search

F5Networks / f5-ansible-bigip

Declarative Ansible collection for managing F5 BIG-IP/BIG-IQ.
37 stars 17 forks source link

f5networks.f5_bigip.bigip_as3_deploy v3.4.0+ is incompatible with F5 AS3 v3.50.0+ #86

Closed wfan-epic closed 2 months ago

wfan-epic commented 3 months ago
COMPONENT NAME

f5networks.f5_bigip.bigip_as3_deploy

Environment

ANSIBLE VERSION
ansible [core 2.17.0]
  config file = /ansible/ansible.cfg
  configured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/local/lib/python3.12/site-packages/ansible
  ansible collection location = /root/.ansible/collections
  executable location = /usr/local/bin/ansible
  python version = 3.12.4 (main, Jun  7 2024, 19:18:12) [GCC 12.2.0] (/usr/local/bin/python)
  jinja version = 3.1.4
  libyaml = True
BIGIP VERSION
Sys::Version
Main Package
  Product     BIG-IP
  Version     15.1.10.4
  Build       0.0.5
  Edition     Point Release 4
  Date        Fri Mar 22 15:38:31 PDT 2024

The device has F5 AS3 v3.51.0 installed.

CONFIGURATION

N/A

OS / ENVIRONMENT

N/A

SUMMARY

Attempting to deploy an AS3 declaration with f5networks.f5_bigip.bigip_as3_deploy v3.4.0 or newer against a BIG-IP with F5 AS3 v3.50.0 or newer installed fails with the following error:

fatal: [<DEVICE_NAME>]: FAILED! => {
    "changed": false,
    "module_stderr": "'betaOptions'",
    "module_stdout": "",
    "msg": "MODULE FAILURE\nSee stdout/stderr for the exact error"
}

I'm fairly certain this is because the perAppDeployment feature flag was moved from betaOptions to GA with AS3 v3.50.0+, and the corresponding property from /mgmt/shared/appsvcs/settings was moved up to the top level of the JSON response:

# AS3 3.49.x and older
{
  "asyncTaskStorage": "data-group",
  "burstHandlingEnabled": false,
  "performanceTracingEnabled": false,
  "performanceTracingEndpoint": "",
  "serviceDiscoveryEnabled": true,
  "betaOptions": {
    "perAppDeploymentAllowed": true,
  }
}

# AS3 3.50.x and newer
{
  "asyncTaskStorage": "data-group",
  "perAppDeploymentAllowed": true,
  "burstHandlingEnabled": false,
  "performanceTracingEnabled": false,
  "performanceTracingEndpoint": "",
  "serializeFileUploads": false,
  "serviceDiscoveryEnabled": true,
  "webhook": ""
}

So the return statement for bigip_as3_deploy.ModuleManager.check_settings() should be updated to:

return response['contents']['perAppDeploymentAllowed']

I've verified that this works by modifying the module locally.

It would also be nice to have an additional check for the AS3 version before determining whether per-app deployment is enabled to provide backwards compatibility, or just have a fall-through check for all possible perAppDeploymentAllowed locations.

If you don't want to provide backwards support for older AS3 versions with newer versions of this Ansible module, please increment the module's major version and explicitly declare that this is a breaking change in your changelogs. :smile:

See also: Declaration deployment produces an non-descriptive error message "betaOptions"! · Issue #830 · F5Networks/f5-appsvcs-extension

STEPS TO REPRODUCE
  1. Create any valid AS3 declaration. Here's an example straight from the AS3 documentation:
{
  "$schema": "https://raw.githubusercontent.com/F5Networks/f5-appsvcs-extension/main/schema/latest/as3-schema.json",
  "class": "AS3",
  "action": "deploy",
  "persist": true,
  "declaration": {
    "class": "ADC",
    "schemaVersion": "3.51.0",
    "id": "",
    "label": "Sample 1",
    "remark": "Simple HTTP Service with Round-Robin Load Balancing",
    "Sample_01": {
      "class": "Tenant",
      "A1": {
        "class": "Application",
        "service": {
          "class": "Service_HTTP",
          "virtualAddresses": ["10.0.1.10"],
          "pool": "web_pool"
        },
        "web_pool": {
          "class": "Pool",
          "monitors": ["http"],
          "members": [
            {
              "servicePort": 80,
              "serverAddresses": ["192.0.1.10", "192.0.1.11"]
            }
          ]
        }
      }
    }
  }
}
  1. Using f5networks.f5_bigip v3.4.0+, attempt to deploy the declaration to a BIG-IP with AS3 v3.50.0+ installed:
- name: POST AS3 to BIG-IP
  f5networks.f5_bigip.bigip_as3_deploy:
    content: "{{ lookup('file', {{ pwd }}/as3_example.json) }}"
EXPECTED RESULTS

The bigip_as3_deploy module should progress past check_settings().

ACTUAL RESULTS

Observe the following error from running the Ansible playbook:

fatal: [<DEVICE_NAME>]: FAILED! => {
    "changed": false,
    "module_stderr": "'betaOptions'",
    "module_stdout": "",
    "msg": "MODULE FAILURE\nSee stdout/stderr for the exact error"
}
pgouband commented 3 months ago

Hi,

Thanks for reporting. Added to the backlog and internal tracking ID for this request is: INFRAANO-1608.

prateekramani commented 2 months ago

The issue has been resolved and will be included in the next release. MR : https://gitswarm.f5net.com/f5ansible/f5_bigip/-/merge_requests/167