Forum Discussion

Altostratus

Sep 28, 2022

Trying to assign a policy to a virtual server

i am trying to change policies on a virtual server, using the python sdk. i load the vs, i can load the existing policy on the vs, and delete it, but when i try to create a new policy for the vs, i ...

Oct 05, 2022

Ok...so I wasn't able to come up with the warm and fuzzy solution. I get the same error, and I'm not sure why. That said, I have a workaround for you. This works for me with your partition/folder structure loaded on my local test LTM:

# Use the modify method to PATCH the specific attribute that includes the policies list.
vip.modify(policiesReference={"items": [{"name": "Portal_QA1", "partition": "QA1_Web", "subPath": "Shared"}]})

# Since policies are subcollections, refresh with expandSubcollections attribute to validate at the vip level
vip.refresh(requests_params={'params': 'expandSubcollections=true'})

Timothy_Tait

Altostratus

so i added debugging in to the code, and then tried to run the code you added below. here's the output:

loading v1
asserting policy is not there
loading policy
exception caught: 404 Unexpected Error: Not Found for uri: https://10.80.91.172:443/mgmt/tm/ltm/virtual/~QA1_Web~reporting~serviceMain/policies/
Text: '{"code":404,"message":"01020036:3: The requested policy (Portal_QA1) was not found.","errorStack":[],"apiError":3}'
debug output
curl -k -X GET https://10.80.91.172:443/mgmt/tm/ltm/virtual/~QA1_Web~reporting~serviceMain -H 'User-Agent: python-requests/2.26.0 f5-icontrol-rest-python/1.3.13' -H 'Accept-Encoding: gzip, deflate' -H 'Accept: */*' -H 'Connection: keep-alive' -H 'Content-Type: application/json' -H 'Cookie: AUTH_TOKEN; BIGIPAuthUsernameCookie=svc-f5scraperlabRO' -H 'Authorization: Basic AUTH'
curl -k -X GET https://10.80.91.172:443/mgmt/tm/ltm/virtual/~QA1_Web~reporting~serviceMain/policies/ -H 'User-Agent: python-requests/2.26.0 f5-icontrol-rest-python/1.3.13' -H 'Accept-Encoding: gzip, deflate' -H 'Accept: */*' -H 'Connection: keep-alive' -H 'Content-Type: application/json' -H 'Cookie: AUTH_TOKEN; BIGIPAuthUsernameCookie=svc-f5scraperlabRO' -H 'Authorization: Basic AUTH'
curl -k -X POST https://10.80.91.172:443/mgmt/tm/ltm/virtual/~QA1_Web~reporting~serviceMain/policies/ -H 'User-Agent: python-requests/2.26.0 f5-icontrol-rest-python/1.3.13' -H 'Accept-Encoding: gzip, deflate' -H 'Accept: */*' -H 'Connection: keep-alive' -H 'Content-Type: application/json' -H 'Cookie: AUTH_TOKEN; BIGIPAuthUsernameCookie=svc-f5scraperlabRO' -H 'Content-Length: 67' -H 'Authorization: Basic AUTH' -d '{"name": "Portal_QA1", "partition": "QA1_Web", "subPath": "Shared"}'

it seems that the partition and subpath are being added to the request.

one thought i had was that there might be something that i have to do differently, as the policy and vs are in different subpaths. could that be what's causing the issue?

if i remove the partition/subpath when loading the vs, it gives me a 404 error, so that's not going to work, since none of these are in /Common partition.

JRahm

Admin

Oct 04, 2022

could you give me a sanitized version of a dummy virtual and policy folder/subpath from your environment? Honestly haven't done much with them personally so I don't have much experience on the automation side handling that. I can throw what you have up in my environment and figure it out.

