Forum Discussion

Epay_NOC_236615's avatar
Epay_NOC_236615
Icon for Nimbostratus rankNimbostratus
Jul 13, 2016

Create new ASM Policy from Exported XML

I'm trying for a couple weeks now to Export an ASM Policy from that is assigned to VirtualServer A and import that ASM Policy to VirtualServer B. My goal is to always be able to sync the policies when needed and at the same time keep them different.

 

My original plan was: 1 - Export the Policy from Virtual Server A as XML file. 2 - Import the XML File Policy on Virtual Server B.

 

I'm able to export without any problem using the Rest Service my policies but I can't import at all. I wonder if I'm doing anything wrong or that resource is just not available on 12.1.0

 

I already tried to do a POST on https://%/mgmt/tm/asm/tasks/import-policy with the current format:

 

{ "filename": "mypolicy.xml", "name": "NewPolicy" }

 

I also wonder if I can import sending the whole XML content in the POST. e.g.: { "file": "XML CONTENT...", "name": "NewPolicy" }

 

None of them above seems to be working for me, the error that I'm mostly getting is "Invalid Path" but I can see the XML files on /var/ts/var/rest (that is the location that it's saving the files after the export).

 

Has anyone tried to do something similar or used the import policy at all ?

 

7 Replies

  • i assume using the iControl REST interface is a requirement for you?

     

  • I think this might help -> https://support.f5.com/kb/en-us/products/big-ip_asm/manuals/product/asm-implementations-11-4-0/5.html

     

    • Epay_NOC_236615's avatar
      Epay_NOC_236615
      Icon for Nimbostratus rankNimbostratus

      Yes, I'm trying to do the import process using the iControl Rest, any idea how to do that ? I'm already able to export the the policies as XML using the iControl rest.

       

  • Not necessary a requirement but I would like to try keep all my scripts using the iControl Rest if I can...

     

  • Well, it seems that on 12.1.0 HF1 still not implemented. After reading the logs on /var/log/restjavad.0.log I could see the error:

     

    [SEVERE][9441][14 Jul 2016 17:54:44 UTC][com.f5.rest.workers.asm.AsmConfigWorker] nanoTime:[79304305053442] threadId:[28] Exception:[ASMConfigException(error_message:Invalid Path, error_code:NOT_IMPLEMENTED, internal_error:Failed : Error message = Invalid Path, rest_code:REST_NOT_IMPLEMENTED) at com.f5.asmconfig.ASMConfig$rest_call_result$rest_call_resultStandardScheme.read(ASMConfig.java:17848) at com.f5.asmconfig.ASMConfig$rest_call_result$rest_call_resultStandardScheme.read(ASMConfig.java:17826) at com.f5.asmconfig.ASMConfig$rest_call_result.read(ASMConfig.java:17768) at org.apache.thrift.TServiceClient.receiveBase(TServiceClient.java:78) at com.f5.asmconfig.ASMConfig$Client.recv_rest_call(ASMConfig.java:601) at com.f5.asmconfig.ASMConfig$Client.rest_call(ASMConfig.java:586) at com.f5.asmconfig.client.AsmClient.rest_call(AsmClient.java:61) at com.f5.rest.workers.asm.AsmConfigWorker.restCallWithRetry(AsmConfigWorker.java:155) at com.f5.rest.workers.asm.AsmConfigWorker.forwardCall(AsmConfigWorker.java:178) at com.f5.rest.workers.asm.AsmConfigWorker$1.run(AsmConfigWorker.java:135) at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:471) at java.util.concurrent.FutureTask.run(FutureTask.java:262) at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$201(ScheduledThreadPoolExecutor.java:178) at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:292) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) at java.lang.Thread.run(Thread.java:745) ]client:[1936199]

     

  • Tikka_Nagi_1315's avatar
    Tikka_Nagi_1315
    Historic F5 Account

    Up to 11.5.0 the ability to designate a local filename was quite limited. The approved method in 11.5.0 to import a policy is through the "file" field. The contents of the xml file need to passed in through rest encoded into JSON.

    From 11.6.0 onward you should be able to reference a local path for the file parameter. If it fails, please check for the errors in /var/log/asm/

    You can try the pre 11.6.0 method as it should still work:

    curl -sk -u admin:admin https://myhost/mgmt/tm/asm/tasks/import-policy/ -H 'Content-Type: application/json' -X POST -d @asm_pol.txt | python -m json.tool
    {
        "file": "\n
    • rodolfosalgado_'s avatar
      rodolfosalgado_
      Icon for Altostratus rankAltostratus

      I tried that and didn't work for me.

       

      When I try the POST using: '{"filename":"policy.xml","name":"Test"}' I get the exception: The remote server returned an error: (501) Not Implemented.

       

      When I try the POST using what you suggested: '{"file":"","status":"NEW"}' I get the exception: A positional parameter cannot be found that accepts argument '\n

       

      For me it seems that I'm not doing the post correctly on the second post as you suggested. Could you share a little bit more ? What is python-m json.tool ? I'm trying to run my commands using Powershell...