Virtual server requires a profile of type http or http-connect for ltm policy #873
Comments
kingb33
added
bug
|
I have tried some work arounds to get past this problems but any applied HTTP profile breaks the traffic flow of the virtual server. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Environment
Summary
When Building a Virtual server that has an LTM policy, it is required that the VS has an HTTP or HTTP-CONNECT profile even when it is not a requirement. My existing VS is configured fior SSL Passthrough. I cannot apply an HTTP profile or it will break my VS.
Based on existing configuration that was completed via the GUI, I know that my Virtual Server can apply a LTM Policy that is looking for details at the "client-accepted" stage of the request.
Steps To Reproduce
Steps to reproduce the behavior:
{ "class": "AS3", "action": "deploy", "persist": true, "declaration": { "class": "ADC", "schemaVersion": "3.52.0", "id": "id", "label": "WebApp", "OPENSHIFT": { "class": "Tenant", "Shared": { "class": "Application", "template":"shared" }, "PREPROD": { "class": "Application", "api-int.ocpq1_vs": { "class": "Service_TCP", "label": "****", "persistenceMethods": [], "policyEndpoint": "api-int.ocpq1_Policy", "pool": "api-int.ocpq1_http_pool", "profileTCP": {"egress": {"bigip": "/Common/f5-tcp-lan"}, "ingress": {"bigip": "/Common/f5-tcp-wan"}}, "remark": "***", "snat": "auto", "virtualAddresses": ["***"], "virtualPort": **** }, "api-int.ocpq1_http_pool": { "class": "Pool", "label": "Pool for api-int.ocpq1_vs", "members": [{"hostname": "***", "servicePort": ***, "addressDiscovery": "fqdn", "autoPopulate": true}, {"hostname": "***", "servicePort": ****, "addressDiscovery": "fqdn", "autoPopulate": true}, {"hostname": "***", "servicePort": ****, "addressDiscovery": "fqdn", "autoPopulate": true}, {"hostname": "***", "servicePort": ***, "addressDiscovery": "fqdn", "autoPopulate": true}], "monitors": [{"bigip": "/Common/tcp_half_open"}], "remark": "Pool for api-int.ocpq1_vs" }, "api-int.ocpq1_allowList": { "class": "Data_Group", "keyDataType": "ip", "label": "Allow list for...", "storageType": "internal", "records": [{"key": "****"}, {"key": "****"}] }, "api-int.ocpq1_Policy": { "class": "Endpoint_Policy", "label": "Routing policy for...", "remark": "Routing policy for...", "rules": [{"name": "OpenshiftAllow", "remark": "Restrict access to ...", "actions": [{"type": "drop", "event": "client-accepted"}], "conditions": [{"type": "tcp", "event": "client-accepted", "address": {"operand": "does-not-match", "datagroup": {"use": "api-int.ocpq1_allowList"}}}]}], "strategy": "all-match" } } } } }"The operation for OPENSHIFT has returned code: 422 with the following message: 010716d9:3: Virtual server /OPENSHIFT/OCPQ/api-int.ocpq_VS requires a profile of type http or http-connect for ltm policy /OPENSHIFT/Shared/api-int_Policy."Expected Behavior
This error message should not occur. It should build the Virtual server with the LTM policy applied. The LTM policy itself does not require any form of HTTP profile as its conditions/actions are all based on information/details that are available.
NOTE: If I remove the policy_endpoint from the Virtual Server config specified in the json and apply it manually in the GUI, it completes and works as intended.
Actual Behavior
The AS3 execution fails to create the specified config with the following error: "The operation for OPENSHIFT has returned code: 422 with the following message: 010716d9:3: Virtual server /OPENSHIFT/OCPQ/api-int.ocpq_VS requires a profile of type http or http-connect for ltm policy /OPENSHIFT/Shared/api-int_Policy."
The text was updated successfully, but these errors were encountered: