search

F5Networks / f5-ansible

Imperative Ansible modules for F5 BIG-IP products
GNU General Public License v3.0
375 stars 229 forks source link

bigip_virtual_address - Cannot set route-advertisement 'any' on virtual address in partition other than common #725

Closed neozoolook closed 6 years ago

neozoolook commented 6 years ago
ISSUE TYPE
COMPONENT NAME

bigip_virtual_address.py

ANSIBLE VERSION
ansible 2.5.0
  config file = /root/ansible-bb_cgnat_configuration/ansible.cfg
  configured module search path = [u'/root/ansible-bb_cgnat_configuration/library/modules']
  ansible python module location = /usr/lib/python2.7/dist-packages/ansible
  executable location = /usr/bin/ansible
  python version = 2.7.6 (default, Nov 23 2017, 15:49:48) [GCC 4.8.4]
PYTHON VERSION
Python 2.7.6
BIGIP VERSION
Sys::Version
Main Package
  Product     BIG-IP
  Version     13.1.0.4
  Build       0.0.6
  Edition     Point Release 4
  Date        Tue Mar 13 20:10:42 PDT 2018
LIBRARY VERSIONS
bigsuds==1.0.6
f5-sdk==3.0.14
CONFIGURATION

Standard ansible.cfg

OS / ENVIRONMENT

Ubuntu 16.04TS

SUMMARY

Seems that when I run this module it either complains about IP already existing or when specifying the name such as 1.1.1.1%1 it will also give different API error.

STEPS TO REPRODUCE
- name: Modify Virtual Address Route-Advertisement Any
  bigip_virtual_address:
    name: "{{ item.destination }}%{{ item.id }}"
    address: "{{ item.destination }}"
    state: present
    use_route_advertisement: yes
    partition: "{{ item.partition }}"
    server: "{{ ansible_host }}"
    user: "{{ username }}"
    password: "{{ password }}"
    validate_certs: "no"
  delegate_to: localhost
  with_items: "{{ virtual_loopback }}"

or

- name: Modify Virtual Address Route-Advertisement Any
  bigip_virtual_address:
    address: "{{ item.destination }}"
    state: present
    use_route_advertisement: yes
    partition: "{{ item.partition }}"
    server: "{{ ansible_host }}"
    user: "{{ username }}"
    password: "{{ password }}"
    validate_certs: "no"
  delegate_to: localhost
  with_items: "{{ virtual_loopback }}"
EXPECTED RESULTS
ACTUAL RESULTS
<localhost> connection transport is rest
Using module file /root/ansible-bb_cgnat_configuration/library/modules/bigip_virtual_address.py
<localhost> EXEC /bin/sh -c '/usr/bin/python && sleep 0'
The full traceback is:
  File "/tmp/ansible_VUlp84/ansible_module_bigip_virtual_address.py", line 629, in main
    results = mm.exec_module()
  File "/tmp/ansible_VUlp84/ansible_module_bigip_virtual_address.py", line 462, in exec_module
    raise F5ModuleError(str(e))
failed: [zrdm8afcgi01cgi002 -> localhost] (item={u'partition': u'NONHTTP2', u'name': u'LOOPBACKV6', u'destination': u'2700::1', u'all_profiles': u'/Common/fastL4', u'id': u'2', u'enabled_vlans': u'INT-NONHTTP2', u'port': u'0', u'pool': u'SR2-IPV6'}) => {
    "changed": false, 
    "invocation": {
        "module_args": {
            "address": null, 
            "advertise_route": null, 
            "arp_state": null, 
            "auto_delete": null, 
            "connection_limit": null, 
            "icmp_echo": null, 
            "name": "2700::1%2", 
            "netmask": "255.255.255.255", 
            "partition": "NONHTTP2", 
            "password": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER", 
            "provider": {
                "password": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER", 
                "server": "172.20.216.250", 
                "server_port": 443, 
                "ssh_keyfile": null, 
                "timeout": 10, 
                "transport": "rest", 
                "user": "admin", 
                "validate_certs": false
            }, 
            "server": "172.20.216.250", 
            "server_port": null, 
            "state": "present", 
            "traffic_group": null, 
            "transport": null, 
            "use_route_advertisement": true, 
            "user": "admin", 
            "validate_certs": false
        }
    }, 
    "item": {
        "all_profiles": "/Common/fastL4", 
        "destination": "2700::1", 
        "enabled_vlans": "INT-NONHTTP2", 
        "id": "2", 
        "name": "LOOPBACKV6", 
        "partition": "NONHTTP2", 
        "pool": "SR2-IPV6", 
        "port": "0"
    }, 
    "msg": "400 Unexpected Error: Bad Request for uri: https://172.20.216.250:443/mgmt/tm/ltm/virtual-address/~NONHTTP2~2700::1%2\nText: u'<?xml version=\"1.0\" encoding=\"ISO-8859-1\"?>\\n<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1.0 Strict//EN\"\\n  \"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd\">\\n<html xmlns=\"http://www.w3.org/1999/xhtml\" lang=\"en\" xml:lang=\"en\">\\n<head>\\n<title>Bad request!</title>\\n<link rev=\"made\" href=\"mailto:support@f5.com\" />\\n<style type=\"text/css\"><!--/*--><![CDATA[/*><!--*/ \\n    body { color: #000000; background-color: #FFFFFF; }\\n    a:link { color: #0000CC; }\\n    p, address {margin-left: 3em;}\\n    span {font-size: smaller;}\\n/*]]>*/--></style>\\n<style type=\"text/css\"><!--/*--><![CDATA[/*><!--*/ \\n* { width: 400px; font-size: 100%; font-style: normal; }\\nhtml { text-align: center; }\\nbody { background: #ffffff; text-align: left; font-family: sans-serif; font-size: 70%; color: #333333; }\\n\\na,span { width: auto; } \\nh1,h2,h3 { margin: 20px 0px 20px 0px; font-weight: bold; }\\n\\nh1 { padding: 5px; border: 1px solid #999999; background: #eeeeee; color: #000000; font-size: 125%;  }\\nhr { height: 1px; border: none; border-top: 1px solid #999999; }\\nimg { border: 0px; }\\np { width: 350px; margin: 15px 25px 15px 25px; line-height: 135%; }\\n/*]]>*/--></style>\\n\\n</head>\\n\\n<body>\\n<h1>Bad request!</h1>\\n<p>\\n\\n\\n    Your browser (or proxy) sent a request that\\n    this server could not understand.\\n\\n</p>\\n\\n<h2>Error 400</h2>\\n<address>\\n  <a href=\"/\">172.20.216.250</a><br />\\n  \\n  <span>Mon Apr 30 21:56:13 2018<br />\\n  </span>\\n</address>\\n</body>\\n</html>\\n\\n'"
}

PLAY RECAP ************************************************************************************************************************
zrdm8afcgi01cgi002         : ok=0    changed=0    unreachable=0    failed=1 

or 

<localhost> connection transport is rest
Using module file /root/ansible-bb_cgnat_configuration/library/modules/bigip_virtual_address.py
<localhost> EXEC /bin/sh -c '/usr/bin/python && sleep 0'
The full traceback is:
  File "/tmp/ansible_FmopsC/ansible_module_bigip_virtual_address.py", line 629, in main
    results = mm.exec_module()
  File "/tmp/ansible_FmopsC/ansible_module_bigip_virtual_address.py", line 462, in exec_module
    raise F5ModuleError(str(e))
failed: [zrdm8afcgi01cgi002 -> localhost] (item={u'partition': u'NONHTTP2', u'name': u'LOOPBACKV6', u'destination': u'2700::1', u'all_profiles': u'/Common/fastL4', u'id': u'2', u'enabled_vlans': u'INT-NONHTTP2', u'port': u'0', u'pool': u'SR2-IPV6'}) => {
    "changed": false, 
    "invocation": {
        "module_args": {
            "address": "2700::1", 
            "advertise_route": null, 
            "arp_state": null, 
            "auto_delete": null, 
            "connection_limit": null, 
            "icmp_echo": null, 
            "name": null, 
            "netmask": "255.255.255.255", 
            "partition": "NONHTTP2", 
            "password": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER", 
            "provider": {
                "password": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER", 
                "server": "172.20.216.250", 
                "server_port": 443, 
                "ssh_keyfile": null, 
                "timeout": 10, 
                "transport": "rest", 
                "user": "admin", 
                "validate_certs": false
            }, 
            "server": "172.20.216.250", 
            "server_port": null, 
            "state": "present", 
            "traffic_group": null, 
            "transport": null, 
            "use_route_advertisement": true, 
            "user": "admin", 
            "validate_certs": false
        }
    }, 
    "item": {
        "all_profiles": "/Common/fastL4", 
        "destination": "2700::1", 
        "enabled_vlans": "INT-NONHTTP2", 
        "id": "2", 
        "name": "LOOPBACKV6", 
        "partition": "NONHTTP2", 
        "pool": "SR2-IPV6", 
        "port": "0"
    }, 
    "msg": "400 Unexpected Error: Bad Request for uri: https://172.20.216.250:443/mgmt/tm/ltm/virtual-address/\nText: u'{\"code\":400,\"message\":\"0107176c:3: Invalid Virtual Address, the IP address 2700::1%2 already exists.\",\"errorStack\":[],\"apiError\":3}'"
}
neozoolook commented 6 years ago

First error shows when playing with name: parameter given for a object in a partition other than common... 1.1.1.1%1 or 1.1.1.1%2 as example. However if we leave off name: parameter and just specify address: parameter, then it complains that it already exists. As we are just trying to do the following to the object in tmsh;

modify ltm virtual-address 1.1.1.1%1 route-advertisement any modify ltm virtual-address 2700::1%1 route-advertisement any modify ltm virtual-address 1.1.1.1%2 route-advertisement any modify ltm virtual-address 2700::1%2 route-advertisement any

neozoolook commented 6 years ago

@caphrim007 Have you had chance to look at this bug? We are working on some new plays for another architecture rollout, let me know if I should go bigip_command route as workaround or not.

Thanks.

caphrim007 commented 6 years ago

it seems like this is a new option in v13. It will require some work to change the existing supported values and docs as what is currently expected is a boolean value and not a string

caphrim007 commented 6 years ago

correction. it was added in v13.0.0-HF1. WE ADDED THIS IN A HOTFIX!?!?!?!

caphrim007 commented 6 years ago

@neozoolook are you trying to change the address or route domain? that's not a supported method on BIGIP. Or are you just trying to change the route advertisement?

caphrim007 commented 6 years ago

@neozoolook lemme know if this fix addresses your issues

neozoolook commented 6 years ago

@caphrim007 so I have tested this and this appears to be still broken. We have virtual-address entries that are default created in the partition per what was defined from the Virtuals. I'm just trying to flag on the route_advertisement to 'any' is all. But when running this playbook it complains about netmask cannot be changed or IP already exists.

Second item I think may be wrong with this is that the Ansible shows netmask of '255.255.255.255' for IPv6 addresses being passed, don't think that will work either. I do not provide this in playbook either as you default, probably need to add some logic to default to /32 for IPv4 and /128 for IPv6.

Playbook;

---
- name: Modify Virtual Address Route-Advertisement Any
  bigip_virtual_address:
    name: "{{ item.destination }}%{{ item.id }}"
    address: "{{ item.destination }}"
    state: present
    #use_route_advertisement: yes
    route_advertisement: any
    partition: "{{ item.partition }}"
    server: "{{ ansible_host }}"
    user: "{{ username }}"
    password: "{{ password }}"
    validate_certs: "no"
  delegate_to: localhost
  with_items: "{{ virtual_loopback }}"

-vvvv run output on a 13.1 F5 host

root@image-factory:~/ansible-bb_cgnat_configuration# ansible-playbook site.yml --ask-vault-pass --tags http_virtual_address -vvvv
ansible-playbook 2.5.0
  config file = /root/ansible-bb_cgnat_configuration/ansible.cfg
  configured module search path = [u'/root/ansible-bb_cgnat_configuration/library/modules']
  ansible python module location = /usr/lib/python2.7/dist-packages/ansible
  executable location = /usr/bin/ansible-playbook
  python version = 2.7.6 (default, Nov 23 2017, 15:49:48) [GCC 4.8.4]
Using /root/ansible-bb_cgnat_configuration/ansible.cfg as config file
Vault password: 
setting up inventory plugins
Parsed /root/ansible-bb_cgnat_configuration/hosts.inv inventory source with ini plugin
Loading callback plugin default of type stdout, v2.0 from /usr/lib/python2.7/dist-packages/ansible/plugins/callback/default.pyc

PLAYBOOK: site.yml ************************************************************************************
1 plays in site.yml

PLAY [single] *****************************************************************************************
META: ran handlers
Trying secret <ansible.parsing.vault.PromptVaultSecret object at 0x7fea9b12d590> for vault_id=default

TASK [Configuration NON-HTTP Partition(s)] ************************************************************
task path: /root/ansible-bb_cgnat_configuration/site.yml:22
statically imported: /root/ansible-bb_cgnat_configuration/roles/f5_partition_http/tasks/f5_create_vlan.yml
statically imported: /root/ansible-bb_cgnat_configuration/roles/f5_partition_http/tasks/f5_create_interface.yml
statically imported: /root/ansible-bb_cgnat_configuration/roles/f5_partition_http/tasks/f5_pool_gateway.yml
statically imported: /root/ansible-bb_cgnat_configuration/roles/f5_partition_http/tasks/f5_create_virtuals_loopback.yml
statically imported: /root/ansible-bb_cgnat_configuration/roles/f5_partition_http/tasks/f5_modify_virtual_address.yml
statically imported: /root/ansible-bb_cgnat_configuration/roles/f5_partition_http/tasks/f5_afm_portlist.yml
statically imported: /root/ansible-bb_cgnat_configuration/roles/f5_partition_http/tasks/f5_timerpolicy.yml
statically imported: /root/ansible-bb_cgnat_configuration/roles/f5_partition_http/tasks/f5_servicepolicy.yml
statically imported: /root/ansible-bb_cgnat_configuration/roles/f5_partition_http/tasks/f5_bgp.yml
statically imported: /root/ansible-bb_cgnat_configuration/roles/f5_partition_http/tasks/f5_afm_addresslist.yml
statically imported: /root/ansible-bb_cgnat_configuration/roles/f5_partition_http/tasks/f5_afm_rulelist_v4.yml
statically imported: /root/ansible-bb_cgnat_configuration/roles/f5_partition_http/tasks/f5_afm_rulelist_v6.yml
statically imported: /root/ansible-bb_cgnat_configuration/roles/f5_partition_http/tasks/f5_afm_policy_v4.yml
statically imported: /root/ansible-bb_cgnat_configuration/roles/f5_partition_http/tasks/f5_afm_policy_v6.yml
statically imported: /root/ansible-bb_cgnat_configuration/roles/f5_partition_http/tasks/f5_create_virtuals.yml

TASK [f5_partition_http : Modify Virtual Address Route-Advertisement Any] *****************************
task path: /root/ansible-bb_cgnat_configuration/roles/f5_partition_http/tasks/f5_modify_virtual_address.yml:2
<localhost> connection transport is rest
Using module file /root/ansible-bb_cgnat_configuration/library/modules/bigip_virtual_address.py
<localhost> ESTABLISH LOCAL CONNECTION FOR USER: root
<localhost> EXEC /bin/sh -c '/usr/bin/python && sleep 0'
The full traceback is:
  File "/tmp/ansible_jcFFkN/ansible_module_bigip_virtual_address.py", line 753, in main
    results = mm.exec_module()
  File "/tmp/ansible_jcFFkN/ansible_module_bigip_virtual_address.py", line 555, in exec_module
    changed = self.present()
  File "/tmp/ansible_jcFFkN/ansible_module_bigip_virtual_address.py", line 574, in present
    return self.update()
  File "/tmp/ansible_jcFFkN/ansible_module_bigip_virtual_address.py", line 617, in update
    "The address cannot be changed. Delete and recreate "

