search

f5devcentral / ansible-role-f5_atc_deploy_declaration

Ansible role used to deploy declaratives to F5 Automated Tool Chain services: AS3, DO, and TS
Apache License 2.0
7 stars 11 forks source link

Implement retry when DO runs for a long time #32

Closed rjouhann closed 4 years ago

rjouhann commented 4 years ago

Fixes #30

BIG-IP token expires by default after 1200sec

{
    "code": 401,
    "message": "X-F5-Auth-Token does not exist.",
    "referer": "136.27.25.250",
    "restOperationId": 6955449,
    "kind": ":resterrorresponse"
}
"msg": "Status code was 401 and not [200]: HTTP Error 401: F5 Authorization Required"

BIG-IQ token expires by default after 300sec

{
    "code": 401,
    "errorStack": [],
    "kind": ":resterrorresponse",
    "message": "Invalid registered claims.",
    "referer": "172.18.7.186",
    "restOperationId": 2002730
}
"msg": "Status code was 401 and not [200]: HTTP Error 401: Unauthorized",

@focrensh, I have tested on both BIG-IP and BIG-IQ, all good.

For BIG-IP, if the Run check tasks succeed, it will stop and continue. If the Run check fails on 401, it will try to renew re-authenticate and refresh the token up to 4 times. If the Run check fails on other errors than 401, it won't go in the loop.

FYI, to test the changes on BIG-IP, I have reduced the token to 300sec to see the behavior by adding the following lines in authentication.yaml (only for testing, not in the PR)

- name: PATCH authentication token
  uri:
    url: "https://{{ provider.server }}:{{ provider.server_port }}/mgmt/shared/authz/tokens/{{ authtoken.json.token.token }}"
    method: PATCH
    timeout: "{{ atc_timeout }}"
    validate_certs: "{{ provider.validate_certs }}"
    headers:
      X-F5-Auth-Token: "{{ f5_auth_token }}"
    body: 
      timeout: 300
    body_format: json
  register: authtoken
  delegate_to: localhost