Add/Remove ServerSSL profile on a Virtual Server using SDK

mshoaib · ‎21-Nov-2020

Hi,

I am trying to add/remove ServerSSL profile to a Virtual Server using F5 SDK.

I have the following script that will read the current profiles from the Virtual Server but I don't get my head around how to use .update() to delete a "serverSSL" profile if exist

from f5.bigip import ManagementRoot
import getpass, sys
 
# Variable Section
BigIP = "172.31.129.70"
BigIP_username = "mshoaib"
vip_name = 'www.example.com-https'
BigIP_password = getpass.getpass(prompt='Enter password: ', stream=None)
 
# Connect to BigIP
f5_mgmt = ManagementRoot(BigIP, BigIP_username, BigIP_password)
 
# Load VIP first
vip_info = f5_mgmt.tm.ltm.virtuals.virtual.load(name=vip_name, partition='Common')
 
# Read all profiles
pf_info =  vip_info.profiles_s.get_collection()
 
pf_list_before = []
 
print("Profiles before deletion:")
for a, pf in enumerate(pf_info):
  print(a,pf.name)
  pf_list_before.append(pf.name)
print(pf_list_before)
 
 
pf_list_after = []
print("--------")
for index, pf in enumerate(pf_info):
  if pf.name == 'serverssl':
    print("  Removing Server SSL")
    pf_info.pop(index)
 
print("Profiles after deletion: ")
for a, pf in enumerate(pf_info):
  print(a,pf.name)
  pf_list_after.append(pf.name)
 
print(pf_list_after)

Out put is :

[mshoaib@ca01net03 new_domain]$ python3.6 update-profiles.py
Enter password:
Profiles before deletion:
0 http_XForwardedFor
1 oneconnect
2 serverssl
3 tcp-lan-optimized
4 tcp-wan-optimized
5 wildcard.example.com-ssl
['http_XForwardedFor', 'oneconnect', 'serverssl', 'tcp-lan-optimized', 'tcp-wan-optimized', 'wildcard.example.com-ssl']
--------
  Removing Server SSL
Profiles after deletion:
0 http_XForwardedFor
1 oneconnect
2 tcp-lan-optimized
3 tcp-wan-optimized
4 wildcard.example.com-ssl
['http_XForwardedFor', 'oneconnect', 'tcp-lan-optimized', 'tcp-wan-optimized', 'wildcard.example.com-ssl']
[mshoaib@ca01net03 new_domain]$

Equivalent TMSH CLI are :

tmsh modify ltm virtual www.example.com-https profiles add { serverssl }

tmsh modify ltm virtual www.example.com-https profiles delete { serverssl }

I appreciate any code snippet or link.

Thanks,

Muhammad

mshoaib · ‎27-Nov-2020

I came across BIGREST and found it much cleaner and easier to use.

I learned the syntax and developed the solution using BIGREST instead of f5-common-pyton.

Thank you Leonardo.

Below is the code snippet that will toggle Server side SSL profile.

# Connect to BigIP
domain_name = "www.example.com-https"
b = BIGIP(ip, username, password)
 
# Load the Profiles on a virtual server
profiles = b.load(f"/mgmt/tm/ltm/virtual/{rest_format(domain_name)}/profiles")
 
print(f"List of Profiles attached to {domain_name}")
profile_context_list = []
for p in profiles:
    profile_context_list.append(p.properties["context"])
print(profile_context_list)
 
if "serverside" in profile_context_list:
    print("Serverside SSL applied")
    print("Deleting Serverside SSL profile")
    path = (
      f"/mgmt/tm/ltm/virtual/{rest_format(domain_name)}/profiles/{rest_format(profile_name)}"
    )
    b.delete(path)
else:
    print("Serverside SSL doesn't applied")
    print("Adding Serverside SSL Profile")
    data = {}
    data["name"] = profile_name
    data["context"] = "serverside"
    b.create(f"/mgmt/tm/ltm/virtual/{rest_format(domain_name)}/profiles", data)

Complete code is here :

https://github.com/mshoaibshafi/nre-tools/tree/main/f5

Leonardo_Souza · ‎29-Nov-2020

Yes, the f5-common-python is a little bit complicated and more difficult to maintain the SDK code.

That is why I wrote BIGREST.

I used f5-common-python a lot before, and I now use BIGREST.

Most of the stuff I create is because I need and what exist needed improvement, or what I need does not exist at all.

Anyway, it is always good to see it helped other people as well.

DevCentral

Add/Remove ServerSSL profile on a Virtual Server using SDK