f5networks / f5-appsvcs-extension Goto Github PK
View Code? Open in Web Editor NEWF5 BIG-IP Application Services 3 Extension
License: Apache License 2.0
F5 BIG-IP Application Services 3 Extension
License: Apache License 2.0
Application Services Extension Version 3.0.0
BIG-IP Version 13.0 and higher
With any kind of client software, be sure to disable the “Expect: 100 Continue” feature commonly used with SOAP+XML APIs. When using cURL, add the option -H ‘Expect:’ to your cURL command line (no space after the colon at the end of ‘Expect:’). For specific information, refer to the instructions from your client libraries.
3.7.0
Sys::Version
Main Package
Product BIG-IP
Version 13.1.1.3
Build 0.0.1
Edition Point Release 3
Date Wed Nov 28 18:50:45 PST 2018
Regex for pool name does not include dash character, which is a valid character.
Dash "-" is a valid character for F5 pool name, but is not included in regex.
{'code': 422,
'declarationFullId': '',
'errors': ['/POD31/lvsp31_pools: propertyName "BLAH-BLA_443" should match '
'pattern "^[A-Za-z][0-9A-Za-z_]{0,47}$"'],
'message': 'declaration is invalid'}
n/a
n/a
No source code is in this repository but there are references to source that should exist here
specifically the schema files
Source code would be available
It's not available, and this makes the documentation incorrect
Build 3 / version 3.5
Sys::Version
Main Package
Product BIG-IP
Version 13.1.0.8
Build 0.0.3
Edition Point Release 8
Date Sat Jun 16 00:03:03 PDT 2018
Attempting to deploy declaration containing a single application that has 2 pool members. When I deploy I receive an error 'declaration has duplicate values in members'. If I remove a single member the declaration deploys. I have tried different IPs for the pool members and receive same error. This declaration worked using version 3.4.
POST a declaration that contains a pool with more than 1 member
{
"action": "deploy",
"class": "AS3",
"declaration": {
"as3_lab": {
"class": "Tenant",
"bodgeit": {
"class": "Application",
"template": "generic",
"vs_bodgeit_443": {
"class": "Service_HTTPS",
"clientTLS": {
"bigip": "/Common/f5demo-serverssl"
},
"iRules": [
{
"bigip": "/Common/bodgeit-irule"
}
],
"persistenceMethods": [
{
"bigip": "/Common/f5demo-persist-cookie"
}
],
"policyWAF": {
"bigip": "/Common/bodgeit"
},
"pool": "vs_bodgeit_pool",
"profileHTTP": {
"bigip": "/Common/f5demo-http"
},
"profileMultiplex": {
"bigip": "/Common/f5demo-oneconnect"
},
"profileTCP": {
"egress": {
"bigip": "/Common/f5demo-tcp-wan"
},
"ingress": {
"bigip": "/Common/f5demo-tcp-lan"
}
},
"redirect80": true,
"serverTLS": {
"bigip": "/Common/san_cert"
},
"snat": "auto",
"virtualAddresses": [
"10.0.1.214"
],
"virtualPort": 443
},
"vs_bodgeit_pool": {
"class": "Pool",
"monitors":[
{ "bigip": "/Common/f5demo-http-head"}
],
"members": [{
"servicePort": 8080,
"serverAddresses": [
"10.128.20.12",
"10.128.20.11"
]
}]
}
}
},
"class": "ADC",
"id": "as3_lab",
"label": "as3_lab",
"remark": "This is a sample remark ",
"schemaVersion": "3.5.0"
},
"persist": true
}
Declaration should deploy successfully
Receive 500 error back.
{
"code": 500,
"declarationFullId": "",
"message": "declaration has duplicate values in members"
}
Please make AS3 validator available as a container. either independent or within the AS3 container.
that will make it a lot easier to use
Thanks
AS3 3.8.0 running in a container
Any supported version
When attempting to launch AS3 v3.8.0 from the Docker container (only), AS3 fails during start up. So while the container is functioning properly, there is no AS3 service or endpoints that are available. If you attempt to send a declaration to AS3 in the container, you receive a 404 “Public URI path not registered” error.
This only affects AS3 running in a Docker container and not the standalone AS3 v3.8.0. Additionally, the AS3 Container is currently Community Supported only and in the F5Devcentral organization on Docker Hub. It will move to the F5Networks organization when it is fully supported.
Launch AS3 v3.8.0 from the Docker Container, and then attempt to send a GET request to the info endpoint (for example).
AS3 3.8.0 is fully functional and returns AS3 version information.
You receive an error message similar to the following:
{"code":404,"message":"Public URI path not registered: /shared/appsvcs/info","restOperationId":994772,"errorStack":["com.f5.rest.common.RestWorkerUriNotFoundException: Public URI path not registered: /shared/appsvcs/info"
...}
If you are not relying on AS3 3.8.0 features, you can use the container with AS3 3.7.0. Run the same docker command and target 3.7.0 instead of "latest". For example:
docker run --name as3_container --rm -d -p 8443:443 -p 8080:80 f5devcentral/f5-as3-container:3.7.0
Application Services Extension Version 3.0.0
BIG-IP Versions 13.0 and higher
Symptom: You deploy a declaration with a pool with “monitors”: [ { “use”: “Monitor1” }] and a definition for “Monitor1”. If you remove both and then redeploy, the declaration fails.
Workaround: Deploy a declaration that entirely deletes the pool, then deploy a second declaration to re-introduce the pool without the declared monitor.
3.0.0 v34
Sys::Version
Main Package
Product BIG-IP
Version 13.1.0.6
Build 0.0.3
Edition Point Release 6
Date Fri Apr 20 18:04:26 PDT 2018
Nodes are created under their respective tenant/partition. This causes nodes with the same IP:port combination to conflict. Legacy iApps handled this by, typically, creating nodes in /Common. It does not appear to be possible to mimic this behavior with AS3.
In a true multi-tenant environment it is unlikely tenants will have awareness of nodes defined/created by other tenants.
POST example 7 followed by example 8 from the reference docs to the same BIG-IP.
Not immediately clear what the best way to handle this would be -- perhaps schema flexibility to allow node creation outside of tenant/partition and then referencing them inside the tenant declaration.
{
"status": 422,
"message": "declaration having id urn:uuid:773ff79d-6df8-4ea7-8ce3-06485202167e|Sample 8 is invalid",
"errors": [
"/Sample_08/A1/gce_pool/members: pool member /Sample_08/A1/gce_pool/members/0 static address 192.0.7.10 conflicts with bigip node /Sample_07/192.0.7.10"
],
"code": 422,
"declarationFullId": ""
}
f5-appsvcs (f5-appsvcs-3.2.0-7.noarch) | 3.2.0 | 7
Version | BIG-IP 12.1.2 Build 2.0.276 Hotfix HF2
The F5 AS3 documentation indicates there is a json schema available:
For example:
The JSON Schema document prescribes the syntax of an AS3 declaration (found in the file adc-schema.json in the /src/schema directory of the GitHub repository).
(Emphasis in original)
The Bolded filename and directory are not helpfully when I cannot find the GitHub repository that contains them. I have search F5Network Org in github, all of github, and google, and cannot find this schema file.
https://clouddocs.f5.com/products/extensions/f5-appsvcs-extension/3/refguide/as3-api.html
The request document may be a proper request (see as3-request-schema.json) or a ADC-only declaration (see adc-schema.json).
(Emphasis added)
Where can I find these files?
Click on the above links.
The documents linked above provide direct links to the json schema files, or are more descriptive of where to find them.
An unsatisfied F5 customer spends most of the day on a worthless Easter Egg hunt.
https://clouddocs.f5.com/products/extensions/f5-appsvcs-extension/3/userguide/as3-container.html
{
"class": "AS3",
"action": "deploy",
"targetHost": "192.0.2.76",
"targetPort": "8443"
"targetUsername": "admin",
"targetPassphrase": "admin",
"declaration": {
"class": "ADC",
"schemaVersion": "3.0.0",
...
}
}
AS3 Docker container reports that "targetPort" should be integer. Defined as string in documentation.
Use example config from documentation
Fix documentation to be integer, also a semi-colon is missing.
~$ curl -sku admin:admin -H "Content-Type: application/json" -X POST https://localhost:8443/mgmt/shared/appsvcs/declare --data-binary "@as3.json";
{"code":422,"message":"/targetPort: should be integer"}
6
Sys::Version
Main Package
Product BIG-IP
Version 12.1.3.3
Build 0.3.1
Edition Engineering Hotfix
Date Wed Mar 21 12:47:00 PDT 2018
Hotfix List
ID708653-3
When running the selftest from cURL, I get the the message "2 unexpected results"
curl -s -k --user admin:xxxxx --data '{}' -X POST "https://<hostname>/mgmt/shared/appsvcs/selftest"
[
{
"message": "2 unexpected results",
"selfTestRunTime": 43459
},
{
"name": "AS3_Basics_01",
"message": "Warning: test result did not match expected configuration",
"hash": "7231eca15c383cf212b5793ed00552d13e78471f95f6e2d880a229214526371c"
},
{
"name": "AS3_Basics_02",
"message": "Warning: test result did not match expected configuration",
"hash": "8a8d5228c4efe00a992026199495cc313f01f6359ec8ee4e1aa26218d018224b"
}
]
f5-appsvcs-3.7.0-7.noarch.rpm
# tmsh show sys version
Sys::Version
Main Package
Product BIG-IP
Version 14.1.0
Build 0.0.116
Edition Final
Date Wed Nov 14 18:41:56 PST 2018
Running the self-test fails:
curl -k -u "admin:XXX" -X POST -d @selftest.post https://localhost/mgmt/shared/appsvcs/selftest
[{"message":"2 unexpected results","selfTestRunTime":49087},{"name":"AS3_Basics_01","message":"Warning: test result did not match expected configuration","hash":"2524cc929521e7f981265cb52a33a25cd59cb94aeeba36a689521c3c225b490f"},{"name":"AS3_Basics_02","message":"Warning: test result did not match expected configuration","hash":"cddcd4ad20f45e82fcac2c70a2b0f2523422424897f4d9a9e6478ac289501a57"}]
See above
Attaching restnoded.log file
f5-appsvcs-3.6.0-5.noarch.rpm
Main Package
Product BIG-IP
Version 12.1.3
Build 0.0.378
Edition Final
For BIG-IP device with software version 12.1.x, a TCP profile (f5_tcp_progressive_12_1) should be automatically created for all application types which uses TCP protocol, but with current 3.5/3.6 RPM this profile would be generated only when the template type defined as as "http" or "https" in the declaration. For instance:
"{{application_name}}": {
"class": "Application",
"template": "generic",
Which won't generate the profile.
f5-appsvcs-3.6.0-5.noarch.rpm
The exiting Chain CA Cert couldn't be referenced in AS3 declaration. For instance:
"webcert": {
"class": "Certificate",
"certificate": {"bigip": "{{cert_name}}"},
"privateKey": {"bigip": "{{cert_key}}"},
"ChainCA": {"bigip": "{{chain_cert}}"},
.......
