So people who configure F5’s have access to a GUI system called Iapps to configure services. Anyway, its end-of-life now, deprecated for a while. So they have a set of default FAST templates where you can create similar services – these are F5 Application Service Templates. Neatly referred to as “Applications LX” and placed with the Iapps menu so as not to frighten us. What they do is essentially deploy a configuration in a different way – defined in JSON AS3.
They start off assuming you want to code it and so examples are often curl based:
curl -sku "$USERNAME:$PASSWORD" -H "Content-Type: application/json" -X POST https://<ip>/mgmt/shared/fast/applications -d '
{
"name": "examples/simple_http",
"parameters": {
"tenant_name": "Tenant1",
"application_name": "Application1",
"virtual_port": 443,
"virtual_address": "192.168.1.0",
"server_port": 80,
"server_addresses": ["10.10.10.1"]
}
}'
So basically they are transitioning us to use AS3 because it can now be more readily programmed. With one JSON file you can deploy a new service. The API as you would expect can add, delete, list, obtain the status of an asynchronous task. So, as you can see, our life has been made a lot easier.
Well not really. Most of my services are one-off’s, and I find the templates far less helpful than Iapps, but for most load balancing cases they could work.
You can construct JSON file like this:
{
"name": "bigip-fast-templates/http",
"parameters": {
"tenant_name": "TENANT-DEV",
"app_name": "fast-lcs-monitoring",
"virtual_port": 443,
"virtual_address": "10.255.255.23",
"server_port": 443,
"tls_cert_name": "/Common/default.crt",
"tls_key_name": "/Common/default.key",
"pool_members": [
{
"serverAddresses": [
"147.197.138.25"
],
"servicePort": 443,
"connectionLimit": 0,
"priorityGroup": 0,
"shareNodes": true
}
],
"enable_acceleration": false,
"x_forwarded_for": true,
"enable_redirect": true,
"make_tls_server_profile": true,
"tls_server_profile_name": "/Common/WEBADMIN_tls_13_common"
}
}
If you don’t specifiy an option that is required there will be defaults. It can be sent up by curl or python. If I put a file like the above in myjson.json I can deploy in python like this:
import json
from dotenv import load_dotenv
load_dotenv()
import os
username=os.getenv("username")
password=os.getenv("password")
headers = {"Content-Type": "application/json"}
f = open("myjson.json", "r")
deploythis = json.load(f)
result = requests.post(
url, auth=(username, password), json=deploythis, headers=headers, verify=False
}
print(results.json())
You can get carried away interrogating the task from that results.json(). As its asynchronous you might have to loop round until it completes
while result.json()["code"] != 200:
result = requests.get(
url, auth=(username, password), json=myobj, headers=headers, verify=False
)
print_progress(result)
try:
result.json()["_links"]["tasks"]
except:
result.json()["_links"]["self"]
pass
print(f'Success code: {result.json()["code"]}')
Well anyway. I think in a rehearsed way this type of thing could be useful in a deployment situation. Running up services perhaps in a cloud environment in particular.
OK that’s not my situation, so its heavy weather for one-off tasks, so its back to FAST Templates aka “Application LX”.
So how do I move over my numerous Iapps configurations to using FAST and AS3. Well it turns out not easily. There is a specific warning against having a service defined in both Iapps and AS3, mainly because they conflict and it will get very messy.
But it gets messy very quickly at the start as all these AS3 or FAST defined services will be in partitions (they want to call tenants). Watch out for that.
There is no guidance on converting. You have to write your own templates really if you have some special requirement.
So how will we move over to using FAST? Well, I think a skilled person (someone who spends months on this) might be able to create parallel services on different IP’s perhaps with service names changed, and then just switch IPs. But really who expects to be landed with this amount of grief.
I can see a github project that should help translate Iapps configured services into AS3. You provide a support file (UCS file) and it converts. Well here is my output with just one Iapps it has to convert. So it didn’t all go well.
+ sudo docker run --rm -v DockerDir:/app/data f5devcentral/f5-as3-config-converter:latest -o data/utput.json -u data/my.ucs
^C2022-10-15 16:21:23 WARN ERROR! DUPLICATE OBJECT NAME DETECTED:
2022-10-15 16:21:23 WARN dataStore exists as both Data_Group and Data_Group
(node:1) UnhandledPromiseRejectionWarning: TypeError: Error converting input file. Please email us at solutionsfeedback@f5.com and include the following error:
Cannot read property 'SYSTEM-MAINTENANCE_redir_vs' of undefined
at /app/src/engines/as3Converter.js:464:56
at Array.forEach (<anonymous>)
at /app/src/engines/as3Converter.js:459:22
at Array.forEach (<anonymous>)
at module.exports (/app/src/engines/as3Converter.js:457:20)
at mainRunner (/app/src/main.js:57:23)
at main (/app/src/main.js:112:30)
at processTicksAndRejections (internal/process/task_queues.js:95:5)
The BIG-IP ACC is not a supported product. Maybe its good money for F5 consultants to come to your site and help you convert.
I’m a bit stumped right now as to how to migrate my services. It seems quite an odd position to be in. If I put all new services in FAST that might work but most of my services are not going anywhere “fast” – excuse the pun. Well it seems for now they are not going to be migrated quickly either.