Closed neozoolook closed 6 years ago
First error shows when playing with name: parameter given for a object in a partition other than common... 1.1.1.1%1 or 1.1.1.1%2 as example. However if we leave off name: parameter and just specify address: parameter, then it complains that it already exists. As we are just trying to do the following to the object in tmsh;
modify ltm virtual-address 1.1.1.1%1 route-advertisement any modify ltm virtual-address 2700::1%1 route-advertisement any modify ltm virtual-address 1.1.1.1%2 route-advertisement any modify ltm virtual-address 2700::1%2 route-advertisement any
@caphrim007 Have you had chance to look at this bug? We are working on some new plays for another architecture rollout, let me know if I should go bigip_command route as workaround or not.
Thanks.
it seems like this is a new option in v13. It will require some work to change the existing supported values and docs as what is currently expected is a boolean value and not a string
correction. it was added in v13.0.0-HF1. WE ADDED THIS IN A HOTFIX!?!?!?!
@neozoolook are you trying to change the address or route domain? that's not a supported method on BIGIP. Or are you just trying to change the route advertisement?
@neozoolook lemme know if this fix addresses your issues
@caphrim007 so I have tested this and this appears to be still broken. We have virtual-address entries that are default created in the partition per what was defined from the Virtuals. I'm just trying to flag on the route_advertisement to 'any' is all. But when running this playbook it complains about netmask cannot be changed or IP already exists.
Second item I think may be wrong with this is that the Ansible shows netmask of '255.255.255.255' for IPv6 addresses being passed, don't think that will work either. I do not provide this in playbook either as you default, probably need to add some logic to default to /32 for IPv4 and /128 for IPv6.
Playbook;
---
- name: Modify Virtual Address Route-Advertisement Any
bigip_virtual_address:
name: "{{ item.destination }}%{{ item.id }}"
address: "{{ item.destination }}"
state: present
#use_route_advertisement: yes
route_advertisement: any
partition: "{{ item.partition }}"
server: "{{ ansible_host }}"
user: "{{ username }}"
password: "{{ password }}"
validate_certs: "no"
delegate_to: localhost
with_items: "{{ virtual_loopback }}"
-vvvv run output on a 13.1 F5 host
root@image-factory:~/ansible-bb_cgnat_configuration# ansible-playbook site.yml --ask-vault-pass --tags http_virtual_address -vvvv
ansible-playbook 2.5.0
config file = /root/ansible-bb_cgnat_configuration/ansible.cfg
configured module search path = [u'/root/ansible-bb_cgnat_configuration/library/modules']
ansible python module location = /usr/lib/python2.7/dist-packages/ansible
executable location = /usr/bin/ansible-playbook
python version = 2.7.6 (default, Nov 23 2017, 15:49:48) [GCC 4.8.4]
Using /root/ansible-bb_cgnat_configuration/ansible.cfg as config file
Vault password:
setting up inventory plugins
Parsed /root/ansible-bb_cgnat_configuration/hosts.inv inventory source with ini plugin
Loading callback plugin default of type stdout, v2.0 from /usr/lib/python2.7/dist-packages/ansible/plugins/callback/default.pyc
PLAYBOOK: site.yml ************************************************************************************
1 plays in site.yml
PLAY [single] *****************************************************************************************
META: ran handlers
Trying secret <ansible.parsing.vault.PromptVaultSecret object at 0x7fea9b12d590> for vault_id=default
TASK [Configuration NON-HTTP Partition(s)] ************************************************************
task path: /root/ansible-bb_cgnat_configuration/site.yml:22
statically imported: /root/ansible-bb_cgnat_configuration/roles/f5_partition_http/tasks/f5_create_vlan.yml
statically imported: /root/ansible-bb_cgnat_configuration/roles/f5_partition_http/tasks/f5_create_interface.yml
statically imported: /root/ansible-bb_cgnat_configuration/roles/f5_partition_http/tasks/f5_pool_gateway.yml
statically imported: /root/ansible-bb_cgnat_configuration/roles/f5_partition_http/tasks/f5_create_virtuals_loopback.yml
statically imported: /root/ansible-bb_cgnat_configuration/roles/f5_partition_http/tasks/f5_modify_virtual_address.yml
statically imported: /root/ansible-bb_cgnat_configuration/roles/f5_partition_http/tasks/f5_afm_portlist.yml
statically imported: /root/ansible-bb_cgnat_configuration/roles/f5_partition_http/tasks/f5_timerpolicy.yml
statically imported: /root/ansible-bb_cgnat_configuration/roles/f5_partition_http/tasks/f5_servicepolicy.yml
statically imported: /root/ansible-bb_cgnat_configuration/roles/f5_partition_http/tasks/f5_bgp.yml
statically imported: /root/ansible-bb_cgnat_configuration/roles/f5_partition_http/tasks/f5_afm_addresslist.yml
statically imported: /root/ansible-bb_cgnat_configuration/roles/f5_partition_http/tasks/f5_afm_rulelist_v4.yml
statically imported: /root/ansible-bb_cgnat_configuration/roles/f5_partition_http/tasks/f5_afm_rulelist_v6.yml
statically imported: /root/ansible-bb_cgnat_configuration/roles/f5_partition_http/tasks/f5_afm_policy_v4.yml
statically imported: /root/ansible-bb_cgnat_configuration/roles/f5_partition_http/tasks/f5_afm_policy_v6.yml
statically imported: /root/ansible-bb_cgnat_configuration/roles/f5_partition_http/tasks/f5_create_virtuals.yml
TASK [f5_partition_http : Modify Virtual Address Route-Advertisement Any] *****************************
task path: /root/ansible-bb_cgnat_configuration/roles/f5_partition_http/tasks/f5_modify_virtual_address.yml:2
<localhost> connection transport is rest
Using module file /root/ansible-bb_cgnat_configuration/library/modules/bigip_virtual_address.py
<localhost> ESTABLISH LOCAL CONNECTION FOR USER: root
<localhost> EXEC /bin/sh -c '/usr/bin/python && sleep 0'
The full traceback is:
File "/tmp/ansible_jcFFkN/ansible_module_bigip_virtual_address.py", line 753, in main
results = mm.exec_module()
File "/tmp/ansible_jcFFkN/ansible_module_bigip_virtual_address.py", line 555, in exec_module
changed = self.present()
File "/tmp/ansible_jcFFkN/ansible_module_bigip_virtual_address.py", line 574, in present
return self.update()
File "/tmp/ansible_jcFFkN/ansible_module_bigip_virtual_address.py", line 617, in update
"The address cannot be changed. Delete and recreate "
failed: [zrdm8afcgi01cgi002 -> localhost] (item={u'partition': u'NONHTTP1', u'name': u'LOOPBACKV4', u'destination': u'1.1.1.1', u'all_profiles': u'/Common/fastL4', u'id': u'1', u'enabled_vlans': u'INT-NONHTTP1', u'type': u'performance-l4', u'port': u'0', u'pool': u'SR1-IPV4'}) => {
"changed": false,
"invocation": {
"module_args": {
"address": "1.1.1.1",
"arp_state": null,
"auto_delete": null,
"availability_calculation": null,
"connection_limit": null,
"icmp_echo": null,
"name": "1.1.1.1%1",
"netmask": "255.255.255.255",
"partition": "NONHTTP1",
"password": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER",
"provider": {
"password": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER",
"server": "172.20.216.250",
"server_port": 443,
"ssh_keyfile": null,
"timeout": 10,
"transport": "rest",
"user": "admin",
"validate_certs": false
},
"route_advertisement": "any",
"route_domain": null,
"server": "172.20.216.250",
"server_port": null,
"state": "present",
"traffic_group": null,
"transport": null,
"use_route_advertisement": null,
"user": "admin",
"validate_certs": false
}
},
"item": {
"all_profiles": "/Common/fastL4",
"destination": "1.1.1.1",
"enabled_vlans": "INT-NONHTTP1",
"id": "1",
"name": "LOOPBACKV4",
"partition": "NONHTTP1",
"pool": "SR1-IPV4",
"port": "0",
"type": "performance-l4"
},
"msg": "The address cannot be changed. Delete and recreate the virtual address if you need to do this."
