Solved: GCP terraform unable to deploy cluster + sic

oshrio · ‎2023-07-31

Hello,

I'm using the TF code to deploy cluster.

When the GW is coming up I can view the Wizard @ GW (also sic key is not configured), looks like it didn't get all the parameters from the startup script.

When the GW is starting up I can see in the console log this message:

FW-1: loading tp_conf_service
FireWall-1: Starting fwd
FireWall-1: Starting CPU Spike Detective

WARNING: /etc/modprobe.conf line 6: ignoring bad line starting with 'options'
WARNING: /etc/modprobe.conf line 7: ignoring bad line starting with 'virtio_net'
WARNING: /etc/modprobe.conf line 8: ignoring bad line starting with 'rxmrg=0'
SecureXL disabled, cannot use affinity commands
sim_register_adp_service: SecureXL device 0 assigned client ID 0
SecureXL device is enabled. sxl_dev_id=0 
fw_register_adp_service: FW assigned client ID 1
fw_register_adp_service: FW registered successfully with ADP driver. vsid 0 
SecureXL device is enabled. sxl_dev_id=0 
fw_register_adp_service: already registered
FireWall-1: Fetching policy

Installing Security Policy InitialPolicy on all.all@checkpoint-ha-a-02
Fetching Security Policy from localhost succeeded
 
HA not installed"

##########################################
startup script:
 - python3 /etc/cloud_config.py generatePassword=\"true\" allowUploadDownload=\"true\" templateName=\"cluster_tf\" templateVersion=\"20230109\" mgmtNIC="XX" hasInternet=\"true\" config_url=\"https://runtimeconfig.googleapis.com/v1beta1/projects/kuku-net-0/configs/checkpoint-ha-a-02-config\" config_path=\"projects/kuku-net-0/configs/checkpoint-ha-a-02-config\" installationType="XClusterX" enableMonitoring=\"true\" primary_cluster_address_name=\"1.1.1.8\" secondary_cluster_address_name=\"1.1.1.2\" shell=\"/bin/bash\" computed_sic_key=\"12345678987654321\" sicKey=\"12345678987654321\" managementGUIClientNetwork=\"100.64.0.0/24\" managementNetwork=\"100.64.0.0/24\" numAdditionalNICs=\"6\" smart1CloudToken="XXXX" name=\"checkpoint-ha-a-02\" zone=\"me-west1-a\" region=\"me-west1\"

oshrio · ‎2023-08-01

Hi @Olga-Miro Thanks for quick reply.

Yesterday I succeded to change the vm machine to:

variable "machine_type" {
type = string
default = "n2-custom-8-16384"
}

and now the GW is up and running.

thanks again.

View solution in original post

Olga-Miro · ‎2023-08-01

Hi @oshrio ,

Can you share which machine type you use? The default, n1-standard-4, is not supported in me-west1-a zone (according to this documentation https://cloud.google.com/compute/docs/regions-zones#:~:text=Bridge%2C%20Broadwell%2C%20Skylake-,me%2...

In addition, for 6 internal NICs you should use a machine type with at least 32GB (8 vCPU, 4 core).

For example, for E2 series you should choose the "e2-standard-8 (8 vCPU, 4 core, 32 GB memory)" machine type.

Thanks,

Olga

oshrio · ‎2023-08-01

Hi @Olga-Miro Thanks for quick reply.

Yesterday I succeded to change the vm machine to:

variable "machine_type" {
type = string
default = "n2-custom-8-16384"
}

and now the GW is up and running.

thanks again.

the_rock · ‎2023-08-01

Great job!

Are you a member of CheckMates?

GCP terraform unable to deploy cluster + sic