Skip to main content

 

Introduction

Aviatrix Sandbox Starter Tool (SST) is a community-based and community-supported tool that deploys following small test/lab cloud network environment in minutes.

This SaaS like lightweight tool first deploys an Aviatrix Controller in AWS. Once the Controller is up, the tool uses Terraform to create Aviatrix transit (Hub and Spoke) topology in AWS.

Two EC2 test instances will be deployed and connected, that can be used to run test cases, POC or SRE work using the Aviatrix platform with simplicity, automation, visibility, and control.

The self-guided UI workflow can also deploy Azure Network and connect to AWS.

Additional use-cases can then be added directly from Controller UI or Terraform following step by step tool user guide.

SST itself can be deployed using three different options

  1. AWS EC2 Instance
    1. This method is documented in this article itself.
  2. Cloud AMI via Terraform Module
  3. Local Machine 

This document uses the recommended Cloud AMI Option#1 to deploy the SST and Cloud Networks.

Cost

The Sandbox Starter Tool itself is free but there is a cost of running the lab. Please refer to this link for a detailed cost breakdown.

Before You Begin

Notes:

When subscribing to the platform, you must set up your account after clicking subscribe to generate your controller license key (which will be emailed to the address used in the set up process). This will be used as input to the sandbox starter and subsequently configured during your controller launch.

This tool works the best for a brand new Aviatrix Controller deployment. If you previously deployed Aviatrix Controller, make sure you delete the following first

  • Aviatrix EC2 roles
  • Aviatrix EC2 policies are deleted
  • Delete Aviatrix default key-pair

Launch Sandbox Starter Using AWS EC2 Instance

You can deploy this tool in any AWS region. Make sure you have a proper EIP and VPC quota for your region. In our example, we will be deploying the Sandbox Starter tool in the N. Virginia region (us-east-1).

  • Click here to search for the Sandbox Starter Public AMI under the Images section and select the latest Sandbox Starter AMI

  • Click the "Launch Instance from Image" button and select t3.micro or t2.micro instance size

  

  • Click Configure Instance Details and provide the following information. Leave everything else as default
    • Network: Select the default VPC.
    • Subnet: Select the public subnet
    • Auto-assign Public IP: Enable

  • Click Add Storage button. Do not change anything here
  • Click Add Tags. Do not change anything here
  • Click Configure Security Group and block inbound access to SST EC2
  • Create a new security group with the following information
    • Security Group Name: Aviatrix_Sandbox_Starter_SG
    • Delete the SSH TCP 22 rule and add a new HTTPS TCP 443 rule. You must make sure that only your IP address has access to Sandbox Tool
    • Ignore the warning

Reference: Authorize inbound traffic for your Linux instances

  • Review and launch now

  • Select the Key Pair and Launch

  • Click on the instance ID to show the details and copy the Public IPv4 address

  • Once the instance "Running", browse to https://<Public IPv4 address>
    • In our example it is https://54.173.15.154/
    • The tool uses a self-signed certificate
      • Accept the warning and proceed
      • If using Chrome and you get a connection error message, you can bypass that by clicking anywhere and typing thisisunsafe

You should see the "Aviatrix Sandbox Starter" user interface (UI) now.

Standard Mode Wizard with AWS

Standard is the recommended workflow. This will deploy the controller and topology in the regions specified in the diagram.

  

 

Provide AWS Credentials

You can get the Access Key under the "Security Credential" area in AWS console. If you don't have one, you should create one.

Launch the Controller in AWS

Notes

  • The controller version will default to that which is needed for ACE courses. You can choose other available versions with the understanding that they may not be compatible those courses.
  • Be sure to subscribe to the AWS marketplace offerings mentioned in the Before You Begin section above and set up your account to generate the Controller License required as input.
  • In the future, we might add the option to launch Controller in other Clouds

Launch Global Transit (Hub) and two Spokes in AWS

Launch Test EC2 instances

Test EC2 (Amazon Linux VMs) will be launched in their respective Spoke VPCs

Provide an Existing Key Pair Name

This must be configured in your AWS account in us-east-2 (Ohio) region as per-requisite. You will need this Key Pair to login to test EC2 instances to verify the end-to-end connectivity.

Select No for "Launch Aviatrix Transit in Azure"

Success Message

Upon success, you will receive the necessary public and private IP addresses. The entire process should take somewhere between 22-30 minutes.

Now you can log in to Aviatrix Controller UI by clicking the controller URL.

Note: The user name is admin and the password is the one you selected earlier in the process.

Lock Inbound Access to Controller

After the Controller is deployed, you must do the following to lock the inbound access so that no one has access to it.

1-  Enable the security group management feature so all of the gateways' IP addresses are allowed to reach the controller on HTTPS/port 443

2- Lock all inbound access to Controller except your own IP address

Reference: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/authorizing-access-to-an-instance.html 

Experience the Platform and Deploy Use Cases

Follow the instructions in the Test Plan to experience the Aviatrix Multi-Cloud platform and deploy recommended use case.

