Learn F5 Technologies, Get Answers & Share Community Solutions Join DevCentral

Filter by:
  • Solution
  • Technology
Answers

iControl REST API - PowerShell example for creating a new pool with members

I came across Jason Rahm's great post Demystifying iControl REST Part 1 - Understanding the request URI. The article was very helpful, but it only included python and curl examples. I'm a PowerShell guy, so I figured I'd start sharing some PowerShell examples for working with the iControl REST API.

I use the Invoke-WebRequest cmdlet available in PowerShell 3 and higher to connect to the API. Invoke-WebRequest calls need to be authenticated, so I create a reusable PowerShell credential object.

#Create a credential object 
$Username = "admin"
$SecurePassword = Read-Host -AsSecureString
$Credential = New-Object -TypeName System.Management.Automation.PSCredential  
  -ArgumentList $UserName, $SecurePassword

However, the LTM devices I connect to are using self-signed certificates. In order to overcome this issue, I use the Tunable SSL Validator PowerShell module created by JayKul which adds an optional -Insecure flag to _Invoke-WebRequest_.

I then construct a hash table (think dictionary object) to hold the JSON request.

#Set the pool name and API URI
$PoolName = "TestPool"
$URI = "https://10.143.137.15/mgmt/tm/ltm/pool"

#Construct request
$JSONBody = @{name=$PoolName;partition='Common';members=@()}

#Create array of member objects
$Members = @()
$Members += @{name="10.131.25.100:80";address="10.131.25.100";description="Web server 1"}
$Members += @{name="10.131.25.101:80";address="10.131.25.101";description="Web server 2"}

#Add members to request
$JSONBody.members = $Members

#Convert request to JSON
$JSONBody = $JSONBody | ConvertTo-Json

#Make the request
$response = Invoke-WebRequest -Method POST -Uri "$URI" -Insecure -Credential $F5session.Credential 
    -Body $JSONBody -Headers @{"Content-Type"="application/json"}

That's it. If people find this helpful, I can post some other examples. Also, please check out my F5-LTM PowerShell module on GitHub.

Thanks, Joel

2
Rate this Discussion
Comments on this Discussion
Comment made 26-Jun-2015 by Joel Newton 400
I tried to add these lines to the example above, but editing the question doesn't work. #Set the pool name and API URI $PoolName = "TestPool" $URI = "https://10.143.137.15/mgmt/tm/ltm/pool"
0
Comment made 29-Jun-2015 by Jason Rahm
where in the example do those lines go and I'll edit it
0
Comment made 29-Jun-2015 by Joel Newton 400
Thanks, Jason. I wanted to put those lines above: #Construct request Does edit only work in certain browsers?
0
Comment made 29-Jun-2015 by Jason Rahm
fw issue, I'll get with the security team to assess the block. In the meantime, I've updated the post on your behalf.
1
Comment made 27-Oct-2015 by mhouston 77
I have been having success using curl but most of my scripts are powershell and would like to use that instead. However, in the above example, the $F5session variable is never defined so the invoke-webrequest will fail. Am I just missing this somewhere?
0
Comment made 27-Oct-2015 by Joel Newton 400
Hi, mhouston. The $F5Session variable is a session object that is specific to your F5 LTM device. Once created, it will contain the base URL for the F5 LTM and a credential object for a user with privileges to manipulate the F5 LTM via the REST API. Use the Get-F5session function to create this object. This function expects the following parameters: * The name of the F5 LTM device * The name of a user with rights to use the REST API * A secure string for the user name's password. In PowerShell, a secure string can be created in a number of ways. This is the simplest: $password = ConvertTo-SecureString -String "mypassword" -AsPlainText -Force Any other questions, or issues with creating this object, please let me know. Cheers, Joel
0
Comment made 09-Mar-2018 by atatps 44

Joel - I just came across your iControl PowerShell work and wanted to thank you for the massive amount of effort you have put into this. As a Windows guy, PowerShell is a staple in my environment and the ability to utilize PowerShell for LTM deployments has opened endless possibilities for automation.

