Failing to deploy any template on 17.1.1.3

[andrenrwn]

Describe the bug

I'm failing to deploy any template with cloudformation.

[edit: apparently this doesn't work if I use 1 availability zone with the default IP addresses]

The error I'm getting is always something like this (I tried both the ap-southeast region and north america(Oregon) :

Status reason
Embedded stack arn:aws:cloudformation:ap-southeast-1:246260921157:stack/BigIp-Failover-Example-BigIpInstance02-N5XTQN9ROH3F/f173c5f0-4391-11ef-83f5-025f63a3c509 was not successfully created: The following resource(s) failed to create: [BigipStaticManagementInterface, BigipStaticInternalInterface, BigipStaticExternalInterface].

[edit: the cause is the following error on the resources tab]

Resource handler returned message: "Address does not fall within the subnet's address range (Service: Ec2, Status Code: 400, Request ID: 6037069d-1169-4ea3-8ad2-482e4d4dba13)" (RequestToken: 6446ad9e-c4d6-2258-7482-fd3bc3ebe68b, HandlerErrorCode: InvalidRequest)

I used the launch link button and modified these parameters:

https://github.com/F5Networks/f5-aws-cloudformation-v2/tree/main/examples

• https://github.com/F5Networks/f5-aws-cloudformation-v2/tree/main/examples/failover
  --- runtime-init-conf-2nic-payg-instance01.yaml
  --- runtime-init-conf-2nic-payg-instance02.yaml
  --- runtime-init-conf-3nic-payg-instance01.yaml
  --- runtime-init-conf-3nic-payg-instance02.yaml

Key | Value
-- | --
allowUsageAnalytics | FALSE
appDockerImageName | f5devcentral/f5-demo-app:latest
application | f5app
artifactLocation | f5-aws-cloudformation-v2/v3.5.0.0/examples/
bigIpCustomImageId | ami-0ea95cc4ecc257a2a
bigIpExternalSelfIp01 | 10.0.0.11
bigIpExternalSelfIp02 | 10.0.4.11
bigIpExternalVip01 | 10.0.0.101
bigIpExternalVip02 | 10.0.4.101
bigIpHostname01 | failover01.local
bigIpHostname02 | failover02.local
bigIpImage | -
bigIpInstanceProfile | -
bigIpInstanceType | m5.xlarge
bigIpInternalSelfIp01 | 10.0.2.11
bigIpInternalSelfIp02 | 10.0.6.11
bigIpLicenseKey01 | -
bigIpLicenseKey02 | -
bigIpMgmtAddress01 | 10.0.1.11
bigIpMgmtAddress02 | 10.0.5.11
bigIpPeerAddr | 10.0.1.11
bigIpRuntimeInitConfig01 | https://f5-cft-v2.s3.amazonaws.com/f5-aws-cloudformation-v2/v3.5.0.0/examples/failover/bigip-configurations/runtime-init-conf-2nic-payg-instance01.yaml
bigIpRuntimeInitConfig02 | https://f5-cft-v2.s3.amazonaws.com/f5-aws-cloudformation-v2/v3.5.0.0/examples/failover/bigip-configurations/runtime-init-conf-2nic-payg-instance02.yaml
bigIpRuntimeInitPackageUrl | https://cdn.f5.com/product/cloudsolutions/f5-bigip-runtime-init/v2.0.2/dist/f5-bigip-runtime-init-2.0.2-1.gz.run
bigIpSecretArn | -
cfeS3Bucket | -
cfeTag | bigip_high_availability_solution
cfeVipTag | 10.0.0.101,10.0.4.101
cost | f5cost
environment | f5env
group | f5group
numAzs | 1
numNics | 3
numSubnets | 4
owner | f5owner
provisionExampleApp | FALSE
provisionPublicIpMgmt | TRUE
restrictedSrcAddressApp | 0.0.0.0/0
restrictedSrcAddressMgmt | 0.0.0.0/0
s3BucketName | f5-cft-v2
s3BucketRegion | us-east-1
sshKey | -
subnetMask | 24
uniqueString | myrepro
vpcCidr | 10.0.0.0/16

This image was the default available based on the BIG-IP PAYG choices:

Description
F5 BIGIP-17.1.1.3-0.0.5 PAYG-Best Plus 25Mbps-240321065314

Image ID
ami-0ea95cc4ecc257a2a

Expected behavior

It should deploy and not fail creating the interfaces of the BIG-IP instances

Current behavior

After deploying the template, the error I'm getting is always something like this (I tried both the ap-southeast region and north america(Oregon) :

Status reason
Embedded stack arn:aws:cloudformation:ap-southeast-1:246260921157:stack/BigIp-Failover-Example-BigIpInstance02-N5XTQN9ROH3F/f173c5f0-4391-11ef-83f5-025f63a3c509 was not successfully created: The following resource(s) failed to create: [BigipStaticManagementInterface, BigipStaticInternalInterface, BigipStaticExternalInterface].

Steps to reproduce

1. Click on Launch on either failover or quickstart with PayG
2. Fill in the necessary template parameters.

bigIpCustomImageId: ami-0ea95cc4ecc257a2a
numAzs: 1
numNics: 3 [I tried both 2 and 3 nics]
uniqueString: myrepro

I tried using the following command line but it keeps giving me

REGION=us-east-1; STACK_NAME=repro; \
aws cloudformation create-stack --region ${REGION} --stack-name ${STACK_NAME} \
  --template-url https://f5-cft-v2.s3.amazonaws.com/f5-aws-cloudformation-v2/v3.5.0.0/examples/failover/failover.yaml \
  --parameters "ParameterKey=allowUsageAnalytics,ParameterValue=FALSE \
                ParameterKey=appDockerImageName,ParameterValue=f5devcentral/f5-demo-app:latest \
                ParameterKey=application,ParameterValue=f5app \
                ParameterKey=artifactLocation,ParameterValue=f5-aws-cloudformation-v2/v3.5.0.0/examples/ \
                ParameterKey=bigIpCustomImageId,ParameterValue=ami-0ea95cc4ecc257a2a \
                ParameterKey=bigIpExternalSelfIp01,ParameterValue=10.0.0.11 \
                ParameterKey=bigIpExternalSelfIp02,ParameterValue=10.0.4.11 \
                ParameterKey=bigIpExternalVip01,ParameterValue=10.0.0.101 \
                ParameterKey=bigIpExternalVip02,ParameterValue=10.0.4.101 \
                ParameterKey=bigIpHostname01,ParameterValue=failover01.local \
                ParameterKey=bigIpHostname02,ParameterValue=failover02.local \
                ParameterKey=bigIpInstanceType,ParameterValue=t3.large \
                ParameterKey=bigIpInternalSelfIp01,ParameterValue=10.0.2.11 \
                ParameterKey=bigIpInternalSelfIp02,ParameterValue=10.0.6.11 \
                ParameterKey=bigIpMgmtAddress01,ParameterValue=10.0.1.11 \
                ParameterKey=bigIpMgmtAddress02,ParameterValue=10.0.5.11 \
                ParameterKey=bigIpPeerAddr,ParameterValue=10.0.1.11 \
                ParameterKey=bigIpRuntimeInitConfig01, ParameterValue=https://f5-cft-v2.s3.amazonaws.com/f5-aws-cloudformation-v2/v3.5.0.0/examples/failover/bigip-configurations/runtime-init-conf-2nic-payg-instance01.yaml \
                ParameterKey=bigIpRuntimeInitConfig02, ParameterValue=https://f5-cft-v2.s3.amazonaws.com/f5-aws-cloudformation-v2/v3.5.0.0/examples/failover/bigip-configurations/runtime-init-conf-2nic-payg-instance02.yaml \
                ParameterKey=bigIpRuntimeInitPackageUrl ,ParameterValue=https://cdn.f5.com/product/cloudsolutions/f5-bigip-runtime-init/v2.0.2/dist/f5-bigip-runtime-init-2.0.2-1.gz.run \
                ParameterKey=cfeTag,ParameterValue=bigip_high_availability_solution \
                ParameterKey=cfeVipTag,ParameterValue='10.0.0.101,10.0.4.101' \
                ParameterKey=cost,ParameterValue=f5cost \
                ParameterKey=environment,ParameterValue=f5env \
                ParameterKey=group,ParameterValue=f5group \
                ParameterKey=owner,ParameterValue=f5owner \
                ParameterKey=numAzs,ParameterValue=1 \
                ParameterKey=numNics,ParameterValue=2 \
                ParameterKey=numSubnets,ParameterValue=4 \
                ParameterKey=provisionExampleApp,ParameterValue=FALSE \
                ParameterKey=provisionPublicIpMgmt,ParameterValue=TRUE \
                ParameterKey=restrictedSrcAddressApp,ParameterValue='0.0.0.0/0' \
                ParameterKey=restrictedSrcAddressMgmt,ParameterValue='0.0.0.0/0' \
                ParameterKey=s3BucketName,ParameterValue=f5-cft-v2 \
                ParameterKey=s3BucketRegion,ParameterValue=us-east-1 \
                ParameterKey=subnetMask,ParameterValue=24 \
                ParameterKey=uniqueString,ParameterValue=myrepro \
                ParameterKey=vpcCidr,ParameterValue='10.0.0.0/16' \
                " \
  --capabilities CAPABILITY_NAMED_IAM

always gives me an error like:

ParameterKey=vpcCidr,ParameterValue=10.0.0.0/16                 
                                                                                                      ^
This is often because there is a preceding "," instead of a space.

[mikeshimkus]

@andrenrwn Are there any errors specific to the network interface resources from the BIG-IP stack that you can share?

Also, it looks like you are trying to deploy into a single availability zone, is that correct?

[andrenrwn]

How do you get the errors specific to the network interface resources?
Yes, I'm trying to deploy to a single availability zone. I've also tried multiple availability zones, and I think the error was similar.

The errors that cloudformation gave me was typically:

Embedded stack arn:aws:cloudformation:ap-southeast-1:246260921157:stack/BigIp-Failover-Existing-Network-Example-BigIpInstance02-1FLBQI0STQ3AX/d9b6f710-43ab-11ef-9673-0a2553a6f231 was not successfully created: The following resource(s) failed to create: [BigipStaticManagementInterface, BigipStaticExternalInterface].

failover_repro.yaml.txt

[mikeshimkus]

If you look at the resources column in the instance stack, there should be more detailed error messages for the interfaces. Those should also be in the events column.

I deployed the across-az template today with no issue...could it be running into a quota limit? The detailed error messages should have more info.

[andrenrwn]

I found these errors in the resources:

Inside:
BigIp-Failover-Example-BigIpInstance02-C3C67U6KXKV4

BigipLaunchTemplate lt-0403df42ac7bdb8e4 AWS::EC2::LaunchTemplate CREATE_COMPLETE

BigipStaticExternalInterface - AWS::EC2::NetworkInterface CREATE_FAILED

Resource handler returned message: "Address does not fall within the subnet's address range (Service: Ec2, Status Code: 400, Request ID: b6b943d6-cb19-450f-8ccf-3bf5239f353a)" (RequestToken: cd7411fc-c52b-bc12-5aae-4a284a7e679c, HandlerErrorCode: InvalidRequest)

BigipStaticManagementInterface | - | AWS::EC2::NetworkInterface CREATE_FAILED

Resource handler returned message: "Address does not fall within the subnet's address range (Service: Ec2, Status Code: 400, Request ID: eb570778-d336-4c5d-8753-1c6398ebe145)" (RequestToken: d97bd416-6bd9-89ea-9a61-f60ea5373586, HandlerErrorCode: InvalidRequest)

Although that's strange given I've used the default values from the template

Then also inside:
BigIp-Failover-Example-BigIpInstance01-VAWBNISAEZJQ

BigipLaunchTemplate lt-03d2ad3c2e13db7b1 AWS::EC2::LaunchTemplate CREATE_COMPLETE

BigipManagementEipAssociation eipassoc-078f9ad7c272f41ab AWS::EC2::EIPAssociation CREATE_COMPLETE

BigipStaticExternalInterface - AWS::EC2::NetworkInterface CREATE_FAILED

Resource handler returned message: "Address does not fall within the subnet's address range (Service: Ec2, Status Code: 400, Request ID: f012e8b1-4d80-4d14-8bcb-4128323b0904)" (RequestToken: 74be3c23-eb91-c089-d302-1854dc1e4722, HandlerErrorCode: InvalidRequest)

BigipStaticManagementInterface eni-0a9754b01a389296a AWS::EC2::NetworkInterface CREATE_COMPLETE

S3Bucket repro-bigip-high-availability-solution AWS::S3::Bucket CREATE_COMPLETE