PowerShell module for the F5 LTM REST API

Problem this snippet solves:

To report an issue with the F5-LTM or F5-BIGIP modules, please use the Issues sections of the GitHub repos (here and here) instead of commenting here. Thanks!

This PowerShell module uses the iControlREST API to manipulate and query pools, pool members, virtual servers, and iRules. It aims to support version 11.5.1 and higher, and to conform to the schedule for technical support of versions, though this may eventually prove to become difficult.

The module currently includes some functionality that, strictly speaking, is outside the scope of the LTM module. Hence, there is an active effort to wrap this LTM module into a larger BIG-IP module, and relocate that functionality elsewhere within that parent module, as well as expand the scope of functionality to include BIG-IP DNS (formerly GTM) and possibly other areas. Both the LTM module and the parent BIG-IP module are projects on github. Please use these projects to report any issues you discover. Thanks!

The module contains the following functions.

  • Add-iRuleToVirtualServer
  • Add-iRuleToVirtualServer
  • Add-PoolMember
  • Add-PoolMonitor
  • Disable-PoolMember
  • Disable-VirtualServer
  • Enable-PoolMember
  • Enable-VirtualServer
  • Get-CurrentConnectionCount (deprecated; use Get-PoolMemberStats | Select-Object -ExpandProperty 'serverside.curConns')
  • Get-F5Session (will be deprecated in future versions. use New-F5Session)
  • Get-F5Status
  • Get-HealthMonitor
  • Get-HealthMonitorType
  • Get-iRule
  • Get-iRuleCollection (deprecated; use Get-iRule)
  • Get-Node
  • Get-BIGIPPartition
  • Get-Pool
  • Get-PoolList (deprecated; use Get-Pool)
  • Get-PoolMember
  • Get-PoolMemberCollection (deprecated; use Get-PoolMember)
  • Get-PoolMemberCollectionStatus
  • Get-PoolMemberDescription (deprecated; use Get-PoolMember)
  • Get-PoolMemberIP (deprecated; use Get-PoolMember)
  • Get-PoolMembers (deprecated; use Get-PoolMember)
  • Get-PoolMemberStats
  • Get-PoolMemberStatus (deprecated; use Get-PoolMember)
  • Get-PoolMonitor
  • Get-PoolsForMember
  • Get-StatusShape
  • Get-VirtualServer
  • Get-VirtualServeriRuleCollection (deprecated; use Get-VirtualServer | Where rules | Select -ExpandProperty rules)
  • Get-VirtualServerList (deprecated; use Get-VirtualServer)
  • Invoke-RestMethodOverride
  • New-F5Session
  • New-HealthMonitor
  • New-Node
  • New-Pool
  • New-VirtualServer
  • Remove-HealthMonitor
  • Remove-iRule
  • Remove-iRuleFromVirtualServer
  • Remove-Pool
  • Remove-PoolMember
  • Remove-PoolMonitor
  • Remove-ProfileRamCache
  • Remove-Node
  • Remove-VirtualServer
  • Set-iRule
  • Set-PoolLoadBalancingMode (deprecated; use Set-Pool)
  • Set-PoolMemberDescription
  • Set-Pool
  • Set-VirtualServer
  • Sync-DeviceToGroup
  • Test-F5Session
  • Test-Functionality
  • Test-HealthMonitor
  • Test-Node
  • Test-Pool
  • Test-VirtualServer

How to use this snippet:

To use the module, click 'Download Zip', extract the files, and place them in a folder named F5-LTM beneath your PowerShell modules folder. By default, this is %USERPROFILE%\Documents\WindowsPowerShell\Modules. The WindowsPowerShell and Modules folders may need to be created.

You will most likely need to unblock the files after extracting them. Use the Unblock-File PS cmdlet to accomplish this.

The Validation.cs class file (based on code posted by Brian Scholer) allows for using the REST API with LTM devices with self-signed SSL certificates.

Nearly all of the functions require an F5 session object as a parameter, which contains the base URL for the F5 LTM and a credential object for a user with privileges to manipulate the F5 LTM via the REST API. Use the New-F5session function to create this object. This function expects the following parameters:

  • The name or IP address of the F5 LTM device
  • A credential object for a user with rights to use the REST API
  • An optional TokenLifespan value for extending the life of the authentication token past the default 20 minutes

You can create a credential object using Get-Credential and entering the username and password at the prompts, or programmatically like this:

$secpasswd = ConvertTo-SecureString "PlainTextPassword" -AsPlainText -Force
$mycreds = New-Object System.Management.Automation.PSCredential "username", $secpasswd

Thanks to Kotesh Bandhamravuri and his blog entry for this snippet.

There is a function called Test-Functionality that takes an F5Session object, a new pool name, a new virtual server, an IP address for the virtual server, and a computer name as a pool member, and validates nearly all the functions in the module.

I've also contributed this code sample for how to gather some basic info about your LTM with this PS module.

