BigIP Report Old

Problem this snippet solves:

This codeshare has been deprecated due to a hosting platform corruption. I have moved code and conversation to a new record (on the same original URL) https://devcentral.f5.com/s/articles/bigip-report


can be Overview

This is a script which will generate a report of the BigIP LTM configuration on all your load balancers making it easy to find information and get a comprehensive overview of virtual servers and pools connected to them.

This information is used to relay information to our NOC and developers to give them insight in where things are located and to be able to plan patching and deploys. I also use it myself as a quick way get information or gather data used as a foundation for RFC's, ie get a list of all external virtual servers without compression profiles.

The script has been running on 13 pairs of load balancers, indexing over 1200 virtual servers for several years now and the report is widely used across the company and by many companies and governments across the world.

It's easy to setup and use and only requires guest permissions on your devices.

Demo/Preview

Please note that it takes time to make these so sometimes they're a bit outdated and they only cover one HA pair. However, they still serve the purpose of showing what you can expect from the report.

Interactive demo

http://loadbalancing.se/bigipreportdemo/

 

Screen shots

The main report:

 

The device overview:

Certificate details:

How to use this snippet:

This codeshare has been deprecated due to a hosting platform corruption. I have moved code and conversation to a new record (on the same original URL) https://devcentral.f5.com/s/articles/bigip-report

Installation instructions

BigipReport REST

This is the only branch we're updating since middle of 2020 and it supports 12.x and upwards (maybe even 11.6).

Downloadhttps://loadbalancing.se/downloads/bigipreport-v5.5.4.zip

Documentation, installation instructions and troubleshooting: https://loadbalancing.se/bigipreport-rest/

Docker support

This will be the recommended way of running bigipreport in the near future. It's still undergoing testing but it's looking really good so far.

https://loadbalancing.se/2021/01/05/running-bigipreport-on-docker/

BigipReport (Legacy)

Older version of the report that only runs on Windows and is depending on a Powershell plugin originally written by Joe Pruitt (F5).

 

BigipReport (Stable):

https://loadbalancing.se/downloads/bigipreport-5.3.1.zip

BigipReport (BETA): https://loadbalancing.se/downloads/bigipreport-5.4.0-beta.zip

iControl Snapin: https://loadbalancing.se/downloads/f5-icontrol.zip

Documentation and installation instructions:

https://loadbalancing.se/bigip-report/

Upgrade instructions

Protect the report using APM and active directory

Written by DevCentral member Shann_P:

https://loadbalancing.se/2018/04/08/protecting-bigip-report-behind-an-apm-by-shannon-poole/

Got issues/problems/feedback?

Still have issues? Drop a comment below. We usually reply quite fast. Any bugs found, issues detected or ideas contributed makes the report better for everyone, so it's always appreciated.

---

Also trying out a Discord channel now. You're welcome to hang out with us there:

https://discord.gg/7JJvPMYahA

Code :

85931,86647,90730

Tested this on version:

13.0

Updated Dec 08, 2022
Version 2.0
application delivery
devops
iControl
LTM
microsoft powershell with icontrol

974 Comments

Comments have been turned off for this article
Show More
  • Patrik_Jonsson's avatar
    Patrik_Jonsson
    Icon for MVP rankMVP
    Sep 25, 2018

    Thanks for the reminder Tim and thank you for your contributions! Updated the beta file with the new code.

