F5 Friday: Python SDK for BIG-IP

We know programmability is important. Whether we’re talking about networking and SDN, or DevOps and APIs and templates, the most impactful technologies and trends today are those involving programmability.

F5 is, as you’re no doubt aware, no stranger to programmability. Since 2001 when we introduced iControl (API) and iRules (data path programmability) we’ve continued to improve, enhance, and expand the ability of partners, customers, and our own engineers and architects to programmatically control and redefine the application delivery experience.

With the emphasis today on automation and orchestration as a means for ops (and through it, the business) to scale more quickly and efficiently, programmability has never before been so critical to both operational and business success.

Which means we can’t stop improving and expanding the ways in which you (and us, too) can manage, extend, and deliver the app services everyone needs to keep their apps secure, fast, and available.

Now, iControl and iControl REST are both APIs built on open standards like SOAP, JSON, and HTTP. That means anyone who knows how to use an API can sit down and start coding up scripts that automate provisioning, configuration, and general management of not just BIG-IP (the platform) but the app services that get deployed on that platform.

And we’re not against that at all. But we also recognize that not everyone has the time to get intimately familiar with iControl in either of its forms. So we’re pretty much always actively developing new (and improving existing) software development kits (SDKs) that enable folks to start doing more faster. But so are you. We’ve got a metric ton of code samples, libraries, and solutions here on DevCentral that have been developed by customers and partners alike. They’re freely available and are being updated, optimized, extended and re-used every single day. We think that’s a big part of what an open community is – it’s about developing and sharing solutions to some of the industry’s greatest challenges.

And that’s what brings us to today’s exciting news. Well, exciting if you’re a Python user, at least, because we’re happy to point out the availability of the F5 BIG-IP Python SDK. And not just available to download and use, but available as an open source project that you can actively add, enhance, fork, and improve. Because open source and open communities produce some amazing things.

This project implements an SDK for the iControl REST interface for BIG-IP, which lets you create, edit, update, and delete (CRUD) configuration objects on a BIG-IP. Documentation is up to date and available here.

The BIG-IP Python SDK layers an object model over the API and makes it simpler to develop scripts or integrate with other Python-based frameworks. The abstraction is nice (and I say that with my developer hat on) and certainly makes the code more readable (and maintainable, one would assume) which should help eliminate some of the technical debt that’s incurred whenever you write software,  including operational scripts and software. 

Seriously, here’s a basic sample from the documentation: 

from f5.bigip import BigIP

# Connect to the BigIP
bigip = BigIP("bigip.example.com", "admin", "somepassword")

# Get a list of all pools on the BigIP and print their name and their
# members' name
pools = bigip.ltm.pools.get_collection()
for pool in pools:
    print pool.name
    for member in pool.members:
        print member.name

# Create a new pool on the BigIP
mypool = bigip.ltm.pools.pool.create(name='mypool', partition='Common')

# Load an existing pool and update its description
pool_a = bigip.ltm.pools.pool.load(name='mypool', partition='Common')
pool_a.description = "New description"
pool_a.update()

# Delete a pool if it exists
if bigip.ltm.pools.pool.exists(name='mypool', partition='Common'):
    pool_b = bigip.ltm.pools.pool.load(name='oldpool', partition='Common')
    pool_b.delete()

Isn’t that nice? Neat, understandable, readable. That’s some nice code right there (and I’m not even a Python fan, so that’s saying something). Don’t let the OpenStack reference fool you. While the first “user” of the SDK is OpenStack, it is stand-alone and can be used on its own or incorporated into other Python-based frameworks.

So if you’re using Python (or were thinking about) to manage, manipulate, or monitor your BIG-IPs, check this one out. Use it, extend it, improve it, and share it. 

Happy scripting!

Published Mar 11, 2016
Version 1.0
devops
iControl
iControlREST
openstack
python
  • Ed_Summers's avatar
    Ed_Summers
    Icon for Nimbostratus rankNimbostratus
    Nov 16, 2016

    Has this been updated to enable token authentication when using v12 or later with an external authentication source? Are examples available for that scenario?

