How to get all servers in a GTM pool (Python f5-sdk)
I am sure this is quite simple but I can't find reference to this in documentation. pool = mgmt.tm.gtm.pools.a_s.a.load(name='poolname') Once i've loaded it, how can I see what servers are in this pool and get their name(s)? I would also like to do the same with wideips, gather all pools in each one to see if a particular pool is being used by it. (Version 12)
Remove persistence of virtual server using f5-sdk
Hi, Currently using f5-sdk on LTM 4200. Would like to check how I can update the persistence to "None" using f5-sdk(preferred) or the way to do it through iControl. the current command to create is as such. vs_payload = { 'name': vs_name, 'destination': "%s:%s" %(dest, target_port), 'pool': '/Common/%s' %(pool_name), 'ipProtocol': vs_protocol, 'sourceAddressTranslation' : {'pool': snat_name, 'type': 'snat'}, } mgmt.tm.ltm.virtuals.virtual.create(**vs_payload) We can update it by doing this. virtual = mgmt.tm.ltm.virtuals.virtual.load(name=vs_name, partition='Common') virtual.update('persist' : 'source_addr') But I can't get it to go back to "Persistence : None".
Finding Standalone and also finding which LTM is active
Greetings folks, So I am working on a script to get a consolidated list of all VIPs on all of our LTMs in production. I am using python and the f5-sdk and I have worked out the script to get the VIP information, but now I need to work out how to identify if the device is part of an ha cluster or it is stand alone, and then if it is part of an ha cluster, is is the active or the standby. My thought was to run a for loop on a file with the FQDN's of all of our LTMs and when it logs in gets the information from the device, the first pieces it gets are to find out if it is an HA cluster. If Yes: Find out if it is the Active Member of the Cluster If Yes: Get the VIP information If No: Do Nothing If No: get VIP information I have searched can't find the f5-sdk solution for getting this information and would appreciate someone pointing me in the correct direction. We have over 200 Devices and this script would be run on a weekly basis and the output sent to a file that will be dealt with using other methods after the output file is created.
F5-SDK : How to update Virtual Address Traffic Group
I have an Active-Active LTM Deployment. Virtual Servers ( and Virtual Addresses ) are split between two units. I am trying to use F5-SDK to update traffic group so that VS/VA will move between two units. Vars BigIP_IP = "10.10.100.100" V_IP = "172.31.13.151:80" New_TG = "/Common/traffic-group-2" Connect new_mgmt = ManagementRoot(BigIP_IP, username, password) Load v_a_info = new_mgmt.tm.ltm.virtual_address_s.load(name=V_IP, partition='Common') Assign new TG v_a_info.trafficGroup = New_TG Update Virtual Address v_a_info.modify(v_a_info.trafficGroup) But getting this Error : Traceback (most recent call last): File "update-virtual-address-traffic-group.py", line 13, in v_a_info = new_mgmt.tm.ltm.virtual_address_s.load(name=V_IP, partition='Common') File "/usr/lib/python3.6/site-packages/f5/bigip/resource.py", line 655, in load raise InvalidResource(error_message) f5.sdk_exception.InvalidResource: Only Resources support 'load'. Then found out that "Virtual Addresses" are "Collections" and I able to read them fine using below command and loop through all attributes of a Virtual Address: v_a_info = new_mgmt.tm.ltm.virtual_address_s.get_collection() But then questions comes up how to update an Attribute of a "Virtual Address" in a Collection and push it back to the LTM to implement the change Versions F5-SDK : 3.0.20 LTM : 12.1.2 HF2 I highly appreciate any help or link to resolve this issue -MuhammadHandling Differences in v11/v12 in Python SDK for iControl REST
We're interested in using the f5 SDK (version: 3.0.18) to replace several cURL scripts that manage our LTM and GTM pools. One of the major draws here is that the SDK provides sufficient abstraction to work with the target API irrespective of iControl REST version (my cURL scripts need separate methods for v11 and v12 destinations): $1 (https://f5-sdk.readthedocs.io/en/latest/apidoc/f5.bigip.tm.gtm.htmlf5.bigip.tm.gtm.pool.Pools) In practice, we haven't seen this autonegotiation. Using the SDK, we've still had to employ different code to list pool and members, eg, in v11 and v12: v11 code: from f5.bigip import ManagementRoot This first block works in v11, but not v12. print ("Getting pools with v11 syntax...") mgmt = ManagementRoot('@option.GTM_Server@', '@option.F5_User@', '@option.F5_Password@') api_ver = mgmt.tmos_version pool_collection = mgmt.tm.gtm.pools.get_collection() pools = mgmt.tm.gtm.pools for pool in pool_collection: print ("Querying state of pool %s members...") % (pool.name) for member in pool.members_s.get_collection(): print ("Pool member name: %s") % (member.name) print ("Ratio: %d") % (member.ratio) Executing v11 code against a v12 API returns expected errors: Getting pools with v11 syntax... Traceback (most recent call last): print ("Querying state of pool %s members...") % (pool.name) AttributeError: 'dict' object has no attribute 'name'` v12 code: from f5.bigip import ManagementRoot This first block works in v12, but not v11. print ("Getting pools with v12 syntax...") mgmt = ManagementRoot('@option.GTM_Server@', '@option.F5_User@', '@option.F5_Password@') api_ver = mgmt.tmos_version pools = mgmt.tm.gtm.pools.a_s.get_collection() for pool in pools: print ("Querying state of pool %s members...") % (pool.name) for member in pool.members_s.get_collection(): print ("Pool member name: %s") % (member.name) print ("Ratio: %d") % (member.ratio) Executing v12 code against a v11 API returns expected errors: pools = mgmt.tm.gtm.pools.a_s.get_collection() File "/usr/local/lib/python2.7/site-packages/f5/bigip/mixins.py", line 102, in __getattr__ raise AttributeError(error_message) AttributeError: '' object has no attribute 'a_s' I'm not a Python programmer and will readily accept the likelihood that I'm just doing it wrong in code. Can we use the same code against different versions of the API using the SDK? Thanks.
Enabling OCSP stapling via f5-sdk fails
I want to enable OCSP stapling for a lot of clientSSL profiles, so I thought if'd use the f5-sdk python library. However, my tests so far fail miserably, even without trying to change the actual setting. Here's what I tested: #! /usr/bin/env python3 from f5.bigip import ManagementRoot mgmt = ManagementRoot("hostname", "username", "password") profile = mgmt.tm.ltm.profile.client_ssls.client_ssl.load(partition="Common", name="myprofile") print(profile.ocspStapling) profile.update() This print the current ocpStapling value ('disabled'), but updating the unchanged profile fails: $ python3 ocsp-test2.py disabled Traceback (most recent call last): File "ocsp-test2.py", line 15, in <module> profile.update() File "/Users/teun/Library/Python/3.7/lib/python/site-packages/f5/bigip/resource.py", line 617, in update self._update(**kwargs) File "/Users/teun/Library/Python/3.7/lib/python/site-packages/f5/bigip/resource.py", line 580, in _update response = session.put(update_uri, json=data_dict, **requests_params) File "/Users/teun/Library/Python/3.7/lib/python/site-packages/icontrol/session.py", line 295, in wrapper raise iControlUnexpectedHTTPError(error_message, response=response) icontrol.exceptions.iControlUnexpectedHTTPError: 400 Unexpected Error: Bad Request for uri: https://hostname:443/mgmt/tm/ltm/profile/client-ssl/~Common~myprofile/ Text: '{"code":400,"message":"\\"{ dont-insert-empty-fragments no-tlsv1.1 single-dh-use no-sslv3 no-tlsv1 }\\" unexpected argument","errorStack":[],"apiError":26214401}' I didn't change any settings of the profile, so why would it fail to update? As a test, I removed these SSL options., but that doesn't help either. The error message changes of course, but updating an unchanged profile still fails: icontrol.exceptions.iControlUnexpected HTTPError: 400 Unexpected Error: Bad Request for uri: https://hostname:443/mgmt/tm/ltm/profile/client-ssl/~Common~myprofile/ Text: '{"code":400,"message":"01b4002a:3: Client SSL profile (/Common/myprofile):cert-key-chain and profile cert/key/chain/passphrase options cannot be specified together.","errorStack":[],"apiError":3}' I really fail to see what's wrong here and what I need to do to get this to work. Any other suggestions on configuring OCSP stapling via python are welcome too.Error when I try to assign a member to a Pool
When I execute this piece of code: pool = bigip.tm.ltm.pools.pool.create(name="Pool Name", partition='Common', description="First Pool", monitor="/Common/" + monitor.name) Create the Members node = pool.members_s.members.create(name="Node name", address=ip_address, partition='Common', description='First Node', monitor="/Common/icmp_tid") UpdatePool pool.update() I get the next error: Text: '{"code":400,"message":"01070587:7: The requested monitor rule (/Common/icmp_tid on pool ) can only be applied to node addresses. Can anyone explain what is the issue? When I try to create the node itself with th command mgmt.tm.ltm.nodes.node.create() and attach the monitor to it I don't have any problem. But when I create it as a member of an existing pool the error appears. Is there any way this can work or is there any way of assigning an existing node as a member of an pool? ThanksAssign an Existing Node to Pool in F5 BIG IP through F5-SDK
Is there any way to assign a node that already exists in the Common partition to a pool that also already exists? For example: Call pool and node pool = bigip.tm.ltm.pools.pool.load(name="mypool", partition='Common') node = bigip.tm.ltm.nodes.node.load(name="mynode", partition='Common') First Option pool.members_s.members.create(name=node.name, partition="Common") pool.update() Second Option pool.members_s.members[0] = node I don't know if the code is exactly correct, thanks in advanceAdd/Remove ServerSSL profile on a Virtual Server using SDK
Hi, I am trying to add/remove ServerSSL profile to a Virtual Server using F5 SDK. I have the following script that will read the current profiles from the Virtual Server but I don't get my head around how to use .update() to delete a "serverSSL" profile if exist from f5.bigip import ManagementRoot import getpass, sys # Variable Section BigIP = "172.31.129.70" BigIP_username = "mshoaib" vip_name = 'www.example.com-https' BigIP_password = getpass.getpass(prompt='Enter password: ', stream=None) # Connect to BigIP f5_mgmt = ManagementRoot(BigIP, BigIP_username, BigIP_password) # Load VIP first vip_info = f5_mgmt.tm.ltm.virtuals.virtual.load(name=vip_name, partition='Common') # Read all profiles pf_info = vip_info.profiles_s.get_collection() pf_list_before = [] print("Profiles before deletion:") for a, pf in enumerate(pf_info): print(a,pf.name) pf_list_before.append(pf.name) print(pf_list_before) pf_list_after = [] print("--------") for index, pf in enumerate(pf_info): if pf.name == 'serverssl': print(" Removing Server SSL") pf_info.pop(index) print("Profiles after deletion: ") for a, pf in enumerate(pf_info): print(a,pf.name) pf_list_after.append(pf.name) print(pf_list_after) Out put is : [mshoaib@ca01net03 new_domain]$ python3.6 update-profiles.py Enter password: Profiles before deletion: 0 http_XForwardedFor 1 oneconnect 2 serverssl 3 tcp-lan-optimized 4 tcp-wan-optimized 5 wildcard.example.com-ssl ['http_XForwardedFor', 'oneconnect', 'serverssl', 'tcp-lan-optimized', 'tcp-wan-optimized', 'wildcard.example.com-ssl'] -------- Removing Server SSL Profiles after deletion: 0 http_XForwardedFor 1 oneconnect 2 tcp-lan-optimized 3 tcp-wan-optimized 4 wildcard.example.com-ssl ['http_XForwardedFor', 'oneconnect', 'tcp-lan-optimized', 'tcp-wan-optimized', 'wildcard.example.com-ssl'] [mshoaib@ca01net03 new_domain]$ Equivalent TMSH CLI are : tmsh modify ltm virtual www.example.com-https profiles add { serverssl } tmsh modify ltm virtual www.example.com-https profiles delete { serverssl } I appreciate any code snippet or link. Thanks, Muhammad