We have previously deployed several F5 Fail-over clusters using the ARM Template from before the release of the v2 templates. We have previosuly installed updates for the Cloud Fail-over Extensions in order to ensure that the fail-over operations continue to work, however, when we updated from CFE 1.15 to the v2.x CFE, we had issues with the fail-over operation.
F5 Azure ARM Templates v1
Initially we believed this was due to some permission changes that were required as this was indicated in the error logs on the nodes.
After granting the additional identified permission to the Storage Account for the Managed Identities of the nodes we encountered a more catstrophic failure. All Public IPs and secondary interface configurations were removed from the previously active member, but were not added to the now active cluster member. This resulted in an outage for all published resources while we diagnosed, and identified the path to manually re-adding the configurations.
Needless to say, this was undesirable.
I have reviewed the v2 ARM templates, and note that there are significant changes in how the resources are deployed, as well as the various permissions and roles assigned to the managed identities. I suspect that there are compatibility limitations based on which templates were used to deploy the resources.
I have been unable to find in the documentation any reference to compatibility issues between the CFE extension version and the ARM Template version. Could this compatibility issue be confirmed, and, if it exists, be more clearly documented?
Please let me know if you require more specific details.
Regards,
JohnB
We have previously deployed several F5 Fail-over clusters using the ARM Template from before the release of the v2 templates. We have previosuly installed updates for the Cloud Fail-over Extensions in order to ensure that the fail-over operations continue to work, however, when we updated from CFE 1.15 to the v2.x CFE, we had issues with the fail-over operation.
F5 Azure ARM Templates v1
Initially we believed this was due to some permission changes that were required as this was indicated in the error logs on the nodes.
After granting the additional identified permission to the Storage Account for the Managed Identities of the nodes we encountered a more catstrophic failure. All Public IPs and secondary interface configurations were removed from the previously active member, but were not added to the now active cluster member. This resulted in an outage for all published resources while we diagnosed, and identified the path to manually re-adding the configurations.
Needless to say, this was undesirable.
I have reviewed the v2 ARM templates, and note that there are significant changes in how the resources are deployed, as well as the various permissions and roles assigned to the managed identities. I suspect that there are compatibility limitations based on which templates were used to deploy the resources.
I have been unable to find in the documentation any reference to compatibility issues between the CFE extension version and the ARM Template version. Could this compatibility issue be confirmed, and, if it exists, be more clearly documented?
Please let me know if you require more specific details.
Regards,
JohnB