-
Notifications
You must be signed in to change notification settings - Fork 17
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Cannot create SSLO HTTP service proxy_type as Transparent with existing self IP #82
Comments
Hi, Thanks for reporting. Added to the backlog and internal tracking ID for this request is: INFRAANO-1535. |
Hello! Is there an ETA for this fix? Thanks! |
I retested today on latest ansible version and bigip modules and I can still recreate the error: Error:
Playbook
Ansible version:
|
Hi @megamattzilla, I was able to reproduce the issue, and it appears to originate from the BIG-IP side. I have been in communication with the BIG-IP team, and they have indicated that this fix will be included in the upcoming BIG-IP v17.5 release, which may take some time. Thanks. |
Could you provide the F5 BZ ID please? I'll add that to the list we are tracking. Its worth mentioning we can configure the same type of HTTP transparent proxy service (with existing self-IPs) in the Big-IP GUI fine. The Big-IP GUI is able to configure the appropriate service, but the F5 Rest API cannot? |
Here's the BZ ID - 1633173. |
Hi @prateekramani, Thanks for the info! Are we sure the root cause of this issue is BZ ID 1633173? Is it possible both issues have similar, vague error messages? The reason I ask is there is not very many details in BZ 1633173, the few details it mentions is "POST Upgrade" which there is no upgrade involved here. I'm also able to create the expected HTTP transparent service fine using the GUI with all the same values I'm trying with the ansible module: Interestingly enough, if I re-run the ansible module now (with same values I used to successfully created the service in the GUI) the ansible module errors out with a different message. If the ansible module is doing everything correctly, I would expect it to say "no changes": This is the ansible output when I run it after creating the service successfully via the GUI:
Why is the ansible module trying to change the self-IPs? Seems like there is a problem with the flag |
Repeating the same test- create the
This should return "no changes". |
Hi @prateekramani , This is definitely looking like an ansible modules issue. When the ansible module generates the POST request to I replaced the JSON item for The ansible playbook configuration here generates the following POST request:
I tested sending that same POST request in postman and found that I could replicate the issue- the deploy failed every time with After a few hours of testing, I found the root issue is with the JSON item for If I replace the ansible authored JSON item for This is the fixed JSON item for {
"id": "f5-ssl-orchestrator-service",
"type": "JSON",
"value": {
"customService": {
"connectionInformation": {
"fromBigipNetwork": {
"name": "toNetwork",
"routeDomain": {
"create": false,
"id": 0,
"path": ""
},
"selfIpConfig": {
"autoValue": "198.19.96.7/25",
"create": false,
"netmask": "255.255.255.0",
"selectedValue": "10.10.1.1/24",
"selfIp": "10.10.1.1/24"
},
"vlan": {
"create": false,
"networkVlanValue": "/Common/Internal1-Stovall-62",
"path": "/Common/Internal1-Stovall-62",
"selectedValue": ""
}
},
"toBigipNetwork": {
"name": "fromNetwork",
"routeDomain": {
"create": false,
"id": 0,
"path": ""
},
"selfIpConfig": {
"autoValue": "198.19.96.245/25",
"create": false,
"netmask": "255.255.255.0",
"selectedValue": "10.10.2.2/24",
"selfIp": "10.10.2.2/24"
},
"vlan": {
"create": false,
"networkVlanValue": "/Common/Internal2-Stovall-63",
"path": "/Common/Internal2-Stovall-63",
