Big-IQ bulk trust, discovery and import of Big-IP using REST API

Problem this snippet solves: Attached is a link to github which provides the user with an comprehensive example of how to discover and import many BIGIP device via BIGIQ CM REST API. Script bulkD...
Updated Jun 06, 2023
Version 2.0
BIG-IQ
devops
iControlREST
vmathur_234249's avatar
vmathur_234249
Historic F5 Account
Apr 27, 2017

A new version of this script is available on https://downloads.f5.com/esd/product.jsp?sw=BIG-IQ&pro=big-iq_CM

( BIG-IQ Centralized Management , Release 5.2 with following functionality )

[root@bigiq2:Active:Standalone] images ./bulkDiscovery.pl -h

Program: bulkDiscovery.pl Version: v2.2.0

Discover or rediscover multiple BIG-IP devices. If the csv file does not exist and the -m option is passed, the script will generate a file based on the existing discovered BIG-IPs on the BIG-IQ. This new csv file can then be edited and used for subsequent re-discoveries and re-imports.

Additional important notes:

The -l option must be included when performing initial trust, discovery and import of services.

The -m option must be used for re-discovery if any BIG-IP requires a framework upgrade.

The -n option can be used to skip service import, this is recommended if there are outstanding changes to be deployed

If a framework upgrade is required for any device, that device requires the administrator and root credentials passed either in the CSV file or using the -a and -r options.

If a failure is encountered, the script logs the error and continues. If conflicts are detected, the BIG-IQ version is selected by default, the CSV and -o option can override this. For the Access module re-import, the 'Device specific configuration' option will be used.

Allowed command line options: -h Help

    -c      Path to CSV file with all BIG-IP devices - REQUIRED, if it doesn't exist and -m is used, a new one is generated.

    -q      BIG-IQ admin credentials in form admin:password - REQUIRED if not using default

    -a      Admin credentials for every BIG-IP (such as admin:admin) - overrides any creds in CSV

    -r      Root credentials for every BIG-IP (such as root:default) - overrides root creds in CSV

    -u      Update framework if needed, CSV value overrides this value if CSV value is not null

    -g      access group name if needed, not required for re-discovery

    -l      Discover LTM, this must be included for initial discovery and import of services

    -p      Discover APM

    -s      Discover ASM

    -f      Discover AFM

    -d      Discover DNS

    -v      Verbose screen output

    -m      Perform a re-discovery and re-import, do not perform trust operation. Also include with -c to generate a new file.

    -o      USE_BIGIP for conflict resolution for any module conflict def: USE_BIGIQ, CSV value overrides this value if CSV value is not null

    -n      Do not import the service, only discover the service, the service import will be done manually

CSV file format: ip, user, pw, cluster-name, framework-action, root-user, root-pw, resolution

ip: ip address of the BIG-IP to discover. user, pw: username & password of the BIG-IP. Will be overridden if -a is specified on the command line.

cluster-name: the cluster name that will group the BIG-IP DSC cluster pair framework-action: upgrade - upgrade framework if needed, skip - skip framework update check, blank - do not attempt to update root-user, root-password: only needed for framework update of 11.5.x through 11.6.x devices. Will be overridden if -r is specified on the command line conflict resolution: can either be USE_BIGIQ or USE_BIGIP, defaults to USE_BIGIP if '-o' option is specified else USE_BIGIQ

example lines:

1.2.3.4

1.2.3.4, admin, pw

1.2.3.4, admin, pw, cluster-name

1.2.3.4,,, cluster-name,,,, USE_BIGIP

1.2.3.4, admin, pw,, skip,,, USE_BIGIP

1.2.3.4, admin, pw,, upgrade, root, root-pw

1.2.3.4, admin, pw,, upgrade, root, root-pw, USE_BIGIP