Help
Technical Forum
Ask questions. Discover Answers.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Technical Forum Quicklinks: No Replies | Active-Not Solved | Recent Solutions

limit to number of clientssl profiles

Go to solution
kco
Altostratus
Altostratus

‎27-Apr-2022 10:20

A colleague asks:

We are channeling multiple applications through a single virtual server, and are using SNI to make it all work. Today, we are at 1 base client ssl profile and 57 SNI profiles, and I’m trying to add one more.

I can make this add happen immediately in the GUI, but it took just over 20 minutes via Ansible REST call. It used to take 6 minutes when there were about half as many profiles, so I’m guessing the REST call attempts a large transactional lock and the required time is going to expand exponentially.

Is the REST API up to this kind of task?  Is there a better way?

Thanks.  --Kevin O'Neil

 

Labels:
0 Kudos
1 ACCEPTED SOLUTION

Go to solution
kco
Altostratus
Altostratus

‎24-May-2022 09:28

We submitted a case to f5 Support. Here is their response:

==============================

Basically, you can use the 'check_profiles' option to greatly decrease the time that the script take to run:
https://docs.ansible.com/ansible/latest/collections/f5networks/f5_modules/bigip_virtual_server_modul...

Now, in regards of the questions you had:

Why that particular script takes so long to execute? Is it because it had to check every profile? And if so, the more profile the more it will take to check every profile?

>>Yes, based on the test outcome we provided above, it does look like the profile validation for a long list of profiles is causing the delay.

- Is there any ansible module that will just add a profile instead of replacing all of them each time?
- Is there any other module besides "bigip_virtual_server module" that could do modification to a virtual server that could work faster?

>> Unfortunately, no for both. We're moving to a declarative collection using AS3. see here-

https://clouddocs.f5.com/products/orchestration/ansible/devel/f5_bigip/f5_bigip.html

=============================

View solution in original post

3 REPLIES 3

Go to solution
kco
Altostratus
Altostratus
In response to Paul123

‎28-Apr-2022 06:07

Thanks Paul123. That's a good document for a Client SSL profile but it has no information about my particular question. Nothing in there about limits or API or REST.  There is a link to Configure a virtual server to serve multiple HTTPS sites using the TLS Server Name Indication featur... That's good background info too. But I'm still seeking answers. I think I'll have to open a case with F5 Support.

0 Kudos

Go to solution
LiefZimmerman
Community Manager
Community Manager

‎28-Apr-2022 15:52

@kco - that previous response was a spammer, unfortunately. Sorry about that. 

0 Kudos

Go to solution
kco
Altostratus
Altostratus

‎24-May-2022 09:28

We submitted a case to f5 Support. Here is their response:

==============================

Basically, you can use the 'check_profiles' option to greatly decrease the time that the script take to run:
https://docs.ansible.com/ansible/latest/collections/f5networks/f5_modules/bigip_virtual_server_modul...

Now, in regards of the questions you had:

Why that particular script takes so long to execute? Is it because it had to check every profile? And if so, the more profile the more it will take to check every profile?

>>Yes, based on the test outcome we provided above, it does look like the profile validation for a long list of profiles is causing the delay.

- Is there any ansible module that will just add a profile instead of replacing all of them each time?
- Is there any other module besides "bigip_virtual_server module" that could do modification to a virtual server that could work faster?

>> Unfortunately, no for both. We're moving to a declarative collection using AS3. see here-

https://clouddocs.f5.com/products/orchestration/ansible/devel/f5_bigip/f5_bigip.html

=============================

Copyright © 2023 Khoros, LLC