For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Ps Provision VE For Local Dev

Problem this snippet solves:

This PowerShell script will go through the process of creating VLANs, SelfIPs, Pool, and a Virtual Server. It was developed to go along with this article.

Code :

#----------------------------------------------------------------------------
# The contents of this file are subject to the "END USER LICENSE AGREEMENT FOR F5
# Software Development Kit for iControl"; you may not use this file except in
# compliance with the License. The License is included in the iControl
# Software Development Kit.
#
# Software distributed under the License is distributed on an "AS IS"
# basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
# the License for the specific language governing rights and limitations
# under the License.
#
# The Original Code is iControl Code and related documentation
# distributed by F5.
#
# The Initial Developer of the Original Code is F5 Networks,
# Inc. Seattle, WA, USA. Portions created by F5 are Copyright (C) 1996-2010 F5 Networks,
# Inc. All Rights Reserved.  iControl (TM) is a registered trademark of F5 Networks, Inc.
#
# Alternatively, the contents of this file may be used under the terms
# of the GNU General Public License (the "GPL"), in which case the
# provisions of GPL are applicable instead of those above.  If you wish
# to allow use of your version of this file only under the terms of the
# GPL and not to allow others to use your version of this file under the
# License, indicate your decision by deleting the provisions above and
# replace them with the notice and other provisions required by the GPL.
# If you do not delete the provisions above, a recipient may use your
# version of this file under either the License or the GPL.
#----------------------------------------------------------------------------
param (
  $hostname = $null,
  $user = $null,
  $pass = $null,
  $app_name = $null,
  $external_ip = $null,
  $internal_ip = $null
);

Set-PSDebug -strict;

#-------------------------------------------------------------------------
function Write-Usage()
#-------------------------------------------------------------------------
{
  Write-Host "Usage: ProvisionVMForDev.ps1 -hostname  -user  -pass  -app_name  -external_ip  -internal_ip ";
  exit;
}

#-------------------------------------------------------------------------
function Do-Initialize()
#-------------------------------------------------------------------------
{
  if ( (Get-PSSnapin | Where-Object { $_.Name -eq "iControlSnapIn"}) -eq $null )
  {
    Add-PSSnapIn iControlSnapIn
  }
  $success = Initialize-F5.iControl -HostName $hostname -Username $user -Password $pass;
  
  return $success;
}

#-------------------------------------------------------------------------
function Next-Address()
#-------------------------------------------------------------------------
{
  param([string]$address);
  $tokens = $address.Split('.');
  [int]$a = $tokens[0];
  [int]$b = $tokens[1];
  [int]$c = $tokens[2];
  [int]$d = $tokens[3];
  $d++;
  if ( $d -ge 255 )
  {
    $c += ($d = 1);
    if ( $c -ge 255 )
    {
      $b += ($c = 1);
      if ( $b -ge 255 )
      {
        $a += ($b = 1);
      }
    }
  }
  "$a.$b.$c.$d";
}

#-------------------------------------------------------------------------
function Is-InList()
#-------------------------------------------------------------------------
{
  param([string]$search, [string[]]$list);
  $found = $false;
  if ( ($null -ne $search) -and ($null -ne $list) )
  {
    foreach($item in $list)
    {
      if ( $search.Equals($item) )
      {
        $found = $true;
        break;
      }
    }
  }
  return $found;
}

#-------------------------------------------------------------------------
function Create-VLAN()
#-------------------------------------------------------------------------
{
  param([string]$name,
    [long]$id,
    [string]$member_name);
  
  # Create VLAN
  $vlans = (, $name);
  $vlan_ids = (, $id);
  $member = New-Object -TypeName iControl.NetworkingVLANMemberEntry;
  $member.member_name = $member_name
  $member.member_type = "MEMBER_INTERFACE";
  $member.tag_state = "MEMBER_UNTAGGED"
  $memberA = (, $member);
  $memberAofA = (, $memberA);
  $failsafe_states = (, "STATE_DISABLED");
  $timeouts = (, 1500);
  $mac_masquerade = (, "");
  
