search

F5Networks / f5-appsvcs-extension

F5 BIG-IP Application Services 3 Extension
Apache License 2.0
163 stars 52 forks source link

Tenant fails to be created when shareAddresses is used even with AS3 Version 3.50.2 #832

Open electromichi3 opened 1 month ago

electromichi3 commented 1 month ago

Environment

Summary

use case is to have one app per tenant. It must be possible to use the same IP in different tenants but with other services / Ports. Also we would like to have one AS3 Declaration per tenant/ app.

So since AS3 Version 3.20.0 it should be possible via the "shareAddresses" option as described here: https://clouddocs.f5.com/products/extensions/f5-appsvcs-extension/latest/declarations/miscellaneous.html#sharing-ip-addresses-between-virtual-servers Should be also working based on https://github.com/F5Networks/f5-appsvcs-extension/issues/279

Steps To Reproduce

Steps to reproduce the behavior:

  1. Submit the following two declaration one after another. The first run is successfull, the second one complaines as mentioned below
{
    "class": "AS3",
    "action": "deploy",
    "persist": true,
    "declaration": {
        "class": "ADC",
        "schemaVersion": "3.50.2",
        "label": "team1-app1-svc1",
        "id": "Test-HTTP-Service-1",
        "remark": "Test Jinja2 Template to create Service 'Test-HTTP-Service-1'",
        "team1-app1-svc1": {
            "class": "Tenant",
            "team1-app1-svc1.corp.domain.com_path": {
                "class": "Application",
                "template": "generic",
                "team1-app1-svc1.corp.domain.com_tcp_vs": {
                    "class": "Service_TCP",
                    "virtualAddresses": [
                        "172.18.2.99%0"
                    ],
                    "virtualPort" : 80,
                    "shareAddresses": true,
                    "pool": "team1-app1-svc1.corp.domain.com_pool",
                    "maxConnections": 0
                },
                "team1-app1-svc1.corp.domain.com_pool": {
                    "class": "Pool",
                    "monitors": [
                        "tcp"
                    ],
                    "members": [{
                        "servicePort": 81,
                        "addressDiscovery": "fqdn",
                        "autoPopulate": true,
                        "hostname": "linux-infra-1.corp.domain.com",
                        "queryInterval": 0,
                        "shareNodes": true,
                        "fqdnPrefix": "node-"
                    }]
                }
            }
            }
    },
    "updateMode": "selective"
}
{
    "class": "AS3",
    "action": "deploy",
    "persist": true,
    "declaration": {
        "class": "ADC",
        "schemaVersion": "3.50.2",
        "label": "team1-app1-svc2",
        "id": "Test-HTTP-Service-1",
        "remark": "Test Jinja2 Template to create Service 'Test-HTTP-Service-1'",
        "team1-app1-svc2": {
            "class": "Tenant",
            "team1-app1-svc2.corp.domain.com_path": {
                "class": "Application",
                "template": "generic",
                "team1-app1-svc2.corp.domain.com_tcp_vs": {
                    "class": "Service_TCP",
                    "virtualAddresses": [
                        "172.18.2.99%0"
                    ],
                    "virtualPort" : 81,
                    "shareAddresses": true,
                    "pool": "team1-app1-svc2.corp.domain.com_pool",
                    "maxConnections": 0
                },
                "team1-app1-svc2.corp.domain.com_pool": {
                    "class": "Pool",
                    "monitors": [
                        "tcp"
                    ],
                    "members": [{
                        "servicePort": 81,
                        "addressDiscovery": "fqdn",
                        "autoPopulate": true,
                        "hostname": "linux-infra-1.corp.domain.com",
                        "queryInterval": 0,
                        "shareNodes": true,
                        "fqdnPrefix": "node-"
                    }]
                }
            }
            }
    },
    "updateMode": "selective"
}
  1. Observe the following error response: 
    {
"results": [
{
  "code": 422,
  "message": "declaration failed",
  "response": "01020066:3: The requested Virtual Address (/Common/172.18.2.99) already exists in partition Common.",
  "host": "localhost",
  "tenant": "team1-app1-svc2",
  "runTime": 900,
  "declarationId": "Test-HTTP-Service-1"
}
],
"declaration": {
"class": "ADC",
"schemaVersion": "3.50.2",
"label": "team1-app1-svc2",
"id": "Test-HTTP-Service-2",
"remark": "Test Jinja2 Template to create Service 'Test-HTTP-Service-2'",
"updateMode": "selective",
"controls": {
  "archiveTimestamp": "2024-05-23T13:27:51.365Z"
}
},
"code": 422
}

Expected Behavior

Expected behavior would be, that the AS3 declaration get imported successful with option "sharedAddresses: true"

Actual Behavior

only one declaration with an Virtual Server IP is possible. When a second declaration use the same virtual IP with another port, the error is: 01020066:3: The requested Virtual Address (/Common/172.18.2.99) already exists in partition Common.

mdditt2000 commented 1 month ago

@electromichi3 agree this should work. Opened Jira AUTOTOOL-4375 task for Engineeering. BTW have to looked at Per-App API to POST each APP. Instead of creating tenant for each APP. Something to look into. This video demonstrator AS3 Per-App-API promotion from beta to general availability in AS3.50 release coming soon. https://youtu.be/9A4XjhDp4ac

For prioritization i would like a customer name on the Jira task. Please email me your contacts at automation_toolchain_pm@f5.com

electromichi3 commented 1 month ago

Hello Mark,

thanks already for verify that this is not a fault on my side. Even more thanks for bringing back Per-App Api to my mind. I heared last year about it and in the meantime I migrated my complete Pipeline to work with the Per-App Api.

There where some tricky parts in the beginning because my jinja template needs to be adjusted and also the Add and Removal Process from a pipeline perspective is a different way as it is with standard AS3

for you, the sharedAddresses issue is not a topic with per-app deployment. I can freely now deploy apps in a per-app way in the ressource group. And these apps can utilize the same IP Address with different ports.

additionally i will send you an e-mail as requested

mdditt2000 commented 1 month ago

@electromichi3 please send me a email so next week we can sync up over a quick zoom call. plus @sunitharonan

mdditt2000 commented 2 weeks ago

@electromichi3 For prioritization i would like a customer name on the Jira task. Please email me your contacts at automation_toolchain_pm@f5.com