How to get all servers in a GTM pool (Python f5-sdk)
I am sure this is quite simple but I can't find reference to this in documentation. pool = mgmt.tm.gtm.pools.a_s.a.load(name='poolname') Once i've loaded it, how can I see what servers are in this pool and get their name(s)? I would also like to do the same with wideips, gather all pools in each one to see if a particular pool is being used by it. (Version 12)
Add/Remove ServerSSL profile on a Virtual Server using SDK
Hi, I am trying to add/remove ServerSSL profile to a Virtual Server using F5 SDK. I have the following script that will read the current profiles from the Virtual Server but I don't get my head around how to use .update() to delete a "serverSSL" profile if exist from f5.bigip import ManagementRoot import getpass, sys # Variable Section BigIP = "172.31.129.70" BigIP_username = "mshoaib" vip_name = 'www.example.com-https' BigIP_password = getpass.getpass(prompt='Enter password: ', stream=None) # Connect to BigIP f5_mgmt = ManagementRoot(BigIP, BigIP_username, BigIP_password) # Load VIP first vip_info = f5_mgmt.tm.ltm.virtuals.virtual.load(name=vip_name, partition='Common') # Read all profiles pf_info = vip_info.profiles_s.get_collection() pf_list_before = [] print("Profiles before deletion:") for a, pf in enumerate(pf_info): print(a,pf.name) pf_list_before.append(pf.name) print(pf_list_before) pf_list_after = [] print("--------") for index, pf in enumerate(pf_info): if pf.name == 'serverssl': print(" Removing Server SSL") pf_info.pop(index) print("Profiles after deletion: ") for a, pf in enumerate(pf_info): print(a,pf.name) pf_list_after.append(pf.name) print(pf_list_after) Out put is : [mshoaib@ca01net03 new_domain]$ python3.6 update-profiles.py Enter password: Profiles before deletion: 0 http_XForwardedFor 1 oneconnect 2 serverssl 3 tcp-lan-optimized 4 tcp-wan-optimized 5 wildcard.example.com-ssl ['http_XForwardedFor', 'oneconnect', 'serverssl', 'tcp-lan-optimized', 'tcp-wan-optimized', 'wildcard.example.com-ssl'] -------- Removing Server SSL Profiles after deletion: 0 http_XForwardedFor 1 oneconnect 2 tcp-lan-optimized 3 tcp-wan-optimized 4 wildcard.example.com-ssl ['http_XForwardedFor', 'oneconnect', 'tcp-lan-optimized', 'tcp-wan-optimized', 'wildcard.example.com-ssl'] [mshoaib@ca01net03 new_domain]$ Equivalent TMSH CLI are : tmsh modify ltm virtual www.example.com-https profiles add { serverssl } tmsh modify ltm virtual www.example.com-https profiles delete { serverssl } I appreciate any code snippet or link. Thanks, Muhammad
F5-SDK : How to update Virtual Address Traffic Group
I have an Active-Active LTM Deployment. Virtual Servers ( and Virtual Addresses ) are split between two units. I am trying to use F5-SDK to update traffic group so that VS/VA will move between two units. Vars BigIP_IP = "10.10.100.100" V_IP = "172.31.13.151:80" New_TG = "/Common/traffic-group-2" Connect new_mgmt = ManagementRoot(BigIP_IP, username, password) Load v_a_info = new_mgmt.tm.ltm.virtual_address_s.load(name=V_IP, partition='Common') Assign new TG v_a_info.trafficGroup = New_TG Update Virtual Address v_a_info.modify(v_a_info.trafficGroup) But getting this Error : Traceback (most recent call last): File "update-virtual-address-traffic-group.py", line 13, in v_a_info = new_mgmt.tm.ltm.virtual_address_s.load(name=V_IP, partition='Common') File "/usr/lib/python3.6/site-packages/f5/bigip/resource.py", line 655, in load raise InvalidResource(error_message) f5.sdk_exception.InvalidResource: Only Resources support 'load'. Then found out that "Virtual Addresses" are "Collections" and I able to read them fine using below command and loop through all attributes of a Virtual Address: v_a_info = new_mgmt.tm.ltm.virtual_address_s.get_collection() But then questions comes up how to update an Attribute of a "Virtual Address" in a Collection and push it back to the LTM to implement the change Versions F5-SDK : 3.0.20 LTM : 12.1.2 HF2 I highly appreciate any help or link to resolve this issue -Muhammad
Create Address List, Port List, Firewall Policy, Firewall rules with F5 Python SDK
Hello! I really like the detailed documentation for the Traffic Managment Shell. There would be a section and then all the information for each component (ex: virtual server) would be there. However, there seems to not be real detailed examples or information for the F5 SDK. Yes, there's a bunch of examples for how to build a pool and add members. Would someone please be so kind as to help me know how to create an address-list, port-list, firewall policy, firewall rule, as well as how to build a virtual server and link it all together? I already figured it all out with the TMSH, but it's not a viable path anymore. I have to do this with the python F5 SDK. I keep seeing params being listed in the documentation but no detail of what the parameters are in the same way that the TMSH documentation is very user friendly. Thank you so much!Enabling OCSP stapling via f5-sdk fails
I want to enable OCSP stapling for a lot of clientSSL profiles, so I thought if'd use the f5-sdk python library. However, my tests so far fail miserably, even without trying to change the actual setting. Here's what I tested: #! /usr/bin/env python3 from f5.bigip import ManagementRoot mgmt = ManagementRoot("hostname", "username", "password") profile = mgmt.tm.ltm.profile.client_ssls.client_ssl.load(partition="Common", name="myprofile") print(profile.ocspStapling) profile.update() This print the current ocpStapling value ('disabled'), but updating the unchanged profile fails: $ python3 ocsp-test2.py disabled Traceback (most recent call last): File "ocsp-test2.py", line 15, in <module> profile.update() File "/Users/teun/Library/Python/3.7/lib/python/site-packages/f5/bigip/resource.py", line 617, in update self._update(**kwargs) File "/Users/teun/Library/Python/3.7/lib/python/site-packages/f5/bigip/resource.py", line 580, in _update response = session.put(update_uri, json=data_dict, **requests_params) File "/Users/teun/Library/Python/3.7/lib/python/site-packages/icontrol/session.py", line 295, in wrapper raise iControlUnexpectedHTTPError(error_message, response=response) icontrol.exceptions.iControlUnexpectedHTTPError: 400 Unexpected Error: Bad Request for uri: https://hostname:443/mgmt/tm/ltm/profile/client-ssl/~Common~myprofile/ Text: '{"code":400,"message":"\\"{ dont-insert-empty-fragments no-tlsv1.1 single-dh-use no-sslv3 no-tlsv1 }\\" unexpected argument","errorStack":[],"apiError":26214401}' I didn't change any settings of the profile, so why would it fail to update? As a test, I removed these SSL options., but that doesn't help either. The error message changes of course, but updating an unchanged profile still fails: icontrol.exceptions.iControlUnexpected HTTPError: 400 Unexpected Error: Bad Request for uri: https://hostname:443/mgmt/tm/ltm/profile/client-ssl/~Common~myprofile/ Text: '{"code":400,"message":"01b4002a:3: Client SSL profile (/Common/myprofile):cert-key-chain and profile cert/key/chain/passphrase options cannot be specified together.","errorStack":[],"apiError":3}' I really fail to see what's wrong here and what I need to do to get this to work. Any other suggestions on configuring OCSP stapling via python are welcome too.Error when I try to assign a member to a Pool
When I execute this piece of code: pool = bigip.tm.ltm.pools.pool.create(name="Pool Name", partition='Common', description="First Pool", monitor="/Common/" + monitor.name) Create the Members node = pool.members_s.members.create(name="Node name", address=ip_address, partition='Common', description='First Node', monitor="/Common/icmp_tid") UpdatePool pool.update() I get the next error: Text: '{"code":400,"message":"01070587:7: The requested monitor rule (/Common/icmp_tid on pool ) can only be applied to node addresses. Can anyone explain what is the issue? When I try to create the node itself with th command mgmt.tm.ltm.nodes.node.create() and attach the monitor to it I don't have any problem. But when I create it as a member of an existing pool the error appears. Is there any way this can work or is there any way of assigning an existing node as a member of an pool? ThanksAssign an Existing Node to Pool in F5 BIG IP through F5-SDK
Is there any way to assign a node that already exists in the Common partition to a pool that also already exists? For example: Call pool and node pool = bigip.tm.ltm.pools.pool.load(name="mypool", partition='Common') node = bigip.tm.ltm.nodes.node.load(name="mynode", partition='Common') First Option pool.members_s.members.create(name=node.name, partition="Common") pool.update() Second Option pool.members_s.members[0] = node I don't know if the code is exactly correct, thanks in advance