SD-WAN

Azure user-data: central_url:internal-device.central.arubanetworks.com; serial_no:VG1901101037; username:"VG1901101037,02:1A:1E:33:1A:1B,MC-VA,VGW"; password:1901101800226565487619011018002265630190; mac_address:02:1A:1E:33:1A:1B; part_number:MC-VA; mode:VGW; interfaces:eth0, eth1, eth2, eth3; eth3:LAN; eth2:VPN; eth1:INET; eth0:LAN;​

For anyone with knowledge of the Azure Cloud Shell, the command 'Azure' is not a valid command.

az vm create --resource-group [rg] --location [australiaeast] --name [vgw] --image [vgw-image] --os-disk-name [vgw-disk1] --attach-data-disks [vgw-disk2] --boot-diagnostics-storage [sa] --size Standard_DS3_v2 --nics [vgw-nic1-mgmt vgw-nic2-inet vgw-nic3-mpls vgw-nic4-lan] --admin-username vgw-user --ssh-key-value [aruba-vgw-1sshkey.pub] --custom-data [userdata.txt​]

12. Make sure to configure the diagnostic settings for the VM so you can connect to the Serial Console
13. Connect to the Serial Console from the Azure Portal and monitor deployment
14. Once complete, verify the device is now online in Aruba Central.
Original Message:
Sent: Sep 28, 2022 07:29 PM
From: Stefano Belluomini
Subject: Azure VPNC (Unmanaged Mode) Deployment Issues

Hi Community,

Note: I have engaged Aruba Support, but we still haven't resolved the issue and I wanted to know if anyone has actually followed the guide to deploy a VPNC in unmanaged mode before.

I am trying to deploy a VPNC on Microsoft Azure in unmanaged mode. We can deploy them fine in Managed Mode, whereby Aruba Central has access to our Subscription, but we require more control over the naming convention of resources deployed.

We are following this guide: Deploying Aruba Virtual Gateway in Microsoft Azure (Unmanaged Mode)

Issue: The challenge we are having is the vGateway just will not register in Central. It can ping the outside world, resolve DNS addresses, ping other resources within Azure, so networking-wise it's fine, but it simple will not register in Central.

Challenge: What I am finding is the lack of clarity in the guide, specifically around the user-data injection into the VM, as I am noticing the following error in the serial console when it attempts ZTP Auto Provision:

-----
Enter Option (partial string is acceptable): executing command python /mswitch/bin/cloud-init.py
Traceback (most recent call last):
File "/mswitch/bin/cloud-init.py", line 99, in <module>
outfile.write(j[0]['keyData'])
IndexError: list index out of range
close failed in file object destructor:
sys.excepthook is missing
lost sys.stderr
could not find userdata file at /tmp/userdata
could not fined mimicked userdata file at /flash/config/userdata_mimick
no serial_no found
Sent ztp message successfully for addr type :1
Sent ztp message successfully for addr type :2
Processes will restart now
Restarting ntpwrap...
Restarting cert_dwnld...
Processes restarted successfully!

Starting ztp
Starting ztp auto provision
Setting timezone to America/Los_Angeles
Starting auto provisioning
Registered for NTP Sync
Initiated DHCP, awaiting DHCP response

Auto-provisioning is in progress. It requires DHCP and Activate servers
-----

This leads me to believe the issue lies with the user-data being passed to the VM during initial boot... or lack thereof. In the user guide, specifically on this page, it states a user data 'command' to execute:

Azure user-data: central_url:internal-device.central.arubanetworks.com; serial_no:VG1901101037; username:"VG1901101037,02:1A:1E:33:1A:1B,MC-VA,VGW"; password:1901101800226565487619011018002265630190; mac_address:02:1A:1E:33:1A:1B; part_number:MC-VA; mode:VGW; interfaces:eth0, eth1, eth2, eth3; eth3:LAN; eth2:VPN; eth1:INET; eth0:LAN;​

For anyone with knowledge of the Azure Cloud Shell, the command 'Azure' is not a valid command.

Has anyone done this before? And if so, any tricks I should know of?

Regards,
Stefano

We had similar issues in Azure with the manual deployment. What we found was once we tried deploying the VM by the script and hit the issue even if we deleted the VM and re-ran the script it was still having the same issue. We seen the below in the logs:

2024-06-04T23:31:27.928275Z INFO MainThread Provisioning already completed, skipping.

What we determined from this was that the disks were holding onto previous configuration. We made an assumption the VM was unable to access the storage location where the script was so we updated the permissions on the Storage Account Blob Service "Blob anonymous access" enabled and the Container folder Anonymous Access Level to "Blob".

We then deleted the VM, and the disks. Reprovisioned the disks and then re-ran the script to create the VM.

Upon booting the VM picked up the custom data from the userdata text file and booted correctly.

Original Message:
Sent: Dec 08, 2022 01:13 AM
From: stefano@everythinginfo.cloud
Subject: Azure VPNC (Unmanaged Mode) Deployment Issues

For anyone stumbling onto this forum post with the same issue, I wanted to provide an update to confirm that with the assistance of Aruba TAC, we were able to resolve this issue. The command we were using to create the Azure VM used a password for the admin-username, instead of an "ssh-key-value", which the documentation uses as an example but doesn't call out explicitly as a mandatory requirement.

