Applies To:

Show Versions Show Versions

Release Note: F5 iWorkflow version 2.0.0
Release Note

Original Publication Date: 06/16/2016

Summary:

This release note documents version 2.0.0 of iWorkflow. iWorkflow 2.0.0 is available as a Virtual Edition image only. An ISO image is not available.

Contents:

- Product description
- Screen resolution requirement
- Browser support
- iWorkflow compatibility with BIG-IP, Cisco APIC, and VMware NSX systems
- User documentation for this release
- Software installation
- Fixes
- Behavior changes
- Known issues
- Contacting F5 Networks
- Legal notices

Product description

Cloud administrators can use iWorkflow to supply tenants with on-demand access to resources such as networks, servers, storage, applications, and services. These cloud resources can be located on BIG-IP devices in a private local network, a public third-party cloud service, or a combination of both.

Tenants have restricted and dedicated access to resources based on their unique tenant role and user account. Cloud space can be expanded, retracted, and reallocated to tenants as needed, providing flexible resource balancing.

Screen resolution requirement

To properly display, the iWorkflow system requires that your screen resolution is set to 1280x1024 or higher.

Browser support

This release supports the following browsers and versions:

  • Microsoft Internet Explorer version 11 and later.
  • Mozilla Firefox version 29.x and later.
  • Google Chrome version 34.x and later.

iWorkflow compatibility with BIG-IP, Cisco APIC, and VMware NSX systems

SOL11198324: F5 iWorkflow compatibility matrix provides a summary of version compatibility of F5 iWorkflow with BIG-IP, Cisco APIC, and VMware NSX releases.

User documentation for this release

For a comprehensive list of documentation that is relevant to this release, refer to the iWorkflow version 2.0.0 documentation page.

Software installation

For procedures about specifying network options and performing initial configuration, refer to the guide most appropriate for your organization:
  • F5® iWorkflow™: Private Cloud Administration guide.
  • F5® iWorkflow™: Cisco APIC Administration guide.
  • F5® iWorkflow™: VMware NSX Administration guide.

Fixes

ID Number Functional Area Description
553685 Cloud If panel filtering on the Catalog panel in the UI doesn't seem to work, ignore the filter and look at the whole collection.
554249 Cloud After an HA service instance is uninstalled in NSX, the iWorkflow device's Cluster Management UI shows the updated Device Service Cluster (DSC) group for the HA service instance.

Behavior changes

There are no behavior changes included in this release.

Known issues

ID Number Functional Area Description Workaround (if available)
549939 Cloud If you try to modify the HA VLAN tag of an APIC device cluster, it will not change.
549990 Cloud No fault is shown on the APIC when the BIG-IP device credentials are changed to an invalid value. Further attempts to configure the BIG-IP device fail since they are attempted with incorrect credentials. The APIC cannot configure the BIG-IP device. Change the credentials to their correct value.
553539 Cloud If you are logged into an iWorkflow device that is added as a high availability (HA) peer to a different iWorkflow device, the system becomes unavailable for a short interval as the new system is added. When the system becomes available again, the user interface session might have ended without redirecting to the login screen. This occurs in the user interface of an iWorkflow device that is being added as an HA peer to another iWorkflow device that you are also logged into while the peer synchronization happens. The user interface of the second device might be unresponsive or show incorrect or no data. If there are errors in the user interface of a iWorkflow device after it is added to another iWorkflow device as an HA peer, log out and log back in.
553544 Cloud The tenant user view of tenant templates lists variable names instead of variable descriptions. Information from the override descriptions set in a provider template are not visible to tenants in the tenant template through the system interface. All relevant tenant template information is available through the API.
557341 Cloud

An internal race condition might cause the following messages to be logged:

/var/log/restjavad.0.log [SEVERE][188913][10 Nov 2015 03:33:12 UTC][8100/cm/cloud/tenants/apic-common-default-52870/services/iapp/~apic_52870~WebGraph-ADC-5507.app~WebGraph-ADC-5507/servertiers ServerTierCollectionWorker] Failed to send update to self: java.lang.IllegalArgumentException: Invalid generation. Need 5, received 4.

