MANIFEST_EXPANSION_USER_ERROR when deploying sample_quickstart.yaml

[curtkersey]

Do you already have an issue opened with F5 support?

No

Description

Deploying the sample_quickstart.yaml, and I am getting the following error regarding restrictedSrcAddressMgmt and restrictedSrcAddressApp:

ERROR: (gcloud.deployment-manager.deployments.create) Error in Operation [operation-1645651433799-5d8b61522bebf-00fcdf52-0d3c5dc5]: errors:

• code: MANIFEST_EXPANSION_USER_ERROR
  location: /deployments/ck-deploy-10/manifests/manifest-1645651433929
  message: |-
  Manifest expansion encountered the following errors: Invalid properties for 'quickstart.py':
  '0.0.0.0/0' is not of type 'array' at ['restrictedSrcAddressMgmt']
  '0.0.0.0/0' is not of type 'array' at ['restrictedSrcAddressApp']
  Resource: quickstart-py Resource: config

I have tried the value of: 0.0.0.0/0 and '0.0.0.0/0' for both values in the template; however, neither have worked.

Template

---

yamllint disable rule:line-length

Copyright 2021 F5 Networks All rights reserved.

Version 1.0.0.0s

NOTE: When filling out the parameter values for this deployment:

Deployments leverage .schema files to help enforce requirements/parameter typing and defaults.

'###' Will be used above each parameter and contain description of values required

REQUIRED parameters values are left empty and value MUST be entered.

OPTIONAL parameters contain defaults (same default from schema file). However, some are deployment specific and generally should be modified to match your environment.

CAUTION:

Use single quotes around strings when supplying special characters or list of values. Example: applicationPort '443 444 445'.

Required fields left empty or faulty values (ex. typos, incorrect timezone strings, etc.)

can result in various classes of failures, from template launch failures to silent BIG-IP deployment failures.

Use the Troubleshooting section at the bottom of this .yaml to understand if the template and BIG-IP deployed correctly.

imports:

• path: quickstart.py
• path: ../modules/application/application.py
• path: ../modules/bastion/bastion.py
• path: ../modules/bigip-standalone/bigip_standalone.py
• path: ../modules/dag/dag.py
• path: ../modules/network/network.py
  resources:
• name: quickstart-py
  properties:

  (OPTIONAL) The docker container you like to deploy for the demo application.

  appContainerName: f5devcentral/f5-demo-app:latest

  (OPTIONAL) Application label.

  application: f5app

  (OPTIONAL) The image name to deploy. If you would like to view all available images, run the following command from the gcloud command line: gcloud compute images list --project f5-7626-networks-public --filter="name~f5"

  bigIpImageName: f5-bigip-16-1-0-0-0-19-payg-best-25mbps-210623021328

  (OPTIONAL) Instance type assigned to BIG-IP, for example 'n1-standard-4'.

  bigIpInstanceType: n1-standard-4

  (OPTIONAL) Supply a URL to the bigip-runtime-init configuration file in YAML or JSON format

  bigIpRuntimeInitConfig: >-
  https://raw.githubusercontent.com/F5Networks/f5-google-gdm-templates-v2/v1.0.0.0/examples/quickstart/bigip-configurations/runtime-init-conf-3nic-payg.yaml

  (OPTIONAL) Supply a URL for the bigip-runtime-init package

  bigIpRuntimeInitPackageUrl: >-
  https://cdn.f5.com/product/cloudsolutions/f5-bigip-runtime-init/v1.3.2/dist/f5-bigip-runtime-init-1.3.2-1.gz.run

  (OPTIONAL) Cost Center label.

  cost: f5cost

  (OPTIONAL) Environment Center label.

  environment: f5env

  (OPTIONAL) Group label.

  group: f5group

  (OPTIONAL) Enter valid number of network interfaces (1-3) to create on the BIG-IP VE instance.

  numNics: 3

  (OPTIONAL) Owner label.

  owner: f5owner

  (OPTIONAL) Provision Public IP addresses for the BIG-IP Management interface. By default, this is set to true. If set to false, the solution will deploy a bastion host instead in order to provide access.

  provisionPublicIp: true

  (REQUIRED) Enter the Google Region in which you want to deploy BIG-IP, for example 'us-west1'.

  region: us-east1

  (OPTIONAL) This field restricts web application access (ports 80 and 443) to a specific network or address. Enter an IP address or address range in CIDR notation. For example, '55.55.55.55/32'.

  restrictedSrcAddressApp: '0.0.0.0/0'

  (REQUIRED) This field restricts management access to a specific network or address. Enter an IP address or address range in CIDR notation. For example, '55.55.55.55/32'.

  restrictedSrcAddressMgmt: '0.0.0.0/0'

  (OPTIONAL) A prefix that will be used to name template resources. Because some resources require globally unique names, we recommend using a unique value.

  uniqueString: myuniqstr

  (OPTIONAL) Enter the Google availability zone where you want to deploy the BIG-IP VE instance, for example 'us-west1-a'.

  zone: us-east1-b
  type: quickstart.py

TROUBLESHOOTING:

* If template did not successfully deploy, go to console.cloud.google.com Navigation Menu -> Deployment Manager -> Your Deployment Name for more details

TIP: See "Expanded Config" to see what the final template that was rendered/created with python script and parameters you provided

* If template succeeded, wait ~ 6-10 Minutes (Instance needs to swap management NIC and reboot).

* Try Logging in via SSH to confirm BIG-IP deployment was successful (for instance, if startup scripts completed as expected on the BIG-IPs)

To obtain Management IP (eth0 on Single NIC, eth1 on Multi-NIC BIG-IP):

> Go to Console -> Compute Engine -> VM Instances -> YOUR_INSTANCE_NAME -> Network Interfaces

> gcloud compute instances describe YOUR_INSTANCE_NAME --zone YOUR_ZONE --format="text(networkInterfaces)"

Check logs: /var/log/cloud/google/, /var/log/cloud, /var/log/restnoded/restnoded.log, etc.

* If not able to log in, check "Serial port 1 (console)" output for any errors.

> Go to Console -> Compute Engine -> VM Instances -> YOUR_INSTANCE_NAME -> Logs

> gcloud compute instances get-serial-port-output YOUR_INSTANCE_NAME --port 1 --zone YOUR_ZONE

See: https://cloud.google.com/compute/docs/instances/viewing-serial-port-output

* See README for additional guidance on troubleshooting, filing issues, getting Support, etc.

Severity Level

For bugs, enter the bug severity level. Do not set any labels.

Severity: 2 - have pending customer demo for the template

Severity level definitions:

1. Severity 1 (Critical) : Defect is causing systems to be offline and/or nonfunctional. immediate attention is required.
2. Severity 2 (High) : Defect is causing major obstruction of system operations.
3. Severity 3 (Medium) : Defect is causing intermittent errors in system operations.
4. Severity 4 (Low) : Defect is causing infrequent interuptions in system operations.
5. Severity 5 (Trival) : Defect is not causing any interuptions to system operations, but none-the-less is a bug.

[mikeshimkus]

@curtkersey Try this:

      restrictedSrcAddressApp:
        - 0.0.0.0/0
      restrictedSrcAddressMgmt:
        - 0.0.0.0/0

[curtkersey]

That worked - thanks!

This is different than the v1 templates, and the docs do not make it clear. Can we update the docs to make it clear? I see it has the '-' in the docs, but not in this way. I tested again with exactly how the docs has it listed, and it fails with a YAML parsing error.

Thanks again!

[shyawnkarim]

I just double checked our documentation and you are right. We are now tracking this update, to our documentation, with internal ID ESECLDTPLT-3000.