Forum Discussion
Ed_Carpon_13196
Nimbostratus
NimbostratusLocal Traffic Policies in an iApp
To assign a local traffic policy to a virtual server you have to disable strictness which we do not want to do. Has anyone created an iApp template that would give you the ability to select policies while building the application services?
I had to fiddle around with a copy of the iApp to get it working.
I think you were missing a close curly bracket in your multichoice in the presentation section.
I did this with the f5.http template, but it should be similar for any iApp (profiles assignment has to come first if your traffic policy requires any profiles added by the iApp):
virtual server array in implementation array set vs_arr { 1,1 { [iapp::conf create ltm virtual ${app}_vs \ destination [iapp::destination $::pool__addr $::pool__port_secure] \ mask $mask \ $vs_params \ ip-protocol tcp \ mirror $mirror_action \ profiles replace-all-with \{ $vs_profiles \} \ policies replace-all-with \{ $::policies__policies\}] \ \ [iapp::conf create ltm virtual ${app}_redir_vs \ destination [iapp::destination $::pool__addr [expr {[info exists \ ::pool__redirect_port] ? $::pool__redirect_port : 80}]] \ mask $mask \ $redir_vs_params \ ip-protocol tcp \ mirror $mirror_action \ profiles replace-all-with \{ $tcp_profiles http \} \ rules \{ [iapp::substa redirect_irule($::pool__port_secure)] \}]} 1,0 { [iapp::conf create ltm virtual ${app}_vs \ destination [iapp::destination $::pool__addr $::pool__port_secure] \ mask $mask \ $vs_params \ ip-protocol tcp \ mirror $mirror_action \ profiles replace-all-with \{ $vs_profiles \} \ policies replace-all-with \{ $::policies__policies\}] \ } * { [iapp::conf create ltm virtual ${app}_vs \ destination [iapp::destination $::pool__addr $::pool__port] \ mask $mask \ $vs_params \ ip-protocol tcp \ mirror $mirror_action \ profiles replace-all-with \{ $vs_profiles \} \ policies replace-all-with \{ $::policies__policies\}] \ } } policies section in presentation section policies { multichoice policies tcl { set objs [tmsh::get_config ltm policy] foreach obj $objs { append results [tmsh::get_name $obj] append results "\n" } return $results } } questions for policy section in presentation policies "Local Traffic Policies" policies.policies "Select the Local Traffic Policies you like to attach to the BIG- IP Virtual Server:"
PeteWhiteEmployee
I believe an example of this is in the MS Outlook iApp. Probably fairly trivial to steal it from there and insert it into the iApp of your choice.
Hi Ed,
I don't think than any iApps have the option for applying an arbitrary traffic policy.
We are currently working on adding AFM firewall policy functionality to iApps. Some iApps, such as f5.http and its derivatives, also allow you to create and attach an ASM policy.
What does your policy do?
thanks
Mike
Ed_Carpon_13196We are attempting to create an iApp that lets us select local traffic policies that are created and apply them to the virtual server in the iApp. The presentation piece below works for displaying the options, i just cannot get the implementation piece to work. section policies { multichoice policies tcl { set objs [tmsh::get_config ltm policy] foreach obj $objs { append results [tmsh::get_name $obj] append results "\n" } return $results }
You'll need to find the section in the iApp implementation section where the virtual server is created ("create ltm virtual ..."), then use the policies parameter to attach your policies.
"create ltm virtual app_name/app_vs policies $::policies__policies"
Ed, for some reason your last post here got lost, although I did get it in my email.