This occurs during a race condition within the system. The system posts messages marked as SEVERE. These are actually messages that do not indicate a functional issue, and they can be ignored.

None needed. This is a cosmetic issue. Ignore these messages.
558585 Cloud When looking at user properties in the system interface, it appears that every user is a member of every user group, regardless of whether this is actually true. Users cannot be added or removed from user groups through the UI. This occurs under all known conditions in iWorkflow 2.0.0. User groups cannot be viewed or managed through the UI. They can be created and removed. Use the API for viewing and managing user groups.
559275 Cloud It is best practice to use a VLAN that is not within the VLAN Pool range. This is to avoid graph deployment failures when APIC picks a VLAN that is already in use on the BIG-IP device. You can not modify the HA VLAN value. So you must recreate the device cluster using a different HA VLAN. The best thing to do is to make sure that the HA VLAN is not within the Encap Block a user has defined.
567284 Cloud When provisioning a BIG-IP HA cluster in NSX, it might report a status of:

"HA configuration failed in step GET_CM_DEVICES". Unable to provision a BIG-IP HA cluster in NSX

.
Reinstall/re-provision the specific BIG-IP HA cluster.
569353 Cloud When you provision a BIG-IP cluster, its server node may show STOPPED state even though it is running when your restart the BIG-IP device. During an iWorkflow HA failover, you restart the BIG-IP device. BIG-IP Server node may show STOPPED state. 1) You can restart the BIG-IP device OR 2) You can update the node state using the following:

PATCH /mgmt/cm/cloud/connectors/vmware-nsx/XXX/nodes/YYY { "state" : "RUNNING" } where "XXX" is the connector ID and "YYY" is the node ID.

569801 Cloud It is possible in APIC to create the same device cluster in multiple clients. This works as expected, as long as none of the tenants is deleted, and the device cluster itself is not deleted from any of the tenants. But if the deletion does take place, the cluster does not work as expected at the BIG-IP system level, even though the APIC operates as if the cluster still exists. Manually delete everything, and re-create the tenants and graphs. Only create the cluster in one tenant. Use Export Cluster to use the same cluster in other tenants.
571506 Cloud If you try to look at the enabled event handler and requested custom configurations info for a given instance of the config task in the config task metadata, you won't find it because the current design doesn't support it. Quoting some scenarios: relevant info cannot be retrieved using config task definition and you need to rely on alternate means (a workaround) to get the relevant info:

1. If you have the event handler registered for all three event types, you would want to see5 things: the initial state sent before event 1 is triggered, how event 1 triggering modified the state, then how event 2 triggering modified the state, how event 3 triggering modified the state, and then the final output state of all of those changes applied to the initial state.

2. The file: mgmt/cm/cloud/tasks/configure-device-node gives a list of config tasks. If you try to look at history for tasks, and want to know which event handlers were enabled, and which custom configurations were requested for one of the tasks from history, you will not get this information from the config task definition.

3. If you have enabled multiple events, in case of failure, you will not know which one failed.
You can add logging details in the event handler (.js file)
573308 Cloud If you use a public endpoint, the JavaScript SDK event handler can show an incorrect value. The true/false value for the 'handlerEnabled' key should be based on whether the event handler is registered with the events for the first-boot device configure task. Only use public endpoints to add/remove the event handler. Do not use private endpoints.
585770 Cloud If more than one APIC connector is created, occasionally one or more of the connectors will fail to regenerate when a catalog item is updated. Additionally, the APIC device package code raises an error it detects more than one APIC connector.  
590321 Cloud While the virtual servers are removed from the BIG-IP devices correctly, the Self IP addresses and VLANs are only removed correctly on the active BIG-IP device, not the standby BIG-IP device. This can result in "vlan id already in use" messages if an attempt is made to restore the graphs (by restoring the configuration parameter). Manually delete the Self IP addresses and VLANs that were left behind on the standby BIG-IP device.
590353 Cloud If you see the following fault, you can fix the device cluster credentials:

2016-04-28 17:51:53.995337 DEBUG Thread-7 356639 [10.144.15.97, 1999990] Result: {'faults': [('', 21, 'Unhandled Exception: Traceback (most recent call last):\n File "/install/DeviceScript.py", line 200, in clusterAudit\n return Cluster(device).audit(interfaces, configuration)\n File "/install/apic/cluster.py", line 44, in __init__\n self.username = self.cluster["creds"]["username"]\n File "/venv/fwk/Insieme/protobuf.py", line 88, in __getitem__\n return self.store[ key ]\nKeyError: \'username\'\n')], 'state': 2, 'health': []} 2016-04-28 17:51:53.995459 DEBUG Thread-7 356640 [10.144.15.97, 1999990] Faults: [('', 21, 'Unhandled Exception: Traceback (most recent call last):\n File "/install/DeviceScript.py", line 200, in clusterAudit\n return Cluster(device).audit(interfaces, configuration)\n File "/install/apic/cluster.py", line 44, in __init__\n self.username = self.cluster["creds"]["username"]\n File "/venv/fwk/Insieme/protobuf.py", line 88, in __getitem__\n return self.store[ key ]\nKeyError: \'username\'\n')]

After you click Submit or do a POST to fix it, the device cluster does not show your changes.
1) Right-click the device cluster.

2) Click Re-Query For Device Validation.

3) This should force the device cluster to refresh.

4) Device cluster should return to its normal state.
590552 Cloud Information displayed in the UI may not update when a device is under stress, which can result in error dialogs being displayed with a 400 status code that are not due to a user action directly. These errors are infrequent, and more likely to be seen on large scale environments under heavy load. User interaction can be interrupted by an unexpected error dialog. Error dialogs with a 400 status code that do not appear as a response to a direct user action can be safely dismissed and ignored. Information in the UI will update again automatically.
591309 Cloud If applications are deployed on a BIG-IP HA cluster, modifying cluster parameters from APIC is not supported. Any applications in APIC that were deployed before BIG-IP HA cluster modification must be redeployed afterwards.
593960 Cloud Faults are sometimes raised with an error message like:

The VLAN /Common/apic-5839_49371 has an ID of 2073, and customer tag of none, so it cannot be used by VLAN /Common/apic-5839_49394.

The error occurs because the Device Package attempts to create a VLAN with the same ID as another existing VLAN. This error can happen when Bridge Domain mapping is simultaneously changed on multiple endpoints, or when changing the VLAN pool range. Affected graphs (virtual servers) will be inoperative.
1. Trigger a Device Audit from APIC.

2. If step 1 fails to resolve the fault, log in to the device and delete the VLAN identified by the fault. Deleting VLANs may require deleting a chain of dependent objects starting from the Self IP addresses associated with the VLAN. When this is complete, repeat step 1.

594730 Cloud Under heavy load, a tenant service deployment can timeout on iWorkflow even if the service will eventually deploy and become available on BIG-IP system. From the system interface, click the failed tenant service and choose Save. It will be redeployed. From the API, do a GET and PUT on /cm/cloud/tenants/{tenant-name}/services/iapp/{service-name}
595361 Cloud After you deploy a cluster on APIC, removing one of the device folders can lead to the appearance of a fault that does not disappear after the removed folder is restored. The affected device and cluster remain in an erroneous state on the APIC although the folder, along with correct set of properties, was restored.

To replicate this:

1) Deploy a cluster in APIC.

2) Remove the 'HostConfig' folder on one of the devices in the cluster.

3) The following fault is reported: "Invalid 'HostName': ''

4) Restore the 'HostConfig' folder that was deleted in the previous step.

5) The offending fault is not cleared.

The affected device and cluster remain in erroneous state on APIC although folder, along with correct set of properties, was restored

In the APIC UI, right click the offending device and choose 'Re-Query For Device Validation' from the popup menu.
595715 Cloud The stats listed in the Services, Servers, and Virtual Servers panels give a "Last Collected" time. This refers to the most recent time that a client request was made to iWorkflow to retrieve stats, not the most recent time that stats were retrieved from managed BIG-IP devices by iWorkflow. Present when viewing stats for Services, Servers, and Virtual Servers. It may appear that stats are more recent than they really are. Use the API used to determine the most recent time that iWorkflow updated stats for Services, Servers, or Virtual Servers.
596148 Cloud Deployment of more than 50 graphs that belong to a single tenant can result in an aborted state. In accordance with APIC's architecture, deployments of configuration on a single tenant that take more than 15 minutes are automatically aborted. Abort occurs only for configurations that involve more than 50 graphs that belong to the same tenant. Configuration deployment is aborted. Cisco APIC has a configurable watchdog timeout that needs to be adjusted when deploying configurations that involve more than 50 graphs on a single tenant. If you don't adjust this timeout, aborted deployments can result. To change the default timeout value, you need to POST the following structure to APIC

/api/node/mo/.xml: <?xml version="1.0" encoding="UTF-8"?> <polUni> <infraInfra> <vnsMDev dn="uni/infra/mDev-F5-iWorkflow-2.0-apic-test"> <vnsDevScript name ="F5" watchdogTimeout="3600" status="modified" /> </vnsMDev> </infraInfra> </polUni>

In this case, case the value of the timeout is set to 3600 seconds or 1 hour. Please note that default timeout value is 15 minutes. Using the API, you can set the watchdog timer to a larger value.
598425 Cloud The BIG-IP device health will report ""HA configuration failed in step VERIFY_TRUST_DOMAIN_STATUS" error." When creating a HA pair of BIG-IP devices in v12 using iWorkflow in VMware NSX environment. You will see two BIG-IP devices as standalone instead of an active-standby cluster. You need to uninstall both the NSX runtimes and install them again.
598581 Cloud If you create a second cluster (using a different pair of BIG-IP devices) after you have created an initial BIG-IP cluster, creating the second cluster causes the tenant of the first cluster to be deleted on iWorkflow.  
599175 Cloud APIC serviceHealth and deviceHealth requests always return 100% health. To determine the health of a deployed application, use the BIG-IP device rather than the APIC. Similarly, use the BIG-IP device to determine the health of deployed devices, rather than the APIC.

Contacting F5 Networks

Phone: (206) 272-6888
Fax: (206) 272-6802
Web: http://support.f5.com
Email: support@f5.com

For additional information, please visit http://www.f5.com.

Additional resources

You can find additional support resources and technical documentation through a variety of sources.

F5 Networks Technical Support

Free self-service tools give you 24x7 access to a wealth of knowledge and technical support. Whether it is providing quick answers to questions, training your staff, or handling entire implementations from design to deployment, F5 services teams are ready to ensure that you get the most from your F5 technology.

AskF5

AskF5 is your storehouse for thousands of solutions to help you manage your F5 products more effectively. Whether you want to search the knowledge base periodically to research a solution, or you need the most recent news about your F5 products, AskF5 is your source.

F5 DevCentral

The F5 DevCentral community helps you get more from F5 products and technologies. You can connect with user groups, learn about the latest F5 tools, and discuss F5 products and technology.

AskF5 TechNews

Weekly HTML TechNews
The weekly TechNews HTML email includes timely information about known issues, product releases, hotfix releases, updated and new solutions, and new feature notices. To subscribe, click TechNews Subscription, complete the required fields, and click the Subscribe button. You will receive a confirmation. Unsubscribe at any time by clicking the Unsubscribe link at the bottom of the TechNews email.
Periodic plain text TechNews
F5 Networks sends a timely TechNews email any time a product or hotfix is released. (This information is always included in the next weekly HTML TechNews email.) To subscribe, send a blank email to technews-subscribe@lists.f5.com from the email address you are using to subscribe. Unsubscribe by sending a blank email to technews-unsubscribe@lists.f5.com.

Legal notices

Was this resource helpful in solving your issue?




NOTE: Please do not provide personal information.



Incorrect answer. Please try again: Please enter the words to the right: Please enter the numbers you hear:

Additional Comments (optional)