"selectedValue": ""
}
}
},
"controlChannels": [],
"httpPortRemapValue": "80",
"iRuleList": [],
"ipFamily": "ipv4",
"isAutoManage": false,
"loadBalancing": {
"devices": [
{
"deviceDescription": "",
"ip": "10.10.1.2",
"port": 80
}
],
"monitor": {
"fromSystem": "/Common/gateway_icmp"
}
},
"managedNetwork": {
"ipFamily": "ipv4",
"ipv4": {
"fromServiceMask": "255.255.255.128",
"fromServiceNetwork": "198.19.96.128",
"fromServiceSelfIp": "198.19.96.245",
"ipFamily": "ipv4",
"serviceIndex": 0,
"serviceSubnet": "198.19.96.0",
"serviceType": "http-proxy",
"subnetMask": "255.255.255.0",
"toServiceMask": "255.255.255.128",
"toServiceNetwork": "198.19.96.0",
"toServiceSelfIp": "198.19.96.7"
},
"isAutoManage": false,
"serviceType": "http-proxy"
},
"name": "ssloS_HTTP-TRANSPARENT",
"portRemap": false,
"serviceDownAction": "ignore",
"serviceEntrySSLProfile": "",
"serviceReturnSSLProfile": "",
"serviceSpecific": {
"name": "ssloS_HTTP-TRANSPARENT",
"proxyType": "Transparent"
},
"serviceType": "http-proxy",
"snatConfiguration": {
"clientSnat": "None",
"snat": {
"ipv4SnatAddresses": [
{
"ip": ""
}
],
"ipv6SnatAddresses": [
{
"ip": ""
}
],
"referredObj": ""
}
}
},
"description": "Type: http-proxy",
"fromVlanNetworkObj": {
"create": false,
"modify": false,
"networkError": false
},
"initialIpFamily": "ipv4",
"name": "ssloS_HTTP-TRANSPARENT",
"obRestrictedAttribute": {
"obId": "79740939-fe71-40a3-bd7f-d5209d13d67f"
},
"partition": "Common",
"previousVersion": "11.0",
"serviceTemplate": "",
"strictness": true,
"toVlanNetworkObj": {
"create": false,
"modify": false,
"networkError": false
},
"useTemplate": false,
"vendorInfo": {
"name": "Generic HTTP Service"
},
"version": "11.0"
}
} There is quite a few differences in the JSON keys between the working and non-working item, but one of them seems to be causing the |
Hi @megamattzilla |
COMPONENT NAME
bigip_sslo_service_http
Environment
ANSIBLE VERSION
ansible [core 2.16.2]
config file = /python-env/POD-ONBOARDING/ansible.cfg
configured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
ansible python module location = /python-env/ansible-9.1.0/lib/python3.11/site-packages/ansible
ansible collection location = /root/.ansible/collections:/usr/share/ansible/collections
executable location = /python-env/ansible-9.1.0/bin/ansible
python version = 3.11.4 (main, Dec 7 2023, 15:43:41) [GCC 12.3.0] (/python-env/ansible-9.1.0/bin/python3)
jinja version = 3.1.3
libyaml = True
BIGIP VERSION
Sys::Version
Main Package
Product BIG-IP
Version 17.1.1.1
Build 0.68.2
CONFIGURATION
OS / ENVIRONMENT
Ubuntu 20.04.3
SUMMARY
unable to create SSLO http service with proxy_type transparent while utilizing existing self_ip.
STEPS TO REPRODUCE
Create the following SSLO http service
- name: Create Explicit HTTP service
bigip_sslo_service_http:
name: "HTTP-TRANSPARENT"
proxy_type: "transparent"
service_down_action: "ignore"
auto_manage: false
use_exist_selfip: true
snat: "none"
ip_family: "ipv4"
devices_to:
vlan: "/Common/TO_FE"
self_ip: 10.10.1.1
netmask: 255.255.255.0
devices_from:
vlan: "/Common/FROM_FE"
self_ip: 10.10.2.2
netmask: 255.255.255.0
devices:
- ip: "10.10.1.2"
EXPECTED RESULTS
should be able to create http service with proxy type as transparent
ACTUAL RESULTS
"msg": "CREATE operation error: a04ed767-cdec-4516-859e-8b1a8f001985 : [OrchestratorConfigProcessor] Deployment failed for Error: [BaseHAConfigProcessor (ServiceBaseHAConfigProcessor)] TypeError: Cannot read property 'lastIndexOf' of undefined"
}
The text was updated successfully, but these errors were encountered: