Assign a monitor to an already existing node using iControl
Hello everyone, I am using the python bigsuds iControl library. I have created a couple of nodes and now trying to assign a monitor to them. Looked at the API reference but it throws the same error overtime. I am not sure what it is expecting in "type". >>> c.LocalLB.NodeAddressV2.set_monitor_rule(['node1'],['MONITOR_RULE_TYPE_SINGLE', 0L, ['icmp']]) Traceback (most recent call last): File "", line 1, in File "build/bdist.macosx-10.10-intel/egg/bigsuds.py", line 412, in wrapped_method File "build/bdist.macosx-10.10-intel/egg/bigsuds.py", line 472, in process File "build/bdist.macosx-10.10-intel/egg/bigsuds.py", line 478, in _process_args File "build/bdist.macosx-10.10-intel/egg/bigsuds.py", line 540, in _process_arg File "build/bdist.macosx-10.10-intel/egg/bigsuds.py", line 559, in _process_arg bigsuds.ArgumentError: "MONITOR_RULE_TYPE_SINGLE" is not a valid value for LocalLB.MonitorRule, expecting: type, quorum, monitor_templates Also, i think i have to use the set_default_node_monitor after this. Has anyone been in a similar situation. Would really appreciate any help. Thanks!192Views0likes1Commentstruggling to create irules
I'm using python 2.6.6 and pycontrol 2.0.1 to connect to our load balancer and configure it. I'm trying to make a rough start at creating a standard provisioning script for any new subdomains that are set up. I like python/pycontrol in general it's proving fairly easy and simple to get things rolling (particularly in comparison to the usual PITA that seems to go with Perl & APIs), I'm able to pull all sorts of data from the LBs with ease. I'm going to keep hacking away at this and will update if I manage to solve this in case it's useful to others. The examples I've been able to find so far don't seem to show python creating irules. !/usr/bin/python Import pycontrol and connect to loadbalancer import pycontrol.pycontrol as pc myLTM = pc.BIGIP( hostname = 'serv.er.addre.ss', username = 'admin', password = 'password', fromurl=True, wsdls = ['LocalLB.Rule']) Provide rl as a shortcut to the rules service rl=myLTM.LocalLB.Rule Query the user for the domain appname = raw_input("Enter new application/subdomain name:") Generate the content of the new iRule irules_content = [] irules_content.append(u' Rule generated for %s' % appname) irules_content.append(u'when HTTP_REQUEST {') irules_content.append(u' Check if Host header is %s.ourdomain.com' % appname) irules_content.append(u' if {[HTTP::host] eq "%s.ourdomain.com"}{' % appname) irules_content.append(u' use %s pool' % appname) irules_content.append(u' pool %s_pool' % appname) irules_content.append(u' }') irules_content.append(u'}') Combine it all into a single \n separated string irules_content = '\n'.join(irules_content) Define the name for the iRule irule_name = appname+"_redirect" Print to screen print irule_name print irules_content Attempt to create rule rl.create(rule_name = irule_name, rules = irules_content) Double check for sanity double_check = rl.query_rule(rule_names = [irules_name]) print "\nCreated iRule:\n" print double_check[0].rule_definition Whilst rl.create appears to work, no exception is reported, double_check fails telling me the requested rule wasn't found. I don't see any way to commit changes to the interface. I'm sure it's the "rules = " bit that is wrong, if I use rule_definition that I'd expect to use there, it fails telling me rules wasn't there: "WebFault: Server raised fault: 'Could not find element by name: rules'" edit: Really not keen on this forum software.. just doesn't want to accept code tags around the code, seems to expect me to prepend [ code ] to every line?! (minus the spaces)236Views0likes2CommentsProblem creating a monitor with a wildcart port and IP using bigsuds
Hi all, I'm trying to use the bigsuds library in Python to create a monitor, but I can't get the LTM to accept a wildcard IP address and port... it wants a string and a long, and an empty string and 0 don't work. How to do I replicate the tmsh dump below using bigsuds, if it keeps wanting a real IP and port? This is my tmsh dump of it: ltm monitor http shib-test-http-monitor { defaults-from /Common/http destination *:* interval 5 recv "OK" send "GET /foo\\r\\n" time-until-up 0 timeout 16 } Here's the code I'm using: mtemplates = [{'template_name' : clean_monitor_name, 'template_type' : 'TTYPE_HTTP'}] shouldn't need template_type if we specify a parent mattributes = [{ 'parent_template' : 'http', 'interval': 5, 'timeout': 16, 'dest_ipport': {'address_type': 'ATYPE_STAR_ADDRESS_STAR_PORT', 'ipport': {'address':None, 'port': "0"}}, 'is_read_only': False, 'is_directly_usable': True, }] print "Creating monitor " + str(mtemplates) + " with attributes " + str(mattributes) lb.Monitor.create_template(mtemplates,mattributes) Unfortunately, I'm getting this back: bigsuds.ServerError: Server raised fault: 'Exception caught in LocalLB::urn:iControl:LocalLB/Monitor::create_template() Exception: Common::OperationFailed primary_error_code : 16908320 (0x01020020) secondary_error_code : 0 error_string : 01020020:3: The text string cannot be converted to an IP address.'279Views0likes1CommentTrying to setup basic networking with bigsuds
I am trying write a script to setup basic networking using bigsuds. I am having trouble creating a vlan. I am novice at scripting so I must be making an error. Here is the simple script to create a vlan: !/usr/bin/python netconfig.py attempt to do basic network setup with icontrol import bigsuds b = bigsuds.BIGIP( hostname = '10.3.213.66', username = 'admin', password = 'admin', ) b.networking.VLAN.create_v2( vlans, 'ext-esnet', vlan_ids, 1101, members, 1.1, ) Here is the error I get when I try to run it: $ ./netconfig.py Traceback (most recent call last): File "./netconfig.py", line 14, in b.networking.VLAN.create_v2( File "/usr/local/lib/python2.7/dist-packages/bigsuds-1.0-py2.7.egg/bigsuds.py", line 258, in __getattr__ client = self._client_creator('%s.%s' % (self._name, attr)) File "/usr/local/lib/python2.7/dist-packages/bigsuds-1.0-py2.7.egg/bigsuds.py", line 134, in _create_client 'namespace?' % (e, wsdl_name)) bigsuds.ParseError: :12:2: mismatched tag Failed to parse wsdl. Is "networking.VLAN" a valid namespace? Tim T303Views0likes4Commentspython and iControl to verify load balancer configurations
Title... Using python and iControl API to automatically verify F5 LTM LB VIP configurations.... tags: python iControl pyControl suds verify verifying validating configuration settings F5 LTM load balancer VIP automation provisioning Problem... If you're in a large company, you might have a shared services model for IT services like networking. You work with several centralized IT teams to implement firewall ACLs, Load Balancer VIPs, storage, etc.. Unless you have a solid provisioning process, and request forms that translate into implementation scripts, then you've likely run into issues resulting from human error. This is unavoidable if new requests are created manually through the UI. Wrong protocols, mismatching ports, incorrect pool members, wrong vlan / subnets, incorrect IPs, or incorrect partitions. The list goes on. Provisioning errors introduce days to weeks of delays for new requests. They have to go through verification, troubleshooting, additional rounds of approval, scheduling for change control and QA, particularly for compliance environments. This only gets worse if there are many individuals or time zones between the person making the request and the person implementing the change. If you're migrating datacenters, and have multiple environments, this will likely leave your project managers very unhappy. An automated provisioning process would certainly help, but can be expensive to build and implement. A short-term fix is to provide network engineers (those implementing the request) with a means of automatically verifying the request was implemented correctly. This will significantly reduce the turnaround time for new requests, saving time for both you and your networking team. This will also allow junior staff or interns to verify the work and free up senior staff. Solution... What's needed is a script or application that can load and verify a dataset containing new or existing F5 LTM load balancer request definitions. This script will read the dataset, store these in structured data types, and use the iControl API to verify the requests have been implemented properly. The output of the scripts will alert on misconfigured load balancer settings. This can be run by anyone on your ops or networking team, and can even be set up in Jenkins for single-click testing / reporting / alerting / history. Similarly this can be implemented as JUnit / TestNG, or puppet / chef / etc. Your network engineer or intern ops engineer can now verify implementations at the click of a button, immediately after the network engineer completes their work. NOTE: Once this is in place, you will find that you're already half-way there to automatic provisioning, as the same definition files can be used to generate the implementation scripts. To do this you'll need the following: pyControl + suds (or java + xml libs if you go that route) iControl SDK a read-only user that is available to networking and operations staff Here's a list of what our scripts do: read vip names to check from a file (including the LTMs they reside on) connect to each of LTMs referenced in the load balancer requests load the LTM's virtual server and pool member configuration via iControl for each virtual server and pool, verify LTM configuration matches the request and expected values output related information and alert or warn on any mismatches or missing VIPs Here's a list of the types of things we check for: ... General ... check version of iControl modules on the LTM, alert if mismatch (script might need to be updated) ... Virtual Server ... exists on the LTM we expect it to was created in the correct partition for the BU/FG/application name matches the expected pattern (), where is typically fqdn or vip ip address of LB VIP matches virtual server port matches virtual server name (thisvip_80 is configured for port 80, thisvip_443 is 443, etc.) resource pool name matches virtual server (pool name matches virtual server name, including ports) state is enabled correct protocol http/https profile connection limits source NAT enabled / disabled SSL offloading enabled / disabled vlan matches (if used) all other virtual server settings ... Pools and Pool Members ... display pool member IPs and ports in output pool member ports match virtual server / vip (80 to 80, 443 to 443) pool member IPs match expected for LB VIP (from input) pool options match default profile (from input) health check matches virtual server type (TCP only) timeouts are correct minimum number of members matches minimum member action matches slow ramp time matches members are reporting as available ... Other ... perform forward and reverse DNS checks on virtual server VIP keep script execution history / output for reporting purposes My first draft of such a script in python served us well, if a bit rudimentary. It can run from Jenkins and a network engineer can click on the job to verify all VIPs in our environment (including the new ones they just added). If they see they made a mistake, they can just fix it and rerun the script (rinse and repeat until no more errors). If I schedule that Jenkins job to run daily, I get an alert if any of the LB VIPs or pool members are misconfigred. The same can be done for firewall requests. Next step is to add LB VIP profiles and refactor the code so it can be shared.1.1KViews0likes12CommentsCan't set 'always-send' property on cookie persistence profile
I'm trying to reproduce a configuration dumped thorugh tmsh using the iControl interface for the LTM. Here's the configuration I'm trying to create: ltm persistence cookie dev-shib-cookie-persistence { always-send enabled app-service none defaults-from /Common/cookie expiration 0 method insert override-connection-limit disabled } Here's what I'm able to create using the iControl API: ltm persistence cookie shib-dev-cookie-persistence { app-service none defaults-from /Common/cookie method insert } Here's my code: lb.ProfilePersistence.create([clean_persistence_name], ['PERSISTENCE_MODE_COOKIE']) lb.ProfilePersistence.set_default_profile([clean_persistence_name], ['/Common/cookie']) lb.ProfilePersistence.set_cookie_persistence_method([clean_persistence_name],[{'value':'COOKIE_PERSISTENCE_METHOD_INSERT', 'default_flag': False}]) I can't find anything on how to configure 'always-send' in the documentation at: https://devcentral.f5.com/wiki/iControl.LocalLB__ProfilePersisten ce.ashx Can you tell me how to set this parameter using the iControl API? I'm using the python bigsuds library if that matters. Thanks!314Views0likes1Comment"basic auth failed" when creating a simple connection
Hello, When I run the code at the following link from the command line (ie. "python example.py") I get the exception "suds.transport.TransportError: HTTP Error 401: basic auth failed" http://pastebin.com/w60Vb9Ji What makes this so bizarre is that if I set up this same BIGIP instance in the interpreter, it works just fine. So I am unable to run this from a script. What is making this happen? How do I solve this? Thanks410Views0likes2Commentssuds cache files not being removed
Hi all, I'm noticing that the cache files that are created by suds are not being removed after they expire. Now I know this may be a suds issue but I thought I'd post here since I notice that changing the following line in the pycontrol.py makes no difference, some where around line 90. cache.setduration(days=30) also, 30 days seems a little long, since it appears that new cache files are bieng created each run of my scripts. Now I get the point of caching, but in my case I have the wsdls saved locally on disk and don't need them cached, or so I think. I've tried various settings for the setduration and none of them seem to make any difference. What I did find is by placing the following after the setduration removes the cache files. cache.clear() I'm using version '2.0.1' of pycontrol and 0.4 of suds I should also note that I have suds and pycontrol as egg files that my script imports. Not sure if this makes a difference, probably does, but thought I should point this out. I was wondering if anyone has thought of adding the cache duration as one of the args to the BIGIP class? This assumes that the setduration setting would actually work. How about possibly clearing the cache or trying to use the NoCache object instead of the default FileCache for when the wsdls are locally stored? BTW I've tried to use the NoCache method and it didn't seem to work either. Has anyone else noticed this issue before? If so, how did you work with it? thanks, Jeremy281Views0likes0Comments01070621:3: Rule priorities error despite unique priorities !