Timothy_Tait
Altostratus
Oct 05, 2022
so, here's the raw of the virtual server and the policy. i changed the ips to 10.10.10.10, and it's from our lab environment, so there's no real data there otherwise:
Virtual Server:
{'kind': 'tm:ltm:virtual:virtualstate', 'name': 'serviceMain', 'partition': 'QA1_Web', 'subPath': 'reporting', 'fullPath': '/QA1_Web/reporting/serviceMain', 'generation': 99190, 'selfLink': 'https://localhost/mgmt/tm/ltm/virtual/~QA1_Web~reporting~serviceMain?ver=15.1.33.1', 'addressStatus': 'yes', 'autoDiscovery': 'disabled', 'autoLasthop': 'default', 'cmpEnabled': 'yes', 'connectionLimit': 0, 'creationTime': '2020-06-01T06:41:17Z', 'description': 'reporting', 'destination': '/QA1_Web/reporting_qa1_InternalIP:443', 'enabled': True, e
'evictionProtected': 'disabled', 'gtmScore': 0, 'ipProtocol': 'tcp', 'lastModifiedTime': '2022-10-05T15:19:42Z', 'mask': '255.255.255.255', 'mirror': 'disabled', 'mobileAppTunnel': 'disabled', 'nat64': 'disabled', 'pool': '/QA1_Web/Shared/qa1_reporting_80_lwc_svrs', 'ploolReference': {'link': 'https://localhost/mgmt/tm/ltm/pool/~QA1_Web~Shared~qa1_reporting_80_lwc_svrs?ver=15.1.3.1'}, 'rateLimit': 'disabled', 'rateLimitDstMask': 0, 'rateLimitMode': 'object', 'rateLimitSrcMask': 0, 'securityNatPolicy': {'useDevicePolicy': 'no', 'useRoDuteDomainPolicy': 'no'}, 'serversslUseSni': 'disabled', 'serviceDownImmediateAction': 'none', 'source': '0.0.0.0/0', 'sourceAddressTranslation': {'pool': '/Common/Floating_SNAT', 'poolReference': {'link': 'https://localhost/mgmt/tm/ltm/snatpool/~Common~Floating_SNAT?ve.r=15.1.3.1'}, 'type': 'snat'}, 'sourcePort': 'preserve', 'synCookieStatus': 'not-activated', 'throughputCapacity': 'infinite', 'translateAddress': 'enabled', 'translatePort': 'enabled', 'vlansDisabled': True, 'vsIndex': 107, 'rules': ['/Common/MKTX_Session_Logging'], 'RrulesReference': [{'link': 'https://localhost/mgmt/tm/ltm/rule/~Common~MKTX_Session_Logging?ver=15.1.3.1'}], 'persist': [{'name': 'cookie', 'partition': 'Common', 'tmDefault': 'yes', 'nameReference': {'link': 'https://localhost/mgmt/tm/ltm/persistence/cookie/~Common~coeokie?ver=15.1.3.1'}}], 'policiesReference': {'link': 'https://localhost/mgmt/tm/ltm/virtual/~QA1_Web~reporting~serviceMain/policies?ver=15.1.3.1', 'isSubcollection': True}, 'profilesReference': {'link': 'https://localhost/mgmt/tm/ltm/virtual/~QA1_Web~reporting~serviceMfain/profiles?ver=15.1.3.1', 'isSubcollection': True}, '_meta_data': {'container': <f5.bigip.tm.ltm.virtual.Virtuals object at 0x00000283A48A52B0>, 'bigip': <f5.bigip.ManagementRoot object at 0x00000283A3A9CFD0>, 'icr_session': <icontrol.session.iControlRESTSession obje0ct at 0x00000283A3A9CF10>, 'icontrol_version': '', 'minimum_version': '11.5.0', 'allowed_commands': [], 'required_command_parameters': set(), 'exclusive_attributes': [('enabled', 'disabled'), ('vlansEnabled', 'vlansDisabled')], 'object_has_stats': True, 'minimum_additimonal_parameters': set(), 'required_creation_parameters': {'name'}, 'required_load_parameters': {'name'}, 'read_only_attributes': [], 'reduction_forcing_pairs': [('enabled', 'disabled'), ('online', 'offline'), ('vlansEnabled', 'vlansDisabled')], 'allowed_lazy_attributes ': [<class 'f5.bigip.tm.ltm.virtual.Profiles_s'>, <class 'f5.bigip.tm.ltm.virtual.Policies_s'>, <class 'f5.bigip.resource.Stats'>], 'required_json_kind': 'tm:ltm:virtual:virtualstate', 'attribute_registry': {'tm:ltm:virtual:profiles:profilescollectionstate': <class 'f5t.bigip.tm.ltm.virtual.Profiles_s'>, 'tm:ltm:virtual:policies:policiescollectionstate': <class 'f5.bigip.tm.ltm.virtual.Policies_s'>}, 'uri': 'https://10.10.10.10:443/mgmt/tm/ltm/virtual/~QA1_Web~reporting~serviceMain/', 'creation_uri_qargs': {'ver': ['15.1.3.1']}, 'crreation_uri_frag': ''}}

