iControl REST Cookbook - LTM policy (ltm policy)
This cookbook lists selected ready-to-use iControl REST curl commands for LTM policy related resources (the tmsh command
xxx ltm policy
). Each recipe consists of the curl command and it's tmsh equivallent.
See also
- iControl REST Cookbook - Virtual Server (ltm virtual) - for the list of curl options.
- K33749970: Managing local traffic policies on the BIG-IP system using the tmsh utility (12.1.0 and later) - for tmsh commands for LTM policies.
Get a list of policies
The iControl REST call returns both drafts and published policies: In the /Common partition, they are located under
/Common/Drafts
and /Common
respectively. On the other hand, the tmsh equivalent command outputs only the ones under the current folder.
list ltm policy
curl -sku admin:admin https://<host>/mgmt/tm/ltm/policy
To get a specific published policy, just add its name to the URI.
list ltm policy <PublishedPolicy>
curl -sku admin:admin https://<host>/mgmt/tm/ltm/policy/<PublishedPolicy>
To get a specific draft policy, add the full path to the policy. Note that '~' (tilde) is used instead of '/' (slash) for the path delimiter.
list ltm policy Drafts/<TestPolicy>
curl -sku admin:admin https://<host>/mgmt/tm/ltm/policy/~Common~Drafts~<TestPolicy>
The rules in a policy is stored in the subcollections, hence the above calls return only links to the rules. To get the contents of the rules, use the
expandSubcollections=true
query option.
curl -sku admin:admin https://<host>/mgmt/tm/ltm/policy/~Common~Drafts~<TestPolicy>?expandSubcollections=true
Get the rules of a policy
The following call will get all the rules in the draft policy.
list ltm policy Drafts/<TestPolicy> rules
curl -sku admin:admin https://<host>/mgmt/tm/ltm/policy/~Common~Drafts~<TestPolicy>/rules?expandSubcollections=true
For obtaining the particular one, run this.
curl -sku admin:admin https://<host>/mgmt/tm/ltm/policy/~Common~Drafts~<TestPolicy>/rules/<SampleRule>?expandSubcollections=true
Create a draft policy
The following call creates a new draft policy with the 'first-match' strategy. Note that the path to the policy inside the post data uses '/'.
create ltm policy Drafts/<TestPolicy> strategy first-match
curl -sku admin:admin https://<host>/mgmt/tm/ltm/policy \ -X POST -H "Content-type:application/json" \ -d '{"name":"/Common/Drafts/<TestPolicy>", "strategy":"first-match"}'
To create (copy) a draft policy from the existing draft policy, run this. Note that the path to the existing draft policy (
?options
argument) uses '/'.
create ltm policy /Common/Drafts/<TestPolicy2> copy-from /Common/Drafts/<TestPolicy>
curl -sku admin:admin https://<host>/mgmt/tm/ltm/policy?options=copy-from,/Common/Drafts/<TestPolicy> \ -X POST -H "Content-type:application/json" \ -d '{"name":"/Common/Drafts/<TestPolicy2>"}'
Adding a rule to the draft policy
modify ltm policy Drafts/<TestPolicy> rules add { <SampleRule> { description sat1 } }
curl -sku admin:admin https://<host>/mgmt/tm/ltm/policy/~Common~Drafts~<TestPolicy>/rules \ -X POST -H "Content-type:application/json" \ -d '{"name":"<SampleRule>", "description":"sat1" }'
Modifying the rule
modify ltm policy Drafts/<TestPolicy> rules modify { <SampleRule> { description "Hello World"} }
curl -sku admin:admin https://<host>/mgmt/tm/ltm/policy/~Common~Drafts~<TestPolicy>/rules/<SampleRule> \ -X PATCH -H "Content-type:application/json" \ -d '{"description":"Hello World" }'
Deleting the rule from the draft policy
modify ltm policy Drafts/<TestPolicy> rules delete { <SampleRule> }
curl -sku admin:admin https://<host>/mgmt/tm/ltm/policy/~Common~Drafts~<TestPolicy>/rules/<SampleRule> -X DELETE
Deleging the draft policy
delete ltm policy Drafts/<TestPolicy>
curl -sku admin:admin https://<host>/mgmt/tm/ltm/policy/~Common~Drafts~<TestPolicy> -X DELETE
Publishing the draft policy
publish ltm policy Drafts/<TestPolicy>
curl -sku admin:admin https://<host>/mgmt/tm/ltm/policy \ -X POST -H "Content-type: application/json" \ -d '{"command":"publish", "name":"Drafts/<TestPolicy>"}'
Creating the draft policy from a published policy
modify ltm policy <PublishedPolicy> create-draft
curl -sku admin:admin https://<host>/mgmt/tm/ltm/policy/<PublishedPolicy>?options=create-draft \ -X PATCH -H "Content-type: application/json" \ -d '{}'
Modifying a virtual
To replace the policies attached to a virtual with a specific published policy, run this
modify ltm virtual <vs> policies replace-all-with { <PublishedPolicy> }
curl -sku admin:admin https://<host>/mgmt/tm/ltm/virtual/<vs>/policies \ -H "Content-type: application/json" -X POST \ -d '{"name":<PublishedPolicy>}'
To remove the policies from a virtual, run this
curl -sku admin:admin https://<host>/mgmt/tm/ltm/virtual/<vs> \ -H "Content-type: application/json" -X PATCH \ -d '{"policiesReference":{ "items":[] } }'
- PHL1212Nimbostratus
How you do the same with transactions ? it doesn't work for me... Publishing seems to have problems....
- MMarco_77Cirrus
It doesn't work for me the API for replace the policies attached to a virtual server,
curl -sku admin:default https://192.168.1.74/mgmt/tm/ltm/virtual/http_policy/policies \
-H "Content-type: application/json" -X POST \
-d '{"name":policy_sorrypage}' | jq . -M
{
"code": 400,
"message": "Found invalid JSON body in the request.",
"errorStack": [],
"apiError": 1
}
where is the error?
Tks
- JRahmAdmin
, the policy_sorrypage should also be in quotes.
- MMarco_77Cirrus
Thank you! I had solved in any case, if necessary I share you
/Marco
- cjw94022Nimbostratus
Is there a way to updaate policies associated to a VS and guarantee the order in which they are going to be executed. I have tried the following
curl -sku admin:admin https://<host>/mgmt/tm/ltm/virtual/~part1~VS1 \ -H "Content-type: application/json" -X PATCH \ -d '{"policiesReference":{ "items":[{"name":"policy1","partition":"part1"}, {"name":"policy2","partition":"Common"}] }}'
but when I look in the UI at the resources and policies assigned to the VS, the /Common/policy2 comes before "/part1/policy1" , where I want the/part1/policy1 to be executed first
- cjw94022Nimbostratus
Here is the get of the VS1/policies API, which also shows them in reversed order
{"kind":"tm:ltm:virtual:policies:policiescollectionstate","selfLink":"https://localhost/mgmt/tm/ltm/virtual/~part1~VS1/policies?ver=13.1.1","items":[{"kind":"tm:ltm:virtual:policies:policiesstate","name":"policy2","partition":"Common","fullPath":"/Common/policy2","generation":23587,"selfLink":"https://localhost/mgmt/tm/ltm/virtual/~part1~VS1/policies/~Common~policy2?ver=13.1.1"},{"kind":"tm:ltm:virtual:policies:policiesstate","name":"policy1","partition":"part1","fullPath":"/part1/policy1","generation":23587,"selfLink":"https://localhost/mgmt/tm/ltm/virtual/~part1~VS1/policies/~part1~policy1?ver=13.1.1"}]}