PowerShell module for the F5 LTM REST API

Problem this snippet solves:

To report an issue with the F5-LTM or F5-BIGIP modules, please use the Issues sections of the GitHub repos (here and here) instead of commenting here. Thanks!

This PowerShell module uses the iControlREST API to manipulate and query pools, pool members, virtual servers, and iRules. It aims to support version 11.5.1 and higher, and to conform to the schedule for technical support of versions, though this may eventually prove to become difficult.

The module currently includes some functionality that, strictly speaking, is outside the scope of the LTM module. Hence, there is an active effort to wrap this LTM module into a larger BIG-IP module, and relocate that functionality elsewhere within that parent module, as well as expand the scope of functionality to include BIG-IP DNS (formerly GTM) and possibly other areas. Both the LTM module and the parent BIG-IP module are projects on github. Please use these projects to report any issues you discover. Thanks!

The module contains the following functions.

  • Add-iRuleToVirtualServer
  • Add-iRuleToVirtualServer
  • Add-PoolMember
  • Add-PoolMonitor
  • Disable-PoolMember
  • Disable-VirtualServer
  • Enable-PoolMember
  • Enable-VirtualServer
  • Get-CurrentConnectionCount (deprecated; use Get-PoolMemberStats | Select-Object -ExpandProperty 'serverside.curConns')
  • Get-F5Session (will be deprecated in future versions. use New-F5Session)
  • Get-F5Status
  • Get-HealthMonitor
  • Get-HealthMonitorType
  • Get-iRule
  • Get-iRuleCollection (deprecated; use Get-iRule)
  • Get-Node
  • Get-BIGIPPartition
  • Get-Pool
  • Get-PoolList (deprecated; use Get-Pool)
  • Get-PoolMember
  • Get-PoolMemberCollection (deprecated; use Get-PoolMember)
  • Get-PoolMemberCollectionStatus
  • Get-PoolMemberDescription (deprecated; use Get-PoolMember)
  • Get-PoolMemberIP (deprecated; use Get-PoolMember)
  • Get-PoolMembers (deprecated; use Get-PoolMember)
  • Get-PoolMemberStats
  • Get-PoolMemberStatus (deprecated; use Get-PoolMember)
  • Get-PoolMonitor
  • Get-PoolsForMember
  • Get-StatusShape
  • Get-VirtualServer
  • Get-VirtualServeriRuleCollection (deprecated; use Get-VirtualServer | Where rules | Select -ExpandProperty rules)
  • Get-VirtualServerList (deprecated; use Get-VirtualServer)
  • Invoke-RestMethodOverride
  • New-F5Session
  • New-HealthMonitor
  • New-Node
  • New-Pool
  • New-VirtualServer
  • Remove-HealthMonitor
  • Remove-iRule
  • Remove-iRuleFromVirtualServer
  • Remove-Pool
  • Remove-PoolMember
  • Remove-PoolMonitor
  • Remove-ProfileRamCache
  • Remove-Node
  • Remove-VirtualServer
  • Set-iRule
  • Set-PoolLoadBalancingMode (deprecated; use Set-Pool)
  • Set-PoolMemberDescription
  • Set-Pool
  • Set-VirtualServer
  • Sync-DeviceToGroup
  • Test-F5Session
  • Test-Functionality
  • Test-HealthMonitor
  • Test-Node
  • Test-Pool
  • Test-VirtualServer

How to use this snippet:

To use the module, click 'Download Zip', extract the files, and place them in a folder named F5-LTM beneath your PowerShell modules folder. By default, this is %USERPROFILE%\Documents\WindowsPowerShell\Modules. The WindowsPowerShell and Modules folders may need to be created.

You will most likely need to unblock the files after extracting them. Use the Unblock-File PS cmdlet to accomplish this.

The Validation.cs class file (based on code posted by Brian Scholer) allows for using the REST API with LTM devices with self-signed SSL certificates.

Nearly all of the functions require an F5 session object as a parameter, which contains the base URL for the F5 LTM and a credential object for a user with privileges to manipulate the F5 LTM via the REST API. Use the New-F5session function to create this object. This function expects the following parameters:

  • The name or IP address of the F5 LTM device
  • A credential object for a user with rights to use the REST API
  • An optional TokenLifespan value for extending the life of the authentication token past the default 20 minutes

You can create a credential object using Get-Credential and entering the username and password at the prompts, or programmatically like this:

$secpasswd = ConvertTo-SecureString "PlainTextPassword" -AsPlainText -Force
$mycreds = New-Object System.Management.Automation.PSCredential "username", $secpasswd

Thanks to Kotesh Bandhamravuri and his blog entry for this snippet.

There is a function called Test-Functionality that takes an F5Session object, a new pool name, a new virtual server, an IP address for the virtual server, and a computer name as a pool member, and validates nearly all the functions in the module.

I've also contributed this code sample for how to gather some basic info about your LTM with this PS module.

The module has been tested on:

  • 11.5.1 Build 8.0.175 Hotfix 8 and later
  • 11.6.0 Build 5.0.429 Hotfix 4 and later
  • 12.0 / 12.1
  • 13.0

Code :

https://github.com/joel74/POSH-LTM-Rest

Tested this on version:

11.5
Updated Jun 06, 2023
Version 2.0
devops
iControlREST
LTM
microsoft powershell with icontrol
powershell
  • Spontaneous1980's avatar
    Spontaneous1980
    Icon for Nimbostratus rankNimbostratus
    Feb 24, 2017

    Hi Joel!

