27-Apr-2022 10:20
A colleague asks:
We are channeling multiple applications through a single virtual server, and are using SNI to make it all work. Today, we are at 1 base client ssl profile and 57 SNI profiles, and I’m trying to add one more.
I can make this add happen immediately in the GUI, but it took just over 20 minutes via Ansible REST call. It used to take 6 minutes when there were about half as many profiles, so I’m guessing the REST call attempts a large transactional lock and the required time is going to expand exponentially.
Is the REST API up to this kind of task? Is there a better way?
Thanks. --Kevin O'Neil
Solved! Go to Solution.
24-May-2022 09:28
We submitted a case to f5 Support. Here is their response:
==============================
Basically, you can use the 'check_profiles' option to greatly decrease the time that the script take to run:
https://docs.ansible.com/ansible/latest/collections/f5networks/f5_modules/bigip_virtual_server_modul...
Now, in regards of the questions you had:
Why that particular script takes so long to execute? Is it because it had to check every profile? And if so, the more profile the more it will take to check every profile?
>>Yes, based on the test outcome we provided above, it does look like the profile validation for a long list of profiles is causing the delay.
- Is there any ansible module that will just add a profile instead of replacing all of them each time?
- Is there any other module besides "bigip_virtual_server module" that could do modification to a virtual server that could work faster?
>> Unfortunately, no for both. We're moving to a declarative collection using AS3. see here-
https://clouddocs.f5.com/products/orchestration/ansible/devel/f5_bigip/f5_bigip.html
=============================
28-Apr-2022 06:07
Thanks Paul123. That's a good document for a Client SSL profile but it has no information about my particular question. Nothing in there about limits or API or REST. There is a link to Configure a virtual server to serve multiple HTTPS sites using the TLS Server Name Indication featur... That's good background info too. But I'm still seeking answers. I think I'll have to open a case with F5 Support.
28-Apr-2022 15:52
@kco - that previous response was a spammer, unfortunately. Sorry about that.
24-May-2022 09:28
We submitted a case to f5 Support. Here is their response:
==============================
Basically, you can use the 'check_profiles' option to greatly decrease the time that the script take to run:
https://docs.ansible.com/ansible/latest/collections/f5networks/f5_modules/bigip_virtual_server_modul...
Now, in regards of the questions you had:
Why that particular script takes so long to execute? Is it because it had to check every profile? And if so, the more profile the more it will take to check every profile?
>>Yes, based on the test outcome we provided above, it does look like the profile validation for a long list of profiles is causing the delay.
- Is there any ansible module that will just add a profile instead of replacing all of them each time?
- Is there any other module besides "bigip_virtual_server module" that could do modification to a virtual server that could work faster?
>> Unfortunately, no for both. We're moving to a declarative collection using AS3. see here-
https://clouddocs.f5.com/products/orchestration/ansible/devel/f5_bigip/f5_bigip.html
=============================