bigip_sslo_service_http cannot create a service with an existing self-ip

[megamattzilla]

COMPONENT NAME

bigip_sslo_service_http

Environment

ANSIBLE VERSION

ansible [core 2.12.2]
  config file = None
  configured module search path = ['/home/azureuser/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /home/azureuser/python3.8-ansible/lib/python3.8/site-packages/ansible
  ansible collection location = /home/azureuser/.ansible/collections:/usr/share/ansible/collections
  executable location = /home/azureuser/python3.8-ansible/bin/ansible
  python version = 3.8.5 (default, Jan 27 2021, 15:41:15) [GCC 9.3.0]
  jinja version = 3.0.3
  libyaml = True

BIGIP VERSION

Sys::Version
Main Package
  Product     BIG-IP
  Version     16.1.3.3
  Build       0.0.3
  Edition     Point Release 3
  Date        Thu Dec 22 12:07:59 PST 2022

CONFIGURATION

OS / ENVIRONMENT

Ubuntu 20.04.3

SUMMARY

bigip_sslo_service_http module cannot create a service when the referenced self_IP already exists on Big-IP. This is a valid configuration when using the SSLO user interface- you can select an already created self-IP. It seems the ansible module only supports creating a self-IP- it doesnt check if the self-IP already exists.

STEPS TO REPRODUCE

  tasks:
    - name: Create a HTTP service
      bigip_sslo_service_http:
        name: "proxy1a"
        devices_to:
            vlan: "/Common/serviceChain1_in"
            self_ip: "172.23.3.4"
            netmask: "255.255.255.240"
        devices_from:
            vlan: "/Common/serviceChain1_out"
            self_ip: "172.23.3.17"
            netmask: "255.255.255.240"
        devices:
          - ip: "172.23.3.10"
        snat: none
        proxy_type: "explicit"
        auth_offload: false
        ip_family: "ipv4"
        service_down_action: "ignore"

EXPECTED RESULTS

Service is created successfully using the existing self_ip on Big-IP.

ACTUAL RESULTS

task fails with error:
    "msg": "CREATE operation error: e06dc45b-317c-423a-a5e5-7e9e197c1734 : [OrchestratorConfigProcessor] Deployment failed for Error: [HAAwareICRDeployProcessor] Error: transaction failed:0107176c:3: Invalid self IP, the IP address 172.23.3.4 already exists."

[pgouband]

Thanks for reporting this, added to our jira backlog with INFRAANO-1153 for tracking. We will keep you posted.

[RavinderReddyF5]

Hi @megamattzilla , from the GUI behaviour , using existing selfips shows below warning: we can map exist vlans and let sslo can create selfips is recommended way. please let me know do u see any problem in creating sslo creating new selfips ?

[megamattzilla]

Hello!

This customer prefers to perform all self-IP configurations when the device is initially provisioned and then reference them in SSLO UI. They also deploy all service chain devices (20+ devices) with all their configurations including IP scheme when SSLO is initially deployed.

I believe they had problems with auto-manage not always picking a predictable subnet so it was difficult for them to configure the IP scheme on all their security devices and then have it line up with whatever SSLO UI auto assigns.

I believe service type and order of creation affects the auto IP subnet selection.

Thanks!

[megamattzilla]

This issue will also fix #61 .

We need the ability to disable auto manage address for SSLO service type and ansible module bigip_sslo_service_layer3 as well. Would this fix be applied to that module as well?

[G-gonzalezjimenez]

Hello, based on our research, if you want to use selfips with different cidr network using auto manage option not possible.

if you need to use selfips of different network/custom selfips ideal way is to use auto manage disable

added additional auto_manage and use_exist_selfip flags to handle these scenarios.