You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
We deploy our F5 JSON scripts by using Ansible AAP, which picks up the relevant file and applies the configuration to the F5.
The configuration file configures pretty much everything on the F5 for us (VLANS, IP Addressing, DNS). However, the trust element does not seem to take. It will not form a trust in the between the two F5`s. The deployment comes back as 200 successful. No errors in the restjavad and restnoded logs or the basic F5 logs. A case was raised with F5 and this was all reviewed and they could not fix it and suggested a loged a case in Github!
Interestingly, if I use the GUI or postman just for the Trust element it works
Steps To Reproduce
I default the F5 configuration so only the licence and management IP remains.
Submit the following declaration:
The ansible task which deploys the code to the F5 is
name: 7:Deploy the Code to the F5
bigip_do_deploy:
content: "{{ lookup('template', '{{ffullpath}}') }}"
dry_run: "{{dryrun}}"
register: result
In the interest of making things easier. I have removed all variables from the trust class elements such as local and remote credentials as well as the host using the IP address. That way the Ansible and postman config is exactly the same.
Expected Behavior
The trust should form between the two F5`s. I get a 200 Success but no trust
Actual Behavior
The trust does not form using Ansible.. I get a 200 Success.
The text was updated successfully, but these errors were encountered:
Has anyone been able to find a fix for this?
My Big IPs are not forming a trust between the two as well.
I am running 17.1.1.3 and I've tried with DO 1.45.0
Environment
Summary
We deploy our F5 JSON scripts by using Ansible AAP, which picks up the relevant file and applies the configuration to the F5.
The configuration file configures pretty much everything on the F5 for us (VLANS, IP Addressing, DNS). However, the trust element does not seem to take. It will not form a trust in the between the two F5`s. The deployment comes back as 200 successful. No errors in the restjavad and restnoded logs or the basic F5 logs. A case was raised with F5 and this was all reviewed and they could not fix it and suggested a loged a case in Github!
Interestingly, if I use the GUI or postman just for the Trust element it works
Steps To Reproduce
I default the F5 configuration so only the licence and management IP remains.
The ansible task which deploys the code to the F5 is
bigip_do_deploy:
content: "{{ lookup('template', '{{ffullpath}}') }}"
dry_run: "{{dryrun}}"
register: result
The Json file I use for this F5 is below.
{
"schemaVersion": "1.38.0",
"class": "Device",
"async": true,
"label": "XXXXXXXXX",
"Common": {
"class": "Tenant",
"mySystem": {
"class": "System",
"hostname": "XXXXXXXX",
"cliInactivityTimeout": {{ syscliInactivityTimeout }},
"consoleInactivityTimeout": {{ sysconsoleInactivityTimeout }},
"autoPhonehome": {{ sysautoPhonehome }},
"guiSecurityBanner": {{ sysguiSecurityBanner }},
"guiSecurityBannerText": "{{ sysguiSecurityBannerText }}"
},
"default": {
"class": "ManagementRoute",
"gw": "XXXXXX",
"network": "default"
},
"DNS1": {
"class": "ManagementRoute",
"gw": "XXXX",
"network": "XXXX"
},
"DNS2": {
"class": "ManagementRoute",
"gw": "XXXX",
"network": "XXXX"
},
"DNS3": {
"class": "ManagementRoute",
"gw": "XXXX",