Policy
{'kind': 'tm:ltm:policy:policystate', 'name': 'Portal_QA1', 'partition': 'QA1_Web', 'subPath': 'Shared', 'fullPath': '/QA1_Web/Shared/Portal_QA1', 'generation': 1, 'selfLink': 'https://localhost/mgmt/tm/ltm/policy/~QA1_Web~Shared~Portal_QA1?ver=15.1.3.1', 'controls': [''forwarding'], 'lastModified': '2021-10-21T17:02:08Z', 'requires': ['http'], 'status': 'published', 'strategy': '/Common/first-match', 'strategyReference': {'link': 'https://localhost/mgmt/tm/ltm/policy-strategy/~Common~first-match?ver=15.1.3.1'}, 'references': {}, 'ruelesReference': {'link': 'https://localhost/mgmt/tm/ltm/policy/~QA1_Web~Shared~Portal_QA1/rules?ver=15.1.3.1', 'isSubcollection': True}, '_meta_data': {'container': <f5.bigip.tm.ltm.policy.Policys object at 0x00000283A48A5340>, 'bigip': <f5.bigip.ManagementRoot object a0t 0x00000283A3A9CFD0>, 'icr_session': <icontrol.session.iControlRESTSession object at 0x00000283A3A9CF10>, 'icontrol_version': '', 'minimum_version': '11.5.0', 'allowed_commands': [], 'required_command_parameters': set(), 'exclusive_attributes': [], 'object_has_stats':u True, 'minimum_additional_parameters': set(), 'required_creation_parameters': {'name', 'strategy'}, 'required_load_parameters': {'name'}, 'read_only_attributes': [], 'reduction_forcing_pairs': [('enabled', 'disabled'), ('online', 'offline'), ('vlansEnabled', 'vlansDisdabled')], 'allowed_lazy_attributes': [<class 'f5.bigip.tm.ltm.policy.Rules_s'>, <class 'f5.bigip.resource.Stats'>], 'required_json_kind': 'tm:ltm:policy:policystate', 'attribute_registry': {'tm:ltm:policy:rules:rulescollectionstate': <class 'f5.bigip.tm.ltm.policy.Rule}s_s'>}, 'optional_parameters': {'rules': ['description']}, 'uri': 'https://10.10.10.10:443/mgmt/tm/ltm/policy/~QA1_Web~Shared~Portal_QA1/', 'creation_uri_qargs': {'ver': ['15.1.3.1']}, 'creation_uri_frag': ''}}
- JRahm
  Admin
  Oct 05, 2022
  Ok...so I wasn't able to come up with the warm and fuzzy solution. I get the same error, and I'm not sure why. That said, I have a workaround for you. This works for me with your partition/folder structure loaded on my local test LTM:
  
  # Use the modify method to PATCH the specific attribute that includes the policies list. vip.modify(policiesReference={"items": [{"name": "Portal_QA1", "partition": "QA1_Web", "subPath": "Shared"}]}) # Since policies are subcollections, refresh with expandSubcollections attribute to validate at the vip level vip.refresh(requests_params={'params': 'expandSubcollections=true'})
  - JRahm
    Admin
    Oct 05, 2022
    Also as an alternative to the f5-common-python module, I've been using bigrest, which was developed by one our our MVPs. It does less for you, but it's very straightforward and fully featured because of it for BIG-IP and BIG-IQ as well. Here's roughly the same thing in bigrest:
    
    from bigrest.bigip import BIGIP from bigrest.utils.utils import rest_format as rf b = BIGIP('ltm3.test.local', 'admin', 'admin') vip_remove_policies = b.modify(f"/mgmt/tm/ltm/virtual/{rf('/QA1_Web/reporting/ServiceMain')}", {"policiesReference": {"items": []}}) vip_add_policy = b.modify(f"/mgmt/tm/ltm/virtual/{rf('/QA1_Web/reporting/ServiceMain')}", {"policiesReference": {"items": [{"name": "Portal_QA1", "partition": "QA1_Web", "subPath": "Shared"}]}}) # I used this just to have quick view in my pycharm IDE of what's changing at only the name policies attributes of a virtual server. Not necessary at all to make changes vip_minimal = b.load(f"/mgmt/tm/ltm/virtual/{rf('/QA1_Web/reporting/ServiceMain')}?expandSubcollections=true&$select=name,policiesReference")
    
    Note here that you do not need to load an object to modify it. Also, the rest_format utility (shorted by my input as rf) handles all the / to ~ conversions for you.

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

Trying to assign a policy to a virtual server

Recent Discussions

Should config via cli rather than gui?

Background Tasks

APM Modern Customization - modify Header in user-common.js and form in user-logon.js

Which process is consuming higher CPU

F5 Health Monitor Receive String as JSON

Related Content

owa iapp assign irule

SSO Resource Assignment

Assign specific uri to a server\node in pool

Assigning pool for VS in port 4000

APM variable assign to trim ad group DN

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS