For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Buddy_Edwards_1's avatar
Buddy_Edwards_1
Icon for Nimbostratus rankNimbostratus
Sep 20, 2016

Retrieve Profiles in PowerShell

I am in the process of writing a script that looks up relevant information for a Virtual Server and then saves the output to a file. I want the format to be broken up a little more and can't seem to figure out how to do it. When I run the script it outputs all profiles, which is good, but I can't seem to figure out how to pull an individual profile such as SSL, HTTP etc..that I can save as a variable that I output to the file in the end. Any ideas? On a side note I haven't finished the formatting of the output yet so its kind of ugly at the moment but can be cleaned up fairly easy in Excel.

 

devops
iControl
iControlREST

2 Replies

  • Buddy_Edwards_1's avatar
    Buddy_Edwards_1
    Icon for Nimbostratus rankNimbostratus
    Sep 20, 2016
      Create a policy to trust all Certs
    add-type @"
        using System.Net;
        using System.Security.Cryptography.X509Certificates;
        public class TrustAllCertsPolicy : ICertificatePolicy {
            public bool CheckValidationResult(
                ServicePoint srvPoint, X509Certificate certificate,
                WebRequest request, int certificateProblem) {
                return true;
            }
        }
    "@
    [System.Net.ServicePointManager]::CertificatePolicy = New-Object TrustAllCertsPolicy
    
    $Credential = Get-Credential
    $LoadBalancer = "X.X.X.X"
    $VSURL = "https://$LoadBalancer/mgmt/tm/ltm/virtual"
    $PoolURL = "https://$LoadBalancer/mgmt/tm/ltm/pool"
    $VSRegEx = "(?<=/virtual/)(.*)(?=\?)"
    $ExportFile = "./F5ExportDR.txt"

     Lookup Virtual Servers
    $VirtualServerLookup = Invoke-RestMethod $VSURL -Credential $Credential
    foreach ($VSLookup in $VirtualServerLookup.Items)
    {
        $VirtualServerLog = ""
        $VirtualServer = [regex]::match($VSLookup.selfLink, $VSRegEx)
        $VirtualServerURL = "$VSURL/$VirtualServer"
        $VSProfileURL = "$VSURL/$VirtualServer/profiles"
         Lookup Virtual Server Information
        $VS = Invoke-RestMethod $VirtualServerURL -Credential $Credential
        $VSName = $VS.Name
        $VSDestination = $VS.Destination
        $VSRules = $VS.Rules
        $VSEnabled = $VS.Enabled
        $VSPersist = $VS.Persist.Name
        $VSPool = $VS.Pool
        Write-Host "          Name: $VSName" -ForegroundColor Green
        Write-Host "           VIP: $VSDestination"
        "          Name: $VSName" | Out-File $ExportFile -Append -NoClobber
        "           VIP: $VSDestination" | Out-File $ExportFile -Append -NoClobber
        foreach ($VSRule in $VSRules)
        {
            Write-Host "          Rule: $VSRule"
            "          Rule: $VSRule" | Out-File $ExportFile -Append -NoClobber
        }
        Write-Host "       Enabled: $VSEnabled"
        "       Enabled: $VSEnabled" | Out-File $ExportFile -Append -NoClobber
        foreach ($Persist in $VSPersist)
        {
            Write-Host "   Persistance: $Persist"
            "   Persistance: $Persist" | Out-File $ExportFile -Append -NoClobber
        }
         Lookup Profiles
        $VSProfileLookup = Invoke-RestMethod $VSProfileURL -Credential $Credential
        $VSProfileItems = $VSProfileLookup.Items
        foreach ($VSProfile in $VSProfileItems)
        { 
            $VSProfileFullPath = $VSProfile.FullPath
            Write-Host "       Profile: $VSProfileFullPath"
            "       Profile: $VSProfileFullPath" | Out-File $ExportFile -Append -NoClobber
        }

    foreach ($Pool in $VSPool)
        {
            $PoolLookup = $Pool -replace "/","~"
            $PoolSearch = Invoke-RestMethod $PoolURL/$PoolLookup -Credential $Credential
            $PoolName = $PoolSearch.Name
            $PoolPartition = $PoolSearch.Partition
            Write-Host "          Pool: $Pool"
            Write-Host "     Pool Name: $PoolName"
            Write-Host "Pool Partition: $PoolPartition"
            "          Pool: $Pool" | Out-File $ExportFile -Append -NoClobber
            "     Pool Name: $PoolName" | Out-File $ExportFile -Append -NoClobber
            "Pool Partition: $PoolPartition" | Out-File $ExportFile -Append -NoClobber
             Lookup Member Information
            $MemberSearch =
            Invoke-RestMethod "$PoolURL/$PoolLookup/members/" -Credential $Credential
                foreach ($Member in $MemberSearch.Items)
                    {
                    $MemberName = $Member.Name
                    $MemberAddress = $Member.Address
                    $MemberState = $Member.State
                    $MemberMonitor = $Member.Monitor
                    $MemberSession = $Member.Session
                    Write-Host "   Member Name: $MemberName IP Address:$MemberAddress Monitor:$MemberMonitor Member State:$MemberState"
                    "   Member Name: $MemberName IP Address:$MemberAddress Monitor:$MemberMonitor Member State:$MemberState" | Out-File $ExportFile -Append -NoClobber
                    }


        }
         Lookup SSL Client Profile
        $VirtualServerLog | Out-File $ExportFile -Append
        Write-Host ""
        "" | Out-File $ExportFile -Append -NoClobber
    }
  • Michael_Jenkins's avatar
    Michael_Jenkins
    Icon for Cirrostratus rankCirrostratus
    Sep 20, 2016

    One thing you could try too is to add 

    ?expandSubcollections=true
    which expands the sub collections (e.g. profiles), so you can get everything in one call instead of having to do a second call to get the profiles list.

    Regarding determining profile type, from my experience the best way to do that is to make a call to get all the desired profiles (e.g. SSL) and then do a lookup on name for the ones on a VS and see if you can map them to their type, since they don't specify the profile type on the VS itself.