cancel
Showing results for 
Search instead for 
Did you mean: 
Login & Join the DevCentral Connects Group to watch the Recorded LiveStream (May 12) on Basic iControl Security - show notes included.

Add/Remove ServerSSL profile on a Virtual Server using SDK

mshoaib
Altocumulus
Altocumulus

Hi,

 

I am trying to add/remove ServerSSL profile to a Virtual Server using F5 SDK.

 

I have the following script that will read the current profiles from the Virtual Server but I don't get my head around how to use .update() to delete a "serverSSL" profile if exist

 

from f5.bigip import ManagementRoot import getpass, sys   # Variable Section BigIP = "172.31.129.70" BigIP_username = "mshoaib" vip_name = 'www.example.com-https' BigIP_password = getpass.getpass(prompt='Enter password: ', stream=None)   # Connect to BigIP f5_mgmt = ManagementRoot(BigIP, BigIP_username, BigIP_password)   # Load VIP first vip_info = f5_mgmt.tm.ltm.virtuals.virtual.load(name=vip_name, partition='Common')   # Read all profiles pf_info =  vip_info.profiles_s.get_collection()   pf_list_before = []   print("Profiles before deletion:") for a, pf in enumerate(pf_info):   print(a,pf.name)   pf_list_before.append(pf.name) print(pf_list_before)     pf_list_after = [] print("--------") for index, pf in enumerate(pf_info):   if pf.name == 'serverssl':     print("  Removing Server SSL")     pf_info.pop(index)   print("Profiles after deletion: ") for a, pf in enumerate(pf_info):   print(a,pf.name)   pf_list_after.append(pf.name)   print(pf_list_after)

 

 

Out put is :

 

 

[mshoaib@ca01net03 new_domain]$ python3.6 update-profiles.py Enter password: Profiles before deletion: 0 http_XForwardedFor 1 oneconnect 2 serverssl 3 tcp-lan-optimized 4 tcp-wan-optimized 5 wildcard.example.com-ssl ['http_XForwardedFor', 'oneconnect', 'serverssl', 'tcp-lan-optimized', 'tcp-wan-optimized', 'wildcard.example.com-ssl'] --------   Removing Server SSL Profiles after deletion: 0 http_XForwardedFor 1 oneconnect 2 tcp-lan-optimized 3 tcp-wan-optimized 4 wildcard.example.com-ssl ['http_XForwardedFor', 'oneconnect', 'tcp-lan-optimized', 'tcp-wan-optimized', 'wildcard.example.com-ssl'] [mshoaib@ca01net03 new_domain]$

Equivalent TMSH CLI are :

 

tmsh modify ltm virtual www.example.com-https profiles add { serverssl }

tmsh modify ltm virtual www.example.com-https profiles delete { serverssl }  

 

I appreciate any code snippet or link.

 

Thanks,

Muhammad

2 REPLIES 2

mshoaib
Altocumulus
Altocumulus

I came across  BIGREST and found it much cleaner and easier to use.

I learned the syntax and developed the solution using BIGREST instead of f5-common-pyton.

Thank you Leonardo.

 

Below is the code snippet that will toggle Server side SSL profile.

 

# Connect to BigIP domain_name = "www.example.com-https" b = BIGIP(ip, username, password)   # Load the Profiles on a virtual server profiles = b.load(f"/mgmt/tm/ltm/virtual/{rest_format(domain_name)}/profiles")   print(f"List of Profiles attached to {domain_name}") profile_context_list = [] for p in profiles: profile_context_list.append(p.properties["context"]) print(profile_context_list)   if "serverside" in profile_context_list: print("Serverside SSL applied") print("Deleting Serverside SSL profile") path = ( f"/mgmt/tm/ltm/virtual/{rest_format(domain_name)}/profiles/{rest_format(profile_name)}" ) b.delete(path) else: print("Serverside SSL doesn't applied") print("Adding Serverside SSL Profile") data = {} data["name"] = profile_name data["context"] = "serverside" b.create(f"/mgmt/tm/ltm/virtual/{rest_format(domain_name)}/profiles", data)

Complete code is here :

https://github.com/mshoaibshafi/nre-tools/tree/main/f5

 

 

Leonardo_Souza
Cirrocumulus
Cirrocumulus

Yes, the f5-common-python is a little bit complicated and more difficult to maintain the SDK code.

That is why I wrote BIGREST.

 

I used f5-common-python a lot before, and I now use BIGREST.

Most of the stuff I create is because I need and what exist needed improvement, or what I need does not exist at all.

Anyway, it is always good to see it helped other people as well.