Forum Discussion

Mario_Andres_Fr's avatar
Icon for Nimbostratus rankNimbostratus
Jul 21, 2022

CPU consumption tmsh vs api rest

Hi everyone,

now I have several bash scripts to modify some pools depending on a specific response from a URL, this checks every minute if the response change and if so, changes the pool members, now I see a high CPU consumption and for that I want migrate that to ansible, the question is, if I want to see the pool members from Ansible, what is the best way, send a coman from ansible to bigip with the respective command tmsh (tmsh list ltm pool namePool)? or check the API (/mgmt/tm/ltm/pool/~Common~namePool/members?ver=

or there is no difference in consumption for the two cases.





3 Replies

  • In case you are using remote auth, you can retrieve an auth token to perform REST API requests.

    This will save a lot of latency and CPU load versus running single tmsh commands.

    To check the CPU and latency impact when using the iControl REST API you can modify the following python script (username, passphrase, device, cycles, latency [see Bug ID 1108181]:

    # python script:
    # version: 0.10 (2022-06-29)
    # author: Stephan Manthey
    # purpose:
    #   retrieve auth token
    #   list example pool configruation with token based auth via inband management IP (self IP)
    #   use configurable delay between token generation and token usage
    # module requests required (installed via Python PIP):
    #   su -c 'yum install python-pip'
    #   su -c 'sudo pip2 install requests'
    #   su -c 'sudo pip3 install requests'
    # or:
    #   su -c 'yum install python-requests'
    #   su -c 'yum install python3-requests'
    # usage:
    #   python
    # notes:
    #   tested with python 2.7 and python 3.6
    import sys
    import time
    import json
    import requests
    from requests.packages.urllib3.exceptions import InsecureRequestWarning
    # specify username
    username = '<your username here>'
    # specify passphrase
    password = '<your passphrase here>'
    # specify BIG-IP self IP address (inband management IP) or
    # specify BIG-IP mgmt IP address (out of band management IP)
    bigipdev = ''
    # using a sample pool provided automatically by the API
    # (do not change or insert an existing pool)
    # poolname = '~Common~pool_apitest'
    poolname = 'example'
    # specify latency in milliseconds
    # (delay between auth token generation and delay for retry)
    sleep_ms = 0
    # specify number of loops
    loop_count = 100
    authpath = 'https://{}/mgmt/shared/authn/login'.format(bigipdev)
    conthead = {'Content-Type': 'application/json'}
    authdata = {'username': username, 'password': password}
    exectime = 0
    errorcnt = 0
    session = requests.Session()
    for loop in range(1,loop_count + 1):
      authtime = time.time()
      tokenrequest =,data=json.dumps(authdata),headers=conthead,verify=False)
      # print('getting auth token: {:f}'.format(time.time() - authtime))
      if tokenrequest.status_code == 200:
        tokendata = tokenrequest.json()
        xauthhead = {'X-F5-Auth-Token': tokendata['token']['token'], 'Content-Type': 'application/json'}
        querypath = 'https://{}/mgmt/tm/ltm/pool/{}'.format(bigipdev,poolname)
        # print('sleeping: {} millisecond(s)'.format(sleep_ms))
        time.sleep(sleep_ms / 1000.0)
        poolcheck = session.get(url=querypath,headers=xauthhead,verify=False)
        if poolcheck.status_code == 200:
          pooldata = poolcheck.json()
        elif poolcheck.status_code == 401:
          errorcnt += 1
          print('pool list 1st auth error ({}), counting error in loop {}:'.format(poolcheck.status_code,loop))
          print('pool list error ({}), stopping in loop {}'.format(poolcheck.status_code,loop))
        tokendelpath = 'https://{}/mgmt/shared/authz/tokens/{}'.format(bigipdev,tokendata['token']['token'])
        tokendelete = session.delete(url=tokendelpath,headers=xauthhead,verify=False)
        print('deleting auth token: {:f}'.format(time.time() - authtime))
        if tokendelete.status_code != 200:
          print('token delete error ({}); continuing in loop {}'.format(tokendelete.status_code,loop))
        print('getting token auth error ({}), stopping in loop {}'.format(tokenrequest.status_code,loop))
      exectime = exectime + time.time() - authtime
    if errorcnt > 0:
      print('auth error count: {}'.format(errorcnt))
    print('loop count: {} (average: {:.2f} milliseconds)'.format(loop,exectime / loop * 1000))