Forum Discussion

Altostratus

Sep 28, 2022

Trying to assign a policy to a virtual server

i am trying to change policies on a virtual server, using the python sdk. i load the vs, i can load the existing policy on the vs, and delete it, but when i try to create a new policy for the vs, i ...

Oct 05, 2022

Ok...so I wasn't able to come up with the warm and fuzzy solution. I get the same error, and I'm not sure why. That said, I have a workaround for you. This works for me with your partition/folder structure loaded on my local test LTM:

# Use the modify method to PATCH the specific attribute that includes the policies list.
vip.modify(policiesReference={"items": [{"name": "Portal_QA1", "partition": "QA1_Web", "subPath": "Shared"}]})

# Since policies are subcollections, refresh with expandSubcollections attribute to validate at the vip level
vip.refresh(requests_params={'params': 'expandSubcollections=true'})

JRahm

Admin

Looks like your partition is not being added to the request URI. You can try debug to see what the curl command would be outright, copy that out, add your partition, and see if that works. Then we can troubleshoot why it's not being added. Try removing the subPath kwarg as well.

>>> mgmt = ManagementRoot('ltm3.test.local', 'admin', 'admin', debug=True) # set on instantiation
>>> mgmt.debug = True  # turn on after instantiation
>>> mgmt.debug = False # turn off
>>> for x in mgmt.debug_output:
...... print(x)

output will show you with curl what the request URI looks like. You can iterate through the debug_ouput list after you run your commands that fail.

Also, the nomenclature of "create" is pretty weird, but it is create on the virtual to add an existing policy to it. I wish we had just used the proper REST verbs for the actions...

Timothy_Tait

Altostratus

Oct 03, 2022

so i added debugging in to the code, and then tried to run the code you added below. here's the output:

loading v1
asserting policy is not there
loading policy
exception caught: 404 Unexpected Error: Not Found for uri: https://10.80.91.172:443/mgmt/tm/ltm/virtual/~QA1_Web~reporting~serviceMain/policies/
Text: '{"code":404,"message":"01020036:3: The requested policy (Portal_QA1) was not found.","errorStack":[],"apiError":3}'
debug output
curl -k -X GET https://10.80.91.172:443/mgmt/tm/ltm/virtual/~QA1_Web~reporting~serviceMain -H 'User-Agent: python-requests/2.26.0 f5-icontrol-rest-python/1.3.13' -H 'Accept-Encoding: gzip, deflate' -H 'Accept: */*' -H 'Connection: keep-alive' -H 'Content-Type: application/json' -H 'Cookie: AUTH_TOKEN; BIGIPAuthUsernameCookie=svc-f5scraperlabRO' -H 'Authorization: Basic AUTH'
curl -k -X GET https://10.80.91.172:443/mgmt/tm/ltm/virtual/~QA1_Web~reporting~serviceMain/policies/ -H 'User-Agent: python-requests/2.26.0 f5-icontrol-rest-python/1.3.13' -H 'Accept-Encoding: gzip, deflate' -H 'Accept: */*' -H 'Connection: keep-alive' -H 'Content-Type: application/json' -H 'Cookie: AUTH_TOKEN; BIGIPAuthUsernameCookie=svc-f5scraperlabRO' -H 'Authorization: Basic AUTH'
curl -k -X POST https://10.80.91.172:443/mgmt/tm/ltm/virtual/~QA1_Web~reporting~serviceMain/policies/ -H 'User-Agent: python-requests/2.26.0 f5-icontrol-rest-python/1.3.13' -H 'Accept-Encoding: gzip, deflate' -H 'Accept: */*' -H 'Connection: keep-alive' -H 'Content-Type: application/json' -H 'Cookie: AUTH_TOKEN; BIGIPAuthUsernameCookie=svc-f5scraperlabRO' -H 'Content-Length: 67' -H 'Authorization: Basic AUTH' -d '{"name": "Portal_QA1", "partition": "QA1_Web", "subPath": "Shared"}'

it seems that the partition and subpath are being added to the request.

one thought i had was that there might be something that i have to do differently, as the policy and vs are in different subpaths. could that be what's causing the issue?

if i remove the partition/subpath when loading the vs, it gives me a 404 error, so that's not going to work, since none of these are in /Common partition.

JRahm
Admin
Oct 04, 2022
could you give me a sanitized version of a dummy virtual and policy folder/subpath from your environment? Honestly haven't done much with them personally so I don't have much experience on the automation side handling that. I can throw what you have up in my environment and figure it out.
- Timothy_Tait
  Altostratus
  Oct 05, 2022
  so, here's the raw of the virtual server and the policy. i changed the ips to 10.10.10.10, and it's from our lab environment, so there's no real data there otherwise:
  Virtual Server:
  {'kind': 'tm:ltm:virtual:virtualstate', 'name': 'serviceMain', 'partition': 'QA1_Web', 'subPath': 'reporting', 'fullPath': '/QA1_Web/reporting/serviceMain', 'generation': 99190, 'selfLink': 'https://localhost/mgmt/tm/ltm/virtual/~QA1_Web~reporting~serviceMain?ver=15.1.33.1', 'addressStatus': 'yes', 'autoDiscovery': 'disabled', 'autoLasthop': 'default', 'cmpEnabled': 'yes', 'connectionLimit': 0, 'creationTime': '2020-06-01T06:41:17Z', 'description': 'reporting', 'destination': '/QA1_Web/reporting_qa1_InternalIP:443', 'enabled': True, e
  'evictionProtected': 'disabled', 'gtmScore': 0, 'ipProtocol': 'tcp', 'lastModifiedTime': '2022-10-05T15:19:42Z', 'mask': '255.255.255.255', 'mirror': 'disabled', 'mobileAppTunnel': 'disabled', 'nat64': 'disabled', 'pool': '/QA1_Web/Shared/qa1_reporting_80_lwc_svrs', 'ploolReference': {'link': 'https://localhost/mgmt/tm/ltm/pool/~QA1_Web~Shared~qa1_reporting_80_lwc_svrs?ver=15.1.3.1'}, 'rateLimit': 'disabled', 'rateLimitDstMask': 0, 'rateLimitMode': 'object', 'rateLimitSrcMask': 0, 'securityNatPolicy': {'useDevicePolicy': 'no', 'useRoDuteDomainPolicy': 'no'}, 'serversslUseSni': 'disabled', 'serviceDownImmediateAction': 'none', 'source': '0.0.0.0/0', 'sourceAddressTranslation': {'pool': '/Common/Floating_SNAT', 'poolReference': {'link': 'https://localhost/mgmt/tm/ltm/snatpool/~Common~Floating_SNAT?ve.r=15.1.3.1'}, 'type': 'snat'}, 'sourcePort': 'preserve', 'synCookieStatus': 'not-activated', 'throughputCapacity': 'infinite', 'translateAddress': 'enabled', 'translatePort': 'enabled', 'vlansDisabled': True, 'vsIndex': 107, 'rules': ['/Common/MKTX_Session_Logging'], 'RrulesReference': [{'link': 'https://localhost/mgmt/tm/ltm/rule/~Common~MKTX_Session_Logging?ver=15.1.3.1'}], 'persist': [{'name': 'cookie', 'partition': 'Common', 'tmDefault': 'yes', 'nameReference': {'link': 'https://localhost/mgmt/tm/ltm/persistence/cookie/~Common~coeokie?ver=15.1.3.1'}}], 'policiesReference': {'link': 'https://localhost/mgmt/tm/ltm/virtual/~QA1_Web~reporting~serviceMain/policies?ver=15.1.3.1', 'isSubcollection': True}, 'profilesReference': {'link': 'https://localhost/mgmt/tm/ltm/virtual/~QA1_Web~reporting~serviceMfain/profiles?ver=15.1.3.1', 'isSubcollection': True}, '_meta_data': {'container': <f5.bigip.tm.ltm.virtual.Virtuals object at 0x00000283A48A52B0>, 'bigip': <f5.bigip.ManagementRoot object at 0x00000283A3A9CFD0>, 'icr_session': <icontrol.session.iControlRESTSession obje0ct at 0x00000283A3A9CF10>, 'icontrol_version': '', 'minimum_version': '11.5.0', 'allowed_commands': [], 'required_command_parameters': set(), 'exclusive_attributes': [('enabled', 'disabled'), ('vlansEnabled', 'vlansDisabled')], 'object_has_stats': True, 'minimum_additimonal_parameters': set(), 'required_creation_parameters': {'name'}, 'required_load_parameters': {'name'}, 'read_only_attributes': [], 'reduction_forcing_pairs': [('enabled', 'disabled'), ('online', 'offline'), ('vlansEnabled', 'vlansDisabled')], 'allowed_lazy_attributes ': [<class 'f5.bigip.tm.ltm.virtual.Profiles_s'>, <class 'f5.bigip.tm.ltm.virtual.Policies_s'>, <class 'f5.bigip.resource.Stats'>], 'required_json_kind': 'tm:ltm:virtual:virtualstate', 'attribute_registry': {'tm:ltm:virtual:profiles:profilescollectionstate': <class 'f5t.bigip.tm.ltm.virtual.Profiles_s'>, 'tm:ltm:virtual:policies:policiescollectionstate': <class 'f5.bigip.tm.ltm.virtual.Policies_s'>}, 'uri': 'https://10.10.10.10:443/mgmt/tm/ltm/virtual/~QA1_Web~reporting~serviceMain/', 'creation_uri_qargs': {'ver': ['15.1.3.1']}, 'crreation_uri_frag': ''}}
  