  (Get-F5.iControl).NetworkingVLAN.create(
    $vlans,
    $vlan_ids,
    $memberAofA,
    $failsafe_states,
    $timeouts,
    $mac_masquerade);
}
#-------------------------------------------------------------------------
function Create-VLANs()
#-------------------------------------------------------------------------
{
  $vlan_list = (Get-F5.iControl).NetworkingVLAN.get_list();
  if ( -not (Is-InList -search "external" -list $vlan_list) )
  {
    Write-Host "Creating external VLAN `"external`"...";
    Create-VLAN -name "external" -id 4094 -member_name "1.1";
  }
  if ( -not (Is-InList -search "internal" -list $vlan_list) )
  {
    Write-Host "Creating internal VLAN `"internal`"...";
    Create-VLAN -name "internal" -id 4093 -member_name "1.2";
  }
}

#-------------------------------------------------------------------------
function Create-SelfIP()
#-------------------------------------------------------------------------
{
  param([string]$address, [string]$vlan);
    
  $self_ips = (, $address);
  $vlan_names = (, $vlan);
  $netmasks = (, "255.255.255.0");
  $unit_ids = (, 0);
  $floating_states = (, "STATE_DISABLED");
  (Get-F5.iControl).NetworkingSelfIP.create(
    $self_ips,
    $vlan_names,
    $netmasks,
    $unit_ids,
    $floating_states
  );
}

#-------------------------------------------------------------------------
function Create-SelfIPs()
#-------------------------------------------------------------------------
{
  param([string]$external, [string]$internal);
  
  $selfip_list = (Get-F5.iControl).NetworkingSelfIP.get_list();
  if ( -not (Is-InList -search $external -list $selfip_list) )
  {
    Write-Host "Creating external SelfIP `"$external`"...";
    Create-SelfIP -address $external -vlan "external";
  }
  if ( -not (Is-InList -search $internal -list $selfip_list) )
  {
    Write-Host "Creating internal SelfIP `"$internal`"...";
    Create-SelfIP -address $internal -vlan "internal";
  }
}

#-------------------------------------------------------------------------
function Create-Pool()
#-------------------------------------------------------------------------
{
  param([string]$name, [string]$member_ip, [long]$member_port);
  
  $pool_list = (Get-F5.iControl).LocalLBPool.get_list();
  if ( -not (Is-InList -search $name -list $pool_list) )
  {
    $pool_names = (, $name);
    $lb_methods = (, "LB_METHOD_ROUND_ROBIN");
    $member = New-Object -TypeName iControl.CommonIPPortDefinition;
    $member.address = $member_ip;
    $member.port = $member_port;
    $memberA = (, $member);
    $memberAofA = (, $memberA);
    
    Write-Host "Creating Pool `"$name`"...";
    (Get-F5.iControl).LocalLBPool.create(
      $pool_names,
      $lb_methods,
      $memberAofA
    );
    
    $monitor_association = New-Object -TypeName iControl.LocalLBPoolMonitorAssociation;
    $monitor_association.pool_name = $name;
    $monitor_association.monitor_rule = New-Object -TypeName iControl.LocalLBMonitorRule;
    $monitor_association.monitor_rule.type = "MONITOR_RULE_TYPE_AND_LIST";
    $monitor_association.monitor_rule.quorum = 1;
    $monitor_association.monitor_rule.monitor_templates = ("http", "gateway_icmp");
    $monitor_associations = (, $monitor_association);

    Write-Host "Assigning monitors to Pool `"$name`"...";
    (Get-F5.iControl).LocalLBPool.set_monitor_association(
      $monitor_associations
    );
  }
}

