Nimbostratusroute advertisement and ssl certificates with bigsuds / icontrol inside transaction
I'am writing deployment scripting for our loadbalancer configuration.
For the moment I take the simple approach of deleting the whole configuration and rebuilding it within a transaction.
But I have encountered two problems with this approach: 1. route advertisements cannot be set inside the same transaction as the creation of the virtual server/address. 2. ssl keys/certificates cannot be recreated inside a transaction.
The questions: 1. Am I doing something wrong? 2. I would like, for now, to do this delete and create step inside a single transaction. It is much simpler and a little downtime is acceptable for now. But i would like to allways have a valid configuration, hence the transaction. Is this possible?
Example code for 1:
with bigsuds.Transaction(bigip_session) as bigip:
bigip.System.Session.set_active_folder('/acc')
print bigip.System.Session.get_active_folder()
bigip.LocalLB.VirtualServer.delete_all_virtual_servers()
bigip.LocalLB.Pool.delete_all_pools()
bigip.LocalLB.NodeAddressV2.delete_all_node_addresses()
bigip.LocalLB.ProfileHttp.delete_all_profiles()
for sslprofile in bigip.LocalLB.ProfileClientSSL.get_list():
print "deleting sslprofile: {}".format(sslprofile)
bigip.LocalLB.ProfileClientSSL.delete_profile(profile_names=[sslprofile])
bigip.LocalLB.NodeAddressV2.create(nodes=['node1'], addresses=['10.10.10.1'],
limits=[0])
bigip.LocalLB.NodeAddressV2.create(nodes=['node2'], addresses=['10.10.10.2'],
limits=[0])
lb_method = 'LB_METHOD_ROUND_ROBIN'
members = []
members.append({'address': 'node1', 'port': 80})
members.append({'address': 'node2', 'port': 80})
bigip.LocalLB.Pool.create_v2(pool_names=['test_pool'], lb_methods=[lb_method], members=[members])
monitor_rule = {'type': 'MONITOR_RULE_TYPE_AND_LIST', 'quorum': 0, 'monitor_templates': ['/Common/tcp']}
bigip.LocalLB.Pool.set_monitor_association(
monitor_associations=[{'pool_name': 'test_pool', 'monitor_rule': monitor_rule}])
definition = {'name': 'test_vip', 'address': '185.14.168.80', 'port': 80, 'protocol': 'PROTOCOL_TCP'}
resources = {'type': 'RESOURCE_TYPE_POOL', 'default_pool_name': 'test_pool'}
profile = [{'profile_context': 'PROFILE_CONTEXT_TYPE_ALL', 'profile_name': 'tcp'}]
bigip.LocalLB.VirtualServer.create(definitions=[definition], wildmasks=['255.255.255.255'], resources=[resources],
profiles=[profile])
bigip.LocalLB.VirtualServer.set_snat_automap(virtual_servers=['test_vip'])
bigip.LocalLB.VirtualAddressV2.set_route_advertisement_state(virtual_addresses=['/acc/185.14.168.80'], states=['STATE_ENABLED'])Error message:
bigsuds.ServerError: Server raised fault: 'Exception caught in System::urn:iControl:System/Session::submit_transaction()
Exception: Common::OperationFailed
primary_error_code : 16908342 (0x01020036)
secondary_error_code : 0
error_string : 01020036:3: The requested virtual address (/acc/185.14.168.80) was not found.'Example for 2: Uses simular code but uses the keycertificate calls to delete and create the keys/certificates. namely: bigip.Management.KeyCertificate.get_certificate_list(mode='MANAGEMENT_MODE_DEFAULT'): bigip.Management.KeyCertificate.certificate_delete(mode='MANAGEMENT_MODE_DEFAULT', cert_ids=[cert['file_name']])
bigip.Management.KeyCertificate.get_key_list(mode='MANAGEMENT_MODE_DEFAULT'): bigip.Management.KeyCertificate.key_delete(mode='MANAGEMENT_MODE_DEFAULT', ids=[cert['file_name']])
bigip.Management.KeyCertificate.key_import_from_pem(mode='MANAGEMENT_MODE_DEFAULT', key_ids=[clientssl.get_full_name()], pem_data=[clientssl.key], overwrite=False)
TODO: why can't i delete the certificate?
bigip.Management.KeyCertificate.certificate_import_from_pem(mode='MANAGEMENT_MODE_DEFAULT',
cert_ids=[clientssl.get_full_name()],
pem_data=[clientssl.cert],
overwrite=False)The error: bigsuds.ServerError: Server raised fault: 'Exception caught in Management::urn:iControl:Management/KeyCertificate::key_import_from_pem() Exception: Common::OperationFailed primary_error_code : -11 (0xFFFFFFF5) secondary_error_code : 0 error_string : Would overwrite file'