Besides that, users are highly encouraged to deploy more use-cases based on their needs and requirement by following the official documentation at https://docs.aviatrix.com

Standard Mode Deployment with AWS and Azure

Azure deployment is optional. You must have an Azure subscription and related information if you are planning on extending the network in Azure.

For Sandbox deployment both in AWS and Azure, follow the video here

https://youtu.be/INqXNQgWgmg

 

Destroy / Delete the entire LAB

 

Once you are done testing and validating Cloud Networks, you may destroy or delete the entire lab. First, turn off AWS access security on the controller by logging into the controller and clicking on "Settings" in the left-hand nav. Click on "Controller," then "Access Security" in the top tabs. Under "Controller Security Group Management," click "Disable".

Back in the sandbox starter, use the "Destroy" option on the top right of the browser UI.

If you destroyed SST before getting a chance to destroy your environment, you will need to manually delete these resources in order (always check you are in the appropriate region first):

  1. Terminate the Spoke and Transit gateways in AWS (if applicable)
  2. Remove the Resource Groups in Azure (if applicable)
  3. Disable Termination Protection on the EC2 instance for the Controller
  4. Terminate the Controller EC2 instance
  5. Remove the SSH keypair
  6. Delete the Security Groups
  7. Delete the VPC where the Gateways and Controller was deployed
  8. Delete the IAM Roles and Policies starting with ‘aviatrix’

Note that if you deployed CoPilot, it must be deleted manually by logging into AWS/Azure Console.

Support Model

This community-based and open-source tool is NOT supported by the Aviatrix Enterprise support team. For any questions or issues related to this tool, please use the Aviatrix Community platform.

Open Source

  1. Code for this open-source tool is available at https://github.com/AviatrixSystems/sandbox-starter
  2. Terraform module for Sandbox Starter launch is available here at https://github.com/terraform-aviatrix-modules/terraform-aviatrix-aws-sandbox-starter
  3. The container code is available here

Hello Team ,



I was trying a hands on in Sandbox Tool and successfully Launched the controller but after that I am getting a following error message and I could not move further .When I am trying to Launch Aviatrix Transit in AWS it failed many times .I am getting the following debug message and also the screen should of the GUI where I am stuck  .Can anyone help me to solve the problem 



 



aviatrix_spoke_gateway.aws_spoke_gws["spoke1"]: Still creating... [17m10s elapsed] aviatrix_spoke_gateway.aws_spoke_gws["spoke2"]: Still creating... [17m10s elapsed] aviatrix_spoke_gateway.aws_spoke_gws["spoke2"]: Still creating... [17m20s elapsed] aviatrix_spoke_gateway.aws_spoke_gws["spoke2"]: Still creating... [17m30s elapsed] aviatrix_spoke_gateway.aws_spoke_gws["spoke2"]: Still creating... [17m40s elapsed] â•· │ Warning: Resource targeting is in effect │ │ You are creating a plan with the -target option, which means that the │ result of this plan may not represent all of the changes requested by the │ current configuration. │ │ The -target option is not for routine use, and is provided only for │ exceptional situations such as recovering from errors or mistakes, or when │ Terraform specifically suggests to use it as part of an error message. ╵ â•· │ Warning: Applied changes may be incomplete │ │ The plan was created with the -target option in effect, so some changes │ requested in the configuration may have been ignored and the output values │ may not be fully updated. Run the following command to verify that no other │ changes are pending: │ terraform plan │ │ Note that the -target option is not suitable for routine use, and is │ provided only for exceptional situations such as recovering from errors or │ mistakes, or when Terraform specifically suggests to use it as part of an │ error message. ╵ 
â•· │ 
failed to create Aviatrix Transit Gateway: rest API create_transit_gw Post failed: nAVXERR-TRANSIT-0118] Gateway initilization failed: Copying /tmp/AWS-UE2-Transit-GW/localgateway_info.txt to gateway AWS-UE2-Transit-GW host AWS-UE2-Transit-GW.aviatrixnetwork.com failed: HTTPSConnectionPool(host='aws-ue2-transit-gw.aviatrixnetwork.com', port=443): Max retries exceeded with url: /upload.php (Caused by ConnectTimeoutError(<urllib3.connection.VerifiedHTTPSConnection object at 0x7faca0bb2c88>, 'Connection to aws-ue2-transit-gw.aviatrixnetwork.com timed out. (connect timeout=4)')) │ <br>Note, your VPC DNS Resolution must be set to Yes<br>Also check your ACL rules below:<br>Outbound - 0.0.0.0/0 ALL - allow<br>Outbound - 0.0.0.0/0 ALL - deny<br>Inbound - 0.0.0.0/0 ALL - allow<br>Inbound - 0.0.0.0/0 ALL - deny<br> │ │ with aviatrix_transit_gateway.aws_transit_gw, │ on aviatrix_aws.tf line 28, in resource "aviatrix_transit_gateway" "aws_transit_gw": │ 28: resource "aviatrix_transit_gateway" "aws_transit_gw" { │ ╵ ╷ │
failed to create Aviatrix Spoke Gateway: rest API create_spoke_gw Post failed: tAVXERR-TRANSIT-0118] Gateway initilization failed: Copying /tmp/AWS-UE2-Spoke1-GW/localgateway_info.txt to gateway AWS-UE2-Spoke1-GW host AWS-UE2-Spoke1-GW.aviatrixnetwork.com failed: HTTPSConnectionPool(host='aws-ue2-spoke1-gw.aviatrixnetwork.com', port=443): Max retries exceeded with url: /upload.php (Caused by ConnectTimeoutError(<urllib3.connection.VerifiedHTTPSConnection object at 0x7fac9753fb00>, 'Connection to aws-ue2-spoke1-gw.aviatrixnetwork.com timed out. (connect timeout=4)')) │ <br>Note, your VPC DNS Resolution must be set to Yes<br>Also check your ACL rules below:<br>Outbound - 0.0.0.0/0 ALL - allow<br>Outbound - 0.0.0.0/0 ALL - deny<br>Inbound - 0.0.0.0/0 ALL - allow<br>Inbound - 0.0.0.0/0 ALL - deny<br> │ │ with aviatrix_spoke_gateway.aws_spoke_gws0"spoke1"], │ on aviatrix_aws.tf line 49, in resource "aviatrix_spoke_gateway" "aws_spoke_gws": │ 49: resource "aviatrix_spoke_gateway" "aws_spoke_gws" { │ ╵ ╷ │
failed to create Aviatrix Spoke Gateway: rest API create_spoke_gw Post failed: ·AVXERR-TRANSIT-0118] Gateway initilization failed: Copying /tmp/AWS-UE2-Spoke2-GW/localgateway_info.txt to gateway AWS-UE2-Spoke2-GW host AWS-UE2-Spoke2-GW.aviatrixnetwork.com failed: HTTPSConnectionPool(host='aws-ue2-spoke2-gw.aviatrixnetwork.com', port=443): Max retries exceeded with url: /upload.php (Caused by ConnectTimeoutError(<urllib3.connection.VerifiedHTTPSConnection object at 0x7fac97566400>, 'Connection to aws-ue2-spoke2-gw.aviatrixnetwork.com timed out. (connect timeout=4)')) │ <br>Note, your VPC DNS Resolution must be set to Yes<br>Also check your ACL rules below:<br>Outbound - 0.0.0.0/0 ALL - allow<br>Outbound - 0.0.0.0/0 ALL - deny<br>Inbound - 0.0.0.0/0 ALL - allow<br>Inbound - 0.0.0.0/0 ALL - deny<br> │ │ with aviatrix_spoke_gateway.aws_spoke_gwsb"spoke2"], │ on aviatrix_aws.tf line 49, in resource "aviatrix_spoke_gateway" "aws_spoke_gws": │ 49: resource "aviatrix_spoke_gateway" "aws_spoke_gws" { │ ╵ --> Failed to launch AWS transit, aborting.

Sujith Rajendran Unfortunately you've hit a bug in our current ami that affects some controller deployments, resulting in the behavior you describe. You have two options to move forward:





  1. Click the Destroy button in the top right of the sst and start over. It's possible to hit the same bug in a subsequent launch.


  2. (Recommended) Log into the controller, scroll to the bottom of the left-hand nav, expand Troubleshoot, then click on Diagnostics. Scroll to the panel with the title 'Controller IP Address Migration' and click the 'Migrate' button. Once complete, you can pick up where you left off in the sandbox-starter UI.




Hope you find this helpful.

John Smoker Thank you .I will try the steps provided and update to you with the results .

Sujith Rajendran I was unable to login to the Controller and before it self the error occurred .I have destroyed my previous controller and started freshly and this time it was successful without any error .

John Smoker I hit that bug today. The 2nd (the recommended) option solved the issue. Thank you!

Hello Aviatrix team,



I am currently testing the sandbox starter tool. I was able to successfully deploy in AWS but I'm having an issue with the Azure deployment(Launch Aviatrix Transit in Azure) do I also need to have a subscription in Azure similar to AWS(Aviatrix Copilot)?

Here is the error message for reference:



Sandbox Starter tool Step 6



failed to create Aviatrix Account: rest API setup_account_profile Post failed: Encountered Exception CloudxErrExt: │ Message: Account azure-network has failed to connect to ARM. Please check if you have valid subscription_id, tenant_id, client_id, client_secret, abort │ Class: CloudxErrExt │ cloud_type: 8 │ account_name: azure-network │ Exceptions: │ class: CloudError Azure AuthorizationFailed │ Message: The client '02e6e4aa-814d-4594-bee6-c97ef3f75c8a' with object id '02e6e4aa-814d-4594-bee6-c9

Hi Simeon , if you want to deploy a Transit in Azure, then you definitely need an active Azure subscription.

 Hi Umair Hoodbhoy thank you for reaching out. yes I have an active subscription however it keeps on giving an error when I do the Azure step.I have tried to recreate the steps using a different azure account but still it errors out.

Simeon Aaron Victorino What error message?

Umair Hoodbhoy here is the error message



 



failed to create Aviatrix Account: rest API setup_account_profile Post failed: Encountered Exception CloudxErrExt: │ Message: Account azure-network has failed to connect to ARM. Please check if you have valid subscription_id, tenant_id, client_id, client_secret, abort │ Class: CloudxErrExt │ cloud_type: 8 │ account_name: azure-network │ Exceptions: │ class: CloudError Azure AuthorizationFailed │ Message: The client '02e6e4aa-814d-4594-bee6-c97ef3f75c8a' with object id '02e6e4aa-814d-4594-bee6-c9

Simeon Aaron Victorino the message is truncated. The Object ID at the end is not in the expected 8-4-4-4-12 format. Instead, it is being reported by you in a 8-4-4-4-2 format. In order to troubleshoot further, we need the full error message. You can always get the full message for the Resource Group in the Azure Portal under the Activity Log.

Umair Hoodbhoy



 



I would like to consult your advice about it.



https://community.aviatrix.com/t/g9hbsg3/ace-iac-day-zero-enable_active_mesh-var-active_mesh

Ken yau I sent you an email to the email linked to your Community account. Please check that.

I am hitting an error while launching transit in AWS using sandbox starter tool 1.1.6). 

Error-
viatrix_spoke_gateway.aws_spoke_gws["spoke1"]: Creation complete after 3m47s [id=AWS-UE2-Spoke1-GW] aviatrix_spoke_gateway.aws_spoke_gws["spoke2"]: Creation complete after 3m47s [id=AWS-UE2-Spoke2-GW] ╷ │ Warning: Resource targeting is in effect │ │ You are creating a plan with the -target option, which means that the │ result of this plan may not represent all of the changes requested by the │ current configuration. │ │ The -target option is not for routine use, and is provided only for │ exceptional situations such as recovering from errors or mistakes, or when │ Terraform specifically suggests to use it as part of an error message. ╵ ╷ │ Warning: Applied changes may be incomplete │ │ The plan was created with the -target option in effect, so some changes │ requested in the configuration may have been ignored and the output values │ may not be fully updated. Run the following command to verify that no other │ changes are pending: │ terraform plan │ │ Note that the -target option is not suitable for routine use, and is │ provided only for exceptional situations such as recovering from errors or │ mistakes, or when Terraform specifically suggests to use it as part of an │ error message. ╵
╷ │
failed to create Aviatrix Transit Gateway: rest API create_transit_gw Post failed:
Failed to allocate EIP, An error occurred (AddressLimitExceeded) when calling the AllocateAddress operation: The maximum number of addresses has been reached. │ │ with aviatrix_transit_gateway.aws_transit_gw, │ on aviatrix_aws.tf line 28, in resource "aviatrix_transit_gateway" "aws_transit_gw": │ 28: resource "aviatrix_transit_gateway" "aws_transit_gw" { │ ╵ --> Failed to launch AWS transit, aborting.

Any help? 



Ateet You're hitting up against AWS eip limits. The relevant part of the error is: 



Failed to allocate EIP, An error occurred (AddressLimitExceeded) when calling the AllocateAddress operation


You'll either need to release existing EIPs in that region or request a quota increase from AWS and re-run the step where the failure occurred.

Getting below error while launching Aviatrix transit in azure. can you please assist me on this?



} } Plan: 9 to add, 0 to change, 0 to destroy. aviatrix_account.azure_account: Creating... ╷ │ Warning: Resource targeting is in effect │ │ You are creating a plan with the -target option, which means that the │ result of this plan may not represent all of the changes requested by the │ current configuration. │ │ The -target option is not for routine use, and is provided only for │ exceptional situations such as recovering from errors or mistakes, or when │ Terraform specifically suggests to use it as part of an error message. ╵ ╷ │ Warning: Applied changes may be incomplete │ │ The plan was created with the -target option in effect, so some changes │ requested in the configuration may have been ignored and the output values │ may not be fully updated. Run the following command to verify that no other │ changes are pending: │ terraform plan │ │ Note that the -target option is not suitable for routine use, and is │ provided only for exceptional situations such as recovering from errors or │ mistakes, or when Terraform specifically suggests to use it as part of an │ error message. ╵
╷ │
failed to create Aviatrix Account: rest API setup_account_profile Post failed: Encountered Exception CloudxErrExt: │ Message: Account azure-network has failed to connect to ARM. Please check if you have valid subscription_id, tenant_id, client_id, client_secret, abort │ Class: CloudxErrExt │ cloud_type: 8 │ account_name: azure-network │ Exceptions: │ class: CloudError Azure
AuthorizationFailed │ Message: The client '1fecb142-f22b-4b73-a24f-cf7ca97f8751' with object id '1fecb142-f22b-4b73-a24f-cf7ca97f8751' does not have authorization to perform action 'Microsoft.Resources/subscriptions/resourcegroups/read' over scope '/subscriptions/e67611b3-4820-4256-b201-4782c330a247' or the scope is invalid. If access was recently granted, please refresh your credentials. │ deserializer: <msrest.serialization.Deserializer object at 0x7f53fd8229b0> │ error: Azure
AuthorizationFailed │ Message: The client '1fecb142-f22b-4b73-a24f-cf7ca97f8751' with object id '1fecb142-f22b-4b73-a24f-cf7ca97f8751' does not have authorization to perform action 'Microsoft.Resources/subscriptions/resourcegroups/read' over scope '/subscriptions/e67611b3-4820-4256-b201-4782c330a247' or the scope is invalid. If access was recently granted, please refresh your credentials. │ message: The client '1fecb142-f22b-4b73-a24f-cf7ca97f8751' with object id '1fecb142-f22b-4b73-a24f-cf7ca97f8751' does not have authorization to perform action 'Microsoft.Resources/subscriptions/resourcegroups/read' over scope '/subscriptions/e67611b3-4820-4256-b201-4782c330a247' or the scope is invalid. If access was recently granted, please refresh your credentials. │ response: <Response r403]> │ status_code: 403 │ request_id: 35c2cac7-64ab-4610-a528-4645cbe16a09 │ inner_exception: Azure
AuthorizationFailed │ Message: The client '1fecb142-f22b-4b73-a24f-cf7ca97f8751' with object id '1fecb142-f22b-4b73-a24f-cf7ca97f8751' does not have authorization to perform action 'Microsoft.Resources/subscriptions/resourcegroups/read' over scope '/subscriptions/e67611b3-4820-4256-b201-4782c330a247' or the scope is invalid. If access was recently granted, please refresh your credentials. │ │ │ with aviatrix_account.azure_account, │ on aviatrix_azure.tf line 2, in resource "aviatrix_account" "azure_account": │ 2: resource "aviatrix_account" "azure_account" { │ ╵ --> Failed to launch Azure transit, aborting.