#-------------------------------------------------------------------------
function Create-Virtual()
#-------------------------------------------------------------------------
{
  param([string]$name, [string]$ip, [long]$port, [string]$pool);
  $vs_list = (Get-F5.iControl).LocalLBVirtualServer.get_list();
  if ( -not (Is-InList -search $name -list $vs_list) )
  {
    $definition = New-Object -TypeName iControl.CommonVirtualServerDefinition;
    $definition.name = $name;
    $definition.address = $ip;
    $definition.port = $port;
    $definition.protocol = "PROTOCOL_TCP";
    $definitions = (, $definition);
    $wildmasks = (, "255.255.255.255");
    $resource = New-Object -TypeName iControl.LocalLBVirtualServerVirtualServerResource;
    $resource.type = "RESOURCE_TYPE_POOL";
    $resource.default_pool_name = $pool;
    $resources = (, $resource);
    $profile = New-Object -TypeName iControl.LocalLBVirtualServerVirtualServerProfile;
    $profile.profile_context = "PROFILE_CONTEXT_TYPE_ALL";
    $profile.profile_name = "http";
    $profile2 = New-Object -TypeName iControl.LocalLBVirtualServerVirtualServerProfile;
    $profile2.profile_context = "PROFILE_CONTEXT_TYPE_ALL";
    $profile2.profile_name = "stream";
    $profileA = ($profile2, $profile);
    $profileAofA = (, $profileA);

    Write-Host "Creating Virtual Server `"$name`"...";
    
    (Get-F5.iControl).LocalLBVirtualServer.create(
      $definitions,
      $wildmasks,
      $resources,
      $profileAofA
    );
    
    Write-Host "Enabling SNAT Automap on Virtual Server `"$name`"...";
    (Get-F5.iControl).LocalLBVirtualServer.set_snat_automap(
      (, $name)
    );
  }
}

#-------------------------------------------------------------------------
function Create-iRule()
#-------------------------------------------------------------------------
{
  param([string]$virtual, [string]$rule_name);
  
  $rule_list = (Get-F5.iControl).LocalLBRule.get_list();
  if ( -not (Is-InList -search $rule_name -list $rule_list) )
  {
    $rule = New-Object -TypeName iControl.LocalLBRuleRuleDefinition;
    $rule.rule_name = $rule_name;
    $rule.rule_definition = @"
when HTTP_REQUEST {
  log local0. "Request for URI: [HTTP::uri]";
}
when HTTP_RESPONSE {
  log local0. "Response [HTTP::status]";
  STREAM::expression "@Test@Test (Modified by iRule)@";
  STREAM::enable;
}
"@;
    Write-Host "Creating iRule `"$rule_name`"...";
    (Get-F5.iControl).LocalLBRule.create(
      (, $rule)
    );
  }
  
  # Assign iRule to Virtual Server
  $vs_rules = (Get-F5.iControl).LocalLBVirtualServer.get_rule(
    (, $virtual)
  );
  $found = $false;
  foreach ($vs_rule in $vs_rules[0])
  {
    if ( $rule_name.Equals($vs_rule.rule_name) )
    {
      $found = $true;
    }
  }
  if ( -not $found )
  {
    $virtual_servers = (, $virtual);
    $rule = New-Object -TypeName iControl.LocalLBVirtualServerVirtualServerRule;
    $rule.rule_name = $rule_name;
    $rule.priority = 500;
    $rules = (, $rule);
    Write-Host "Assigning iRule `"$rule_name`" to virtual `"$virtual`"...";
    (Get-F5.iControl).LocalLBVirtualServer.add_rule(
      $virtual_servers,
      $rules
    );
  }
}


#-------------------------------------------------------------------------
# Main Application Logic
#-------------------------------------------------------------------------
if ( ($hostname -eq $null) -or ($user -eq $null) -or
    ($pass -eq $null) -or ($app_name -eq $null) -or
    ($external_ip -eq $null) -or ($internal_ip -eq $null) )
{
  Write-Usage;
}

if ( Do-Initialize )
{
  # Create VLANs
  Create-VLANs -external "external" -internal "internal"
  
  # Create SelfIPs
  $self_e = Next-Address -address $external_ip;
  $self_i = Next-Address -address $internal_ip;
  Create-SelfIPs -external $self_e -internal $self_i;
 
  # Create Pool
  Create-Pool -name $app_name -member_ip $internal_ip -member_port 80;
  
  # Create Virtual
  $virtual_ip = Next-Address $self_e;
  Create-Virtual -name $app_name -ip $virtual_ip -port 80 -pool $app_name;
  
  # Create iRule
  Create-iRule -virtual $app_name -rule_name $app_name;
}
else
{
  Write-Error "ERROR: iControl subsystem not initialized"
}
Published Mar 09, 2015
Version 1.0
devops
iControl
microsoft powershell with icontrol
No CommentsBe the first to comment