f5-ansible icon indicating copy to clipboard operation
f5-ansible copied to clipboard
verified publisher icon F5Networks

Add keep-alive-interval to bigip_profile_tcp

Open jeffl2017 opened this issue 5 years ago • 5 comments

ISSUE TYPE
  • Feature Idea
COMPONENT NAME

bigip_profile_tcp

ANSIBLE VERSION
ansible 2.9.13
  config file = /etc/ansible/ansible.cfg
  configured module search path = [u'/home/testuser/.ansible/plugins/modules', u                                                                            '/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/lib/python2.7/dist-packages/ansible
  executable location = /usr/bin/ansible
  python version = 2.7.17 (default, Sep 30 2020, 13:38:04) [GCC 7.5.0]
PYTHON VERSION
Python 2.7.17
BIGIP VERSION
Sys::Version
Main Package
  Product     BIG-IP
  Version     13.1.3.4
  Build       0.0.5
  Edition     Point Release 4
  Date        Tue Jun 16 14:26:18 PDT 2020
CONFIGURATION
OS / ENVIRONMENT

N/A

SUMMARY

The bigip_profile_tcp module does not have the keep-alive-interval parameter available. Federal Customers require this parameter.

STEPS TO REPRODUCE
create ltm profile tcp /Common/STIG_f5-tcp-progressive { defaults-from f5-tcp-progressive keep-alive-interval 900 idle-timeout 900}
EXPECTED RESULTS
ACTUAL RESULTS

jeffl2017 avatar Oct 26 '20 15:10 jeffl2017

Tracking via FMFA-659

focrensh avatar Oct 30 '20 21:10 focrensh

We run into this as well. Do you guys (including @focrensh) by chance have any ETA on this?

Cajga avatar Nov 11 '21 14:11 Cajga

Anyone who is interested this is how we workaround the issue (it loops through an array of map contains the tcp_profiles):

    - name: Configure tcp profiles
      bigip_profile_tcp:
        name: "{{ item.name }}"
        parent: "{{ item.parent }}"
        idle_timeout: "{{ item.idle_timeout | default(omit) }}"
        initial_congestion_window_size: "{{ item.initial_congestion_window_size | default(omit) }}"
        initial_receive_window_size: "{{ item.initial_receive_window_size | default(omit) }}"
        nagle: "{{ item.nagle | default(omit) }}"
        proxy_options: "{{ item.proxy_options | default(omit) }}"
        syn_rto_base: "{{ item.syn_rto_base | default(omit) }}"
        time_wait_recycle: "{{ item.time_wait_recycle | default(omit) }}"
        state: "{{ item.state }}"
        provider: "{{ provider }}"
      loop: "{{ tcp_profiles }}"

    - name: Update keepalive settings for tcp profiles - Workaround for missing keep-alive attribute for tcp profiles (https://github.com/F5Networks/f5-ansible/issues/1897)
      bigip_command:
        commands: "tmsh list ltm profile tcp {{ item.name }}|grep -q \"keep-alive-interval {{ item.keep_alive_interval }}$\" || ( tmsh modify ltm profile tcp {{ item.name }} keep-alive-interval {{ item.keep_alive_interval }} && echo CHANGED )"
        provider: "{{ provider }}"
      register: monitor_result
      changed_when: '"CHANGED" in monitor_result.stdout'
      loop: "{{ tcp_profiles }}"

Cajga avatar Nov 11 '21 16:11 Cajga

We can solve this issue with F5 Ansible collections v2 using AS3. See https://clouddocs.f5.com/products/extensions/f5-appsvcs-extension/latest/refguide/schema-reference.html#tcp-profile

Please see F5 BIGIP Collection v2 documentation - https://clouddocs.f5.com/products/orchestration/ansible/devel/f5_bigip/f5_bigip.html for more info.

trinaths avatar Mar 11 '22 10:03 trinaths

Hello, AS3 is not always the best option, in our environment we pre-provision all Big-IPs with one "main" tcp profile which is then used by all virtual servers. If it's not a major complication, I would like to see the keep-alive-interval added to the bigip_profile_tcp module. This would make the module more complete, and would allow us to avoid using extra command module for just this one option. Thanks for considering.

m-kratochvil avatar Jun 29 '22 05:06 m-kratochvil