Getting below error while launching Aviatrix transit in Azure.please help



aviatrix_transit_gateway.azure_transit_gw: Still creating... [10s elapsed] aviatrix_spoke_gateway.azure_spoke_gws["spoke1"]: Still creating... [10s elapsed] aviatrix_spoke_gateway.azure_spoke_gws["spoke2"]: Still creating... [20s elapsed] aviatrix_spoke_gateway.azure_spoke_gws["spoke1"]: Still creating... [20s elapsed] aviatrix_transit_gateway.azure_transit_gw: Still creating... [20s elapsed] ╷ │ Warning: Resource targeting is in effect │ │ You are creating a plan with the -target option, which means that the │ result of this plan may not represent all of the changes requested by the │ current configuration. │ │ The -target option is not for routine use, and is provided only for │ exceptional situations such as recovering from errors or mistakes, or when │ Terraform specifically suggests to use it as part of an error message. ╵ ╷ │ Warning: Applied changes may be incomplete │ │ The plan was created with the -target option in effect, so some changes │ requested in the configuration may have been ignored and the output values │ may not be fully updated. Run the following command to verify that no other │ changes are pending: │ terraform plan │ │ Note that the -target option is not suitable for routine use, and is │ provided only for exceptional situations such as recovering from errors or │ mistakes, or when Terraform specifically suggests to use it as part of an │ error message. ╵
╷ │
failed to create Aviatrix Transit Gateway: rest API create_transit_gw Post failed:
AVXERR-TRANSIT-0067] Azure
InvalidTemplateDeployment │ Message: The template deployment failed with error: 'The resource with id: '/subscriptions/e67611b3-4820-4256-b201-4782c330a247/resourceGroups/rg-av-AZ-EU-Transit-VNet-893683/providers/Microsoft.Compute/virtualMachines/av-gw-AZ-EU-Transit-GW' failed validation with message: 'The requested size for resource '/subscriptions/e67611b3-4820-4256-b201-4782c330a247/resourceGroups/rg-av-AZ-EU-Transit-VNet-893683/providers/Microsoft.Compute/virtualMachines/av-gw-AZ-EU-Transit-GW' is currently not available in location 'East US' zones '' for subscription 'e67611b3-4820-4256-b201-4782c330a247'. Please try another size or deploy to a different location or zones. See https://aka.ms/azureskunotavailable for details.'.'. Please go to Azure cloud portal and check Activity log for resource group rg-av-AZ-EU-Transit-VNet-893683 to get detailed reason. │ │ with aviatrix_transit_gateway.azure_transit_gw, │ on aviatrix_azure.tf line 25, in resource "aviatrix_transit_gateway" "azure_transit_gw": │ 25: resource "aviatrix_transit_gateway" "azure_transit_gw" { │ ╵ ╷ │
failed to create Aviatrix Spoke Gateway: rest API create_spoke_gw Post failed:
rAVXERR-TRANSIT-0067] Azure
InvalidTemplateDeployment │ Message: The template deployment failed with error: 'The resource with id: '/subscriptions/e67611b3-4820-4256-b201-4782c330a247/resourceGroups/rg-av-AZ-EU-Spoke1-VNet-189177/providers/Microsoft.Compute/virtualMachines/av-gw-AZ-EU-Spoke1-GW' failed validation with message: 'The requested size for resource '/subscriptions/e67611b3-4820-4256-b201-4782c330a247/resourceGroups/rg-av-AZ-EU-Spoke1-VNet-189177/providers/Microsoft.Compute/virtualMachines/av-gw-AZ-EU-Spoke1-GW' is currently not available in location 'East US' zones '' for subscription 'e67611b3-4820-4256-b201-4782c330a247'. Please try another size or deploy to a different location or zones. See https://aka.ms/azureskunotavailable for details.'.'. Please go to Azure cloud portal and check Activity log for resource group rg-av-AZ-EU-Spoke1-VNet-189177 to get detailed reason. │ │ with aviatrix_spoke_gateway.azure_spoke_gws7"spoke1"], │ on aviatrix_azure.tf line 39, in resource "aviatrix_spoke_gateway" "azure_spoke_gws": │ 39: resource "aviatrix_spoke_gateway" "azure_spoke_gws" { │ ╵ ╷ │
failed to create Aviatrix Spoke Gateway: rest API create_spoke_gw Post failed:
‚AVXERR-TRANSIT-0067] Azure
InvalidTemplateDeployment │ Message: The template deployment failed with error: 'The resource with id: '/subscriptions/e67611b3-4820-4256-b201-4782c330a247/resourceGroups/rg-av-AZ-EU-Spoke2-VNet-928779/providers/Microsoft.Compute/virtualMachines/av-gw-AZ-EU-Spoke2-GW' failed validation with message: 'The requested size for resource '/subscriptions/e67611b3-4820-4256-b201-4782c330a247/resourceGroups/rg-av-AZ-EU-Spoke2-VNet-928779/providers/Microsoft.Compute/virtualMachines/av-gw-AZ-EU-Spoke2-GW' is currently not available in location 'East US' zones '' for subscription 'e67611b3-4820-4256-b201-4782c330a247'. Please try another size or deploy to a different location or zones. See https://aka.ms/azureskunotavailable for details.'.'. Please go to Azure cloud portal and check Activity log for resource group rg-av-AZ-EU-Spoke2-VNet-928779 to get detailed reason. │ │ with aviatrix_spoke_gateway.azure_spoke_gwsU"spoke2"], │ on aviatrix_azure.tf line 39, in resource "aviatrix_spoke_gateway" "azure_spoke_gws": │ 39: resource "aviatrix_spoke_gateway" "azure_spoke_gws" { │ ╵ --> Failed to launch Azure transit, aborting.

Jisha Krishnan This looks like a capacity issue on the Azure side in the US East region. Could be transitory and I'd expect retrying the deployment to succeed. Alternatively, you could destroy and redeploy in advanced mode to target a different Azure region.

Hi....The Sandbox fails to launch Virtual Machines in Azure. Please see attached.

Pete Verma You've run into the same issue as Jisha above. Azure seems like they've been having capacity issues with the Standard_B1ms instance size in US East. I've been able to successfully deploy today. I'd suggest trying again or destroying and running in advanced mode to target a different region.

@John Smoker  as suggested I have tried to deploy in advanced mode with different regions however its still failing can you please let met know which region and other parameter which  you have tried and worked.



debug as per advanced mode attached

Jisha Krishnan I'm afraid I don't have further advice on this since the issue is with Azure capacity. I just launched using Standard mode in `US EAST` and was able to complete with success. The instances we're using haven't been deprecated, Azure just seems to be over-utilized at peak times.

I was unable to lunch the controller and copilot. There is a problem with volume size as you see below. 

Error launching source instance: InvalidBlockDeviceMapping: Volume of size 32GB is smaller than snapshot 'snap-0510ea2db4fff68ce', expect size >= 64GB │ status code: 400, request id: 144bb515-bb2d-46ce-97c3-dddfbac1ff4b │ │ with module.avtx_controller_instance.aws_instance.aviatrixcontrollerr0], │ on aviatrix-controller-build/main.tf line 22, in resource "aws_instance" "aviatrixcontroller": │ 22: resource "aws_instance" "aviatrixcontroller" { │ ╵ --> Controller launch failed, aborting.

