subject:"\[Puppet Users\] f5 module usage\/debugging tips\?"

Re: [Puppet Users] f5 module usage/debugging tips?

2013-10-01 Thread Gavin Williams

All

Just a quick note to confirm that this issue has been fixed in 3.3.1. 

I've just installed 3.3.1 rc2, and have been able to successfully create a 
new iRule on a v11 F5 device using Puppet. 

So now to try and sort out v11 support :) 

Cheers
Gavin 

On Tuesday, 30 July 2013 07:57:19 UTC+1, Gavin Williams wrote:
>
> Jeff/Chris/All
>
> Completely missed this topic when doing my own investigations on this 
> issue... 
>
> However the same problem discussed on 
> Puppet-devhas 
> highlighted the same issue... 
> I have therefore raised Issue 
> 21975to try and get it fixed... 
> Would probably be beneficial if you could 
> up-vote it...
>
> Cheers
> Gavin
>
> On Tuesday, 18 June 2013 13:56:33 UTC+1, jgm...@gmail.com wrote:
>>
>> Hi Chris,
>>
>> I think I've narrowed the issue down.
>>
>> I'm able to use the 10.2.0.2 f5 gem in a simple script with F5 v11.3.0 to 
>> create an f5_node so it looks like the F5 is keeping some 
>> backwards-compatibility.
>>
>> The problem is only occurring when the F5 gem is used within puppet. The 
>> f5 gem is using the ruby 1.8.7's built-in SOAP library that clashes with a 
>> monkey-patch in Puppet to override the instance_variables method of the 
>> basic Ruby Object class. 
>>
>> The patch was introduced in this commit: 
>> https://github.com/puppetlabs/puppet/commit/1f4e44c26a0d703d1192d26ef8ab555e4508e338
>> *lib/puppet/util/monkey_patches.rb*:
>>
>> class Object
>>   alias :puppet_original_instance_variables :instance_variables
>>
>>   def instance_variables
>> puppet_original_instance_variables.map(&:to_sym)
>>   end
>> end
>>
>>
>> This in turn clashes with the SOAP class in Ruby 1.8.7:
>> lib/soap/mapping/mapping.rb:
>>
>>   def self.get_attribute(obj, attr_name)
>> if obj.is_a?(::Hash)
>>   obj[attr_name] || obj[attr_name.intern]
>> else
>>   name = XSD::CodeGen::GenSupport.safevarname(attr_name)
>>   if obj.instance_variables.include?('@' + name)
>> obj.instance_variable_get('@' + name)
>>   elsif ((obj.is_a?(::Struct) or obj.is_a?(Marshallable)) and
>>   obj.respond_to?(name))
>> obj.__send__(name)
>>   end
>> end
>>   end
>>
>>
>> Since Puppet has overridden the instance_variable method to return an 
>> Array of Symbols, this breaks the obj.instance_variables.include?('@' + 
>> name) line because it is trying to compare a Symbol with a String which 
>> will always be false. This in turn causes the F5 gem to send SOAP requests 
>> to the F5 with nil values so the nodes are never created on the F5.
>>
>> This is a pretty strange issue as I thought that there would have been 
>> other users of the puppetlabs-f5 module with Ruby 1.8.7 and so would have 
>> hit the same issue, or am I missing something?
>>
>> Anyway, it looks like to fix the problem we'll either need to patch the 
>> F5 gem to override the above method within Ruby or somehow revert the 
>> monkeypatch in Puppet for the F5 puppet module, unless you can think of a 
>> cleaner and better solution?
>>
>> Jeff
>>
>> On Wednesday, June 12, 2013 3:34:02 PM UTC+10, Christopher Wood wrote:
>>>
>>> Unfortunately due to various non-puppet bigip upgrade issues I haven't 
>>> been able to back to this yet. If I get anything useful working I will 
>>> post. 
>>>
>>> On Tue, Jun 11, 2013 at 03:32:56AM -0700, jgm...@gmail.com wrote: 
>>> >Hi Chris, 
>>> >How did you go with trying to use the Puppet F5 module with 
>>> v11.3.0? I 
>>> >think I am having the same issue as you were. 
>>> >The puppet output would say that the resource was created but the 
>>> iControl 
>>> >debug logs shows that it is being sent an empty SOAP create 
>>> message. 
>>> >I've tried running a simple ruby script using the 10.2.0.2 f5 gem 
>>> and was 
>>> >able to create the node successfully so it looks the Puppet is 
>>> doing 
>>> >something funny. 
>>> >Any help would be greatly appreciated. 
>>> >Thanks, 
>>> >Jeff 
>>> > 
>>> >On Tuesday, February 12, 2013 8:31:04 AM UTC+11, Christopher Wood 
>>> wrote: 
>>> > 
>>> >  On Mon, Feb 11, 2013 at 12:40:12PM -0800, Nan Liu wrote: 
>>> >  >On Mon, Feb 11, 2013 at 8:27 AM, Christopher Wood 
>>> >  ><[1][1]christop...@pobox.com> wrote: 
>>> >  > 
>>> >  >  (Following up to my own post for posterity's sake, see 
>>> >  [2][2]xkcd.com/979.) 
>>> >  > 
>>> >  >  Short form: for me this isn't yet as easy as a file 
>>> resource but 
>>> >  the 
>>> >  >  puppetized management payoff will be worth the work. My 
>>> issues 
>>> >  are most 
>>> >  >  likely a reflection of my own puppet/ruby/iControl/SOAP 
>>> skill. 
>>> >  > 
>>> >  >  I am going to explore a personalized set of F5 
>>> types/providers 
>>> >  that I 
>>> >  >  can use without first loading up the

Re: [Puppet Users] f5 module usage/debugging tips?

2013-07-29 Thread Gavin Williams

Jeff/Chris/All

Completely missed this topic when doing my own investigations on this 
issue... 

However the same problem discussed on 
Puppet-devhas 
highlighted the same issue... 
I have therefore raised Issue 
21975to try and get it fixed... 
Would probably be beneficial if you could 
up-vote it...

Cheers
Gavin

On Tuesday, 18 June 2013 13:56:33 UTC+1, jgm...@gmail.com wrote:
>
> Hi Chris,
>
> I think I've narrowed the issue down.
>
> I'm able to use the 10.2.0.2 f5 gem in a simple script with F5 v11.3.0 to 
> create an f5_node so it looks like the F5 is keeping some 
> backwards-compatibility.
>
> The problem is only occurring when the F5 gem is used within puppet. The 
> f5 gem is using the ruby 1.8.7's built-in SOAP library that clashes with a 
> monkey-patch in Puppet to override the instance_variables method of the 
> basic Ruby Object class. 
>
> The patch was introduced in this commit: 
> https://github.com/puppetlabs/puppet/commit/1f4e44c26a0d703d1192d26ef8ab555e4508e338
> *lib/puppet/util/monkey_patches.rb*:
>
> class Object
>   alias :puppet_original_instance_variables :instance_variables
>
>   def instance_variables
> puppet_original_instance_variables.map(&:to_sym)
>   end
> end
>
>
> This in turn clashes with the SOAP class in Ruby 1.8.7:
> lib/soap/mapping/mapping.rb:
>
>   def self.get_attribute(obj, attr_name)
> if obj.is_a?(::Hash)
>   obj[attr_name] || obj[attr_name.intern]
> else
>   name = XSD::CodeGen::GenSupport.safevarname(attr_name)
>   if obj.instance_variables.include?('@' + name)
> obj.instance_variable_get('@' + name)
>   elsif ((obj.is_a?(::Struct) or obj.is_a?(Marshallable)) and
>   obj.respond_to?(name))
> obj.__send__(name)
>   end
> end
>   end
>
>
> Since Puppet has overridden the instance_variable method to return an 
> Array of Symbols, this breaks the obj.instance_variables.include?('@' + 
> name) line because it is trying to compare a Symbol with a String which 
> will always be false. This in turn causes the F5 gem to send SOAP requests 
> to the F5 with nil values so the nodes are never created on the F5.
>
> This is a pretty strange issue as I thought that there would have been 
> other users of the puppetlabs-f5 module with Ruby 1.8.7 and so would have 
> hit the same issue, or am I missing something?
>
> Anyway, it looks like to fix the problem we'll either need to patch the F5 
> gem to override the above method within Ruby or somehow revert the 
> monkeypatch in Puppet for the F5 puppet module, unless you can think of a 
> cleaner and better solution?
>
> Jeff
>
> On Wednesday, June 12, 2013 3:34:02 PM UTC+10, Christopher Wood wrote:
>>
>> Unfortunately due to various non-puppet bigip upgrade issues I haven't 
>> been able to back to this yet. If I get anything useful working I will 
>> post. 
>>
>> On Tue, Jun 11, 2013 at 03:32:56AM -0700, jgm...@gmail.com wrote: 
>> >Hi Chris, 
>> >How did you go with trying to use the Puppet F5 module with v11.3.0? 
>> I 
>> >think I am having the same issue as you were. 
>> >The puppet output would say that the resource was created but the 
>> iControl 
>> >debug logs shows that it is being sent an empty SOAP create message. 
>> >I've tried running a simple ruby script using the 10.2.0.2 f5 gem 
>> and was 
>> >able to create the node successfully so it looks the Puppet is doing 
>> >something funny. 
>> >Any help would be greatly appreciated. 
>> >Thanks, 
>> >Jeff 
>> > 
>> >On Tuesday, February 12, 2013 8:31:04 AM UTC+11, Christopher Wood 
>> wrote: 
>> > 
>> >  On Mon, Feb 11, 2013 at 12:40:12PM -0800, Nan Liu wrote: 
>> >  >On Mon, Feb 11, 2013 at 8:27 AM, Christopher Wood 
>> >  ><[1][1]christop...@pobox.com> wrote: 
>> >  > 
>> >  >  (Following up to my own post for posterity's sake, see 
>> >  [2][2]xkcd.com/979.) 
>> >  > 
>> >  >  Short form: for me this isn't yet as easy as a file 
>> resource but 
>> >  the 
>> >  >  puppetized management payoff will be worth the work. My 
>> issues 
>> >  are most 
>> >  >  likely a reflection of my own puppet/ruby/iControl/SOAP 
>> skill. 
>> >  > 
>> >  >  I am going to explore a personalized set of F5 
>> types/providers 
>> >  that I 
>> >  >  can use without first loading up the wsdl file for every 
>> involved 
>> >  >  iControl interface, version, and hotfix. 
>> >  > 
>> >  >  Points from my various BigIP/puppet experimentations: 
>> >  > 
>> >  >  a) The f5-icontrol-10.2.0.2.gem doesn't necessarily work 
>> with LTM 
>> >  >  11.1.0. (Or I haven't figured it out, also quite likely.) 
>> This 
>> >  could be 
>> >  >  because the gem ships different wsdl files but I couldn't 
>> get i

Re: [Puppet Users] f5 module usage/debugging tips?

2013-06-18 Thread jgmchan

Hi Chris,

I think I've narrowed the issue down.

I'm able to use the 10.2.0.2 f5 gem in a simple script with F5 v11.3.0 to 
create an f5_node so it looks like the F5 is keeping some 
backwards-compatibility.

The problem is only occurring when the F5 gem is used within puppet. The f5 
gem is using the ruby 1.8.7's built-in SOAP library that clashes with a 
monkey-patch in Puppet to override the instance_variables method of the 
basic Ruby Object class. 

The patch was introduced in this 
commit: 
https://github.com/puppetlabs/puppet/commit/1f4e44c26a0d703d1192d26ef8ab555e4508e338
*lib/puppet/util/monkey_patches.rb*:

class Object
  alias :puppet_original_instance_variables :instance_variables

  def instance_variables
puppet_original_instance_variables.map(&:to_sym)
  end
end


This in turn clashes with the SOAP class in Ruby 1.8.7:
lib/soap/mapping/mapping.rb:

  def self.get_attribute(obj, attr_name)
if obj.is_a?(::Hash)
  obj[attr_name] || obj[attr_name.intern]
else
  name = XSD::CodeGen::GenSupport.safevarname(attr_name)
  if obj.instance_variables.include?('@' + name)
obj.instance_variable_get('@' + name)
  elsif ((obj.is_a?(::Struct) or obj.is_a?(Marshallable)) and
  obj.respond_to?(name))
obj.__send__(name)
  end
end
  end


Since Puppet has overridden the instance_variable method to return an Array 
of Symbols, this breaks the obj.instance_variables.include?('@' + name) 
line because it is trying to compare a Symbol with a String which will 
always be false. This in turn causes the F5 gem to send SOAP requests to 
the F5 with nil values so the nodes are never created on the F5.

This is a pretty strange issue as I thought that there would have been 
other users of the puppetlabs-f5 module with Ruby 1.8.7 and so would have 
hit the same issue, or am I missing something?

Anyway, it looks like to fix the problem we'll either need to patch the F5 
gem to override the above method within Ruby or somehow revert the 
monkeypatch in Puppet for the F5 puppet module, unless you can think of a 
cleaner and better solution?

Jeff

On Wednesday, June 12, 2013 3:34:02 PM UTC+10, Christopher Wood wrote:
>
> Unfortunately due to various non-puppet bigip upgrade issues I haven't 
> been able to back to this yet. If I get anything useful working I will 
> post. 
>
> On Tue, Jun 11, 2013 at 03:32:56AM -0700, jgm...@gmail.com 
> wrote: 
> >Hi Chris, 
> >How did you go with trying to use the Puppet F5 module with v11.3.0? 
> I 
> >think I am having the same issue as you were. 
> >The puppet output would say that the resource was created but the 
> iControl 
> >debug logs shows that it is being sent an empty SOAP create message. 
> >I've tried running a simple ruby script using the 10.2.0.2 f5 gem and 
> was 
> >able to create the node successfully so it looks the Puppet is doing 
> >something funny. 
> >Any help would be greatly appreciated. 
> >Thanks, 
> >Jeff 
> > 
> >On Tuesday, February 12, 2013 8:31:04 AM UTC+11, Christopher Wood 
> wrote: 
> > 
> >  On Mon, Feb 11, 2013 at 12:40:12PM -0800, Nan Liu wrote: 
> >  >On Mon, Feb 11, 2013 at 8:27 AM, Christopher Wood 
> >  ><[1][1]christop...@pobox.com> wrote: 
> >  > 
> >  >  (Following up to my own post for posterity's sake, see 
> >  [2][2]xkcd.com/979.) 
> >  > 
> >  >  Short form: for me this isn't yet as easy as a file resource 
> but 
> >  the 
> >  >  puppetized management payoff will be worth the work. My 
> issues 
> >  are most 
> >  >  likely a reflection of my own puppet/ruby/iControl/SOAP 
> skill. 
> >  > 
> >  >  I am going to explore a personalized set of F5 
> types/providers 
> >  that I 
> >  >  can use without first loading up the wsdl file for every 
> involved 
> >  >  iControl interface, version, and hotfix. 
> >  > 
> >  >  Points from my various BigIP/puppet experimentations: 
> >  > 
> >  >  a) The f5-icontrol-10.2.0.2.gem doesn't necessarily work 
> with LTM 
> >  >  11.1.0. (Or I haven't figured it out, also quite likely.) 
> This 
> >  could be 
> >  >  because the gem ships different wsdl files but I couldn't 
> get it 
> >  to work 
> >  >  with later iControl wsdl files anyway. 
> >  > 
> >  >  b) In LTM 11, F5 deprecated some interfaces so puppet f5 
> module 
> >  >  providers like f5_node are suddenly using deprecated 
> interfaces. 
> >  > 
> >  >  c) Some parts of the iControl api are being updated/fixed 
> over 
> >  time, for 
> >  >  instance the hotfix id 388590 reading "Certificates can now 
> >  successfully 
> >  >  be updated using the iControl Management::KeyCertificate 
> >  interface", 
> >  >  see: 
> >  > 
> >  > 
> >   [3][3]
> http://support.f5.

Re: [Puppet Users] f5 module usage/debugging tips?

2013-06-11 Thread Christopher Wood

Unfortunately due to various non-puppet bigip upgrade issues I haven't been 
able to back to this yet. If I get anything useful working I will post.