The module has been tested on:

  • 11.5.1 Build 8.0.175 Hotfix 8 and later
  • 11.6.0 Build 5.0.429 Hotfix 4 and later
  • 12.0 / 12.1
  • 13.0

Code :

https://github.com/joel74/POSH-LTM-Rest

Tested this on version:

11.5
Updated Jun 06, 2023
Version 2.0
devops
iControlREST
LTM
microsoft powershell with icontrol
powershell
  • Joel_Newton's avatar
    Joel_Newton
    Icon for Cirrus rankCirrus
    Jul 26, 2018

    Hi, Ansh, if you're having issues creating/using an F5 session with my PS module and you'd like some assistance with that, I'd be happy to help. Please open an issue in the github repo with your code and the error(s) you're getting and I'll take a look.

     

    Cheers, Joel

     

  • Ansh_Jain_36819's avatar
    Ansh_Jain_36819
    Icon for Nimbostratus rankNimbostratus
    Jul 26, 2018

    Hi Joel,

     

    I am new to using RestAPIs. I am just trying to establish connection between F5 and chef using New-F5Session function you developed in powershell. But it looks like your function is doing more then just establishing a connection. Could you please help me modify the code according to my purpose ?

     

    Thanks in advance!

     

  • Joel_Newton's avatar
    Joel_Newton
    Icon for Cirrus rankCirrus
    May 04, 2018

    Nice! So you basically just wrote the guts of the new function for me. Cheers, and thanks for sharing.

     

  • LC1729_360106's avatar
    LC1729_360106
    Icon for Nimbostratus rankNimbostratus
    May 04, 2018

    Thanks again Joel.

    I was able to get node stats like so

    $ltmNode = Get-Node -F5Session $F5Session -Name $nodeName -Partition $partition
$nodeStatsUri = $F5Session.GetLink($ltmNode.selfLink)  -replace '\?', '/stats?'
$statsResponse = Invoke-RestMethodOverride -Method Get -URI $nodeStatsUri -WebSession $F5Session.WebSession

    And access the properties I'm interested in

    $entries = $statsResponse.entries
$currentConnections = $entries.'serverside.curConns'.value
$enabledState = $entries.'status.enabledState'.description
  • Joel_Newton's avatar
    Joel_Newton
    Icon for Cirrus rankCirrus
    May 02, 2018

    Hi, Yes, you can list all nodes for a partition - just specify the partition name and no node address/name. We don't yet have a function to get node stats, the same way we get pool member stats. I'd imagine it wouldn't be too difficult to implement. If it's something you're interested in, you can open an issue in the github project. -Joel

     

  • LC1729_360106's avatar
    LC1729_360106
    Icon for Nimbostratus rankNimbostratus
    May 02, 2018

    Hi Joel,

     

    Thanks for the clarification and thanks for your work in creating this module.

     

    A couple of further questions, with this module is it possible to

     

    • list all nodes in a specified partition?
    • check the number of current connections for a specified node?

    Cheers

     

  • Joel_Newton's avatar
    Joel_Newton
    Icon for Cirrus rankCirrus
    May 01, 2018

    Hi, LC1729, Yeah, sorry for the oversight. It appears that there are some functions missing from that static readme. The Enable-Node and Disable-Node functions are fully functional and supported. Cheers, Joel

     

  • LC1729_360106's avatar
    LC1729_360106
    Icon for Nimbostratus rankNimbostratus
    May 01, 2018

    Hi Joel,

    I'm looking to script disable/enable of a node for the purpose of server maintenance similar to what is described here: https://support.f5.com/csp/article/K13310

    I'm working with f5 BIG-IP LTM 11.6 Build 5.0.429 HF5

    I see in the Github repo that there are functions 

    Disable-Node
    and 
    Enable-Node
    but they are not listed in the module functions. Is there a reason for that? Can I expect to use those functions still?

    From the above article: "When you interrupt access to a network device for maintenance, you should change the state of the node to Disabled or Forced Offline" - so my understanding is that I should be working with the node rather than pool member. It also seems more straight-forward for my pupose. However I'm a software dev/dev ops rather than a network admin and so not an f5 LTM expert & may well be missing something fundamental.

  • Joel_Newton's avatar
    Joel_Newton
    Icon for Cirrus rankCirrus
    Apr 03, 2018

    Hi, Venkat, that Security tab is not available to me since I don't have the AFM module installed. My guess is that it would require use of the /tm/security REST endpoints, which is currently outside the scope of the LTM module. I have plans to create a more comprehensive PS module to cover the various other BIG-IP modules, like AFM, but development on that is still beginning, and there's no specific AFM functionality there.

     

  • Joel_Newton's avatar
    Joel_Newton
    Icon for Cirrus rankCirrus
    Apr 03, 2018

    Hi, Venkat, that Security tab is not available to me since I don't have the AFM module installed. My guess is that it would require use of the /tm/security REST endpoints, which is currently outside the scope of the LTM module. I have plans to create a more comprehensive PS module to cover the various other BIG-IP modules, like AFM, but development on that is still beginning, and there's no specific AFM functionality there.