I was able to use the how-to's you provided to convert simple POST calls from ReST client syntax to PowerShell and got it working but have yet to figure out how to properly format JSON containing arrays. This article encompasses an array and so I thought my issue would be relevant. The first is a working example of deploying an iApp via CURL and PowerShell:

ReST client Call:

Method: POST
{"name":"iapp_test","template":"_iapp_test_template","strictUpdates": "disabled"}
https://ltmip/mgmt/tm/sys/application/service/

ReST client Response:

{"kind":"tm:sys:application:service:servicestate","name":"iapp_test","partition":"Common","subPath":"iapp_test.app","fullPath":"/Common/iapp_test.app/iapp_test","generation":1397417,"selfLink":"https://localhost/mgmt/tm/sys/application/service/~Common~iapp_test.app~iapp_test?ver=12.1.2","deviceGroup":"none","inheritedDevicegroup":"true","inheritedTrafficGroup":"true","strictUpdates":"disabled","template":"/Common/_iapp_test_template","templateReference":{"link":"https://localhost/mgmt/tm/sys/application/template/~Common~_iapp_test_template?ver=12.1.2"},"templateModified":"no","trafficGroup":"/Common/traffic-group-1","trafficGroupReference":{"link":"https://localhost/mgmt/tm/cm/traffic-group/~Common~traffic-group-1?ver=12.1.2"}}

Powershell Call:

$URI = "https://LTMIP/mgmt/tm/sys/application/service/"
$JSONBody = @{name='iapp_test';template='_iapp_test_template';strictUpdates='disabled'}
$JSONBody = $JSONBody | ConvertTo-Json
$WebRequest = Invoke-WebRequest -Method POST -Uri "$URI" -Insecure -Credential $F5session.Credential -Body $JSONBody -Headers @{"Content-Type"="application/json"}

PowerShell Response

StatusCode        : 200
StatusDescription : OK
Content           : {"kind":"tm:sys:application:service:servicestate","name":"iapp_test","partition":"Common","subPath":"iapp_test.app","fullPath":"/Common/iapp_test.app/iapp_test","generation":1397411,"selfLink":"https:...
RawContent        : HTTP/1.1 200 OK
                    X-Frame-Options: SAMEORIGIN
                    Strict-Transport-Security: max-age=16070400; includeSubDomains
                    Pragma: no-cache
                    Allow: 
                    REMOTEROLE: 0
                    Expect: 100-continue
                    Local-Ip-From-Httpd: 172.2...
Forms             : {}
Headers           : {[X-Frame-Options, SAMEORIGIN], [Strict-Transport-Security, max-age=16070400; includeSubDomains], [Pragma, no-cache], [Allow, ]...}
Images            : {}
InputFields       : {}
Links             : {}
ParsedHtml        : mshtml.HTMLDocumentClass
RawContentLength  : 737

That works perfectly in both the ReST client and PowerShell. Now running a different call that includes an array in its JSON body it works fine in the ReST client but not in PowerShell. This is a non-working example of deploying an iApp template:

ReST client Call:

Method: POST
{"name":"_iapp_test_template","actions":[{"name":"definition","htmlHelp":"","implementation":"tmsh::create { \n ltm node 10.111.222.102 \n address 10.111.222.102 \n } \n tmsh::create { \n ltm node 10.111.222.103 \n address 10.111.222.103 \n } \n  \n tmsh::create { \n ltm pool iApp-Automation-Test-ebiz-http \n members replace-all-with { \n 10.111.222.102:80 { \n address 10.111.222.102 \n } \n 10.111.222.103:80 { \n address 10.111.222.103 \n } \n } \n monitor http  \n }","macro":"","roleAcl":["admin","manager","resource-admin"],"presentation":""}],"totalSigningStatus":"not-all-signed","requiresBigipVersionMax":"","ignoreVerification":"false","requiresModules":[""],"requiresBigipVersionMin":"11.0.0"}
https://ltmpip/mgmt/tm/sys/application/template