On Tue, Jun 11, 2013 at 03:32:56AM -0700, jgmc...@gmail.com wrote:
>Hi Chris,
>How did you go with trying to use the Puppet F5 module with v11.3.0? I
>think I am having the same issue as you were.
>The puppet output would say that the resource was created but the iControl
>debug logs shows that it is being sent an empty SOAP create message.
>I've tried running a simple ruby script using the 10.2.0.2 f5 gem and was
>able to create the node successfully so it looks the Puppet is doing
>something funny.
>Any help would be greatly appreciated.
>Thanks,
>Jeff
> 
>On Tuesday, February 12, 2013 8:31:04 AM UTC+11, Christopher Wood wrote:
> 
>  On Mon, Feb 11, 2013 at 12:40:12PM -0800, Nan Liu wrote:
>  >    On Mon, Feb 11, 2013 at 8:27 AM, Christopher Wood
>  >    <[1][1]christop...@pobox.com> wrote:
>  >
>  >      (Following up to my own post for posterity's sake, see
>  [2][2]xkcd.com/979.)
>  >
>  >      Short form: for me this isn't yet as easy as a file resource but
>  the
>  >      puppetized management payoff will be worth the work. My issues
>  are most
>  >      likely a reflection of my own puppet/ruby/iControl/SOAP skill.
>  >
>  >      I am going to explore a personalized set of F5 types/providers
>  that I
>  >      can use without first loading up the wsdl file for every involved
>  >      iControl interface, version, and hotfix.
>  >
>  >      Points from my various BigIP/puppet experimentations:
>  >
>  >      a) The f5-icontrol-10.2.0.2.gem doesn't necessarily work with LTM
>  >      11.1.0. (Or I haven't figured it out, also quite likely.) This
>  could be
>  >      because the gem ships different wsdl files but I couldn't get it
>  to work
>  >      with later iControl wsdl files anyway.
>  >
>  >      b) In LTM 11, F5 deprecated some interfaces so puppet f5 module
>  >      providers like f5_node are suddenly using deprecated interfaces.
>  >
>  >      c) Some parts of the iControl api are being updated/fixed over
>  time, for
>  >      instance the hotfix id 388590 reading "Certificates can now
>  successfully
>  >      be updated using the iControl Management::KeyCertificate
>  interface",
>  >      see:
>  >
>  >    
>   
> [3][3]http://support.f5.com/kb/en-us/solutions/public/14000/100/sol14175.html
>  >
>  >      d) Judging by my soap-newbie eye the soap4r package appears
>  abandonware,
>  >      savon isn't up to complicated data structures and I have yet to
>  dive
>  >      into handsoap (the starter page says to start with a wsdl, see my
>  >      wsdl-tracking issues). Picking the right soap package to use is
>  likely
>  >      going to be job 1.
>  >
>  >      (If the list has any feedback to the above, I'm very much all
>  ears.)
>  >
>  >    Have you tried the v11
>  >    gem?�[4][4]https://devcentral.f5.com/internal-forums/aff/2306. The
>  module
>  >    certainly needs to updates against v11 API, but seems like it would
>  be a
>  >    better starting point.
>  >    Nan�
> 
>  I might give that a go. That LTM 11 gem is for 11.1.0 and I'm already on
>  11.3.0 in the lab due to a key/cert management issue, but the gem should
>  be fine if I rebuild it with the wsdl files from my lab device.
>   
>  >    --
>  >    You received this message because you are subscribed to the Google
>  Groups
>  >    "Puppet Users" group.
>  >    To unsubscribe from this group and stop receiving emails from it,
>  send an
>  >    email to [5]puppet-users...@googlegroups.com.
>  >    To post to this group, send email to [6]puppet...@googlegroups.com.
>  >    Visit this group at
>  [5][7]http://groups.google.com/group/puppet-users?hl=en.
>  >    For more options, visit
>  [6][8]https://groups.google.com/groups/opt_out.
>  >     
>  >     
>  >
>  > References
>  >
>  >    Visible links
>  >    1. mailto:[9]christop...@pobox.com
>  >    2. [10]http://xkcd.com/979
>  >    3.
>  
> [11]http://support.f5.com/kb/en-us/solutions/public/14000/100/sol14175.html
>  >    4. [12]https://devcentral.f5.com/internal-forums/aff/2306
>  >    5. [13]http://groups.google.com/group/puppet-users?hl=en
>  >    6. [14]https://groups.google.com/groups/opt_out
> 
> References
> 
>Visible links
>1. javascript:
>2. http://xkcd.com/979
>3. http://support.f5.com/kb/en-us/solutions/public/14000/100/sol14175.html
>4. https://devcentral.f5.com/internal-forums/aff/2306
>5. javascript:
>6. javascript:
>7. http://groups.google.com/group/puppet-users?hl=en
>

Re: [Puppet Users] f5 module usage/debugging tips?

2013-06-11 Thread jgmchan

Hi Chris,

How did you go with trying to use the Puppet F5 module with v11.3.0? I 
think I am having the same issue as you were.

The puppet output would say that the resource was created but the iControl 
debug logs shows that it is being sent an empty SOAP create message.

I've tried running a simple ruby script using the 10.2.0.2 f5 gem and was 
able to create the node successfully so it looks the Puppet is doing 
something funny.

Any help would be greatly appreciated.

Thanks,
Jeff

On Tuesday, February 12, 2013 8:31:04 AM UTC+11, Christopher Wood wrote:
>
> On Mon, Feb 11, 2013 at 12:40:12PM -0800, Nan Liu wrote: 
> >On Mon, Feb 11, 2013 at 8:27 AM, Christopher Wood 
> ><[1]christop...@pobox.com > wrote: 
> > 
> >  (Following up to my own post for posterity's sake, see [2]
> xkcd.com/979.) 
> > 
> >  Short form: for me this isn't yet as easy as a file resource but 
> the 
> >  puppetized management payoff will be worth the work. My issues are 
> most 
> >  likely a reflection of my own puppet/ruby/iControl/SOAP skill. 
> > 
> >  I am going to explore a personalized set of F5 types/providers that 
> I 
> >  can use without first loading up the wsdl file for every involved 
> >  iControl interface, version, and hotfix. 
> > 
> >  Points from my various BigIP/puppet experimentations: 
> > 
> >  a) The f5-icontrol-10.2.0.2.gem doesn't necessarily work with LTM 
> >  11.1.0. (Or I haven't figured it out, also quite likely.) This 
> could be 
> >  because the gem ships different wsdl files but I couldn't get it to 
> work 
> >  with later iControl wsdl files anyway. 
> > 
> >  b) In LTM 11, F5 deprecated some interfaces so puppet f5 module 
> >  providers like f5_node are suddenly using deprecated interfaces. 
> > 
> >  c) Some parts of the iControl api are being updated/fixed over 
> time, for 
> >  instance the hotfix id 388590 reading "Certificates can now 
> successfully 
> >  be updated using the iControl Management::KeyCertificate 
> interface", 
> >  see: 
> > 
> >  [3]
> http://support.f5.com/kb/en-us/solutions/public/14000/100/sol14175.html 
> > 
> >  d) Judging by my soap-newbie eye the soap4r package appears 
> abandonware, 
> >  savon isn't up to complicated data structures and I have yet to 
> dive 
> >  into handsoap (the starter page says to start with a wsdl, see my 
> >  wsdl-tracking issues). Picking the right soap package to use is 
> likely 
> >  going to be job 1. 
> > 
> >  (If the list has any feedback to the above, I'm very much all 
> ears.) 
> > 
> >Have you tried the v11 
> >gem?�[4]https://devcentral.f5.com/internal-forums/aff/2306. The 
> module 
> >certainly needs to updates against v11 API, but seems like it would 
> be a 
> >better starting point. 
> >Nan� 
>
> I might give that a go. That LTM 11 gem is for 11.1.0 and I'm already on 
> 11.3.0 in the lab due to a key/cert management issue, but the gem should be 
> fine if I rebuild it with the wsdl files from my lab device. 
>   
> >-- 
> >You received this message because you are subscribed to the Google 
> Groups 
> >"Puppet Users" group. 
> >To unsubscribe from this group and stop receiving emails from it, 
> send an 
> >email to puppet-users...@googlegroups.com . 
> >To post to this group, send email to 
> > puppet...@googlegroups.com. 
>
> >Visit this group at [5]
> http://groups.google.com/group/puppet-users?hl=en. 
> >For more options, visit [6]https://groups.google.com/groups/opt_out. 
> >  
> >  
> > 
> > References 
> > 
> >Visible links 
> >1. mailto:christop...@pobox.com  
> >2. http://xkcd.com/979 
> >3. 
> http://support.f5.com/kb/en-us/solutions/public/14000/100/sol14175.html 
> >4. https://devcentral.f5.com/internal-forums/aff/2306 
> >5. http://groups.google.com/group/puppet-users?hl=en 
> >6. https://groups.google.com/groups/opt_out 
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] f5 module usage/debugging tips?

2013-02-11 Thread Christopher Wood

On Mon, Feb 11, 2013 at 12:40:12PM -0800, Nan Liu wrote:
>On Mon, Feb 11, 2013 at 8:27 AM, Christopher Wood
><[1]christopher_w...@pobox.com> wrote:
> 
>  (Following up to my own post for posterity's sake, see [2]xkcd.com/979.)
> 
>  Short form: for me this isn't yet as easy as a file resource but the
>  puppetized management payoff will be worth the work. My issues are most
>  likely a reflection of my own puppet/ruby/iControl/SOAP skill.
> 
>  I am going to explore a personalized set of F5 types/providers that I
>  can use without first loading up the wsdl file for every involved
>  iControl interface, version, and hotfix.
> 
>  Points from my various BigIP/puppet experimentations:
> 
>  a) The f5-icontrol-10.2.0.2.gem doesn't necessarily work with LTM
>  11.1.0. (Or I haven't figured it out, also quite likely.) This could be
>  because the gem ships different wsdl files but I couldn't get it to work
>  with later iControl wsdl files anyway.
> 
>  b) In LTM 11, F5 deprecated some interfaces so puppet f5 module
>  providers like f5_node are suddenly using deprecated interfaces.
> 
>  c) Some parts of the iControl api are being updated/fixed over time, for
>  instance the hotfix id 388590 reading "Certificates can now successfully
>  be updated using the iControl Management::KeyCertificate interface",
>  see:
> 
>  
> [3]http://support.f5.com/kb/en-us/solutions/public/14000/100/sol14175.html
> 
>  d) Judging by my soap-newbie eye the soap4r package appears abandonware,
>  savon isn't up to complicated data structures and I have yet to dive
>  into handsoap (the starter page says to start with a wsdl, see my
>  wsdl-tracking issues). Picking the right soap package to use is likely
>  going to be job 1.
> 
>  (If the list has any feedback to the above, I'm very much all ears.)
> 
>Have you tried the v11
>gem?�[4]https://devcentral.f5.com/internal-forums/aff/2306. The module
>certainly needs to updates against v11 API, but seems like it would be a
>better starting point.
>Nan�

I might give that a go. That LTM 11 gem is for 11.1.0 and I'm already on 11.3.0 
in the lab due to a key/cert management issue, but the gem should be fine if I 
rebuild it with the wsdl files from my lab device.
 
>--
>You received this message because you are subscribed to the Google Groups
>"Puppet Users" group.
>To unsubscribe from this group and stop receiving emails from it, send an
>email to puppet-users+unsubscr...@googlegroups.com.
>To post to this group, send email to puppet-users@googlegroups.com.
>Visit this group at [5]http://groups.google.com/group/puppet-users?hl=en.
>For more options, visit [6]https://groups.google.com/groups/opt_out.
> 
> 
> 
> References
> 
>Visible links
>1. mailto:christopher_w...@pobox.com
>2. http://xkcd.com/979
>3. http://support.f5.com/kb/en-us/solutions/public/14000/100/sol14175.html
>4. https://devcentral.f5.com/internal-forums/aff/2306
>5. http://groups.google.com/group/puppet-users?hl=en
>6. https://groups.google.com/groups/opt_out

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] f5 module usage/debugging tips?

2013-02-11 Thread Nan Liu

On Mon, Feb 11, 2013 at 8:27 AM, Christopher Wood <
christopher_w...@pobox.com> wrote:

> (Following up to my own post for posterity's sake, see xkcd.com/979.)
>
> Short form: for me this isn't yet as easy as a file resource but the
> puppetized management payoff will be worth the work. My issues are most
> likely a reflection of my own puppet/ruby/iControl/SOAP skill.
>
> I am going to explore a personalized set of F5 types/providers that I can
> use without first loading up the wsdl file for every involved iControl
> interface, version, and hotfix.
>
>
>
> Points from my various BigIP/puppet experimentations:
>
> a) The f5-icontrol-10.2.0.2.gem doesn't necessarily work with LTM 11.1.0.
> (Or I haven't figured it out, also quite likely.) This could be because the
> gem ships different wsdl files but I couldn't get it to work with later
> iControl wsdl files anyway.
>
> b) In LTM 11, F5 deprecated some interfaces so puppet f5 module providers
> like f5_node are suddenly using deprecated interfaces.
>
> c) Some parts of the iControl api are being updated/fixed over time, for
> instance the hotfix id 388590 reading "Certificates can now successfully be
> updated using the iControl Management::KeyCertificate interface", see:
>
> http://support.f5.com/kb/en-us/solutions/public/14000/100/sol14175.html
>
> d) Judging by my soap-newbie eye the soap4r package appears abandonware,
> savon isn't up to complicated data structures and I have yet to dive into
> handsoap (the starter page says to start with a wsdl, see my wsdl-tracking
> issues). Picking the right soap package to use is likely going to be job 1.
>
> (If the list has any feedback to the above, I'm very much all ears.)


Have you tried the v11 gem?
https://devcentral.f5.com/internal-forums/aff/2306. The module certainly
needs to updates against v11 API, but seems like it would be a better
starting point.

Nan

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] f5 module usage/debugging tips?

2013-02-11 Thread Christopher Wood

(Following up to my own post for posterity's sake, see xkcd.com/979.)

Short form: for me this isn't yet as easy as a file resource but the puppetized 
management payoff will be worth the work. My issues are most likely a 
reflection of my own puppet/ruby/iControl/SOAP skill.

I am going to explore a personalized set of F5 types/providers that I can use 
without first loading up the wsdl file for every involved iControl interface, 
version, and hotfix.



Points from my various BigIP/puppet experimentations:

a) The f5-icontrol-10.2.0.2.gem doesn't necessarily work with LTM 11.1.0. (Or I 
haven't figured it out, also quite likely.) This could be because the gem ships 
different wsdl files but I couldn't get it to work with later iControl wsdl 
files anyway.

b) In LTM 11, F5 deprecated some interfaces so puppet f5 module providers like 
f5_node are suddenly using deprecated interfaces.

c) Some parts of the iControl api are being updated/fixed over time, for 
instance the hotfix id 388590 reading "Certificates can now successfully be 
updated using the iControl Management::KeyCertificate interface", see:

http://support.f5.com/kb/en-us/solutions/public/14000/100/sol14175.html

d) Judging by my soap-newbie eye the soap4r package appears abandonware, savon 
isn't up to complicated data structures and I have yet to dive into handsoap 
(the starter page says to start with a wsdl, see my wsdl-tracking issues). 
Picking the right soap package to use is likely going to be job 1.

(If the list has any feedback to the above, I'm very much all ears.)


On Thu, Jan 17, 2013 at 05:07:36PM -0500, Christopher Wood wrote:
> On Thu, Jan 17, 2013 at 03:48:08PM -0600, Nan Liu wrote:
> >On Thu, Jan 17, 2013 at 3:37 PM, Christopher Wood
> ><[1]christopher_w...@pobox.com> wrote:
> > 
> >  Usually when I make a change via the gui or tmsh I see the change
> >  reflected in the text config right away.
> > 
> >Good to know.
> >�
> > 
> >  > � �If you run puppet again does it attempt to make the same changes
> >  again?
> > 
> >  Yes, it does.
> > 
> >Interesting, what version of F5 are you using?
> 
> BIG-IP 11.1.0 Build 1943.0 Final 
> 
> Sounds like the f5-icontrol-10.2.0.2.gem could not work with that (unless 
> anybody here has a different experience). I'll file a case with F5 to ask 
> them.
> 
> >If you trim the manifests down, isolate to just an iRule and enable
> >--debug do you see this line:
> >Puppet::Provider::F5_Rule: creating {rule_name}
> >
> > [2]https://github.com/puppetlabs/puppetlabs-f5/blob/master/lib/puppet/provider/f5_rule/f5_rule.rb#L35
> 
> I do see these for both:
> 
> Debug: Puppet::Provider::F5_Node: creating F5 node 192.168.127.1
> Debug: Puppet::Provider::F5_Rule: creating cw1
> 
> Possibly time to go bother F5 about their gem.
> 
> >Does this message show up? In most cases any failure will result in an
> >appropriate SOAP error, so I'm curious if the transport should be
> >investigated or the puppet version (since you mentioned 3.0.2).
> >Thanks,
> >Nan
> > 
> >--
> >You received this message because you are subscribed to the Google Groups
> >"Puppet Users" group.
> >To post to this group, send email to puppet-users@googlegroups.com.
> >To unsubscribe from this group, send email to
> >puppet-users+unsubscr...@googlegroups.com.
> >For more options, visit this group at
> >http://groups.google.com/group/puppet-users?hl=en.
> > 
> > References
> > 
> >Visible links
> >1. mailto:christopher_w...@pobox.com
> >2. 
> > https://github.com/puppetlabs/puppetlabs-f5/blob/master/lib/puppet/provider/f5_rule/f5_rule.rb#L35
> 
> -- 
> You received this message because you are subscribed to the Google Groups 
> "Puppet Users" group.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to 
> puppet-users+unsubscr...@googlegroups.com.
> For more options, visit this group at 
> http://groups.google.com/group/puppet-users?hl=en.
> 

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] f5 module usage/debugging tips?

2013-01-17 Thread Christopher Wood

On Thu, Jan 17, 2013 at 03:48:08PM -0600, Nan Liu wrote:
>On Thu, Jan 17, 2013 at 3:37 PM, Christopher Wood
><[1]christopher_w...@pobox.com> wrote:
> 
>  Usually when I make a change via the gui or tmsh I see the change
>  reflected in the text config right away.
> 
>Good to know.
>�
> 
>  > � �If you run puppet again does it attempt to make the same changes
>  again?
> 
>  Yes, it does.
> 
>Interesting, what version of F5 are you using?

BIG-IP 11.1.0 Build 1943.0 Final 

Sounds like the f5-icontrol-10.2.0.2.gem could not work with that (unless 
anybody here has a different experience). I'll file a case with F5 to ask them.

>If you trim the manifests down, isolate to just an iRule and enable
>--debug do you see this line:
>Puppet::Provider::F5_Rule: creating {rule_name}
>
> [2]https://github.com/puppetlabs/puppetlabs-f5/blob/master/lib/puppet/provider/f5_rule/f5_rule.rb#L35

I do see these for both:

Debug: Puppet::Provider::F5_Node: creating F5 node 192.168.127.1
Debug: Puppet::Provider::F5_Rule: creating cw1

Possibly time to go bother F5 about their gem.

>Does this message show up? In most cases any failure will result in an
>appropriate SOAP error, so I'm curious if the transport should be
>investigated or the puppet version (since you mentioned 3.0.2).
>Thanks,
>Nan
> 
>--
>You received this message because you are subscribed to the Google Groups
>"Puppet Users" group.
>To post to this group, send email to puppet-users@googlegroups.com.
>To unsubscribe from this group, send email to
>puppet-users+unsubscr...@googlegroups.com.
>For more options, visit this group at
>http://groups.google.com/group/puppet-users?hl=en.
> 
> References
> 
>Visible links
>1. mailto:christopher_w...@pobox.com
>2. 
> https://github.com/puppetlabs/puppetlabs-f5/blob/master/lib/puppet/provider/f5_rule/f5_rule.rb#L35

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] f5 module usage/debugging tips?

2013-01-17 Thread Nan Liu

On Thu, Jan 17, 2013 at 3:37 PM, Christopher Wood <
christopher_w...@pobox.com> wrote:

>
> Usually when I make a change via the gui or tmsh I see the change
> reflected in the text config right away.

Good to know.

> >If you run puppet again does it attempt to make the same changes
> again?
>
> Yes, it does.
>

Interesting, what version of F5 are you using?

If you trim the manifests down, isolate to just an iRule and enable --debug
do you see this line:

Puppet::Provider::F5_Rule: creating {rule_name}

https://github.com/puppetlabs/puppetlabs-f5/blob/master/lib/puppet/provider/f5_rule/f5_rule.rb#L35

Does this message show up? In most cases any failure will result in an
appropriate SOAP error, so I'm curious if the transport should be
investigated or the puppet version (since you mentioned 3.0.2).

Thanks,

Nan

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] f5 module usage/debugging tips?

2013-01-17 Thread Christopher Wood

(inline)

On Thu, Jan 17, 2013 at 03:27:40PM -0600, Nan Liu wrote:
>On Thu, Jan 17, 2013 at 2:59 PM, Christopher Wood
><[1]christopher_w...@pobox.com> wrote:
> 
>  The question: how can I get extra debugging/troubleshooting information
>  to figure out why my F5 resources aren't applying? I see my "puppet
>  device" command claiming to have applied an f5_node and f5_rule, but the
>  irule and node respectively do not appear in the device's config.
> 
>  I have already turned up logging on the F5 device and debug/verbose in
>  my puppet device run and found nothing obvious there.
> 
>  (More details below.)
> 
>  I see these:
> 
>  Notice: /Stage[main]//Node[my_f5]/F5_node[192.168.127.1]/ensure: created
>  Notice: /Stage[main]//Node[my_f5]/F5_rule[cw1]/ensure: created
> 
>  As part of this set of debug output, but:
> 
>  [cwood@lb-lab:Active] log # grep cw1 /config/bigip.conf
>  [cwood@lb-lab:Active] log #
> 
>I'm not familiar with F5 tmsh, the puppet module is using iControl to
>update the device, so I don't know how changes are reflected in the text
>config.�

Usually when I make a change via the gui or tmsh I see the change reflected in 
the text config right away.

>If you run puppet again does it attempt to make the same changes again?

Yes, it does.

>If
>not the changes should have taken effect. Can you login to the web console
>and review if the rules were added to the device?

The changes were not applied to the device. (There is only the common partition 
and four nodes on the lab F5, and I was trying to add the fifth node.)

>Thanks,
>Nan
> 
>--
>You received this message because you are subscribed to the Google Groups
>"Puppet Users" group.
>To post to this group, send email to puppet-users@googlegroups.com.
>To unsubscribe from this group, send email to
>puppet-users+unsubscr...@googlegroups.com.
>For more options, visit this group at
>http://groups.google.com/group/puppet-users?hl=en.
> 
> References
> 
>Visible links
>1. mailto:christopher_w...@pobox.com

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] f5 module usage/debugging tips?

2013-01-17 Thread Nan Liu

On Thu, Jan 17, 2013 at 2:59 PM, Christopher Wood <
christopher_w...@pobox.com> wrote:

> The question: how can I get extra debugging/troubleshooting information to
> figure out why my F5 resources aren't applying? I see my "puppet device"
> command claiming to have applied an f5_node and f5_rule, but the irule and
> node respectively do not appear in the device's config.
>
> I have already turned up logging on the F5 device and debug/verbose in my
> puppet device run and found nothing obvious there.
>
> (More details below.)
>
> I see these:
>
> Notice: /Stage[main]//Node[my_f5]/F5_node[192.168.127.1]/ensure: created
> Notice: /Stage[main]//Node[my_f5]/F5_rule[cw1]/ensure: created
>
> As part of this set of debug output, but:
>
> [cwood@lb-lab:Active] log # grep cw1 /config/bigip.conf
> [cwood@lb-lab:Active] log #
>

I'm not familiar with F5 tmsh, the puppet module is using iControl to
update the device, so I don't know how changes are reflected in the text
config.

If you run puppet again does it attempt to make the same changes again? If
not the changes should have taken effect. Can you login to the web console
and review if the rules were added to the device?

Thanks,

Nan

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] f5 module usage/debugging tips?

2013-01-17 Thread Christopher Wood

The question: how can I get extra debugging/troubleshooting information to 
figure out why my F5 resources aren't applying? I see my "puppet device" 
command claiming to have applied an f5_node and f5_rule, but the irule and node 
respectively do not appear in the device's config.

I have already turned up logging on the F5 device and debug/verbose in my 
puppet device run and found nothing obvious there.

(More details below.)

I see these:

Notice: /Stage[main]//Node[my_f5]/F5_node[192.168.127.1]/ensure: created
Notice: /Stage[main]//Node[my_f5]/F5_rule[cw1]/ensure: created

As part of this set of debug output, but:

[cwood@lb-lab:Active] log # grep cw1 /config/bigip.conf
[cwood@lb-lab:Active] log # 

This is using puppet 3.0.2 on CentOS 6.3 x86_64.

My resources are as follows (one obviously from the module README):

  f5_rule { 'cw1':
ensure => present,
definition => 'when HTTP_REQUEST {}',
  }

  f5_node { '192.168.127.1':
ensure => present,
  }

Here is more debug output:

Debug: Puppet::Device::F5: connecting to F5 device my_f5.
Debug: Puppet::Device::F5: connecting to partition Common.
Debug: Using cached certificate for ca
Debug: Using cached certificate for my_f5
Debug: Loaded state in 0.00 seconds
Debug: node supports formats: b64_zlib_yaml pson raw yaml; using pson
Debug: Using cached certificate for ca
Debug: Using cached certificate for my_f5
Debug: Using cached certificate_revocation_list for ca
Info: Retrieving plugin
Debug: file_metadata supports formats: b64_zlib_yaml pson raw yaml; using pson
Debug: Finishing transaction 70108264693680
Debug: catalog supports formats: b64_zlib_yaml dot pson raw yaml; using pson
Info: Caching catalog for my_f5
Debug: Creating default schedules
Debug: Loaded state in 0.00 seconds
Info: Applying configuration version '1358454564'
Debug: Stage[main]: Skipping host resources because running on a device
Debug: Class[Main]: Skipping host resources because running on a device
Debug: Class[Settings]: Skipping host resources because running on a device
Debug: Class[Settings]: Skipping host resources because running on a device
Debug: Node[my_f5]: Skipping host resources because running on a device
Debug: Puppet::Provider::F5_Node: creating F5 node 192.168.127.1
Notice: /Stage[main]//Node[my_f5]/F5_node[192.168.127.1]/ensure: created
Debug: /Stage[main]//Node[my_f5]/F5_node[192.168.127.1]: The container 
Node[my_f5] will propagate my refresh event
Debug: Puppet::Provider::F5_Rule: creating cw1
Notice: /Stage[main]//Node[my_f5]/F5_rule[cw1]/ensure: created
Debug: /Stage[main]//Node[my_f5]/F5_rule[cw1]: The container Node[my_f5] will 
propagate my refresh event
Debug: Node[my_f5]: Skipping host resources because running on a device
Debug: Node[my_f5]: The container Class[Main] will propagate my refresh event
Debug: /Filebucket[puppet]: Skipping host resources because running on a device
Debug: Class[Main]: Skipping host resources because running on a device
Debug: Class[Main]: The container Stage[main] will propagate my refresh event
Debug: Stage[main]: Skipping host resources because running on a device
Debug: Finishing transaction 70108265534620
Debug: Storing state
Debug: Stored state in 0.13 seconds
Notice: Finished catalog run in 0.97 seconds
Debug: Value of 'preferred_serialization_format' (pson) is invalid for report, 
using default (b64_zlib_yaml)
Debug: report supports formats: b64_zlib_yaml raw yaml; using b64_zlib_yaml

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] f5 module usage/debugging tips?

Re: [Puppet Users] f5 module usage/debugging tips?

Re: [Puppet Users] f5 module usage/debugging tips?

Re: [Puppet Users] f5 module usage/debugging tips?

Re: [Puppet Users] f5 module usage/debugging tips?

Re: [Puppet Users] f5 module usage/debugging tips?

Re: [Puppet Users] f5 module usage/debugging tips?

Re: [Puppet Users] f5 module usage/debugging tips?

Re: [Puppet Users] f5 module usage/debugging tips?

Re: [Puppet Users] f5 module usage/debugging tips?

Re: [Puppet Users] f5 module usage/debugging tips?

Re: [Puppet Users] f5 module usage/debugging tips?

[Puppet Users] f5 module usage/debugging tips?

13 matches

Site Navigation

Mail list logo

Footer information