Forum Discussion

Angus_2141's avatar
Angus_2141
Historic F5 Account
Jul 15, 2010

adding virtual servers via the cli

Hi,

 

 

I am able to create virtual servers from the command line and I have found the cli guide however for some reason I am having issues trying to do the following in the process of creating my virtual server

 

 

adding a fallback persist method

 

defining an ssl server profile

 

defining an ssl client profile

 

 

I just don't seem to see the option to define the ssl profiles and when I try to either enter a list of persist profiles to use the "fallback persist" method I generate a syntax error.

 

 

I have tried something like:

 

 

virtual vs-my-virtual-server { destination 10.10.15.15:443 profile http persist cookie fallback persist source addr rule my-custom-irule pool po-my-pool-servers }

 

 

or

 

virtual vs-my-virtual-server { destination 10.10.15.15:443 profile http persist cookie fallback persist 'source addr' rule my-custom-irule pool po-my-pool-servers }

 

 

or

 

virtual vs-my-virtual-server { destination 10.10.15.15:443 profile http persist cookie fallback persist (source addr) rule my-custom-irule pool po-my-pool-servers }

 

 

or

 

virtual vs-my-virtual-server { destination 10.10.15.15:443 profile http persist cookie source addr rule my-custom-irule pool po-my-pool-servers }

 

 

sample error:

 

BIGpipe parsing error:

 

012e0010:3: The requested value ((source addr)) is invalid (( | none)) for 'fallback persist' in 'virtual'

 

 

Thanks,

 

 

-ag

 

 

6 Replies

  • Mark_Crosland_2's avatar
    Mark_Crosland_2
    Historic F5 Account

     

    I think you want source_addr (with an underscore), source_addr is the name of the persistence profile. They can be listed with "profile persist list [all]".

     

     

    To create SSL profiles.

     

     

    profile clientssl myClientssl [followed by other settings...]

     

    profile serverssl myServerssl ...
  • Angus_2141's avatar
    Angus_2141
    Historic F5 Account
    Well that was simple not sure how I missed that the persist profile was called source_addr but that worked of course. However, the other part of my question is not about how to create a client SSL or server SSL profile but rather how to assign them to the virtual server from the command line. I don't see an option in the CLI Guide under Virtual that shows me how to define the client and server ssl profiles.

     

  • Hi AG,

     

     

    Which version are you testing on? The simplest way to check the syntax is to make the changes via the GUI and then check the bigip.conf syntax for that version. You can then replicate the same command using bigpipe.

     

     

    Aaron
  • Using bigpipe:

     

     

    b profile persist srcaddr { parent source_addr }

     

    b virtual testvip1 persist srcaddr

     

     

    Using tmsh:

     

     

    modify ltm virtual testvip1 persist replace-all-with { srcaddr }

     

     

    HTH...Jason
  • Angus_2141's avatar
    Angus_2141
    Historic F5 Account
    Thanks for the input on this question, the answer in the end was pretty straight forward. I took hoolio's comment and used the GUI to set it up and then checked the bigip.conf for the syntax. The ssl client and server certificates are just profiles so you just append them to your list of profiles like this:

     

     

    bigpipe virtual vsname { destination 10.10.10.10:443 persist cookie fallback persist source_addr profiles http <client-ssl-profilename> <serverssl-profilename> tcp pool }

     

     

    So now I just drop this into a very simple shell script and create my pools and virtual servers in seconds.

     

     

    Thanks again everyone.