Changes to this project are documented in this file. More detail and links can be found in the Declarative Onboarding Document Revision History.
- AUTOTOOL-4400: Add Support for GSLB synchronize-zone-files Example
- AUTOTOOL-4326: Add Support for sha256 and aes256 in SnmpTrapDestination_authentication and SnmpTrapDestination_privacy
- Updated packages to the latest available versions
- AUTOTOOL-4381: Feature to prevent DO reverting the certificate to original when omitted Example
- Updated packages to latest available versions
- Updated packages to latest available versions
- Updated packages to latest available versions
- AUTOTOOL-3832: (GitHub 349): Fix modification of RouteDomain based SelfIPs
- Updated packages to latest available versions
- AUTOTOOL-4071: Ability to set WAF Settings: ecard_max_http_req_uri_len, ignore_cookies_msg_key, and cookie_secure_attr
- AUTOTOOL-4107: (GitHub 368): RoutingBGP neighbors addressFamilies asOverrideEnabled property
- AUTOTOOL-4058: (GitHub 363) and (GitHub 329): Creating a RoutingBGP fails if a RouteMap is not in the declaration
- AUTOTOOL-4020: (GitHub 86): Update trust certificates when updating device certificate
- AUTOTOOL-3907: Reports error with Radius server
- AUTOTOOL-3931: (GitHub Issue 656): Add WAF Settings configuration support on DO
- AUTOTOOL-3959: Add routeDomain property to RoutingPrefixList
- AUTOTOOL-1631: (GitHub Issue 139): Configure username and password prompts
- AUTOTOOL-4018: (GitHub Issue 335): Support for adding existing partition as userPartition in RemoteAuthRole
- AUTOTOOL-3942: Fix documentation output from newlines in guiSecurityBannerText
- Promoted to LTS
- AUTOTOOL-3849: DeviceCertificate hangs on BIG-IQ with no error response to user
- AUTOTOOL-3741: Failure to configure BIG-IP when built-in admin account is disabled
- AUTOTOOL-3867: Empty object defaults can cause upgrade failures
- AUTOTOOL-118: (Github Issue 9): Support for revoking license on a BIG-IP
- AUTOTOOL-3705: (GitHub Issue 278): url reference for Authentication ldap sslCaCert property
- AUTOTOOL-3799: Missing protocol values for SnmpUser_authentication and SnmpUser_privacy
- AUTOTOOL-3495: (Github Issue 304): Support Security Reporting Settings
- Promoted to LTS
- AUTOTOOL-3609: Change default value for 'allowService' on a 'SelfIp' to 'none'
- AUTOTOOL-2935: Updated vxlan tunnel creation to respect TrafficControl acceptIpOptions values
- AUTOTOOL-3526: (GitHub Issue 324): Add flag to User schema to disable the "enforce password change at first login" policy for the configured user
- AUTOTOOL-3412: (GitHub Issue 322): Restarting mcpd may wait for services that are not required
- AUTOTOOL-3555: Configuring TACACS can skip reporting errors
- AUTOTOOL-3558: Issues when there are no Firewall Policies to be processed
- AUTOTOOL-3498: (GitHub Issue 323): Improve handling on route-domains, by fixing error: "tryuntil error: ioctl failed: No such device"
- AUTOTOOL-3632: Can't refer to other devices in haOrder for a TrafficGroup during HA configuration
- AUTOTOOL-3482: (GitHub Issue 320): Transaction ID in restnoded log output
- AUTOTOOL-3506: (partial implementation of GitHub Issue 208): Add sshd KexAlgorithms
- AUTOTOOL-3415: (partial implementation of GitHub Issue 316): Support for auth password policy
