f5-ansible-bigip icon indicating copy to clipboard operation
f5-ansible-bigip copied to clipboard

Published 20 hours ago verified publisher icon F5Networks

Cant reference SSLO SSL config created by bigip_sslo_config_ssl

Open megamattzilla opened this issue 1 year ago • 3 comments

COMPONENT NAME

bigip_sslo_config_ssl

Environment

ANSIBLE VERSION
ansible [core 2.12.2]
  config file = None
  configured module search path = ['/home/azureuser/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /home/azureuser/python3.8-ansible/lib/python3.8/site-packages/ansible
  ansible collection location = /home/azureuser/.ansible/collections:/usr/share/ansible/collections
  executable location = /home/azureuser/python3.8-ansible/bin/ansible
  python version = 3.8.5 (default, Jan 27 2021, 15:41:15) [GCC 9.3.0]
  jinja version = 3.0.3
  libyaml = True
BIGIP VERSION
Sys::Version
Main Package
  Product     BIG-IP
  Version     16.1.3.3
  Build       0.0.3
  Edition     Point Release 3
  Date        Thu Dec 22 12:07:59 PST 2022
CONFIGURATION
OS / ENVIRONMENT

Ubuntu 20.04.3

SUMMARY

After creating an sslo ssl configurations using the ansible module bigip_sslo_config_ssl , the created ssl configuration cannot be referenced by a manually created SSLO topology. The GUI experiences a fatal error message.

STEPS TO REPRODUCE

Create the following SSLO ssl configuration via Ansible (which is successful)

   - name: Create demo SSLO SSL setting
      bigip_sslo_config_ssl:
        name: "Explicit_Proxy"
        client_settings:
          proxy_type: "forward"
          cipher_type: "group"
          cipher_group: "/Common/f5-default"
          cert: "/Common/default.crt"
          key: "/Common/default.key"
          ca_cert: "/Common/default.crt"
          ca_key: "/Common/default.key"
        server_settings:
          cipher_type: "group"
          cipher_group: "/Common/f5-default"
        bypass_handshake_failure: no

After the ssl configuration has been successfully created via ansible, navigate to SSLO web GUI and create a new SSLO topology and attempt to reference ssl configuration Explicit_proxy

EXPECTED RESULTS

SSLO GUI allows you to associate the ssl configuration Explicit_proxy with the SSLO topology being created

ACTUAL RESULTS

After choosing "Use Existing" and selecting Explicit_proxy ssl configuration and clicking save & next, the GUI hangs with an error message indicating a fatal error. sslo-use-exist-ssl-error

megamattzilla avatar Jul 07 '23 19:07 megamattzilla

Hi,

Thanks for reporting. Added to the backlog and internal tracking ID for this request is: INFRAANO-1266.

pgouband avatar Aug 09 '23 16:08 pgouband

Hi @megamattzilla ,

I attempted to reproduce the error and sought assistance from the SSLO team, but unfortunately, I was unable to replicate the issue. It appears that this may have been a temporary problem, possibly caused by the server receiving multiple requests. Could you please test it on the latest version and let me know if you are still experiencing this issue?

Thanks.

prateekramani avatar Sep 17 '24 07:09 prateekramani

I cannot replicate the issue on 17.1.1.3:

Sys::Version
Main Package
  Product     BIG-IP
  Version     17.1.1.3
  Build       0.0.5
  Edition     Point Release 3
  Date        Thu Mar 21 04:23:27 PDT 2024

I will have customer re-test and report back soon.

Thanks!!

megamattzilla avatar Sep 20 '24 15:09 megamattzilla

Hi @megamattzilla,

Any update from the customer? If no update by end of this week, we will close the issue.

pgouband avatar Oct 08 '24 08:10 pgouband