Using VPC Endpoints with Cloud Failover Extension

Introduction Have you heard of the new F5 Cloud Failover Extension? Well if you haven’t, I encourage you to go out and read about this new feature. CFE is an iControl LX extension that provides L3...
Published Apr 27, 2020
Version 1.0
application delivery
AWS
cloud
iControlLX
TJ_Vreugdenhil's avatar
TJ_Vreugdenhil
Icon for Cirrus rankCirrus
May 04, 2020

Hi Noof - I followed the whole procedure, but I am getting a "Recovery operations are empty" error. Any recommendations? 

[root@ip-10-10-8-28:Standby:In Sync] config # tail -f /var/log/restnoded/restnoded.log
 
Mon, 04 May 2020 21:04:17 GMT - info: [f5-cloud-failover] Performing failover - execute
 
Mon, 04 May 2020 21:04:17 GMT - warning: [f5-cloud-failover] Performing Failover - recovery
 
Mon, 04 May 2020 21:04:17 GMT - severe: [f5-cloud-failover] Recovery operations are empty, advise reset via the API Error: Recovery operations are empty, advise reset via the API
 
  at FailoverClient._getRecoveryOperations (/var/config/rest/iapps/f5-cloud-failover/nodejs/failover.js:373:19)
 
  at _getDeviceObjects.then.then.then (/var/config/rest/iapps/f5-cloud-failover/nodejs/failover.js:124:33)
 
  at tryCatcher (/usr/share/rest/node/node_modules/bluebird/js/release/util.js:16:23)
 
  at Promise._settlePromiseFromHandler (/usr/share/rest/node/node_modules/bluebird/js/release/promise.js:512:31)
 
  at Promise._settlePromise (/usr/share/rest/node/node_modules/bluebird/js/release/promise.js:569:18)
 
  at Promise._settlePromise0 (/usr/share/rest/node/node_modules/bluebird/js/release/promise.js:614:10)
 
  at Promise._settlePromises (/usr/share/rest/node/node_modules/bluebird/js/release/promise.js:693:18)
 
  at Async._drainQueue (/usr/share/rest/node/node_modules/bluebird/js/release/async.js:133:16)
 
  at Async._drainQueues (/usr/share/rest/node/node_modules/bluebird/js/release/async.js:143:10)
 
  at Immediate.Async.drainQueues (/usr/share/rest/node/node_modules/bluebird/js/release/async.js:17:14)
 
  at runCallback (timers.js:794:20)
 
  at tryOnImmediate (timers.js:752:5)
 
  at processImmediate [as _immediateCallback] (timers.js:729:5)
 

The Following JSON declartion is successful from both F51 and F52. 

{
 
	"class": "Cloud_Failover",
 
	"environment": "aws",
 
	"externalStorage": {
 
		"scopingTags": {
 
			"f5_cloud_failover_label": "bigip-nonprod"
 
		}
 
	},
 
	"failoverAddresses": {
 
		"enabled": true,
 
		"scopingTags": {
 
			"f5_cloud_failover_nic_map_eth1": "NonProd-eth1-external",
 
			"f5_cloud_failover_nic_map_eth2": "NonProd-eth2-internal",
 
			"f5_cloud_failover_nic_map_eth3": "NonProd-eth3-internal2"
 
		},
 
		"failoverRoutes": {
 
			"enabled": true,
 
			"scopingTags": {
 
				"f5_cloud_failover_label": "bigip-nonprod-prod"
 
			},
 
			"scopingAddressRanges": [
 
			{
 
				"range": "10.10.116.0/24, 10.10.117.0/24, 10.200.116.0/24, "
 
			}
 
		],
 
			"defaultNextHopAddresses": {
 
				"discoveryType": "static",
 
				"items": [
 
					"10.200.116.105",
 
					"10.200.116.116",										
 
					"10.10.116.88",
 
					"10.10.116.56",
 
					"10.10.117.94",
 
					"10.10.117.232"
 
      ]
 
    }
 
  },
 
  "controls": {
 
   "class": "Controls",
 
   "logLevel": "silly"
 
  }
 
 }
 
}

And the dig does return a valid internal IP of the S3 Endpoint: 

[root@ip-10-10-8-10:Standby:In Sync] config # dig ec2.us-east-2.amazonaws.com
 
hmac_link.c:350: FIPS mode is 1: MD5 is only supported if the value is 0.
 
Please disable either FIPS mode or MD5.
 
 
 
; <<>> DiG 9.11.8 <<>> ec2.us-east-2.amazonaws.com
 
;; global options: +cmd
 
;; Got answer:
 
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 63858
 
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
 
 
 
;; QUESTION SECTION:
 
;ec2.us-east-2.amazonaws.com.  IN   A
 
 
 
;; ANSWER SECTION:
 
ec2.us-east-2.amazonaws.com. 60 IN   A    10.200.116.158
 
 
 
;; Query time: 3 msec
 
;; SERVER: 10.10.112.2#53(10.10.112.2)
 
;; WHEN: Mon May 04 16:05:47 CDT 2020
 
;; MSG SIZE rcvd: 61