PowerShell module for the F5 LTM REST API

Problem this snippet solves:

To report an issue with the F5-LTM or F5-BIGIP modules, please use the Issues sections of the GitHub repos (here and here) instead of commenting here. Thanks!

This PowerShell module uses the iControlREST API to manipulate and query pools, pool members, virtual servers, and iRules. It aims to support version 11.5.1 and higher, and to conform to the schedule for technical support of versions, though this may eventually prove to become difficult.

The module currently includes some functionality that, strictly speaking, is outside the scope of the LTM module. Hence, there is an active effort to wrap this LTM module into a larger BIG-IP module, and relocate that functionality elsewhere within that parent module, as well as expand the scope of functionality to include BIG-IP DNS (formerly GTM) and possibly other areas. Both the LTM module and the parent BIG-IP module are projects on github. Please use these projects to report any issues you discover. Thanks!

The module contains the following functions.

  • Add-iRuleToVirtualServer
  • Add-iRuleToVirtualServer
  • Add-PoolMember
  • Add-PoolMonitor
  • Disable-PoolMember
  • Disable-VirtualServer
  • Enable-PoolMember
  • Enable-VirtualServer
  • Get-CurrentConnectionCount (deprecated; use Get-PoolMemberStats | Select-Object -ExpandProperty 'serverside.curConns')
  • Get-F5Session (will be deprecated in future versions. use New-F5Session)
  • Get-F5Status
  • Get-HealthMonitor
  • Get-HealthMonitorType
  • Get-iRule
  • Get-iRuleCollection (deprecated; use Get-iRule)
  • Get-Node
  • Get-BIGIPPartition
  • Get-Pool
  • Get-PoolList (deprecated; use Get-Pool)
  • Get-PoolMember
  • Get-PoolMemberCollection (deprecated; use Get-PoolMember)
  • Get-PoolMemberCollectionStatus
  • Get-PoolMemberDescription (deprecated; use Get-PoolMember)
  • Get-PoolMemberIP (deprecated; use Get-PoolMember)
  • Get-PoolMembers (deprecated; use Get-PoolMember)
  • Get-PoolMemberStats
  • Get-PoolMemberStatus (deprecated; use Get-PoolMember)
  • Get-PoolMonitor
  • Get-PoolsForMember
  • Get-StatusShape
  • Get-VirtualServer
  • Get-VirtualServeriRuleCollection (deprecated; use Get-VirtualServer | Where rules | Select -ExpandProperty rules)
  • Get-VirtualServerList (deprecated; use Get-VirtualServer)
  • Invoke-RestMethodOverride
  • New-F5Session
  • New-HealthMonitor
  • New-Node
  • New-Pool
  • New-VirtualServer
  • Remove-HealthMonitor
  • Remove-iRule
  • Remove-iRuleFromVirtualServer
  • Remove-Pool
  • Remove-PoolMember
  • Remove-PoolMonitor
  • Remove-ProfileRamCache
  • Remove-Node
  • Remove-VirtualServer
  • Set-iRule
  • Set-PoolLoadBalancingMode (deprecated; use Set-Pool)
  • Set-PoolMemberDescription
  • Set-Pool
  • Set-VirtualServer
  • Sync-DeviceToGroup
  • Test-F5Session
  • Test-Functionality
  • Test-HealthMonitor
  • Test-Node
  • Test-Pool
  • Test-VirtualServer

How to use this snippet:

To use the module, click 'Download Zip', extract the files, and place them in a folder named F5-LTM beneath your PowerShell modules folder. By default, this is %USERPROFILE%\Documents\WindowsPowerShell\Modules. The WindowsPowerShell and Modules folders may need to be created.

You will most likely need to unblock the files after extracting them. Use the Unblock-File PS cmdlet to accomplish this.

The Validation.cs class file (based on code posted by Brian Scholer) allows for using the REST API with LTM devices with self-signed SSL certificates.

Nearly all of the functions require an F5 session object as a parameter, which contains the base URL for the F5 LTM and a credential object for a user with privileges to manipulate the F5 LTM via the REST API. Use the New-F5session function to create this object. This function expects the following parameters:

  • The name or IP address of the F5 LTM device
  • A credential object for a user with rights to use the REST API
  • An optional TokenLifespan value for extending the life of the authentication token past the default 20 minutes

You can create a credential object using Get-Credential and entering the username and password at the prompts, or programmatically like this:

$secpasswd = ConvertTo-SecureString "PlainTextPassword" -AsPlainText -Force
$mycreds = New-Object System.Management.Automation.PSCredential "username", $secpasswd

Thanks to Kotesh Bandhamravuri and his blog entry for this snippet.

There is a function called Test-Functionality that takes an F5Session object, a new pool name, a new virtual server, an IP address for the virtual server, and a computer name as a pool member, and validates nearly all the functions in the module.

I've also contributed this code sample for how to gather some basic info about your LTM with this PS module.

The module has been tested on:

  • 11.5.1 Build 8.0.175 Hotfix 8 and later
  • 11.6.0 Build 5.0.429 Hotfix 4 and later
  • 12.0 / 12.1
  • 13.0

Code :

https://github.com/joel74/POSH-LTM-Rest

Tested this on version:

11.5
Updated Jun 06, 2023
Version 2.0
devops
iControlREST
LTM
microsoft powershell with icontrol
powershell
  • pbarbuto_239092's avatar
    pbarbuto_239092
    Icon for Nimbostratus rankNimbostratus
    Apr 21, 2016
    I get this error "'Register-ArgumentCompleter' is not recognized as the name of a cmdlet" Is this a PowerShell 5.0 comdlet or should I be able to complete this with 4.0? Update: updating to PowerShell 5.0 resolved this issue. Thanks!
  • Joel_Newton's avatar
    Joel_Newton
    Icon for Cirrus rankCirrus
    Apr 21, 2016
    Hi. You are correct - Register-ArgumentCompleter is a PS5 cmdlet. I didn't realize this was a requirement when this function was contributed to the module. I'd prefer to have the minimum version requirement be v4, so I'm going to see about changing this. Thanks.
  • pbarbuto_239092's avatar
    pbarbuto_239092
    Icon for Nimbostratus rankNimbostratus
    Apr 21, 2016
    Joel, thanks for your response. We needed to upgrade to PS 5.0 anyway :/ One more thing though, it seems like the module cant be imported in PowerShell (x86). It imports fine in PS x64, but when I try to import it in an x86 PS window I get an error that the module cannot be found. Have you encountered this and is it expected? Thanks!
  • Joel_Newton's avatar
    Joel_Newton
    Icon for Cirrus rankCirrus
    Apr 21, 2016
    Hi, pbarbuto, I just tested to confirm that I could import the module into an x86 PS shell, and it worked. Assuming that the module is in one of the folders listed in the PSModulePath environment variable, you should be able to import it without issue. You could also try typing in the full path to the module. Please let me know if you're still having issues. Thanks.
  • CRM_200278's avatar
    CRM_200278
    Icon for Nimbostratus rankNimbostratus
    Apr 29, 2016
    I'm new to using PowerShell and the LTM-REST module and a little help would be appreciated. I'm getting this error when trying to connect to a F5 and get a list of the existing pools. ConvertFrom-Json : Cannot bind argument to parameter 'InputObject' because it is null. At C:\windows\system32\windowspowershell\v1.0\Modules\F5-LTM\1.3.26\Public\Invoke-RestMethodOverride.ps1:36 char:50 + ... $message = $_.ErrorDetails.Message | ConvertFrom-json | Selec ... + ~~~~~~~~~~~~~~~~ + CategoryInfo : InvalidData: (:) [ConvertFrom-Json], ParameterBindingValidationException + FullyQualifiedErrorId : ParameterArgumentValidati NullNotAllowed,Microsoft.PowerShell.Commands.ConvertFromJsonCommand Invoke-RestMethodOverride : "404 Not Found: At C:\windows\system32\windowspowershell\v1.0\Modules\F5-LTM\1.3.26\Public\Get-Pool.ps1:32 char:21 + ... $JSON = Invoke-RestMethodOverride -Method Get -Uri $URI -Credenti ... + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : NotSpecified: (:) [Write-Error], WriteErrorException + FullyQualifiedErrorId : Microsoft.PowerShell.Commands.WriteErrorException,Invoke-RestMethodOverride And I am not positive whether I am even getting authenticated. This is the script being used: $host_address = "IPAddress_of_F5_Appliance" $user_id = "F5_Account_ID" $secpasswd = "Pasword_Assigned_To_F5_Account_ID" $secpasswd = ConvertTo-SecureString "Pasword_Assigned_To_F5_Account_ID" -AsPlainText -Force $mycreds = New-Object System.Management.Automation.PSCredential ($user_id, $secpasswd) New-F5session -LTMName $host_address -LTMCredentials $mycreds -PassThrough Get-Pool | Select-Object -ExpandProperty fullPath ConvertFrom-Json I'm running PowerShell v.5 Thanks.