failed: [zrdm8afcgi01cgi002 -> localhost] (item={u'partition': u'NONHTTP1', u'name': u'LOOPBACKV4', u'destination': u'1.1.1.1', u'all_profiles': u'/Common/fastL4', u'id': u'1', u'enabled_vlans': u'INT-NONHTTP1', u'type': u'performance-l4', u'port': u'0', u'pool': u'SR1-IPV4'}) => {
    "changed": false, 
    "invocation": {
        "module_args": {
            "address": "1.1.1.1", 
            "arp_state": null, 
            "auto_delete": null, 
            "availability_calculation": null, 
            "connection_limit": null, 
            "icmp_echo": null, 
            "name": "1.1.1.1%1", 
            "netmask": "255.255.255.255", 
            "partition": "NONHTTP1", 
            "password": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER", 
            "provider": {
                "password": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER", 
                "server": "172.20.216.250", 
                "server_port": 443, 
                "ssh_keyfile": null, 
                "timeout": 10, 
                "transport": "rest", 
                "user": "admin", 
                "validate_certs": false
            }, 
            "route_advertisement": "any", 
            "route_domain": null, 
            "server": "172.20.216.250", 
            "server_port": null, 
            "state": "present", 
            "traffic_group": null, 
            "transport": null, 
            "use_route_advertisement": null, 
            "user": "admin", 
            "validate_certs": false
        }
    }, 
    "item": {
        "all_profiles": "/Common/fastL4", 
        "destination": "1.1.1.1", 
        "enabled_vlans": "INT-NONHTTP1", 
        "id": "1", 
        "name": "LOOPBACKV4", 
        "partition": "NONHTTP1", 
        "pool": "SR1-IPV4", 
        "port": "0", 
        "type": "performance-l4"
    }, 
    "msg": "The address cannot be changed. Delete and recreate the virtual address if you need to do this."
}
<localhost> connection transport is rest
Using module file /root/ansible-bb_cgnat_configuration/library/modules/bigip_virtual_address.py
<localhost> EXEC /bin/sh -c '/usr/bin/python && sleep 0'
The full traceback is:
  File "/tmp/ansible_Xxl_yL/ansible_module_bigip_virtual_address.py", line 753, in main
    results = mm.exec_module()
  File "/tmp/ansible_Xxl_yL/ansible_module_bigip_virtual_address.py", line 555, in exec_module
    changed = self.present()
  File "/tmp/ansible_Xxl_yL/ansible_module_bigip_virtual_address.py", line 574, in present
    return self.update()
  File "/tmp/ansible_Xxl_yL/ansible_module_bigip_virtual_address.py", line 611, in update
    "The netmask cannot be changed. Delete and recreate "

failed: [zrdm8afcgi01cgi002 -> localhost] (item={u'partition': u'NONHTTP1', u'name': u'LOOPBACKV6', u'destination': u'2700::1', u'all_profiles': u'/Common/fastL4', u'id': u'1', u'enabled_vlans': u'INT-NONHTTP1', u'port': u'0', u'pool': u'SR1-IPV6'}) => {
    "changed": false, 
    "invocation": {
        "module_args": {
            "address": "2700::1", 
            "arp_state": null, 
            "auto_delete": null, 
            "availability_calculation": null, 
            "connection_limit": null, 
            "icmp_echo": null, 
            "name": "2700::1%1", 
            "netmask": "255.255.255.255", 
            "partition": "NONHTTP1", 
            "password": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER", 
            "provider": {
                "password": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER", 
                "server": "172.20.216.250", 
                "server_port": 443, 
                "ssh_keyfile": null, 
                "timeout": 10, 
                "transport": "rest", 
                "user": "admin", 
                "validate_certs": false
            }, 
            "route_advertisement": "any", 
            "route_domain": null, 
            "server": "172.20.216.250", 
            "server_port": null, 
            "state": "present", 
            "traffic_group": null, 
            "transport": null, 
            "use_route_advertisement": null, 
            "user": "admin", 
            "validate_certs": false
        }
    }, 
    "item": {
        "all_profiles": "/Common/fastL4", 
        "destination": "2700::1", 
        "enabled_vlans": "INT-NONHTTP1", 
        "id": "1", 
        "name": "LOOPBACKV6", 
        "partition": "NONHTTP1", 
        "pool": "SR1-IPV6", 
        "port": "0"
    }, 
    "msg": "The netmask cannot be changed. Delete and recreate the virtual address if you need to do this."
}
<localhost> connection transport is rest
Using module file /root/ansible-bb_cgnat_configuration/library/modules/bigip_virtual_address.py
<localhost> EXEC /bin/sh -c '/usr/bin/python && sleep 0'
The full traceback is:
  File "/tmp/ansible_O8O8iA/ansible_module_bigip_virtual_address.py", line 753, in main
    results = mm.exec_module()
  File "/tmp/ansible_O8O8iA/ansible_module_bigip_virtual_address.py", line 555, in exec_module
    changed = self.present()
  File "/tmp/ansible_O8O8iA/ansible_module_bigip_virtual_address.py", line 574, in present
    return self.update()
  File "/tmp/ansible_O8O8iA/ansible_module_bigip_virtual_address.py", line 617, in update
    "The address cannot be changed. Delete and recreate "

