Comments (3)
m-kratochvil
commented on July 30, 2024
Further investigation on our side shows that the declaration fails when the pool member is set to "adminState": "disable" and "priorityGroup": 1, is added to the declaration. It could either be only one of these two things, or both that cause the failure, we don't know that yet.
Here is the last successful declaration and the first one that fails, so you can do a diff.
{
"action": "deploy",
"class": "AS3",
"declaration": {
"class": "ADC",
"id": "urn:uuid:5e443f46-1dc0-43ef-afc4-c3cd752e46ad",
"label": "F5 BigIP Provider",
"net_f4db9dbe_1d85_4aa4_84dd_3aea727aaa24": {
"class": "Tenant",
"defaultRouteDomain": 3063,
"label": "project_7243f3f80a99434292d6766069d3961a",
"lb_9605e3e2-1be0-44d4-beee-9362e53c54f7": {
"class": "Application",
"label": "9605e3e2-1be0-44d4-beee-9362e53c54f7",
"listener_7ea1d149-039a-4c54-a126-9ada3b60964a": {
"class": "Service_L4",
"iRules": [],
"label": "lb_member_listener1_member-436580696",
"maxConnections": 200,
"persistenceMethods": [],
"policyEndpoint": [],
"pool": "pool_040d6597-720a-4676-8954-fddfb56df4b5",
"profileL4": {
"bigip": "/Common/fastL4_profile"
},
"snat": "self",
"virtualAddresses": [
"10.1.1.59"
],
"virtualPort": 8000
},
"pool_040d6597-720a-4676-8954-fddfb56df4b5": {
"class": "Pool",
"label": "lb_member_pool1_member-698855247",
"loadBalancingMode": "ratio-member",
"members": [
{
"adminState": "enable",
"enable": true,
"ratio": 20,
"remark": "39e9668c-2483-41ca-bfd6-73fea4609136",
"serverAddresses": [
"192.0.2.1"
],
"servicePort": 80
}
],
"remark": "lb_member_pool1_member-698855247"
},
"template": "generic"
}
},
"schemaVersion": "3.19.0",
"updateMode": "selective"
},
"historyLimit": 2,
"logLevel": "warning",
"persist": false,
"trace": false
}[
{
"code": 200,
"declarationId": "urn:uuid:5e443f46-1dc0-43ef-afc4-c3cd752e46ad",
"host": "localhost",
"lineCount": 22,
"message": "success",
"runTime": 1520,
"tenant": "net_f4db9dbe_1d85_4aa4_84dd_3aea727aaa24"
}
]
{
"action": "deploy",
"class": "AS3",
"declaration": {
"class": "ADC",
"id": "urn:uuid:e806dee3-7f35-4d8f-8a68-4e8d5f34a960",
"label": "F5 BigIP Provider",
"net_f4db9dbe_1d85_4aa4_84dd_3aea727aaa24": {
"class": "Tenant",
"defaultRouteDomain": 3063,
"label": "project_7243f3f80a99434292d6766069d3961a",
"lb_9605e3e2-1be0-44d4-beee-9362e53c54f7": {
"class": "Application",
"label": "9605e3e2-1be0-44d4-beee-9362e53c54f7",
"listener_7ea1d149-039a-4c54-a126-9ada3b60964a": {
"class": "Service_L4",
"iRules": [],
"label": "lb_member_listener1_member-436580696",
"maxConnections": 200,
"persistenceMethods": [],
"policyEndpoint": [],
"pool": "pool_040d6597-720a-4676-8954-fddfb56df4b5",
"profileL4": {
"bigip": "/Common/fastL4_profile"
},
"snat": "self",
"virtualAddresses": [
"10.1.1.59"
],
"virtualPort": 8000
},
"pool_040d6597-720a-4676-8954-fddfb56df4b5": {
"class": "Pool",
"label": "lb_member_pool1_member-698855247",
"loadBalancingMode": "ratio-member",
"members": [
{
"adminState": "disable",
"enable": true,
"priorityGroup": 1,
"ratio": 20,
"remark": "39e9668c-2483-41ca-bfd6-73fea4609136",
"serverAddresses": [
"192.0.2.1"
],
"servicePort": 80
}
],
"remark": "lb_member_pool1_member-698855247"
},
"template": "generic"
}
},
"schemaVersion": "3.19.0",
"updateMode": "selective"
},
"historyLimit": 2,
"logLevel": "warning",
"persist": false,
"trace": false
}[
{
"code": 422,
"declarationId": "urn:uuid:e806dee3-7f35-4d8f-8a68-4e8d5f34a960",
"host": "localhost",
"message": "declaration failed",
"response": "01020036:3: The requested Pool Member (/net_f4db9dbe_1d85_4aa4_84dd_3aea727aaa24/lb_9605e3e2-1be0-44d4-beee-9362e53c54f7/pool_040d6597-720a-4676-8954-fddfb56df4b5 /net_f4db9dbe_1d85_4aa4_84dd_3aea727aaa24/192.0.2.1%3063 80) was not found.",
"runTime": 1925,
"tenant": "net_f4db9dbe_1d85_4aa4_84dd_3aea727aaa24"
}
]
from f5-appsvcs-extension.
m-kratochvil
commented on July 30, 2024
UPDATE
After installing AS3 pre-release 3.50 the first issue from the above Summary is resolved (declaration fails with pool member not found
The second issue still remains - declaration fails with error pool member already exists in partition.
Below I post two declaration
- last successful declaration
- first failed declaration after that
If you do a diff between those two declarations, you’ll see that the change we do, that results in the failed declaration is that we add a second pool member to a pool, plus we set priority group 2 to the new pool member but also set priority group 1 to the already existing pool member.
Last successful declaration:
{
"action": "deploy",
"class": "AS3",
"declaration": {
"class": "ADC",
"id": "urn:uuid:973a48f1-f1c1-4d41-b1e7-8e03b49c63c3",
"label": "F5 BigIP Provider",
"net_13ba6482_a3b1_4a8e_9845_9748bc6df450": {
"class": "Tenant",
"defaultRouteDomain": 3035,
"label": "project_32e0d9ed2f97404d95fc0c77dbeabc63",
"lb_5599f0fe-3ad1-42ee-a761-7f86674a34d5": {
"class": "Application",
"label": "5599f0fe-3ad1-42ee-a761-7f86674a34d5",
"pool_14d602f4-b61a-45cb-a13a-61db76b89ae0": {
"class": "Pool",
"label": "lb_member_pool3_member-batch-1380482994",
"loadBalancingMode": "ratio-member",
"members": [
{
"adminState": "enable",
"enable": true,
"ratio": 20,
"remark": "eec1e386-c349-4195-b1cd-6c508f736fb5",
"serverAddresses": [
"192.0.2.1"
],
"servicePort": 80
}
],
"remark": "lb_member_pool3_member-batch-1380482994"
},
"template": "generic"
}
},
"schemaVersion": "3.19.0",
"updateMode": "selective"
},
"historyLimit": 2,
"logLevel": "warning",
"persist": false,
"trace": false
}[
{
"code": 200,
"declarationId": "urn:uuid:973a48f1-f1c1-4d41-b1e7-8e03b49c63c3",
"host": "localhost",
"lineCount": 20,
"message": "success",
"runTime": 1449,
"tenant": "net_13ba6482_a3b1_4a8e_9845_9748bc6df450"
}
]
Failed declaration afterwards:
{
"action": "deploy",
"class": "AS3",
"declaration": {
"class": "ADC",
"id": "urn:uuid:28ac4625-6160-45b5-926b-848fc8f3fb3e",
"label": "F5 BigIP Provider",
"net_13ba6482_a3b1_4a8e_9845_9748bc6df450": {
"class": "Tenant",
"defaultRouteDomain": 3035,
"label": "project_32e0d9ed2f97404d95fc0c77dbeabc63",
"lb_5599f0fe-3ad1-42ee-a761-7f86674a34d5": {
"class": "Application",
"label": "5599f0fe-3ad1-42ee-a761-7f86674a34d5",
"pool_14d602f4-b61a-45cb-a13a-61db76b89ae0": {
"class": "Pool",
"label": "lb_member_pool3_member-batch-1380482994",
"loadBalancingMode": "ratio-member",
"members": [
{
"adminState": "enable",
"enable": true,
"priorityGroup": 2,
"ratio": 20,
"remark": "eec1e386-c349-4195-b1cd-6c508f736fb5",
"serverAddresses": [
"192.0.2.1"
],
"servicePort": 80
},
{
"adminState": "enable",
"enable": true,
"priorityGroup": 1,
"ratio": 20,
"remark": "5926268d-eec1-4047-8d86-66e6aa0d2951",
"serverAddresses": [
"192.0.2.3"
],
"servicePort": 81
}
],
"remark": "lb_member_pool3_member-batch-1380482994"
},
"template": "generic"
}
},
"schemaVersion": "3.19.0",
"updateMode": "selective"
},