"network": "XXXX"
},
"DNS4": {
"class": "ManagementRoute",
"gw": "XXXX",
"network": "XXXX
},
"NTP1": {
"class": "ManagementRoute",
"gw": "XXXX",
"network": "XXXX"
},
"NTP2": {
"class": "ManagementRoute",
"gw": "XXXX",
"network": "XX"
},
"NTP3": {
"class": "ManagementRoute",
"gw": "XXX",
"network": "XXXX"
},
"TACACS1": {
"class": "ManagementRoute",
"gw": "XXXX",
"network": "XXXX"
},
"TACACS2": {
"class": "ManagementRoute",
"gw": "XXXX",
"network": "XXXX"
},
"myDns": {
"class": "DNS",
"nameServers":
{{ dns }}
,
"search":
{{ dnssearch }}
},
"myNtp": {
"class": "NTP",
"servers":
{{ ntp }}
,
"timezone": "Australia/XXXX"
},
"sshSettings": {
"class": "SSHD",
"allow":
{{ ssh_httpd }}
,
"banner": "{{ sshbannertext }}",
"inactivityTimeout": {{ sshinactivityTimeout }},
"ciphers":
{{ sshciphers }}
,
"loginGraceTime": 100,
"MACS":
{{ sshmacs }}
,
"maxAuthTries": {{ sshmaxAuthTries }},
"maxStartups": {{ sshmaxStartups }},
"protocol": {{ sshprotocol }}
},
"httpdSettings": {
"class": "HTTPD",
"allow":
{{ssh_httpd}}
,
"authPamIdleTimeout": {{ httpdauthPamIdleTimeout }},
"maxClients": {{ httpdmaxClients }},
"sslCiphersuite":
{{ httpdsslCiphersuite }}
,
"sslProtocol": "{{ httpdsslProtocol }}"
},
"myAuth": {
"class": "Authentication",
"enabledSourceType": "tacacs",
"fallback": {{ authfallback }},
"remoteUsersDefaults": {
"partitionAccess": "{{ authpartitionAccess }}",
"terminalAccess": "{{ authterminalAccess }}",
"role": "{{ authrole }}"
},
"tacacs": {
"accounting": "{{ tacacsaccounting }}",
"authentication": "{{ tacacsauthentication }}",
"debug": {{ tacacsdebug }},
"encryption": {{ tacacsencryption }},
"protocol": "ip",
"secret": "{{ tacacssecret }}",
"servers":
{{ tacacsservers }}
,
"service": "ppp"
}
},
"appEd": {
"class": "RemoteAuthRole",
"attribute": "XXXXX",
"console": "tmsh",
"lineOrder": 6,
"role": "application-editor",
"remoteAccess": true,
"userPartition": "all"
},
"f5adm_group": {
"class": "RemoteAuthRole",
"attribute": "XXXX",
"console": "tmsh",
"lineOrder": 1,
"role": "admin",
"remoteAccess": true,
"userPartition": "all"
},
"f5man_group": {
"class": "RemoteAuthRole",
"attribute": XXXXX",
"console": "tmsh",
"lineOrder": 4,
"role": "manager",
"remoteAccess": true,
"userPartition": "all"
},
"f5ops_group": {
"class": "RemoteAuthRole",
"attribute": "XXXX",
"console": "tmsh",
"lineOrder": 2,
"role": "operator",
"remoteAccess": true,
"userPartition": "all"
},
"XXXX":{
"class": "VLAN",
"tag": 1415,
"mtu": 1500,
"interfaces": [
{
"name":"1.1",
"tagged":true
}
],
"cmpHash": "default"
},
"V1415-Static": {
"class": "SelfIp",
"address": "XXXX",
"vlan": "XXXX",
"allowService": "none",
"trafficGroup": "traffic-group-local-only"
},
"V1415-Floating": {
"class": "SelfIp",
"address": "XXXX",
"vlan": "XXXX",
"allowService": "none",
"trafficGroup": "traffic-group-1"
},
"V1416-X":{
"class": "VLAN",
"tag": 1416,
"mtu": 1500,
"interfaces": [
{
"name":"1.2",
"tagged":true
}
],
"cmpHash": "default"
},
"V1416-Static": {
"class": "SelfIp",
"address": "XXXX",
"vlan": "XXXX",
"allowService": "default",
"trafficGroup": "traffic-group-local-only"
},
"V1416-Floating": {
"class": "SelfIp",
"address": "XXXX",
"vlan": "XXXX",
"allowService": "default",
"trafficGroup": "traffic-group-1"
},
"HA-Only": {
"class": "VLAN",
"tag": 1418,
"mtu": 1500,
"interfaces": [
{
"name":"1.3",
"tagged":false
}
],
"cmpHash": "default"
},
"V1418-Static": {
"class": "SelfIp",
"address": "XXXX",
"vlan": "HA-Only",
"allowService": "default",
"trafficGroup": "traffic-group-local-only"
},
"external_default_gateway": {
"class": "Route",
"gw": XXXX2",
"mtu": 1500
},
"mySnmpAgent": {
"class": "SnmpAgent",
"contact": "{{ snmpcontact }}",
"location": "{{ snmplocation }}",
"allowList":
{{ snmpallowList }}
},
"Reipyul6": {
"class": "SnmpCommunity",
"source": "XXXX"
},
"geccyo258": {
"class": "SnmpCommunity"
},
"Syslog1": {
"class": "SyslogRemoteServer",
"host": "XXXX",
"remotePort": XXX
},
"Syslog2": {
"class": "SyslogRemoteServer",
"host": "XXXX",
"remotePort": XXXX
},
"Syslog3": {
"class": "SyslogRemoteServer",
"host": "XXXX",
"remotePort": XXXX
},
"dbvars": {
"class": "DbVariables",
"ui.advisory.enabled": {{ dbuiadvisoryenabled }},
"ui.advisory.color": "{{ dbuiadvisorycolor }}",
"ui.advisory.text": "XXXXXX"
},
"deviceCertificate": {
"class": "DeviceCertificate",
"certificate": {
"base64": "{{ public_key }}"
},
"privateKey": {
"base64": "{{ private_key}}"
}
},
"Provision": {
"class": "Provision",
"ltm": "nominal"
},
"XXXX": {
"source": "XXX",
"class": "SnmpCommunity",
"name": "XXXX",
"access": "ro"
},
"XXXX": {
"class": "SnmpCommunity",
"name": "XXXX",
"access": "ro"
},
"admin": {
"class": "User",
"shell": "none",
"userType": "regular",
"partitionAccess": {
"all-partitions": {
"role": "admin"
}
}
},
"trust": {
"class": "DeviceTrust",
"localUsername": XXX",
"localPassword": "XXX",
"remoteHost": "Partner F5 MGMT IP",
"remoteUsername": "XXX",
"remotePassword": "XXX"
},
"configsync": {
"class": "ConfigSync",
"configsyncIp": "XXX"
},
"failoverUnicast": {
"class": "FailoverUnicast",
"addressPorts": [
{
"address": "XXX",
"port": XXX
},
{
"address": "XXX",
"port": XXX
}
]
},
"Failover_Sync_Group": {
"class": "DeviceGroup",
"type": "sync-failover",
"members": [
"xxx",
"xxx"
],
"owner": "/Common/Failover_Sync_Group/members/0",
"autoSync": true,
"saveOnAutoSync": false,
"networkFailover": true,
"fullLoadOnSync": false,
"asmSync": false
},
"myMirror": {
"class": "MirrorIp",
"primaryIp": "XXX8",
"secondaryIp": "any6"
}
}
}
RESULT
"Message: success",
"Class: Result",
"Code: 200",
"Status: OK",
"Errors: ",
"Notes: []"
To clarify, the above works perfectly, apart from the Trust not forming. I get a 200 Success back.
If I run the same again I get the exact same result.
If I then use postman to post the following...
URL : https://XXX/mgmt/shared/declarative-onboarding
{
"schemaVersion": "1.38.0",
"class": "Device",
"async": true,
"label": "XXXX",
"Common": {
"class": "Tenant",
"trust": {
"class": "DeviceTrust",
"localUsername": "admin",
"localPassword": "XXX",
"remoteHost": "Partner F5 MGMT IP",
"remoteUsername": "admin",
"remotePassword": "XXXXX"
}
}
}
I get the following... and the trust forms ok.
"result": {
"class": "Result",
"code": 200,
"status": "OK",
"message": "success",
"warnings": []
In the interest of making things easier. I have removed all variables from the trust class elements such as local and remote credentials as well as the host using the IP address. That way the Ansible and postman config is exactly the same.
Expected Behavior
The trust should form between the two F5`s. I get a 200 Success but no trust
Actual Behavior
The trust does not form using Ansible.. I get a 200 Success.
The text was updated successfully, but these errors were encountered: