Error while running ansible
I am getting the following error when I am trying to run ansible script on f5 instance through jumphost The full traceback is: Traceback (most recent call last): File "/Library/Frameworks/Python.framework/Versions/3.12/lib/python3.12/urllib/request.py", line 1344, in do_open h.request(req.get_method(), req.selector, req.data, headers, File "/Library/Frameworks/Python.framework/Versions/3.12/lib/python3.12/http/client.py", line 1336, in request self._send_request(method, url, body, headers, encode_chunked) File "/Library/Frameworks/Python.framework/Versions/3.12/lib/python3.12/http/client.py", line 1382, in _send_request self.endheaders(body, encode_chunked=encode_chunked) File "/Library/Frameworks/Python.framework/Versions/3.12/lib/python3.12/http/client.py", line 1331, in endheaders self._send_output(message_body, encode_chunked=encode_chunked) File "/Library/Frameworks/Python.framework/Versions/3.12/lib/python3.12/http/client.py", line 1091, in _send_output self.send(msg) File "/Library/Frameworks/Python.framework/Versions/3.12/lib/python3.12/http/client.py", line 1035, in send self.connect() File "/Library/Frameworks/Python.framework/Versions/3.12/lib/python3.12/http/client.py", line 1477, in connect self.sock = self._context.wrap_socket(self.sock, ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/Library/Frameworks/Python.framework/Versions/3.12/lib/python3.12/ssl.py", line 455, in wrap_socket return self.sslsocket_class._create( ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/Library/Frameworks/Python.framework/Versions/3.12/lib/python3.12/ssl.py", line 1042, in _create self.do_handshake() File "/Library/Frameworks/Python.framework/Versions/3.12/lib/python3.12/ssl.py", line 1320, in do_handshake self._sslobj.do_handshake() ssl.SSLError: [SSL: WRONG_VERSION_NUMBER] wrong version number (_ssl.c:1000) During handling of the above exception, another exception occurred: Traceback (most recent call last): File "/Users/pranaychowd.pinapaka/.ansible/tmp/ansible-tmp-1714109490.0885582-73185-193526554178977/AnsiballZ_bigip_command.py", line 107, in <module> _ansiballz_main() File "/Users/pranaychowd.pinapaka/.ansible/tmp/ansible-tmp-1714109490.0885582-73185-193526554178977/AnsiballZ_bigip_command.py", line 99, in _ansiballz_main invoke_module(zipped_mod, temp_path, ANSIBALLZ_PARAMS) File "/Users/pranaychowd.pinapaka/.ansible/tmp/ansible-tmp-1714109490.0885582-73185-193526554178977/AnsiballZ_bigip_command.py", line 47, in invoke_module runpy.run_module(mod_name='ansible_collections.f5networks.f5_modules.plugins.modules.bigip_command', init_globals=dict(_module_fqn='ansible_collections.f5networks.f5_modules.plugins.modules.bigip_command', _modlib_path=modlib_path), File "<frozen runpy>", line 226, in run_module File "<frozen runpy>", line 98, in _run_module_code File "<frozen runpy>", line 88, in _run_code File "/var/folders/4c/dnty3w814gxd01c5lq6910nr0000gn/T/ansible_bigip_command_payload_rjjis8dv/ansible_bigip_command_payload.zip/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_command.py", line 757, in <module> File "/var/folders/4c/dnty3w814gxd01c5lq6910nr0000gn/T/ansible_bigip_command_payload_rjjis8dv/ansible_bigip_command_payload.zip/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_command.py", line 750, in main File "/var/folders/4c/dnty3w814gxd01c5lq6910nr0000gn/T/ansible_bigip_command_payload_rjjis8dv/ansible_bigip_command_payload.zip/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_command.py", line 680, in exec_module File "/var/folders/4c/dnty3w814gxd01c5lq6910nr0000gn/T/ansible_bigip_command_payload_rjjis8dv/ansible_bigip_command_payload.zip/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_command.py", line 631, in exec_module File "/var/folders/4c/dnty3w814gxd01c5lq6910nr0000gn/T/ansible_bigip_command_payload_rjjis8dv/ansible_bigip_command_payload.zip/ansible_collections/f5networks/f5_modules/plugins/module_utils/icontrol.py", line 551, in tmos_version File "/var/folders/4c/dnty3w814gxd01c5lq6910nr0000gn/T/ansible_bigip_command_payload_rjjis8dv/ansible_bigip_command_payload.zip/ansible_collections/f5networks/f5_modules/plugins/module_utils/bigip.py", line 31, in api File "/var/folders/4c/dnty3w814gxd01c5lq6910nr0000gn/T/ansible_bigip_command_payload_rjjis8dv/ansible_bigip_command_payload.zip/ansible_collections/f5networks/f5_modules/plugins/module_utils/bigip.py", line 52, in connect_via_token_auth File "/var/folders/4c/dnty3w814gxd01c5lq6910nr0000gn/T/ansible_bigip_command_payload_rjjis8dv/ansible_bigip_command_payload.zip/ansible_collections/f5networks/f5_modules/plugins/module_utils/icontrol.py", line 239, in post File "/var/folders/4c/dnty3w814gxd01c5lq6910nr0000gn/T/ansible_bigip_command_payload_rjjis8dv/ansible_bigip_command_payload.zip/ansible_collections/f5networks/f5_modules/plugins/module_utils/icontrol.py", line 194, in send File "/var/folders/4c/dnty3w814gxd01c5lq6910nr0000gn/T/ansible_bigip_command_payload_rjjis8dv/ansible_bigip_command_payload.zip/ansible/module_utils/urls.py", line 1578, in open File "/Library/Frameworks/Python.framework/Versions/3.12/lib/python3.12/urllib/request.py", line 215, in urlopen return opener.open(url, data, timeout) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/Library/Frameworks/Python.framework/Versions/3.12/lib/python3.12/urllib/request.py", line 515, in open response = self._open(req, data) ^^^^^^^^^^^^^^^^^^^^^ File "/Library/Frameworks/Python.framework/Versions/3.12/lib/python3.12/urllib/request.py", line 532, in _open result = self._call_chain(self.handle_open, protocol, protocol + ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/Library/Frameworks/Python.framework/Versions/3.12/lib/python3.12/urllib/request.py", line 492, in _call_chain result = func(*args) ^^^^^^^^^^^ File "/var/folders/4c/dnty3w814gxd01c5lq6910nr0000gn/T/ansible_bigip_command_payload_rjjis8dv/ansible_bigip_command_payload.zip/ansible/module_utils/urls.py", line 605, in https_open File "/Library/Frameworks/Python.framework/Versions/3.12/lib/python3.12/urllib/request.py", line 1347, in do_open raise URLError(err) urllib.error.URLError: <urlopen error [SSL: WRONG_VERSION_NUMBER] wrong version number (_ssl.c:1000)> fatal: [hostip ]: FAILED! => { "changed": false, "module_stderr": "Traceback (most recent call last):\n File \"/Library/Frameworks/Python.framework/Versions/3.12/lib/python3.12/urllib/request.py\", line 1344, in do_open\n h.request(req.get_method(), req.selector, req.data, headers,\n File \"/Library/Frameworks/Python.framework/Versions/3.12/lib/python3.12/http/client.py\", line 1336, in request\n .. . . . payload.zip/ansible_collections/f5networks/f5_modules/plugins/module_utils/bigip.py\", line 52, in connect_via_token_auth\n File \"/var/folders/4c/dnty3w814gxd01c5lq6910nr0000gn/T/ansible_bigip_command_payload_rjjis8dv/ansible_bigip_command_payload.zip/ansible_collections/f5networks/f5_modules/plugins/module_utils/icontrol.py\", line 239, in post\n File \"/var/folders/4c/dnty3w814gxd01c5lq6910nr0000gn/T/ansible_bigip_command_payload_rjjis8dv/ansible_bigip_command_payload.zip/ansible_collections/f5networks/f5_modules/plugins/module_utils/icontrol.py\", line 194, in send\n File \"/var/folders/4c/dnty3w814gxd01c5lq6910nr0000gn/T/ansible_bigip_command_payload_rjjis8dv/ansible_bigip_command_payload.zip/ansible/module_utils/urls.py\", line 1578, in open\n File \"/Library/Frameworks/Python.framework/Versions/3.12/lib/python3.12/urllib/request.py\", line 215, in urlopen\n return opener.open(url, data, timeout)\n ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^\n File \"/Library/Frameworks/Python.framework/Versions/3.12/lib/python3.12/urllib/request.py\", line 515, in open\n response = self._open(req, data)\n ^^^^^^^^^^^^^^^^^^^^^\n File \"/Library/Frameworks/Python.framework/Versions/3.12/lib/python3.12/urllib/request.py\", line 532, in _open\n result = self._call_chain(self.handle_open, protocol, protocol +\n ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^\n File \"/Library/Frameworks/Python.framework/Versions/3.12/lib/python3.12/urllib/request.py\", line 492, in _call_chain\n result = func(*args)\n ^^^^^^^^^^^\n File \"/var/folders/4c/dnty3w814gxd01c5lq6910nr0000gn/T/ansible_bigip_command_payload_rjjis8dv/ansible_bigip_command_payload.zip/ansible/module_utils/urls.py\", line 605, in https_open\n File \"/Library/Frameworks/Python.framework/Versions/3.12/lib/python3.12/urllib/request.py\", line 1347, in do_open\n raise URLError(err)\nurllib.error.URLError: <urlopen error [SSL: WRONG_VERSION_NUMBER] wrong version number (_ssl.c:1000)>\n", "module_stdout": "", "msg": "MODULE FAILURE\nSee stdout/stderr for the exact error", "rc": 1 }130Views0likes4CommentsAPM :: Async Error :: Session deleted due to user inactivity
Anybody run into this error before? Been chasing "Session deleted due to user inactivity" when the user swears that it disconnects in the middle of their session while they are actively working. Saw this in the informational logs and wondered if it was related... 2018-03-29 01:29:19 /Common/main:Common:xxxxxxxx: {61b5.C} An exception is thrown: AsyncError:1: SuppliedUnexpectedAny889Views0likes3CommentsVirtual server details get a 404 with CURL
Hi, I am trying to get the virtual server details from a CURL call: curl -svku "admin:admin" https://0.0.0.0/mgmt/tm/ltm/virtual/virtualtest And I keep getting the following error: {"code":404,"message":"01020036:3: The requested Virtual Server (/Common/virtualtest) was not found.","errorStack":[],"apiError":3} What am I missing? The virtual server does exist. I am using F5 version 12.1.2 Thank you.675Views0likes3CommentsCatch an error in iRule execution
I would like some help in handling errors in an iRule. Below is the code snippet upto which I have been able to achieve, but haven't been able to get the desired results. when HTTP_REQUEST { #If XFF exists then change Source IP to the first IP that you find in XFF which is the origin. Check this at the very start. if { [HTTP::header values "X-Forwarded-For"] ne "" } { set remoteip [getfield [HTTP::header X-Forwarded-For] "," 1] } if { [catch { if { [class match $remoteip equals MY_BLACKLIST_IPS] && not [class match $remoteip equals MY_PROXY_IPS] } { # reject the request here. log local0. "Request is rejected here." reject return } } err] } { log local0. "Error found in the iRule process ${err}" } return } I want to log the error as well due to which the iRule encountered. The error currently is being logged as empty.655Views0likes1CommentWSS LTM not passing data correctly
Hi, i'm having some trouble about running an Virtual Server in front of a K3s ingress. I've setted up 4 virtual server, all point to the same destination address, but different port (different pool but final address is the same, only change the port) For Http/s, MQTT/s zero problem, but when i'm trying to redirect the http traffic using websocket i've several problem. Destination return several errors based on the Virtual Server tuning. Actually i've the virtual server configured in TCP with HTTP profile (Websocket enable both client and server) and in security profile i've created a wss security to allow * addresses (HTTP,HTTPS,WS,WSS) But when we try the application it return ERR_TRUNCATE_HEADERS. I've also create a new http profile based on the default, to increse the size of che Header Payload. Also no i'm not checking the payload, and ignore any possible malformed packet (just to let everything pass). On the application event log i can see all the request and i see the green thick so i suppose that everything is fine on the F5 side. How can i be sure of that? Is there a way to do extra check or am i missing something? Thank you guys. PaoloSolved1.7KViews0likes10CommentsTesting for iControl auth errors
Hi folks, one of my clients noticed API auth errors after upgrading the systems to TMOS v15.1.5.1. When trying to use a newly created auth token to access LTM objects via API the systems returns a 401. After retrying with the same token the access is successful most times. As a workaround a latency was applied in his management framework. The issue can be observed in all possible combinations under TMOS v151.1.5.1: - using admin or specific user - using local and remote authentication/authorization - using mgmt interface and inband management Even you might run the script on the F5 itself, I would recommend running it not on the device under test. The script can be configured to use specific accounts, out of band or inband management and for a number of test cycles. A latency (delay) can be configured to determine the safe amount of time between token generation and token usage. In each test cycle a new token is created and the token is deleted afterwards as the number of active tokens is limited. The script stops after a failed second attempt with the same token or after reaching the configured number of test cycles. # python script: pyapitest.07.py # version: 0.7 (2022-06-22) # author: Stephan Manthey # purpose: # retrieve auth token # list example pool configruation with token based auth via inband management IP (self IP) # use configurable delay between token generation and token usage # module requests required (installed via Python PIP): # su -c 'yum install python-pip' # su -c 'sudo pip2 install requests' # su -c 'sudo pip3 install requests' # or: # su -c 'yum install python-requests' # su -c 'yum install python3-requests' # usage: # python pyapitest.07.py # notes: # tested with python 2.7 and python 3.6 import sys import time import json import requests from requests.packages.urllib3.exceptions import InsecureRequestWarning requests.packages.urllib3.disable_warnings(InsecureRequestWarning) # specify username username = '<username>' # specify passphrase password = '<passphrase>' # specify BIG-IP self IP address (inband management IP) or # specify BIG-IP mgmt IP address (out of band management IP) bigipdev = '<management-ip>' # using a sample pool provided automatically by the API # (do not change) poolname = 'example' # specify latency in milliseconds # (delay between auth token generation and delay for retry) sleep_ms = 2 # specify number of loops loop_count = 2000 authpath = 'https://{}/mgmt/shared/authn/login'.format(bigipdev) conthead = {'Content-Type': 'application/json'} authdata = {'username': username, 'password': password} session = requests.Session() for loop in range(1,loop_count + 1): authtime = time.time() tokenrequest = session.post(url=authpath,data=json.dumps(authdata),headers=conthead,verify=False) # print('getting auth token: {:f}'.format(time.time() - authtime)) if tokenrequest.status_code == 200: tokendata = tokenrequest.json() xauthhead = {'X-F5-Auth-Token': tokendata['token']['token'], 'Content-Type': 'application/json'} querypath = 'https://{}/mgmt/tm/ltm/pool/{}'.format(bigipdev,poolname) # print('sleeping: {} millisecond(s)'.format(sleep_ms)) time.sleep(sleep_ms / 1000.0) poolcheck = session.get(url=querypath,headers=xauthhead,verify=False) # print('1st response: {:f}'.format(time.time() - authtime)) if poolcheck.status_code == 200: pooldata = poolcheck.json() # print(pooldata) elif poolcheck.status_code == 401: print('pool list 1st auth error ({}), sleeping {} ms, retrying loop {}:'.format(poolcheck.status_code,sleep_ms,loop)) time.sleep(sleep_ms / 1000.0) poolcheck = session.get(url=querypath,headers=xauthhead,verify=False) if poolcheck.status_code != 200: print('pool list 2nd auth error ({}), stopping in loop {}:'.format(poolcheck.status_code,loop)) break else: print('pool list 2nd attempt succeeded ({}) in loop {}, continuing'.format(poolcheck.status_code,loop)) else: print('pool list error ({}), stopping in loop {}'.format(poolcheck.status_code,loop)) break tokendelpath = 'https://{}/mgmt/shared/authz/tokens/{}'.format(bigipdev,tokendata['token']['token']) tokendelete = session.delete(url=tokendelpath,headers=xauthhead,verify=False) # print('deleting auth token: {:f}'.format(time.time() - authtime)) if tokendelete.status_code != 200: print('token delete error ({}), stopping in loop {}'.format(tokendelete.status_code,loop)) break else: print('getting token auth error ({}), stopping in loop {}'.format(tokenrequest.status_code,loop)) break # print('successful iterations: {}'.format(loop))Solved1.7KViews0likes5CommentsBig-IP Edge Client HELP!!!! SEH_Filter, UNHANDLED EXCEPTION!!! Code: 0xc000001d - Illegal instruction- ON windows 11 VM
Hello Folks, i am running the new MacBook with m1 chip and it requires that i can only run ARM based vm on it. I did find a windows 11 insider edition on ARM architecture. I got the windows 11 VM up and running and then installed the client downloaded from my company available publicly here. https://vpnconnect.bell.ca/vpn/public/share/BIGIPEdgeClient.exe The client starts up but then immediately closes after about 5s and in the logs the last error thrown is - Error 2021-11-24 3:34:46:061 Standalone SEH_Filter, UNHANDLED EXCEPTION!!! Look for F5CORE*.dmp files. Address: 0x71a0db00. Code: 0xc000001d - Illegal instruction earlier on a older laptop - i used to run a windows 7 vm on mac os and used the same client and same steps and it worked without any issues, but now with the new ARM architecture i can ONLY install windows 11 vm . so not sure if the issue is the architecture or windows 11 or something else? Please help suggest how I can proceed ? This is really critical I get the edge client working and connected on the windows 11 VM as i have apps that require the use of windows. Thanks in advance!!!798Views0likes0CommentsC3D, Client Certificate passing issue
For application new requirement, we need to pass the client certificate to backend server. We enabled the C3D option on the client and server SSL profile. I created the CA certificate and key (https://support.f5.com/csp/article/K14499) and attached to Server SSL profile. The below be the client and Server SSL profile (https://support.f5.com/csp/article/K14065425) . Refer the below settings. Prerequisites: • You must have a CA-Bundle used to validate incoming client certificates. --> Used Company's Certificate Bundle • You must have a Certificate and Key for Reverse Proxy -->Current application certificate • You must have a CA Certificate and Key that has the ability to create new certificates --> Created CA certificate and key from F5 (https://support.f5.com/csp/article/K14499) But when the client try to access application, we are getting SSL handshake error. Any configuration need to correct on F5 or ? Appreciate your help on this. 021-07-12 01:34:31,510 +0000#INFO#com.sap.scc.rt#com.sap.scc.servlets.AccessControlServlet$3# #SccEndpointValidator has thrown exception for HTTPS://141.122.200.74:64801: Received fatal alert: handshake_failure javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure 2021-07-12 01:34:31,510 +0000#INFO#com.sap.scc.ui#com.sap.scc.servlets.AccessControlServlet$3##Error when checking local connectivity to gatewaypp:64801 --> javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure918Views0likes5CommentsPer-Request policy Proxy Select and HTTPS
Hi, I can't see any info about limitation for Proxy Select object in Per-Request Policy (PRP) to only http traffic. It's working without issue for http request and pass them to upstream proxy. For https requests (with SSL Bypass Set before Proxy Select) Connection is never reaching upstream proxy. Instead in PRP log I have entry: Common/explicit_proxy_policy:Common:642030b8: Executed agent (/Common/explicit_complete_bypass_act_proxy_select_ag) failed with reason (UNKNOWN) Any idea why? Piotr421Views1like2CommentsASM Policy error importing on Version 14
Hi, I have 25 asm policies in Version 13 BIG-IP. When importing them all in to a new instance of BIP-IP 14, 2 policies give the same error and do not import. The error reads: Can't call method "new" on an undefined value at /usr/local/share/perl5/F5/ASMConfig/Entity/Suggestion.pm line 279. Is there something in the XML file that I can adjust/remove in order to correct this? Thank you385Views0likes1Comment