Forum Discussion
need some help with a AS3 declaration
- Dec 14, 2023
See the article below of how to declare objects in the shared as3 folder under the partition like pools:
Solved: AS3 referencing objects across applications - DevCentral (f5.com)
If the 2 apps/virtual servers are in the same tenant you can try the "use:" pointer to define the pool outside of the 2 virtual servers in the AS3 declaration
BIG-IP AS3 Declaration Purpose and Function (f5.com)
"persistenceMethods": [ {"use": "mypersist"} ] "mypersist": { "class": "Persist", "persistenceMethod": "cookie", "cookieName": "MYCOOKIE" }
Other than that for certficates I have not tried using url but I saw:
"pkcs12_crt_key_encr_url": { "class": "Certificate", "remark": "saves encr key in openssl format", "passphrase": { "ciphertext": "cGFzc3dvcmQ=", "protected": "eyJhbGciOiJkaXIiLCJlbmMiOiJub25lIn0", "ignoreChanges": true }, "pkcs12Options": { "keyImportFormat": "openssl-legacy" }, "pkcs12": { "url": "https://mycompany/certs/my_p12.p12" } }, "pkcs12_crt_key_bundle": { "class": "Certificate", "remark": "multiple certs, no passphrase, ignore change on redeploy", "pkcs12Options": { "keyImportFormat": "openssl-legacy", "ignoreChanges": true }, "pkcs12": { "url": "http://mycompany/certs/my_pfx.pfx" } }
See the article below of how to declare objects in the shared as3 folder under the partition like pools:
Solved: AS3 referencing objects across applications - DevCentral (f5.com)
If the 2 apps/virtual servers are in the same tenant you can try the "use:" pointer to define the pool outside of the 2 virtual servers in the AS3 declaration
BIG-IP AS3 Declaration Purpose and Function (f5.com)
"persistenceMethods": [ {"use": "mypersist"} ]
"mypersist": {
"class": "Persist",
"persistenceMethod": "cookie",
"cookieName": "MYCOOKIE"
}
Other than that for certficates I have not tried using url but I saw:
"pkcs12_crt_key_encr_url": {
"class": "Certificate",
"remark": "saves encr key in openssl format",
"passphrase": {
"ciphertext": "cGFzc3dvcmQ=",
"protected": "eyJhbGciOiJkaXIiLCJlbmMiOiJub25lIn0",
"ignoreChanges": true
},
"pkcs12Options": {
"keyImportFormat": "openssl-legacy"
},
"pkcs12": {
"url": "https://mycompany/certs/my_p12.p12" }
},
"pkcs12_crt_key_bundle": {
"class": "Certificate",
"remark": "multiple certs, no passphrase, ignore change on redeploy",
"pkcs12Options": {
"keyImportFormat": "openssl-legacy",
"ignoreChanges": true
},
"pkcs12": {
"url": "http://mycompany/certs/my_pfx.pfx" }
}
- mihaicDec 15, 2023MVP
Nikoolayy1 , thanks!
I've used "use" for the shared objects (pool,profile http, irule) and "url" for certs.
here is my template json:
https://github.com/czirakim/F5_AS3/blob/master/Tenant1/tenant_template.json
- JRahmDec 15, 2023Admin
url works (here and for other things like policies) but keep in mind that when using url it is not idempotent. It'll run every time even without changes, which can make AS3 apply operations longer than needed and touch config you were not expecting, like if only adding a pool member IP.
H/T Matt Stovall on that nugget.
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com