AS3 GSLB_Pool - How to add members?
I am using AS3 to deploy LTM and DNS configs to a pair of standalone BIG-IPs in a DNS Sync Group. Everything works and I can add a virtual server to a GSLB_Pool if that virtual server is defined in this AS3 declaration. However, I need to add a virtual server to the pool that is in the other BIG-IP, configured as a server in a second data center. Auto discovery is configured but AS3 won't accept the second pool member saying that the object doesn't exist. See the snippet below. Obviously I haven't posted the whole thing but the red section is what fails. vs_prod_dc1 is defined in this declaration (redacted) but vs_prod_dc2 is defined in another declaration because it's for a different BIG-IP. What am I missing here? "DC1": { "class": "GSLB_Data_Center" }, "DC2": { "class": "GSLB_Data_Center" }, "F5-A": { "class": "GSLB_Server", "dataCenter": { "use": "DC1" }, "devices": [ { "address": "172.16.20.1" } ], "virtualServerDiscoveryMode": "enabled-no-delete" }, "F5-B": { "class": "GSLB_Server", "dataCenter": { "use": "DC2" }, "devices": [ { "address": "172.16.20.2" } ], "virtualServerDiscoveryMode": "enabled-no-delete" } "dns_pool_prod": { "class": "GSLB_Pool", "resourceRecordType": "A", "members": [ { "server": { "use": "/Common/Shared/F5-A" }, "virtualServer": { "use": "vs_prod_dc1" } }, { "server": { "use": "/Common/Shared/F5-B" }, "virtualServer": { "use": "vs_prod_dc2" } } ] }
HTTP Host Header replacement using AS3
I am using L7 policy within AS3 to manage my sites. I have a requirement where I need to modify the Host header before forwarding the request to the pool. I know this is easy in the GUI in the action section where I can just use replace HTTP Host. However, I do not see an action "replace" for the "Policy_Action_HTTP_Header" in the AS3 schema. Has anybody done this header replacement using AS3 ? Note : I would rather not to use "tcl:.." & am looking native L7 syntax. Any help would be greatly appreciated.
How to Match Dynamic URI Segments in AS3
Hello Folks, I am working with F5 BIG-IP’s AS3 and I need to configure it to match and handle URI paths that include dynamic segments, specifically numbers following a certain path prefix (e.g., https://website.com/firstpart/{dynamic_number}). However, I need to ensure that the configuration does not match or include any URIs that extend beyond the specific pattern, such as https://website.com/firstpart/specific or https://website.com/firstpart/specific/evenmorespecific. Is there a way within AS3 itself to handle these kinds of dynamic URIs directly, or would I need to integrate iRules to achieve this level of pattern matching? Any advice or examples would be greatly appreciated! Thank you!
AS3 Monitoring multiple ports selectively
Hi, I have nodes listening on port 80, 81, 82, 83. the port 80 is mandatory and at least one out of the other 3 ports is mandatory. with manual configuration, I put the port 80 monitor at the node level and the other 3 ports at pool member level. with AS3, the node level monitoring does not exist. what are the other options given that all my deployments are based on AS3. thanks. OMAS3 ACC Conversion
hi, I have a qkview extracted from a bigip r5600 running 17.1.1 version. I have imported the qkview to vscode and converted it to as3 using ACC. When I try to post the declaration, I have errors about ssl certificate not being found even though the certificates are in place. the fact is, when the configuration has been created in the first place on F5 via the GUI, there is no concept of PATH under domain partition, and now with AS3 I have this Shared App that has been added to the configuration. What is exactly the right process of converting to AS3 via ACC when the original configuration qkview file does not have any Application subfolder just Admin partition (i.e Tenant) ? here is the error I am getting right now { "id": "82530133-0b46-46c3-97a5-68766a5a663f", "results": [ { "code": 422, "message": "declaration failed", "response": "01070277:3: The requested key (/TENANT1/Mycert-2024) was not found.", "host": "localhost", "tenant": "TENANT1", "runTime": 2739, "declarationId": "urn:uuid:bdc310a7-31ad-4f07-bf96-2566912cd989" } ], "declaration": { "class": "ADC", "schemaVersion": "3.37.0", "id": "urn:uuid:bdc310a7-31ad-4f07-bf96-2566912cd989", "label": "Converted Declaration", "remark": "Generated by Automation Config Converter", "controls": { "class": "Controls", "userAgent": "vscode-f5/3.16.1", "archiveTimestamp": "2024-03-06T15:36:02.267Z" }, "updateMode": "selective" } } thanks.
AS3 add another VS to existing tenant
I have deployed the sample AS3 script to create a VS with pool and pool members from here: { "class": "AS3", "action": "deploy", "persist": true, "declaration": { "class": "ADC", "schemaVersion": "3.0.0", "id": "urn:uuid:33045210-3ab8-4636-9b2a-c98d22ab915d", "label": "Sample 1", "remark": "Simple HTTP Service with Round-Robin Load Balancing", "AS1": { "class": "Tenant", "A1": { "class": "Application", "template": "generic", "MyVS1": { "class": "Service_HTTP", "virtualAddresses": [ "10.0.1.11" ], "pool": "web_pool_1" }, "web_pool_1": { "class": "Pool", "monitors": [ "http" ], "members": [ { "servicePort": 80, "serverAddresses": [ "192.0.1.10", "192.0.1.11" ] } ] } } } } } Now I want to add another VS to the same tenant (same partition) but when I edit the above script and deploy this: { "class": "AS3", "action": "deploy", "persist": true, "declaration": { "class": "ADC", "schemaVersion": "3.0.0", "id": "urn:uuid:33045210-3ab8-4636-9b2a-c98d22ab915d", "label": "Sample 1", "remark": "Simple HTTP Service with Round-Robin Load Balancing", "AS1": { "class": "Tenant", "A1": { "class": "Application", "template": "generic", "MyVS2": { "class": "Service_HTTP", "virtualAddresses": [ "10.0.1.12" ], "pool": "web_pool_2" }, "web_pool_2": { "class": "Pool", "monitors": [ "http" ], "members": [ { "servicePort": 80, "serverAddresses": [ "192.0.1.12", "192.0.1.13" ] } ] } } } } } It replaces the old configuration and I only have MyVS2. How can I add MyVS2 to the current configuration without losing MyVS1?DELETE method with AS3 is too powerful !
Am I the only one totally freaking out about the fact that with AS3, you just have to send a DELETE method to mgmt/shared/appsvcs/declare and everything is gone ?? All your production system could be wiped off that easily ... From my understanding it's mandatory to have the administrator privilege to use AS3, and administrators can access all the partitions ; so you cannot even create users that would be allowed to manage only specific partitions ... It's all or nothing. In my opinion the least you should do is to get rid of this dangerous default behavior, and instead use the keyword "ALL" to remove all tenants ... ========================== Extract from the doc : Use DELETE to remove configurations for one or more declared Tenants from the target ADC. If you do not specify any Tenants, DELETE removes all of them, which is to say, it removes the entire declared configuration. Indicate the target device and Tenants to remove by appending elements to the main AS3 URL path (/mgmt/shared/appsvcs/declare). By default (just main URL) DELETE removes all Tenants from target localhost. DELETE examples: DELETEhttps://192.0.2.10/mgmt/shared/appsvcs/declare removes all tenants DELETEhttps://192.0.2.10/mgmt/shared/appsvcs/declare/T1,T2,T5 removes Tenants T1, T2, and T5 leaving the rest of the most recent declared configuration for localhost in place ========================== Does anyone agree, or have a suggestion to add some security ?