     

  • David_Carlson's avatar
    David_Carlson
    Icon for Nimbostratus rankNimbostratus
    Jan 05, 2017

    I'm trying part of the sample code to learn this and I'm getting security warnings.

     

    InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.htmlssl-warnings

     

    After reading the information listed and applying the code cited I still get the same error. I've tried disabling warnings as well as verifying the certs but neither works. Anyone have any ideas as to what I'm doing wrong? Thank you..

     

     import urllib3
 urllib3.disable_warnings()

import certifi
import urllib3
http = urllib3.PoolManager(
    cert_reqs='CERT_REQUIRED',
    ca_certs=certifi.where())
    
import requests
from f5.bigip import BigIP
 Connect to the BigIP
bigip = BigIP("address", "admin", "pw")
 Get a list of all pools on the BigIP and print their name and their
 members' name
pools = bigip.ltm.pools.get_collection()
for pool in pools:
    print (pool.name)
    for member in pool.members_s.get_collection():
        print (member.name)
  • __J___262279's avatar
    __J___262279
    Icon for Nimbostratus rankNimbostratus
    Jan 11, 2017

    Nice, why did this just pop up in my top search when I just finished writing almost the exact same module for powershell? This could have saved me some long weeks! But nice to see more lang SDKs popping up and growing.

     

  • Eljay's avatar
    Eljay
    Icon for Cirrus rankCirrus
    Jan 12, 2017

    I get an SDK-error in Python 3 (AttributeError: 'dict' object has no attribute 'iteritems') when I use "....ltm.virtuals.virtual.load(partition=virtual.partition, name=virtual.name)". I googled it and a user on Stackoverflow.com says that "iteritems()" has been removed in Python 3. Is there a way to make a workaround or do I have to downgrade Python from v3 to v2.x? I'm a Python noob, so please bear with me.

     

  • Eljay's avatar
    Eljay
    Icon for Cirrus rankCirrus
    Jan 12, 2017

    Thanks a lot, David.

     

    Just for the record, all I did was running this command and my problem was solved: "pip install --upgrade git+;

     

  • David_Carlson's avatar
    David_Carlson
    Icon for Nimbostratus rankNimbostratus
    Jan 12, 2017

    Yes they fixed the code but being a newbie myself I didn't know I needed to install git as well. That was the thread I started so as you can see I am learning :-)

     

  • Kurt_Kite_11866's avatar
    Kurt_Kite_11866
    Icon for Nimbostratus rankNimbostratus
    Jan 13, 2017

    First, thanks very much for the SDK! It is very useful. I have been playing around with creating pools and virtual servers. I have run into the following error when trying to add profiles to a virtual server. The code is as follows:

     

    myvirtual = bigip.ltm.virtuals.virtual.create(name="testvirtual", destination="10.25.32.53:443", ipProtocol="tcp", pool="testpool") profiles = myvirtual.profiles_s profile = myvirtual.profiles_s.profiles myvirtual.profiles_s.profiles.create(partition="Common",name="tcp-lan-optimized")

     

    The error:

     

    raise iControlUnexpectedHTTPError(error_message, response=response)

    icontrol.exceptions.iControlUnexpectedHTTPError: 400 Unexpected Error: Bad Request for uri: https://10.25.46.19:443/mgmt/tm/ltm/virtual/~Common~testvirtual/profiles/ Text: u'{"code":400,"message":"01070097:3: Virtual server /Common/testvirtual lists duplicate profiles.","errorStack":[],"apiError":3}'

     

    If I get the virtual details I see that there is a tcp profile assigned, I assume by default, when the virtual is created. Do I need to remove this default profile before I create the one that I want? I am able to create "http" and "oneconnect" profiles using the above method without any issues.

     

  • Kurt_Kite_11866's avatar
    Kurt_Kite_11866
    Icon for Nimbostratus rankNimbostratus
    Jan 21, 2017

    I figured out that I had to delete tcp profile before I created the tcp-lan-optimized profile and both had to be wrapped in a transaction.

     

    Now, I'm stuck on how to assign iRules to the virtual. Anybody have an example of that? I am not able to figure it out from the API documentation.