Forum Discussion

JoeDziedzic_265's avatar
JoeDziedzic_265
Icon for Nimbostratus rankNimbostratus
Feb 01, 2017

Unable to add modify or remove Virtual Server Profiles using iControl REST

Hello All,

 

I am currently developing an integration between ServiceNow and F5. We are using iControl REST to build Virtual Servers, Pools, and Members. I am able to create all of the above items, however I have not had any success adding or modifying the Virtual Server Profiles. I have been searching thru the forums here on DevCentral and Google, and haven't been able to locate a solution.

 

Below is an example of the Content I am sending over with my REST POST message (i've tried PUT too) to create the Virtual Server Profiles: {"kind":"tm:ltm:virtual:profiles:profilesstate","name":"generic-tcp-lan-profile","partition":"Common","context":"serverside"}

 

I receive a 400 status, and an error message stating the virtual server lists duplicate profiles. I verified that in all cases, the virtual server does not have a serverside profile listed. I have read on another article that any current profiles on the virtual server need to be deleted in order to add new profiles however any time I try to delete a profile, i receive an error that the operation was not supported, or the following:

 

"Less than the required minimum number of profiles found on /Sandbox1/: Exactly 1 of (UDP Profile (serverside), TCP Profile (serverside), SCTP Profile (serverside))"

 

I also receive the above message if i try to include the profiles in a sub collection when I create the virtual server, and I remove either the serverside or clientside profile. If I add the profile back, I receive the duplicate error.

 

6 Replies

  • Kevin_K_51432's avatar
    Kevin_K_51432
    Historic F5 Account

    Greetings, I took a quick peek at this post:

    https://devcentral.f5.com/articles/icontrol-rest-cookbook-24575

    This command deleted the server SSL profile from the virtual server:

    curl -k -u admin:admin -X DELETE https://192.168.10.100/mgmt/tm/ltm/virtual/~Common~test/profiles/serverTest
    

    This command can be used to add it back. It looks like you don't need to indicate context:

    curl -k -u admin:admin https://192.168.10.100/mgmt/tm/ltm/virtual/~Common~test/profiles -H "Content-Type: application/json" -X POST -d '{"name":"serverTest"}'
    

    Kevin

    • JoeDziedzic_265's avatar
      JoeDziedzic_265
      Icon for Nimbostratus rankNimbostratus

      Hi Kevin,

       

      I had seen that post, and tried using the same command structure, but it didn't work. I am using JavaScript, not CURL.

       

      I wasn't able to resolve the issue with deleting or adding a single profile, however I was able to figure out how to set all of the profiles when I create the virtual server.

       

  • I was able to successfully create the virtual servers and the profiles. In my POST message to create the Virtual Server, I needed to include all profiles in a subcollection.

     

    • Kevin_K_51432's avatar
      Kevin_K_51432
      Historic F5 Account

      Glad to hear you're back on track! It can be bit frustrating, but well worth the effort in the end.

       

      Kevin

       

  • Hi Joe, The first question I have is which version of TMOS are you running?

     

    With profiles, they are "sub-collections" in iControl REST. This means that modifying the profiles (at the virtual server URL level) performs the TMSH equivalent of "replace-all-with" which would mean normally that you would need to have the entire new list of profiles in each POST/PUT request.

     

    However, there is a way to to work with sub-collections in iControl REST to add/remove items. You can find more info here -

     

    https://devcentral.f5.com/s/articles/demystifying-icontrol-rest-part-2-understanding-sub-collections-and-how-to-use-them

     

  • Just like a setup task on Configuration Utility, you may want to create a profile separately before attaching it to a virtual server. To create a new profile, just POST its name to the

    /mgmt/tm/ltm/profile/serviceType
    endpoint, where
    serviceType
    is one of the services you see in the Local Traffic > Virtual Servers > Profiles > Services menu: e.g., http. For example, to create HTTP profile named "myProfile", run this.

     curl -sku user:password -X POST -H "Content-type: application/json" \
      -d '{"name":"myProfile"}' \
      https:///mgmt/tm/ltm/profile/http
    

    It inherits all the defaults from the parent http profile: You can modify the setting later. For example, to enable X-Forwarded-For insertion, simply PATCH it as below:

     curl -sku user:password -X PATCH -H "Content-type: application/json" \
      -d '{"insertXforwardedFor":"enabled"}' \
      https:///mgmt/tm/ltm/profile/http/myProfile
    

    Please refer to the Wiki: iControlREST /tm/ltm/profile for the ltm profile endpoints.

    There may be version dependencies: The above examples work on 12.1.1.