PowerShell module for the F5 LTM REST API

Thanks, Matan. To get this change to one line, I believe the following will work the same:

$JSONBody = @{name=('{0}:{1}' -f $ExistingNode.name,$PortNumber);partition=('{0}' -f $Partition)}

I'll made this change to the module.

Cheers, Joel

Running the following...

$LTMCredentials = Get-Credential

$LTMName = "name"

Import-Module F5-LTM

$F5Session = New-F5session -LTMName $LTMName -LTMCredentials $LTMCredentials -PassThrough

Get-Pool -F5Session $F5Session | Select-Object -ExpandProperty fullPath

Gives the following errors:

[BEGIN ERROR MESSAGES]

Supply values for the following parameters: ConvertFrom-Json : Cannot bind argument to parameter 'InputObject' because it is null. At C:\Users\a_blashmet\Documents\WindowsPowerShell\Modules\F5-LTM\Private\Invoke-F5RestMethod.ps1:40 char:50 + $message = $_.ErrorDetails.Message | ConvertFrom-json | Select-Objec ... + ~~~~~~~~~~~~~~~~ + CategoryInfo : InvalidData: (:) [ConvertFrom-Json], ParameterBindingValidationException + FullyQualifiedErrorId : ParameterArgumentValidationErrorNullNotAllowed,Microsoft.PowerShell.Commands.ConvertFromJsonCommand

Invoke-F5RestMethod : "401 F5 Authorization Required: At C:\Users\a_blashmet\Documents\WindowsPowerShell\Modules\F5-LTM\Public\New-F5Session.ps1:95 char:13 + $JSON = Invoke-F5RestMethod -Method Get -Uri $VersionURL -F5Session $newSess ... + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : NotSpecified: (:) [Write-Error], WriteErrorException + FullyQualifiedErrorId : Microsoft.PowerShell.Commands.WriteErrorException,Invoke-F5RestMethod

ConvertFrom-Json : Cannot bind argument to parameter 'InputObject' because it is null. At C:\Users\a_blashmet\Documents\WindowsPowerShell\Modules\F5-LTM\Private\Invoke-F5RestMethod.ps1:40 char:50 + $message = $_.ErrorDetails.Message | ConvertFrom-json | Select-Objec ... + ~~~~~~~~~~~~~~~~ + CategoryInfo : InvalidData: (:) [ConvertFrom-Json], ParameterBindingValidationException + FullyQualifiedErrorId : ParameterArgumentValidationErrorNullNotAllowed,Microsoft.PowerShell.Commands.ConvertFromJsonCommand

Invoke-F5RestMethod : "401 F5 Authorization Required: At C:\Users\a_blashmet\Documents\WindowsPowerShell\Modules\F5-LTM\Public\Get-Pool.ps1:32 char:21 + $JSON = Invoke-F5RestMethod -Method Get -Uri $URI -F5Session $F5Sess ... + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : NotSpecified: (:) [Write-Error], WriteErrorException + FullyQualifiedErrorId : Microsoft.PowerShell.Commands.WriteErrorException,Invoke-F5RestMethod

[END ERROR MESSAGES]

The content of $F5Session is:

Name : usdc-ltm-tst-mgmt BaseURL : Credential : System.Management.Automation.PSCredential WebSession : Microsoft.PowerShell.Commands.WebRequestSession LTMVersion :

So the version of the LTM isn't being picked up, which is 11.6, but it's not clear whether the session is established.

Looking at New-F5Session.ps1, it appears the user credentials need access to https://$LTMName/mgmt/tm/ltm/.

When I visit that URI from a browser and enter my credentials, I get:

{"code":401,"message":"Authorization failed: user= resource=/mgmt/tm/ltm verb=GET uri:

I ensured that Terminal Access is set to tmsh for this account and verified that it has Manager access on all partitions.

Is there any other access or config that I am missing?

Thank you for any help.

Hi, blashmet, at least on 11.6, you need admin-level access to the partition(s) to be able to connect via iControlREST. Are you able to make that change and retest?

