Learn F5 Technologies, Get Answers & Share Community Solutions Join DevCentral

Filter by:
  • Solution
  • Technology
Answers

Unable to add modify or remove Virtual Server Profiles using iControl REST

Hello All,

I am currently developing an integration between ServiceNow and F5. We are using iControl REST to build Virtual Servers, Pools, and Members. I am able to create all of the above items, however I have not had any success adding or modifying the Virtual Server Profiles. I have been searching thru the forums here on DevCentral and Google, and haven't been able to locate a solution.

Below is an example of the Content I am sending over with my REST POST message (i've tried PUT too) to create the Virtual Server Profiles: {"kind":"tm:ltm:virtual:profiles:profilesstate","name":"generic-tcp-lan-profile","partition":"Common","context":"serverside"}

I receive a 400 status, and an error message stating the virtual server lists duplicate profiles. I verified that in all cases, the virtual server does not have a serverside profile listed. I have read on another article that any current profiles on the virtual server need to be deleted in order to add new profiles however any time I try to delete a profile, i receive an error that the operation was not supported, or the following:

"Less than the required minimum number of profiles found on /Sandbox1/www.joe.test.com: Exactly 1 of (UDP Profile (serverside), TCP Profile (serverside), SCTP Profile (serverside))"

I also receive the above message if i try to include the profiles in a sub collection when I create the virtual server, and I remove either the serverside or clientside profile. If I add the profile back, I receive the duplicate error.

0
Rate this Question
Comments on this Question
Comment made 02-Feb-2017 by Eric Flores

Hi Joe, The first question I have is which version of TMOS are you running?

With profiles, they are "sub-collections" in iControl REST. This means that modifying the profiles (at the virtual server URL level) performs the TMSH equivalent of "replace-all-with" which would mean normally that you would need to have the entire new list of profiles in each POST/PUT request.

However, there is a way to to work with sub-collections in iControl REST to add/remove items. You can find more info here -

https://devcentral.f5.com/articles/demystifying-icontrol-rest-part-2-understanding-sub-collections-and-how-to-use-them

0

Answers to this Question

placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

Greetings, I took a quick peek at this post:

https://devcentral.f5.com/articles/icontrol-rest-cookbook-24575

This command deleted the server SSL profile from the virtual server:

curl -k -u admin:admin -X DELETE https://192.168.10.100/mgmt/tm/ltm/virtual/~Common~test/profiles/serverTest

This command can be used to add it back. It looks like you don't need to indicate context:

curl -k -u admin:admin https://192.168.10.100/mgmt/tm/ltm/virtual/~Common~test/profiles -H "Content-Type: application/json" -X POST -d '{"name":"serverTest"}'

Kevin

0
Comments on this Answer
Comment made 02-Feb-2017 by JoeDziedzic 2

Hi Kevin,

I had seen that post, and tried using the same command structure, but it didn't work. I am using JavaScript, not CURL.

I wasn't able to resolve the issue with deleting or adding a single profile, however I was able to figure out how to set all of the profiles when I create the virtual server.

0
placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

I was able to successfully create the virtual servers and the profiles. In my POST message to create the Virtual Server, I needed to include all profiles in a subcollection.

0
Comments on this Answer
Comment made 02-Feb-2017 by Kevin.K

Glad to hear you're back on track! It can be bit frustrating, but well worth the effort in the end.

Kevin

0
placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

Just like a setup task on Configuration Utility, you may want to create a profile separately before attaching it to a virtual server. To create a new profile, just POST its name to the /mgmt/tm/ltm/profile/serviceType endpoint, where serviceType is one of the services you see in the Local Traffic > Virtual Servers > Profiles > Services menu: e.g., http. For example, to create HTTP profile named "myProfile", run this.

# curl -sku user:password -X POST -H "Content-type: application/json" \
  -d '{"name":"myProfile"}' \
  https://<management IP>/mgmt/tm/ltm/profile/http

It inherits all the defaults from the parent http profile: You can modify the setting later. For example, to enable X-Forwarded-For insertion, simply PATCH it as below:

# curl -sku user:password -X PATCH -H "Content-type: application/json" \
  -d '{"insertXforwardedFor":"enabled"}' \
  https://<management IP>/mgmt/tm/ltm/profile/http/myProfile

Please refer to the Wiki: iControlREST /tm/ltm/profile for the ltm profile endpoints.

There may be version dependencies: The above examples work on 12.1.1.

0