- AUTOTOOL-3419: Issue warning when a SelfIp is modified that the default for 'allowService' will change to 'none' in version 1.35.0
- AUTOTOOL-3057: (GitHub Issue 297): Declarations with deviceCertificate via BIG-IQ fail
- AUTOTOOL-3308: (GitHub Issue 280): DNS_Resolver_forwardZones/name should accept “.” as FQDN
- AUTOTOOL-3413: (partial implementation of GitHub Issue 316): Enable/disable and set GUI Security Banner in System class
- AUTOTOOL-3414: (partial implementation of GitHub Issue 316): Properties to enable/disable SNMP V1 and V2c queries in the SnmpAgent class
- AUTOTOOL-3346: (GitHub Issue 314): RemoteAuthRole console property misconfigured when set to disabled
- AUTOTOOL-3337: (GitHub Issue 308): Fail quicker on bad targetPassphrase value
- AUTOTOOL-3328: (GitHub Issue 311): GSLBGlobals not processed
- AUTOTOOL-3349: (Github Issue 315): ManagementRoute Inconsistency
- AUTOTOOL-3155: (GitHub Issue 306): DO 1.29.0 unable to find /mgmt/tm/sys/provision
- AUTOTOOL-3323: Improve exception handling when running on BIG-IQ
- AUTOTOOL-3011: Can now validate with either 'Device' or 'DO' class using do.schema.json
- AUTOTOOL-3156: Declaration can fail while waiting for unprovisioned service to run
- AUTOTOOL-2850: (GitHub Issue 279): Management firewall policy does not work without AFM module
- AUTOTOOL-3012: (GitHub Issue 292): DO unable to change hostname correctly in Google Cloud
- AUTOTOOL-3040: SelfIp with RouteDomain cannot reach directly connected network
- AUTOTOOL-3051: Licensing can fail if restnoded restarts during processing.
- AUTOTOOL-2845: (GitHub Issue 276): SelfIp allowService property does not accept a mix of service:port and default
- AUTOTOOL-2881: (GitHub Issue 282): Security level is not automatically set in SnmpUser class.
- AUTOTOOL-2871: Allow user to explicitly specify the mgmt-dhcp setting
- AUTOTOOL-2970: routeDomain property to RoutingBGP and RouteMap
- AUTOTOOL-2612: (GitHub Issue 248): Licensing in GCP multi-NIC fails (Upgrade to f5-cloud-libs 4.26.7)
- AUTOTOOL-2941: (GitHub Issue 285): URL is incorrect in schema files
- Promoted to LTS
- AUTOTOOL-2846: (GitHub Issue 277): Items containing '.' or '-' characters in their names are not passing schema validation
- AUTOTOOL-2930: DNS_Resolver is not idempotent
- AUTOTOOL-2931: Tunnel is not idempotent
- AUTOTOOL-2939: Can't update just the description of ManagementIp
- AUTOTOOL-3006: Can't remove all items of a class
- AUTOTOOL-1898: Several idempotentcy issues are resolved. This required adding defaults for several items in the System class.
- AUTOTOOL-2764: (GitHub Issue 263): RouteDomain example references objects that do not exist
- AUTOTOOL-2677: (GitHub Issue 254): Declaration fails when Management IP already exists
- AUTOTOOL-2773: (GitHub Issue 267): DO fails when a route with a '/' in the name is added manually between DO runs.
- AUTOTOOL-2805: (GitHub Issue 269): Adding a Management Route Resets Management IP to DHCP.
- AUTOTOOL-2759: (GitHub Issue 178): Unsupported httpd ciphersuite
- AUTOTOOL-1797: (GitHub Issue 135): Unable to modify SelfIp referenced by ConfigSync
- AUTOTOOL-2775: GSLBDataCenter does not support remark
- AUTOTOOL-2857: When GTM is enabled, DO returns the error 'Monitor /Common/http is read only' on the second POST even when GSLB is not in the declaration.
