F5 - AS3 - BIGIQ / BIGIP SchemaVersion Missunderstanding
Dear community, I was wondering about the AS3 version currently used in order to deploy my AS3 on my BIG-IP target through BIG-IQ. BIG-IQ should install this current AS3 version on F5 BIG-IP target when deploying AS3 declaration. Checking on my BIG-IQ, 3.44.0 curl -sk -H "Content-Type: application/json" -H "X-F5-Auth-Token: $TOKEN" -X GET "https://$BIGIQ/mgmt/shared/appsvcs/info" {"version":"3.44.0","release":"3","schemaCurrent":"3.44.0","schemaMinimum":"3.0.0"} Checking on my F5 BIG-IP, v 3.44.0 #pwd /var/config/rest/iapps/f5-appsvcs # cat version 3.44.0-3 My current AS3 declaration (I'm manually forcing schemaVersion) through BIG-IQ : { "class": "AS3", "action": "patch", "schemaVersion": "3.44.0", "patchBody": [ { "class": "ADC", "schemaVersion": "3.44.0", "target": { "address": "X.X.X.X" }, "op": "add", "path": "/Automation/APP_TEST_1.2.12.140_446", "value": { "class": "Application", "remark": "REFERENCE : NULL_REFERENCE_20241109215237", "schemaOverlay": "AS3-F5-HTTPS-PASSTHROUGH-lb-template-big-iq", .... etc } Application Deployment logs from my BIG-IQ : At the bottom : "schemaVersion": "3.12.0" I don't understand why it's using this older schemaVersion, it should use the current 3.44.0. Is there any policy on BIG-IQ that can enforce this weird behavior ? { "id": "autogen_a4c95a0f-13e3-4078-92c3-3a8e6ea6f10c", "class": "ADC", "controls": { "class": "Controls", "userAgent": "BIG-IQ/8.3 Configured by API" }, "Automation": { "class": "Tenant", "APP_TEST_1.2.12.140_446": { "class": "Application", "remark": "REFERENCE : NULL_REFERENCE_20241109215237", "template": "tcp", "serviceMain": { "pool": "/Automation/APP_TEST_1.2.12.140_446/HTTPS_443_pool", "class": "Service_TCP", "enable": true, "profileTCP": { "use": "/Automation/APP_TEST_1.2.12.140_446/HTTPS_443_tcp_profile" }, "virtualPort": 446, "virtualAddresses": [ "1.2.12.140" ], "persistenceMethods": [ "source-address" ], "profileAnalyticsTcp": { "use": "/Automation/APP_TEST_1.2.12.140_446/Analytics_TCP_Profile" } }, "HTTPS_443_pool": { "class": "Pool", "members": [ { "adminState": "enable", "shareNodes": true, "servicePort": 443, "serverAddresses": [ "1.2.12.13" ] } ], "monitors": [ { "use": "/Automation/APP_TEST_1.2.12.140_446/HTTPS_443_monitor" } ], "loadBalancingMode": "least-connections-member" }, "HTTPS_443_monitor": { "send": "GET /\r\n", "class": "Monitor", "receive": "none", "targetPort": 443, "monitorType": "http", "adaptiveWindow": 180, "adaptiveLimitMilliseconds": 1000, "adaptiveDivergencePercentage": 100 }, "Analytics_TCP_Profile": { "class": "Analytics_TCP_Profile", "collectCity": false, "collectRegion": true, "collectCountry": true, "collectNexthop": false, "collectPostCode": false, "collectContinent": true, "collectRemoteHostIp": false, "collectedByClientSide": true, "collectedByServerSide": true, "collectRemoteHostSubnet": true }, "HTTPS_443_tcp_profile": { "class": "TCP_Profile", "synMaxRetrans": 3, "finWaitTimeout": 5 } } }, "updateMode": "selective", "schemaVersion": "3.12.0" } Thanks in advance for your help !
Creating External Monitors via AS3
I am trying to create an external monitor via AS3 using a script that exists as part of a gitlab project. See: https://clouddocs.f5.com/products/extensions/f5-appsvcs-extension/latest/refguide/schema-reference.html#monitor-external F5 provides an examplehere. exert: "mNewExternalMonitorFile": { "class": "Monitor", "monitorType": "external", "interval": 5, "upInterval": 0, "timeUntilUp": 0, "timeout": 16, "expand": false, "script": { "url": "https://example.com/monitor.sh" }, "environmentVariables": { "USER": "example" } } I am able to do this exact thing with the url portion replaced with a local resource. However, I need to be able to provide authentication/authorization details to the resource. There are other resources in AS3 that use the propertyResource_URL. Unfortunately I can't use this because of the way Monitor_External is configured. Alternatively, is there a way for me to point to the local BigIP "/shared" directory and pull the script from there?
HTTP Host Header replacement using AS3
I am using L7 policy within AS3 to manage my sites. I have a requirement where I need to modify the Host header before forwarding the request to the pool. I know this is easy in the GUI in the action section where I can just use replace HTTP Host. However, I do not see an action "replace" for the "Policy_Action_HTTP_Header" in the AS3 schema. Has anybody done this header replacement using AS3 ? Note : I would rather not to use "tcl:.." & am looking native L7 syntax. Any help would be greatly appreciated.
AS3 GSLB_Pool - How to add members?
I am using AS3 to deploy LTM and DNS configs to a pair of standalone BIG-IPs in a DNS Sync Group. Everything works and I can add a virtual server to a GSLB_Pool if that virtual server is defined in this AS3 declaration. However, I need to add a virtual server to the pool that is in the other BIG-IP, configured as a server in a second data center. Auto discovery is configured but AS3 won't accept the second pool member saying that the object doesn't exist. See the snippet below. Obviously I haven't posted the whole thing but the red section is what fails. vs_prod_dc1 is defined in this declaration (redacted) but vs_prod_dc2 is defined in another declaration because it's for a different BIG-IP. What am I missing here? "DC1": { "class": "GSLB_Data_Center" }, "DC2": { "class": "GSLB_Data_Center" }, "F5-A": { "class": "GSLB_Server", "dataCenter": { "use": "DC1" }, "devices": [ { "address": "172.16.20.1" } ], "virtualServerDiscoveryMode": "enabled-no-delete" }, "F5-B": { "class": "GSLB_Server", "dataCenter": { "use": "DC2" }, "devices": [ { "address": "172.16.20.2" } ], "virtualServerDiscoveryMode": "enabled-no-delete" } "dns_pool_prod": { "class": "GSLB_Pool", "resourceRecordType": "A", "members": [ { "server": { "use": "/Common/Shared/F5-A" }, "virtualServer": { "use": "vs_prod_dc1" } }, { "server": { "use": "/Common/Shared/F5-B" }, "virtualServer": { "use": "vs_prod_dc2" } } ] }How to Match Dynamic URI Segments in AS3
Hello Folks, I am working with F5 BIG-IP’s AS3 and I need to configure it to match and handle URI paths that include dynamic segments, specifically numbers following a certain path prefix (e.g., https://website.com/firstpart/{dynamic_number}). However, I need to ensure that the configuration does not match or include any URIs that extend beyond the specific pattern, such as https://website.com/firstpart/specific or https://website.com/firstpart/specific/evenmorespecific. Is there a way within AS3 itself to handle these kinds of dynamic URIs directly, or would I need to integrate iRules to achieve this level of pattern matching? Any advice or examples would be greatly appreciated! Thank you!
AS3 Monitoring multiple ports selectively
Hi, I have nodes listening on port 80, 81, 82, 83. the port 80 is mandatory and at least one out of the other 3 ports is mandatory. with manual configuration, I put the port 80 monitor at the node level and the other 3 ports at pool member level. with AS3, the node level monitoring does not exist. what are the other options given that all my deployments are based on AS3. thanks. OM
