BIG-IQ Central Management API automation and programmability - Workflow - Python

Summary

In conjunction with the announcement of BIG-IQ 5.0 we are excited to bring the field greater flexibility when centrally managing BIG-IP devices utilizing well defined workflows and the BIG-IQ iControl REST API. We understand that automation and programmability is becoming more the norm these days as the network is evolving into a software defined application aware environment.

This article will provide a basic example for first establishing trust while adding a device to inventory, second importing device configuration into BIG-IQ's configuration database and finally adding device to a license pool all utilizing the BIG-IQ rest api uri provided by the interface.

Response is parsed in JSON format so there are dependencies required. 

This is intended to be an introduction to leveraging the API directly. We are in the process of developing a python object abstraction for the BIG-IQ CM REST API to provide even greater simplicity when leveraging automation for central management programmability. But we thought this level of detail may be appropriate to get the ball rolling.

The BIG-IQ CM SDK will be structured similar to version 0.1.7 BIG-IP iControl REST API described here:

---

BIGIP SDK - https://devcentral.f5.com/s/articles/f5-friday-python-sdk-for-big-ip-18233

BIGIP SDK Docs - https://f5-sdk.readthedocs.io/en/v0.1.7/

---

Let's get started ... READY ... SET ... GO ...

Here are the API URIs' used as reference for both Python and Perl examples below:

---

Trust: https://'bigiq-ip'/mgmt/cm/global/tasks/device-trust

Discovery: https://'bigiq-ip'/mgmt/cm/global/tasks/device-discovery

Import: ADC - https://'bigiq-ip'/mgmt/cm/adc-core/tasks/declare-mgmt-authority

Import: Firewall - https://'bigiq-ip'/mgmt/cm/firewall/tasks/declare-mgmt-authority

License: Pools - https://'bigiq-ip'/mgmt/cm/shared/licensing/pools

License: Members: - https://'bigiq-ip'/mgmt/cm/shared/licensing/pools/'member_uuid'/members

---

Using a python class abstraction (libraries can be located in /lib/) for Discovery, Import and Licensing, these tasks are a single call from one place which will provide the flexibility to create scripts defined by workflow.

For example, lets -

1. Negotiate trust certificates for a newly deployed BIGIP.

2. Discover the BIGIP device and add to inventory.

3. Import ADC configuration and resolve all differences to BIGIQ’s management database.

4. Import Firewall configuration and resolve all differences to BIGIQ’s management database.

5. Add this newly discovered BIGIP to a provisioned license pool using the base-registration-key as a filter.

Using the following python libraries, we can accomplish these tasks defined as methods in each class definition:

---

## Discovery

../lib/discovery.py: class Discover(object)

def device_trust(dev_id):

def ltm_discover(modules adc_core, firewall, asm, apm etc..):

## Import

../lib/import.py: class Import(object)

def import_ltm(dev_id):

def import_security(dev_id, afm=True):

## License

../lib/license.py : class License(object)

def license_pool(config):

---

Now it’s just a matter of putting the puzzle together in a script that will accomplish the workflow described above.

1. BIG-IQ and BIG-IP device address and credentials are read in from a configuration file (../config/..) the script first and passed into def workflow for processing.
2. Each method is called with argument <config> dictionary to perform the task required.
3. After completion each will return True or False depending on result from rest response code and some evaluation.

---

## Import libraries to leverage methods described above

from discovery import Discover

from import_module import Import

from license import License

## main def "workflow"

def workflow (Discover, License, Import, config):

  ## Trust "establish certificate exchange"

  result_trust = Discover.device_trust(config)

  ## Discover "add a BIGIP to inventory"

  result = Discover.ltm_discover(config, result_trust)  

  ## Import ADC "import adc configuration into database"

  result = Import.import_ltm(config, result_trust)

  ## Import AFM, ASM, APM "import module configuration into database"

  result = Import.import_sec(config, result_trust, afm=True)

  
## Add BIGIP member to license pool

  result = License.license_pool(config)

## Python main body

if __name__ == '__main__':

# read config file from ../config/..

config = {}

with open (file) as infile:

  config[str(key)] = val.strip('\n')

## create an instance of each imported class defined in the libraries

Discover = Discover(config)

Import = Import(config)

License = License(config)

## call the main program method "workflow"

workflow (Discover, Import, License, config)

---

If you are interested in this code for collaboration or solution, search on key words "bigiq" "api" "python" in code share section on dev central or you can refer to the reference link: 

Device trust, discovery and import using python requests - supported in Python version 2.7.9 and greater. 

https://devcentral.f5.com/s/articles/big-iq-trust-discovery-and-import-of-big-ip-using-rest-api-python-oo-973

Grants a license to a BIG-IP from an already-activated purchaced pool.

https://devcentral.f5.com/s/articles/big-iq-licensing-of-big-ip-using-rest-api-python-oo-974

We will also be adding to github and will update this article once completed. So please come back and visit us soon and often for additional content.