Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

DO Deployment results in a 200 Success, however Trust does not work. #356

Open
Lsmitherman opened this issue Jul 18, 2023 · 3 comments
Open
Labels
bug Something isn't working untriaged Issue needs to be reviewed for validity

Comments

@Lsmitherman
Copy link

Environment

  • Declarative Onboarding Version:1.38.0 Build 7
  • BIG-IP Version: 16.1.2.2

Summary

We deploy our F5 JSON scripts by using Ansible AAP, which picks up the relevant file and applies the configuration to the F5.
The configuration file configures pretty much everything on the F5 for us (VLANS, IP Addressing, DNS). However, the trust element does not seem to take. It will not form a trust in the between the two F5`s. The deployment comes back as 200 successful. No errors in the restjavad and restnoded logs or the basic F5 logs. A case was raised with F5 and this was all reviewed and they could not fix it and suggested a loged a case in Github!

Interestingly, if I use the GUI or postman just for the Trust element it works

Steps To Reproduce

I default the F5 configuration so only the licence and management IP remains.

  1. Submit the following declaration:

The ansible task which deploys the code to the F5 is

  • name: 7:Deploy the Code to the F5
    bigip_do_deploy:
    content: "{{ lookup('template', '{{ffullpath}}') }}"
    dry_run: "{{dryrun}}"
    register: result

The Json file I use for this F5 is below.

{
"schemaVersion": "1.38.0",
"class": "Device",
"async": true,
"label": "XXXXXXXXX",
"Common": {
"class": "Tenant",
"mySystem": {
"class": "System",
"hostname": "XXXXXXXX",
"cliInactivityTimeout": {{ syscliInactivityTimeout }},
"consoleInactivityTimeout": {{ sysconsoleInactivityTimeout }},
"autoPhonehome": {{ sysautoPhonehome }},
"guiSecurityBanner": {{ sysguiSecurityBanner }},
"guiSecurityBannerText": "{{ sysguiSecurityBannerText }}"
},
"default": {
"class": "ManagementRoute",
"gw": "XXXXXX",
"network": "default"
},
"DNS1": {
"class": "ManagementRoute",
"gw": "XXXX",
"network": "XXXX"
},
"DNS2": {
"class": "ManagementRoute",
"gw": "XXXX",
"network": "XXXX"
},
"DNS3": {
"class": "ManagementRoute",
"gw": "XXXX",
"network": "XXXX"
},
"DNS4": {
"class": "ManagementRoute",
"gw": "XXXX",
"network": "XXXX
},
"NTP1": {
"class": "ManagementRoute",
"gw": "XXXX",
"network": "XXXX"
},
"NTP2": {
"class": "ManagementRoute",
"gw": "XXXX",
"network": "XX"
},
"NTP3": {
"class": "ManagementRoute",
"gw": "XXX",
"network": "XXXX"
},
"TACACS1": {
"class": "ManagementRoute",
"gw": "XXXX",
"network": "XXXX"
},
"TACACS2": {
"class": "ManagementRoute",
"gw": "XXXX",
"network": "XXXX"
},
"myDns": {
"class": "DNS",
"nameServers":
{{ dns }}
,
"search":
{{ dnssearch }}
},
"myNtp": {
"class": "NTP",
"servers":
{{ ntp }}
,
"timezone": "Australia/XXXX"
},
"sshSettings": {
"class": "SSHD",
"allow":
{{ ssh_httpd }}
,
"banner": "{{ sshbannertext }}",
"inactivityTimeout": {{ sshinactivityTimeout }},
"ciphers":
{{ sshciphers }}
,
"loginGraceTime": 100,
"MACS":
{{ sshmacs }}
,
"maxAuthTries": {{ sshmaxAuthTries }},
"maxStartups": {{ sshmaxStartups }},
"protocol": {{ sshprotocol }}
},
"httpdSettings": {
"class": "HTTPD",
"allow":
{{ssh_httpd}}
,
"authPamIdleTimeout": {{ httpdauthPamIdleTimeout }},
"maxClients": {{ httpdmaxClients }},
"sslCiphersuite":
{{ httpdsslCiphersuite }}
,
"sslProtocol": "{{ httpdsslProtocol }}"
},
"myAuth": {
"class": "Authentication",
"enabledSourceType": "tacacs",
"fallback": {{ authfallback }},
"remoteUsersDefaults": {
"partitionAccess": "{{ authpartitionAccess }}",
"terminalAccess": "{{ authterminalAccess }}",
"role": "{{ authrole }}"
},
"tacacs": {
"accounting": "{{ tacacsaccounting }}",
"authentication": "{{ tacacsauthentication }}",
"debug": {{ tacacsdebug }},
"encryption": {{ tacacsencryption }},
"protocol": "ip",
"secret": "{{ tacacssecret }}",
"servers":
{{ tacacsservers }}
,
"service": "ppp"
}
},
"appEd": {
"class": "RemoteAuthRole",
"attribute": "XXXXX",
"console": "tmsh",
"lineOrder": 6,
"role": "application-editor",
"remoteAccess": true,
"userPartition": "all"
},
"f5adm_group": {
"class": "RemoteAuthRole",
"attribute": "XXXX",
"console": "tmsh",
"lineOrder": 1,
"role": "admin",
"remoteAccess": true,
"userPartition": "all"
},
"f5man_group": {
"class": "RemoteAuthRole",
"attribute": XXXXX",
"console": "tmsh",
"lineOrder": 4,
"role": "manager",
"remoteAccess": true,
"userPartition": "all"
},
"f5ops_group": {
"class": "RemoteAuthRole",
"attribute": "XXXX",
"console": "tmsh",
"lineOrder": 2,
"role": "operator",
"remoteAccess": true,
"userPartition": "all"
},
"XXXX":{
"class": "VLAN",
"tag": 1415,
"mtu": 1500,
"interfaces": [
{
"name":"1.1",
"tagged":true
}
],
"cmpHash": "default"
},
"V1415-Static": {
"class": "SelfIp",
"address": "XXXX",
"vlan": "XXXX",
"allowService": "none",
"trafficGroup": "traffic-group-local-only"
},
"V1415-Floating": {
"class": "SelfIp",
"address": "XXXX",
"vlan": "XXXX",
"allowService": "none",
"trafficGroup": "traffic-group-1"
},
"V1416-X":{
"class": "VLAN",
"tag": 1416,
"mtu": 1500,
"interfaces": [
{
"name":"1.2",
"tagged":true
}
],
"cmpHash": "default"
},
"V1416-Static": {
"class": "SelfIp",
"address": "XXXX",
"vlan": "XXXX",
"allowService": "default",
"trafficGroup": "traffic-group-local-only"
},
"V1416-Floating": {
"class": "SelfIp",
"address": "XXXX",
"vlan": "XXXX",
"allowService": "default",
"trafficGroup": "traffic-group-1"
},
"HA-Only": {
"class": "VLAN",
"tag": 1418,
"mtu": 1500,
"interfaces": [
{
"name":"1.3",
"tagged":false
}
],
"cmpHash": "default"
},
"V1418-Static": {
"class": "SelfIp",
"address": "XXXX",
"vlan": "HA-Only",
"allowService": "default",
"trafficGroup": "traffic-group-local-only"
},
"external_default_gateway": {
"class": "Route",
"gw": XXXX2",
"mtu": 1500
},
"mySnmpAgent": {
"class": "SnmpAgent",
"contact": "{{ snmpcontact }}",
"location": "{{ snmplocation }}",
"allowList":
{{ snmpallowList }}
},
"Reipyul6": {
"class": "SnmpCommunity",
"source": "XXXX"
},
"geccyo258": {
"class": "SnmpCommunity"
},
"Syslog1": {
"class": "SyslogRemoteServer",
"host": "XXXX",
"remotePort": XXX
},
"Syslog2": {
"class": "SyslogRemoteServer",
"host": "XXXX",
"remotePort": XXXX
},
"Syslog3": {
"class": "SyslogRemoteServer",
"host": "XXXX",
"remotePort": XXXX
},
"dbvars": {
"class": "DbVariables",
"ui.advisory.enabled": {{ dbuiadvisoryenabled }},
"ui.advisory.color": "{{ dbuiadvisorycolor }}",
"ui.advisory.text": "XXXXXX"
},
"deviceCertificate": {
"class": "DeviceCertificate",
"certificate": {
"base64": "{{ public_key }}"
},
"privateKey": {
"base64": "{{ private_key}}"
}
},
"Provision": {
"class": "Provision",
"ltm": "nominal"
},
"XXXX": {
"source": "XXX",
"class": "SnmpCommunity",
"name": "XXXX",
"access": "ro"
},
"XXXX": {
"class": "SnmpCommunity",
"name": "XXXX",
"access": "ro"
},
"admin": {
"class": "User",
"shell": "none",
"userType": "regular",
"partitionAccess": {
"all-partitions": {
"role": "admin"
}
}
},
"trust": {
"class": "DeviceTrust",
"localUsername": XXX",
"localPassword": "XXX",
"remoteHost": "Partner F5 MGMT IP",
"remoteUsername": "XXX",
"remotePassword": "XXX"
},

"configsync": {
"class": "ConfigSync",
"configsyncIp": "XXX"
},
"failoverUnicast": {
"class": "FailoverUnicast",
"addressPorts": [
{
"address": "XXX",
"port": XXX
},
{
"address": "XXX",
"port": XXX
}
]
},
"Failover_Sync_Group": {
"class": "DeviceGroup",
"type": "sync-failover",
"members": [
"xxx",
"xxx"
],
"owner": "/Common/Failover_Sync_Group/members/0",
"autoSync": true,
"saveOnAutoSync": false,
"networkFailover": true,
"fullLoadOnSync": false,
"asmSync": false
},
"myMirror": {
"class": "MirrorIp",
"primaryIp": "XXX8",
"secondaryIp": "any6"
}
}
}

RESULT
"Message: success",
"Class: Result",
"Code: 200",
"Status: OK",
"Errors: ",
"Notes: []"

To clarify, the above works perfectly, apart from the Trust not forming. I get a 200 Success back.

If I run the same again I get the exact same result.

If I then use postman to post the following...

URL : https://XXX/mgmt/shared/declarative-onboarding

{
"schemaVersion": "1.38.0",
"class": "Device",
"async": true,
"label": "XXXX",
"Common": {
"class": "Tenant",
"trust": {
"class": "DeviceTrust",
"localUsername": "admin",
"localPassword": "XXX",
"remoteHost": "Partner F5 MGMT IP",
"remoteUsername": "admin",
"remotePassword": "XXXXX"
}
}
}

I get the following... and the trust forms ok.

"result": {
"class": "Result",
"code": 200,
"status": "OK",
"message": "success",
"warnings": []

In the interest of making things easier. I have removed all variables from the trust class elements such as local and remote credentials as well as the host using the IP address. That way the Ansible and postman config is exactly the same.

Expected Behavior

The trust should form between the two F5`s. I get a 200 Success but no trust

Actual Behavior

The trust does not form using Ansible.. I get a 200 Success.

@Lsmitherman Lsmitherman added bug Something isn't working untriaged Issue needs to be reviewed for validity labels Jul 18, 2023
@vsnine
Copy link

vsnine commented Aug 9, 2023

Also am getting this issue on 15.1.8.2 and tested with DO 1.36.1 and DO 1.39.0.

@epineda08
Copy link

epineda08 commented Aug 27, 2024

Has anyone been able to find a fix for this?
My Big IPs are not forming a trust between the two as well.
I am running 17.1.1.3 and I've tried with DO 1.45.0

@epineda08
Copy link

I got it to work and formed my HA pair with using DO version 1.37.0

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug Something isn't working untriaged Issue needs to be reviewed for validity
Projects
None yet
Development

No branches or pull requests

3 participants