ReST client Response:

{"kind":"tm:sys:application:template:templatestate","name":"_iapp_test_template","partition":"Common","fullPath":"/Common/_iapp_test_template","generation":1397421,"selfLink":"https://localhost/mgmt/tm/sys/application/template/~Common~_iapp_test_template?ver=12.1.2","ignoreVerification":"false","requiresBigipVersionMin":"11.0.0","totalSigningStatus":"not-all-signed","verificationStatus":"none","actionsReference":{"link":"https://localhost/mgmt/tm/sys/application/template/~Common~_iapp_test_template/actions?ver=12.1.2","isSubcollection":true}}

Powershell Call:

$URI = "https://ltmpip/mgmt/tm/sys/application/template"
$JSONBody = @{name='_iapp_test_template',actions='[{name='definition',htmlHelp='',implementation='tmsh::create { \n ltm node 10.111.222.102 \n address 10.111.222.102 \n '} \n tmsh::create { \n ltm node 10.111.222.103 \n address 10.111.222.103 \n '} \n  \n tmsh::create { \n ltm pool iApp-Automation-Test-ebiz-http \n members replace-all-with { \n 10.111.222.102='80 { \n address 10.111.222.102 \n '} \n 10.111.222.103='80 { \n address 10.111.222.103 \n '} \n '} \n monitor http  \n '}',macro='',roleAcl='[admin',manager',resource-admin]',presentation=''}]',totalSigningStatus='not-all-signed',requiresBigipVersionMax='',ignoreVerification='false',requiresModules='[]',requiresBigipVersionMin='11.0.0'}
$JSONBody = $JSONBody | ConvertTo-Json
$WebRequest = Invoke-WebRequest -Method POST -Uri "$URI" -Insecure -Credential $F5session.Credential -Body $JSONBody -Headers @{"Content-Type"="application/json"}