I ended up running manually but am happy to re-try again 

Qousai Edelbi This sounds like you have a pre-1.1.7 version of the sst. The current release is v1.2.4. I'd suggest you upgrade to the latest if you'd like to try again.

I cannot make the terraform work for ace-lac-zero.



 Bottom Expand Full screen



Terraform v1.0.6


on linux_amd64


Initializing plugins and modules...


Initializing modules...


Downloading terraform-aviatrix-modules/mc-spoke/aviatrix 1.2.3 for aws_spoke_1...


- aws_spoke_1 in .terraform/modules/aws_spoke_1


Downloading terraform-aws-modules/ec2-instance/aws 2.21.0 for aws_spoke_bastion...


- aws_spoke_bastion in .terraform/modules/aws_spoke_bastion


Downloading terraform-aviatrix-modules/mc-transit/aviatrix 2.1.4 for aws_transit_1...


- aws_transit_1 in .terraform/modules/aws_transit_1


Downloading terraform-aviatrix-modules/mc-spoke/aviatrix 1.2.3 for azure_spoke_2...


- azure_spoke_2 in .terraform/modules/azure_spoke_2


Downloading terraform-aws-modules/security-group/aws 3.18.0 for security_group_1...


- security_group_1 in .terraform/modules/security_group_1


There are some problems with the configuration, described below.





The Terraform configuration must be valid before initialization so that


Terraform can determine which modules and providers need to be installed.


â•·


│ Error: Unsupported argument


│


│   on .terraform/modules/aws_transit_1/variables.tf line 15, in variable "name":


│   15:   nullable    = false


│


│ An argument named "nullable" is not expected here.


╵





â•·


│ Error: Unsupported argument


│


│   on .terraform/modules/aws_transit_1/variables.tf line 32, in variable "gw_name":


│   32:   nullable    = false


│


│ An argument named "nullable" is not expected here.


╵





â•·


│ Error: Unsupported argument


│


│   on .terraform/modules/aws_transit_1/variables.tf line 54, in variable "connected_transit":


│   54:   nullable    = false


│


│ An argument named "nullable" is not expected here.


╵





â•·


│ Error: Unsupported argument


│


│   on .terraform/modules/aws_transit_1/variables.tf line 61, in variable "hybrid_connection":


│   61:   nullable    = false


│


│ An argument named "nullable" is not expected here.


╵





â•·


│ Error: Unsupported argument


│


│   on .terraform/modules/aws_transit_1/variables.tf line 68, in variable "bgp_manual_spoke_advertise_cidrs":


│   68:   nullable    = false


│


│ An argument named "nullable" is not expected here.


╵





â•·


│ Error: Unsupported argument


│


│   on .terraform/modules/aws_transit_1/variables.tf line 75, in variable "learned_cidr_approval":


│   75:   nullable    = false


│


│ An argument named "nullable" is not expected here.


╵





â•·


│ Error: Unsupported argument


│


│   on .terraform/modules/aws_transit_1/variables.tf line 88, in variable "enable_segmentation":


│   88:   nullable    = false


│


│ An argument named "nullable" is not expected here.


╵





â•·


│ Error: Unsupported argument


│


│   on .terraform/modules/aws_transit_1/variables.tf line 95, in variable "ha_region":


│   95:   nullable    = false


│


│ An argument named "nullable" is not expected here.


╵





â•·


│ Error: Unsupported argument


│


│   on .terraform/modules/aws_transit_1/variables.tf line 102, in variable "cidr":


│  102:   nullable    = false


│


│ An argument named "nullable" is not expected here.


╵





â•·


│ Error: Unsupported argument


│


│   on .terraform/modules/aws_transit_1/variables.tf line 114, in variable "ha_cidr":


│  114:   nullable    = false


│


│ An argument named "nullable" is not expected here.


╵





â•·


│ Error: Unsupported argument


│


│   on .terraform/modules/aws_transit_1/variables.tf line 126, in variable "lan_cidr":


│  126:   nullable    = false


│


│ An argument named "nullable" is not expected here.


╵





â•·


│ Error: Unsupported argument


│


│   on .terraform/modules/aws_transit_1/variables.tf line 138, in variable "enable_firenet":


│  138:   nullable    = false


│


│ An argument named "nullable" is not expected here.


╵





â•·


│ Error: Unsupported argument


│


│   on .terraform/modules/aws_transit_1/variables.tf line 145, in variable "enable_transit_firenet":


│  145:   nullable    = false


│


│ An argument named "nullable" is not expected here.


╵





â•·


│ Error: Unsupported argument


│


│   on .terraform/modules/aws_transit_1/variables.tf line 152, in variable "enable_egress_transit_firenet":


│  152:   nullable    = false


│


│ An argument named "nullable" is not expected here.


╵





â•·


│ Error: Unsupported argument


│


│   on .terraform/modules/aws_transit_1/variables.tf line 159, in variable "bgp_polling_time":


│  159:   nullable    = false


│


│ An argument named "nullable" is not expected here.


╵





â•·


│ Error: Unsupported argument


│


│   on .terraform/modules/aws_transit_1/variables.tf line 166, in variable "bgp_ecmp":


│  166:   nullable    = false


│


│ An argument named "nullable" is not expected here.


╵





â•·


│ Error: Unsupported argument


│


│   on .terraform/modules/aws_transit_1/variables.tf line 173, in variable "enable_multi_tier_transit":


│  173:   nullable    = false


│


│ An argument named "nullable" is not expected here.


╵





â•·


│ Error: Unsupported argument


│


│   on .terraform/modules/aws_transit_1/variables.tf line 180, in variable "enable_advertise_transit_cidr":


│  180:   nullable    = false


│


│ An argument named "nullable" is not expected here.


╵





â•·


│ Error: Unsupported argument


│


│   on .terraform/modules/aws_transit_1/variables.tf line 193, in variable "enable_bgp_over_lan":


│  193:   nullable    = false


│


│ An argument named "nullable" is not expected here.


╵





â•·


│ Error: Unsupported argument


│


│   on .terraform/modules/aws_transit_1/variables.tf line 205, in variable "instance_size":


│  205:   nullable    = false


│


│ An argument named "nullable" is not expected here.


╵





â•·


│ Error: Unsupported argument


│


│   on .terraform/modules/aws_transit_1/variables.tf line 212, in variable "ha_gw":


│  212:   nullable    = false


│


│ An argument named "nullable" is not expected here.


╵





â•·


│ Error: Unsupported argument


│


│   on .terraform/modules/aws_transit_1/variables.tf line 219, in variable "insane_mode":


│  219:   nullable    = false


│


│ An argument named "nullable" is not expected here.


╵





â•·


│ Error: Unsupported argument


│


│   on .terraform/modules/aws_transit_1/variables.tf line 226, in variable "az1":


│  226:   nullable    = false


│


│ An argument named "nullable" is not expected here.


╵





â•·


│ Error: Unsupported argument


│


│   on .terraform/modules/aws_transit_1/variables.tf line 233, in variable "az2":


│  233:   nullable    = false


│


│ An argument named "nullable" is not expected here.


╵





â•·


│ Error: Unsupported argument


│


│   on .terraform/modules/aws_transit_1/variables.tf line 240, in variable "az_support":


│  240:   nullable    = false


│


│ An argument named "nullable" is not expected here.


╵





â•·


│ Error: Unsupported argument


│


│   on .terraform/modules/aws_transit_1/variables.tf line 247, in variable "single_az_ha":


│  247:   nullable    = false


│


│ An argument named "nullable" is not expected here.


╵





â•·


│ Error: Unsupported argument


│


│   on .terraform/modules/aws_transit_1/variables.tf line 254, in variable "single_ip_snat":


│  254:   nullable    = false


│


│ An argument named "nullable" is not expected here.


╵





â•·


│ Error: Unsupported argument


│


│   on .terraform/modules/aws_transit_1/variables.tf line 261, in variable "enable_encrypt_volume":


│  261:   nullable    = false


│


│ An argument named "nullable" is not expected here.


╵





â•·


│ Error: Unsupported argument


│


│   on .terraform/modules/aws_transit_1/variables.tf line 297, in variable "bgp_lan_interfaces":


│  297:   nullable    = false


│


│ An argument named "nullable" is not expected here.


╵





â•·


│ Error: Unsupported argument


│


│   on .terraform/modules/aws_transit_1/variables.tf line 304, in variable "ha_bgp_lan_interfaces":


│  304:   nullable    = false


│


│ An argument named "nullable" is not expected here.


╵





â•·


│ Error: Unsupported argument


│


│   on .terraform/modules/aws_transit_1/variables.tf line 311, in variable "enable_active_standby_preemptive":


│  311:   nullable    = false


│


│ An argument named "nullable" is not expected here.


╵





â•·


│ Error: Unsupported argument


│


│   on .terraform/modules/aws_transit_1/variables.tf line 318, in variable "legacy_transit_vpc":


│  318:   nullable    = false


│


│ An argument named "nullable" is not expected here.


╵





â•·


│ Error: Unsupported argument


│


│   on .terraform/modules/aws_transit_1/variables.tf line 325, in variable "enable_s2c_rx_balancing":


│  325:   nullable    = false


│


│ An argument named "nullable" is not expected here.


╵





Operation failed: failed running terraform init (exit 1)

Reply


Terms & Conditions