"historyLimit": 2,
"logLevel": "warning",
"persist": false,
"trace": false
}[
{
"code": 422,
"declarationId": "urn:uuid:28ac4625-6160-45b5-926b-848fc8f3fb3e",
"host": "localhost",
"message": "declaration failed",
"response": "01020066:3: The requested Pool Member (/net_13ba6482_a3b1_4a8e_9845_9748bc6df450/lb_5599f0fe-3ad1-42ee-a761-7f86674a34d5/pool_14d602f4-b61a-45cb-a13a-61db76b89ae0 /net_13ba6482_a3b1_4a8e_9845_9748bc6df450/192.0.2.3%3035 81) already exists in partition net_13ba6482_a3b1_4a8e_9845_9748bc6df450.",
"runTime": 1436,
"tenant": "net_13ba6482_a3b1_4a8e_9845_9748bc6df450"
}
]
I did check on the Big-IP and the pool member in the error message does not exist in the config, so it should be created without issues.
from f5-appsvcs-extension.
m-kratochvil
commented on July 30, 2024
UPDATE
We're now running the official release 3.50
I looked at the actual cli script of the failed declaration, and there are clearly two consecutive actions trying to create the same pool member under a pool. This results in the observed error.
In high-level, it looks like this:
tmsh create ltm pool <pool> <some pool options> members replace-all-with
<partition>/192.0.2.1%3109:80 { <some member options> }
<partition>/192.0.2.3%3109:81 { <some member options> }
tmsh modify ltm pool <pool> members add
<partition>/192.0.2.3%3109:81 { <exactly the same member options }
Full transaction:
cli script __appsvcs_update {
proc script::run {} {
if {[catch {
tmsh::modify ltm data-group internal __appsvcs_update records none
} err]} {
tmsh::create ltm data-group internal __appsvcs_update type string records none
}
if { [catch {
tmsh::modify ltm pool /net_ef6f031e_9a7c_408c_8ca8_5fd5e7b1535e/lb_98778260-f5d6-498d-9228-4612113c3c2d/pool_e90766ee-c84d-4d19-82ed-8265f083f2c5 members delete \{ "/net_ef6f031e_9a7c_408c_8ca8_5fd5e7b1535e/1
92.0.2.1%3109:80" \}
tmsh::begin_transaction
tmsh::modify ltm node /net_ef6f031e_9a7c_408c_8ca8_5fd5e7b1535e/192.0.2.1%3109 metadata none
tmsh::modify auth partition net_ef6f031e_9a7c_408c_8ca8_5fd5e7b1535e description \"Updated by AS3 at [clock format [clock seconds] -gmt true -format {%a, %d %b %Y %T %Z}]\"
tmsh::delete ltm pool /net_ef6f031e_9a7c_408c_8ca8_5fd5e7b1535e/lb_98778260-f5d6-498d-9228-4612113c3c2d/pool_e90766ee-c84d-4d19-82ed-8265f083f2c5
tmsh::create ltm pool /net_ef6f031e_9a7c_408c_8ca8_5fd5e7b1535e/lb_98778260-f5d6-498d-9228-4612113c3c2d/pool_e90766ee-c84d-4d19-82ed-8265f083f2c5 description \"tempest-lb_member_pool3_member-batch-1474553793\
" load-balancing-mode ratio-member members replace-all-with \{ /net_ef6f031e_9a7c_408c_8ca8_5fd5e7b1535e/192.0.2.1%3109:80 \{ connection-limit 0 description \"886e829c-5fb6-40bc-9a1b-8a4850d5d91b\" dynamic-ra
tio 1 fqdn \{ autopopulate disabled \} priority-group 2 rate-limit disabled ratio 20 state user-up session user-enabled metadata none \} /net_ef6f031e_9a7c_408c_8ca8_5fd5e7b1535e/192.0.2.3%3109:81 \{ connecti
