f5-aws-cloudformation icon indicating copy to clipboard operation
f5-aws-cloudformation copied to clipboard

Published 20 hours ago verified publisher icon F5Networks

Include the verify-deployment solution in the Failover CFT

Open amolari opened this issue 4 years ago • 1 comments

Do you already have an issue opened with F5 support?

No

Description

For a deployment of a failover cluster in IaC mode, which requires to configure the BIGIP after the CloudFormation run, I need to signal the EC2 resource creation after the end of deployment, which is not done today. I've configured a CreationPolicy on Bigip2Instance (because it depends on Bigip1Instance) and added the verifyDeploymentCompletion.js (from the CFT autoscale solution) script in the CFT, adapting the solution parameter to failover and setting the instances-count to 2:

"070-verify-deployment": {
        "command": {
         "Fn::Join": [
          " ",
          [
           "nohup /config/waitThenRun.sh",
           " f5-rest-node /config/cloud/aws/node_modules/@f5devcentral/f5-cloud-libs/scripts/runScript.js",
           " --wait-for CFE_CONFIG_DONE",
           " --signal DEPLOYMENT_VERIFIED",
           " --file /config/cloud/aws/node_modules/@f5devcentral/f5-cloud-libs-aws/scripts/verifyDeploymentCompletion.js",
           " --cl-args '--user admin",
           " --password-url file:///config/cloud/aws/.adminPassword",
           " --password-encrypted true",
           " --host localhost",
           " --port 443",
           " --solution failover",
           " --log-level silly",
           " --instances-count 2",
           "'",
           " --log-level silly",
           " -o /var/log/cloud/aws/verifyDeploymentCompletion.log",
           " &>> /var/log/cloud/aws/install.log < /dev/null",
           " &"
          ]
         ]
        }
       }

Doing that, to effectively send the Signal, I needed to modify line 2036 of /config/cloud/aws/node_modules/@f5devcentral/f5-cloud-libs-aws/lib/awsCloudProvider.js in such way (replacing if (resource.ResourceType === 'AWS::AutoScaling::AutoScalingGroup') with if (resource.ResourceType === 'AWS::EC2::Instance'):

function signalResourceReady(cloudFormation, stackName, instanceId) {
    const deferred = q.defer();

    getStackResources(cloudFormation, stackName)
        .then((resources) => {
            resources.forEach((resource) => {
                if (resource.ResourceType === 'AWS::EC2::Instance') {
                    const signalParams = {
                        LogicalResourceId: resource.LogicalResourceId,
                        StackName: stackName,
                        Status: 'SUCCESS',
                        UniqueId: instanceId
                    };

With that it works, but still not perfectly, as the 2 Signals for same same instance (bigip2) will be sent, due to the fact that the CF stack has 2 resources: Bigip1Instance and Bigip2Instance. Of course, the Signal for Bigip1Instance will fail and should not have been sent.

So, my request for enhancement is to adapt the signaling code and make the verify-deployment solution available in the Failover template.

Template

f5-aws-cloudformation/supported/failover/across-net/via-api/ * v5.7.1

Severity Level

Severity: 5

amolari avatar Sep 22 '20 10:09 amolari

Thanks for this feedback. We are now tracking this enhancement internally with ID ESECLDTPLT-2274.

shyawnkarim avatar Oct 14 '20 15:10 shyawnkarim

Closing due to age. These legacy templates are now in maintenance mode and are being replaced by our next-generation templates available in the Cloud Templates 2.0 GitHub repo.

shyawnkarim avatar Nov 11 '22 21:11 shyawnkarim