Forum Discussion
Trying to assign a policy to a virtual server
- Oct 05, 2022
Ok...so I wasn't able to come up with the warm and fuzzy solution. I get the same error, and I'm not sure why. That said, I have a workaround for you. This works for me with your partition/folder structure loaded on my local test LTM:
# Use the modify method to PATCH the specific attribute that includes the policies list. vip.modify(policiesReference={"items": [{"name": "Portal_QA1", "partition": "QA1_Web", "subPath": "Shared"}]}) # Since policies are subcollections, refresh with expandSubcollections attribute to validate at the vip level vip.refresh(requests_params={'params': 'expandSubcollections=true'})
Looks like your partition is not being added to the request URI. You can try debug to see what the curl command would be outright, copy that out, add your partition, and see if that works. Then we can troubleshoot why it's not being added. Try removing the subPath kwarg as well.
>>> mgmt = ManagementRoot('ltm3.test.local', 'admin', 'admin', debug=True) # set on instantiation
>>> mgmt.debug = True # turn on after instantiation
>>> mgmt.debug = False # turn off
>>> for x in mgmt.debug_output:
...... print(x)
output will show you with curl what the request URI looks like. You can iterate through the debug_ouput list after you run your commands that fail.
Also, the nomenclature of "create" is pretty weird, but it is create on the virtual to add an existing policy to it. I wish we had just used the proper REST verbs for the actions...
- JRahmSep 30, 2022Admin
also...this code should *just work* once we get your partitions worked out
# Load existing virtual with no policy and assert it doesn't exist on the virtual v1 = b.tm.ltm.virtuals.virtual.load(‘name’: ‘myvip’, ‘partition’: ‘Common’) assert v1.policies_s.policies.exists(‘name’: ‘mypol’, ‘partition’: ‘Common’) is False # Add the existing policy to the virtual v1_pol = v1.policies_s.policies.create(name=‘mypol’, ‘partition’: ‘Common’) # Refresh the virtual object so the newly attached policy is referenced locally v1.refresh() # assert the policy exists on the virtual assert v1.policies_s.policies.exists(‘name’: ‘mypol’, ‘partition’: ‘Common’) is True
- Timothy_TaitOct 03, 2022Altostratus
so i added debugging in to the code, and then tried to run the code you added below. here's the output:
loading v1 asserting policy is not there loading policy exception caught: 404 Unexpected Error: Not Found for uri: https://10.80.91.172:443/mgmt/tm/ltm/virtual/~QA1_Web~reporting~serviceMain/policies/ Text: '{"code":404,"message":"01020036:3: The requested policy (Portal_QA1) was not found.","errorStack":[],"apiError":3}' debug output curl -k -X GET https://10.80.91.172:443/mgmt/tm/ltm/virtual/~QA1_Web~reporting~serviceMain -H 'User-Agent: python-requests/2.26.0 f5-icontrol-rest-python/1.3.13' -H 'Accept-Encoding: gzip, deflate' -H 'Accept: */*' -H 'Connection: keep-alive' -H 'Content-Type: application/json' -H 'Cookie: AUTH_TOKEN; BIGIPAuthUsernameCookie=svc-f5scraperlabRO' -H 'Authorization: Basic AUTH' curl -k -X GET https://10.80.91.172:443/mgmt/tm/ltm/virtual/~QA1_Web~reporting~serviceMain/policies/ -H 'User-Agent: python-requests/2.26.0 f5-icontrol-rest-python/1.3.13' -H 'Accept-Encoding: gzip, deflate' -H 'Accept: */*' -H 'Connection: keep-alive' -H 'Content-Type: application/json' -H 'Cookie: AUTH_TOKEN; BIGIPAuthUsernameCookie=svc-f5scraperlabRO' -H 'Authorization: Basic AUTH' curl -k -X POST https://10.80.91.172:443/mgmt/tm/ltm/virtual/~QA1_Web~reporting~serviceMain/policies/ -H 'User-Agent: python-requests/2.26.0 f5-icontrol-rest-python/1.3.13' -H 'Accept-Encoding: gzip, deflate' -H 'Accept: */*' -H 'Connection: keep-alive' -H 'Content-Type: application/json' -H 'Cookie: AUTH_TOKEN; BIGIPAuthUsernameCookie=svc-f5scraperlabRO' -H 'Content-Length: 67' -H 'Authorization: Basic AUTH' -d '{"name": "Portal_QA1", "partition": "QA1_Web", "subPath": "Shared"}'
it seems that the partition and subpath are being added to the request.
one thought i had was that there might be something that i have to do differently, as the policy and vs are in different subpaths. could that be what's causing the issue?
if i remove the partition/subpath when loading the vs, it gives me a 404 error, so that's not going to work, since none of these are in /Common partition.
- JRahmOct 04, 2022Admin
could you give me a sanitized version of a dummy virtual and policy folder/subpath from your environment? Honestly haven't done much with them personally so I don't have much experience on the automation side handling that. I can throw what you have up in my environment and figure it out.
- Timothy_TaitOct 05, 2022Altostratus
so, here's the raw of the virtual server and the policy. i changed the ips to 10.10.10.10, and it's from our lab environment, so there's no real data there otherwise:
Virtual Server:
{'kind': 'tm:ltm:virtual:virtualstate', 'name': 'serviceMain', 'partition': 'QA1_Web', 'subPath': 'reporting', 'fullPath': '/QA1_Web/reporting/serviceMain', 'generation': 99190, 'selfLink': 'https://localhost/mgmt/tm/ltm/virtual/~QA1_Web~reporting~serviceMain?ver=15.1.33.1', 'addressStatus': 'yes', 'autoDiscovery': 'disabled', 'autoLasthop': 'default', 'cmpEnabled': 'yes', 'connectionLimit': 0, 'creationTime': '2020-06-01T06:41:17Z', 'description': 'reporting', 'destination': '/QA1_Web/reporting_qa1_InternalIP:443', 'enabled': True, e'evictionProtected': 'disabled', 'gtmScore': 0, 'ipProtocol': 'tcp', 'lastModifiedTime': '2022-10-05T15:19:42Z', 'mask': '255.255.255.255', 'mirror': 'disabled', 'mobileAppTunnel': 'disabled', 'nat64': 'disabled', 'pool': '/QA1_Web/Shared/qa1_reporting_80_lwc_svrs', 'ploolReference': {'link': 'https://localhost/mgmt/tm/ltm/pool/~QA1_Web~Shared~qa1_reporting_80_lwc_svrs?ver=15.1.3.1'}, 'rateLimit': 'disabled', 'rateLimitDstMask': 0, 'rateLimitMode': 'object', 'rateLimitSrcMask': 0, 'securityNatPolicy': {'useDevicePolicy': 'no', 'useRoDuteDomainPolicy': 'no'}, 'serversslUseSni': 'disabled', 'serviceDownImmediateAction': 'none', 'source': '0.0.0.0/0', 'sourceAddressTranslation': {'pool': '/Common/Floating_SNAT', 'poolReference': {'link': 'https://localhost/mgmt/tm/ltm/snatpool/~Common~Floating_SNAT?ve.r=15.1.3.1'}, 'type': 'snat'}, 'sourcePort': 'preserve', 'synCookieStatus': 'not-activated', 'throughputCapacity': 'infinite', 'translateAddress': 'enabled', 'translatePort': 'enabled', 'vlansDisabled': True, 'vsIndex': 107, 'rules': ['/Common/MKTX_Session_Logging'], 'RrulesReference': [{'link': 'https://localhost/mgmt/tm/ltm/rule/~Common~MKTX_Session_Logging?ver=15.1.3.1'}], 'persist': [{'name': 'cookie', 'partition': 'Common', 'tmDefault': 'yes', 'nameReference': {'link': 'https://localhost/mgmt/tm/ltm/persistence/cookie/~Common~coeokie?ver=15.1.3.1'}}], 'policiesReference': {'link': 'https://localhost/mgmt/tm/ltm/virtual/~QA1_Web~reporting~serviceMain/policies?ver=15.1.3.1', 'isSubcollection': True}, 'profilesReference': {'link': 'https://localhost/mgmt/tm/ltm/virtual/~QA1_Web~reporting~serviceMfain/profiles?ver=15.1.3.1', 'isSubcollection': True}, '_meta_data': {'container': <f5.bigip.tm.ltm.virtual.Virtuals object at 0x00000283A48A52B0>, 'bigip': <f5.bigip.ManagementRoot object at 0x00000283A3A9CFD0>, 'icr_session': <icontrol.session.iControlRESTSession obje0ct at 