F5 Integration

JoRodriguez · 5 October 2018 15:53

Hi, so we’re trying to implement some new integration with disabling and enabling nodes in F5 for rolling deployments but we can’t seem to get the “F5 - Enable, Disable, or Force Offline Member with optional wait for connections to drop” integration to find the pool member in our F5 server. I’m hoping it’s something simple but we’ve tried putting the node IP address and pool names in there all sorts of different ways and it doesn’t seem to work. Could you take a look at our output and let us know what we might be doing wrong? I’ve removed IP addresses and server names that we already know are correct.

Member is {pool member ip address}:80

October 5th 2018 09:47:20

Info

Currently deploying to {server name}

October 5th 2018 09:47:21

Info

True

October 5th 2018 09:47:21

Info

Setting {node server name} to Offline in {F5 pool name} pool.

October 5th 2018 09:47:21

Error

Set-F5.LTMPoolMemberState : Exception caught in

October 5th 2018 09:47:21

Error

LocalLB:iControl:LocalLB/PoolMember::set_monitor_state()

October 5th 2018 09:47:21

Error

Exception: Common::OperationFailed

October 5th 2018 09:47:21

Error

primary_error_code : 16908342 (0x01020036)

October 5th 2018 09:47:21

Error

secondary_error_code : 0

October 5th 2018 09:47:21

Error

error_string : 01020036:3: The requested Pool Member

October 5th 2018 09:47:21

Error

(/Common/{F5 pool name} /Common/{node IP address} 80) was not

October 5th 2018 09:47:21

Error

found.

October 5th 2018 09:47:21

Error

At C:\Octopus\Work\20181005144718-36726-78\Script.ps1:87 char:5

October 5th 2018 09:47:21

Error

Set-F5.LTMPoolMemberState -Pool $Pool -Member $Member -state $Oct …

October 5th 2018 09:47:21

Error

October 5th 2018 09:47:21

Error

CategoryInfo : OpenError: (error:String) [Set-F5.LTMPoolMemberS

October 5th 2018 09:47:21

Error

tate], SoapHeaderException

October 5th 2018 09:47:21

Error

FullyQualifiedErrorId : 2,iControlSnapIn.CmdLet.LTM.PoolMember.SetLTMPoo

October 5th 2018 09:47:21

Error

lMemberState

October 5th 2018 09:47:21

Error

October 5th 2018 09:47:21

Fatal

The remote script failed with exit code 1

October 5th 2018 09:47:21

Fatal

The action F5 - Disable on {node server name} failed

Lawrence_Wilson · 9 October 2018 08:17

Hi,
Thanks for getting in touch! I’m sorry for the long delay in getting back to you on this one. One option could be to extract out the Script used in this step template and attempt to run the code directly against your F5 from a management PC.

For example you could press the copy to clipboard button on our library (alternatively you can take the template from github) then paste everything inside Octopus.Action.Script.ScriptBody into Notepad++

You will find that this pastes the entire script on 1 line (using \n for new-lines). If you do a find-and-replace like this, you can expand out the script properly:

This will give you the exact script that your Octopus Server should use to run the step template. From there you should be able to step through the code to see where we might be able to pin-point what the problem is.

After a little bit of digging I found that this template first tries to load the snapin: iControlSnapin

Add-PSSnapin iControlSnapin;

One possibility is that either this is failing to load, or it might be loading a newer version which potentially may have a breaking change that this script may not have been prepared for.

The code which seems to be giving you trouble appears to be here in the script

        Write-Host \"Setting $curhost to Offline in $Pool pool\";
        # We've now waited the desired amount, go ahead and force offline and move on with deployment
        Set-F5.LTMPoolMemberState -Pool $Pool -Member $Member -state Offline;

One option could be to attempt to run this locally and see what gets returned (Please change the values as necessary though)

I’d be interested in hearing if this helps you get to closer to the answer. Unfortunately I don’t currently have an F5 load balancer setup in my testing environment but hopefully your results can point us in the right direction.

Kind regards,
Lawrence.

JoRodriguez · 9 October 2018 14:37

Hey Lawrence,

We just figured this out actually, but thanks for replying to my question. We’ve, of course, run into a whole other issue though. Maybe you could help me out with it. We are trying to integrate CyberArk into the deployment and it looks like we’ll have to use Powershell for that piece. Do you know of any other methods or any documentation I could use to get that piece set up? We’re not sure exactly how to do it since the passwords change periodically and automatically but I’m sure there’s a way. Any help or information you have would be greatly appreciated!

Thanks,

Jose Rodriguez

Lawrence_Wilson · 11 October 2018 03:35

Hi Jose,
Thanks for keeping in touch, I’m glad to haer you have found a solution to your F5 problem! Regarding CyberArk, after doing a bit of reading up my understanding is that you can retrieve credentials via the CyberArk API.

One option could be to trigger a deployment in Octopus to fetch passwords and store them as Octopus Variables once they are updated. Your deployments could then reference an Octopus Variable for the latest password. In this case, you could pull these credentials out of CyberArk and using the Octopus API, store them as Octopus Variables. A great way to do this could be with Octopus.Client. This allows you to interact with the Octopus API. We also keep a public repository on github for some examples in using Octopus.Cliens, for example, here’s a script to update an existing Project Variable

I’m interested to know if this is something that might interest you.

Kind regards,
Lawrence.