Journeys deploy fails to get the defaults_from for clientssl profiles

Question

Journeys deploy fails to get the defaults_from for clientssl profiles

Opened this issue 4 months ago · 2 comments

Environment

Dev box for testing Journeys conversion to AS3

F5OS Platform and Version

i11800
16.1.5.1

DESTINATION BIG-IP VERSION

Sys::Version
Main Package
  Product     BIG-IP
  Version     16.1.5.1
  Build       0.0.7
  Edition     Point Release 1
  Date        Tue Sep 10 10:14:21 PDT 2024

SOURCE BIG-IP VERSION

Sys::Version
Main Package
  Product     BIG-IP
  Version     16.1.5.1
  Build       0.0.7
  Edition     Point Release 1
  Date        Tue Sep 10 10:14:21 PDT 2024

SUMMARY

When running the application deployment in the Journeys tool its not setting the "defaults-from" based on my .ucs file but instead is setting the "defaults-from" to the default clientssl profile. I have confirmed that the profile that's part of the .ucs file is built in my F5 LTM.

STEPS TO REPRODUCE

1. Load .ucs file
2. Select the tenant to deploy
3. Rename the tenant and application name
4. Add the tenant and deploy
5. Deployment is successful

When I log into the LTM to verify the deployment everything looks good except the clientssl default parent is set to clientssl and I would expect it to be /Common/custom_clientssl_v1.4.2.

EXPECTED RESULTS

Names changed for the purpose of this post:

ltm profile client-ssl /T1/A1/https_443_clientssl {
app-service none
cert-key-chain {
default {
cert /Common/cert1-10May26-0F9E
key /Common/key1-10May26-0F9E
}
}
defaults-from /Common/custom_clientssl_v1.4.2
inherit-ca-certkeychain true
inherit-certkeychain false
renegotiation disabled
sni-default false
}

ACTUAL RESULTS

Names changed for the purpose of this post:

ltm profile client-ssl /T1/A1/https_443_clientssl {
app-service none
cert-key-chain {
default {
cert /Common/cert1-10May26-0F9E
key /Common/key1-10May26-0F9E
}
}
defaults-from /Common/clientssl
inherit-ca-certkeychain true
inherit-certkeychain false
renegotiation disabled
sni-default false
}

Screenshots:

Journeys Logs:

I'm happy to provide this but not in a public forum.

Developer console output:

no errors in the deployment

App Version:

v4.2.0

Answer 1 · 2024-10-28T18:09:14.000Z

I checked the AS3 docs and I don't see an object for selecting the clientssl default parent. Am I missing something or is the expectation that we build a clientssl profile based on the clientssl profile?

Answer 2 · 2024-10-28T18:38:06.000Z

It seems like a bug for handling defaults-from in general. Filed internal issue for tracking: JOURNEYS-667.