-Joel

Hi! Is it possible to query info from SSL Certificates with this powershell module? Expiration Dates etc.. cant find any info about that.

Hi, No, not currently, as SSL cert management is outside of the LTM management space (see the structure here)

 

Hi Joel, thanks a ton for this module. I have been able to quickly automate the enabling and disabling of pool members during my deployment process.

There is one piece of functionality that I am looking for that I am not sure is available in the module, and that is the deletion of existing connections. I am able to handle this in my Powershell script by running this:

& "$PSScriptRoot..\plink.exe" -ssh scm@$BigIpServerIp -pw $BigIpUserPassword tmsh delete /sys connection ss-server-addr $ipAddress

But I was wondering if there was a command in the module that would do the same. In looking over the documentation, I don't see anything obvious, but thought I would ask.

Hi, Ryan,

 

Cheers! I'm glad to hear you've been finding the module to be useful. I took a look around at the docs, and I don't believe there's a way to utilize iControlREST to delete connections. This question was posed a few years back here, and from what I can tell of the LTM v13 docs, I don't believe that functionality has been added, which is too bad.

 

Cheers, Joel

 

Hi Joel,

Just wanted to say thanks heaps for this. I had been trying to get the iControlSnapIn one to work and then came across this one which has proven to be a million times better.

Only thing is I was hoping to use this to pull out all of the virtual servers from the LTM and any iRules that are bound to them. I am struggling to do this at the moment as I can not find a lot of information using the "Get-VirtualServer | Where rules | Select-Objects -ExpandProperty rules" function is being used. I was hoping to modify your Get-PoolMembers.ps1 to just include the iRule information but I can not work out how to pull the iRules in use and then export them out to the file.

Any assistance would be much appreciated.

Thanks

[Comment Updated]

Hi, Daniel.

Cheers. I think you can just use something like the snippet below. The first part creates a hash table with all the virtual server names in it, and the second part adds the iRules assigned to each server to the hash table.

I don't think we'd want to modify Get-PoolMembers.ps1, because pool members aren't associated with which iRules are assigned to a virtual server. Let me know if you have any issues with the code.

-Joel

$VS_iRules = Get-VirtualServer |
    ForEach {
        New-Object psobject -Property @{
            Name = $_.name;
            Partition = $_.partition;
            Rules = @{}
        }
    }

$VS_iRules | ForEach { $_.Rules = (Get-VirtualServer -Name $_.Name -Partition $_.Partition | Select-Object -ExpandProperty rules -ErrorAction SilentlyContinue  ) } 

I updated the snippet to include the retrieve partition for each virt server and include that in the request for iRules. The output is stored in $VS_iRules, so that's probably what you want to set your $Output to, and then format as desired.

Hey Joel,

Thanks for getting back to me. Have tried running that and it is throwing an error which I believe is related to the fact we are using partitions. I tried to remove the partition name but have had no luck.

I have taken what you posted and added the following from the Get-Poolmembers:

param(

[Parameter(Mandatory=$true)]
[string]
$LTMName,

[Parameter(Mandatory=$true)]
[System.Management.Automation.PSCredential]
$LTMCredentials,

[ValidateSet("Screen","CSV")]
$OutputDestination="Screen"
)

$Output = " "

New-F5Session -LTMName $LTMName -LTMCredentials $LTMCredentials 

$VS_iRules = Get-VirtualServer |
foreach {

    $VirtualServerName = $VS_iRules.Name -replace '/Common/',''

    new-object psobject -Property @{
        Name = $_.name;
        Rules = @{}
    }
}

$VS_iRules | ForEach { $_.Rules = (Get-VirtualServer -Name $_.Name | Select-Object -ExpandProperty rules -ErrorAction SilentlyContinue  ) } 

If ($OutputDestination -eq 'CSV'){
   Write-Output $Output | Out-File -filepath '.\LTM_iRules.csv'
}
Else {
    Write-Output $Output
}

Not sure I have the stripping of the partition in the right place and also not sure what values to put in for the $Output.

Really appreciate the assistance as well.

Thanks