avinetworks
Avi LetsEncrypt Script - where to put fqdn?
Where do i need to put the FQDN in the newest version of AVI Virtual Service so that the script finds that VS and uses it for the HTTPPolicy? Currently my workaround is:
index 85fad46..ea9b827 100644
--- a/1
+++ b/2
@@ -245,7 +245,7 @@ def get_crt(user, password, tenant, api_version, csr, CA=DEFAULT_CA, disable_che
if overwrite_vs == None:
# Get VSVIPs/VSs, based on FQDN
- rsp = _do_request_avi("vsvip/?search=(fqdn,{})".format(domain), "GET").json()
+ rsp = _do_request_avi("vsvip/?search={}".format(domain), "GET").json()
if debug:
print ("Found {} matching VSVIP FQDNs".format(rsp["count"]))
if rsp["count"] == 0:
I think with "in the newest version" you're referring to the change in moving to VS VIPs, right? Last time, what was quite a while ago, about how ?search= worked I believe there was no public documentation available yet. So unsure what options there are.
As I'm only using Avi in my private lab, I'll ping someone from the Avi team if they have a minute taking a look on this GitHub issue.
@mirres
On a high-level:
- The script searches all VSVIPs for a specific FQDN. If not found, it falls back to "Virtual Hosting-mode".
- In VH-mode it is trying to find virtualservice which have the FQDN set under "Common name" (e.g. when using SNI)
- If any VS is found, it picks the VS UUID. Otherwise it fails.
To use FQDN with VSVIPs, you need to enable the DNS service functionality of Avi. Otherwise you might want to use overwrite_vs parameter to hardcode the VS the script is using:
https://github.com/avinetworks/devops/blob/29319f40cd364bf5b62051494d2c1bcb7131ab2f/cert_mgmt/letsencrypt_mgmt_profile.py#L39-L41
That should do the trick.