     

    /Patrik

     

  • oscontrolbridge's avatar
    oscontrolbridge
    Icon for Nimbostratus rankNimbostratus
    Oct 04, 2018

    Hi Patrik, Keen to get this working for our company, I know the IPs and credentails are 100% correct, but I get this: Successfully loaded the config file 2018-10-04 16:24:29 Configuring the console window 2018-10-04 16:24:29 Pre-execution checks 2018-10-04 16:24:29 Loaded F5 iControl snapin 2018-10-04 16:24:29 Pre execution checks was successful 2018-10-04 16:24:29 Enabling TLS1.2 2018-10-04 16:24:29 Getting data from 10.X.X.X 2018-10-04 16:24:42 The script failed to connect to 10.x.x.x 2018-10-04 16:24:42 Verifying load balancer data to make sure th 2018-10-04 16:24:42 Missing data from device group containing 10 2018-10-04 16:24:42 Missing load balancer data, no report will b 2018-10-04 16:24:42 There were errors while generating the repor 2018-10-04 16:24:42 No error mail reporting enabled/configured

     

    I have followed all instructions and am running bigipreport in the scripts folder 5.0.9 I believe. Help is appreciated,

     

  • Patrik_Jonsson's avatar
    Patrik_Jonsson
    Icon for MVP rankMVP
    Oct 04, 2018

    Hi!

     

    Are you confident that the firewall is open from the server running the script to the F5?

     

    /Patrik

     

  • Mathieu_Cerfont's avatar
    Mathieu_Cerfont
    Icon for Nimbostratus rankNimbostratus
    Oct 05, 2018

    Hi Tim, Patrik,

     

    Exactly the expected result ! Thank you for your precious help ;) Your script is awesome and really usefull !

     

    Bye :)

     

  • oscontrolbridge's avatar
    oscontrolbridge
    Icon for Nimbostratus rankNimbostratus
    Oct 05, 2018

    Hi Patrik, yes, my Web Server is allowed to speak to the F5s, I can HTTPS and SSH to them from the same box..

     

  • TimRiker's avatar
    TimRiker
    Icon for Cirrocumulus rankCirrocumulus
    Oct 05, 2018

    Try opening a PowerShell session on your web server and then try these two steps manually:

    > Add-PSSnapIn iControlSnapIn
> Initialize-F5.iControl -HostName 10.x.x.x -UserName (fill in) -Password (fill in)

    It should respond with "True". Then try:

    > $F5 = Get-F5.iControl
> $F5.SystemInet.get_hostname()

    and you should get the name of your F5.

  • Patrik_Jonsson's avatar
    Patrik_Jonsson
    Icon for MVP rankMVP
    Oct 05, 2018

    On top of Tims suggestions you can also check your management ciphers by running 

    tmsh list sys httpd ssl-ciphersuite
    and verify that TLS1.2 is allowed.

    I've also seen issues with proxies. Have you captured traffic to verify that you actually reach the F5 device? Are you running the script as another user and if so, have you tested to run the script as that user?

    I made a script for getting some troubleshooting data, could you please configure and run it?

    https://github.com/epacke/BigIPReport/blob/master/HelpScripts/TroubleShoot.ps1

    /Patrik

  • oscontrolbridge's avatar
    oscontrolbridge
    Icon for Nimbostratus rankNimbostratus
    Oct 08, 2018

    TLS is not in the list. and the other command results:

     

    Initialize- : Could not initialize connection with supplied information At line:1 char:1 + Initialize- -HostName 10.X.X.X -Username XXXX -Passwor ... + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : PermissionDenied: (10.X.X.X:String) [Initialize- + FullyQualifiedErrorId : 2,iControlSnapIn.CmdLet.Global.InitializeiControl

     

    Where do I enable TLS?

     

  • Patrik_Jonsson's avatar
    Patrik_Jonsson
    Icon for MVP rankMVP
    Oct 08, 2018

    It would not say TLS when running the command. To get the actual protocol you'd need to run this:

    tmsh list sys httpd ssl-ciphersuite | awk '/^ /{print $2}' | xargs tmm --clientciphers

    Did you try the troubleshooting script?

  • Patrik_Jonsson's avatar
    Patrik_Jonsson
    Icon for MVP rankMVP
    Oct 16, 2018

    Updated with new contributions from Tim Riker. Thanks a bunch Tim!

     

    Will convert this to a non-beta as soon as I've gotten the opportunity to test it in a larger environment. Sorry for the delay!

     

    /Patrik