Forum Discussion

kco's avatar
kco
Icon for Altostratus rankAltostratus
Apr 27, 2022
Solved

limit to number of clientssl profiles

A colleague asks: We are channeling multiple applications through a single virtual server, and are using SNI to make it all work. Today, we are at 1 base client ssl profile and 57 SNI profiles, and ...
  • kco's avatar
    May 24, 2022

    We submitted a case to f5 Support. Here is their response:

    ==============================

    Basically, you can use the 'check_profiles' option to greatly decrease the time that the script take to run:
    https://docs.ansible.com/ansible/latest/collections/f5networks/f5_modules/bigip_virtual_server_module.html#parameter-check_profiles

    Now, in regards of the questions you had:

    Why that particular script takes so long to execute? Is it because it had to check every profile? And if so, the more profile the more it will take to check every profile?

    >>Yes, based on the test outcome we provided above, it does look like the profile validation for a long list of profiles is causing the delay.

    - Is there any ansible module that will just add a profile instead of replacing all of them each time?
    - Is there any other module besides "bigip_virtual_server module" that could do modification to a virtual server that could work faster?

    >> Unfortunately, no for both. We're moving to a declarative collection using AS3. see here-

    https://clouddocs.f5.com/products/orchestration/ansible/devel/f5_bigip/f5_bigip.html

    =============================