f5devcentral / f5-automation-labs Goto Github PK

I have a problem connecting in RDP to machine LINUX JUMPHOST it fails,
In CONSOLE it succeeds but registers constantly that there is a problem with the machine.
can you help me?

Task 3.2.2.2.1 Pull WAF policy from the BIG-IP A is failing. Getting the following error:
fatal: [localhost -> localhost]: FAILED! => {
"changed": false,
"module_stderr": "/usr/lib/python2.7/site-packages/urllib3/connectionpool.py:858: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings\n InsecureRequestWarning)\nTraceback (most recent call last):\n File "/tmp/ansible_3ObWKB/ansible_module_f5_asm_getExportedPolicy.py", line 96, in \n main()\n File "/tmp/ansible_3ObWKB/ansible_module_f5_asm_getExportedPolicy.py", line 87, in main\n if obj.run():\n File "/tmp/ansible_3ObWKB/ansible_module_f5_asm_getExportedPolicy.py", line 57, in run\n f = open( "/home/snops/f5-rs-waf/roles/waf_policies/files/waf_policies/" + str(self._policy_new_name[0]) + ".xml","w")\nIOError: [Errno 13] Permission denied: '/home/snops/f5-rs-waf/roles/waf_policies/files/waf_policies/owasptop10-v02.xml'\n",
"module_stdout": "",
"msg": "MODULE FAILURE",
"rc": 1
}
[WARNING]: Could not create retry file '/home/snops/f5-rs-
waf/playbooks/manage_waf_policies.retry'. [Errno 13] Permission denied:
u'/home/snops/f5-rs-waf/playbooks/manage_waf_policies.retry'

PLAY RECAP *********************************************************************
localhost : ok=3 changed=3 unreachable=0 failed=1

Build step 'Execute shell' marked build as failure
[Slack Notifications] found #1 as previous completed, non-aborted build
Finished: FAILURE

RDP to linux jumnphose failed to connect.
Both BIG-IPs in offline state.

I don't know if this is the appropriate place to post this issue. Apologies in advance.

Regarding the article: K13333: Filtering log messages sent to remote syslog servers (11.x - 15.x)

There are certain changes to be made to the sys config if we want to be able to filter out specific syslog events. i.e.

ENTER: tmsh
modify sys syslog remote-servers none
save sys config
edit sys syslog all-properties

You will enter a vi editor, so use vi commands:
Replace the include none line with the desired syslog filter.

delete line: include none
AT that same line, insert via cut and paste the following text:

include "
filter f_remote_loghost {
level(warn..emerg);
};

destination d_remote_loghost {
tcp("10.7.3.11" port(1468));
udp("10.7.3.11" port(514));
};

log {
source(s_syslog_pipe);
filter(f_remote_loghost);
destination(d_remote_loghost);
};
"

exit the vi editor by saving the file

The issue is, since we want to roll this out to new devices via automation, I am looking for ways to automate this particular change.
I get the sense that this won't be possible with Declarative Onboarding. I am not sure if it is possible with the Imperative model or not since it involves editing the syslog porting of the config file.

It could be scripted outside of those two methods but it would be great to be able to incorporate it in someway either via Postman or Ansible.

Any help ????

Many Thanks,
rjc

I tried to deploy the cloudformation template (CFT)
https://s3.us-east-2.amazonaws.com/supernetops-cf-templates/class1.template
This template calls:
https://s3.us-east-2.amazonaws.com/supernetops-cf-templates/snops_jumphost.template https://s3.us-east-2.amazonaws.com/supernetops-cf-templates/snops_server.template
seems that the ami image-ids are not available anymore.
e.g. in use-east-1 ami-b391b9c8 is not available anymore.
Not sure how to update the template.

https://github.com/f5devcentral/f5-automation-labs/blob/develop/docs/class1/labinfo/aws.rst
HTTPS: Use a HTML5 browser to connect to https://

https is not permittet due to the acl (instance security group name: f5-automation-JumpHostStack-1CWYACZVRDQ3O-InstanceSecurityGroup-MDFXKCL5WV5X)
Enable remote access via port SSH (22) and RDP (3389)

rdp works.

I am unable to import any of the JSON files into my local Postman. Postman just complains of an "import" error.

What is Postman?
What is a runner?
typo: in set hostname
would helpful to have a screencast of the steps
doing actions, but not completely understand the reason

Hi, class 3 module 3 describes how to run a Jenkins pipeline to deploy the f5-rs-app3 application and corresponding WAF policy in DEV, later in production. It seems that the Jenkins folder mentioned in the lab guide is missing ( “Agility devSecOps - f5-rs-app3-dev” ). It seems to have been replaced by another folder ('AWAF - AWS, F5 AO toolchaain (DO,AS3)').
I checked the Linux toolbox system and the f5-rs-container to see if I could find a Jenkins pipeline script that I could import, but it doesn't seem to be there. Probably the f5usecases/f5-rs-container got updated.
Can you please advise @0xHiteshPatel

From first paragraph:
...please contact you F5 account team... should read ... your F5 account team...

From second paragraph:
...full DevOps CI/CD pipieline ... should read ... pipeline ...

Hi All whenever I am running Lab1.6 is just executed first three requests and after that I am getting below error

"Type:Error cannot read property 'split' of undefined

Hello

I have tried two times the same lab 3.1 and both times it fails on the same spot. The two times I have tried they were on two different lab time slots, restored UCS files from emergency folder, for both LTM a and b, run the same steps from Postman Runner and got the same 1 failed result at the end. And unfortunately can't move to next lab base on the previous one not completed.

It fails at Step 3 with fail error "Max Tries Reached" for bigip-b.f5.local and stops at that.

I am not sure if that would be a bug or I am missing something.

Your help is greatly appreciated,

Hi,

I'm having trouble getting through Class 2, Lab 3.2.

The first build script 'f5-newman-build-1' runs fine and the virtual server is built on bigip-a with no pool member.

The second build script 'f5-newman-build-2', I get a 400 Bad Request when trying to create the pool members with PATCH. I'm not sure how all these newman scripts piece together just yet so it might be user (me) error. Unfortunately, I'm not a DevOps guy (thus the training) and I'm a bit out of my depth here troubleshooting.

It seems there ist no BigIP in the cloudformation templates included.
only Infrastructure within a VPC but not all instances

• 2 x F5 BIG-IP VE (v12.1.x) -n/a-
• 1 x F5 iWorkflow VE (v2.3) -n/a-
• 1 x Linux Server -> SNOPSServer
• 1 x Linux Jumphost -> SNOPSJumphost

In https://clouddocs.f5.com/training/community/programmability/html/class3/labinfo/labinfo.html:

".. Warning:: All work for this lab will be performed exclusively from the Linux Jumphost. No installation or interaction with your local system is required."

As the SNOPS class 3 in ravello and used at Agility uses the WIndows Jumphost

Suggest rephrasing to "
.. Warning:: All work for this lab will be performed exclusively from the Jumphost. No installation or interaction with your local system is required.
"

When accessing the Console there is a boot error message:

"error: no video mode activated"

I imagine this means I will not be able to access the the GUI to complete the lab steps.

I have been working with DO for about a month off and on.

I was looking through the schema reference for 1.33.0 (CloudDocs Home > F5 Declarative Onboarding > Appendix A: Schema Reference) for the properties relating to 'System -> Preferences'. Objects like 'Records Per Screen' 'Default System Settings' etc. Unless I am missing something, these objects are not included in the schema. I assume there are a number of objects at the System level that are not included.

I am asking the question, which I believe I already know the answer to. Is there a way to modify these objects via DO?
(I believe I am limited to only what is in the schema noted above.)

ONE OTHER THING:
Using DO, I would like to configure multiple named Management Routes to direct i.e. SYSLOG, NTP, TACACS via the management interface. I have tried to do this using 'ManagementRoute' but this only modifies the management route that is configured during the initial config process. (plus there is no name property) I am assuming there is no way to configure named management routes included in the schema.

Thanks For Engaging!!

rjc