500 error returned from DO after successful deployment of AVR module

[jamesjrwood]

Environment

• Declarative Onboarding Version: 1.39.1
• BIG-IP Version: 15.1.9.1

Summary

Redeploying an unchanged DO Declaration results in an intermittent error. This error shows up as a 500 after provisioning AVR on a device that was already deployed. First first dryrun and deployment works. Subsequent deployments after that of an unchanged declaration will occasionally throw the following error either during deployment or during dryrun:

"tryUntil: max tries reached: missing required field",
"Cannot read property 'process' of undefined"

Steps To Reproduce

Steps to reproduce the behavior:

1. Submit the following declaration (some values redacted):

   {
   "$schema": "https://raw.githubusercontent.com/F5Networks/f5-declarative-onboarding/main/src/schema/latest/do.schema.json",
   "Common": {
   "F5-Admin": {
     "attribute": "memberOF=cn=F5-Admin,ou=DS - Groups,DC=some,DC=domain,DC=test",
     "class": "RemoteAuthRole",
     "console": "tmsh",
     "lineOrder": 300,
     "remoteAccess": true,
     "role": "admin",
     "userPartition": "all"
   },
   "F5-Operator": {
     "attribute": "memberOF=cn=F5-Operator,ou=DS - Groups,DC=some,DC=domain,DC=test",
     "class": "RemoteAuthRole",
     "console": "tmsh",
     "lineOrder": 200,
     "remoteAccess": true,
     "role": "operator",
     "userPartition": "all"
   },
   "F5-Viewer": {
     "attribute": "memberOF=cn=F5-Viewer,ou=DS - Groups,DC=some,DC=domain,DC=test",
     "class": "RemoteAuthRole",
     "console": "tmsh",
     "lineOrder": 100,
     "remoteAccess": true,
     "role": "auditor",
     "userPartition": "all"
   },
   "admin": {
     "class": "User",
     "partitionAccess": {
       "all-partitions": {
         "role": "admin"
       }
     },
     "password": "***",
     "shell": "bash",
     "userType": "regular"
   },
   "azureadmin": {
     "class": "User",
     "partitionAccess": {
       "all-partitions": {
         "role": "admin"
       }
     },
     "password": "***",
     "shell": "bash",
     "userType": "regular"
   },
   "class": "Tenant",
   "default": {
     "class": "Route",
     "gw": "172.19.91.1",
     "mtu": 1500,
     "network": "default"
   },
   "external": {
     "class": "VLAN",
     "interfaces": [
       {
         "name": "1.1",
         "tagged": false
       }
     ],
     "mtu": 1500,
     "tag": 9
   },
   "external-localself": {
     "address": "172.19.91.10/24",
     "allowService": "none",
     "class": "SelfIp",
     "trafficGroup": "traffic-group-local-only",
     "vlan": "external"
   },
   "hostname": "w3pltf5i03.some.domain.test",
   "internal": {
     "class": "VLAN",
     "interfaces": [
       {
         "name": "1.2",
         "tagged": false
       }
     ],
     "mtu": 1500,
     "tag": 67
   },
   "internal-fe-localself": {
     "address": "172.19.92.10/24",
     "allowService": "default",
     "class": "SelfIp",
     "trafficGroup": "traffic-group-local-only",
     "vlan": "internal"
   },
   "myAuth": {
     "class": "Authentication",
     "enabledSourceType": "ldap",
     "fallback": true,
     "ldap": {
       "bindDn": "cn=svc_AZ-F5-LDAP,ou=DS - Service Accounts,DC=some,DC=domain,DC=test",
       "bindPassword": "<redacted>",
       "loginAttribute": "samaccountname",
       "port": 636,
       "referrals": true,
       "searchBaseDn": "ou=OPS Backend Admins,ou=DS - Users,DC=some,DC=domain,DC=test",
       "servers": [
         "172.19.149.10",
         "172.19.149.9",
         "172.19.85.4",
         "172.19.85.5"
       ],
       "ssl": "enabled",
       "userTemplate": "%s@some.domain.test"
     }
   },
   "myDns": {
     "class": "DNS",
     "nameServers": [
       "172.19.149.10",
       "172.19.149.9",
       "172.19.85.4",
       "172.19.85.5"
     ],
     "search": [
       "some.domain.test"
     ]
   },
   "myLicense": {
     "bigIpPassword": "***",
     "bigIpUsername": "admin",
     "bigIqHost": "172.19.84.6",
     "bigIqPassword": "***",
     "bigIqUsername": "admin",
     "class": "License",
     "licensePool": "bigipcat4",
     "licenseType": "licensePool",
     "reachable": true,
     "skuKeyword1": "F5-BIG-MSP-LTM-1G-F",
     "unitOfMeasure": "yearly"
   },
   "myNtp": {
     "class": "NTP",
     "servers": [
       "172.19.149.10",
       "172.19.149.9",
       "172.19.85.4",
       "172.19.85.5"
     ]
   },
   "myProvisioning": {
     "avr": "nominal",
     "class": "Provision",
     "ltm": "nominal"
   },
   "mySyslog": {
     "class": "SyslogRemoteServer",
     "host": "172.19.85.7",
     "localIp": "172.19.91.10",
     "remotePort": 514
   }
   },
   "async": "true",
   "class": "Device",
   "controls": {
   "dryRun": "true",
   "trace": false,
   "traceResponse": false
   },
   "label": "Basic onboarding",
   "schemaVersion": "1.39.0"
   }

2. Observe the following error response:

   {
   "id": "a389c428-b1ca-46f2-8eb9-cf26aa83110e",
       "message": "rollback failed",
       "result": {
           "class": "Result",
           "code": 500,
           "dryRun": false,
           "errors": [
               "tryUntil: max tries reached: missing required field",
               "Cannot read property 'process' of undefined"
           ],
           "message": "rollback failed",
           "status": "ERROR"
       },
       "selfLink": "[https://localhost/mgmt/shared/declarative-onboarding/task/a389c428-b1ca-46f2-8eb9-cf26aa83110e",](https://localhost/mgmt/shared/declarative-onboarding/task/a389c428-b1ca-46f2-8eb9-cf26aa83110e%22,)
       "status": "ERROR"
   }

Expected Behavior

I would expect a declaration that was successfully deployed would not error out on the second run when the values in the declaration have not changed.

Actual Behavior

The declaration will error out with a 500 and the error of "cannot read property 'process' of undefined"

[dstokesf5]

Thank you for your feedback. Do you have a simpler declaration that still reproduces this issue?