     

    Excellent work on your module. I thought you could help eliminate people having trouble installing this module.

     

    here is an example I found: https://gist.github.com/darkoperator/3f9da4b780b5a0206bca

     

    In here you even do an unblock-file in small loop. All you need to do then is add you gist.github.com url. This can also help with deploying in break fix for bugs that you may find.

     

    Thank you for developing this excellent module!!!

     

  • Joel_Newton's avatar
    Joel_Newton
    Icon for Cirrus rankCirrus
    Feb 27, 2017

    Thanks - I like the simplicity and helpfulness of that script.

     

    I created a gist and included notes on installing via PSGet. Hopefully that helps.

     

  • SickPanda_31422's avatar
    SickPanda_31422
    Icon for Nimbostratus rankNimbostratus
    Mar 17, 2017

    Hi Joel

     

    I am at a loss here. I can successfully run functions which don't in turn call other functions, however when I run functions like Get-PoolMember which in turn calls Get-Pool, my session object is not being carried through. I am using the -passthru parameter.

     

    This Works* $MyLTM_IP = '10.0.0.1' $PoolName = 'myPoolName' $Partition = 'myPartition'

     

    $F5Session = New-F5Session -LTMName $MyLTM_IP -LTMCredentials $MyLTMCreds -PassThru

     

    Get-Pool -F5Session $F5Session -Name $PoolName -Partition $Partition

     

    This DOESNT work* $MyLTM_IP = '10.0.0.1' $PoolName = 'myPoolName' $Partition = 'myPartition'

     

    $F5Session = New-F5Session -LTMName $MyLTM_IP -LTMCredentials $MyLTMCreds -PassThru

     

    Get-PoolMember -F5Session $F5Session -PoolName $PoolName -Partition $Partition

     

    I get this error : Invoke-F5RestMethod : "401 F5 Authorization Required: An authorization header is missing.

     

    Thanks Mike

     

  • Joel_Newton's avatar
    Joel_Newton
    Icon for Cirrus rankCirrus
    Mar 17, 2017

    Hi, Mike. Thanks for reporting this issue. I haven't been able to repro it on 11.6 or 12.1. What version of the LTM are you running? Does the issue happen if you use the -Default switch for New-F5Session and then don't pass a session to Get-PoolMember?

     

    Thanks, Joel

     

  • matvan_303285's avatar
    matvan_303285
    Icon for Nimbostratus rankNimbostratus
    Mar 20, 2017

    Hi,

     

    I'm running 11.6.1 Build 1.0.326 HF1 and i have a very weird issue where I get a 401 access denied (using a get-pool) unless i have previously given the user administrator access to all partitions.

     

    I can return the user back to guest after i have granted the admin and it still works.

     

    If i create a guest account straight up (with tmsh access granted) it gives a 401 error. Yet if i change that account to administrator, then back to guest it will work.

     

  • SickPanda_31422's avatar
    SickPanda_31422
    Icon for Nimbostratus rankNimbostratus
    Mar 20, 2017

    Hi Joel

     

    Running this gives me the same error :

     

    $MyLTM_IP = '192.168.0.1' $PoolName = 'mypoolname' $Partition = 'common'

     

    New-F5Session -LTMName $MyLTM_IP -LTMCredentials $MyLTMCreds -Default Get-Poolmember -PoolName $PoolName -Partition $Partition

     

    I am running BIG-IP 11.5.4 Build 0.0.256 Final

     

    Thanks Mike

     

  • Joel_Newton's avatar
    Joel_Newton
    Icon for Cirrus rankCirrus
    Mar 20, 2017

    Hi, matvan, per the v11.6 docs, "administrative level access to the iControl® REST namespace [is needed] to make iControl REST requests." That you're able to remove admin access and still use iControlREST is strange, and seemingly not intended. On 11.6.0 HF4, if I remove admin access, I can no longer access iControlREST.

     

  • Joel_Newton's avatar
    Joel_Newton
    Icon for Cirrus rankCirrus
    Mar 20, 2017

    Thanks, Mike. Thanks for testing that. I'm assuming but want to clarify that you're using a local account, and that that account has the admin role for the common partition. Is that correct? Cheers.

     

  • SickPanda_31422's avatar
    SickPanda_31422
    Icon for Nimbostratus rankNimbostratus
    Mar 22, 2017

    Hi Joel

     

    Yep that's correct. I am using a local admin account. I tried 2 admin accounts actually, one with tmsh and without with the same results.

     

    Thanks Mike

     

  • Joel_Newton's avatar
    Joel_Newton
    Icon for Cirrus rankCirrus
    Mar 23, 2017

    Hi, Mike, I only have 11.6 and 12.1 available to me at the moment. I'll see if I can spin up 11.5.4 in AWS and repro this issue. In the meantime, what happens if you execute that line explicitly, i.e. create an F5 session and call:

    Get-Pool -F5Session $F5Session -Name 'MyPool' -Partition 'Common' | Get-PoolMember -F5session $F5Session -Address * -Name *

    Cheers, Joel