PowerShell module for the F5 LTM REST API
Problem this snippet solves:
To report an issue with the F5-LTM or F5-BIGIP modules, please use the Issues sections of the GitHub repos (here and here) instead of commenting here. Thanks!
This PowerShell module uses the iControlREST API to manipulate and query pools, pool members, virtual servers, and iRules. It aims to support version 11.5.1 and higher, and to conform to the schedule for technical support of versions, though this may eventually prove to become difficult.
The module currently includes some functionality that, strictly speaking, is outside the scope of the LTM module. Hence, there is an active effort to wrap this LTM module into a larger BIG-IP module, and relocate that functionality elsewhere within that parent module, as well as expand the scope of functionality to include BIG-IP DNS (formerly GTM) and possibly other areas. Both the LTM module and the parent BIG-IP module are projects on github. Please use these projects to report any issues you discover. Thanks!
The module contains the following functions.
- Add-iRuleToVirtualServer
- Add-iRuleToVirtualServer
- Add-PoolMember
- Add-PoolMonitor
- Disable-PoolMember
- Disable-VirtualServer
- Enable-PoolMember
- Enable-VirtualServer
- Get-CurrentConnectionCount (deprecated; use Get-PoolMemberStats | Select-Object -ExpandProperty 'serverside.curConns')
- Get-F5Session (will be deprecated in future versions. use New-F5Session)
- Get-F5Status
- Get-HealthMonitor
- Get-HealthMonitorType
- Get-iRule
- Get-iRuleCollection (deprecated; use Get-iRule)
- Get-Node
- Get-BIGIPPartition
- Get-Pool
- Get-PoolList (deprecated; use Get-Pool)
- Get-PoolMember
- Get-PoolMemberCollection (deprecated; use Get-PoolMember)
- Get-PoolMemberCollectionStatus
- Get-PoolMemberDescription (deprecated; use Get-PoolMember)
- Get-PoolMemberIP (deprecated; use Get-PoolMember)
- Get-PoolMembers (deprecated; use Get-PoolMember)
- Get-PoolMemberStats
- Get-PoolMemberStatus (deprecated; use Get-PoolMember)
- Get-PoolMonitor
- Get-PoolsForMember
- Get-StatusShape
- Get-VirtualServer
- Get-VirtualServeriRuleCollection (deprecated; use Get-VirtualServer | Where rules | Select -ExpandProperty rules)
- Get-VirtualServerList (deprecated; use Get-VirtualServer)
- Invoke-RestMethodOverride
- New-F5Session
- New-HealthMonitor
- New-Node
- New-Pool
- New-VirtualServer
- Remove-HealthMonitor
- Remove-iRule
- Remove-iRuleFromVirtualServer
- Remove-Pool
- Remove-PoolMember
- Remove-PoolMonitor
- Remove-ProfileRamCache
- Remove-Node
- Remove-VirtualServer
- Set-iRule
- Set-PoolLoadBalancingMode (deprecated; use Set-Pool)
- Set-PoolMemberDescription
- Set-Pool
- Set-VirtualServer
- Sync-DeviceToGroup
- Test-F5Session
- Test-Functionality
- Test-HealthMonitor
- Test-Node
- Test-Pool
- Test-VirtualServer
How to use this snippet:
To use the module, click 'Download Zip', extract the files, and place them in a folder named F5-LTM beneath your PowerShell modules folder. By default, this is %USERPROFILE%\Documents\WindowsPowerShell\Modules. The WindowsPowerShell and Modules folders may need to be created.
You will most likely need to unblock the files after extracting them. Use the Unblock-File PS cmdlet to accomplish this.
The Validation.cs class file (based on code posted by Brian Scholer) allows for using the REST API with LTM devices with self-signed SSL certificates.
Nearly all of the functions require an F5 session object as a parameter, which contains the base URL for the F5 LTM and a credential object for a user with privileges to manipulate the F5 LTM via the REST API. Use the New-F5session function to create this object. This function expects the following parameters:
- The name or IP address of the F5 LTM device
- A credential object for a user with rights to use the REST API
- An optional TokenLifespan value for extending the life of the authentication token past the default 20 minutes
You can create a credential object using Get-Credential and entering the username and password at the prompts, or programmatically like this:
$secpasswd = ConvertTo-SecureString "PlainTextPassword" -AsPlainText -Force $mycreds = New-Object System.Management.Automation.PSCredential "username", $secpasswd
Thanks to Kotesh Bandhamravuri and his blog entry for this snippet.
There is a function called Test-Functionality that takes an F5Session object, a new pool name, a new virtual server, an IP address for the virtual server, and a computer name as a pool member, and validates nearly all the functions in the module.
I've also contributed this code sample for how to gather some basic info about your LTM with this PS module.
The module has been tested on:
- 11.5.1 Build 8.0.175 Hotfix 8 and later
- 11.6.0 Build 5.0.429 Hotfix 4 and later
- 12.0 / 12.1
- 13.0
Code :
https://github.com/joel74/POSH-LTM-Rest
Tested this on version:
11.5Updated Jun 06, 2023
Version 2.0
Joel_Newton
Cirrus
Cirrus
jozeffortNimbostratus
Source: https://dumpsarena.com/
To interact with the F5 BIG-IP Local Traffic Manager (LTM) REST API using PowerShell, you can utilize the F5-BIGIP PowerShell module. This module provides cmdlets that simplify the process of managing your F5 BIG-IP LTM configurations programmatically through REST API calls.Here are the steps to get started:
1. **Install the F5-BIGIP Module**: First, you need to install the F5-BIGIP PowerShell module. You can do this using the following command:
```powershell
Install-Module -Name F5-BIGIP
```2. **Import the Module**: Once installed, import the module into your PowerShell session:
```powershell
Import-Module F5-BIGIP
```3. **Connect to your F5 BIG-IP**: Establish a connection to your F5 BIG-IP device using the `Connect-F5BigIp` cmdlet. Replace `bigip.example.com` with the hostname or IP address of your F5 BIG-IP device:
```powershell
Connect-F5BigIp -Host bigip.example.com -Credential (Get-Credential)
```This command will prompt you for credentials to authenticate with the F5 BIG-IP device.
4. **Use REST API Cmdlets**: Once connected, you can use various cmdlets provided by the module to interact with the F5 LTM REST API. For example, you can fetch information about virtual servers, pools, nodes, and more.
```powershell
Get-F5BigIpVirtualServer
Get-F5BigIpPool
Get-F5BigIpNode
```5. **Disconnect from the F5 BIG-IP**: After you have finished your operations, disconnect from the F5 BIG-IP device to release the session:
```powershell
Disconnect-F5BigIp
```These cmdlets provide an easy way to automate tasks and manage your F5 BIG-IP LTM configuration using PowerShell scripts. Adjust the commands according to your specific requirements and configurations.
Andre_DuToitHi Joel,
Im also curious, i've been delving into the LTM Rest API via Postman to try find ways of pulling Asset data (like Serial Number, VLAN and Interface Data for the Nodes) but i cant seem to find anything. I know there are URIs that cover that under /mgmt/tm/net/ but that dataset seems disconnected from the Node dataset.
Any tips on how we could obtain such data (or if such data even exists?).
Best Regards
Andre- Andre_DuToit
Hi Joel,
I've noticed that there are no functions that cover pulling System level data from the F5 LTM (Network, Interface etc). Are there any plans to expand the powershell module to include those?
Best RegardsAndre
MeganathanHI Joel,
Using the below code I am able to add iRule to the virtual server it's adding iRule to bottom. I want to add the iRule at the top.
Any suggestions?
Import-Module F5-LTM -Force -ErrorAction Stop
$LTMName = "10.0.0.1"
$virtualservername = "xx_xxxxxx-xxxx-xxxx1"
$F5Session = New-F5Session -LTMName "$LTMName" -LTMCredentials (Get-Credential) -passthru
[array]$iRules = Get-VirtualServeriRuleCollection -VirtualServer $VirtualServername -F5session $F5session
$iRuleToAdd = "/Common/iRule-xxxxxxxxxxx"
#adding iRule to top of the array
$iRules = ,$iRuleToAdd + $iRules
foreach($irule in $irules){
Add-iRuleToVirtualServer -F5Session $F5Session -Name $VirtualServerName -iRuleName $irule -verbose
}
- wackitron
thank you for your response. It's working for me as well on Version 14.0.0.1. I am unable to reproduce old failed attempts but I am glad that its working for me now. Currently I am working on new-profilehttp function, and run it reading separate json file that has the info for profile name, xff header enabled etc.
Thanks a lot again
- Joel_Newton
Hi, wackitron, I've tested with adding simple iRules to virtual servers in both 11.6 and 14.0 LTMs, using the same format that you used. If you add the iRule to the same virtual server in the UI, it works? You might add the -Verbose flag to your call and see what that shows you. Thanks.
- wackitron
Thank you for such an awesome PS integration. I am kind of stuck with Add-iRuleToVirtualServer function, it gracefully errors out and just says False
Here is what I passed:
Add-iRuleToVirtualServer -F5Session $F5Session -Name $VirtualServerName -iRuleName $RuleName
with variables for f5session, virtualservername, and rulename.
Also I made sure that the irule was already being created on the F5.
Could you please share a working example of the above function.
Many Thanks in Advance
- Joel_Newton
Hi. You'll want to import the F5-LTM module and call the functions, not execute the script directly. The instructions above in 'How to use this snippet' detail how to create a new F5 session.
wangchongchong_Sorry, i'm a novice,how to do execute this script ?
- Per_Eriksson_37
@Joel Newton Thanks but I managed to find another way to do it: https://devcentral.f5.com/s/feed/0D51T00006i7jemSAA