PowerShell Response

At line:23 char:47
+     $JSONBody1 = @{name='_iapp_test_template',actions='[{name='defini ...
+                                               ~
Missing expression after ','.
At line:23 char:47
+ ... t_template',actions='[{name='definition',htmlHelp='',implementation=' ...
+                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Unexpected token 'actions='[{name='definition',htmlHelp='',implementation='tmsh::create' in expression or statement.
At line:23 char:47
+     $JSONBody1 = @{name='_iapp_test_template',actions='[{name='defini ...
+                                               ~
The hash literal was incomplete.
At line:23 char:489
+ ...  \n address 10.111.222.103 \n '} \n '} \n monitor http  \n '}',macro= ...
+                                                                 ~
Unexpected token '}' in expression or statement.
At line:23 char:511
+ ... 2.103 \n '} \n '} \n monitor http  \n '}',macro='',roleAcl='[admin',m ...
+                                                                  ~
Array index expression is missing or not valid.
At line:23 char:511
+ ... '} \n monitor http  \n '}',macro='',roleAcl='[admin',manager',resourc ...
+                                                   ~~~~~~~~~~~~~~~
Unexpected token 'admin',manager'' in expression or statement.
At line:23 char:526
+ ... } \n monitor http  \n '}',macro='',roleAcl='[admin',manager',resource ...
+                                                                 ~
Missing argument in parameter list.
At line:23 char:706
+ ... cation='false',requiresModules='[]',requiresBigipVersionMin='11.0.0'}
+                                                                         ~
Unexpected token '}' in expression or statement.
    + CategoryInfo          : ParserError: (:) [], ParentContainsErrorRecordException
        + FullyQualifiedErrorId : PowerShell

I know this has to do with the array formatting in the JSON body beginning with "actions":[{. I tried manipulating it using your method members=@() and addeded the rest of the array members but my example seems a little different than the one in this article and I could not get it to work. Please advise.

0
Comment made 09-Mar-2018 by Joel Newton 400

Hi, atatps, the role ACL portion of the PowerShell JSON looks to be incorrectly formatted. That may be where the problem lies. As an alternative to constructing the JSON in one line, you could build out hash tables or even arrays of hash tables, and add that as a property to your JSON object before calling ConvertTo-JSON.

0
Comment made 12-Mar-2018 by atatps 44

Thanks Joel. After a good amount of research and trial & error I was able to convert that one line JSON body to a PowerShell hash table of arrays and was able to successfully deploy my iApp template through PowerShell. This may be a first so here's the code for anyone who may be interested:

JSON format:

{"name":"_iapp_test_template","actions":[{"name":"definition","htmlHelp":"","implementation":"tmsh::create { \n ltm node 10.111.222.102 \n address 10.111.222.102 \n }","macro":"","roleAcl":["admin","manager","resource-admin"],"presentation":""}],"totalSigningStatus":"not-all-signed","requiresBigipVersionMax":"","ignoreVerification":"false","requiresBigipVersionMin":"11.0.0"}


PowerShell format:

$body = @{  

    name = '_iapp_test_template'
    actions = @(
    @{
      name = 'definition'
      htmlHelp = ''
      implementation = 'tmsh::create {
                        ltm node 10.111.222.102
                        address 10.111.222.102
                        }'
      macro = ''
      roleAcl = @(
        'admin', 'manager', 'resource-admin'
      )
    presentation = ''
    }
    )
    totalSigningStatus = 'not-all-signed'
    requiresBigipVersionMax = ''
    ignoreVerification = 'false'
    requiresBigipVersionMin = '11.0.0'

}

Another obstacle I had to overcome was PowerShell not passing the "\n" as line breaks but instead as strings and so TMSH was throwing errors. I had to replace every "\n" with an actual line break in the PowerShell code in order to get it to work.

Joel - I hope this would be of use to you in your efforts to add iApp functionality to the F5-LTM PowerShell module.

0
Comment made 14-Mar-2018 by Joel Newton 400

Very cool! Thanks for sharing this.

0
Comment made 22-Mar-2018 by atatps 44

Joel - Does the $F5session method work in non-interactive PowerShell sessions? I can only get my scripts to run interactively which is a problem as I need to be able to call my scripts from other scripts. Calling the script from another session results in a "(401) Unauthorized" error. Here's a demo:

Code:

## This script executes a command on the LTM using iControl ReST API

#Import F5 module
Import-Module F5-LTM

#Import the SSL module that allows the use of self signed certs on the bigip (-Insecure switch)
Import-Module TunableSSLValidator

#Create a credential object 
    $Username = "admin"
    $SecurePassword = convertto-securestring -AsPlainText -Force -String "admin"
    $Credential = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList $UserName, $SecurePassword

#Set LTM IP
    $LtmIP = "IP"

#Create session
    $F5Session = New-F5session -LTMName $LtmIP -LTMCredentials $Credential -PassThrough

#Set iapp URIs
    $URI = "https://$LtmIP/mgmt/tm/util/bash/"

#Construct body
    $Body = @{
    command = 'run'
    utilCmdArgs = '-c "tmsh show /sys version" '
    }

#Convert request to JSON
    $Body = $Body | ConvertTo-Json

#Build request
    $Request = Invoke-WebRequest -Method POST -Uri "$URI" -Insecure -Credential $F5session.Credential -Body $Body -Headers @{"Content-Type"="application/json"}

#Send request
    $Request


Running the script interactively (success):

Image Text


Calling the same script from another session (failure):

Image Text

0

Replies to this Discussion

placeholder+image

Hi, atatps. First off, thanks for using the snippet and posting your code. I'd like to add a function around it to the module, to enable people to execute valid bash cmds against their LTMs. Nice.

Secondly, I think the issue may be caused by the SSLTunable module. I'd previously refactored the LTM ps module to not use it, and replaced it with a function called Invoke-RestMethodOverride. I found that when I tested your snippet with that, it worked non-interactively.

Here's what I ran:

#Import F5 module
Import-Module F5-LTM

Create a credential object 
$Username = "admin"
$SecurePassword = convertto-securestring -AsPlainText -Force -String "admin"
$Credential = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList 
$UserName, $SecurePassword

#Set LTM IP
$LtmIP = "IP"

#Create session
$F5Session = New-F5session -LTMName $LtmIP -LTMCredentials $Credential -PassThrough

#Set iapp URIs
$URI = "https://$LtmIP/mgmt/tm/util/bash/"

#Construct body
$Body = @{
command = 'run'
utilCmdArgs = '-c "tmsh show /sys version" '
}

#Convert request to JSON
$Body = $Body | ConvertTo-Json

#Build request
$Request = Invoke-RestMethodOverride -Method POST -Uri $URI -Body $Body -Credential 
$F5session.Credential -ContentType 'application/json'

#Send request
$Request
0
Comments on this Reply
Comment made 23-Mar-2018 by atatps 44


Thanks for the quick responses!

I was able to run it interactively using the new method but still get the auth error when running it non-interactively.

Output:

Image Text

0
Comment made 23-Mar-2018 by Joel Newton 400

Hi, that is strange. I can't think of any reasons why it would work interactively and not non-interactively. What version LTM are you running against? Have you had the script write out the f5session object that's created, including the credential property?

0
Comment made 23-Mar-2018 by atatps 44

I ran it against both my lab virtual appliance (12.1.2 Build 0.0.249 Final) and my production cluster (BIG-IP 12.1.2 Build 2.0.276 Hotfix HF2) with the same result.

0
Comment made 23-Mar-2018 by Joel Newton 400

Ok, I've repro'd the issue and I think I have a lead. Give me a few more minutes (and a few more sips of beer... :) )

0
Comment made 23-Mar-2018 by atatps 44

Great!

Here's the f5session object content:

Image Text

0
Comment made 23-Mar-2018 by Joel Newton 400

Ok. Instead of calling Invoke-RestMethodOverride, you want to call:

$Request = Invoke-F5RestMethod -Method POST -Uri $URI -Body $Body -F5Session $F5Session -ContentType 'application/json'

(At least in my tests, where I got the same error), the F5Session object wass using a WebSession property, and had no Credential property. I'm not sure what voodoo allows it to work in the ISE, but using Invoke-F5RestMethod does the check for whether the F5Session has a WebSession or a Credential, and makes the REST call accordingly.

0
Comment made 23-Mar-2018 by atatps 44

Hmmm it's not liking the "Invoke-F5RestMethod" at all.

Running the script:

Image Text

A verbose import of the module just to verify the function is there:

Image Text

Calling the function by itself:

Image Text

0
Comment made 23-Mar-2018 by Joel Newton 400

It may has something to do with the Invoke-F5RestMethod being an internal / private function. It let me call it without issue, but maybe it shouldn't have. I'm hoping that below is a fix that works for you - please test by reverting back to Invoke-RestMethodOverride and passing the webSession property instead of the Credential:

