Forum Discussion
NimbostratusHow to Create/Modify iApp via API?
The post removed my comment symbols out, below should be correct as it is in a code block.
!/bin/bash
This script will create an application service using the f5.http template. Commandline arg... -a is iapp name, -v is virtual server ip, -m is for pool member ip,
-b is the big ip address, -u is for username, -p for password (defaults of admin/admin if flags not present) -d is an optional paramater if you would like to delete the iapp.
Full Command would look like: ./createiapp_http.sh -b 2.2.2.2 -a httpapp -v 1.1.1.1 -m 1.1.1.2 -u admin -p admin
Full Command to delete would add the delete flag: ./createiapp_http.sh -b 2.2.2.2 -a httpapp -v 1.1.1.1 -m 1.1.1.2 -u admin -p admin -d
delete=false
user=admin
pwd=admin
while getopts a:v:b:u:p:m:d option
do case "$option" in
a) appname=$OPTARG;;
v) vsip=$OPTARG;;
m) pmember=$OPTARG;;
b) bigip=$OPTARG;;
u) user=$OPTARG;;
p) pwd=$OPTARG;;
d) delete=true;;
esac
done
echo "Delete equals: $delete"
echo "Connecting to BIG IP: $bigip as $user"
echo "iAPP Name: $appname"
echo "VS IP: $vsip"
echo "Pool Member: $pmember"
if [ $delete == false ] ; then
curl -sk -u $user:$pwd https://$bigip/mgmt/tm/sys/application/service/ -H 'Content-Type: application/json' -X POST -d '{"kind":"tm:sys:application:service:servicestate",
"name":'\"$appname\"',
"partition":"Common",
"execute-action":"definition",
"template":"/Common/f5.http",
"templateReference":{"link":"https://localhost/mgmt/tm/sys/application/template/~Common~f5.http?ver=12.0.0"},
"templateModified":"no",
"trafficGroup":"/Common/traffic-group-1",
"trafficGroupReference":{"link":"https://localhost/mgmt/tm/cm/traffic-group/~Common~traffic-group-1?ver=12.0.0"},
"tables":[{"name":"basic__snatpool_members"},
{"name":"net__snatpool_members"},
{"name":"optimizations__hosts"},
{"name":"pool__hosts",
"columnNames":["name"],"rows":[{"row":["test.test.com"]}]},
{"name":"pool__members",
"columnNames":["addr","port","connection_limit"],
"rows":[{"row":['\"$pmember\"',"80","0"]}]},
{"name":"server_pools__servers"}],
"variables":[{"name":"client__http_compression",
"encrypted":"no",
"value":"/create_new"},
{"name":"monitor__monitor",
"encrypted":"no","value":"/create_new"},
{"name":"monitor__response","encrypted":"no","value":"none"},
{"name":"monitor__uri","encrypted":"no","value":"/"},
{"name":"net__client_mode","encrypted":"no","value":"wan"},
{"name":"net__server_mode","encrypted":"no","value":"lan"},
{"name":"pool__addr","encrypted":"no","value":'\"$vsip\"'},
{"name":"pool__pool_to_use","encrypted":"no","value":"/create_new"},
{"name":"pool__port","encrypted":"no","value":"80"},
{"name":"asm__use_asm","value":"/do_not_use"},
{"name":"ssl__mode","encrypted":"no","value":"no_ssl"},
{"name":"ssl_encryption_questions__advanced","encrypted":"no","value":"no"},
{"name":"ssl_encryption_questions__help","encrypted":"no","value":"hide"}]}' | jq .
fi
if [ $delete == true ] ; then
curl -sk -u admin:admin https://$bigip/mgmt/tm/sys/application/service/~Common~$appname.app~$appname -H 'Content-Type: application/json' -X DELETE | jq .
echo "iAPP $appname deleted"
fi 
bitva_135199Hey, thanks for the reply. What you're doing there is another way I was thinking of going about a full create/destroy of an iApp. But I still couldn't add or remove nodes without deleting the full iApp stack and recreating. My understanding is I could resubmit with new/removed pool members or iRules right? I've put the JSON file I'm trying to POST (or PUT for modify I assumed) here: http://pastebin.com/8cWjMtk2 Thanks again!- You should be using PUT for modify, here is a link to a couple blog posts on using the rest api to create iapp services that will explain this better then I can, hope it helps! https://devcentral.f5.com/s/articles/building-application-delivery-services-from-templates-using-the-rest-api-part-two .
- Ok, I just tested this with my script. I had to manually modify the POST line though to include the app service path and change to PUT. You could expand the script to write that logic in. Basically it is exactly the same as creation except you change the POST to PUT and append the application service path onto the URI, as well as make the change to pool member, etc... "curl -sk -u $user:$pwd https://$bigip/mgmt/tm/sys/application/service/~Common~$appname.app~$appname -H 'Content-Type: application/json' -X PUT -d "
- bitva_135199NICE, I'll give that a go! Also, I found an error in my initial creation where I left out the pool__mask and "create ltm virtual" was choking on that (thanks Fred for the hint to look at /var/tmp :)
AABEIGH_220211i am using same method but i get error Can't associate (/pt1/myapp2.app/myapp2.app) with folder (/pt1/myapp2.app) folder does not exist". so i create folder first then post the iapp. it works.
does it work with ssl termination iapp. I am continuously getting invalid ip address error. here is the output of scriptd.out. it does not show anything helpful..
create ltm persistence cookie myiapp.myapp2s.com_cookie-persistence create ltm persistence source-addr myiapp.myapp2s.com_source-addr-persistence mirror disabled create ltm monitor http myiapp.myapp2s.com_http_monitor defaults-from http interval 30 timeout 91 send 'GET / HTTP/1.1\r\nHost: \r\nConnection: Close\r\n\r\n' recv '200' create ltm pool myiapp.myapp2s.com_pool slow-ramp-time 300 min-active-members 0 load-balancing-mode least-connections-member queue-on-connection-limit disabled monitor myiapp.myapp2s.com_http_monitor members replace-all-with { /Common/51.1.1.95:8080 { connection-limit 0 } /Common/51.1.1.96:8080 { connection-limit 0 } } create ltm profile tcp myiapp.myapp2s.com_tcp-wan-optimized defaults-from tcp-wan-optimized create ltm profile tcp myiapp.myapp2s.com_tcp-lan-optimized defaults-from tcp-lan-optimized create ltm profile http myiapp.myapp2s.com_http defaults-from http redirect-rewrite matching insert-xforwarded-for enabled create ltm profile http-compression myiapp.myapp2s.com_wan-optimized-compression defaults-from wan-optimized-compression content-type-include replace-all-with { text/css text/html text/javascript text/json text/postscript text/plain text/richtext text/rtf text/vnd.wap.wml text/vnd.wap.wmlscript text/x-vcalendar text/wap text/wml text/x-component text/x-vcard text/xml image/photoshop image/psd image/x-photoshop image/x-vsd application/msaccess application/vnd.msaccess application/vnd.ms-access application/mdb application/x-mdb application/css application/css-stylesheet application/excel application/msexcel application/ms-excel application/vnd.excel application/vnd.msexcel application/vnd.ms-excel application/x-excel application/x-msexcel application/x-ms-excel application/x-xls application/xls application/javascript application/x-javascript application/x-java-jnlp-file application/json application/x-json application/lotus123 application/x-lotus123 application/x-mscardfile application/x-msclip application/powerpoint application/mspowerpoint application/ms-powerpoint application/mpp application/vnd.ms-pps application/vnd.ms-powerpoint application/vnd.mspowerpoint application/vnd.powerpoint application/x-powerpoint application/x-mspowerpoint application/photoshop application/x-photoshop application/msproject application/vnd.ms-project application/x-msproject application/x-ms-project application/postscript application/ps application/psd application/x-postscript application/x-ps application/quarkexpress application/x-quark-express application/rtf application/x-rtf application/txt application/word application/doc application/msword application/ms-word application/winword application/vnd.ms-word application/x-word application/x-msword application/vnd.msword application/vnd.word application/vnd.ms-works application/vnd.ms-works-db application/x-wks application/x-msworks-db application/x-msworks-wps application/wks application/visio application/vnd.visio application/vsd application/x-visio application/x-vsd application/x-vermeer-rpc application/vnd.wap.wmlc application/vnd.wap.cmlscriptc application/vnd.wap.xhtml+xml application/xml application/x-xml application/xhtml+xml } create ltm profile web-acceleration myiapp.myapp2s.com_optimized-caching defaults-from optimized-caching applications none cache-size 10 cache-object-max-size 2000000 create ltm profile one-connect myiapp.myapp2s.com_oneconnect defaults-from oneconnect source-mask 255.255.255.255 create ltm virtual myiapp.myapp2s.com_vs destination 49.1.2.101:443 mask none vlans-enabled vlans replace-all-with { /soczone/vlan801 /soczone/vlan802 } snat automap persist replace-all-with { myiapp.myapp2s.com_cookie-persistence } fallback-persistence myiapp.myapp2s.com_source-addr-persistence pool myiapp.myapp2s.com_pool rules none ip-protocol tcp mirror disabled profiles replace-all-with { /soczone/sslprofaab1 { context clientside } myiapp.myapp2s.com_tcp-wan-optimized { context clientside } myiapp.myapp2s.com_tcp-lan-optimized { context serverside } myiapp.myapp2s.com_http myiapp.myapp2s.com_wan-optimized-compression myiapp.myapp2s.com_optimized-caching myiapp.myapp2s.com_oneconnect }
Error i get
{"code":400,"message":"{\"code\":400,\"message\":\"script did not successfully complete: (\\"none\\" invalid IP address\n while executing\n\\"tmsh::create [string range $args 7 end] \\"\n (\\"create\\" arm line 1)\n invoked from within\n\\"switch -exact -- [string range $args 0 5] {\n create { tmsh::create [string range $args 7 end] }\n modify { tmsh::modify [string r...\\"\n (procedure \\"iapp::conf\\" line 14)\n invoked from within\n\\"iapp::conf create ltm virtual ${app}_vs destination [iapp::destination $::pool__addr $::pool__port_secure] mask $mask $vs_params ip-protocol tcp ...\\"\n invoked from within\n\\"subst $substa_out\\"\n invoked from within\n\\"if { [info exists [set substa_in]] } {\n set substa_out [subst $$substa_in]\n set substa_out [subst $substa_out]\n } else {\n...\\"\n (\\"uplevel\\" body line 3)\n invoked from within\n\\"uplevel {\n append ::substa_debug \\"\\n$substa_in\\"\n if { [info exists [set substa_in]] } {\n set substa_o","errorStack":[]}
Hello Aabeigh, So the reason you are getting that error is because mcpd is throwing the error, not the iApp or iControl Rest specifically. And the reason an error is being thrown is because the create command for the virtual has mask set to none which is not allowed in this context at least. If mask was instead set to 255.255.255.255 then your create virtual command would complete and iapp creation should also complete. You mention you are using an SSL termination iApp? Can you provide more info on which version, where you got it etc... Because the last piece is verifying there is an option in the template to allow mask to be manipulated, if it works directly from the gui with same settings then there must be some way to indicate mask shouldn't be none. Thanks!
- AABEIGH_220211
Hi James.. Thanks for the help.. it looks working now with ssl. i changed the mask to 255.255.255.255. which got it sorted. however one issue which is at both GUI and now at REST layer is that both options do not allow use of the key files which have password. if the key file is password less it works but as soon as you use password protected key it gets errors. my version is 11.5.3. here is also the error error:0907B068:PEM routines:PEM_READ_BIO_PRIVATEKEY:bad password read","errorStack":[]}
if i create the ssl profile using same password protected key. and attach profile instead of the cert and key directly.. it works...
Thanks again for you help.. really appreciate it..
cheers AAB
Most F5 (or otherwise) produced iApps do provide options to create ssl profiles and to select cert/key to use. However, if that key is using strict security requiring a password every time it is used/manipulated then the recommended approach is just what you suggested, to create your own ssl profile with the key suggested and then just select that profile in the iapp instead of it creating a new one for you.
And your welcome!
gondeeriHello,
I would like to via REST API command switched on and off one parameter in own iApp... this value is include in "variables"... When I sending curl command via PUT is needed send whole iApp body? or just this "variables"
thx