}
<localhost> connection transport is rest
Using module file /root/ansible-bb_cgnat_configuration/library/modules/bigip_virtual_address.py
<localhost> EXEC /bin/sh -c '/usr/bin/python && sleep 0'
The full traceback is:
File "/tmp/ansible_Xxl_yL/ansible_module_bigip_virtual_address.py", line 753, in main
results = mm.exec_module()
File "/tmp/ansible_Xxl_yL/ansible_module_bigip_virtual_address.py", line 555, in exec_module
changed = self.present()
File "/tmp/ansible_Xxl_yL/ansible_module_bigip_virtual_address.py", line 574, in present
return self.update()
File "/tmp/ansible_Xxl_yL/ansible_module_bigip_virtual_address.py", line 611, in update
"The netmask cannot be changed. Delete and recreate "
failed: [zrdm8afcgi01cgi002 -> localhost] (item={u'partition': u'NONHTTP1', u'name': u'LOOPBACKV6', u'destination': u'2700::1', u'all_profiles': u'/Common/fastL4', u'id': u'1', u'enabled_vlans': u'INT-NONHTTP1', u'port': u'0', u'pool': u'SR1-IPV6'}) => {
"changed": false,
"invocation": {
"module_args": {
"address": "2700::1",
"arp_state": null,
"auto_delete": null,
"availability_calculation": null,
"connection_limit": null,
"icmp_echo": null,
"name": "2700::1%1",
"netmask": "255.255.255.255",
"partition": "NONHTTP1",
"password": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER",
"provider": {
"password": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER",
"server": "172.20.216.250",
"server_port": 443,
"ssh_keyfile": null,
"timeout": 10,
"transport": "rest",
"user": "admin",
"validate_certs": false
},
"route_advertisement": "any",
"route_domain": null,
"server": "172.20.216.250",
"server_port": null,
"state": "present",
"traffic_group": null,
"transport": null,
"use_route_advertisement": null,
"user": "admin",
"validate_certs": false
}
},
"item": {
"all_profiles": "/Common/fastL4",
"destination": "2700::1",
"enabled_vlans": "INT-NONHTTP1",
"id": "1",
"name": "LOOPBACKV6",
"partition": "NONHTTP1",
"pool": "SR1-IPV6",
"port": "0"
},
"msg": "The netmask cannot be changed. Delete and recreate the virtual address if you need to do this."
}
<localhost> connection transport is rest
Using module file /root/ansible-bb_cgnat_configuration/library/modules/bigip_virtual_address.py
<localhost> EXEC /bin/sh -c '/usr/bin/python && sleep 0'
The full traceback is:
File "/tmp/ansible_O8O8iA/ansible_module_bigip_virtual_address.py", line 753, in main
results = mm.exec_module()
File "/tmp/ansible_O8O8iA/ansible_module_bigip_virtual_address.py", line 555, in exec_module
changed = self.present()
File "/tmp/ansible_O8O8iA/ansible_module_bigip_virtual_address.py", line 574, in present
return self.update()
File "/tmp/ansible_O8O8iA/ansible_module_bigip_virtual_address.py", line 617, in update
"The address cannot be changed. Delete and recreate "
failed: [zrdm8afcgi01cgi002 -> localhost] (item={u'partition': u'NONHTTP2', u'name': u'LOOPBACKV4', u'destination': u'1.1.1.1', u'all_profiles': u'/Common/fastL4', u'id': u'2', u'enabled_vlans': u'INT-NONHTTP2', u'port': u'0', u'pool': u'SR2-IPV4'}) => {
"changed": false,
"invocation": {
"module_args": {
"address": "1.1.1.1",
"arp_state": null,
"auto_delete": null,
"availability_calculation": null,
"connection_limit": null,
"icmp_echo": null,
"name": "1.1.1.1%2",
"netmask": "255.255.255.255",
"partition": "NONHTTP2",
"password": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER",
"provider": {
"password": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER",
"server": "172.20.216.250",
"server_port": 443,
"ssh_keyfile": null,
"timeout": 10,
"transport": "rest",
"user": "admin",
"validate_certs": false
},
"route_advertisement": "any",
"route_domain": null,
"server": "172.20.216.250",
"server_port": null,
"state": "present",
"traffic_group": null,
"transport": null,
"use_route_advertisement": null,
"user": "admin",
"validate_certs": false
}
},
"item": {
"all_profiles": "/Common/fastL4",
"destination": "1.1.1.1",
"enabled_vlans": "INT-NONHTTP2",
"id": "2",
"name": "LOOPBACKV4",
"partition": "NONHTTP2",
"pool": "SR2-IPV4",
"port": "0"
},
"msg": "The address cannot be changed. Delete and recreate the virtual address if you need to do this."
}
<localhost> connection transport is rest
Using module file /root/ansible-bb_cgnat_configuration/library/modules/bigip_virtual_address.py
<localhost> EXEC /bin/sh -c '/usr/bin/python && sleep 0'
The full traceback is:
File "/tmp/ansible_t05M9X/ansible_module_bigip_virtual_address.py", line 753, in main
results = mm.exec_module()
File "/tmp/ansible_t05M9X/ansible_module_bigip_virtual_address.py", line 555, in exec_module
changed = self.present()
File "/tmp/ansible_t05M9X/ansible_module_bigip_virtual_address.py", line 574, in present
return self.update()
File "/tmp/ansible_t05M9X/ansible_module_bigip_virtual_address.py", line 611, in update
"The netmask cannot be changed. Delete and recreate "
failed: [zrdm8afcgi01cgi002 -> localhost] (item={u'partition': u'NONHTTP2', u'name': u'LOOPBACKV6', u'destination': u'2700::1', u'all_profiles': u'/Common/fastL4', u'id': u'2', u'enabled_vlans': u'INT-NONHTTP2', u'port': u'0', u'pool': u'SR2-IPV6'}) => {
"changed": false,
"invocation": {
"module_args": {
"address": "2700::1",
"arp_state": null,
"auto_delete": null,
"availability_calculation": null,
"connection_limit": null,
"icmp_echo": null,
"name": "2700::1%2",
"netmask": "255.255.255.255",
"partition": "NONHTTP2",
"password": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER",
"provider": {
"password": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER",
"server": "172.20.216.250",
"server_port": 443,
"ssh_keyfile": null,
"timeout": 10,
"transport": "rest",
"user": "admin",
"validate_certs": false
},
"route_advertisement": "any",
"route_domain": null,
"server": "172.20.216.250",
"server_port": null,
"state": "present",
"traffic_group": null,
"transport": null,
"use_route_advertisement": null,
"user": "admin",
"validate_certs": false
}
},
"item": {
"all_profiles": "/Common/fastL4",
"destination": "2700::1",
"enabled_vlans": "INT-NONHTTP2",
"id": "2",
"name": "LOOPBACKV6",
"partition": "NONHTTP2",
"pool": "SR2-IPV6",
"port": "0"
},
"msg": "The netmask cannot be changed. Delete and recreate the virtual address if you need to do this."
}
PLAY RECAP ********************************************************************************************
zrdm8afcgi01cgi002 : ok=0 changed=0 unreachable=0 failed=1
@caphrim007 Current F5 configuration that exists that must be modified;
ltm virtual-address 1.1.1.1%1 {
address 1.1.1.1
mask 255.255.255.255
partition NONHTTP1
traffic-group /Common/traffic-group-1
}
ltm virtual-address 2700::1%1 {
address 2700::1
partition NONHTTP1
traffic-group /Common/traffic-group-1
@neozoolook your current configuration is what you show in the last comment there?
@caphrim007 correct, this is what is in the F5 after the Virtuals are created in the partition, we just need to basically add the following snippet;
modify ltm virtual-address 1.1.1.1%1 route-advertisement any
modify ltm virtual-address 2700::1%1 route-advertisement any
@neozoolook you're sure the address
component of those virtual addresses is the stock address? they have no route domain on them?
@caphrim007 I'm taking a different approach, basically going to remove the virtual if exists, build the virtual-address, then build the virtual... This appears to work doing it this way;
---
- name: Delete Virtual(s)
bigip_virtual_server:
name: "{{ item.name }}"
state: absent
partition: "{{ item.partition }}"
server: "{{ ansible_host }}"
user: "{{ username }}"
password: "{{ password }}"
validate_certs: "no"
delegate_to: localhost
with_items: "{{ virtual_loopback }}"
- name: Modify Virtual Address Route-Advertisement Any
bigip_virtual_address:
name: "{{ item.destination }}%{{ item.id }}"
address: "{{ item.destination }}"
state: present
route_advertisement: any
partition: "{{ item.partition }}"
server: "{{ ansible_host }}"
user: "{{ username }}"
password: "{{ password }}"
validate_certs: "no"
delegate_to: localhost
with_items: "{{ virtual_loopback }}"
- name: Build Virtual(s)
bigip_virtual_server:
all_profiles:
- "{{ item.all_profiles }}"
enabled_vlans: "{{ item.enabled_vlans }}"
destination: "{{ item.destination }}"
name: "{{ item.name }}"
partition: "{{ item.partition }}"
pool: "{{ item.pool }}"
port: "{{ item.port }}"
state: present
server: "{{ ansible_host }}"
user: "{{ username }}"
password: "{{ password }}"
validate_certs: "no"
delegate_to: localhost
with_items: "{{ virtual_loopback }}"
ISSUE TYPE
COMPONENT NAME
bigip_virtual_address.py
ANSIBLE VERSION
PYTHON VERSION
BIGIP VERSION
LIBRARY VERSIONS
CONFIGURATION
Standard ansible.cfg
OS / ENVIRONMENT
Ubuntu 16.04TS
SUMMARY
Seems that when I run this module it either complains about IP already existing or when specifying the name such as 1.1.1.1%1 it will also give different API error.
STEPS TO REPRODUCE
EXPECTED RESULTS
ACTUAL RESULTS