Azure Template Vnet Failure [Ckp SMS & GW] about cloudguardiaas HOT 4 CLOSED

@rcarrata
Hello Roberto,
Just tried to deploy the solutions and it works as expected for me
Can you elaborate how exactly have you tried to deploy the solution? Via "Templates" service in Azure portal or PowerShell?
By saying Chkp SMS + GW deployment do you mean Standalone? Or you have tried to deploy both solution separately(Chkp SMS and GW)
If you deployed the solution via "Templates" service what _artifactsLocation URL did you use?

Thanks,
Roman

from cloudguardiaas.

Hi @chkp-romanka, thanks for your quick answer and for the update.

I'm installing the R80.30 version of the SMS and the GW from an Ansible Playbook using the azure_rm_deployment module (both separated in two different playbooks) with the latest version from ansible 2.9.10).

The playbook for SMS is using the template from: https://raw.githubusercontent.com/CheckPointSW/CloudGuardIaaS/master/azure/templates/marketplace-management/mainTemplate.json and I'm adding some parameters that they need to work:

    - name: Create resource group for SMS
      azure_rm_resourcegroup:
        name: Testing_VM_rg_chkp_smsansible_fest
        location: francecentral

    - name: Deploy SMS on azure
      ignore_errors: True
      azure_rm_deployment:
        state: present
        location: francecentral
        resource_group_name: Testing_VM_rg_chkp_smsansible_fest
        parameters:
          location:
            value: francecentral
          cloudGuardVersion:
            value: R80.30 - Bring Your Own License
          adminPassword:
            value: xxxxxx
          authenticationType:
            value: password
          vmName:
            value: chkpsmsansiblefest
          vmSize:
            value: Standard_D3_v2
          virtualNetworkName:
            value: Testing_VM_vnet_ansible_fest_francecentral
          Subnet1Name:
            value: Testing_VM_snet_internal_ansible_fest_francecentral
          Subnet1Prefix:
            value: 11.0.1.0/24
          Subnet1StartAddress:
            value: 11.0.1.6
          vnetNewOrExisting:
            value: existing
          virtualNetworkExistingRGName:
            value: Testing_VM_rg_ansible_fest
          managementGUIClientNetwork:
            value: 0.0.0.0/0
          installationType:
            value: management
          allowDownloadFromUploadToCheckPoint:
            value: 'true'
          additionalDiskSizeGB:
            value: 0
          diskType:
            value: Standard_LRS
          sourceImageVhdUri:
            value: noCustomUri
        template_link: https://raw.githubusercontent.com/CheckPointSW/CloudGuardIaaS/master/azure/templates/marketplace-management/mainTemplate.json

The azure rm template executed from Ansible works perfectly until try to download one file that is setting as dependency:

{
    "_ansible_no_log": false,
    "invocation": {
        "module_args": {
....
    "msg": "Deployment failed with status code: 200 and message: At least one resource deployment operation failed. Please list deployment operations for details. Please see https://aka.ms/DeployOperations for usage details."
}

If I check in the Azure console I see the error:

with the networkExistingSetup as a BadRequest.

This networkExistingSetup step outputs with an error:

{
    "error": {
        "code": "InvalidContentLink",
        "message": "Unable to download deployment content from 'https://raw.githubusercontent.com/CheckPointSW/CloudGuardIaaS/master/azure/templates/marketplace-management/nestedtemplates/vnet-1-subnet-existing.json'. The tracking Id is '2c79911b-4c48-421d-a189-3a84e8f41ef6'. Please see https://aka.ms/arm-deploy for usage details."
    }
}

The main template tried to download a dependency vnet-1-subnet-existing.json that is moved to another location (see that the link that is trying to download is no longer reachable in this path, and outputs an 404 when you try to download manually).

For this reason I think that the maintemplate needs to point to a proper path (without the marketplace-management), instead of the incorrect one:

https://raw.githubusercontent.com/CheckPointSW/CloudGuardIaaS/master/azure/templates/marketplace-management/nestedtemplates/vnet-1-subnet-existing.json

to

https://raw.githubusercontent.com/CheckPointSW/CloudGuardIaaS/master/azure/templates/nestedtemplates/vnet-1-subnet-existing.json

The outputhttps://raw.githubusercontent.com/CheckPointSW/CloudGuardIaaS/master/azure/templates/marketplace-management/nestedtemplates/vnet-1-subnet-existing.json

Thanks,

Roberto

from cloudguardiaas.

@rcarrata
Thanks for your detailed reply!
In the line you mentioned we build uri with nested templates(create vnet, load balancer etc) location
The uri is created from several parameters and one of them is '_artifactsLocation'.
In case a value for the _artifactsLocation is not specified the default one is used
The default value for this parameter is template link uri.
This explain why your deployment fails with invalid link.

Can you try to add _artifactLocation parameter with next values to your ansible deployment template?
_artifactLocation: "https://raw.githubusercontent.com/CheckPointSW/CloudGuardIaaS/master/azure/templates/"

Let us know if it works

Thanks,
Roman

from cloudguardiaas.

@chkp-romanka

I added the parameter of _artifactsLocation into the playbook with the value that you refered and works like a charm now.

The playbook also finished correctly and the infrastructure is deployed properly.

Thanks a lot for your support!!

Roberto

from cloudguardiaas.