POSH-LTM-Rest
POSH-LTM-Rest copied to clipboard
joel74
Issues applying policies
I'm not seeing policies added to the VIP. I'm using the example in Set-VirtualServer, and I can see the policies populated in $ProfileItems, however after running the following,
$vs | Add-Member -Force -Name 'policies' -Value $PolicyItems -MemberType NoteProperty and $vs | Set-VirtualServer
the VIP is unchanged.
PS C:\F5 Migration\CBTS DR\Fisdap> $ProfileItems
Name Value
kind tm:ltm:virtual:profiles:profilesstate
name Ascend_HTTPS
kind tm:ltm:virtual:profiles:profilesstate
name Ascend_OneConnect
kind tm:ltm:virtual:profiles:profilesstate
name websecurity
context clientside
name tcp-mobile-optimized
kind tm:ltm:virtual:profiles:profilesstate
context serverside
name tcp-lan-optimized
kind tm:ltm:virtual:profiles:profilesstate
context clientside
name Fisdap_Wildcard_Client
kind tm:ltm:virtual:profiles:profilesstate
The code involved
Read in the pool and node config file
$GetPoolInfo = import-csv "C:\F5 Migration\CBTS DR\Fisdap\FisdapPools.csv"
Read in the vip config file
$GetVIPInfo = import-csv "C:\F5 Migration\CBTS DR\Fisdap\FisdapVIPs.csv"
#Prompt for username and password $user = Read-Host "UserName" $passwd = Read-Host "Password" -AsSecureString
#Sets IP of the F5 $f5 = "..."
#Encrypts credentials $mycreds = New-Object System.Management.Automation.PSCredential ("$user", $passwd)
#Establishes a session to the F5 New-F5Session -LTMName $f5 -LTMCredentials $mycreds -Default
#Checks if it's a HTTPS VIP
if($Value.DestinationPort -eq '443')
{
#Pulls the config for the VIP into the variable
$vs = Get-VirtualServer -Name $Value.VirtualServerName
#Lists what profiles to apply
$Profiles = ('Ascend_HTTPS','Ascend_OneConnect','websecurity')
#Clears the ProfileItems variable
$ProfileItems = @()
#Adds the above listed profiles to the array
ForEach ($Profile in $Profiles){
$ProfileItems += @{
kind = 'tm:ltm:virtual:profiles:profilesstate'
name = $Profile
}
}
#Adds the above listed profiles to the array
$ProfileItems += @{
kind = 'tm:ltm:virtual:profiles:profilesstate'
name = 'tcp-mobile-optimized'
context = 'clientside'
}
#Adds the client side tcp profile to the array
$ProfileItems += @{
kind = 'tm:ltm:virtual:profiles:profilesstate'
name = 'tcp-lan-optimized'
context = 'serverside'
}
#Adds the client side tcp profile to the array
if (![string]::IsNullOrWhiteSpace($Value.clientssl))
{
#Adds the client side SSL profile to the array
$ProfileItems += @{
kind = 'tm:ltm:virtual:profiles:profilesstate'
name = $Value.clientssl
context = 'clientside'
}
}
#Checks to see if a SSL profile is needed serverside
if (![string]::IsNullOrWhiteSpace($Value.serverssl))
{
#Adds the server side SSL profile to the array
$ProfileItems += @{
kind = 'tm:ltm:virtual:profiles:profilesstate'
name = $Value.serverssl
context = 'serverside'
}
}
#Checks if there is a DOS profile to apply
if (![string]::IsNullOrWhiteSpace($Value.DOSProfile))
{
#Adds the DOS profile to the array
$ProfileItems += @{
kind = 'tm:ltm:virtual:profiles:profilesstate'
name = $Value.DOSProfile
context = 'all'
}
}
#Overwrites the config that was pulled from the F5 with the profile information
$vs | Add-Member -Force -Name 'profiles' -Value $ProfileItems -MemberType NoteProperty
#Checks if there is a default persistence profile to apply
if (![string]::IsNullOrWhiteSpace($Value.DefaultPersistence))
{
#Overwrites the config that was pulled fro the F5 with the default persistence information
$vs | Add-Member -Force -Name 'persist' -Value $Value.DefaultPersistence -MemberType NoteProperty
#Overwrites the config that was pulled fro the F5 with the fallback persistence information
$vs | Add-Member -Force -Name 'fallbackPersistence' -Value $Value.FallbackPersistence -MemberType NoteProperty
#Write new config for the VIP to the F5
$vs | Set-VirtualServer
#Pulls the config for the VIP into the variable
$vs = Get-VirtualServer -Name $Value.VirtualServerName
}
#Clears the PolicyItems variable
$PolicyItems = @()
#Checks if there is a ASM policy to apply
if (![string]::IsNullOrWhiteSpace($Value.ASMPolicy))
{
#Adds the ASM policy to the array
$PolicyItems += @{
kind = 'tm:ltm:virtual:policies:policiesstate'
name = $Value.ASMPolicy
}
}
