BIG-IP Report

Problem this snippet solves:

Overview

This is a script which will generate a report of the BIG-IP LTM configuration on all your load balancers making it easy to find information and get a comprehensive overview of virtual servers and pools connected to them.

This information is used to relay information to NOC and developers to give them insight in where things are located and to be able to plan patching and deploys. I also use it myself as a quick way get information or gather data used as a foundation for RFC's, ie get a list of all external virtual servers without compression profiles.

The script has been running on 13 pairs of load balancers, indexing over 1200 virtual servers for several years now and the report is widely used across the company and by many companies and governments across the world.

It's easy to setup and use and only requires auditor (read-only) permissions on your devices.

Demo/Preview

Interactive demo

http://loadbalancing.se/bigipreportdemo/

Screen shots

The main report:

The device overview:

Certificate details:

How to use this snippet:

Installation instructions

BigipReport REST

This is the only branch we're updating since middle of 2020 and it supports 12.x and upwards (maybe even 11.6).

Updated Oct 16, 2024
Version 11.0
application delivery
devops
iControl
LTM
microsoft powershell with icontrol
  • Patrik_Jonsson's avatar
    Patrik_Jonsson
    Icon for MVP rankMVP
    Feb 14, 2022

    Hi there!

    If it's inconsistent it could also be poor connection/management provisioning being too small or the config too large. We're on discord if you want to discuss it/get help:
    https://discord.gg/RzmjgneW

    Kind regards,
    Patrik

  • TheGrave's avatar
    TheGrave
    Icon for Nimbostratus rankNimbostratus
    Feb 15, 2022

    Well, we see error e-mails couple of times a day.

    One of my colleagues is aware of the auth issue, we did some upgrades recently so this seems to be the root cause.

    But indexing errors we see pretty much every day at least once, normally the same devices. Config is not big but connection might be interrupted cause they are sitting behind the Great Chinese Firewall and we get all sorts of crap from it 🙂 Is there any way to influence timeouts and retry-periods, eventually on a per-host basis?

  • Patrik_Jonsson's avatar
    Patrik_Jonsson
    Icon for MVP rankMVP
    Feb 15, 2022

    Oh darn. I recognize the challenges with the Chinese firewall.

    Lived in Wuhan for a year (before Covid) and there were constant challenges with getting outside the famous wall. Afraid that if it is the national firewall that gives you trouble there's not that much to do at the moment except for running a separate BigIPReport within the borders of China.

    Since all objects are arrays you could even run a simple script to concatenate the data from the Chinese BigIPReport to the main report. I think this would be a bit more robust that relying on a few hundred API calls through the firewall and frankly very easy to do.

  • TheGrave's avatar
    TheGrave
    Icon for Nimbostratus rankNimbostratus
    Feb 15, 2022

    These devices are about to be decomissioned in the upcoming months so no way we can put money and effort into installing new servers there. I was thinking about some simple mitigation instead.

  • Delbrugge's avatar
    Delbrugge
    Icon for Nimbostratus rankNimbostratus
    Feb 24, 2022

    Hi Patrik, I'm using the Kubernetes version 5.6.4 (also tried 5.6.2) and running into a couple of issues:

    • The certificates pane is empty - this error is in the log - Error loading certificates. {"code":400,"message":"\"recursive\" unexpected argument","errorStack":[],"apiError":26214401} (line 1126)
    • A certain pair of F5s do not display any data in the webpage. There isn't any error in the data collector log. It oddly will not display their hostname and also says both of them are not active.

    I'm getting a invalid invite code from your Discord link.

     

     

  • Patrik_Jonsson's avatar
    Patrik_Jonsson
    Icon for MVP rankMVP
    Feb 25, 2022

    Howdy!

    Certificate information missing

    Is the user that BigIP report is using auditor or above? Else it won't be able to read the certificate information. 

    Pair missing data

    Sounds like the collector believes both devices are passive in which case it won't collect any data by default. Are you using multiple traffic groups on these devices by any chance?

  • Delbrugge's avatar
    Delbrugge
    Icon for Nimbostratus rankNimbostratus
    Feb 25, 2022

    It's a read only account. I'm only using one traffic group on that F5. I should mentioned that I'm using an older version, on 5.3.1 on a Windows Server and do not have these two issues there and I use the same account. Perhaps it's a SOAP/REST difference?

  • Patrik_Jonsson's avatar
    Patrik_Jonsson
    Icon for MVP rankMVP
    Feb 25, 2022

    Perhaps it's a SOAP/REST difference?

    Good guess! It is. SOAP got more permissions with a read-only role than REST does.

    It's a read only account. I'm only using one traffic group on that F5.

    Could you please send me the results from this REST endpoint from both devices?

    curl -sku admin:password https://<F5-management>/mgmt/tm/cm/failover-status

    Please go ahead and clean the output from sensitive information (if any) before posting. 🙂

  • Delbrugge's avatar
    Delbrugge
    Icon for Nimbostratus rankNimbostratus
    Feb 28, 2022

    I get an authorization error when trying to use the token from the read-only account to query the failover status, but get no error and the expected results when using an admin account. I adjust the permissions of this account and get back.