Issues applying policies

[tmccarthy349]

I'm not seeing policies added to the VIP. I'm using the example in Set-VirtualServer, and I can see the policies populated in $ProfileItems, however after running the following,

$vs | Add-Member -Force -Name 'policies' -Value $PolicyItems -MemberType NoteProperty
and
$vs | Set-VirtualServer

the VIP is unchanged.

PS C:\F5 Migration\CBTS DR\Fisdap> $ProfileItems

Name Value

---

kind tm:ltm:virtual:profiles:profilesstate
name Ascend_HTTPS
kind tm:ltm:virtual:profiles:profilesstate
name Ascend_OneConnect
kind tm:ltm:virtual:profiles:profilesstate
name websecurity
context clientside
name tcp-mobile-optimized
kind tm:ltm:virtual:profiles:profilesstate
context serverside
name tcp-lan-optimized
kind tm:ltm:virtual:profiles:profilesstate
context clientside
name Fisdap_Wildcard_Client
kind tm:ltm:virtual:profiles:profilesstate

The code involved

Read in the pool and node config file

$GetPoolInfo = import-csv "C:\F5 Migration\CBTS DR\Fisdap\FisdapPools.csv"

Read in the vip config file

$GetVIPInfo = import-csv "C:\F5 Migration\CBTS DR\Fisdap\FisdapVIPs.csv"

#Prompt for username and password
$user = Read-Host "UserName"
$passwd = Read-Host "Password" -AsSecureString

#Sets IP of the F5
$f5 = "..."

#Encrypts credentials
$mycreds = New-Object System.Management.Automation.PSCredential ("$user", $passwd)

#Establishes a session to the F5
New-F5Session -LTMName $f5 -LTMCredentials $mycreds -Default

#Checks if it's a HTTPS VIP
if($Value.DestinationPort -eq '443')
{
    #Pulls the config for the VIP into the variable
    $vs = Get-VirtualServer -Name $Value.VirtualServerName
    
    #Lists what profiles to apply
    $Profiles = ('Ascend_HTTPS','Ascend_OneConnect','websecurity')

    #Clears the ProfileItems variable
    $ProfileItems = @()

    #Adds the above listed profiles to the array
    ForEach ($Profile in $Profiles){
        $ProfileItems += @{
            kind = 'tm:ltm:virtual:profiles:profilesstate'
            name = $Profile
        }
    }

    #Adds the above listed profiles to the array
    $ProfileItems += @{
        kind = 'tm:ltm:virtual:profiles:profilesstate'
        name = 'tcp-mobile-optimized'
        context = 'clientside'
    }
    #Adds the client side tcp profile to the array
    $ProfileItems += @{
        kind = 'tm:ltm:virtual:profiles:profilesstate'
        name = 'tcp-lan-optimized'
        context = 'serverside'
    }

    #Adds the client side tcp profile to the array
    if (![string]::IsNullOrWhiteSpace($Value.clientssl))
    {
        #Adds the client side SSL profile to the array
        $ProfileItems += @{
            kind = 'tm:ltm:virtual:profiles:profilesstate'
            name = $Value.clientssl
            context = 'clientside'
        }
    }

    #Checks to see if a SSL profile is needed serverside
    if (![string]::IsNullOrWhiteSpace($Value.serverssl))
    {
        #Adds the server side SSL profile to the array
        $ProfileItems += @{
        kind = 'tm:ltm:virtual:profiles:profilesstate'
        name = $Value.serverssl
        context = 'serverside'
        }
    }

    #Checks if there is a DOS profile to apply
    if (![string]::IsNullOrWhiteSpace($Value.DOSProfile))
    {
        #Adds the DOS profile to the array
        $ProfileItems += @{
            kind = 'tm:ltm:virtual:profiles:profilesstate'
            name = $Value.DOSProfile
            context = 'all'
        }
    }

    #Overwrites the config that was pulled from the F5 with the profile information
    $vs | Add-Member -Force -Name 'profiles' -Value $ProfileItems -MemberType NoteProperty

    #Checks if there is a default persistence profile to apply
    if (![string]::IsNullOrWhiteSpace($Value.DefaultPersistence))
    {
        #Overwrites the config that was pulled fro the F5 with the default persistence information
        $vs | Add-Member -Force -Name 'persist' -Value $Value.DefaultPersistence -MemberType NoteProperty

        #Overwrites the config that was pulled fro the F5 with the fallback persistence information
        $vs | Add-Member -Force -Name 'fallbackPersistence' -Value $Value.FallbackPersistence -MemberType NoteProperty

        #Write new config for the VIP to the F5
        $vs | Set-VirtualServer

        #Pulls the config for the VIP into the variable
        $vs = Get-VirtualServer -Name $Value.VirtualServerName

    }

    #Clears the PolicyItems variable
    $PolicyItems = @()

    #Checks if there is a ASM policy to apply
    if (![string]::IsNullOrWhiteSpace($Value.ASMPolicy))
    {
        #Adds the ASM policy to the array
        $PolicyItems += @{
            kind = 'tm:ltm:virtual:policies:policiesstate'
            name = $Value.ASMPolicy
        }
    }   
   