on-limit 0 description \"d0ac1f4c-0e75-4852-b9b8-6d2dd2d211d1\" dynamic-ratio 1 fqdn \{ autopopulate disabled \} priority-group 1 rate-limit disabled ratio 20 state user-up session user-enabled metadata none
\} \} min-active-members 1 reselect-tries 0 service-down-action none slow-ramp-time 10 allow-nat yes allow-snat yes metadata none
tmsh::modify ltm pool /net_ef6f031e_9a7c_408c_8ca8_5fd5e7b1535e/lb_98778260-f5d6-498d-9228-4612113c3c2d/pool_e90766ee-c84d-4d19-82ed-8265f083f2c5 members add \{ /net_ef6f031e_9a7c_408c_8ca8_5fd5e7b1535e/192.0
.2.3%3109:81 \{ connection-limit 0 description \"d0ac1f4c-0e75-4852-b9b8-6d2dd2d211d1\" dynamic-ratio 1 fqdn \{ autopopulate disabled \} priority-group 1 rate-limit disabled ratio 20 state user-up session use
r-enabled metadata none \} \}
tmsh::create ltm node /net_ef6f031e_9a7c_408c_8ca8_5fd5e7b1535e/192.0.2.3%3109 address 192.0.2.3%3109 metadata none
tmsh::commit_transaction
} err] } {
catch { tmsh::cancel_transaction } e
regsub -all {"} $err {\"} err
tmsh::modify ltm data-group internal __appsvcs_update records add \{ error \{ data \"$err\" \} \}
tmsh::modify ltm pool /net_ef6f031e_9a7c_408c_8ca8_5fd5e7b1535e/lb_98778260-f5d6-498d-9228-4612113c3c2d/pool_e90766ee-c84d-4d19-82ed-8265f083f2c5 members add \{ /net_ef6f031e_9a7c_408c_8ca8_5fd5e7b1535e/192.0
.2.1%3109:80 \{ connection-limit 0 description \"886e829c-5fb6-40bc-9a1b-8a4850d5d91b\" dynamic-ratio 1 fqdn \{ autopopulate disabled \} priority-group 0 rate-limit disabled ratio 20 state user-up session use
r-enabled metadata none \} \}
}}
total-signing-status not-all-signed
}
from f5-appsvcs-extension.
Related Issues (20)
- Big-IQ bigip_bigiq_as3 resource - Provider produced inconsistent final plan
- RFE: Add Client SSL condition support to Endpoint Policy HOT 1
- Add AFM options for enabling and disabling rules/rulesets
- Transparent monitors are not currently available for FQDN nodes." HOT 1
- SNAT translation address is still referenced by SNAT
- "Use Tunnel On Any Request Method" for HTTP Profile with proxyType = explicit
- Not able to set Traffic-group to None in AS3
- wildcard cn not allowed as hostname
- Policy_Action_Drop - additional events HOT 4
- Minimum Monitors for Members in Class Pool does not support "all" HOT 2
- cosmetic issues in in-progress tasks returned payload HOT 2
- RD 0 suffix is ignored in Tenant with non-0 defaultRouteDomain HOT 7
- Declaration deployment produces an non-descriptive error message "betaOptions"! HOT 3
- AS3 codebase to import sys level objects HOT 2
- Tenant fails to be created when shareAddresses is used even with AS3 Version 3.50.2 HOT 4
- Add Support for serverssl-use-sni Option in Virtual Server Configuration HOT 6
- A descriptive error message is needed when the delete operation for a VLAN fails. HOT 1
- GSLB Global Settings - Add synchronize-zone-files HOT 1
- GLSB_Server Class - Allow no or NULL value for Monitor type, and not select default 'bigip' type. HOT 1
- minimumMonitors support in GSLB_Servers and GLSB_Virtual_Server classes HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from f5-appsvcs-extension.