Technical Forum
Ask questions. Discover Answers.
cancel
Showing results for 
Search instead for 
Did you mean: 
Custom Alert Banner

F5 APM: Deleting domain-groups entries / trim list

Cory_O
Cirrus
Cirrus

Hey everyone,

When I go to remove some domain-groups, I'll use the following CLI command as an example:

 

 

tmsh modify apm profile access MYACCESSPROFILE_LTM-APM_access_profile domain-groups delete { authdomain5 authdomain6 authdomain9 }

 

 

The problem is, running this command leaves "holes" in that it doesn't trim the rest of the list down.  In other words, the above command will leave authdomain6, authdomain6, and authdomain9 objects empty instead of shortening the entire list by 3.

Is there a CLI command to trim down the list and remove the empty objects?

Thanks!

4 REPLIES 4

G-Rob
F5 Employee
F5 Employee

Cory,

Which version of TMOS are you using? This should be reported via support case, I believe. 

Thanks

Good morning!

I've seen this issue across TMOS versions 12.1.5.3 and 14.1.5.3 thus far.

If I run this command, three new objects are created in the positions mentioned:

tmsh modify apm profile access MYACCESSPROFILE_LTM-APM_access_profile domain-groups add { authdomain47 { cookie-domain none cookie-host testapp1.iamaserver.com httponly-cookie false persistent-cookie false secure-cookie true sso-name none } authdomain48 { cookie-domain none cookie-host testapp2.iamaserver.com httponly-cookie false persistent-cookie false secure-cookie true sso-name none } authdomain49 { cookie-domain none cookie-host testapp3.iamaserver.com httponly-cookie false persistent-cookie false secure-cookie true sso-name none } }

I then run the commands to Apply the Access Policy and save.  Following this, I can run the following command to list the new entries:

tmsh list apm profile access MYACCESSPROFILE_LTM-APM_access_profile domain-groups

The end of the results shows up as expected:

        authdomain47 {
            app-service none
            cookie-domain none
            cookie-host testapp1.iamaserver.com
            httponly-cookie false
            persistent-cookie false
            secure-cookie true
            sso-name none
        }
        authdomain48 {
            app-service none
            cookie-domain none
            cookie-host testapp2.iamaserver.com
            httponly-cookie false
            persistent-cookie false
            secure-cookie true
            sso-name none
        }
        authdomain49 {
            app-service none
            cookie-domain none
            cookie-host testapp3.iamaserver.com
            httponly-cookie false
            persistent-cookie false
            secure-cookie true
            sso-name none
        }
    }
}

Now I'll try deleting authdomain48:

tmsh modify apm profile access MYACCESSPROFILE_LTM-APM_access_profile domain-groups delete { authdomain48 }

I apply the Access Profile, save, and run another list.  This time, you'll see the result is missing authdomain 48 instead of consolidating 49 to position 48:

        authdomain47 {
            app-service none
            cookie-domain none
            cookie-host testapp1.iamaserver.com
            httponly-cookie false
            persistent-cookie false
            secure-cookie true
            sso-name none
        }
        authdomain49 {
            app-service none
            cookie-domain none
            cookie-host testapp3.iamaserver.com
            httponly-cookie false
            persistent-cookie false
            secure-cookie true
            sso-name none
        }
    }
}

Deleting the entries via the GUI has the same effect.  That's why I was just looking for a command to trim the list down.  I can open a SR if that's what you suggest. 

Cory_O
Cirrus
Cirrus

At this juncture, unless told otherwise, I would imagine using the replace-all-with command instead of delete would be the only way to "consolidate" the list as the entries appear to remain static.  This can obviously be tedious if you have a significant amount of entries to re-order, but I imagine that would work.  Let me know what everyone thinks and tap "Accept as Solution" if you agree.

I would agree with this. I do not believe that TMOS is viewing that as a sequential list, thus replace-all-with may be easier if you want sequential naming.