    #Overwrites the config that was pulled from the F5 with the policy information
    $vs | Add-Member -Force -Name 'policies' -Value $PolicyItems -MemberType NoteProperty

    #Write new config for the VIP to the F5
    $vs | Set-VirtualServer   
  
    #sets the incremental value to the default value
    $i = 1

    #Sets the iRuleCount to the default irule value
    $iRuleCount = 'irule' + $i

    #Checks to make sure the iRule exists in the config sheet
    while (![string]::IsNullOrWhiteSpace($Value.$iRuleCount))
    {
        #Adds the iRule to the VIP
        Add-iRuleToVirtualServer -Name $Value.VirtualServerName -iRuleName $Value.$iRuleCount

        #Increments the i variable for both looping and to determine iRule number
        ++$i

        #Increments the iRuleCount variable for looping
        $iRuleCount = 'irule' + $i
    }
}

[joel74]

Hi. Thanks for opening this issue. When I tried to repro it, I got 2 errors with the latest version of the module:

Select-Object : The property cannot be processed because the property "Description" already exists. At C:\Program Files\WindowsPowerShell\Modules\F5-ltm\1.4.334\Private\Join-Object.ps1:66 char:30

Invoke-F5RestMethod : "400 Bad Request: Found unexpected json string at configuration item /ltm/virtual/~Common~TestVIP123/profiles/context. The json string is "serverside". At C:\Program Files\WindowsPowerShell\Modules\F5-ltm\1.4.334\Public\Set-VirtualServer.ps1:277 char:21

I'll keep digging into this and see what I can figure out.

[tmccarthy349]

I thought it might be something with the newer version. These were built using 1.4.253 and were working at the time. I ended up with a new laptop and am now using 1.4.334 and discovered the issue when I went to create a new site at the DR location. There was another issue with pool creation that I ended up tracking down to a module being totally commented out. I removed the comments and that got it working. Just couldn't figure out the VIP issue. Regrettably I didn't note which module it was that I fixed, but I'll try uninstalling and see if I can duplicate the issue to find out.

[tmccarthy349]

Sorry for the delay, I uninstalled and re-installed 1.4.3334 to get a default build. What I found was Add-PoolMember calls Get-Node at line 64 ($ExistingNode = Get-Node -F5Session $F5Session -Address $Address -Name $NodeName -Partition $Partition -ErrorAction SilentlyContinue). However the Get-Node function is all commented out by default and doesn't load. This was the issue I got around by uncommenting out this function. However the above still exists

Function Get-Node {

<#

.SYNOPSIS

# Retrieve specified Node(s)

.NOTES

# This function makes no attempt to resolve names to ip addresses.  If you are having trouble finding a node, try:
    # Get-Node | Where-Object { $_.address -like 'N.N.N.N' -or $_.name -like 'XXXXX' }
# [cmdletBinding()]
# param (
    # $F5Session=$Script:F5Session,

    # [Parameter(ValueFromPipelineByPropertyName)]
    # [PoshLTM.F5Address[]]$Address=[PoshLTM.F5Address]::Any,

    # [Alias('ComputerName')]
    # [Alias('NodeName')]
    # [Parameter(ValueFromPipeline,ValueFromPipelineByPropertyName)]
    # [string[]]$Name='',

    # [Parameter(ValueFromPipelineByPropertyName)]
    # [string]$Partition
# )
# begin {
    ## Test that the F5 session is in a valid format
    # Test-F5Session($F5Session)

    # Write-Verbose "NB: Node names are case-specific."
# }
# process {
    # for($i=0; $i -lt $Name.Count -or $i -lt $Address.Count; $i++) {
        # $itemname = Invoke-NullCoalescing {$Name[$i]} {''}
        # $itemaddress = Invoke-NullCoalescing {$Address[$i]} {[PoshLTM.F5Address]::Any}
        # $URI = $F5Session.BaseURL + 'node/{0}' -f (Get-ItemPath -Name $itemname -Partition $Partition)
        # $JSON = Invoke-F5RestMethod -Method Get -Uri $URI -F5Session $F5Session
        ## BIG-IP v 11.5 does not support FQDN nodes, and hence nodes require IP addresses and have no 'ephemeral' property
        # Invoke-NullCoalescing {$JSON.items} {$JSON} |
            # Where-Object { $F5Session.LTMVersion.Major -eq '11' -or $_.ephemeral -eq 'false' } |
            # Where-Object { [PoshLTM.F5Address]::IsMatch($itemaddress, $_.address) } |
            # Add-ObjectDetail -TypeName 'PoshLTM.Node'
    # }
# }

}

[joel74]

@tmccarthy349 I'm in kind of a tough spot. I'm switching jobs and after today I will no longer have access to LTMs on which to test the F5 PowerShell module. I'll post on DevCentral and maybe I can find someone there who can take over managing this module.

[AndrewSav]

@tmccarthy349 are you still having the issue? it looks like the commented out block was fixed.