- AUTOTOOL-2750: VXLAN Tunnel Profile support
- AUTOTOOL-2721: SnmpTrapDestination, SnmpUser, and SnmpCommunity objects cannot be removed once created
- AUTOTOOL-2688: (GitHub Issue 255): Firewall policies managed by AS3 are not ignored
- AUTOTOOL-2766: (GitHub Issue 264): Unable to use remote auth user on BIG-IQ to deploy DO declaration
- AUTOTOOL-2768: (GitHub Issue 265): DO fails when there is pre-existing route configuration with an interface type
- AUTOTOOL-2761: (GitHub Issue 261): DO always enables dhcp on mgmt interface after post declaration
- AUTOTOOL-2823: (GitHub Issue 274): Unable to specify gw and target in Route class
- AUTOTOOL-2780: (GitHub Issue 268): DO 1.24.0 doesn't honor Remote Role Groups "remoteAccess": true setting. Previously working on 1.21.1
- AUTOTOOL-2882: Unable to POST declaration with single RADIUS server
- AUTOTOOL-2544: Use a default of "UTC" for the timezone property of the NTP class
- AUTOTOOL-1156: (GitHub Issue 98, GitHub Issue 206): GRE and Geneve Tunnel Support
- AUTOTOOL-2668: (GitHub Issue 236): Added ebgpMultihop to RoutingBGP class
- AUTOTOOL-2675: (GitHub Issue 241): Add chargeBackTag to License class
- AUTOTOOL-2676: (GitHub Issue 218): Support for configuring management-ip-rules with ManagementIpFirewall class
- AUTOTOOL-705: SnmpTrapDestination default values for version, port, and network
- AUTOTOOL-2259: RoutingAccessList (net routing access-list)
- AUTOTOOL-2692: FirewallPolicy incorrectly allows VLANs to be included in the destination schema object
- AUTOTOOL-2528: Truth values in currentConfig response now map to MCP values rather than booleans
- Update f5-cloud-libs to 4.26.3
- Add failOnErrorMessages and failOnErrorCodes which are arrays of strings/regexes and integers, respectively. That prevent the retry logic from running. Effectively allowing for an early exit of specific failures.
- Add option to provision BIG-IP modules using a transaction
- Fix race condition between createOrModify and MCPD where MCPD first reports an object exists but it has already been deleted.
- AUTOTOOL-2680: Use Transactions for provisioning
- AUTOTOOL-2473: (GitHub Issue 224): Support management IP configuration
- AUTOTOOL-2491: (GitHub Issue 226): Preserve DHCP routes
- AUTOTOOL-2495: (GitHub Issue 230): Dry-run support
- AUTOTOOL-2471: (GitHub Issue 225): Ability to create type interface routes
- AUTOTOOL-2524: (GitHub Issue 237): RoutingPrefixList prefixLengthRange does not support strings
- AUTOTOOL-2595: Fix FailoverUnicast unicastAddresses.map is not a function
- AUTOTOOL-2616: (GitHub Issue 249): RoutingBGP 'toUpperCase' undefined error
- AUTOTOOL-1157: (GitHub Issue 101): Preserve user authorization keys if no keys were provided in declaration
- AUTOTOOL-2509: (GitHub Issue 220): autoLastHop property to "VLAN" class
- AUTOTOOL-2476: (GitHub Issue 227): DO might reboot BIGIP system when same configurations/declaration posted
- AUTOTOOL-2415: (GitHub Issue 216): Match the accepted "hypervisor" list on DO with what is accepted by BIG-IQ
- AUTOTOOL-2502: (GitHub Issue 233): DeviceGroup does not work with IPv6
- AUTOTOOL-2497: (GitHub Issue 234): Race condition when creating self-ip on non-default route-domain
- AUTOTOOL-2571: Failover Unicast "cannot read property indexOf of undefined"
- AUTOTOOL-531: Properties in the 'traces', 'currentConfig', and 'originalConfig' sections of the response to a request now match what is sent to iControl REST rather than what is in the declaration
- AUTOTOOL-2532: (GitHub Issue 242): Pull MAC address from management interface instead of the host device MAC address.
