The bigip httpapi module uses provided credentials to request an X-F5-Auth-Token from iControl REST, which expires after 1200 seconds by default.
When the X-F5-Auth-Token expires, the bigip httpapi module does not request a new token while signaling a transient error which has been resolved (aka. re-requesting an API token).
Developing httpapi plugins -> Error handling
The ansible httpapi will fallback to basic authentication which will double the required API calls and will eventually fail due to race conditions.
Create 150 FAST applications using a loop in ansible will eventually trigger the above issue as it will take longer than 1200 seconds. It will eventually lead to API errors and therefore failures to deploy all FAST applications.
EXPECTED RESULTS
When the API returns a 401 and an API token (X-F5-Auth-Token) has been successfully acquired before, re-request a new API token.
COMPONENT NAME
bigip
httpapi
module, version2.1.0
and before.Environment
ANSIBLE VERSION
BIGIP VERSION
CONFIGURATION
OS / ENVIRONMENT
SUMMARY
The bigip httpapi module uses provided credentials to request an
X-F5-Auth-Token
from iControl REST, which expires after 1200 seconds by default. When the X-F5-Auth-Token expires, the bigip httpapi module does not request a new token while signaling a transient error which has been resolved (aka. re-requesting an API token). Developing httpapi plugins -> Error handlingThe ansible httpapi will fallback to basic authentication which will double the required API calls and will eventually fail due to race conditions.
The relevant code: https://github.com/F5Networks/f5-ansible-bigip/blob/df5d60134cd8f280eb1ed78182b44b28f744f9be/ansible_collections/f5networks/f5_bigip/plugins/httpapi/bigip.py#L104-L114
What is missing in the above code it part of the HttpApiBase class of ansible (basically calling
self.login
within thehandle_httperror
method):https://github.com/ansible-collections/ansible.netcommon/blob/ae5b2747ff09a7751526dd9d5d079cf67bd2c8a7/plugins/plugin_utils/httpapi_base.py#L75-L86
STEPS TO REPRODUCE
Create 150 FAST applications using a loop in ansible will eventually trigger the above issue as it will take longer than 1200 seconds. It will eventually lead to API errors and therefore failures to deploy all FAST applications.
EXPECTED RESULTS
When the API returns a 401 and an API token (X-F5-Auth-Token) has been successfully acquired before, re-request a new API token.
ACTUAL RESULTS