Where "chain_cert" refers to an existing chaining CA certificate, this declaration failed.
- Documentation Report
3.1.0-4
Product BIG-IP
Version 13.1.0.2
Build 0.0.6
Edition Point Release 2
Date Tue Jan 16 08:46:28 PST 2018
GET declare with show parameter always fails unless using a / after declare.
#Always fails
GET /mgmt/shared/appsvcs/declare?show=full
#Always works
GET /mgmt/shared/appsvcs/declare/?show=full
Documentation doesn't show a trailing slash after declare, is it supposed to?
GET /mgmt/shared/appsvcs/declare?show=full
Return AS3 definition, status 200.
{"code":400,"message":"invalid Tenant name \"show=full\""}
{
"version": "3.7.0",
"release": "7",
"schemaCurrent": "3.7.0",
"schemaMinimum": "3.0.0"
}
Sys::Version
Main Package
Product BIG-IP
Version 13.1.1.2
Build 0.0.4
Edition Point Release 2
Date Thu Oct 11 15:32:21 PDT 2018
when you do a deploy, then the subsequent deployment only adds "syncToGroup" nothing happens. Expected behavior is that a device sync would be triggered.
first declaration
{
"class": "AS3",
"action": "deploy",
"persist": true,
"declaration": {
"class": "ADC",
"schemaVersion": "3.2.0",
"id": "test",
"AS3Demo": {
"class": "Tenant",
"defaultRouteDomain": 0,
"DemoApplication": {
"class": "Application",
"template": "https",
"serviceMain": {
"class": "Service_HTTPS",
"remark": "Accepts HTTPS/TLS connections on port 443",
"clientTLS": {
"bigip": "/Common/serverssl"
},
"virtualAddresses": ["10.1.10.10"],
"redirect80": false,
"pool": "custom_ssl_pool",
"profileTCP": {
"egress": "wan",
"ingress": { "use": "TCP_Profile" } },
"profileHTTP": { "use": "custom_http_profile" },
"serverTLS": { "bigip": "/Common/clientssl" },
"persistenceMethods": [],
"policyWAF": {
"bigip": "/Common/asm-policy-linux-high-security_policy"
},
"securityLogProfiles": [{ "bigip":"/Common/Log all requests"}]
},
"plain_HTTP": {
"class": "Service_HTTP",
"remark": "Accepts HTTP connections on port 80",
"virtualAddresses": ["10.1.10.10"],
"pool": "custom_pool",
"profileTCP": {
"egress": "wan",
"ingress": { "use": "TCP_Profile" } },
"profileHTTP": { "use": "custom_http_profile" },
"policyEndpoint": "forward_policy"
},
"custom_pool": {
"class": "Pool",
"monitors": ["http"],
"members": [{
"servicePort": 8080,
"serverAddresses": ["192.168.128.11","192.168.128.12","192.168.128.13"]
}]
},
"special_pool": {
"class": "Pool",
"monitors": ["http"],
"members": [{
"servicePort": 8080,
"serverAddresses": ["192.168.128.14"]
}]
},
"custom_ssl_pool": {
"class": "Pool",
"monitors": ["https"],
"members": [ {
"serverAddresses": [
"192.168.128.14"
],
"servicePort": 8443
},
{
"serverAddresses": [
"192.168.128.15"
],
"servicePort": 8443
},
{
"serverAddresses": [
"192.168.128.16"
],
"servicePort": 8443
}]
},
"custom_http_profile": {
"class": "HTTP_Profile",
"xForwardedFor": true
},
"TCP_Profile": {
"class": "TCP_Profile",
"idleTimeout": 60 },
"forward_policy": {
"class": "Endpoint_Policy",
"rules": [{
"name": "forward_to_pool",
"conditions": [{
"type": "httpUri",
"path": {
"operand": "starts-with",
"values": ["/headers/"]
}
}],
"actions": [{
"type": "forward",
"event": "request",
"select": {
"pool": {
"use": "special_pool"
}
}
}]
},{
"name": "redirect_secure",
"conditions": [{
"type": "httpUri",
"path": {
"operand": "starts-with",
"values": ["/txt"]
}
}],
"actions": [{
"type": "httpRedirect",
"event": "request",
"location": "tcl:https://[getfield [HTTP::host] \":\" 1][HTTP::uri]"
}]
}]
}
}
}
}
}
this should trigger a sync
{
"class": "AS3",
"action": "deploy",
"persist": true,
"syncToGroup":"/Common/Sync",
"declaration": {
"class": "ADC",
"schemaVersion": "3.2.0",
"id": "test",
"AS3Demo": {
"class": "Tenant",
"defaultRouteDomain": 0,
"DemoApplication": {
"class": "Application",
"template": "https",
"serviceMain": {
"class": "Service_HTTPS",
"remark": "Accepts HTTPS/TLS connections on port 443",
"clientTLS": {
"bigip": "/Common/serverssl"
},
"virtualAddresses": ["10.1.10.10"],
"redirect80": false,
"pool": "custom_ssl_pool",
"profileTCP": {
"egress": "wan",
"ingress": { "use": "TCP_Profile" } },
"profileHTTP": { "use": "custom_http_profile" },
"serverTLS": { "bigip": "/Common/clientssl" },
"persistenceMethods": [],
"policyWAF": {
"bigip": "/Common/asm-policy-linux-high-security_policy"
},
"securityLogProfiles": [{ "bigip":"/Common/Log all requests"}]
},
"plain_HTTP": {
"class": "Service_HTTP",
"remark": "Accepts HTTP connections on port 80",
"virtualAddresses": ["10.1.10.10"],
"pool": "custom_pool",
"profileTCP": {
"egress": "wan",
"ingress": { "use": "TCP_Profile" } },
"profileHTTP": { "use": "custom_http_profile" },
"policyEndpoint": "forward_policy"
},
"custom_pool": {
"class": "Pool",
"monitors": ["http"],
"members": [{
"servicePort": 8080,
"serverAddresses": ["192.168.128.11","192.168.128.12","192.168.128.13"]
}]
},
"special_pool": {
"class": "Pool",
"monitors": ["http"],
"members": [{
"servicePort": 8080,
"serverAddresses": ["192.168.128.14"]
}]
},
"custom_ssl_pool": {
"class": "Pool",
"monitors": ["https"],
"members": [ {
"serverAddresses": [
"192.168.128.14"
],
"servicePort": 8443
},
{
"serverAddresses": [
"192.168.128.15"
],
"servicePort": 8443
},
{
"serverAddresses": [
"192.168.128.16"
],
"servicePort": 8443
}]
},
"custom_http_profile": {
"class": "HTTP_Profile",
"xForwardedFor": true
},
"TCP_Profile": {
"class": "TCP_Profile",
"idleTimeout": 60 },
"forward_policy": {
"class": "Endpoint_Policy",
"rules": [{
"name": "forward_to_pool",
"conditions": [{
"type": "httpUri",
"path": {
"operand": "starts-with",
"values": ["/headers/"]
}
}],
"actions": [{
"type": "forward",
"event": "request",
"select": {
"pool": {
"use": "special_pool"
}
}
}]
},{
"name": "redirect_secure",
"conditions": [{
"type": "httpUri",
"path": {
"operand": "starts-with",
"values": ["/txt"]
}
}],
"actions": [{
"type": "httpRedirect",
"event": "request",
"location": "tcl:https://[getfield [HTTP::host] \":\" 1][HTTP::uri]"
}]
}]
}
}
}
}
}
should sync
{
"results": [
{
"message": "no change",
"host": "localhost",
"tenant": "AS3Demo",
"runTime": 386,
"code": 200
}
],
"declaration": {
"AS3Demo": {
"class": "Tenant",
"defaultRouteDomain": 0,
"DemoApplication": {
"class": "Application",
"template": "https",
"serviceMain": {
"class": "Service_HTTPS",
"remark": "Accepts HTTPS/TLS connections on port 443",
"clientTLS": {
"bigip": "/Common/serverssl"
},
"virtualAddresses": [
"10.1.10.10"
],
"redirect80": false,
"pool": "custom_ssl_pool",
"profileTCP": {
"egress": "wan",
"ingress": {
"use": "TCP_Profile"
}
},
"profileHTTP": {
"use": "custom_http_profile"
},
"serverTLS": {
"bigip": "/Common/clientssl"
},
"persistenceMethods": [],
"policyWAF": {
"bigip": "/Common/asm-policy-linux-high-security_policy"
},
"securityLogProfiles": [
{
"bigip": "/Common/Log all requests"
}
]
},
"plain_HTTP": {
"class": "Service_HTTP",
"remark": "Accepts HTTP connections on port 80",
"virtualAddresses": [
"10.1.10.10"
],
"pool": "custom_pool",
"profileTCP": {
"egress": "wan",
"ingress": {
"use": "TCP_Profile"
}
},
"profileHTTP": {
"use": "custom_http_profile"
},
"policyEndpoint": "forward_policy"
},
"custom_pool": {
"class": "Pool",
"monitors": [
"http"
],
"members": [
{
"servicePort": 8080,
"serverAddresses": [
"192.168.128.11",
"192.168.128.12",
"192.168.128.13"
]
}
]
},
"special_pool": {
"class": "Pool",
"monitors": [
"http"
],
"members": [
{
"servicePort": 8080,
"serverAddresses": [
"192.168.128.14"
]
}
]
},
"custom_ssl_pool": {
"class": "Pool",
"monitors": [
"https"
],
"members": [
{
"serverAddresses": [
"192.168.128.14"
],
"servicePort": 8443
},
{
"serverAddresses": [
"192.168.128.15"
],
"servicePort": 8443
},
{
"serverAddresses": [
"192.168.128.16"
],
"servicePort": 8443
}
]
},
"custom_http_profile": {
"class": "HTTP_Profile",
"xForwardedFor": true
},
"TCP_Profile": {
"class": "TCP_Profile",
"idleTimeout": 60
},
"forward_policy": {
"class": "Endpoint_Policy",
"rules": [
{
"name": "forward_to_pool",
"conditions": [
{
"type": "httpUri",
"path": {
"operand": "starts-with",
"values": [
"/headers/"
]
}
}
],
"actions": [
{
"type": "forward",
"event": "request",
"select": {
"pool": {
"use": "special_pool"
}
}
}
]
},
{
"name": "redirect_secure",
"conditions": [
{
"type": "httpUri",
"path": {
"operand": "starts-with",
"values": [
"/txt"
]
}
}
],
"actions": [
{
"type": "httpRedirect",
"event": "request",
"location": "tcl:https://[getfield [HTTP::host] \":\" 1][HTTP::uri]"
}
]
}
]
}
}
},
"class": "ADC",
"schemaVersion": "3.2.0",
"id": "test",
"updateMode": "selective",
"controls": {
"archiveTimestamp": "2019-01-02T21:08:08.886Z"
}
}
}
All versions
All supported BIG-IP versions
REST queries to AS3 hang until cURL times out.
