limit to number of clientssl profiles
A colleague asks:
We are channeling multiple applications through a single virtual server, and are using SNI to make it all work. Today, we are at 1 base client ssl profile and 57 SNI profiles, and I’m trying to add one more.
I can make this add happen immediately in the GUI, but it took just over 20 minutes via Ansible REST call. It used to take 6 minutes when there were about half as many profiles, so I’m guessing the REST call attempts a large transactional lock and the required time is going to expand exponentially.
Is the REST API up to this kind of task? Is there a better way?
Thanks. --Kevin O'Neil
We submitted a case to f5 Support. Here is their response:
==============================
Basically, you can use the 'check_profiles' option to greatly decrease the time that the script take to run:
https://docs.ansible.com/ansible/latest/collections/f5networks/f5_modules/bigip_virtual_server_module.html#parameter-check_profilesNow, in regards of the questions you had:
Why that particular script takes so long to execute? Is it because it had to check every profile? And if so, the more profile the more it will take to check every profile?
>>Yes, based on the test outcome we provided above, it does look like the profile validation for a long list of profiles is causing the delay.
- Is there any ansible module that will just add a profile instead of replacing all of them each time?
- Is there any other module besides "bigip_virtual_server module" that could do modification to a virtual server that could work faster?>> Unfortunately, no for both. We're moving to a declarative collection using AS3. see here-
https://clouddocs.f5.com/products/orchestration/ansible/devel/f5_bigip/f5_bigip.html
=============================