Fellow pycontrol-freaks :) I've been on a coding marathon for 2 days and have had a fantastic time diving into pycontrol !! I'm trying to use it to dynamically add a maintenance irule and then remove it again based on a ruby script that's out on devcentral. However, I'm running into a wall finally and it smells like a bug or massively misleading API error to me. I know that icontrol is stricter than the gui and won't let me add 2 irules with the same priority except I can prove to you that it does anyway whereas I cannot add a 3rd iRule if 2 exist already no matter what the priorities are. Case in point. I have a test vs with no irules. I can use my pycontrol script to add a redirect rule no problem. *********************** SCENARIO 1 (works when it shouldn't) : [stucky@vito pycontrol]$ ./maintenance.py blablabla The iRule 'api_maintenance' already existed but got refreshed. Successfully added iRule 'api_maintenance' to virtual server '/Common/test' The irule is set to priority 1 : [root@stglbltm01:Active:Standalone] config tmsh show ltm rule api_maintenance --------------------------------------------- Ltm::Rule Event: api_maintenance:HTTP_REQUEST --------------------------------------------- Priority 1 Executions Now as per docs I should not be able do this again if another rule with pri 1 already exists. To test let's remove this rule again and manually add the test rule with pri 1. [root@stglbltm01:Active:Standalone] config tmsh list ltm virtual test ltm virtual test { destination ip:http ip-protocol tcp mask 255.255.255.255 profiles { http { } tcp { } } rules { test_hipri } [root@stglbltm01:Active:Standalone] config tmsh show ltm rule test_hipri ---------------------------------------- Ltm::Rule Event: test_hipri:HTTP_REQUEST ---------------------------------------- Priority 1 Executions Ok now let's try to use pycontrol to add the maintenance rule again: [stucky@vito pycontrol]$ ./maintenance.py blablabla The iRule 'api_maintenance' already existed but got refreshed. Successfully added iRule 'api_maintenance' to virtual server '/Common/test' Let's confirm we have both rules associated with the vs: [root@stglbltm01:Active:Standalone] config tmsh list ltm virtual test ltm virtual test { destination ip:http ip-protocol tcp mask 255.255.255.255 profiles { http { } tcp { } } rules { test_hipri api_maintenance } Now I don't mind if something works that shouldn't as much as I do when something doesn't work that should ! ************************** SCENARIO 2 (Doesn't work when it really should !!) Let's add 2 irules to this vs both with DIFFERENT priorities (other than 1 for sure !): [root@stglbltm01:Active:Standalone] config tmsh list ltm virtual test ltm virtual test { destination ip:http ip-protocol tcp mask 255.255.255.255 profiles { http { } tcp { } } rules { log_persistence_cookie filter_http_methods } We have pri 800 and pri 10. [root@stglbltm01:Active:Standalone] config tmsh show ltm rule log_persistence_cookie ---------------------------------------------------- Ltm::Rule Event: log_persistence_cookie:HTTP_REQUEST ---------------------------------------------------- Priority 800 Executions [root@stglbltm01:Active:Standalone] config tmsh show ltm rule filter_http_methods ------------------------------------------------- Ltm::Rule Event: filter_http_methods:HTTP_REQUEST ------------------------------------------------- Priority 10 Executions According to the docs I should have no problem adding a 3rd irule with priority 1 here via pycontrol so let's try : [stucky@vito pycontrol]$ ./maintenance.py blablab The iRule 'api_maintenance' already existed but got refreshed. No handlers could be found for logger "suds.client" Server raised fault: 'Exception caught in LocalLB::urn:iControl:LocalLB/VirtualServer::add_rule() Exception: Common::OperationFailed primary_error_code : 17237537 (0x01070621) secondary_error_code : 0 error_string : 01070621:3: Rule priorities for virtual server (/Common/test) must be unique.' This totally hoses me cause I cannot finish my maintenance script testing now. It's all moot if I can't get this rule added/removed on the fly. Please tell me I'm doing something wrong ! Keep up the great forum ! thx319Views0likes0Comments