Reset the default Expect header with the cURL argument -H "Expect:"
All AS3 versions
BIG-IP versions prior to 12.1.2.2
Using Service Discovery with encryption does not work when using any AS3 version with BIG-IP versions prior to 12.1.2.2. Microsoft Azure always requires encryption whether on a local or remote BIG-IP, so Service Discovery will not work on versions prior to 12.1.2.2. For Amazon AWS and Google Cloud Platform, using Service Discovery on a BIG-IP not running in the cloud will fail on versions prior to 12.1.2.2.
Future
12.1+
Customer is looking to utilize the clone pool features of the virtual server. this would allow them to specify a declaration which contains sending traffic to other tools for IDS/IPS/ protocol inspections
I think this would be a schema update to support these Virtual Properties:
"clonePools": [
{
"name": "client_clone_pool",
"partition": "Common",
"context": "clientside",
"nameReference": {
"link": "https://localhost/mgmt/tm/ltm/pool/~Common~client_clone_pool?ver=13.1.0.8"
}
},
{
"name": "server_clone_pool",
"partition": "Common",
"context": "serverside",
"nameReference": {
"link": "https://localhost/mgmt/tm/ltm/pool/~Common~server_clone_pool?ver=13.1.0.8"
}
}
Full GET from VS with clone:
{
"kind": "tm:ltm:virtual:virtualstate",
"name": "clone_vs",
"fullPath": "clone_vs",
"generation": 20953,
"selfLink": "https://localhost/mgmt/tm/ltm/virtual/clone_vs?ver=13.1.0.8",
"addressStatus": "yes",
"autoLasthop": "default",
"cmpEnabled": "yes",
"connectionLimit": 0,
"destination": "/Common/42.42.42.42:42",
"enabled": true,
"gtmScore": 0,
"ipProtocol": "tcp",
"mask": "255.255.255.255",
"mirror": "disabled",
"mobileAppTunnel": "disabled",
"nat64": "disabled",
"rateLimit": "disabled",
"rateLimitDstMask": 0,
"rateLimitMode": "object",
"rateLimitSrcMask": 0,
"securityNatPolicy": {
"useDevicePolicy": "no",
"useRouteDomainPolicy": "no"
},
"serviceDownImmediateAction": "none",
"source": "0.0.0.0/0",
"sourceAddressTranslation": {
"type": "none"
},
"sourcePort": "preserve",
"synCookieStatus": "not-activated",
"throughputCapacity": 0,
"translateAddress": "enabled",
"translatePort": "enabled",
"vlansDisabled": true,
"vsIndex": 22,
"clonePools": [
{
"name": "client_clone_pool",
"partition": "Common",
"context": "clientside",
"nameReference": {
"link": "https://localhost/mgmt/tm/ltm/pool/~Common~client_clone_pool?ver=13.1.0.8"
}
},
{
"name": "server_clone_pool",
"partition": "Common",
"context": "serverside",
"nameReference": {
"link": "https://localhost/mgmt/tm/ltm/pool/~Common~server_clone_pool?ver=13.1.0.8"
}
}
],
"policiesReference": {
"link": "https://localhost/mgmt/tm/ltm/virtual/~Common~clone_vs/policies?ver=13.1.0.8",
"isSubcollection": true
},
"profilesReference": {
"link": "https://localhost/mgmt/tm/ltm/virtual/~Common~clone_vs/profiles?ver=13.1.0.8",
"isSubcollection": true
}
}
Feature Request to NA
Feature Request to NA
AS3 version 3.7.0
12.1.0 - 12.1.2
After installing AS3 3.7.0, if you attempt to upgrade your BIG-IP system, you may receive an error message in liveinstall.log stating the upgrade failed due to fatal error in calculating the md5sum.
info: md5sum: /config/cloud/as3/node_modules/@f5devcentral/f5-cloud-libs-azure/node_modules/har-validator/node_modules/ajv/lib/refs/\$data.json: No such file or directory
info: Fatal: executing: md5sum /config/cloud/as3/node_modules/@f5devcentral/f5-cloud-libs-azure/node_modules/har-validator/node_modules/ajv/lib/refs/\$data.json
info: Operation aborted.
info: /var/tmp/configsync.spec: Error creating package
info:
info: WARNING:There are error(s) during saving.
info: Not everything was saved.
info: Be very careful when using this saved file!
info:
info: Error creating package
info: Error during config save.
info: Unexpected Error: UCS saving process failed.
Manually delete the /config/cloud directory and attempt the upgrade again. AS3 recreates these files after the upgrade.
3.7.0-7
Sys::Version
Main Package
Product BIG-IP
Version 14.0.0.3
Build 0.0.4
Edition Point Release 3
Date Mon Oct 22 15:08:29 PDT 2018
A line feed character (decimal 10, hex 0A) in the .sha256 file causes the sha256sum check to fail.
sha256sum -c f5-appsvcs-3.7.0-7.noarch.rpm.sha256
Deleting the trailing line feed from the .sha256 file produces the correct result:
f5-appsvcs-3.7.0-7.noarch.rpm: OK
: No such file or directory-7.noarch.rpm
: FAILED open or readarch.rpm
sha256sum: WARNING: 1 of 1 listed file could not be read
All AS3 versions that include Service Discovery (1.7 and later)
N/A
If you are using AS3 to auto discover nodes in a cloud platform (AWS, Azure, GCP), and supply invalid credentials for the cloud provider in the declaration, the AS3 declaration still succeeds.
Ensure you use valid credentials for your cloud platform in your declaration.
f5-appsvcs-3.7.0-7.noarch
Sys::Version
Main Package
Product BIG-IP
Version 13.1.1
Build 0.0.4
Edition Final
Date Fri Jul 20 17:55:49 PDT 2018
unable to change a fqdn pool member
original payload
{
"class": "ADC",
"schemaVersion": "3.0.0",
"label": "autoscale_waf",
"id": "AUTOSCALE_WAF",
"remark": "Autoscale WAF",
"waf": {
"class": "Tenant",
"Shared": {
"class": "Application",
"template": "shared",
"serviceAddress": {
"class": "Service_Address",
"virtualAddress": "0.0.0.0"
},
"policyWAF": {
"class": "WAF_Policy",
"file": "/config/cloud/asm-policy-linux-high.xml"
}
},
"http": {
"class": "Application",
"template": "http",
"serviceMain": {
"class": "Service_HTTP",
"virtualAddresses": [
{
"use": "/waf/Shared/serviceAddress"
}
],
"serverTLS": {
"bigip": "/Common/example-clientssl-profile"
},
"snat": "auto",
"securityLogProfiles": [
{
"bigip": "/Common/Log illegal requests"
}
],
"pool": "pool",
"policyWAF": {
"use": "/waf/Shared/policyWAF"
},
"virtualPort": 443
},
"pool": {
"class": "Pool",
"monitors": [
"http"
],
"members": [
{
"autoPopulate": true,
"hostname": "www.example.com",
"servicePort": 80,
"addressDiscovery": "fqdn"
}
]
}
}
}
}
new payload:
{
"class": "ADC",
"schemaVersion": "3.0.0",
"label": "autoscale_waf",
"id": "AUTOSCALE_WAF",
"remark": "Autoscale WAF",
"waf": {
"class": "Tenant",
"Shared": {
"class": "Application",
"template": "shared",
"serviceAddress": {
"class": "Service_Address",
"virtualAddress": "0.0.0.0"
},
"policyWAF": {
"class": "WAF_Policy",
"file": "/config/cloud/asm-policy-linux-high.xml"
}
},
"http": {
"class": "Application",
"template": "https",
"serviceMain": {
"class": "Service_HTTPS",
"virtualAddresses": [
{
"use": "/waf/Shared/serviceAddress"
}
],
"serverTLS": {
"bigip": "/Common/example-clientssl-profile"
},
"snat": "auto",
"securityLogProfiles": [
{
"bigip": "/Common/Log illegal requests"
}
],
"pool": "pool",
"policyWAF": {
"use": "/waf/Shared/policyWAF"
},
"virtualPort": 443
},
"pool": {
"class": "Pool",
"monitors": [
"http"
],
"members": [
{
"autoPopulate": true,
"hostname": "ip-10-1-10-188.ec2.internal",
"servicePort": 80,
"addressDiscovery": "fqdn"
}
]
}
}
}
}
pool updated
{
"results": [
{
"message": "declaration failed",
"response": "01070110:3: Node address '/Common/_auto_93.184.216.34' is referenced by a member of pool '/waf/http/pool'.",
"code": 422,
"host": "localhost",
"tenant": "waf",
"runTime": 9509
}
],
"declaration": {
"waf": {
"class": "Tenant",
"Shared": {
"class": "Application",
"template": "shared",
"serviceAddress": {
"class": "Service_Address",
"virtualAddress": "0.0.0.0"
},
"policyWAF": {
"class": "WAF_Policy",
"file": "/config/cloud/asm-policy-linux-high.xml"
}
},
"http": {
"class": "Application",
"template": "https",
"serviceMain": {
"class": "Service_HTTPS",
"virtualAddresses": [
{
"use": "/waf/Shared/serviceAddress"
}
],
"serverTLS": {
"bigip": "/Common/example-clientssl-profile"
},
"snat": "auto",
"securityLogProfiles": [
{
"bigip": "/Common/Log illegal requests"
}
],
"pool": "pool",
"policyWAF": {
"use": "/waf/Shared/policyWAF"
},
"virtualPort": 443
},
"pool": {
"class": "Pool",
"monitors": [
"http"
],
"members": [
{
"autoPopulate": true,
"hostname": "www.example.com",
"servicePort": 80,
"addressDiscovery": "fqdn"
}
]
}
}
},
"class": "ADC",
"schemaVersion": "3.0.0",
"label": "autoscale_waf",
"id": "AUTOSCALE_WAF",
"remark": "Autoscale WAF",
"updateMode": "selective",
"controls": {
"archiveTimestamp": "2018-12-19T04:07:54.679Z"
}
},
"code": 422
}
Public Facing 3.6 Build 5
13.1.1 Build 0.0.4
Looking for Support of "gateway-icmp" on the server, we support the "generic host" type and it is recommended for generic host to use the icmp based health monitor.
Documentation Page 102: https://support.f5.com/content/kb/en-us/products/big-ip-dns/manuals/product/bigip-dns-implementations-13-1-0/_jcr_content/pdfAttach/download/file.res/BIG-IP_DNS__Implementations.pdf
Note: Tip: If the server is a BIG-IP system, use the bigip monitor. If the server is a generic host, consider
using the gateway_icmp monitor, because this monitor simply checks that the server responds to a
ping.
f5-appsvcs-3.2.0-7
Product BIG-IP
Version 12.1.2
Build 1.0.271
Edition Hotfix HF1
FQDN Pool members do not auto populate IPs at the pool level. The IPs only populate at the node level.
FQDN Pools appear to be undocumented at the moment
Prerequisite: A DNS entry that returns a list of IPs. In this case it's demo.development.svc.cluster.local
Example declaration:
{
"class": "ADC",
"schemaVersion": "3.2.0",
"id": "demo",
"label": "Demo",
"remark": "demo with FQDN pool",
"demo_tenant": {
"class": "Tenant",
"demo_app": {
"class": "Application",
"template": "http",
"serviceMain": {
"class": "Service_HTTP",
"virtualAddresses": [
"192.168.0.21"
],
"allowVlans": [
"internal",
"external"
],
"pool": "demo_pool",
"virtualPort": 80,
"persistenceMethods": [
"cookie"
],
"profileHTTP": "basic",
"layer4": "tcp",
"profileTCP": "normal",
"snat": "auto"
},
"demo_pool": {
"class": "Pool",
"members": [
{
"servicePort": 80,
"addressDiscovery": "fqdn",
"autoPopulate": true,
"hostname": "demo.development.svc.cluster.local"
}
]
}
},
"defaultRouteDomain": 0
}
}
Node list
FQDN
--
Address Type | IPv4
Auto Populate | Enabled
Interval | Use TTL
Down Interval | 5
Pool member
FQDN
--
Auto Populate | Enabled
Node list
FQDN
--
Address Type | IPv4
Auto Populate | Enabled
Interval | Use TTL
Down Interval | 5
Pool member
FQDN
--
Auto Populate | Disabled
Docker Container - v3.5.0
BIG-IP 14.0.0 Build 0.0.2187 Final
Using guide https://clouddocs.f5.com/products/extensions/f5-appsvcs-extension/3/refguide/as3-api.html#delete-ref, I'm missing a "delete single tennants" function using the Docker container.
I can delete all AS3 applications on a specific host using a POST request to "https://as3-container:8443/mgmt/shared/appsvcs/declare", but I cannot POST to "https://as3-container:8443/mgmt/shared/appsvcs/declare/<tennant>".
example declaration:
POST https://as3-container:8443/mgmt/shared/appsvcs/declare
{
"class": "AS3",
"action": "deploy",
"targetHost": "192.168.100.31",
"targetUsername": "as3-admin",
"targetPassphrase": "as3-admin",
"declaration": {
"class": "ADC",
"schemaVersion": "3.0.0",
"id": "container",
"label": "Sample 1 in a container",
"remark": "Simple HTTP application with RR pool",
"AS3_App_01": {
"class": "Tenant",
"VS_App01": {
"class": "Application",
"template": "http",
"serviceMain": {
"class": "Service_HTTP",
"virtualAddresses": [
"192.168.110.190"
],
"pool": "Pool_App01"
},
"Pool_App01": {
"class": "Pool",
"monitors": [
"http"
],
"members": [{
"servicePort": 80,
"serverAddresses": [
"192.168.120.71",
"192.168.120.72",
"192.168.120.73"
]
}]
}
}
}
}
}
Deleting this tennant could be done the following way:
POST https://as3-container:8443/mgmt/shared/appsvcs/declare/AS3_App_01
{
"class": "AS3",
"action": "remove",
"targetHost": "192.168.100.31",
"targetUsername": "as3-admin",
"targetPassphrase": "as3-admin"
}
Get a success message, which indicates the tennant has been removed.
Error message:
{
"code": 400,
"message": "method \"Post\" is currently not allowed on path /AS3_App_01"
}
Public Facing 3.6 Build 5
13.1.1 Build 0.0.4
GSLB Declaration does not change the monitor type if the monitor is changed. GSLB_Server users either "bigip" or "https" as monitor types. If you post a declaration with on style and switch to another the monitor will not change.
Post declaration with either no monitor (default bigip) or with https and try to swap with a new post
{
"class": "ADC",
"schemaVersion": "3.6.0",
"id": "Western_Union_GSLB_Sample",
"Common": {
"class": "Tenant",
"Shared": {
"class": "Application",
"template": "shared",
"AWS_West_1": {
"class": "GSLB_Data_Center",
"proberPreferred": "outside-datacenter"
},
"AWS_West_2": {
"class": "GSLB_Data_Center",
"proberPreferred": "outside-datacenter"
},
"BIGIPAWSWest1": {
"class": "GSLB_Server",
"serverType": "generic-host",
"monitors": [{
"bigip": "/Common/https"
}
],
"dataCenter": {
"use": "AWS_West_1"
},
"devices": [
{
"address": "2.2.2.2"
}
],
"virtualServers": [
{
"address": "2.2.2.2",
"port": 80,
"monitors": [{
"bigip": "/Common/http"
}
]
}
]
},
"BIGIPAWSWest2": {
"class": "GSLB_Server",
"serverType": "generic-host",
"monitors": [{
"bigip": "/Common/https"
}
],
"dataCenter": {
"use": "AWS_West_2"
},
"devices": [
{
"address": "3.3.3.3"
}
],
"virtualServers": [
{
"address": "3.3.3.3",
"port": 80,
"monitors": [{
"bigip": "/Common/http"
}
]
}
]
}
}
},
"Western_Union": {
"class": "Tenant",
"Application": {
"class": "Application",
"template": "generic",
"testDomain": {
"class": "GSLB_Domain",
"domainName": "Western-Union.f5",
"aliases": [
"aliases.Western-Union.f5*" ],
"resourceRecordType": "A",
"poolLbMode": "round-robin",
"pools": [
{ "use": "Western_Union_GSLB_Pool" }
]
},
"Western_Union_GSLB_Pool": {
"class": "GSLB_Pool",
"enabled": true,
"lbModeAlternate": "ratio",
"lbModeFallback": "ratio",
"manualResumeEnabled": true,
"verifyMemberEnabled": false,
"qosHitRatio": 10,
"qosHops": 11,
"qosKbps": 8,
"qosLinkCapacity": 35,
"qosPacketRate": 5,
"qosRoundTripTime": 75,
"qosTopology": 3,
"qosVirtualServerCapacity": 2,
"qosVirtualServerScore": 1,
"members": [
{
"ratio": 10,
"server": {
"use": "/Common/Shared/BIGIPAWSWest1"
},
"virtualServer": "0"
},
{
"ratio": 10,
"server": {
"use": "/Common/Shared/BIGIPAWSWest2"
},
"virtualServer": "0"
}
],
"bpsLimit": 5,
"bpsLimitEnabled": true,
"ppsLimit": 4,
"ppsLimitEnabled": true,
"connectionsLimit": 3,
"connectionsLimitEnabled": true,
"maxAnswersReturned": 10,
"monitors": [
{
"bigip": "/Common/https"
}
],
"resourceRecordType": "A",
"fallbackIP": "1.1.1.1"
}
}
}
}
Expected it to follow the declaration
Monitor type on the Server wasnt changed
Versions 3.0.0 and 3.1.0
All supported versions.