$Request = Invoke-RestMethodOverride -Method POST -Uri $URI -Body $Body -WebSession $F5Session.WebSession -ContentType 'application/json'
1
Comment made 23-Mar-2018 by atatps 44

That worked, you're the man!

One more question. Can the "override" be applied to the Invoke-WebRequest method as well? I prefer WebRequest to RestMethod as it provides the completed response header.

0
Comment made 23-Mar-2018 by Joel Newton 400

Sweet - finally! I haven't tested with IWR, though I'd imagine that in general, some necessary JSON-parsing functionality might be lost to the module if Invoke-RestMethodOverride used IWR instead of IRM.

https://superuser.com/questions/1235349/what-is-the-difference-between-invoke-webrequest-and-invoke-restmethod

1
Comment made 3 months ago by jitu 72

getting the error below

URI Invoke-WebRequest : A parameter cannot be found that matches parameter name 'Insecure'. At line:1 char:56 + $response = Invoke-WebRequest -Method POST -Uri "$URI" -Insecure -Credential $F5 ... + ~~~~~~~~~ + CategoryInfo : InvalidArgument: (:) [Invoke-WebRequest], ParameterBindingException + FullyQualifiedErrorId : NamedParameterNotFound,Microsoft.PowerShell.Commands.InvokeWebRequestCommand

0
Comment made 3 months ago by Joel Newton 400

Hi, jitu, the -Insecure param switch comes from JayKul's Tunable SSL Validator PowerShell module. You'll need that, or a comparable way to temporarily ignore SSL validation if you're using a self-signed cert on your F5.

The way I deal with self-signed certs in the PowerShell module I built is to add a SSLValidator class to the module, and call Invoke-RestMethodOvervide (defined below) instead of Invoke-RestMethod.

https://github.com/joel74/POSH-LTM-Rest/blob/master/F5-LTM/Validation.cs https://github.com/joel74/POSH-LTM-Rest/blob/master/F5-LTM/Public/Invoke-RestMethodOverride.ps1

If you're not using a self-signed cert on your F5, none of this will matter, and you can just remove the -Insecure flag.

Thanks, Joel

0
Comment made 3 months ago by jitu 72

Thank you very much Joel. agreed

0
placeholder+image

Hi Joel, I am trying to create a pool and add members to the pool on F5 with New-Pool function like mentioned below. New-Pool -F5Session $F5_Session -PoolName "app123" -MemberDefinitionList @("IP,80,Web server,1") But after this I am getting the error message: Invoke-F5RestMethod : "400 Bad Request: 01070734:3: Configuration error: Node name /Common/ encodes IP address which differs from supplied address field 0.0.0.0%1 Could you please suggest on what value I should pass for the arguments ?

0
Comments on this Reply
Comment made 3 months ago by Joel Newton 400

Hi, Ansh. Are you actually using a route domain? If not, you can leave that blank and just pass in @("IP,80,Web server,") Please let me know if that works for you. thanks.

0
placeholder+image

Hi Joel, sorry for late response. I tried the way you suggested to pass inputs and it worked. Thanks a lot for the solution. So the last value is meant to be used for route domain.

0
Comments on this Reply
Comment made 3 months ago by Joel Newton 400

Hi, Ansh - great, thanks for letting me know it worked. Correct, the last value is the optional route domain value.

0
Comment made 2 months ago by Ansh Jain 56

Hi Joel, Greetings! I am using the scripts your developed for connecting and working with F5. You developed great scripts. One place where I am facing issue is while removing Health monitor using Remove-HealtMonitor function. Though the command is removing the health monitor but showing the below error as well. Could you please have a look and advise where I errored it out? Command:Remove-HealthMonitor -F5Session $F5_Session -Name "/Common/test123" Error: Invoke-F5RestMethod : "404 Not Found: Object not found - /Common/test123 At C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\F5-LTM\Public\Get-HealthMonitor.ps1:41 char:25 + ... $JSON = Invoke-F5RestMethod -Method Get -Uri $URI -F5Session $F5S ... + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : NotSpecified: (:) [Write-Error], WriteErrorException + FullyQualifiedErrorId : Microsoft.PowerShell.Commands.WriteErrorException,Invoke-F5RestMethod##################

0
Comment made 2 months ago by Joel Newton 400

Hi, Ansh, I see what you mean. I repro'd a similar issue when I tried to remove a custom health monitor but didn't specify the type. (When I specified the type, it worked as expected). I'll open up an issue on the github project for this. Thanks, Joel

0
Comment made 2 months ago by Ansh Jain 56

Hey Joel Thanks. Yeah It worked just fine for me after specifying the type.

0
Comment made 2 months ago by Ansh Jain 56

