Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

EIP tagging ability needed for CFE #35

Open
JeffGiroux opened this issue Nov 23, 2022 · 2 comments
Open

EIP tagging ability needed for CFE #35

JeffGiroux opened this issue Nov 23, 2022 · 2 comments

Comments

@JeffGiroux
Copy link

The EIPs created by the BIG-IP module need the ability to be tagged. This would allow a user to meet the Cloud Failover prereqs for AWS which state proper NIC tagging and EIP tagging. Currently a workaround is required to use data objects to retrieve EIP IDs based on public IP outputs. User requires ability to tag EIP during BIG-IP module deployment.

Similar to use case in #22

workaround

Specifically, the secondary IP of the NIC which is associated with the EIP is the value of the tag. The following two tags are required on each EIP.

# Public VIP info
data "aws_eip" "bigip_vip" {
  public_ip = module.bigip.public_addresses["external_secondary_public"][0]
}
data "aws_eip" "bigip2_vip" {
  public_ip = module.bigip2.public_addresses["external_secondary_public"][0]
}

# tagging
resource "aws_ec2_tag" "bigip2_vip_label" {
  resource_id = data.aws_eip.bigip2_vip.id
  key         = "f5_cloud_failover_label"
  value       = var.f5_cloud_failover_label
}
resource "aws_ec2_tag" "bigip2_vip_ips" {
  resource_id = data.aws_eip.bigip2_vip.id
  key         = "f5_cloud_failover_vips"
  value       = "${element(flatten(module.bigip.private_addresses["public_private"]["private_ips"][0]), 1)},${element(flatten(module.bigip2.private_addresses["public_private"]["private_ips"][0]), 1)}"
}

This is an ugly workaround but just showing the tags needed. The failover vips requires the IPs of the secondary NICs as tag values for CFE to function. My workaround is above. If we had ability to apply EIP tags, that would help.
@RavinderReddyF5
Copy link
Collaborator

RavinderReddyF5 commented Nov 25, 2022
edited
Loading

HI @JeffGiroux , we are already made changes to tag external EIP, based on variable externalnic_failover_tags

https://github.com/F5Networks/terraform-aws-bigip-module/blob/main/main.tf#L63-L68

@JeffGiroux
Copy link
Author

JeffGiroux commented Nov 25, 2022
edited
Loading

Per CFE requirements, the NIC and EIP have different tags. The way the fix has been implemented will mean adding all NIC and EIP tags into the new tag variable. That is fine for me…but will those additional NIC mapping tags caused a problem with the EIP? And will the additional EIP VIP IP address tag cause a conflict with the NIC?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@JeffGiroux @RavinderReddyF5