Forum Discussion
mshoaib
Cirrus
CirrusAdd/Remove ServerSSL profile on a Virtual Server using SDK
Hi,
I am trying to add/remove ServerSSL profile to a Virtual Server using F5 SDK.
I have the following script that will read the current profiles from the Virtual Server but I don't get my head around how to use .update() to delete a "serverSSL" profile if exist
from f5.bigip import ManagementRoot
import getpass, sys
# Variable Section
BigIP = "172.31.129.70"
BigIP_username = "mshoaib"
vip_name = 'www.example.com-https'
BigIP_password = getpass.getpass(prompt='Enter password: ', stream=None)
# Connect to BigIP
f5_mgmt = ManagementRoot(BigIP, BigIP_username, BigIP_password)
# Load VIP first
vip_info = f5_mgmt.tm.ltm.virtuals.virtual.load(name=vip_name, partition='Common')
# Read all profiles
pf_info = vip_info.profiles_s.get_collection()
pf_list_before = []
print("Profiles before deletion:")
for a, pf in enumerate(pf_info):
print(a,pf.name)
pf_list_before.append(pf.name)
print(pf_list_before)
pf_list_after = []
print("--------")
for index, pf in enumerate(pf_info):
if pf.name == 'serverssl':
print(" Removing Server SSL")
pf_info.pop(index)
print("Profiles after deletion: ")
for a, pf in enumerate(pf_info):
print(a,pf.name)
pf_list_after.append(pf.name)
print(pf_list_after)
Out put is :
[mshoaib@ca01net03 new_domain]$ python3.6 update-profiles.py
Enter password:
Profiles before deletion:
0 http_XForwardedFor
1 oneconnect
2 serverssl
3 tcp-lan-optimized
4 tcp-wan-optimized
5 wildcard.example.com-ssl
['http_XForwardedFor', 'oneconnect', 'serverssl', 'tcp-lan-optimized', 'tcp-wan-optimized', 'wildcard.example.com-ssl']
--------
Removing Server SSL
Profiles after deletion:
0 http_XForwardedFor
1 oneconnect
2 tcp-lan-optimized
3 tcp-wan-optimized
4 wildcard.example.com-ssl
['http_XForwardedFor', 'oneconnect', 'tcp-lan-optimized', 'tcp-wan-optimized', 'wildcard.example.com-ssl']
[mshoaib@ca01net03 new_domain]$Equivalent TMSH CLI are :
tmsh modify ltm virtual www.example.com-https profiles add { serverssl }
tmsh modify ltm virtual www.example.com-https profiles delete { serverssl }
I appreciate any code snippet or link.
Thanks,
Muhammad
mshoaibI came across BIGREST and found it much cleaner and easier to use.
I learned the syntax and developed the solution using BIGREST instead of f5-common-pyton.
Thank you Leonardo.
Below is the code snippet that will toggle Server side SSL profile.
# Connect to BigIP domain_name = "www.example.com-https" b = BIGIP(ip, username, password) # Load the Profiles on a virtual server profiles = b.load(f"/mgmt/tm/ltm/virtual/{rest_format(domain_name)}/profiles") print(f"List of Profiles attached to {domain_name}") profile_context_list = [] for p in profiles: profile_context_list.append(p.properties["context"]) print(profile_context_list) if "serverside" in profile_context_list: print("Serverside SSL applied") print("Deleting Serverside SSL profile") path = ( f"/mgmt/tm/ltm/virtual/{rest_format(domain_name)}/profiles/{rest_format(profile_name)}" ) b.delete(path) else: print("Serverside SSL doesn't applied") print("Adding Serverside SSL Profile") data = {} data["name"] = profile_name data["context"] = "serverside" b.create(f"/mgmt/tm/ltm/virtual/{rest_format(domain_name)}/profiles", data)Complete code is here :
https://github.com/mshoaibshafi/nre-tools/tree/main/f5
Leonardo_SouzaCirrocumulus
Yes, the f5-common-python is a little bit complicated and more difficult to maintain the SDK code.
That is why I wrote BIGREST.
I used f5-common-python a lot before, and I now use BIGREST.
Most of the stuff I create is because I need and what exist needed improvement, or what I need does not exist at all.
Anyway, it is always good to see it helped other people as well.