Forum Discussion

Jhoutman_117862's avatar
Jhoutman_117862
Icon for Nimbostratus rankNimbostratus
Sep 02, 2013

route advertisement and ssl certificates with bigsuds / icontrol inside transaction

I'am writing deployment scripting for our loadbalancer configuration.

 

For the moment I take the simple approach of deleting the whole configuration and rebuilding it within a transaction.

 

But I have encountered two problems with this approach: 1. route advertisements cannot be set inside the same transaction as the creation of the virtual server/address. 2. ssl keys/certificates cannot be recreated inside a transaction.

 

The questions: 1. Am I doing something wrong? 2. I would like, for now, to do this delete and create step inside a single transaction. It is much simpler and a little downtime is acceptable for now. But i would like to allways have a valid configuration, hence the transaction. Is this possible?

 

Example code for 1:

 

with bigsuds.Transaction(bigip_session) as bigip:

bigip.System.Session.set_active_folder('/acc')
print bigip.System.Session.get_active_folder()

bigip.LocalLB.VirtualServer.delete_all_virtual_servers()
bigip.LocalLB.Pool.delete_all_pools()
bigip.LocalLB.NodeAddressV2.delete_all_node_addresses()
bigip.LocalLB.ProfileHttp.delete_all_profiles()

for sslprofile in bigip.LocalLB.ProfileClientSSL.get_list():
    print "deleting sslprofile: {}".format(sslprofile)
    bigip.LocalLB.ProfileClientSSL.delete_profile(profile_names=[sslprofile])


bigip.LocalLB.NodeAddressV2.create(nodes=['node1'], addresses=['10.10.10.1'],
                                       limits=[0])

bigip.LocalLB.NodeAddressV2.create(nodes=['node2'], addresses=['10.10.10.2'],
                                       limits=[0])

lb_method = 'LB_METHOD_ROUND_ROBIN'

members = []
members.append({'address': 'node1', 'port': 80})
members.append({'address': 'node2', 'port': 80})

bigip.LocalLB.Pool.create_v2(pool_names=['test_pool'], lb_methods=[lb_method], members=[members])

monitor_rule = {'type': 'MONITOR_RULE_TYPE_AND_LIST', 'quorum': 0, 'monitor_templates': ['/Common/tcp']}
bigip.LocalLB.Pool.set_monitor_association(
    monitor_associations=[{'pool_name': 'test_pool', 'monitor_rule': monitor_rule}])


definition = {'name': 'test_vip', 'address': '185.14.168.80', 'port': 80, 'protocol': 'PROTOCOL_TCP'}
resources = {'type': 'RESOURCE_TYPE_POOL', 'default_pool_name': 'test_pool'}

profile = [{'profile_context': 'PROFILE_CONTEXT_TYPE_ALL', 'profile_name': 'tcp'}]

bigip.LocalLB.VirtualServer.create(definitions=[definition], wildmasks=['255.255.255.255'], resources=[resources],
                                   profiles=[profile])

bigip.LocalLB.VirtualServer.set_snat_automap(virtual_servers=['test_vip'])

bigip.LocalLB.VirtualAddressV2.set_route_advertisement_state(virtual_addresses=['/acc/185.14.168.80'], states=['STATE_ENABLED'])

Error message:

 

bigsuds.ServerError: Server raised fault: 'Exception caught in System::urn:iControl:System/Session::submit_transaction()
Exception: Common::OperationFailed
primary_error_code   : 16908342 (0x01020036)
secondary_error_code : 0
error_string         : 01020036:3: The requested virtual address (/acc/185.14.168.80) was not found.'

Example for 2: Uses simular code but uses the keycertificate calls to delete and create the keys/certificates. namely: bigip.Management.KeyCertificate.get_certificate_list(mode='MANAGEMENT_MODE_DEFAULT'): bigip.Management.KeyCertificate.certificate_delete(mode='MANAGEMENT_MODE_DEFAULT', cert_ids=[cert['file_name']])

 

bigip.Management.KeyCertificate.get_key_list(mode='MANAGEMENT_MODE_DEFAULT'): bigip.Management.KeyCertificate.key_delete(mode='MANAGEMENT_MODE_DEFAULT', ids=[cert['file_name']])

 

bigip.Management.KeyCertificate.key_import_from_pem(mode='MANAGEMENT_MODE_DEFAULT', key_ids=[clientssl.get_full_name()], pem_data=[clientssl.key], overwrite=False)

 

    TODO: why can't i delete the certificate?
    bigip.Management.KeyCertificate.certificate_import_from_pem(mode='MANAGEMENT_MODE_DEFAULT',
                                                        cert_ids=[clientssl.get_full_name()],
                                                        pem_data=[clientssl.cert],
                                                        overwrite=False)

The error: bigsuds.ServerError: Server raised fault: 'Exception caught in Management::urn:iControl:Management/KeyCertificate::key_import_from_pem() Exception: Common::OperationFailed primary_error_code : -11 (0xFFFFFFF5) secondary_error_code : 0 error_string : Would overwrite file'

 

bigsuds
deployment
devops
iControl
No RepliesBe the first to reply