search

F5Networks / f5-declarative-onboarding

F5 BIG-IP Declarative Onboarding
Apache License 2.0
58 stars 22 forks source link

DO does not configure mirror-ip and mirror-secondary-ip, because it does not remove slash and netmask suffix from IP-address. #360

Open joebride opened 11 months ago

joebride commented 11 months ago

Environment

Summary

We are trying to onboard a device that should be added to a DSC-cluster. But DO does not configure mirror-ip correctly. DO does not ignore the netmask after the slash as it did it for configsync-ip and FailoverUnicast!

The impact is that we cannot prepare device-parameter correctly to add it to DSC-cluster.

Steps To Reproduce

Steps to reproduce the behavior:

  1. Submit the following declaration:

    {
"schemaVersion": "1.38.0",
"class": "Device",
"async": true,
"label": "Onboard BIG-IP into an DSC cluster",
"controls": {
    "class": "Controls",
    "dryRun": false,
    "trace": false,
    "traceResponse": false
},
"Common": {
    "class": "Tenant",
    "myDbVariables": {
        "class": "DbVariables",
        "provision.extramb": 500
    },
   "HA-01": {
        "class": "SelfIp",
        "address": "1.1.1.1/24",
        "vlan": "RD_000_VLAN_SYN_4090",
        "allowService": "default",
        "trafficGroup": "traffic-group-local-only"
    },
    "HA-02": {
        "class": "SelfIp",
        "address": "2.2.2.1/24",
        "vlan": "RD_000_VLAN_SYN_4091",
        "allowService": "default",
        "trafficGroup": "traffic-group-local-only"
    },
    "RouteDomain-10": {
        "class": "RouteDomain",
        "id": 10,
        "vlans": [
            "VLAN504"
        ]
    },
    "failoverUnicastMgmt": {
        "class": "FailoverUnicast",
        "addressPorts": [
            {
                "address": "/Common/HA-01/address"
            },
            {
                "address": "/Common/HA-02/address"
            }
        ]
    },
    "ConfigSync": {
        "class": "ConfigSync",
        "configsyncIp": "/Common/HA-01/address"
    },
    "myMirror": {
        "class": "MirrorIp",
        "primaryIp": "/Common/HA-01/address",
        "secondaryIp": "/Common/HA-02/address"
    }
}
}

  2. Observe the following error response:

    {
"id": "1ce9a0b8-24a4-4991-86af-7f0a5da8aad9",
"selfLink": "https://localhost/mgmt/shared/declarative-onboarding/task/1ce9a0b8-24a4-4991-86af-7f0a5da8aad9",
"code": 422,
"status": "ERROR",
"message": "invalid config - rolled back",
"errors": [
    "Invalid IP address: \"1.1.1.1/24\"",
    "Invalid IP address: \"1.1.1.1/24\""
],
"result": {
    "class": "Result",
    "code": 422,
    "status": "ERROR",
    "dryRun": false,
    "message": "invalid config - rolled back",
    "errors": [
        "Invalid IP address: \"1.1.1.1/24\"",
        "Invalid IP address: \"1.1.1.1/24\""
    ]
},
"declaration": {
    "schemaVersion": "1.38.0",
    "class": "Device",
    "async": true,
    "label": "Onboard BIG-IP into an DSC cluster",
    "controls": {
        "class": "Controls",
        "dryRun": false,
        "trace": false,
        "traceResponse": false
    },
    "Common": {
        "class": "Tenant",
        "myDbVariables": {
            "class": "DbVariables",
            "provision.extramb": 500
        },
        "HA-01": {
            "class": "SelfIp",
            "address": "1.1.1.1/24",
            "vlan": "RD_000_VLAN_SYN_4090",
            "allowService": "default",
            "trafficGroup": "traffic-group-local-only"
        },
        "HA-02": {
            "class": "SelfIp",
            "address": "2.2.2.1/24",
            "vlan": "RD_000_VLAN_SYN_4091",
            "allowService": "default",
            "trafficGroup": "traffic-group-local-only"
        },
        "RouteDomain-10": {
            "class": "RouteDomain",
            "id": 10,
            "vlans": [
                "VLAN504"
            ],
            "connectionLimit": 0,
            "strict": true
        },
        "failoverUnicastMgmt": {
            "class": "FailoverUnicast",
            "addressPorts": [
                {
                    "address": "/Common/HA-01/address",
                    "port": 1026
                },
                {
                    "address": "/Common/HA-02/address",
                    "port": 1026
                }
            ]
        },
        "ConfigSync": {
            "class": "ConfigSync",
            "configsyncIp": "/Common/HA-01/address"
        },
        "myMirror": {
            "class": "MirrorIp",
            "primaryIp": "/Common/HA-01/address",
            "secondaryIp": "/Common/HA-02/address"
        }
    }
}
}

Expected Behavior

The mirror-ip + mirror-secondary-ip should be configured correctly.

cm device lb01.test {
    active-modules { "xxx|Best Bundle, r2800" }
    base-mac 14:a9:d0:30:b8:8c
    build 0.0.4
    cert dtdi.crt
    chassis-id xxx
    configsync-ip 1.1.1.1
    edition "Point Release 1"
    failover-state active
    hostname lb01.test
    key dtdi.key
    management-ip 25.96.225.173
    marketing-name "BIG-IP Tenant"
    mirror-ip 1.1.1.1
    mirror-secondary-ip 2.2.2.1
    optional-modules { "xxx "VPN Users" }
    platform-id Z101
    product BIG-IP
    self-device true
    time-limited-modules { "IP Intelligence, 1xxx|SUBSCRIPTION" }
    time-zone Europe/Berlin
    unicast-address {
        {
            effective-ip 1.1.1.1
            effective-port 1026
            ip 1.1.1.1
        }
        {
            effective-ip 2.2.2.1
            effective-port 1026
            ip 2.2.2.1
        }
    }
    version 17.1.0.1
}

Actual Behavior

The mirror-ip + mirror-secondary-ip are not configured.

cm device lb01.test {
    active-modules { "xxx|Best Bundle, r2800" }
    base-mac 14:a9:d0:30:b8:8c
    build 0.0.4
    cert dtdi.crt
    chassis-id xxx
    configsync-ip 1.1.1.1
    edition "Point Release 1"
    failover-state active
    hostname lb01.test
    key dtdi.key
    management-ip 25.96.225.173
    marketing-name "BIG-IP Tenant"
    mirror-ip none
    mirror-secondary-ip none
    optional-modules { "xxx "VPN Users" }
    platform-id Z101
    product BIG-IP
    self-device true
    time-limited-modules { "IP Intelligence, 1xxx|SUBSCRIPTION" }
    time-zone Europe/Berlin
    unicast-address {
        {
            effective-ip 1.1.1.1
            effective-port 1026
            ip 1.1.1.1
        }
        {
            effective-ip 2.2.2.1
            effective-port 1026
            ip 2.2.2.1
        }
    }
    version 17.1.0.1
}
joebride commented 10 months ago

DO was performed on TenantOS v17.1.0.1 running on LTMr2000-series (F5OS-A v1.5.0).

vsnine commented 10 months ago

I worked around this when using a Jinja2 template as follows:

    "myMirror": {
        "class": "MirrorIp",
        "primaryIp": "{{ int_self_ip.split('/')[0] }}",
        "secondaryIp": "any6"
    },
dstokesf5 commented 5 months ago

Thank you for your feedback. I have added this to the internal product backlog as AUTOTOOL-3954.