search

F5Networks / f5-ansible-bigip

Declarative Ansible collection for managing F5 BIG-IP/BIG-IQ.
37 stars 17 forks source link

Cant reference SSLO SSL config created by bigip_sslo_config_ssl #70

Open megamattzilla opened 1 year ago

megamattzilla commented 1 year ago
COMPONENT NAME

bigip_sslo_config_ssl

Environment

ANSIBLE VERSION
ansible [core 2.12.2]
  config file = None
  configured module search path = ['/home/azureuser/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /home/azureuser/python3.8-ansible/lib/python3.8/site-packages/ansible
  ansible collection location = /home/azureuser/.ansible/collections:/usr/share/ansible/collections
  executable location = /home/azureuser/python3.8-ansible/bin/ansible
  python version = 3.8.5 (default, Jan 27 2021, 15:41:15) [GCC 9.3.0]
  jinja version = 3.0.3
  libyaml = True
BIGIP VERSION
Sys::Version
Main Package
  Product     BIG-IP
  Version     16.1.3.3
  Build       0.0.3
  Edition     Point Release 3
  Date        Thu Dec 22 12:07:59 PST 2022
CONFIGURATION
OS / ENVIRONMENT

Ubuntu 20.04.3

SUMMARY

After creating an sslo ssl configurations using the ansible module bigip_sslo_config_ssl , the created ssl configuration cannot be referenced by a manually created SSLO topology. The GUI experiences a fatal error message.

STEPS TO REPRODUCE

Create the following SSLO ssl configuration via Ansible (which is successful) 

   - name: Create demo SSLO SSL setting
      bigip_sslo_config_ssl:
        name: "Explicit_Proxy"
        client_settings:
          proxy_type: "forward"
          cipher_type: "group"
          cipher_group: "/Common/f5-default"
          cert: "/Common/default.crt"
          key: "/Common/default.key"
          ca_cert: "/Common/default.crt"
          ca_key: "/Common/default.key"
        server_settings:
          cipher_type: "group"
          cipher_group: "/Common/f5-default"
        bypass_handshake_failure: no

After the ssl configuration has been successfully created via ansible, navigate to SSLO web GUI and create a new SSLO topology and attempt to reference ssl configuration Explicit_proxy

EXPECTED RESULTS

SSLO GUI allows you to associate the ssl configuration Explicit_proxy with the SSLO topology being created

ACTUAL RESULTS

After choosing "Use Existing" and selecting Explicit_proxy ssl configuration and clicking save & next, the GUI hangs with an error message indicating a fatal error. sslo-use-exist-ssl-error

pgouband commented 11 months ago

Hi,

Thanks for reporting. Added to the backlog and internal tracking ID for this request is: INFRAANO-1266.