failed: [zrdm8afcgi01cgi002 -> localhost] (item={u'partition': u'NONHTTP2', u'name': u'LOOPBACKV4', u'destination': u'1.1.1.1', u'all_profiles': u'/Common/fastL4', u'id': u'2', u'enabled_vlans': u'INT-NONHTTP2', u'port': u'0', u'pool': u'SR2-IPV4'}) => {
    "changed": false, 
    "invocation": {
        "module_args": {
            "address": "1.1.1.1", 
            "arp_state": null, 
            "auto_delete": null, 
            "availability_calculation": null, 
            "connection_limit": null, 
            "icmp_echo": null, 
            "name": "1.1.1.1%2", 
            "netmask": "255.255.255.255", 
            "partition": "NONHTTP2", 
            "password": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER", 
            "provider": {
                "password": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER", 
                "server": "172.20.216.250", 
                "server_port": 443, 
                "ssh_keyfile": null, 
                "timeout": 10, 
                "transport": "rest", 
                "user": "admin", 
                "validate_certs": false
            }, 
            "route_advertisement": "any", 
            "route_domain": null, 
            "server": "172.20.216.250", 
            "server_port": null, 
            "state": "present", 
            "traffic_group": null, 
            "transport": null, 
            "use_route_advertisement": null, 
            "user": "admin", 
            "validate_certs": false
        }
    }, 
    "item": {
        "all_profiles": "/Common/fastL4", 
        "destination": "1.1.1.1", 
        "enabled_vlans": "INT-NONHTTP2", 
        "id": "2", 
        "name": "LOOPBACKV4", 
        "partition": "NONHTTP2", 
        "pool": "SR2-IPV4", 
        "port": "0"
    }, 
    "msg": "The address cannot be changed. Delete and recreate the virtual address if you need to do this."
}
<localhost> connection transport is rest
Using module file /root/ansible-bb_cgnat_configuration/library/modules/bigip_virtual_address.py
<localhost> EXEC /bin/sh -c '/usr/bin/python && sleep 0'
The full traceback is:
  File "/tmp/ansible_t05M9X/ansible_module_bigip_virtual_address.py", line 753, in main
    results = mm.exec_module()
  File "/tmp/ansible_t05M9X/ansible_module_bigip_virtual_address.py", line 555, in exec_module
    changed = self.present()
  File "/tmp/ansible_t05M9X/ansible_module_bigip_virtual_address.py", line 574, in present
    return self.update()
  File "/tmp/ansible_t05M9X/ansible_module_bigip_virtual_address.py", line 611, in update
    "The netmask cannot be changed. Delete and recreate "

failed: [zrdm8afcgi01cgi002 -> localhost] (item={u'partition': u'NONHTTP2', u'name': u'LOOPBACKV6', u'destination': u'2700::1', u'all_profiles': u'/Common/fastL4', u'id': u'2', u'enabled_vlans': u'INT-NONHTTP2', u'port': u'0', u'pool': u'SR2-IPV6'}) => {
    "changed": false, 
    "invocation": {
        "module_args": {
            "address": "2700::1", 
            "arp_state": null, 
            "auto_delete": null, 
            "availability_calculation": null, 
            "connection_limit": null, 
            "icmp_echo": null, 
            "name": "2700::1%2", 
            "netmask": "255.255.255.255", 
            "partition": "NONHTTP2", 
            "password": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER", 
            "provider": {
                "password": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER", 
                "server": "172.20.216.250", 
                "server_port": 443, 
                "ssh_keyfile": null, 
                "timeout": 10, 
                "transport": "rest", 
                "user": "admin", 
                "validate_certs": false
            }, 
            "route_advertisement": "any", 
            "route_domain": null, 
            "server": "172.20.216.250", 
            "server_port": null, 
            "state": "present", 
            "traffic_group": null, 
            "transport": null, 
            "use_route_advertisement": null, 
            "user": "admin", 
            "validate_certs": false
        }
    }, 
    "item": {
        "all_profiles": "/Common/fastL4", 
        "destination": "2700::1", 
        "enabled_vlans": "INT-NONHTTP2", 
        "id": "2", 
        "name": "LOOPBACKV6", 
        "partition": "NONHTTP2", 
        "pool": "SR2-IPV6", 
        "port": "0"
    }, 
    "msg": "The netmask cannot be changed. Delete and recreate the virtual address if you need to do this."
}

PLAY RECAP ********************************************************************************************
zrdm8afcgi01cgi002         : ok=0    changed=0    unreachable=0    failed=1
neozoolook commented 6 years ago

@caphrim007 Current F5 configuration that exists that must be modified;

ltm virtual-address 1.1.1.1%1 {
    address 1.1.1.1
    mask 255.255.255.255
    partition NONHTTP1
    traffic-group /Common/traffic-group-1
}
ltm virtual-address 2700::1%1 {
    address 2700::1
    partition NONHTTP1
    traffic-group /Common/traffic-group-1
caphrim007 commented 6 years ago

@neozoolook your current configuration is what you show in the last comment there?

neozoolook commented 6 years ago

@caphrim007 correct, this is what is in the F5 after the Virtuals are created in the partition, we just need to basically add the following snippet;

modify ltm virtual-address 1.1.1.1%1 route-advertisement any
modify ltm virtual-address 2700::1%1 route-advertisement any
caphrim007 commented 6 years ago

@neozoolook you're sure the address component of those virtual addresses is the stock address? they have no route domain on them?

neozoolook commented 6 years ago

@caphrim007 I'm taking a different approach, basically going to remove the virtual if exists, build the virtual-address, then build the virtual... This appears to work doing it this way;

---
- name: Delete Virtual(s)
  bigip_virtual_server:
    name: "{{ item.name }}"
    state: absent
    partition: "{{ item.partition }}"
    server: "{{ ansible_host }}"
    user: "{{ username }}"
    password: "{{ password }}"
    validate_certs: "no"
  delegate_to: localhost
  with_items: "{{ virtual_loopback }}"

- name: Modify Virtual Address Route-Advertisement Any
  bigip_virtual_address:
    name: "{{ item.destination }}%{{ item.id }}"
    address: "{{ item.destination }}"
    state: present
    route_advertisement: any
    partition: "{{ item.partition }}"
    server: "{{ ansible_host }}"
    user: "{{ username }}"
    password: "{{ password }}"
    validate_certs: "no"
  delegate_to: localhost
  with_items: "{{ virtual_loopback }}"

- name: Build Virtual(s)
  bigip_virtual_server:
    all_profiles:
      - "{{ item.all_profiles }}"
    enabled_vlans: "{{ item.enabled_vlans }}"
    destination: "{{ item.destination }}"
    name: "{{ item.name }}"
    partition: "{{ item.partition }}"
    pool: "{{ item.pool }}"
    port: "{{ item.port }}"
    state: present
    server: "{{ ansible_host }}"
    user: "{{ username }}"
    password: "{{ password }}"
    validate_certs: "no"
  delegate_to: localhost
  with_items: "{{ virtual_loopback }}"