But I see some issues like F5 connection is not getting established with New-F5Session. It was working fine in the beginning but after when we worked a little with F5 more then a error is showing up. We created pool, healthmonitor and all. Suddenly it is throwing up an error while establish connection with F5 at first place. Error: Invoke-WebRequest : The underlying connection was closed: An unexpected error occurred on a receive May be it is connecting but not getting response. Do you have any clue of it? like What changes it could have made on server that is not allowing for connection? Really appreciate your help.

0
Comment made 2 months ago by Joel Newton 400

Hi, Ansh, the default lifespan for the authentication token used by a session is 20 minutes, unless you increase it. Is that what's happening - your session is expiring, but you can create a new one?

0
Comment made 2 months ago by Ansh Jain 56

We are creating new session everytime we connect to F5. But now it is not establishing connection getting error while receiving response from F5. We did not make any changes and even the F5 ltmname is working fine when we try to connect manually through IE.

0
Comment made 2 months ago by Joel Newton 400

It's possible you're running into this issue: K16751: The restjavad process may run out of memory after a large number of iControl REST authentication token requests https://support.f5.com/csp/article/K16751

To work around this issue, you can restart restjavad after approximately 10,000 authentication tokens:

tmsh restart sys service restjavad

0
Comment made 2 months ago by Ansh Jain 56

Thanks Joel. That sounds like a valid point. But is there a way to run tmsh command through Powershell.

0
Comment made 2 months ago by Joel Newton 400

Hi, Ansh, it's possible, though it would be dangerous to have a function that allows one to execute whatever tmsh command you want via a iControlREST call. Take a look at the function file Sync-DeviceToGroup.ps1. It executes a tmsh command. You could use that as a model to implement the tmsh functionality you want to execute in response to a PowerShell function call.

0
Comment made 1 month ago by Ansh Jain 56

Hi Joel, Hope you are doing good! I was working with the New-ProfileHttp functionality in your module. It is working good. Additionally I need to create profilehttp using the new-profile http function. But I need to create a client sslprofile using the certificate and key. Could you please advise n how we can achieve that?

0
Comment made 1 month ago by Joel Newton 400

Hi, Ansh, the module currently does not have the functionality built to create a new SSL profile (either client or server), but if you'd like to create one and generate a pull request for it, I'd be happy to review it. If you have already set up the SSL profile in your LTM, you can use Set-VirtualServer to add this profile to virtual servers.

0
placeholder+image

Hi Joel...Thanks for your F5 module. I also need help for the same(posted by Ansh) New-ProfileHttp functionality using certificate and keys in F5.

0
placeholder+image

Hi Joel,

Hope Your are doing good! I used the 'New-VirtualServer' script from F5-LTM module. It is working fine. The thing is, I need to pass value for persistence profile (say 'cookie') and enable VLAN as well and pass value for VLAN. But the script is showing errors for both. Error for persistence profile:-

    Invoke-F5RestMethod : "400 Bad Request: 01070309:3: Cookie persistence requires an HTTP or FastHTTP profile to be associated with the virtual server
At C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\F5-LTM\Public\New-VirtualServer.ps1:160 char:7
+       Invoke-F5RestMethod -Method POST -Uri "$URI" `
+       ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (:) [Write-Error], WriteErrorException
    + FullyQualifiedErrorId : Microsoft.PowerShell.Commands.WriteErrorException,Invoke-F5RestMethod

**And Error for VLAN:-**

    Invoke-F5RestMethod : "400 Bad Request: 01070335:3: Virtual Server /Common/app035 refers to 
nonexistent Vlan True
At C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\F5-LTM\Public\New-VirtualServer.ps1:160 char:7
+       Invoke-F5RestMethod -Method POST -Uri "$URI" `
+       ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (:) [Write-Error], WriteErrorException
    + FullyQualifiedErrorId : Microsoft.PowerShell.Commands.WriteErrorException,Invoke-F5RestMethod

    **Could you please suggest how can I work this out ?**
0
Comments on this Reply
Comment made 3 days ago by Joel Newton 400

Hi, Ansh. Were you able to get your issue resolved? If you add the HTTP profile to the new virtual server when creating it, it should work. Also, the VLAN error states that the specified VLAN can't be found. Is it in the Common partition?

0