_ip which defaults to TRUE to ease migration for those using a BIG-IP with public addressing. It should never be random.

Which version of the module are you using? The big change in current pre-releases 2.1.0 (TF0.13+) and 1.4.0 (TF0.12) is that interfaces are configured by DO - if that fails TMOS will only show management interface on NIC1.

Are you able to share your Terraform files with me? I'd like to take a look at how the modules are being called so I can replicate. Please just blank/xxxxx out any passwords, project id's, etc.