For anyone attempting an unmanaged Aruba VPNC on Microsoft Azure, follow these steps:

1. Create or reuse an existing Resource Group, as per Creating a Resource Group (arubanetworks.com)
2. Create an Azure Storage Account (V2), as per Creating a Storage Account (arubanetworks.com)
3. Create a Network Security Group, as per Creating a Network Security Group (arubanetworks.com)
4. Create the four Subnets in an existing or new VNet, as per Configuring Subnets (arubanetworks.com)
5. Create four Network Interfaces, giving the 2nd one a PIP as well, as per Creating Network Interfaces (arubanetworks.com)
6. Upload the latest Aruba VGW VHD to your SA and create an Azure Image from it, as per Uploading the Aruba Virtual Gateway Software Image (arubanetworks.com) and Creating Virtual Disks (arubanetworks.com)
7. Create a 32GB Premium SSD Managed Disk, as per Creating Virtual Disks (arubanetworks.com)
8. Generate your User Data file from Aruba Central - just save the txt file as is, make no changes to it
9. Create SSH Key Pairs, as per Creating SSH Key Pairs (arubanetworks.com)
10. Start an Azure Cloud Shell session in the Azure Portal and upload the userdata.txt file into your Cloud Shell session
11. Execute the following command to create the VM, referencing all the pre-created resources in the prior steps:

az vm create --resource-group [rg] --location [australiaeast] --name [vgw] --image [vgw-image] --os-disk-name [vgw-disk1] --attach-data-disks [vgw-disk2] --boot-diagnostics-storage [sa] --size Standard_DS3_v2 --nics [vgw-nic1-mgmt vgw-nic2-inet vgw-nic3-mpls vgw-nic4-lan] --admin-username vgw-user --ssh-key-value [aruba-vgw-1sshkey.pub] --custom-data [userdata.txt​]

12. Make sure to configure the diagnostic settings for the VM so you can connect to the Serial Console
13. Connect to the Serial Console from the Azure Portal and monitor deployment
14. Once complete, verify the device is now online in Aruba Central.
Original Message:
Sent: Sep 28, 2022 07:29 PM
From: Stefano Belluomini
Subject: Azure VPNC (Unmanaged Mode) Deployment Issues

Hi Community,

Note: I have engaged Aruba Support, but we still haven't resolved the issue and I wanted to know if anyone has actually followed the guide to deploy a VPNC in unmanaged mode before.

I am trying to deploy a VPNC on Microsoft Azure in unmanaged mode. We can deploy them fine in Managed Mode, whereby Aruba Central has access to our Subscription, but we require more control over the naming convention of resources deployed.

We are following this guide: Deploying Aruba Virtual Gateway in Microsoft Azure (Unmanaged Mode)

Issue: The challenge we are having is the vGateway just will not register in Central. It can ping the outside world, resolve DNS addresses, ping other resources within Azure, so networking-wise it's fine, but it simple will not register in Central.

Challenge: What I am finding is the lack of clarity in the guide, specifically around the user-data injection into the VM, as I am noticing the following error in the serial console when it attempts ZTP Auto Provision:

-----
Enter Option (partial string is acceptable): executing command python /mswitch/bin/cloud-init.py
Traceback (most recent call last):
File "/mswitch/bin/cloud-init.py", line 99, in <module>
outfile.write(j[0]['keyData'])
IndexError: list index out of range
close failed in file object destructor:
sys.excepthook is missing
lost sys.stderr
could not find userdata file at /tmp/userdata
could not fined mimicked userdata file at /flash/config/userdata_mimick
no serial_no found
Sent ztp message successfully for addr type :1
Sent ztp message successfully for addr type :2
Processes will restart now
Restarting ntpwrap...
Restarting cert_dwnld...
Processes restarted successfully!

Starting ztp
Starting ztp auto provision
Setting timezone to America/Los_Angeles
Starting auto provisioning
Registered for NTP Sync
Initiated DHCP, awaiting DHCP response

Auto-provisioning is in progress. It requires DHCP and Activate servers
-----

This leads me to believe the issue lies with the user-data being passed to the VM during initial boot... or lack thereof. In the user guide, specifically on this page, it states a user data 'command' to execute:

Azure user-data: central_url:internal-device.central.arubanetworks.com; serial_no:VG1901101037; username:"VG1901101037,02:1A:1E:33:1A:1B,MC-VA,VGW"; password:1901101800226565487619011018002265630190; mac_address:02:1A:1E:33:1A:1B; part_number:MC-VA; mode:VGW; interfaces:eth0, eth1, eth2, eth3; eth3:LAN; eth2:VPN; eth1:INET; eth0:LAN;​

For anyone with knowledge of the Azure Cloud Shell, the command 'Azure' is not a valid command.

Has anyone done this before? And if so, any tricks I should know of?

Regards,
Stefano