PowerShell module for the F5 LTM REST API
Problem this snippet solves:
To report an issue with the F5-LTM or F5-BIGIP modules, please use the Issues sections of the GitHub repos (here and here) instead of commenting here. Thanks!
This PowerShell module uses the iControlREST API to manipulate and query pools, pool members, virtual servers, and iRules. It aims to support version 11.5.1 and higher, and to conform to the schedule for technical support of versions, though this may eventually prove to become difficult.
The module currently includes some functionality that, strictly speaking, is outside the scope of the LTM module. Hence, there is an active effort to wrap this LTM module into a larger BIG-IP module, and relocate that functionality elsewhere within that parent module, as well as expand the scope of functionality to include BIG-IP DNS (formerly GTM) and possibly other areas. Both the LTM module and the parent BIG-IP module are projects on github. Please use these projects to report any issues you discover. Thanks!
The module contains the following functions.
- Add-iRuleToVirtualServer
- Add-iRuleToVirtualServer
- Add-PoolMember
- Add-PoolMonitor
- Disable-PoolMember
- Disable-VirtualServer
- Enable-PoolMember
- Enable-VirtualServer
- Get-CurrentConnectionCount (deprecated; use Get-PoolMemberStats | Select-Object -ExpandProperty 'serverside.curConns')
- Get-F5Session (will be deprecated in future versions. use New-F5Session)
- Get-F5Status
- Get-HealthMonitor
- Get-HealthMonitorType
- Get-iRule
- Get-iRuleCollection (deprecated; use Get-iRule)
- Get-Node
- Get-BIGIPPartition
- Get-Pool
- Get-PoolList (deprecated; use Get-Pool)
- Get-PoolMember
- Get-PoolMemberCollection (deprecated; use Get-PoolMember)
- Get-PoolMemberCollectionStatus
- Get-PoolMemberDescription (deprecated; use Get-PoolMember)
- Get-PoolMemberIP (deprecated; use Get-PoolMember)
- Get-PoolMembers (deprecated; use Get-PoolMember)
- Get-PoolMemberStats
- Get-PoolMemberStatus (deprecated; use Get-PoolMember)
- Get-PoolMonitor
- Get-PoolsForMember
- Get-StatusShape
- Get-VirtualServer
- Get-VirtualServeriRuleCollection (deprecated; use Get-VirtualServer | Where rules | Select -ExpandProperty rules)
- Get-VirtualServerList (deprecated; use Get-VirtualServer)
- Invoke-RestMethodOverride
- New-F5Session
- New-HealthMonitor
- New-Node
- New-Pool
- New-VirtualServer
- Remove-HealthMonitor
- Remove-iRule
- Remove-iRuleFromVirtualServer
- Remove-Pool
- Remove-PoolMember
- Remove-PoolMonitor
- Remove-ProfileRamCache
- Remove-Node
- Remove-VirtualServer
- Set-iRule
- Set-PoolLoadBalancingMode (deprecated; use Set-Pool)
- Set-PoolMemberDescription
- Set-Pool
- Set-VirtualServer
- Sync-DeviceToGroup
- Test-F5Session
- Test-Functionality
- Test-HealthMonitor
- Test-Node
- Test-Pool
- Test-VirtualServer
How to use this snippet:
To use the module, click 'Download Zip', extract the files, and place them in a folder named F5-LTM beneath your PowerShell modules folder. By default, this is %USERPROFILE%\Documents\WindowsPowerShell\Modules. The WindowsPowerShell and Modules folders may need to be created.
You will most likely need to unblock the files after extracting them. Use the Unblock-File PS cmdlet to accomplish this.
The Validation.cs class file (based on code posted by Brian Scholer) allows for using the REST API with LTM devices with self-signed SSL certificates.
Nearly all of the functions require an F5 session object as a parameter, which contains the base URL for the F5 LTM and a credential object for a user with privileges to manipulate the F5 LTM via the REST API. Use the New-F5session function to create this object. This function expects the following parameters:
- The name or IP address of the F5 LTM device
- A credential object for a user with rights to use the REST API
- An optional TokenLifespan value for extending the life of the authentication token past the default 20 minutes
You can create a credential object using Get-Credential and entering the username and password at the prompts, or programmatically like this:
$secpasswd = ConvertTo-SecureString "PlainTextPassword" -AsPlainText -Force $mycreds = New-Object System.Management.Automation.PSCredential "username", $secpasswd
Thanks to Kotesh Bandhamravuri and his blog entry for this snippet.
There is a function called Test-Functionality that takes an F5Session object, a new pool name, a new virtual server, an IP address for the virtual server, and a computer name as a pool member, and validates nearly all the functions in the module.
I've also contributed this code sample for how to gather some basic info about your LTM with this PS module.
The module has been tested on:
- 11.5.1 Build 8.0.175 Hotfix 8 and later
- 11.6.0 Build 5.0.429 Hotfix 4 and later
- 12.0 / 12.1
- 13.0
Code :
https://github.com/joel74/POSH-LTM-Rest
Tested this on version:
11.5Updated Jun 06, 2023
Version 2.0
Joel_Newton
Cirrus
Cirrus
igor_curic_2239Nimbostratus
Hi Joel,
I originally used New-node function to create FQDN node.
New-Node -AddressType ipv4 -AutoPopulate enabled -FQDN ICPRF02-BO1.gaming.lan -F5Session $SessionToken -Name ICPRF02-BO1
And than tried adding it to the pool using Add-PoolMember, and it failed...that's when I sent my first question. After your comment that the function works on your end I changed my approach and created the node using the IP...than Add-PoolMember worked. So when FQDN node is created by scritp/or manually Add-PoolMember failes...works only when node is created using IP (in my case).
And about the Set-VirtualServer examples, do you mean the examples in the script Set-VirtualServer.ps1 or is there an online resource I missed?
Br, Igor
Joel_NewtonHi, Igor,
Thanks for the additional info. Part of the problem, if not the whole issue, is that nodes created as FQDN, aren't being found by the node check in the Add-PoolMember function, so it's trying to add them again. I'll open an issue on the GitHub repo for this.
For the Set-VirtualServer example, yes, it's in the script.
All the best, Joel
john_gesCan the power shell module be used to change F5 LTM's objects that are under BIG-IQ control? Basically what I'm asking is rather than running power shell scripts directly to the F5 LTM I want to run them through the BIGIQ which has all the F5 objects. Thanks.
- Joel_Newton
Hi. The REST endpoints for managing BIG-IP objects - like pools and virtual servers in the LTM module - are the same, whether one is using BIG-IQ or not. There aren't separate endpoints. In my github repos, I've created a new one for BIG-IP, to include LTM functionality as well as DNS functionality that is under development and other traffic management-specific tasks.
- Mark_Curole
Just started using this and loving it so far. I'd be glad to help contribute if you are looking for help.
- bujnovskyd
I'm just getting started using this. I am trying use get-virtualserver, on something I manually set up, into a hash table; modify hash table; then splat into new-virtualserver. Does anyone else already have something like this working?
$vs1=get-virtualserver -f5sess -name 'test1' $vs1.destination='Common/192.168.0.10:443' $vs1.fullpath='/Common/test1-443' $vs1.name='test1-443'
new-virtualserver -f5Session $f5sess @vip1
Thanks for the help. I'll keep trying an post it if I get it to work.
EDIT Got it to work, but built my hashtable manually. see hash values below. mostly used the $vip1.add("IPProtocol","tcp") to build PS C:\Windows> $vip1
Name Value
IPProtocol tcp
FallbackPersistence source_addr
Kind tm:ltm:virtual:virtualstate
SourceAddressTranslationType automap
PersistenceProfiles hash
DestinationIP 192.168.0.30
name vip1.dev1-80
ProfileNames http-XF
Partition Common
DefaultPool dev1-80
DestinationPort 80New-VirtualServer -F5Session $f5Sess @compasswcf
I can now copy hash tables and reassign values to build another virtual server with mostly the same settings. This was all new to me, so maybe it will help someone else get going a little faster then it took me.
David B
- Joel_Newton
Thanks, Mark. I'd say the best way to contribute is to check out the open issues in the github repo The big things in progress at the moment are creating Pester tests and transitioning from an LTM-only PS module to a PS module that covers additional BIG-IP modules.
David, glad you got that splatting working and thanks for sharing your efforts!
Cheers, Joel
- bujnovskyd
I can not seem to get the profiles to work. I have two separate profiles I would like to put into place during the new-virtualserver call.
One is 'http-XF' which is under the "http profile" and then another profile under the "SSL Profile (Client)" area.
I can call set-virtualserver with session and name and assign either one of the profiles with a name, but can't seem to figure out how to set both of them. The example in Set-virtualserver seems to create an array of hash tables in a noteproperty. I've not been able to get the example to work for me.
It seems to have issues when I $vs|set-virtualserver . I think the properties that were originally retrieved with get-virtualserver, do not align completely with the set-virtualserver command.
Should I be posting here or somewhere else for syntax type help?
Thanks. David B - Joel_Newton
Hi, David,
The list of profiles is actually just an array of strings. The best place to log issues, fyi, is on the github repo, so please feel free to open an issue there with the specific snippet you're using, and also please let me know what version of the API you're working with.
Cheers, Joel
Pookie76_324786Hi I am trying to automate simple process to create a simjple TCP load balancing session. I can log in etc using the script but when I try and use the new pool I am getting a value of false returned from the device.....
PS C:\Users\brian.twomey> New-Pool -Name /commom/TEST-Pool -Description Test -LoadBalancingMode least-connections-member False
Have tried with pool members listed PS C:\Users\brian.twomey> New-Pool -Name /commom/TEST-Pool -Description Test -LoadBalancingMode least-connections-member False
Set-Pool -Name TEST-Pool -Partition /common -LoadBalancingMode least-connections(member) -MemberDefinitionList {10.78.49.11,7998},{10.78.49.12,7998} False
I am a newbieto powershell so can someone tell me what the issue is here....