on
14-Feb-2019
05:00
- edited on
05-Jun-2023
21:49
by
JimmyPackets
This cookbook lists selected ready-to-use iControl REST curl commands for LTM policy related resources (the tmsh command
xxx ltm policy
). Each recipe consists of the curl command and it's tmsh equivallent.
See also
The iControl REST call returns both drafts and published policies: In the /Common partition, they are located under
/Common/Drafts
and /Common
respectively. On the other hand, the tmsh equivalent command outputs only the ones under the current folder.
list ltm policy
curl -sku admin:admin https://<host>/mgmt/tm/ltm/policy
To get a specific published policy, just add its name to the URI.
list ltm policy <PublishedPolicy>
curl -sku admin:admin https://<host>/mgmt/tm/ltm/policy/<PublishedPolicy>
To get a specific draft policy, add the full path to the policy. Note that '~' (tilde) is used instead of '/' (slash) for the path delimiter.
list ltm policy Drafts/<TestPolicy>
curl -sku admin:admin https://<host>/mgmt/tm/ltm/policy/~Common~Drafts~<TestPolicy>
The rules in a policy is stored in the subcollections, hence the above calls return only links to the rules. To get the contents of the rules, use the
expandSubcollections=true
query option.
curl -sku admin:admin https://<host>/mgmt/tm/ltm/policy/~Common~Drafts~<TestPolicy>?expandSubcollections=true
The following call will get all the rules in the draft policy.
list ltm policy Drafts/<TestPolicy> rules
curl -sku admin:admin https://<host>/mgmt/tm/ltm/policy/~Common~Drafts~<TestPolicy>/rules?expandSubcollections=true
For obtaining the particular one, run this.
curl -sku admin:admin https://<host>/mgmt/tm/ltm/policy/~Common~Drafts~<TestPolicy>/rules/<SampleRule>?expandSubcollections=true
The following call creates a new draft policy with the 'first-match' strategy. Note that the path to the policy inside the post data uses '/'.
create ltm policy Drafts/<TestPolicy> strategy first-match
curl -sku admin:admin https://<host>/mgmt/tm/ltm/policy \ -X POST -H "Content-type:application/json" \ -d '{"name":"/Common/Drafts/<TestPolicy>", "strategy":"first-match"}'
To create (copy) a draft policy from the existing draft policy, run this. Note that the path to the existing draft policy (
?options
argument) uses '/'.
create ltm policy /Common/Drafts/<TestPolicy2> copy-from /Common/Drafts/<TestPolicy>
curl -sku admin:admin https://<host>/mgmt/tm/ltm/policy?options=copy-from,/Common/Drafts/<TestPolicy> \ -X POST -H "Content-type:application/json" \ -d '{"name":"/Common/Drafts/<TestPolicy2>"}'
modify ltm policy Drafts/<TestPolicy> rules add { <SampleRule> { description sat1 } }
curl -sku admin:admin https://<host>/mgmt/tm/ltm/policy/~Common~Drafts~<TestPolicy>/rules \ -X POST -H "Content-type:application/json" \ -d '{"name":"<SampleRule>", "description":"sat1" }'
modify ltm policy Drafts/<TestPolicy> rules modify { <SampleRule> { description "Hello World"} }
curl -sku admin:admin https://<host>/mgmt/tm/ltm/policy/~Common~Drafts~<TestPolicy>/rules/<SampleRule> \ -X PATCH -H "Content-type:application/json" \ -d '{"description":"Hello World" }'
modify ltm policy Drafts/<TestPolicy> rules delete { <SampleRule> }
curl -sku admin:admin https://<host>/mgmt/tm/ltm/policy/~Common~Drafts~<TestPolicy>/rules/<SampleRule> -X DELETE
delete ltm policy Drafts/<TestPolicy>
curl -sku admin:admin https://<host>/mgmt/tm/ltm/policy/~Common~Drafts~<TestPolicy> -X DELETE
publish ltm policy Drafts/<TestPolicy>
curl -sku admin:admin https://<host>/mgmt/tm/ltm/policy \ -X POST -H "Content-type: application/json" \ -d '{"command":"publish", "name":"Drafts/<TestPolicy>"}'
modify ltm policy <PublishedPolicy> create-draft
curl -sku admin:admin https://<host>/mgmt/tm/ltm/policy/<PublishedPolicy>?options=create-draft \ -X PATCH -H "Content-type: application/json" \ -d '{}'
To replace the policies attached to a virtual with a specific published policy, run this
modify ltm virtual <vs> policies replace-all-with { <PublishedPolicy> }
curl -sku admin:admin https://<host>/mgmt/tm/ltm/virtual/<vs>/policies \ -H "Content-type: application/json" -X POST \ -d '{"name":<PublishedPolicy>}'
To remove the policies from a virtual, run this
curl -sku admin:admin https://<host>/mgmt/tm/ltm/virtual/<vs> \ -H "Content-type: application/json" -X PATCH \ -d '{"policiesReference":{ "items":[] } }'
It doesn't work for me the API for replace the policies attached to a virtual server,
curl -sku admin:default https://192.168.1.74/mgmt/tm/ltm/virtual/http_policy/policies \
-H "Content-type: application/json" -X POST \
-d '{"name":policy_sorrypage}' | jq . -M
{
"code": 400,
"message": "Found invalid JSON body in the request.",
"errorStack": [],
"apiError": 1
}
where is the error?
Tks
Is there a way to updaate policies associated to a VS and guarantee the order in which they are going to be executed. I have tried the following
curl -sku admin:admin https://<host>/mgmt/tm/ltm/virtual/~part1~VS1 \ -H "Content-type: application/json" -X PATCH \ -d '{"policiesReference":{ "items":[{"name":"policy1","partition":"part1"}, {"name":"policy2","partition":"Common"}] }}'
but when I look in the UI at the resources and policies assigned to the VS, the /Common/policy2 comes before "/part1/policy1" , where I want the/part1/policy1 to be executed first
Here is the get of the VS1/policies API, which also shows them in reversed order
{"kind":"tm:ltm:virtual:policies:policiescollectionstate","selfLink":"https://localhost/mgmt/tm/ltm/virtual/~part1~VS1/policies?ver=13.1.1","items":[{"kind":"tm:ltm:virtual:policies:policiesstate","name":"policy2","partition":"Common","fullPath":"/Common/policy2","generation":23587,"selfLink":"https://localhost/mgmt/tm/ltm/virtual/~part1~VS1/policies/~Common~policy2?ver=13.1.1"},{"kind":"tm:ltm:virtual:policies:policiesstate","name":"policy1","partition":"part1","fullPath":"/part1/policy1","generation":23587,"selfLink":"https://localhost/mgmt/tm/ltm/virtual/~part1~VS1/policies/~part1~policy1?ver=13.1.1"}]}