Skip to content

Default Persistence Profile #1062

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
skreienk opened this issue Mar 27, 2025 · 3 comments
Open

Default Persistence Profile #1062

skreienk opened this issue Mar 27, 2025 · 3 comments
Labels
Backlog issue will be tracked by JIRA in backlog bug

Comments

@skreienk
Copy link

Environment

  • TMOS/Bigip Version: 15.1.0.4
  • Terraform Version: v1.11.2
  • Terraform bigip provider Version: provider registry.terraform.io/f5networks/bigip v1.22.8

Summary

When adding or changing the persistence profile, it is only checked when a VIP is created. If the persistence profile is changed the difference is never found or applied.

Steps To Reproduce

Steps to reproduce the behavior:

  1. Create a VIP using "bigip_ltm_virtual_server"

  2. After the VIP is created add a persistence profile and apply the change. Alternately, change an existing VIP on the F5.

Expected Behavior

Terraform should alert and try to correct the configuration drift.

Actual Behavior

The config change (or drift, if done on the F5) is silently ignored.
@skreienk skreienk added the bug label Mar 27, 2025
@pgouband
Copy link
Collaborator

Hi @skreienk,

I tried to create a virtual server without persist, add a persistence and remove it.
Test done on v14, 15 and 16.
All steps were successful and visible in the webui.

main.tf used in step 2:

resource "bigip_ltm_virtual_server" "https" {
  name                       = "/Common/terraform_vs_https"
  destination                = "10.255.255.254"
  description                = "VirtualServer-test"
  port                       = 443
  client_profiles            = ["/Common/clientssl"]
  server_profiles            = ["/Common/serverssl"]
  persistence_profiles       = ["/Common/source_addr"]
}
  1. VS without persistence
ubuntu@ubuntu:~/terraform/vs-persist-1062$ terraform plan -out persist

Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following
symbols:
  + create

Terraform will perform the following actions:

  # bigip_ltm_virtual_server.https will be created
  + resource "bigip_ltm_virtual_server" "https" {
      + client_profiles                = [
          + "/Common/clientssl",
        ]
      + default_persistence_profile    = (known after apply)
      + description                    = "VirtualServer-test"
      + destination                    = "10.255.255.254"
      + fallback_persistence_profile   = (known after apply)
      + firewall_enforced_policy       = (known after apply)
      + id                             = (known after apply)
      + ip_protocol                    = "tcp"
      + mask                           = (known after apply)
      + name                           = "/Common/terraform_vs_https"
      + per_flow_request_access_policy = (known after apply)
      + port                           = 443
      + profiles                       = (known after apply)
      + server_profiles                = [
          + "/Common/serverssl",
        ]
      + snatpool                       = (known after apply)
      + source                         = (known after apply)
      + source_address_translation     = (known after apply)
      + source_port                    = (known after apply)
      + state                          = "enabled"
      + trafficmatching_criteria       = (known after apply)
      + translate_address              = "enabled"
      + translate_port                 = "enabled"
      + vlans_enabled                  = false
    }

Plan: 1 to add, 0 to change, 0 to destroy.

───────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────

Saved the plan to: persist

To perform exactly these actions, run the following command to apply:
    terraform apply "persist"
ubuntu@ubuntu:~/terraform/vs-persist-1062$ terraform apply "persist"
bigip_ltm_virtual_server.https: Creating...
bigip_ltm_virtual_server.https: Creation complete after 1s [id=/Common/terraform_vs_https]

Apply complete! Resources: 1 added, 0 changed, 0 destroyed.
  1. adding persistence
ubuntu@ubuntu:~/terraform/vs-persist-1062$ terraform plan -out persist
bigip_ltm_virtual_server.https: Refreshing state... [id=/Common/terraform_vs_https]

Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following
symbols:
  ~ update in-place

Terraform will perform the following actions:

  # bigip_ltm_virtual_server.https will be updated in-place
  ~ resource "bigip_ltm_virtual_server" "https" {
        id                             = "/Common/terraform_vs_https"
        name                           = "/Common/terraform_vs_https"
      + persistence_profiles           = [
          + "/Common/source_addr",
        ]
        # (25 unchanged attributes hidden)
    }

Plan: 0 to add, 1 to change, 0 to destroy.

───────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────

Saved the plan to: persist

To perform exactly these actions, run the following command to apply:
    terraform apply "persist"
ubuntu@ubuntu:~/terraform/vs-persist-1062$ terraform apply "persist"
bigip_ltm_virtual_server.https: Modifying... [id=/Common/terraform_vs_https]
bigip_ltm_virtual_server.https: Modifications complete after 0s [id=/Common/terraform_vs_https]

Apply complete! Resources: 0 added, 1 changed, 0 destroyed.
  1. removing persistence
ubuntu@ubuntu:~/terraform/vs-persist-1062$ terraform plan -out persist
bigip_ltm_virtual_server.https: Refreshing state... [id=/Common/terraform_vs_https]

Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following
symbols:
  ~ update in-place

Terraform will perform the following actions:

  # bigip_ltm_virtual_server.https will be updated in-place
  ~ resource "bigip_ltm_virtual_server" "https" {
        id                             = "/Common/terraform_vs_https"
        name                           = "/Common/terraform_vs_https"
      ~ persistence_profiles           = [
          - "/Common/source_addr",
        ]
        # (26 unchanged attributes hidden)
    }

Plan: 0 to add, 1 to change, 0 to destroy.

───────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────

Saved the plan to: persist

To perform exactly these actions, run the following command to apply:
    terraform apply "persist"
ubuntu@ubuntu:~/terraform/vs-persist-1062$ terraform apply "persist"
bigip_ltm_virtual_server.https: Modifying... [id=/Common/terraform_vs_https]
bigip_ltm_virtual_server.https: Modifications complete after 0s [id=/Common/terraform_vs_https]

Apply complete! Resources: 0 added, 1 changed, 0 destroyed.

@skreienk
Copy link
Author

skreienk commented Mar 28, 2025
edited
Loading

My terraform:

resource "bigip_ltm_virtual_server" "Agile" {
        name                            = "/${local.f5partition}/Agile${local.platformtype}"
        destination                     = local.vip_ip-agile
        description                     = "Created by Terraform - Primary VIP servicing users"
        port                            = 80
        pool                            = bigip_ltm_pool.Agile.name
                                        #Don't know why TCP has to be there, but it does.
        profiles                        = [
                                                "/Common/tcp",
                                                "/Common/http",
                                                "/${local.f5partition}/OC-255.255.255.255",
                                        ]
#BUG: The persistence profiles are only applied when CREATING the VIP.  2025-03-27 SWK.  Provider registry.terraform.io/f5networks/bigip v1.22.8.  Opened bug on Github.
        persistence_profiles            = [
                                                "/${local.f5partition}/Cookie-Agile"
                                        ]
        irules                          = [
                                                "/Common/_sys_https_redirect"
                                        ]
        source_address_translation      = "snat"
        snatpool                        = bigip_ltm_snatpool.Agile.name
        translate_address               = "enabled"
        translate_port                  = "enabled"
}

When I apply the terraform originally everything is set correctly. If I then go in and manually remove the Default Persistence Profile on the F5 GUI and run another terraform plan, the change is not discovered.

terraform plan
bigip_ltm_virtual_server.Agile: Refreshing state... [id=/AgilePY-936/AgilePY]
No changes. Your infrastructure matches the configuration.

@pgouband
Copy link
Collaborator

pgouband commented Apr 1, 2025

Hi,

Thanks for reporting. Added to the backlog and internal tracking ID for this request is: INFRAANO-1885.

@pgouband pgouband added bug Backlog issue will be tracked by JIRA in backlog and removed waiting-response labels Apr 1, 2025
@pmaddev pmaddev mentioned this issue Apr 16, 2025
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Backlog issue will be tracked by JIRA in backlog bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@pgouband @skreienk