I think this might work:
array set vs_arr { 1,1 { [iapp::conf create ltm virtual ${app}_vs \ destination [iapp::destination $::pool__addr $::pool__port_secure] \ mask $mask \ $vs_params \ ip-protocol tcp \ mirror $mirror_action \ policies replace-all-with \{ $::policies__policies\}] \ profiles replace-all-with \{ $vs_profiles \}] \ \ [iapp::conf create ltm virtual ${app}_redir_vs \ destination [iapp::destination $::pool__addr [expr {[info exists \ ::pool__redirect_port] ? $::pool__redirect_port : 80}]] \ mask $mask \ $redir_vs_params \ ip-protocol tcp \ mirror $mirror_action \ profiles replace-all-with \{ $redir_vs_profiles \} \ rules \{ [iapp::substa redirect_irule($::pool__port_secure)] \}]} 1,0 { [iapp::conf create ltm virtual ${app}_vs \ destination [iapp::destination $::pool__addr $::pool__port_secure] \ mask $mask \ $vs_params \ ip-protocol tcp \ mirror $mirror_action \ policies replace-all-with \{ $::policies__policies\}] \ profiles replace-all-with \{ $vs_profiles \}] } * { [iapp::conf create ltm virtual ${app}_vs \ destination [iapp::destination $::pool__addr $::pool__port] \ mask $mask \ $vs_params \ ip-protocol tcp \ mirror $mirror_action \ policies replace-all-with \{ $::policies__policies\}] \ profiles replace-all-with \{ $vs_profiles \}] } }- Ed_Carpon_13196I tried replacing this array set with the one in the HTTP profile. I got a couple different errors. First, 01070309:3: Cookie persistence requires an HTTP or FastHTTP profile to be associated with the virtual server If I turn off persistence i get another error. I selected a http profile also. 010716d9:3: Virtual server /Common/Test.app/Test2_vs requires a profile of type http for ltm policy /Common/ed_test.
- I wouldn't replace the entire array. You should just insert the "policies replace-all-with \{ $::policies__policies\}] \" parameter.
- Ed_Carpon_13196I tried to do that, still having the same errors.
I had to fiddle around with a copy of the iApp to get it working.
I think you were missing a close curly bracket in your multichoice in the presentation section.
I did this with the f5.http template, but it should be similar for any iApp (profiles assignment has to come first if your traffic policy requires any profiles added by the iApp):
virtual server array in implementation array set vs_arr { 1,1 { [iapp::conf create ltm virtual ${app}_vs \ destination [iapp::destination $::pool__addr $::pool__port_secure] \ mask $mask \ $vs_params \ ip-protocol tcp \ mirror $mirror_action \ profiles replace-all-with \{ $vs_profiles \} \ policies replace-all-with \{ $::policies__policies\}] \ \ [iapp::conf create ltm virtual ${app}_redir_vs \ destination [iapp::destination $::pool__addr [expr {[info exists \ ::pool__redirect_port] ? $::pool__redirect_port : 80}]] \ mask $mask \ $redir_vs_params \ ip-protocol tcp \ mirror $mirror_action \ profiles replace-all-with \{ $tcp_profiles http \} \ rules \{ [iapp::substa redirect_irule($::pool__port_secure)] \}]} 1,0 { [iapp::conf create ltm virtual ${app}_vs \ destination [iapp::destination $::pool__addr $::pool__port_secure] \ mask $mask \ $vs_params \ ip-protocol tcp \ mirror $mirror_action \ profiles replace-all-with \{ $vs_profiles \} \ policies replace-all-with \{ $::policies__policies\}] \ } * { [iapp::conf create ltm virtual ${app}_vs \ destination [iapp::destination $::pool__addr $::pool__port] \ mask $mask \ $vs_params \ ip-protocol tcp \ mirror $mirror_action \ profiles replace-all-with \{ $vs_profiles \} \ policies replace-all-with \{ $::policies__policies\}] \ } } policies section in presentation section policies { multichoice policies tcl { set objs [tmsh::get_config ltm policy] foreach obj $objs { append results [tmsh::get_name $obj] append results "\n" } return $results } } questions for policy section in presentation policies "Local Traffic Policies" policies.policies "Select the Local Traffic Policies you like to attach to the BIG- IP Virtual Server:"- Ed_Carpon_13196This worked. Thanks for the help!