  • Joel_Newton's avatar
    Joel_Newton
    Icon for Cirrus rankCirrus
    Apr 29, 2016
    Hi, it looks like you're close. When you call: New-F5session -LTMName $host_address -LTMCredentials $mycreds -PassThrough you should see your session object written out to the console if you successfully connect. -PassThrough is really only needed if you're going to capture the session in a variable and then pass it to a function. You could try: $F5Session = New-F5session -LTMName $host_address -LTMCredentials $mycreds -PassThrough; Get-Pool -F5Session $F5Session | Select-Object -ExpandProperty fullPath; Let me know if this helps. Thanks.
  • CRM_200278's avatar
    CRM_200278
    Icon for Nimbostratus rankNimbostratus
    Apr 29, 2016
    Thank you very much for the quick response Joel. I tried the method you recommended and even change the F5 being accessed but I'm still getting the same response or a similar one. PS C:\WINDOWS\system32> $host_address = "F5_IP_Address" $secpasswd = ConvertTo-SecureString "F5_Account_Password" -AsPlainText -Force $mycreds = New-Object System.Management.Automation.PSCredential ("F5_Account", $secpasswd) $F5Session = New-F5session -LTMName $host_address -LTMCredentials $mycreds -PassThrough PS C:\WINDOWS\system32> $F5Session Name BaseURL Credential ---- ------- ---------- F5_IP_Address https://F5_IP_Address/mgmt/tm/ltm/ System.Management.Automation.PSCredential Up to this point no errors displayed; but , once I run the next command, the error shown below is displayed. PS C:\WINDOWS\system32> Get-Pool -F5Session $F5Session | Select-Object -ExpandProperty fullPath ConvertFrom-Json : Cannot bind argument to parameter 'InputObject' because it is null. At C:\windows\system32\windowspowershell\v1.0\Modules\F5-LTM\1.3.26\Public\Invoke-RestMethodOverride.ps1:36 char:50 + ... $message = $_.ErrorDetails.Message | ConvertFrom-json | Selec ... + ~~~~~~~~~~~~~~~~ + CategoryInfo : InvalidData: (:) [ConvertFrom-Json], ParameterBindingValidationException + FullyQualifiedErrorId : ParameterArgumentValidati NullNotAllowed,Microsoft.PowerShell.Commands.ConvertFromJsonCommand Invoke-RestMethodOverride : " : At C:\windows\system32\windowspowershell\v1.0\Modules\F5-LTM\1.3.26\Public\Get-Pool.ps1:32 char:21 + ... $JSON = Invoke-RestMethodOverride -Method Get -Uri $URI -Credenti ... + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : NotSpecified: (:) [Write-Error], WriteErrorException + FullyQualifiedErrorId : Microsoft.PowerShell.Commands.WriteErrorException,Invoke-RestMethodOverride Finally, the only other information that I can add is that the SSL certificate on the F5 is self-signed and that when look at the content of the variables I can see that the correct values are contained. Once again thanks in advance for time and attention to this matter.
  • Joel_Newton's avatar
    Joel_Newton
    Icon for Cirrus rankCirrus
    Apr 30, 2016
    Hi, Thanks for trying that. It seems like, for some reason, the message being returned from the failed login attempt can't be converted from JSON. Are you definitely using v11.6 or higher of the LTM? One way to try and get a little more info about the error message would be to: 1) Open the file F5-LTM\Public\Invoke-RestMethodOverride.ps1 file in a text editor 2) On line 36, add a to comment out the JSON conversion and expanded property selection: $message = $_.ErrorDetails.Message | ConvertFrom-json | Select-Object -expandproperty message 3) Add a new line below line 36 to write out the content of $message: Write-Output $message Maybe that will give us a better idea of what's going on. Thanks.