bednarcm
Apr 22, 2022Nimbostratus
AS3 and SSL Orchestrator profiles
Hi,
Is there possible to enable SSLO (existing application topology) inside AS3 declaration? BIG-IP 15.1
I've got Access Profile and Policy Per-Request prepared via SSLO configurator. When I try to enable it via declaration... :
"profileAccess": {
"bigip": "/Common/ssloDefault_accessProfile"
},
"policyPerRequestAccess": {
"bigip": "/Common/ssloP_mysslo.app/ssloP_mysslo_per_req_policy"
}
... I get an error message:
"code": 422,
"message": "declaration failed",
"response": "01b40017:3: Configuration error: Virtual Server (/Sample_01/Application_1/serviceMain) with Access Profile of type sslo is not compatible with profile of type (rba).",
But there is no RBA profile in this declaration. Whole F5 example based declaration:
{
"class": "AS3",
"action": "deploy",
"persist": true,
"declaration": {
"class": "ADC",
"schemaVersion": "3.35.0",
"id": "example-declaration-01",
"label": "Sample 1",
"remark": "Simple HTTP application with round robin pool",
"Sample_01": {
"class": "Tenant",
"defaultRouteDomain": 0,
"Application_1": {
"class": "Application",
"template": "http",
"serviceMain": {
"class": "Service_HTTP",
"virtualAddresses": [
"10.10.10.10"
],
"pool": "web_pool",
"profileAccess": {
"bigip": "/Common/ssloDefault_accessProfile"
},
"policyPerRequestAccess": {
"bigip": "/Common/ssloP_mysslo.app/ssloP_mysslo_per_req_policy"
}
},
"web_pool": {
"class": "Pool",
"monitors": [
"http"
],
"members": [
{
"servicePort": 80,
"serverAddresses": [
"192.0.1.10",
"192.0.1.11"
]
}
]
}
}
}
}
}
I can apply SSLO to this Virtual Server manually after service creation, but it doesn't work via AS3.
What can be wrong?