PowerShell module for the F5 LTM REST API
Problem this snippet solves:
To report an issue with the F5-LTM or F5-BIGIP modules, please use the Issues sections of the GitHub repos (here and here) instead of commenting here. Thanks!
This PowerShell module uses the iControlREST API to manipulate and query pools, pool members, virtual servers, and iRules. It aims to support version 11.5.1 and higher, and to conform to the schedule for technical support of versions, though this may eventually prove to become difficult.
The module currently includes some functionality that, strictly speaking, is outside the scope of the LTM module. Hence, there is an active effort to wrap this LTM module into a larger BIG-IP module, and relocate that functionality elsewhere within that parent module, as well as expand the scope of functionality to include BIG-IP DNS (formerly GTM) and possibly other areas. Both the LTM module and the parent BIG-IP module are projects on github. Please use these projects to report any issues you discover. Thanks!
The module contains the following functions.
- Add-iRuleToVirtualServer
- Add-iRuleToVirtualServer
- Add-PoolMember
- Add-PoolMonitor
- Disable-PoolMember
- Disable-VirtualServer
- Enable-PoolMember
- Enable-VirtualServer
- Get-CurrentConnectionCount (deprecated; use Get-PoolMemberStats | Select-Object -ExpandProperty 'serverside.curConns')
- Get-F5Session (will be deprecated in future versions. use New-F5Session)
- Get-F5Status
- Get-HealthMonitor
- Get-HealthMonitorType
- Get-iRule
- Get-iRuleCollection (deprecated; use Get-iRule)
- Get-Node
- Get-BIGIPPartition
- Get-Pool
- Get-PoolList (deprecated; use Get-Pool)
- Get-PoolMember
- Get-PoolMemberCollection (deprecated; use Get-PoolMember)
- Get-PoolMemberCollectionStatus
- Get-PoolMemberDescription (deprecated; use Get-PoolMember)
- Get-PoolMemberIP (deprecated; use Get-PoolMember)
- Get-PoolMembers (deprecated; use Get-PoolMember)
- Get-PoolMemberStats
- Get-PoolMemberStatus (deprecated; use Get-PoolMember)
- Get-PoolMonitor
- Get-PoolsForMember
- Get-StatusShape
- Get-VirtualServer
- Get-VirtualServeriRuleCollection (deprecated; use Get-VirtualServer | Where rules | Select -ExpandProperty rules)
- Get-VirtualServerList (deprecated; use Get-VirtualServer)
- Invoke-RestMethodOverride
- New-F5Session
- New-HealthMonitor
- New-Node
- New-Pool
- New-VirtualServer
- Remove-HealthMonitor
- Remove-iRule
- Remove-iRuleFromVirtualServer
- Remove-Pool
- Remove-PoolMember
- Remove-PoolMonitor
- Remove-ProfileRamCache
- Remove-Node
- Remove-VirtualServer
- Set-iRule
- Set-PoolLoadBalancingMode (deprecated; use Set-Pool)
- Set-PoolMemberDescription
- Set-Pool
- Set-VirtualServer
- Sync-DeviceToGroup
- Test-F5Session
- Test-Functionality
- Test-HealthMonitor
- Test-Node
- Test-Pool
- Test-VirtualServer
How to use this snippet:
To use the module, click 'Download Zip', extract the files, and place them in a folder named F5-LTM beneath your PowerShell modules folder. By default, this is %USERPROFILE%\Documents\WindowsPowerShell\Modules. The WindowsPowerShell and Modules folders may need to be created.
You will most likely need to unblock the files after extracting them. Use the Unblock-File PS cmdlet to accomplish this.
The Validation.cs class file (based on code posted by Brian Scholer) allows for using the REST API with LTM devices with self-signed SSL certificates.
Nearly all of the functions require an F5 session object as a parameter, which contains the base URL for the F5 LTM and a credential object for a user with privileges to manipulate the F5 LTM via the REST API. Use the New-F5session function to create this object. This function expects the following parameters:
- The name or IP address of the F5 LTM device
- A credential object for a user with rights to use the REST API
- An optional TokenLifespan value for extending the life of the authentication token past the default 20 minutes
You can create a credential object using Get-Credential and entering the username and password at the prompts, or programmatically like this:
$secpasswd = ConvertTo-SecureString "PlainTextPassword" -AsPlainText -Force $mycreds = New-Object System.Management.Automation.PSCredential "username", $secpasswd
Thanks to Kotesh Bandhamravuri and his blog entry for this snippet.