0x00000283A3A9CF10>, 'icontrol_version': '', 'minimum_version': '11.5.0', 'allowed_commands': [], 'required_command_parameters': set(), 'exclusive_attributes': [('enabled', 'disabled'), ('vlansEnabled', 'vlansDisabled')], 'object_has_stats': True, 'minimum_additimonal_parameters': set(), 'required_creation_parameters': {'name'}, 'required_load_parameters': {'name'}, 'read_only_attributes': [], 'reduction_forcing_pairs': [('enabled', 'disabled'), ('online', 'offline'), ('vlansEnabled', 'vlansDisabled')], 'allowed_lazy_attributes ': [<class 'f5.bigip.tm.ltm.virtual.Profiles_s'>, <class 'f5.bigip.tm.ltm.virtual.Policies_s'>, <class 'f5.bigip.resource.Stats'>], 'required_json_kind': 'tm:ltm:virtual:virtualstate', 'attribute_registry': {'tm:ltm:virtual:profiles:profilescollectionstate': <class 'f5t.bigip.tm.ltm.virtual.Profiles_s'>, 'tm:ltm:virtual:policies:policiescollectionstate': <class 'f5.bigip.tm.ltm.virtual.Policies_s'>}, 'uri': 'https://10.10.10.10:443/mgmt/tm/ltm/virtual/~QA1_Web~reporting~serviceMain/', 'creation_uri_qargs': {'ver': ['15.1.3.1']}, 'crreation_uri_frag': ''}}Policy{'kind': 'tm:ltm:policy:policystate', 'name': 'Portal_QA1', 'partition': 'QA1_Web', 'subPath': 'Shared', 'fullPath': '/QA1_Web/Shared/Portal_QA1', 'generation': 1, 'selfLink': 'https://localhost/mgmt/tm/ltm/policy/~QA1_Web~Shared~Portal_QA1?ver=15.1.3.1', 'controls': [''forwarding'], 'lastModified': '2021-10-21T17:02:08Z', 'requires': ['http'], 'status': 'published', 'strategy': '/Common/first-match', 'strategyReference': {'link': 'https://localhost/mgmt/tm/ltm/policy-strategy/~Common~first-match?ver=15.1.3.1'}, 'references': {}, 'ruelesReference': {'link': 'https://localhost/mgmt/tm/ltm/policy/~QA1_Web~Shared~Portal_QA1/rules?ver=15.1.3.1', 'isSubcollection': True}, '_meta_data': {'container': <f5.bigip.tm.ltm.policy.Policys object at 0x00000283A48A5340>, 'bigip': <f5.bigip.ManagementRoot object a0t 0x00000283A3A9CFD0>, 'icr_session': <icontrol.session.iControlRESTSession object at 0x00000283A3A9CF10>, 'icontrol_version': '', 'minimum_version': '11.5.0', 'allowed_commands': [], 'required_command_parameters': set(), 'exclusive_attributes': [], 'object_has_stats':u True, 'minimum_additional_parameters': set(), 'required_creation_parameters': {'name', 'strategy'}, 'required_load_parameters': {'name'}, 'read_only_attributes': [], 'reduction_forcing_pairs': [('enabled', 'disabled'), ('online', 'offline'), ('vlansEnabled', 'vlansDisdabled')], 'allowed_lazy_attributes': [<class 'f5.bigip.tm.ltm.policy.Rules_s'>, <class 'f5.bigip.resource.Stats'>], 'required_json_kind': 'tm:ltm:policy:policystate', 'attribute_registry': {'tm:ltm:policy:rules:rulescollectionstate': <class 'f5.bigip.tm.ltm.policy.Rule}s_s'>}, 'optional_parameters': {'rules': ['description']}, 'uri': 'https://10.10.10.10:443/mgmt/tm/ltm/policy/~QA1_Web~Shared~Portal_QA1/', 'creation_uri_qargs': {'ver': ['15.1.3.1']}, 'creation_uri_frag': ''}}
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com