Issue: Declaration fails when deleting a Tenant
When attempting to DELETE an AS3 tenant on a BIG-IP with APM provisioned, you receive an Declaration Failed error stating a folder can’t be deleted because it contains configuration items. See article https://support.f5.com/csp/article/K42807763.
• Workaround: Repeating the AS3 declaration or directly deleting the Partition may solve the issue. For example, from the BIG-IP Configuration utility, select “Common” from the partition list in the upper right, then click Users > Partition List and then check the box for the partition you want to remove.
Upgrade to AS3 v3.2.0.
Workaround: Repeating the AS3 declaration or directly deleting the Partition may solve the issue. For example, from the BIG-IP Configuration utility, select “Common” from the partition list in the upper right, then click Users > Partition List and then check the box for the partition you want to remove.
f5-appsvcs-3.3.0-6.noarch
12.1.3.3
{
"status": 422,
"message": "declaration is invalid",
"errors": [
"/Common: should NOT have additional properties"
],
"code": 422,
"declarationFullId": ""
}
{
"class": "AS3",
"action": "deploy",
"persist": true,
"declaration": {
"class": "ADC",
"schemaVersion": "3.0.0",
"id": "urn:uuid:33045210-3ab8-4636-9b2a-c98122ab915d",
"label": "Sample 1",
"remark": "Simple HTTP Service with Round-Robin Load Balancing",
"Common": {
"A1": {
"class": "Application",
"template": "http",
"testervip": {
"class": "Service_HTTP",
"virtualAddresses": [
"10.0.1.10"
],
"pool": "testerpool"
},
"testerpool": {
"class": "Pool",
"monitors": [
"http"
],
"members": [
{
"servicePort": 80,
"serverAddresses": [
"192.0.1.10",
"192.0.1.11"
]
}
]
}
}
}
}
}
200
422
no existing SR
{
"version": "3.8.0",
"release": "3",
"schemaCurrent": "3.8.0",
"schemaMinimum": "3.0.0"
}
Sys::Version
Main Package
Product BIG-IP
Version 13.1.1.2
Build 0.0.4
Edition Point Release 2
Date Thu Oct 11 15:32:21 PDT 2018
when submitting a declaration that previously worked in 3.7 it fails in 3.8 with the error
Cannot read property 'forEach' of undefined
{
"class": "AS3",
"action": "deploy",
"persist": true,
"declaration": {
"class": "ADC",
"schemaVersion": "3.2.0",
"id": "test",
"AS3Demo": {
"class": "Tenant",
"defaultRouteDomain": 0,
"DemoApplication": {
"class": "Application",
"template": "https",
"serviceMain": {
"class": "Service_HTTPS",
"remark": "Accepts HTTPS/TLS connections on port 443",
"clientTLS": {
"bigip": "/Common/serverssl"
},
"virtualAddresses": ["10.1.10.10"],
"redirect80": false,
"pool": "custom_ssl_pool",
"profileTCP": {
"egress": "wan",
"ingress": { "use": "TCP_Profile" } },
"profileHTTP": { "use": "custom_http_profile" },
"serverTLS": { "bigip": "/Common/clientssl" },
"persistenceMethods": [],
"policyWAF": {
"bigip": "/Common/asm-policy-linux-high-security_policy"
},
"securityLogProfiles": [{ "bigip":"/Common/Log all requests"}]
},
"plain_HTTP": {
"class": "Service_HTTP",
"remark": "Accepts HTTP connections on port 80",
"virtualAddresses": ["10.1.10.10"],
"pool": "custom_pool",
"profileTCP": {
"egress": "wan",
"ingress": { "use": "TCP_Profile" } },
"profileHTTP": { "use": "custom_http_profile" },
"policyEndpoint": "forward_policy"
},
"custom_pool": {
"class": "Pool",
"monitors": ["http"],
"members": [{
"servicePort": 8080,
"serverAddresses": ["192.168.128.11","192.168.128.12","192.168.128.13"]
}]
},
"special_pool": {
"class": "Pool",
"monitors": ["http"],
"members": [{
"servicePort": 8080,
"serverAddresses": ["192.168.128.14"]
}]
},
"custom_ssl_pool": {
"class": "Pool",
"monitors": ["https"],
"members": [ {
"serverAddresses": [
"192.168.128.14"
],
"servicePort": 8443
},
{
"serverAddresses": [
"192.168.128.15"
],
"servicePort": 8443
},
{
"serverAddresses": [
"192.168.128.16"
],
"servicePort": 8443
}]
},
"custom_http_profile": {
"class": "HTTP_Profile",
"xForwardedFor": true
},
"TCP_Profile": {
"class": "TCP_Profile",
"idleTimeout": 60 },
"forward_policy": {
"class": "Endpoint_Policy",
"rules": [{
"name": "forward_to_pool",
"conditions": [{
"type": "httpUri",
"path": {
"operand": "starts-with",
"values": ["/headers/"]
}
}],
"actions": [{
"type": "forward",
"event": "request",
"select": {
"pool": {
"use": "special_pool"
}
}
}]
},{
"name": "redirect_secure",
"conditions": [{
"type": "httpUri",
"path": {
"operand": "starts-with",
"values": ["/txt"]
}
}],
"actions": [{
"type": "httpRedirect",
"event": "request",
"location": "tcl:https://[getfield [HTTP::host] \":\" 1][HTTP::uri]"
}]
}]
}
}
}
}
}
not error
error
{
"code": 500,
"declarationFullId": "test",
"message": "Cannot read property 'forEach' of undefined"
}
f5-appsvcs-3.4.0-2
Product BIG-IP
Version 13.1.1
Build 0.0.4
Edition Final
When declaring a VS while using a **TLS_Client** without a **clientCertificate** defined, AS3 will emit an "Cannot read property 'replace' of undefined" error and code of 422. According to [the documentation](https://clouddocs.f5.com/products/extensions/f5-appsvcs-extension/3/refguide/schema-reference.html#tls-client), this parameter is supposed to be optional. Additionally, the error does not indicate what the problem actually is.
POST the following to /mgmt/shared/appsvcs/declare
{
"class": "AS3",
"action": "deploy",
"persist": true,
"declaration": {
"class": "ADC",
"schemaVersion": "3.0.0",
"id": "Sample_04",
"label": "Sample_04",
"remark": "HTTPS with round-robin pool",
"Sample_04": {
"class": "Tenant",
"A1_01": {
"class": "Application",
"template": "https",
"serviceMain": {
"class": "Service_HTTPS",
"virtualAddresses": [
"10.0.2.13"
],
"pool": "web_pool",
"profileHTTP": "basic",
"serverTLS": {
"bigip": "/Common/clientssl"
},
"clientTLS": "clienttls"
},
"web_pool": {
"class": "Pool",
"loadBalancingMode": "round-robin",
"members": [
{
"servicePort": 84,
"serverAddresses": [
"10.0.3.6"
]
}
]
},
"clienttls": {
"class": "TLS_Client",
"label": "A1_01: clienttls",
"remark": " ",
"sendSNI": "none",
"ciphers": "DEFAULT",
"serverName": "none",
"validateCertificate": false,
"trustCA": "generic",
"ignoreExpired": false,
"ignoreUntrusted": false,
"sessionTickets": false
},
"webcert": {
"class": "Certificate",
"label": "A1_01: webcert",
"remark": "in practice using a passphrase is recommended",
"certificate": "-----BEGIN CERTIFICATE-----\nMIICnDCCAgWgAwIBAgIJAJ5n2b0OCEjwMA0GCSqGSIb3DQEBCwUAMGcxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRQwEgYDVQQKDAtmNV9OZXR3b3JrczEbMBkGA1UEAwwSc2FtcGxlLmV4YW1wbGUubmV0MB4XDTE3MTEyNjE5NTAyNFoXDTE4MDIyNTE5NTAyNFowZzELMAkGA1UEBhMCVVMxEzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFDASBgNVBAoMC2Y1X05ldHdvcmtzMRswGQYDVQQDDBJzYW1wbGUuZXhhbXBsZS5uZXQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALEsuXmSXVQpYjrZPW+WiTBjn491mwZYT7Q92V1HlSBtM6WdWlK1aZN5sovfKtOX7Yrm8xa+e4o/zJ2QYLyyv5O+t2EGN/4qUEjEAPY9mwJdfzRQy6Hyzm84J0QkTuUJ/EjNuPji3D0QJRALUTzu1UqqDCEtiN9OGyXEkh7uvb7BAgMBAAGjUDBOMB0GA1UdDgQWBBSVHPNrGWrjWyZvckQxFYWO59FRFjAfBgNVHSMEGDAWgBSVHPNrGWrjWyZvckQxFYWO59FRFjAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBCwUAA4GBAJeJ9SEckEwPhkXOm+IuqfbUS/RcziifBCTmVyE+Fa/j9pKSYTgiEBNdbJeBEa+gPMlQtbV7Y2dy8TKx/8axVBHiXC5geDML7caxOrAyHYBpnx690xJTh5OIORBBM/a/NvaR+P3CoVebr/NPRh9oRNxnntnqvqD7SW0U3ZPe3tJc\n-----END CERTIFICATE-----",
"privateKey": "-----BEGIN RSA PRIVATE KEY-----\nProc-Type: 4,ENCRYPTED\nDEK-Info: AES-256-CBC,D8FFCE6B255601587CB54EC29B737D31\n\nkv4Fc3Jn0Ujkj0yRjt+gQQfBLSNF2aRLUENXnlr7Xpzqu0Ahr3jS1bAAnd8IWnsR\nyILqVmKsYF2DoHh0tWiEAQ7/y/fe5DTFhK7N4Wml6kp2yVMkP6KC4ssyYPw27kjK\nDBwBZ5O8Ioej08A5sgsLCmglbmtSPHJUn14pQnMTmLOpEtOsu6S+2ibPgSNpdg0b\nCAJNG/KHe+Vkx59qNDyDeKb7FZOlsX30+y67zUq9GQqJEDuysPJ2BUNP0IJXAjst\nFIt1qNoZew+5KDYs7u/lPxcMGTirUhgI84Jy4WcDvSOsP/tKlxj04TbIE3epmSKy\n+TihHkwY7ngIGtcm3Sfqk5jz2RXoj1/Ac3SW8kVTYaOUogBhn7zAq4Wju6Et4hQG\nRGapsJp1aCeZ/a4RCDTxspcKoMaRa97/URQb0hBRGx3DGUhzpmX9zl7JI2Xa5D3R\nmdBXtjLKYJTdIMdd27prBEKhMUpae2rz5Mw4J907wZeBq/wu+zp8LAnecfTe2nGY\nE32x1U7gSEdYOGqnwxsOexb1jKgCa67Nw9TmcMPV8zmH7R9qdvgxAbAtwBl1F9OS\nfcGaC7epf1AjJLtaX7krWmzgASHl28Ynh9lmGMdv+5QYMZvKG0LOg/n3m8uJ6sKy\nIzzvaJswwn0j5P5+czyoV5CvvdCfKnNb+3jUEN8I0PPwjBGKr4B1ojwhogTM248V\nHR69D6TxFVMfGpyJhCPkbGEGbpEpcffpgKuC/mEtMqyDQXJNaV5HO6HgAJ9F1P6v\n5ehHHTMRvzCCFiwndHdlMXUjqSNjww6me6dr6LiAPbejdzhL2vWx1YqebOcwQx3G\n-----END RSA PRIVATE KEY-----",
"passphrase": {
"ciphertext": "ZjVmNQ==",
"protected": "eyJhbGciOiJkaXIiLCJlbmMiOiJub25lIn0",
"ignoreChanges": true,
"miniJWE": true,
"allowReuse": false
},
"chainCA": "-----BEGIN CERTIFICATE-----\nMIID9TCCAt2gAwIBAgIJALxQA/NW2bpRMA0GCSqGSIb3DQEBCwUAMIGQMQswCQYDVQQGEwJVUzETMBEGA1UECAwKV2FzaGluZ3RvbjEQMA4GA1UEBwwHU2VhdHRsZTELMAkGA1UECgwCRjUxDTALBgNVBAsMBFRlc3QxFzAVBgNVBAMMDnRlc3RfQ0FfYnVuZGxlMSUwIwYJKoZIhvcNAQkBFhZzb21lYm9keUBzb21ld2hlcmUub3JnMB4XDTE4MDIyNzE5MjEyNVoXDTE4MDMyOTE5MjEyNVowgZAxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMQswCQYDVQQKDAJGNTENMAsGA1UECwwEVGVzdDEXMBUGA1UEAwwOdGVzdF9DQV9idW5kbGUxJTAjBgkqhkiG9w0BCQEWFnNvbWVib2R5QHNvbWV3aGVyZS5vcmcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCjhUZmbwwuMMFTNic73t0mfJ/pyM3BnEs0riv6lbrF5znFKBlAM2pxWBfkQvr92gUwitij7BqMagnR26/C7GcJJNJQGNK482vgSPhUpGeN0t4W71Dv5SpwJN+0do6gV0eXPwvcgA/XZxXqZAePwXTp36YMrNTgw49OWZpHoNXfYCZ+1KUL032RdQ/Ik2wO/UwV0csL1Rwuu2L8/NI9VtrThCAr8dsMsDJ53jDh7xQdP3K2V9NYtAHk66697kk7TpzR1moqTJxSVaPKo2eDuKNke1BRbjYWoamu0hfC5YG6l5P9i8QaVklbtmDcmoLpU9fLVSSW6CWHkrtdifQiCOChAgMBAAGjUDBOMB0GA1UdDgQWBBRv7/Q0VoBgDYzgJOKLz4GsgXP27zAfBgNVHSMEGDAWgBRv7/Q0VoBgDYzgJOKLz4GsgXP27zAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQA9r6+6hGVlQ188l+wLFJ1wI83y27BdtE0ZsZGdFv98qi9kcUm17Z0tprEwypODZ1/syt9b1JhD4RgU30qwgeF4kec8UpoG49UkQImRD3AqfsiYSdjZeBpcpEl3n8lkjKGoVY7GB2lMGoWDxv/1A0CSjVTmWgQSFGHoMtzOW1tCr9yGXVEdy691l7PVC1kK5ekwkO8YbSO6hvV/u83KuUiGcIoY1PIzAK301i9YXWUNxybIVfHregoQ11QzjhfdfpOLBTtW1B4QZqZz8qFGIr1remmQK3ljEcct9bWjMLOx2QYMvk6uRFzh+V5L2UnhldNy5wQYMXRDz6SU3LdTJ2OA\n-----END CERTIFICATE-----"
}
}
}
}
}
status of "success" returned
status of "Cannot read property 'replace' of undefined" returned
"results": [
{
"message": "Cannot read property 'replace' of undefined",
"host": "localhost",
"tenant": "Sample_04",
"code": 422
}
]
All versions
All supported versions
You deploy a declaration with a pool, such as “monitors”: [ { “use”: “Monitor1” }]
and a definition for Monitor1. If you remove both and then redeploy, the declaration fails.
Deploy a declaration that entirely deletes the pool, then deploy a second declaration to re-introduce the pool without the declared monitor.
3.3
n/a
the AS3 documentation shows no indication that existing APM policies can be attached in an AS3 declaration. Appendix C: Declaration using all AS3 Properties does not show any command how to integrate an APM policy.
https://clouddocs.f5.com/products/extensions/f5-appsvcs-extension/3/refguide/all-properties.html
For bugs, show exactly how to reproduce the problem.
For new features, show how the feature would be used.
-->
<!--- Paste example declarations between quotes below -->
f5-appsvcs-3.0.0-34.noarch.rpm
Sys::Version
Main Package
Product BIG-IP
Version 13.1.0.6
Build 0.0.3
Edition Point Release 6
Date Fri Apr 20 18:04:26 PDT 2018
NOTE: this is a VE with 1 core and 2GB RAM (perhaps declaration history is keyed to resources?)
Documentation states a declaration history of 16 declarations (0-15) is kept. AS3 only keeps a history of 4 declarations.
POST 4 declarations and note the output of a GET to https://{{bigip}}/mgmt/shared/appsvcs/declare?age=list
[
{
"name": "____appsvcs_declaration-1525273534246",
"timestamp": 1525273534246,
"date": "2018-05-02T15:05:34.246Z",
"age": 0
},
{
"name": "____appsvcs_declaration-1525273530784",
"timestamp": 1525273530784,
"date": "2018-05-02T15:05:30.784Z",
"age": 1
},
{
"name": "____appsvcs_declaration-1525273527654",
"timestamp": 1525273527654,
"date": "2018-05-02T15:05:27.654Z",
"age": 2
},
{
"name": "____appsvcs_declaration-1525273520317",
"timestamp": 1525273520317,
"date": "2018-05-02T15:05:20.317Z",
"age": 3
}
]
Now POST a 5th declaration and note the output of https://{{bigip}}/mgmt/shared/appsvcs/declare?age=list.
[
{
"name": "____appsvcs_declaration-1525273591802",
"timestamp": 1525273591802,
"date": "2018-05-02T15:06:31.802Z",
"age": 0
},
{
"name": "____appsvcs_declaration-1525273534246",
"timestamp": 1525273534246,
"date": "2018-05-02T15:05:34.246Z",
"age": 1
},
{
"name": "____appsvcs_declaration-1525273530784",
"timestamp": 1525273530784,
"date": "2018-05-02T15:05:30.784Z",
"age": 2
},
{
"name": "____appsvcs_declaration-1525273527654",
"timestamp": 1525273527654,
"date": "2018-05-02T15:05:27.654Z",
"age": 3
}
]
Checking the output of https://{{bigip}}/mgmt/shared/appsvcs/declare shows the 5th declaration is present -- its just not displayed in the history.
Declaration history of 16 entries with ages from 0-15 to be present.
Declaration history was limited to 4 entries (0-3).
All versions
All supported versions
After using the DELETE method to remove an AS3 configuration, you are unable to access the BIG-IP configuration utility. In your browser window, you see only a gray screen with a dark gray bar.
Use one of the following workarounds:
bigstart restart tomcat
.Update the "AS3 BUILD/ VERSION" in the Issue template to suggest retrieving the AS3 RPM version.
3.7
13.1
I'm working on a customers's project for SSH Proxy automation. Regarding SSH Proxy the schema contains no declaration for SSH Proxy Profile and assignment to Virtual (just Proxy Logging Profile is available).
Currently we have to use the Ansible bigip_command module to work around but we like to use a full declaration using AS3.
Please include SSH Proxy in the next version.
Documentation Report
f5-appsvcs-3.1.0-4.noarch.rpm
13.1.0.7
Example 9 declaration in appendix B is missing servicePort for gce_pool. As a result, the POST fails.
Run example 9 as is. It will fail.
Push example 9 declaration successfully
error in API response stating that servicePort is missing
Workaround
--snippet--
"gce_pool": {
"class": "Pool",
"monitors": [
"http"
],
"members": [
{
"servicePort": 80, <<<<<<<< add this line
"serverAddresses": [
"192.0.7.10",
"192.0.7.11"
]
}
3.5.0-3
BIG-IP 13.1.1 Build 0.0.4 Final
The JSON parser does not appear to respect line breaks "\n" in multi line iRules
This is important because TCL syntax is line break aware
POST this example declaration with a mutli-line iRule
{
"class": "AS3",
"action": "deploy",
"syncToGroup": "/Common/Sync-Failover",
"declaration": {
"class": "ADC",
"schemaVersion": "3.5.0",
"id": "error-codes",
"label": "iRules and pools for http status",
"test_tenant": {
"class": "Tenant",
"shared_app": {
"class": "Application",
"template": "shared",
"test_irule": {
"class": "iRule",
"iRule": "# 503 for service unavailable\nif {[active_members [LB::server pool]] < 1} {\n if {[HTTP::path] eq \"/robots.txt\"} {\n HTTP::respond 200 content \"<html><head><title></title></head><body>User-agent:*<br>Disallow:/<p></body></html>\"\n }\n else {\n HTTP::respond 503 content [ifile get 503.html] \"Content-Type\" \"text/html\"\n }\n}\n"
}
}
}
}
}
message: success
host: localhost
tenant: test_tenant
code: 200
"results": [
{
"message": "declaration failed",
"response": "[active_members unknown property",
"code": 422,
"host": "localhost",
"tenant": "test_tenant",
"runTime": 1527
}
...
3.2.0
12.1 only
On BIG-IP 12.1 with ASM provisioned, any WAF policy imported by AS3 must only be deleted when the AS3 Tenant is deleted. If it is removed from the declaration prior to removing the Tenant, a subsequent operation to delete the Tenant may fail
Deploy a declaration that imports a WAF policy. Remove the WAF policy from the declaration and redeploy. Then try to delete the tenant. Deleting the tenant may fail.
Delete the entire Tenant, and then post back the configuration you wanted without the WAF policy
~$ curl -k https://localhost:8443/mgmt/shared/appsvcs/info
{"version":"3.5.0","release":"3","schemaCurrent":"3.5.0","schemaMinimum":"3.0.0"}
Sys::Version
Main Package
Product BIG-IP
Version 13.1.1.2
Build 0.0.4
Edition Point Release 2
Date Thu Oct 11 15:32:21 PDT 2018
Using the AS3 in a Docker container accessing a BIG-IP in AWS fails with the management port listening on port 8443. AS3 tries to connect to port 443.
{
"class": "AS3",
"action": "deploy",
"persist": true,
"targetHost": "MGMT-IP",
"targetPort": 8443,
"targetUsername": "XXX",
"targetPassphrase": "XXX",
"declaration": {
"class": "ADC",
"schemaVersion": "3.5.0",
...
Should connect to port 8443 as configured in the json file.
~$ curl -sku admin:admin -H "Content-Type: application/json" -X POST https://localhost:8443/mgmt/shared/appsvcs/declare --data-binary "@as3.json";
{"code":500,"declarationFullId":"","message":"cannot contact xx.xx.xx.xx (GET https://xx.xx.xx.xx:443/mgmt/shared/echo failed (connect ECONNREFUSED xx.xx.xx.xx:443))"}
f5-appsvcs-3.0.0-34.noarch.rpm
Sys::Version
Main Package
Product BIG-IP
Version 13.1.0.6
Build 0.0.3
Edition Point Release 6
Date Fri Apr 20 18:04:26 PDT 2018
DELETE method doesn't recognize the "tenants" query parameter as described in the documentation.
DELETE https://192.0.2.10/mgmt/shared/appsvcs/declare?tenants=T1,T2,T5
removes Tenants T1, T2, and T5 leaving the rest of the most recent declared configuration for localhost in place (assuming there are other Tenants, such as T3 and T4).
You can also remove declarations or particular Tenants using POST instead of DELETE. You must POST a request document with action=remove and a suitable declaration. For localhost, we recommend using DELETE to remove declarations.
send DELETE to https://{{bigip}}/mgmt/shared/appsvcs/declare?tenants=Sample_03,Sample_04,Sample_05 where the example tenants exist.
Tenants specified in the query parameter are deleted.
{
"code": 400,
"message": "unrecognized URL query parameter 'tenants'"
}
3.7
13.1.1
service discovery gets stuck and stops working.
when using the example posted here:
https://clouddocs.f5.com/products/extensions/f5-appsvcs-extension/latest/declarations/discovery.html
the example for AWS service discovery has both static members and is using the service discovery.
when posting this declaration it works, meaning i see both the static members and the ones discovered by the service discovery.
then, if i delete the static ones from the declaration, it doesn't populate any members.
even if i post the same declaration now with the static members it won't populate the dynamic ones.
i can fix it by completely removing the pool from the declaration and posting it. then send another declaration with just the service discovery.
example of first declaration (with both static and service discovery)
{
"class": "ADC",
"schemaVersion": "3.7.0",
"id": "5489432",
"label": "ASM_policy_external_URL",
"remark": "ASM_policy_external_URL",
"controls": {
"class": "Controls",
"trace": true,
"logLevel": "debug"
},
"Sample_sec_02": {
"class": "Tenant",
"HTTP_Service": {
"class": "Application",
"template": "http",
"serviceMain": {
"class": "Service_HTTP",
"virtualAddresses": [
"192.0.10.107"
],
"snat": "auto",
"pool": "web_pool",
"policyWAF": {
"use": "My_ASM_Policy"
}
},
"web_pool": {
"class": "Pool",
"monitors": [
"http"
],
"members": [
{
"servicePort": 80,
"addressDiscovery": "aws",
"updateInterval": 1,
"tagKey": "aws:autoscaling:groupName",
"tagValue": "rosenbo-App10-master-app-appAutoscaleGroup-1HC0ALV8ZIFQ5",
"addressRealm": "private",
"region": "us-west-2"
},
{
"enable": true,
"servicePort": 443,
"serverAddresses": [
"192.0.2.7",
"192.0.2.8"
]
}
]
},
"My_ASM_Policy": {
"class": "WAF_Policy",
"url": "https://raw.githubusercontent.com/F5-use-cases/f5-rs-waf/master/roles/waf_policies/files/waf_policies/owasptop10-v01.xml",
"ignoreChanges": true
}
}
}
}
example of declaration with just the service discovery (works fine if used on a clean bigip, fails to populate members if used after the previous declaration)
{
"class": "ADC",
"schemaVersion": "3.7.0",
"id": "5489432",
"label": "ASM_policy_external_URL",
"remark": "ASM_policy_external_URL",
"controls": {
"class": "Controls",
"trace": true,
"logLevel": "debug"
},
"Sample_sec_02": {
"class": "Tenant",
"HTTP_Service": {
"class": "Application",
"template": "http",
"serviceMain": {
"class": "Service_HTTP",
"virtualAddresses": [
"192.0.10.107"
],
"snat": "auto",
"pool": "web_pool",
"policyWAF": {
"use": "My_ASM_Policy"
}
},
"web_pool": {
"class": "Pool",
"monitors": [
"http"
],
"members": [
{
"servicePort": 80,
"addressDiscovery": "aws",
"updateInterval": 1,
"tagKey": "aws:autoscaling:groupName",
"tagValue": "rosenbo-App10-master-app-appAutoscaleGroup-1HC0ALV8ZIFQ5",
"addressRealm": "private",
"region": "us-west-2"
}
]
},
"My_ASM_Policy": {
"class": "WAF_Policy",
"url": "https://raw.githubusercontent.com/F5-use-cases/f5-rs-waf/master/roles/waf_policies/files/waf_policies/owasptop10-v01.xml",
"ignoreChanges": true
}
}
}
}
discover members
didn't discover members
AS3 v3.3.0
All supported BIG-IP versions
When sending a POST request to the declare endpoint using a declaration that results in modifications to an existing pool, AS3 attempts to create the pool instead of applying the modification. Upgrading from 3.2.0 to 3.3.0 triggers a modification to pools to add auto-discovery related metadata.
A POST request to the declare endpoint results in a 422 status code response containing a message about a pool already existing. Example message: “The requested Pool (/AS3/https_waf/pool) already exists in partition AS3”.
Delete the tenant through the declare endpoint, and retry the POST request that generated the error.
3.0.0-34
13.1.0.6
http://clouddocs.f5.com/products/extensions/f5-appsvcs-extension/3/userguide/self-test.html mentions that running selftest uses stuff in located in /var/config/rest/iapps/appsvcs/selftest. That folder doesn't exist on my F5. I show this...
[admin@jgf5-v13-1:Active:Standalone] selftest # pwd
/var/config/rest/iapps/f5-appsvcs/selftest
The difference being that appsvcs has f5- as a prefix.
n/a
update folder path
n/a
Github Issues are consistently monitored by F5 staff, but should be considered as best effort only and you should not expect to receive the same level of response as provided by F5 Support. Please open an case with F5 if this is a critical issue.
f5-appsvcs-3.7.0-7.noarch
BIG-IP | 13.1.1 | 0.0.4
Unable to create a custom HTTP profile, get error: {"code":422,"declarationFullId":"","message":"declaration is invalid","errors":["/Stage/A1/myVS3/profileHTTP: should be equal to one of the allowed values [\"basic\"]"]}
"myVS3": {
"class": "Service_HTTP",
"virtualAddresses": [
"10.0.2.13"
],
"pool": "web_pool",
"iRules": [
{ "bigip": "/Common/local_irule" }
],
"virtualPort": 80,
"persistenceMethods": [
"cookie"
],
"profileHTTP": "custom_http_profile",
"layer4": "tcp",
"profileTCP": "normal",
"enable": true,
"maxConnections": 0,
"snat": "auto",
"addressStatus": true,
"mirroring": "none",
"lastHop": "default",
"translateClientPort": false,
"translateServerAddress": true,
"translateServerPort": true
},
"custom_http_profile": { "class": "HTTP_Profile", "knownMethods": [ "CONNECT","DELETE","HEAD","POST","PUT" ] },
Should be able to use the custom HTTP profile that is defined, but error says that only basic is supported. Is that really the case, that basic is only supported or is there a syntax error on my part?
{"code":422,"declarationFullId":"","message":"declaration is invalid","errors":["/Stage/A1/myVS3/profileHTTP: should be equal to one of the allowed values [\"basic\"]"]}
ISSUE TYPE
Bug Report
AS3 BUILD/ VERSION
f5-appsvcs-3.5
BIGIP VERSION
BIG-IP 13.1.1.0.0.4
SUMMARY
Error on self test:
Reported by:
@malbertus
@ColinHeathman
From this issue 23
See details below
STEPS TO REPRODUCE
Restart restnoded
tmsh restart /sys service restnoded
POST to https://{{host}}/mgmt/shared/appsvcs/selftest using a service account (not admin)
EXPECTED RESULTS
Self test suite passes
ACTUAL RESULTS
{"message":"POST http://admin:XXXXXX@localhost:8100/mgmt/shared/appsvcs/declare submit tests response=503 body={\"code\":503,\"declarationFullId\":\"\",\"message\":\"Device localhost configuration operation in progress for (urn:uuid:5cff22e8-d3d1-6056-8577-b0b193f812eb), please try again in 2 minutes\"}","level":"error"}
Reported by @malbertus From this issue 23:
I'm having a similar issue, though now it's
urn:uuid:5cff22e8-d3d1-6056-8577-b0b193f812eb
causing the 500 response instead ofTEST_AS3_Basics
. Coincidentally, this is the ID given to the Declaration Using All Properties appendix so I assume that the intent is to create and delete this declaration after posting to the selftest api.Problem seems to be how long it takes to create and delete this selftest declaration as the 500 response is given 60 seconds after initial POST, yet the declaration appears to be created and deleted successfully a few seconds after the timeout, which suggests the selftest passes.
This is with 3.5
Mon, 22 Oct 2018 06:09:53 GMT - fine: [appsvcs] {"message":"probe target 'localhost'","level":"debug"} Mon, 22 Oct 2018 06:09:53 GMT - fine: [appsvcs] {"message":"found F5 device at http://admin:@localhost:8100 port 8100","level":"debug"} Mon, 22 Oct 2018 06:09:53 GMT - info: [appsvcs] {"message":"modules provisioned: ltm","level":"info"} Mon, 22 Oct 2018 06:09:53 GMT - info: [appsvcs] {"message":"target device is BIG-IP version 13.1.1.0.0.4","level":"info"} Mon, 22 Oct 2018 06:09:54 GMT - info: [appsvcs] {"message":"cloud libraries installed: true","level":"info"} Mon, 22 Oct 2018 06:09:54 GMT - fine: [appsvcs] {"message":"got transaction lock; fetch previous decl","level":"debug"} Mon, 22 Oct 2018 06:09:54 GMT - fine: [appsvcs] {"message":"did not get age 0 declaration","level":"debug"} Mon, 22 Oct 2018 06:09:54 GMT - fine: [appsvcs] {"message":"found no stored declaration","level":"debug"} Mon, 22 Oct 2018 06:09:54 GMT - fine: [appsvcs] {"message":"validating declaration having id urn:uuid:5cff22e8-d3d1-6056-8577-b0b193f812eb|AS3_Basics","level":"debug"} <SNIP> Mon, 22 Oct 2018 06:10:55 GMT - info: [appsvcs] {"message":"Error: Device localhost configuration operation in progress for (urn:uuid:5cff22e8-d3d1-6056-8577-b0b193f812eb), please try again in 2 minutes","stack":["Error: Device localhost configuration operation in progress for (urn:uuid:5cff22e8-d3d1-6056-8577-b0b193f812eb), please try again in 2 minutes","/var/config/rest/iapps/f5-appsvcs/nodejs/declarationRequestHandler.js:1389:37","process._tickCallback (node.js:438:9)"],"level":"info"} Mon, 22 Oct 2018 06:10:55 GMT - severe: [appsvcs] {"message":"POST http://admin:XXXXXX@localhost:8100/mgmt/shared/appsvcs/declare submit tests response=503 body={\"code\":503,\"declarationFullId\":\"\",\"message\":\"Device localhost configuration operation in progress for (urn:uuid:5cff22e8-d3d1-6056-8577-b0b193f812eb), please try again in 2 minutes\"}","level":"error"} Mon, 22 Oct 2018 06:10:55 GMT - severe: [ErrorHandlingModule] RestOperation failed: "/shared/appsvcs/selftest". {"error":{"code":500,"message":"POST http://admin:XXXXXX@localhost:8100/mgmt/shared/appsvcs/declare submit tests response=503 body={\"code\":503,\"declarationFullId\":\"\",\"message\":\"Device localhost configuration operation in progress for (urn:uuid:5cff22e8-d3d1-6056-8577-b0b193f812eb), please try again in 2 minutes\"}","innererror":{"referer":"restnoded","originalRequestBody":"\"{}\"","errorStack":[]}}} <SNIP> Mon, 22 Oct 2018 06:10:59 GMT - fine: [appsvcs] {"message":"deployed= 5 good 0 bad 5 changes","level":"debug"} Mon, 22 Oct 2018 06:10:59 GMT - fine: [appsvcs] {"message":"5 changes, save current declaration for later","level":"debug"} Mon, 22 Oct 2018 06:10:59 GMT - fine: [appsvcs] {"message":"purge stored decls in excess of 0","level":"debug"} Mon, 22 Oct 2018 06:10:59 GMT - fine: [appsvcs] {"message":"unlocking transaction","level":"debug"} <FINISH>
Documentation Report
3.6.0 build 5
13.1.0.5
https://clouddocs.f5.com/products/extensions/f5-appsvcs-extension/latest/refguide/as3-api.html#using-patch-to-add-an-application-to-a-tenant
The following example could benefit from some more details
PATCH {host}/mgmt/shared/appsvcs/declare
"path": "/tenant1"
"op": "add",
"value": {
"app3": {... }
}
just to make it less prone to error, i would highlight that the class statement is still required
PATCH {host}/mgmt/shared/appsvcs/declare
"path": "/tenant1"
"op": "add",
"value": {
"class": "Tenant",
"app3": {... }
}
f5-appsvcs-3.2.0-7
BIG-IP 12.1.2 Build 2.0.276 Hotfix HF2
Error on self test:
Device localhost configuration operation in progress for (TEST_AS3_Basics), please try again in 5 minutes
Restart restnoded
tmsh restart /sys service restnoded
POST to https://{{host}}/mgmt/shared/appsvcs/selftest
using a service account (not admin
)
Self test suite passes
{
"code": 500,
"message": "POST http://admin:XXXXXX@localhost:8100/mgmt/shared/appsvcs/declare submit tests response=503 body={\"status\":503,\"retryAfter\":300,\"message\":\"Device localhost configuration operation in progress for (TEST_AS3_Basics), please try again in 5 minutes\",\"code\":503,\"declarationFullId\":\"\"}",
"originalRequestBody": "",
"referer": "restnoded",
"restOperationId": 0,
"kind": ":resterrorresponse"
}
Gist of /var/log/restnoded/restnoded.log, including startup
https://gist.github.com/ColinHeathman/a82774e450bc037b6d51087993b9c35c
Feature Idea
f5-appsvcs-3.2.0-7.noarch.rpm
V13.1.0.8
Customers typically utilize base TCP profiles for client-side and server-side. Currently with AS3 you can chose an existing profile, but cannot specify different profiles for client and server sides. If you want separate profiles you can use the ingress and egress but this will assign the f5-tcp-<wan/lan>.
{
"class": "AS3",
"action": "deploy",
"persist": true,
"declaration": {
"class": "ADC",
"schemaVersion": "3.2.0",
"id": "FirstTestApp",
"label": "Test",
"remark": "Test virtual server for vicor PoC",
"lab": {
"class": "Tenant",
"bodgeit": {
"class": "Application",
"template": "https",
"serviceMain": {
"class": "Service_HTTPS",
"virtualAddresses": [
"10.0.1.110"
],
"virtualPort": 443,
"profileHTTP": {
"bigip": "/Common/f5demo-http"
},
"profileMultiplex": {
"bigip": "/Common/f5demo-oneconnect"
},
"profileTCP": {
"ingress": "/Common/f5demo-tcp-wan",
"egress": "/Common/f5demo-tcp-lan"
},
"pool": "bodgeit",
"redirect80": false,
"clientTLS": {
"bigip": "/Common/f5demo-serverssl"
},
"serverTLS": {
"bigip": "/Common/san_cert"
},
"snat": "auto"
},
"bodgeit_redir": {
"class": "Service_HTTP",
"virtualAddresses": [
"10.0.1.110"
],
"virtualPort": 80,
"profileHTTP": {
"bigip": "/Common/f5demo-http"
},
"profileTCP": {
"bigip": "/Common/f5demo-tcp-lan"
},
"iRules": [
{
"bigip": "/Common/_sys_https_redirect"
}
]
},
"bodgeit": {
"class": "Pool",
"monitors": [{
"bigip": "/Common/f5demo-https-head"
}],
"members": [{
"servicePort": 443,
"serverAddresses": [
"10.128.20.11",
"10.128.20.12"
]
}]
}
}
}
}
}
virtual server created with separate TCP profiles assigned to client and server side.
{
"status": 422,
"message": "declaration is invalid",
"errors": [
"/lab/bodgeit/serviceMain/profileTCP/ingress: should be equal to one of the allowed values [\"normal\",\"lan\",\"wan\",\"mobile\"]"
],
"code": 422,
"declarationFullId": ""
}
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.