There is a function called Test-Functionality that takes an F5Session object, a new pool name, a new virtual server, an IP address for the virtual server, and a computer name as a pool member, and validates nearly all the functions in the module.
I've also contributed this code sample for how to gather some basic info about your LTM with this PS module.
The module has been tested on:
- 11.5.1 Build 8.0.175 Hotfix 8 and later
- 11.6.0 Build 5.0.429 Hotfix 4 and later
- 12.0 / 12.1
- 13.0
Code :
https://github.com/joel74/POSH-LTM-Rest
Tested this on version:
11.5Updated Jun 06, 2023
Version 2.0
Joel_Newton
Cirrus
Cirrus
SickPanda_31422Nimbostratus
Hi Joel
When running the line explicitly I get the same error :
Invoke-F5RestMethod : "401 F5 Authorization Required: An authorization header is missing.
Thanks Mike
Joel_NewtonHi, Mike,
Let's move our troubleshooting thread outside this page - you can reach me directly at jnewton@springcm.com. Please let me know where I can reach you.
Thanks, Joel
- MLennon_243321
I had trouble using Get-PoolMember and Get-PoolMemberStats when trying to retrieve info on pools created by Exchange iApp; they always gave error about not being able to find pool. What I did was to add a -Application parameter, same as seen in Get-Pool. Then modified both function's code accordingly to use the new param. Worked! Awesome modules!
- Joel_Newton
Thanks, MLennon. I've updated all functions that relate to pool members with the Application param (get/add/delete) and published the changes (github / PSGallery). I'm glad you like the module!
wrapsbear_30752Hi Joel,
I stumbled across this when I discovered that the existing iControl PS Snapin only returns pools in Common (and doesn't return pools that are a part of an iApp). Thanks for sharing this!
- MLennon_243321
I've downloaded the latest zip but now I'm also now getting "Invoke-F5RestMethod : "401 F5 Authorization Required: An authorization header is missing." Did not see this in my previous package which I think I downloaded on Dec 20, 2016. Its strange. Using just command line, I import the module, run New-F5Session then type simply Get-Pool and it returns all my pools. If I run it again I get the 401 error. Running BIG-IP 11.5.1 Build 10.0.180 Hotfix HF10 (virtual ed. in my lab)
- Joel_Newton
Hi, MLennon, I'm pretty sure it's a 11.5-related issue, and that SickPanda was running into the same or similar problems (see above). Unfortunately, I only have 11.6 and higher to test on. Interesting that it seems like a change between Dec 20, '16 and now. Unfortunately there's been 20+ versions between then and now. At least there's a pattern, though.
Matan_316302Hey Joel Newton, First of all, this module is awesome! ty!
I have 1 question and maybe 1 bug to reporting.
Question: This module support FQDN nodes? and if yes, how? because i tried the most of the functions and found nothing.
Maybe bug: Add-PoolMember not support adding exist nodes to pool. it is working just if the node doesn't exist. it's failed on partition part, looks like it looking for the exist nodes only in common partition, even if I mention "-Partition $Partition".
- Joel_Newton
Hi, Matan, Thanks! I'll have to check re: FQDN. I don't use them in my setup, but I believe other users have. I'll also look into the issue of adding existing nodes in non-common partitions. The best way to log and track issues is to open an issue in github (https://github.com/joel74/POSH-LTM-Rest).
Cheers, Joel
- Matan_316302
Hey Joel, thanks for the help. i found the bug. just need to change on Add-PoolMember.ps1:
from: $JSONBody = @{name=('{0}:{1}' -f $ExistingNode.name,$PortNumber)}
to: $ExistingNodeName = '{0}:{1}' -f $ExistingNode.name,$PortNumber $JSONBody = @{name=$ExistingNodeName;partition=$Partition}