Automate Data Group updates on many Big-IP devices using Big-IQ or Ansible or Terraform

Problem this snippet solves: In many cases generated bad ip address lists by a SIEM (ELK, Splunk, IBM QRADAR) need to be uploaded to F5 for to be blocked but the BIG-IQ can't be used to send data g...
Updated Dec 23, 2022
Version 12.0
Ansible
application delivery
BIG-IP
BIG-IQ
devops
StephanManthey's avatar
StephanManthey
Icon for MVP rankMVP
Jul 11, 2022

There are Ansible modules provided by F5 to handle datagroups. Especially with internal datagroups I had issues with the key/value-separator and whitespaces. That´s why I tend to stick to use internal datagroups as long as they aren´t too big.

Instead of using the F5 provided modules you might want to consider direct calls to the iControl REST API.

List existing internal datagroups, i.e.:

GET /mgmt/tm/ltm/data-group/internal$select=name,type

Creating an empty new datagroup, i.e. of type string:

POST /mgmt/tm/ltm/data-group/internal

{
    "description": "Test Datagroup",
    "name": "datagroup_virtual_lab.bit",
    "type": "string"
}

Replace the content of a datagroup, i.e.:

PATCH /mgmt/tm/ltm/data-group/internal/<datagroup-name>

{
    "description": "Test Datagroup",
    "name": "datagroup_virtual_lab.bit",
    "type": "string",
    "records": [
        {
            "name":"key1",
            "data":"data1"
        },
        {
             "name":"key2",
             "data":"data2"
        }
    ]
}

Add records to an existing datagroup, i.e.:

PATCH /mgmt/tm/ltm/data-group/internal/<datagroup-name>?options=records add { <key-name> { data <data-value> } }