f5-ansible
f5-ansible copied to clipboard
F5Networks
bigip_configsync_action with overwrite_config: yes can return "Recommended action: Synchronize to group"
COMPONENT NAME
bigip_configsync_action
Environment
ANSIBLE VERSION
[dciteam@jumphost ~]$ ansible --version
ansible 2.9.23
config file = /etc/ansible/ansible.cfg
configured module search path = ['/home/dciteam/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
ansible python module location = /usr/lib/python3.6/site-packages/ansible
executable location = /usr/bin/ansible
python version = 3.6.8 (default, Mar 18 2021, 08:58:41) [GCC 8.4.1 20200928 (Red Hat 8.4.1-1)]
BIGIP VERSION
bigip:15.1.0.4-0.71.6
OS / ENVIRONMENT
NA
SUMMARY
Checking https://github.com/ansible/ansible_collections_f5/blob/master/plugins/modules/bigip_configsync_action.py
I would expect that bigip_configsync_action with overwrite_config: yes would be equivalent to force-full-load-push so when running the following code:
- name: Perform Sync
bigip_configsync_action:
device_group: "lb-cluster"
sync_device_to_group: yes
overwrite_config: yes
timeout: 60
I would never get the following message:
TASK [/home/dciteam/github/pipelines-pr86-26e901f228f995b9ca20318ba2033200/f5-bigip-config/hooks/roles/bigip_config : Save system settings]
6s
TASK [/home/dciteam/github/pipelines-pr86-26e901f228f995b9ca20318ba2033200/f5-bigip-config/hooks/roles/bigip_config : Perform Sync]
5s
task path: /home/dciteam/github/pipelines-pr86-26e901f228f995b9ca20318ba2033200/f5-bigip-config/hooks/roles/bigip_config/tasks/main.yaml:173
fatal: [provisioner.cluster5.dfwt5g.lab]: FAILED! => {"changed": false, "msg": "Recommended action: Synchronize 192.168.55.71 to group lb-cluster"}
How is that this can happen? How this could be made more reliable?
STEPS TO REPRODUCE
- Configure two units with basic config (time sync'ed)
- Configure services in one of the units. Save the config
- Perform sync to the device-group as above
EXPECTED RESULTS
The cluster is always in sync when using this option. The condition "Recommended action: Synchronize xxx to group lb-cluster" is not handled by _wait_for_sync
Checking previous code I wrote, probably before this module existed, is as follows and worked reliably:
- name: "config-sync from master to ha-group"
bigip_command:
server: "{{ master }}"
commands:
- save sys config
# When changing bigip local config we don't know which one will get the last update hence we need to do a force so the system doesn't reject sync'ing
- run cm config-sync to-group ha-group force-full-load-push
delegate_to: localhost
when: bigip[id] == master
tags:
- always
- name: Check sync and failover status
bigip_command:
server: "{{ master }}"
commands:
- show cm sync-status
wait_for:
- result[0] contains "green"
retries: 60
match: all
delegate_to: localhost
when: bigip[id] == master
tags:
- always
I'm seeing similar behavior but in the sync_group_to_device attribute.
TASK [cloudfoundry : Sync Most Recent Changes Between LTM Peers] *****************
fatal: [sndltm-int01.blah.com]: FAILED! => {"changed": false, "msg": "Recommended action: Synchronize sndltm-int01.blah.com to group HA-FailOver"}
...ignoring
Shouldn't sync_group_to_device make the determination which way to sync and do just that?
- ansible 2.10.3
- f5networks.f5_modules (1.15.0)
- BigIP 15.1.2
The full traceback is:
File "/var/folders/dp/z8fqtkcx20jfzhylh96t6dzh0000gn/T/ansible_f5networks.f5_modules.bigip_configsync_action_payload_t9tlhkx1/ansible_f5networks.f5_modules.bigip_configsync_action_payload.zip/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_configsync_action.py", line 425, in main
File "/var/folders/dp/z8fqtkcx20jfzhylh96t6dzh0000gn/T/ansible_f5networks.f5_modules.bigip_configsync_action_payload_t9tlhkx1/ansible_f5networks.f5_modules.bigip_configsync_action_payload.zip/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_configsync_action.py", line 204, in exec_module
File "/var/folders/dp/z8fqtkcx20jfzhylh96t6dzh0000gn/T/ansible_f5networks.f5_modules.bigip_configsync_action_payload_t9tlhkx1/ansible_f5networks.f5_modules.bigip_configsync_action_payload.zip/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_configsync_action.py", line 227, in present
File "/var/folders/dp/z8fqtkcx20jfzhylh96t6dzh0000gn/T/ansible_f5networks.f5_modules.bigip_configsync_action_payload_t9tlhkx1/ansible_f5networks.f5_modules.bigip_configsync_action_payload.zip/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_configsync_action.py", line 261, in execute
File "/var/folders/dp/z8fqtkcx20jfzhylh96t6dzh0000gn/T/ansible_f5networks.f5_modules.bigip_configsync_action_payload_t9tlhkx1/ansible_f5networks.f5_modules.bigip_configsync_action_payload.zip/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_configsync_action.py", line 317, in _wait_for_sync
File "/var/folders/dp/z8fqtkcx20jfzhylh96t6dzh0000gn/T/ansible_f5networks.f5_modules.bigip_configsync_action_payload_t9tlhkx1/ansible_f5networks.f5_modules.bigip_configsync_action_payload.zip/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_configsync_action.py", line 379, in _validate_pending_status
fatal: [sndltm-int01.blah.com]: FAILED! => {
"changed": false,
"invocation": {
"module_args": {
"device_group": "HA-FailOver",
"overwrite_config": false,
"provider": {
"auth_provider": null,
"no_f5_teem": null,
"password": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER",
"server": "sndltm-int01.blah.com",
"server_port": null,
"timeout": null,
"transport": "rest",
"user": "admin",
"validate_certs": false
},
"sync_device_to_group": null,
"sync_group_to_device": true
}
},
"msg": "Recommended action: Synchronize sndltm-int01.blah.com to group HA-FailOver"
}
Hi, we are closing this request now. Please re-open if required or send an email to [email protected]. Thanks!
The issue still exists. It also has an internal F5 support ticket number. Why was this closed?
