Forum Discussion
AaronMyers_4409
Nimbostratus
NimbostratusError When Executing LDAP iApp - Need Assistance
When running the built-in LDAP iApp on a cluster running 11.4.1 I receive the error below. I am creating a new LDAP/s virtual server where SSL is terminated on the F5, then plain text to the domain controllers. I have an existing regular LDAP pool with an existing LDAP monitor associated to it. I have the options in the new LDAP config use that existing pool and the same associated health monitor. This should be possible should it not?
Any help is appreciated.
script did not successfully complete: (can't read "::app_health__monitor": no such variable
while executing
"subst $substa_out"
invoked from within
"if { [info exists [set substa_in]] } {
set substa_out [subst $$substa_in]
set substa_out [subst $substa_out]
} else {
..."
("uplevel" body line 3)
invoked from within
"uplevel {
append ::substa_debug "\n$substa_in"
if { [info exists [set substa_in]] } {
set substa_out [subst $$substa_in]
..."
(procedure "iapp::substa" line 9)
invoked from within
"iapp::substa monitor($create_new_monitor)"
invoked from within
"iapp::conf create ltm pool ${app}_pool [iapp::substa pool_lb_method($advanced,$is_edge)] [iapp::pool_members $::vs_pool__pool_members -fields {conn..."
invoked from within
"subst $substa_out"
invoked from within
"if { [info exists [set substa_in]] } {
set substa_out [subst $$substa_in]
set substa_out [subst $substa_out]
} else {
..."
("uplevel" body line 3)
invoked from within
"uplevel {
append ::substa_debug "\n$substa_in"
if { [info exists [set substa_in]] } {
set substa_out [subst $$substa_in]
..."
(procedure "iapp::substa" line 9)
invoked from within
"iapp::substa pool($create_new_pool)"
(procedure "configure_ldap_deployment" line 178)
invoked from within
"configure_ldap_deployment"
invoked from within
"subst $substa_out"
invoked from within
"if { [info exists [set substa_in]] } {
set substa_out [subst $$substa_in]
set substa_out [subst $substa_out]
} else {
..."
("uplevel" body line 3)
invoked from within
"uplevel {
append ::substa_debug "\n$substa_in"
if { [info exists [set substa_in]] } {
set substa_out [subst $$substa_in]
..."
(procedure "iapp::substa" line 9)
invoked from within
"iapp::substa main($do_v11_3,$upgrade,$downgrade)" line:446)
Should be possible, but it appears the iApp has a bug when using an existing pool. You can workaround this issue by letting the iApp create the ldap pool for you. You can use your existing monitor, you just have to let the iapp create the pool to get around the script error.
Hi Aaron, can you post the sanitized output of /var/tmp/scriptd.out here? We are able to induce an error but only when running the iApp in advanced mode, and it's a different error than yours.
The output should look something like this:
Starting iApp /Common/f5.ldap 04/29/2014 13:31:13 create ltm persistence source-addr ldap_iapp_source_address_persistence create ltm pool ldap_iapp_pool load-balancing-mode least-connections-member members none monitor /Common/ldap_monitor_2 slow-ramp-time 300 queue-on-connection-limit disabled min-active-members 0 create ltm profile client-ssl ldap_iapp_client_ssl defaults-from clientssl key /Common/default.key cert /Common/default.crt create ltm profile tcp ldap_iapp_wan_optimized_tcp defaults-from tcp-wan-optimized create ltm profile tcp ldap_iapp_lan_optimized_tcp defaults-from tcp-lan-optimized create ltm virtual ldap_iapp_vs destination 5.4.5.4:636 fallback-persistence none ip-protocol tcp persist replace-all-with { ldap_iapp_source_address_persistence } pool ldap_iapp_pool profiles replace-all-with { ldap_iapp_client_ssl { context clientside } ldap_iapp_wan_optimized_tcp { context clientside } ldap_iapp_lan_optimized_tcp { context serverside } } snat automap vlans-disabled vlans none rules none main(0,0,0) vs_port(0,1) primary_persist(0,0,0)* pool(0)* pool_lb_method(0,0) monitor(0) pool_slow_ramp(0,0)* tcp_req_queueing(0,0)* pool_pga(0,0)* client_ssl(1,0,0) server_ssl(0,0,0)* client_tcp(0,0,0)* server_tcp(0,0,0)* snat(1,1,0) irules(0) Ending iApp /Common/f5.ldap 04/29/2014 13:31:13 Run time 136 msec
AaronMyers_4409Thanks for the replies. I was confident I could in fact run it fine if I created dedicated pools and monitors, but it seemed counter intuitive since the concept of pools should allow us to use more than one virtual server sharing a common pool.
I looked at the output of that file and unfortunately it was less than enlightening:
Starting iApp /Common/f5.ldap 04/29/2014 13:14:04 create ltm persistence source-addr AD_SecureLDAP_source_address_persistence Starting iApp /Common/f5.ldap 04/29/2014 13:30:21 create ltm persistence source-addr AD_SecureLDAP_source_address_persistence Starting iApp /Common/f5.ldap 04/29/2014 13:32:04 create ltm persistence source-addr AD_SecureLDAP_source_address_persistenceYes, that's unhelpful. Can you post the choices you made to produce the error, aside from the use existing pool/monitor ones?
- AaronMyers_4409
Sure. I should note also that the original pool and monitor were not created from an iApp. They were created as part of a template when we were running on older 10.x code. Perhaps that is related, perhaps not.
So this is a box that was upgraded from v10? I am testing with the same choices in the iApp and not able to repro the error, so my guess is that it has something to do with the v10-created objects. Can you test if it still errors out with a new manually-created pool/monitor?
- AaronMyers_4409
Yes, it must be related. I am able to complete the iApp if I choose to create a new pool and monitor. Odd. So, I have a couple duplicate objects doing the same thing now, but it does work. Thanks for the replies and assistance.
