cancel
Showing results for 
Search instead for 
Did you mean: 
Login & Join the DevCentral Connects Group to watch the Recorded LiveStream (May 12) on Basic iControl Security - show notes included.

Modify local traffic policy from CLI or API

Dave_Noonan
Cirrus
Cirrus

I recently got enjoy the GUI for local traffic policy management and determined that it's an abomination. You can't duplicate a policy so it's click-click-click all the way through to add eight near identical policies. You can't rename so that one where I forgot to update the name, delete and rebuild. Oh, and there's no true default policy so if you have one that's supposed to be the default you need to manually drag it to the end of the list.

 

The request boiled down to, if the URI starts with /A send it to A-pool, /B send to B-pool, etc. This is really tedious in the GUI.

 

Is there a better way to do it?

 

Please tell me there are CLI examples that I didn't find yesterday or that there's an API call I could have made to do this.

 

Thanks

1 ACCEPTED SOLUTION

Hello Dave.

 

You could list your configuration with "list ltm policy ..", copy this to a notepad and modify everything you want and import this to current configuration using "merge" command.

 

It's really easy to use.

REF - https://support.f5.com/csp/article/K81271448

 

KR,

Dario.

Regards,
Dario.

View solution in original post

8 REPLIES 8

Dave_Noonan
Cirrus
Cirrus

Forgot to add that in olden times (6 years ago) I'd have done this with an iRule and updating it would have taken 5-10 minutes instead of an hour of click-click-click.

JRahm
Community Manager
Community Manager

Hi Dave, you can use the python sdk to work with the policies via api. Examples are here in our functional tests.

Hello Dave.

 

You could list your configuration with "list ltm policy ..", copy this to a notepad and modify everything you want and import this to current configuration using "merge" command.

 

It's really easy to use.

REF - https://support.f5.com/csp/article/K81271448

 

KR,

Dario.

Regards,
Dario.

That sounds perfect. I found the list but didn't know how to get the modified config back into the F5. Was thinking maybe API could pass it in or something.

As I said, you can do it with "merge" command.

 

One example.

 

1.- Take the current config of nodes with "tmsh list ltm node".

# tmsh list ltm node ltm node N-WEB1_172.16.100.1 { address 172.16.100.1 }

2.- Use notepad to duplicate and modify this config.

ltm node N-WEB2_172.16.100.2 { address 172.16.100.2 } ltm node N-WEB3_172.16.100.3 { address 172.16.100.3 } ltm node N-WEB4_172.16.100.4 { address 172.16.100.4 }

3.- Verify that the config is well-written and valid (paste config after executing the command and press CTRL+D).

# tmsh load sys config merge from-terminal verify Enter configuration. Press CTRL-D to submit or CTRL-C to cancel. ltm node N-WEB2_172.16.100.2 { address 172.16.100.2 } ltm node N-WEB3_172.16.100.3 { address 172.16.100.3 } ltm node N-WEB4_172.16.100.4 { address 172.16.100.4 } Validating configuration...

4.- Finally apply configuration (paste config after executing the command and press CTRL+D).

# tmsh load sys config merge from-terminal Enter configuration. Press CTRL-D to submit or CTRL-C to cancel. ltm node N-WEB2_172.16.100.2 { address 172.16.100.2 } ltm node N-WEB3_172.16.100.3 { address 172.16.100.3 } ltm node N-WEB4_172.16.100.4 { address 172.16.100.4 } Loading configuration...

5.- Verify that the config was applied correctly.

# tmsh list ltm node ltm node N-WEB1_172.16.100.1 { address 172.16.100.1 } ltm node N-WEB2_172.16.100.2 { address 172.16.100.2 } ltm node N-WEB3_172.16.100.3 { address 172.16.100.3 } ltm node N-WEB4_172.16.100.4 { address 172.16.100.4 }

6. Save current config into the startup-config.

# tmsh save sys config Saving running configuration... /config/bigip.conf /config/bigip_base.conf /config/bigip_user.conf Saving Ethernet mapping...done

Let me know if this helps.

 

KR,

Dario.

Regards,
Dario.

Thank you for the examples!

 

I haven't read the whole article yet but was assuming I needed to create a file on the F5 with my modified config snippet. The from-terminal option makes it even better.

Hello Dave.

 

BTW, if you want it's even possible to execute "merge" command through API REST.

URL: https://bigiphostname/mgmt/tm/sys/config Method: POST Payload: {“command”:”load”, “options”:[{“file”: “/var/config/rest/downloads/uploaded_file_name”, “merge”:true}]}

But if you are not familiar with iControl REST, I recommend you to use the TMSH command because it's easier.

 

REF - https://devcentral.f5.com/s/articles/demystifying-icontrol-rest-merging-big-ip-config-files-19636

 

If my reply suits you, please don't forget to mark the answer as "the best". Thanks.

 

KR,

Dario.

Regards,
Dario.

Got to use this today. Much easier than the GUI. Thanks again.