#Overwrites the config that was pulled from the F5 with the policy information
$vs | Add-Member -Force -Name 'policies' -Value $PolicyItems -MemberType NoteProperty
#Write new config for the VIP to the F5
$vs | Set-VirtualServer
#sets the incremental value to the default value
$i = 1
#Sets the iRuleCount to the default irule value
$iRuleCount = 'irule' + $i
#Checks to make sure the iRule exists in the config sheet
while (![string]::IsNullOrWhiteSpace($Value.$iRuleCount))
{
#Adds the iRule to the VIP
Add-iRuleToVirtualServer -Name $Value.VirtualServerName -iRuleName $Value.$iRuleCount
#Increments the i variable for both looping and to determine iRule number
++$i
#Increments the iRuleCount variable for looping
$iRuleCount = 'irule' + $i
}
}
Hi. Thanks for opening this issue. When I tried to repro it, I got 2 errors with the latest version of the module:
Select-Object : The property cannot be processed because the property "Description" already exists. At C:\Program Files\WindowsPowerShell\Modules\F5-ltm\1.4.334\Private\Join-Object.ps1:66 char:30
Invoke-F5RestMethod : "400 Bad Request: Found unexpected json string at configuration item /ltm/virtual/~Common~TestVIP123/profiles/context. The json string is "serverside". At C:\Program Files\WindowsPowerShell\Modules\F5-ltm\1.4.334\Public\Set-VirtualServer.ps1:277 char:21
I'll keep digging into this and see what I can figure out.
I thought it might be something with the newer version. These were built using 1.4.253 and were working at the time. I ended up with a new laptop and am now using 1.4.334 and discovered the issue when I went to create a new site at the DR location. There was another issue with pool creation that I ended up tracking down to a module being totally commented out. I removed the comments and that got it working. Just couldn't figure out the VIP issue. Regrettably I didn't note which module it was that I fixed, but I'll try uninstalling and see if I can duplicate the issue to find out.
Sorry for the delay, I uninstalled and re-installed 1.4.3334 to get a default build. What I found was Add-PoolMember calls Get-Node at line 64 ($ExistingNode = Get-Node -F5Session $F5Session -Address $Address -Name $NodeName -Partition $Partition -ErrorAction SilentlyContinue). However the Get-Node function is all commented out by default and doesn't load. This was the issue I got around by uncommenting out this function. However the above still exists
Function Get-Node {
<#
.SYNOPSIS
# Retrieve specified Node(s)
.NOTES
# This function makes no attempt to resolve names to ip addresses. If you are having trouble finding a node, try:
# Get-Node | Where-Object { $_.address -like 'N.N.N.N' -or $_.name -like 'XXXXX' }
# [cmdletBinding()]
# param (
# $F5Session=$Script:F5Session,
# [Parameter(ValueFromPipelineByPropertyName)]
# [PoshLTM.F5Address[]]$Address=[PoshLTM.F5Address]::Any,
# [Alias('ComputerName')]
# [Alias('NodeName')]
# [Parameter(ValueFromPipeline,ValueFromPipelineByPropertyName)]
# [string[]]$Name='',
# [Parameter(ValueFromPipelineByPropertyName)]
# [string]$Partition
# )
# begin {
## Test that the F5 session is in a valid format
# Test-F5Session($F5Session)
# Write-Verbose "NB: Node names are case-specific."
# }
# process {
# for($i=0; $i -lt $Name.Count -or $i -lt $Address.Count; $i++) {
# $itemname = Invoke-NullCoalescing {$Name[$i]} {''}
# $itemaddress = Invoke-NullCoalescing {$Address[$i]} {[PoshLTM.F5Address]::Any}
# $URI = $F5Session.BaseURL + 'node/{0}' -f (Get-ItemPath -Name $itemname -Partition $Partition)
# $JSON = Invoke-F5RestMethod -Method Get -Uri $URI -F5Session $F5Session
## BIG-IP v 11.5 does not support FQDN nodes, and hence nodes require IP addresses and have no 'ephemeral' property
# Invoke-NullCoalescing {$JSON.items} {$JSON} |
# Where-Object { $F5Session.LTMVersion.Major -eq '11' -or $_.ephemeral -eq 'false' } |
# Where-Object { [PoshLTM.F5Address]::IsMatch($itemaddress, $_.address) } |
# Add-ObjectDetail -TypeName 'PoshLTM.Node'
# }
# }
}
@tmccarthy349 I'm in kind of a tough spot. I'm switching jobs and after today I will no longer have access to LTMs on which to test the F5 PowerShell module. I'll post on DevCentral and maybe I can find someone there who can take over managing this module.