  Policy
  {'kind': 'tm:ltm:policy:policystate', 'name': 'Portal_QA1', 'partition': 'QA1_Web', 'subPath': 'Shared', 'fullPath': '/QA1_Web/Shared/Portal_QA1', 'generation': 1, 'selfLink': 'https://localhost/mgmt/tm/ltm/policy/~QA1_Web~Shared~Portal_QA1?ver=15.1.3.1', 'controls': [''forwarding'], 'lastModified': '2021-10-21T17:02:08Z', 'requires': ['http'], 'status': 'published', 'strategy': '/Common/first-match', 'strategyReference': {'link': 'https://localhost/mgmt/tm/ltm/policy-strategy/~Common~first-match?ver=15.1.3.1'}, 'references': {}, 'ruelesReference': {'link': 'https://localhost/mgmt/tm/ltm/policy/~QA1_Web~Shared~Portal_QA1/rules?ver=15.1.3.1', 'isSubcollection': True}, '_meta_data': {'container': <f5.bigip.tm.ltm.policy.Policys object at 0x00000283A48A5340>, 'bigip': <f5.bigip.ManagementRoot object a0t 0x00000283A3A9CFD0>, 'icr_session': <icontrol.session.iControlRESTSession object at 0x00000283A3A9CF10>, 'icontrol_version': '', 'minimum_version': '11.5.0', 'allowed_commands': [], 'required_command_parameters': set(), 'exclusive_attributes': [], 'object_has_stats':u True, 'minimum_additional_parameters': set(), 'required_creation_parameters': {'name', 'strategy'}, 'required_load_parameters': {'name'}, 'read_only_attributes': [], 'reduction_forcing_pairs': [('enabled', 'disabled'), ('online', 'offline'), ('vlansEnabled', 'vlansDisdabled')], 'allowed_lazy_attributes': [<class 'f5.bigip.tm.ltm.policy.Rules_s'>, <class 'f5.bigip.resource.Stats'>], 'required_json_kind': 'tm:ltm:policy:policystate', 'attribute_registry': {'tm:ltm:policy:rules:rulescollectionstate': <class 'f5.bigip.tm.ltm.policy.Rule}s_s'>}, 'optional_parameters': {'rules': ['description']}, 'uri': 'https://10.10.10.10:443/mgmt/tm/ltm/policy/~QA1_Web~Shared~Portal_QA1/', 'creation_uri_qargs': {'ver': ['15.1.3.1']}, 'creation_uri_frag': ''}}
  - JRahm
    Admin
    Oct 05, 2022
    Ok...so I wasn't able to come up with the warm and fuzzy solution. I get the same error, and I'm not sure why. That said, I have a workaround for you. This works for me with your partition/folder structure loaded on my local test LTM:
    
    # Use the modify method to PATCH the specific attribute that includes the policies list. vip.modify(policiesReference={"items": [{"name": "Portal_QA1", "partition": "QA1_Web", "subPath": "Shared"}]}) # Since policies are subcollections, refresh with expandSubcollections attribute to validate at the vip level vip.refresh(requests_params={'params': 'expandSubcollections=true'})

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

Trying to assign a policy to a virtual server

Recent Discussions

APM with EntraID as idP / request signed

Should config via cli rather than gui?

Background Tasks

APM Modern Customization - modify Header in user-common.js and form in user-logon.js

Which process is consuming higher CPU

Related Content

owa iapp assign irule

SSO Resource Assignment

Assign specific uri to a server\node in pool

Assigning pool for VS in port 4000

APM variable assign to trim ad group DN

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS