Forum Discussion

mshoaib's avatar
mshoaib
Icon for Altocumulus rankAltocumulus
Nov 22, 2020

Add/Remove ServerSSL profile on a Virtual Server using SDK

Hi,

 

I am trying to add/remove ServerSSL profile to a Virtual Server using F5 SDK.

 

I have the following script that will read the current profiles from the Virtual Server but I don't get my head around how to use .update() to delete a "serverSSL" profile if exist

 

from f5.bigip import ManagementRoot
import getpass, sys
 
# Variable Section
BigIP = "172.31.129.70"
BigIP_username = "mshoaib"
vip_name = 'www.example.com-https'
BigIP_password = getpass.getpass(prompt='Enter password: ', stream=None)
 
# Connect to BigIP
f5_mgmt = ManagementRoot(BigIP, BigIP_username, BigIP_password)
 
# Load VIP first
vip_info = f5_mgmt.tm.ltm.virtuals.virtual.load(name=vip_name, partition='Common')
 
# Read all profiles
pf_info =  vip_info.profiles_s.get_collection()
 
pf_list_before = []
 
print("Profiles before deletion:")
for a, pf in enumerate(pf_info):
  print(a,pf.name)
  pf_list_before.append(pf.name)
print(pf_list_before)
 
 
pf_list_after = []
print("--------")
for index, pf in enumerate(pf_info):
  if pf.name == 'serverssl':
    print("  Removing Server SSL")
    pf_info.pop(index)
 
print("Profiles after deletion: ")
for a, pf in enumerate(pf_info):
  print(a,pf.name)
  pf_list_after.append(pf.name)
 
print(pf_list_after)

 

 

Out put is :

 

 

[mshoaib@ca01net03 new_domain]$ python3.6 update-profiles.py
Enter password:
Profiles before deletion:
0 http_XForwardedFor
1 oneconnect
2 serverssl
3 tcp-lan-optimized
4 tcp-wan-optimized
5 wildcard.example.com-ssl
['http_XForwardedFor', 'oneconnect', 'serverssl', 'tcp-lan-optimized', 'tcp-wan-optimized', 'wildcard.example.com-ssl']
--------
  Removing Server SSL
Profiles after deletion:
0 http_XForwardedFor
1 oneconnect
2 tcp-lan-optimized
3 tcp-wan-optimized
4 wildcard.example.com-ssl
['http_XForwardedFor', 'oneconnect', 'tcp-lan-optimized', 'tcp-wan-optimized', 'wildcard.example.com-ssl']
[mshoaib@ca01net03 new_domain]$

Equivalent TMSH CLI are :

 

tmsh modify ltm virtual www.example.com-https profiles add { serverssl }

tmsh modify ltm virtual www.example.com-https profiles delete { serverssl }  

 

I appreciate any code snippet or link.

 

Thanks,

Muhammad

automation
devops
f5-sdk
iControl
iControlREST
sdk

2 Replies

Sort By
  • mshoaib's avatar
    mshoaib
    Icon for Altocumulus rankAltocumulus
    Nov 28, 2020

    I came across  BIGREST and found it much cleaner and easier to use.

    I learned the syntax and developed the solution using BIGREST instead of f5-common-pyton.

    Thank you Leonardo.

     

    Below is the code snippet that will toggle Server side SSL profile.

     

    # Connect to BigIP
domain_name = "www.example.com-https"
b = BIGIP(ip, username, password)
 
# Load the Profiles on a virtual server
profiles = b.load(f"/mgmt/tm/ltm/virtual/{rest_format(domain_name)}/profiles")
 
print(f"List of Profiles attached to {domain_name}")
profile_context_list = []
for p in profiles:
    profile_context_list.append(p.properties["context"])
print(profile_context_list)
 
if "serverside" in profile_context_list:
    print("Serverside SSL applied")
    print("Deleting Serverside SSL profile")
    path = (
      f"/mgmt/tm/ltm/virtual/{rest_format(domain_name)}/profiles/{rest_format(profile_name)}"
    )
    b.delete(path)
else:
    print("Serverside SSL doesn't applied")
    print("Adding Serverside SSL Profile")
    data = {}
    data["name"] = profile_name
    data["context"] = "serverside"
    b.create(f"/mgmt/tm/ltm/virtual/{rest_format(domain_name)}/profiles", data)

    Complete code is here :

    https://github.com/mshoaibshafi/nre-tools/tree/main/f5

     

     

  • Leonardo_Souza's avatar
    Leonardo_Souza
    Icon for Cirrocumulus rankCirrocumulus
    Nov 29, 2020

    Yes, the f5-common-python is a little bit complicated and more difficult to maintain the SDK code.

    That is why I wrote BIGREST.

     

    I used f5-common-python a lot before, and I now use BIGREST.

    Most of the stuff I create is because I need and what exist needed improvement, or what I need does not exist at all.

    Anyway, it is always good to see it helped other people as well.