search

f5devcentral / f5-automation-config-converter

Convert BIG-IP configs to AS3 and DO declarations
https://clouddocs.f5.com/products/extensions/f5-automation-config-converter/latest/
Apache License 2.0
35 stars 14 forks source link

TCP profile Ingress and Egress #89

Closed BarryHaines closed 2 years ago

BarryHaines commented 2 years ago

Environment

Summary

When converting a virtual server that has a separate clientside/serverside tcp profile the AS3 conversion only has the egress configuration and this fails to deploy to the BIG-IP because the ingress tcp profile is required but doesn't exist in the AS3 configuration.

Steps To Reproduce

Just create virtual server with 2 separate TCP profiles for the clientside and serverside, then use ACC docker image to convert the configuration and notice that only the serverside profile is converted.

Expected Behavior

Expecting to have the following output for the tcp profiles:

"profileTCP": { "ingress": { "bigip": "/Common/f5-tcp-wan" }, "egress": { "bigip": "/Common/tcp" } },

Actual Behavior

AS3 Output: "vs_as3tcp-test-443": { "layer4": "tcp", "pool": "pl_as3mig_443", "translateServerAddress": true, "translateServerPort": true, "class": "Service_TCP", "profileTCP": { #Missing ingress profile "egress": { "bigip": "/Common/tcp" } }, "virtualAddresses": [ "10.1.0.51" ], "virtualPort": 443, "persistenceMethods": [], "snat": "auto" },

TMOS configuration output: ltm virtual vs_as3tcp-test-443 { destination 10.1.0.51:https ip-protocol tcp mask 255.255.255.255 pool pl_as3mig_443 profiles { f5-tcp-wan { #This profile doesn't get converted context clientside } tcp { context serverside } } serverssl-use-sni disabled source 0.0.0.0/0 source-address-translation { type automap } translate-address enabled translate-port enabled vs-index 32 }

mdditt2000 commented 2 years ago

@BarryHaines looking to this issue. Here is my contact if you need to send me any additional information automation_toolchain_pm@f5.com

mdditt2000 commented 2 years ago

@BarryHaines can you email me your qkview or bigip.conf. TMOS configuration above is break ACC using Docker/VScode. I file Jira CHARON-692

mdditt2000 commented 2 years ago

@BarryHaines thanks for the configuration

I validated the configuration using your UCS file and i do see the correct TCP policy

"profileTCP": {
                    "ingress": {
                        "bigip": "/Common/f5-tcp-wan"
                    },
                    "egress": {
                        "bigip": "/Common/tcp"
                    }
                },

I will send you the converted file.

mdditt2000 commented 2 years ago

Current version of ACC 1.21 works as expected. Closing issue. Thanks @BarryHaines please continue to open issue!