Big-IQ bulk trust, discovery and import of Big-IP using REST API

Problem this snippet solves:

Attached is a link to github which provides the user with an comprehensive example of how to discover and import many BIGIP device via BIGIQ CM REST API.

Script bulkDiscovery.pl is a standalone script installed directly in the BIGIQ shell.

Suggested recommendations: 1. Create a /shared/scripts/. directory 2. scp file to BIGIQ, 3. Usage below.

This automation will invoke a device trust task to negotiate certificate, discover device to population in resolver groups (maintained per module) and import configuration of BIGIP's as defined in bulk_discovery.csv file. This happens sequentially and is very useful when administrator's goal is to discover and import many BIGIP devices in a programmatic manner.

** tested with perl distribution present on bigiq v5.8.8

How to use this snippet:

Usage: ./bulkDiscovery -c bulk_discovery.csv

    Program: bulkDiscovery.pl  Version: v2.00.00
    ##### Discover multiple BIG-IP devices.
    -r      Root credentials for every BIG-IP (such as root:default) - overrides root creds in CSV
    -a      Admin credentials for every BIG-IP (such as admin:admin) - overrides any creds in CSV
    -v      Verbose screen output
    -s      Discover ASM
    -l      Discover LTM
    -p      Discover APM
    -c      Path to CSV file with all BIG-IP devices - REQUIRED
    -u      Update framework if needed
    -h      Help
    -k      Keep the CSV file after this finishes (not recommended if it contains creds)
    -q      BIG-IQ admin credentials in form admin:password - REQUIRED if not using default
    -g      access group name if needed
    -f      Discover AFM

    csv format: ip, user, pw, cluster-name, framework-action, root-user, root-pw
    ip: ip address of the BigIP to discover.
    user, pw: username & password of the BigIP.  Will be overridden if -a is specified on the command     
    line.

    configuration csv example format:
    1.2.3.4
    1.2.3.4, admin, pw
    1.2.3.4, admin, pw, ha-name
    1.2.3.4,,, ha-name
    1.2.3.4, admin, pw,, skip
    1.2.3.4, admin, pw,, update, root, root-pw

Code :

https://github.com/carldubois/bigiq-cm-restapi-bulk

Tested this on version:

12.0
Updated Jun 06, 2023
Version 2.0
BIG-IQ
devops
iControlREST
  • Haitao_Huang_17's avatar
    Haitao_Huang_17
    Historic F5 Account
    Nov 03, 2016

    This works great with BIG-IQ 5.1 and BIG-IP 12.1! Two notes when I tried in my lab environment:

     

    1. use chmod 744 bulkDiscovery.pl to make executable
    2. set-basic-auth on to allow local authentication

    Thank you! - Haitao

     

  • vmathur_234249's avatar
    vmathur_234249
    Historic F5 Account
    Apr 27, 2017

    A new version of this script is available on https://downloads.f5.com/esd/product.jsp?sw=BIG-IQ&pro=big-iq_CM

    ( BIG-IQ Centralized Management , Release 5.2 with following functionality )

    [root@bigiq2:Active:Standalone] images ./bulkDiscovery.pl -h

    Program: bulkDiscovery.pl Version: v2.2.0

    Discover or rediscover multiple BIG-IP devices. If the csv file does not exist and the -m option is passed, the script will generate a file based on the existing discovered BIG-IPs on the BIG-IQ. This new csv file can then be edited and used for subsequent re-discoveries and re-imports.

    Additional important notes:

    The -l option must be included when performing initial trust, discovery and import of services.

    The -m option must be used for re-discovery if any BIG-IP requires a framework upgrade.

    The -n option can be used to skip service import, this is recommended if there are outstanding changes to be deployed

    If a framework upgrade is required for any device, that device requires the administrator and root credentials passed either in the CSV file or using the -a and -r options.

    If a failure is encountered, the script logs the error and continues. If conflicts are detected, the BIG-IQ version is selected by default, the CSV and -o option can override this. For the Access module re-import, the 'Device specific configuration' option will be used.

    Allowed command line options: -h Help

        -c      Path to CSV file with all BIG-IP devices - REQUIRED, if it doesn't exist and -m is used, a new one is generated.

    -q      BIG-IQ admin credentials in form admin:password - REQUIRED if not using default

    -a      Admin credentials for every BIG-IP (such as admin:admin) - overrides any creds in CSV

    -r      Root credentials for every BIG-IP (such as root:default) - overrides root creds in CSV

    -u      Update framework if needed, CSV value overrides this value if CSV value is not null

    -g      access group name if needed, not required for re-discovery

    -l      Discover LTM, this must be included for initial discovery and import of services

    -p      Discover APM

    -s      Discover ASM

    -f      Discover AFM

    -d      Discover DNS

    -v      Verbose screen output

    -m      Perform a re-discovery and re-import, do not perform trust operation. Also include with -c to generate a new file.

    -o      USE_BIGIP for conflict resolution for any module conflict def: USE_BIGIQ, CSV value overrides this value if CSV value is not null

    -n      Do not import the service, only discover the service, the service import will be done manually

    CSV file format: ip, user, pw, cluster-name, framework-action, root-user, root-pw, resolution

    ip: ip address of the BIG-IP to discover. user, pw: username & password of the BIG-IP. Will be overridden if -a is specified on the command line.

    cluster-name: the cluster name that will group the BIG-IP DSC cluster pair framework-action: upgrade - upgrade framework if needed, skip - skip framework update check, blank - do not attempt to update root-user, root-password: only needed for framework update of 11.5.x through 11.6.x devices. Will be overridden if -r is specified on the command line conflict resolution: can either be USE_BIGIQ or USE_BIGIP, defaults to USE_BIGIP if '-o' option is specified else USE_BIGIQ

    example lines:

    1.2.3.4

    1.2.3.4, admin, pw

    1.2.3.4, admin, pw, cluster-name

    1.2.3.4,,, cluster-name,,,, USE_BIGIP

    1.2.3.4, admin, pw,, skip,,, USE_BIGIP

    1.2.3.4, admin, pw,, upgrade, root, root-pw

    1.2.3.4, admin, pw,, upgrade, root, root-pw, USE_BIGIP

  • oogabooga_13071's avatar
    oogabooga_13071
    Icon for Altocumulus rankAltocumulus
    Nov 13, 2017

    I didn't have a lot of luck using the switches like -m, however this command worked for me

     

    ./bulkDiscovery.pl -c test-hosts.csv -q admin:PASS -a admin:PASS -v -l -o USE_BIGIP

     

    where test-hosts.csv was just the IP address of a BIGIP

     

    cat test-hosts.csv

     

    1.2.3.4

     

  • shawn_watson_17's avatar
    shawn_watson_17
    Icon for Nimbostratus rankNimbostratus
    Dec 20, 2017

    BIGIQ 5.2.0 BIGIP12.1.2 I'm having unusual issues. The trust goes to IP in the .csv - i skip this it already exists The discovery goes to a random ip on the bigiq box - no idea why its not using .csv IP The import goes to the IP in the .csv but always presents the following error: DEVICE_RESOLVER Failed to identify and discover device; reason: Can not discover device not in ACTIVE state.

     

    Anyone run into this issue? Using the file from the link above for BIGIQ 5.2