- Promoted to LTS
- AUTOTOOL-2433: (GitHub Issue 221): Configure LDAP referrals
- AUTOTOOL-2074: (GitHub Issue 190): Invalid config after upgrading DO from 1.15.0
- AUTOTOOL-2041: (GitHub Issue 125): Declaration containing NTP servers by dns name failing in certain cases
- AUTOTOOL-2224: (GitHub Issue 201): Pre-DO GTM Server preventing DO declaration from running
- AUTOTOOL-2448: (GitHub Issue 177): Disk class causes errors on declaration update
- AUTOTOOL-2506: Use +nocookie option with dig commands
- AUTOTOOL-1991: Added RoutingBGP
- AUTOTOOL-2350: Added FirewallPolicy
- AUTOTOOL-2351: (GitHub Issue 203): Added FirewallAddressList and FirewallPortList
- AUTOTOOL-2242: (GitHub Issue 204): Cannot read property 'applicationData' of undefined
- AUTOTOOL-2080: Task status change after restnoded process restarted
- AUTOTOOL-2215: (GitHub Issue 198): Allow DeviceGroup owner to be an IPv6 address without having to use a json-pointer.
- Improve schema compatibility with BIG-IQ UI
- AUTOTOOL-1990: Route Map
- AUTOTOOL-2175: Add support for HTTP GSLB monitor
- AUTOTOOL-2176: GSLB Prober Pool
- AUTOTOOL-2173: Add support for virtual servers in GSLB server
- AUTOTOOL-2180: GSLB Monitors (Remaining)
- AUTOTOOL-1238: (GitHub Issue 118): Improve behavior when tenant is missing
- AUTOTOOL-2002: GSLB Data Center
- AUTOTOOL-2001: GSLB Server
- AUTOTOOL-1654: Routing Prefix List
- AUTOTOOL-2058: (GitHub Issue 179): Add support for specifying BIG-IQ auth provider for licensing.
- AUTOTOOL-1882: Log version on startup
- AUTOTOOL-1799: (GitHub Issue 149): Can only create one DeviceGroup
- AUTOTOOL-2139: GSLB schema defaults are not applied in some cases
- AUTOTOOL-1373: (GitHub Issue 128): Support Failover Multicast on the BIG-IPs default device.
- AUTOTOOL-1923: (GitHub Issue 164): Rudimentary DeviceCertificate validation
- AUTOTOOL-1943: (GitHub Issue 156): Allow variable expressions in some RemoteAuthRole fields
- AUTOTOOL-1532: (GitHub Issue 143): Parent property to RouteDomain
- AUTOTOOL-2003: Configure global GSLB settings
- AUTOTOOL-1942: RemoteAuthRole remoteAccess property logic is backwards
- AUTOTOOL-1955: (GitHub Issue 177): Disk size must be larger than current size
- AUTOTOOL-1798: (GitHub Issue 140): Unable to specify route domain in route gw address
- AUTOTOOL-1924: (GitHub Issue 163): Accept 'all' as a single word for HTTPD allow value
- AUTOTOOL-1652: Add support for routing as-path
- AUTOTOOL-1374: (GitHub Issue 112): Add support for MirrorIp class
- AUTOTOOL-1577: Add support for LDAPS certificate settings
- AUTOTOOL-1990: Retry license install if we get a connection reset
- Target VLAN errors from the inspect endpoint
- AUTOTOOL-1899: Fix minor schema issues. No type for minPathMtu and use const for Tunnel class
- AUTOTOOL-1845: (GitHub Issue 147): Route creation order can be incorrect
- AUTOTOOL-530: Add Trace files for debug printing
- AUTOTOOL-1307: (GitHub Issue 111): Add support for SSHD allowed source IP's
- AUTOTOOL-1635: (GitHub Issue 72): Support tenant property when licensing
- AUTOTOOL-1675: (GitHub Issue 152): Add support for creating and configuring multiple failover unicasts
- AUTOTOOL-1206: Add experimental support for resizing appdata
- AUTOTOOL-1749: (GitHub Issue 141): Add support for creating routes on the LOCAL_ONLY partition.
- Improve schema for use with BIG-IQ 7.1
- AUTOTOOL-126: Add support for DNS Resolver
- AUTOTOOL-1610: Add support for VLAN failsafe settings
- AUTOTOOL-1358: (GitHub Issue 123): TCP Forward Tunnel Support
- AUTOTOOL-1609: Add support for creating and configuring traffic groups
- AUTOTOOL-1091: Bad class values do not fail schema validation
- AUTOTOOL-1659: MAC_Masquerade fails to roll back properly
- AUTOTOOL-1521: Update npm packages
- AUTOTOOL-1380: (GitHub Issue 126): Add fields to partially support SSL for LDAP auth. Additional fields for this GitHub issue TBD.
- AUTOTOOL-1437: Add userAgent to a controls object
- AUTOTOOL-1445: Add authentication type to DO TEEM telemetry
- AUTOTOOL-1236: (GitHub Issue 107): Add support for System autoCheck setting
- AUTOTOOL-1248: (GitHub Issue 120): Add support for System tmshAuditLog and guiAuditLog
- AUTOTOOL-1322: (GitHub Issue 96): Support generated MAC Masquerade on Traffic Groups according to https://support.f5.com/csp/article/K3523.
- AUTOTOOL-1491 (GitHub Issue 138): Cannot create a device group with AFM provisioned
- AUTOTOOL-1469: Problems with latest Azure image
- AUTOTOOL-901 (GitHub Issue 79): charset not allowed in Content-Type header
- Update @f5devcentral/f5-teem package dependency to 1.4.6
- AUTOTOOL-152: Ability to upload device certificate
- AUTOTOOL-1094 (GitHub Issue 91): Provisioning fails if module does not exist on box
- AUTOTOOL-1170: Call webhook after declaration requiring reboot
- AUTOTOOL-1388: Fix allowed schema versions
- AUTOTOOL-1440 (GitHub Issue 132): Schema is incompatible with golang regexp
- AUTOTOOL-902 (GitHub Issue 81): Added missing roles for RemoteAuthRole.role enum
- GitHub Issue 103: Avoid deleting dos-global-dg device group
- AUTOTOOL-1014: Update to f5-teem 1.4.2
- AUTOTOOL-1388: Fix allowed schema versions
- AUTOTOOL-1223: Allow provisioning SSLO module
- AUTOTOOL-1139 (GitHub Issue 100): Route Configuration can conflict with DHCP
- AUTOTOOL-1125 (GitHub Issue 104): Setting ConfigSync does not handle device name / hostname mismatch and (GitHub Issue 113): Attempting to modify ConfigSync on non-existing device - device not resolving properly
- AUTOTOOL-1166: Requiring a reboot causes task to never complete
- AUTOTOOL-1235: Relicensing BIG-IP can be interrupted by service restart
- AUTOTOOL-1124: Allow IP addresses for configuring cluster members
- AUTOTOOL-993: Add support for System autoPhonehome setting
- AUTOTOOL-916: Add support for provisioning CGNAT on BIG-IP v15.0+
- AUTOTOOL-343: On BIG-IP 14+, revoke license from BIG-IQ does not work
- Make sure config is saved before issuing revoke command
- Fix issue when existing radius servers are present and none are the primary
- AUTOTOOL-903: Integration test improvements: Run integration tests against BIG-IP 13.1, 14.0 and 14.1 instances
- AUTOTOOL-910: Add query parameter {statusCodes: 'experimental'} to enable new status codes as implemented in AUTOTOOL-727
- AUTOTOOL-807: Fix bug in which DO was unable to set hostname in AWS environment (K45728203)
- AUTOTOOL-806: Fix bug in which changes to the network property for ManagementRoute and Route would not actually update the config Issue 75
- AUTOTOOL-904: Fix /example endpoint
- AUTOTOOL-727: Changed HTTP status for GET requests to be 200 unless something goes wrong with the actual request. The results of the request will contain the status. (This change could break compatibility with previous versions)
- AUTOTOOL-855: Updated packages
- AUTOTOOL-945: Integration test improvements: Debug logs are now written to test/logs. Retry when getting current assignments from BIG-IQ.
- Add support for SSHD class Issue 50
- Add support for HTTPD class Issue 50
- AUTOTOOL-708: Add support for cliInactivityTimeout, consoleInactivityTimeout, and hostname in System class
- AUTOTOOL-747: Add Declarative Onboarding analytics reporting to F5
- Fix bug in which DO was unable to use management network for SnmpTrapDestination
- Fix bug in which DO creates incomplete RADIUS authentication configuration
- Fix bug in which DO was unable to remove Radius System Auth configuration
- Fix bug in which DO doesn't remove secondary Radius server when it is absent in declaration
- Add /inspect endpoint to determine existing configuration of device
- Add support for Authentication class
- Add support for Authentication - Radius
- Add support for Authentication - TACACS
- Add support for Remote Role Groups
- Add support for Authentication - LDAP
- Add support for SNMP Agent and Traps
- Add support for Syslog RemoteServers
- Add schema reference documentation
- Add support for DAG Globals
- Add support for cmp-hash for VLAN Issue 1
- Add support for Traffic Control
- Add support for Trunk class
- Resolve Issue 53
- Resolve Issue 60
- Resolve Issue 67
- Fix bug in which DO sets task status to ERROR right away while it is still rolling back
- Fix bug in which DO was unable to create new VLAN(s) when no Route Domain(s) specified in declaration. Now DO will add new VLAN(s) to Route Domain with ID 0 unless otherwise specified.
- Allow 'none' as valid value for configsyncIp (ConfigSync class)
- Handle the automatic update of root password when admin password changes on 14.0 and later
- DeviceGroup.owner is now required
- When targetSshKey is used try bash shell to modify targetUsername password if tmsh shell fails.
- Improve masking of nested secrets
- Improve Route Domains handling
- Upgrade f5-cloud-libs to improve licensing from BIG-IQ reg key pools
- Add support for Management Route
- Add support for Route Domains Issue 10
- When running on BIG-IQ, poll TCW longer to match the TCW timeout
- Add legacy schemas to /schema for validation.
- Add Authorized Keys capability to user declarations.
- Allow setting global analytics settings.
- Resolve Issue 35
- Resolve Issue 14
- Resolve Issue 26
- Resolve Issue 40
- Fix bug in which credentials could appear in declaration results when revoking a license.
- Fix issue in which initial clustering failure would prevent clustering from working on subsequent attempts due to using the wrong device name (resolved in f5-cloud-libs).
- LicensePool now respects custom management access port of BIG-IP that is being licensed.
- Disable DHCP for DNS/NTP if DO will be configuring them.
- RADIUS server secret will no longer appear in the log.
- When a 400 is received from restjavad, DO will now retry licensing.
- License keys will no longer appear in the log.
- Fix vulnerability CVE-2019-5021 in DO container
- Allow for onboarding multiple devices at once.
- taskId is now returned from POST onboard requests
- New /task API to retrieve status by task
- Initial port to run on BIG-IQ for use in onboarding BIG-IP from BIG-IQ
- Add 'overwrite' option when licensing via BIG-IQ
- Allow for licenses to be revoked when licensed via BIG-IQ
- Allow modification of a SelfIp address
- Fix bug in which all self ips would be updated if there was a change to any of them
- Fix bug in which clustering was not working if ASM was provisioned
- Allow $schema property for use in local validation of declaration
- Support for remote provisioning via ASG.
- Fix bug which rejected CIDR of 1x on SelfIp.
- Fix bug in which DB vars are not rolled back in the event of an error
- Support licensing via BIG-IQ utility, purchased, and reg key pools.
- Allow setting global db variables.
- Fix clustering race condition when onboarding 2 devices at the same time.
- Fix bug which was improperly deleting objects which just had a property change.
- Fix issue where device name was not being set if hostname already matched declaration.
- Ensure that non-floating self IPs are created before floating self IPs.
- Allow partition access 'all-partitions' when creating regular users.
- Allow shell of 'none' when creating regular users.
- Better reporting of schema validation errors.
- Apply defaults from the schema.
- Dis-allow sync-failover device group with both autoSync and fullLoadOnSync.
- Handle missing content-type header.
- Initial release of DO, which supports
- DNS
- NTP
- License with reg key
- User creation/modification
- VLANs
- Self IPs
- Routes
- DSC