Getting Started with iControl: Working with the System

So far throughout this Getting Started with iControl series, we’ve worked our way through history, libraries, configuration object, and statistics. In this final article in the series, we’ll tackle a few system functions, namely system ntp and dns settings, and then generating a qkview. Some of the system functions are new functionality to iControl with the rest portal, as system calls are not available via soap. The rule of thumb here is if the system call is available in tmsh via the util branch, it’s available in the rest portal. 


System DNS Settings

When setting up the BIG-IP, some functions require an active DNS configuration to perform lookups. In the GUI, this is configured by navigating to System->Configuration->Device->DNS. In tmsh, it’s configured by modifying the settings in /sys/dns. Note that there is not a create function here, as the DNS objects themselves already exist, whether or not you have configured them. Because of this, when updating these settings via iControl rest, you’ll use the PUT method. An example tmsh configuration for the DNS settings is below:

[root@ltm3:Active:Standalone] config # tmsh list sys dns
sys dns {
    name-servers { 10.10.10.2 10.10.10.3 }
    search { test.local }
}

This formatted in json looks like this:

{"nameServers": ["10.10.10.2", "10.10.10.3"], "search": ["test.local"]}
with a PUT to https://hostname/mgmt/tm/sys/dns.

Powershell DNS Settings

#----------------------------------------------------------------------------
function Get-systemDNS()
#
# Description
#   This function retrieves the system DNS configuration
#
#----------------------------------------------------------------------------
{
$uri = "/mgmt/tm/sys/dns";
$link = "https://$Bigip$uri";
$headers = @{};
$headers.Add("ServerHost", $Bigip);

$secpasswd = ConvertTo-SecureString $Pass -AsPlainText -Force
$mycreds = New-Object System.Management.Automation.PSCredential ($User, $secpasswd)

$obj = Invoke-RestMethod -Method GET -Headers $headers -Uri $link -Credential $mycreds

    Write-Host "`nName Servers";
    Write-Host "------------";
    $items = $obj.nameServers;
    for($i=0; $i -lt $items.length; $i++) {
        $name = $items[$i];
        Write-Host "`t$name";
    }

    Write-Host "`nSearch Domains";
    $items = $obj.search;
    for($i=0; $i -lt $items.length; $i++) {
        $name = $items[$i];
        Write-Host "`t$name";
    }
    Write-Host "`n"

}

#----------------------------------------------------------------------------
function Set-systemDNS()
#
# Description
#   This function sets the system DNS configuration
#
#----------------------------------------------------------------------------
{
    param(
        [array]$Servers,
        [array]$SearchDomains
    );
    $uri = "/mgmt/tm/sys/dns";
    $link = "https://$Bigip$uri";
    $headers = @{};
    $headers.Add("ServerHost", $Bigip);
    $headers.Add("Content-Type", "application/json");

    $obj = @{
        nameServers = $Servers
        search = $SearchDomains
    };
    $body = $obj | ConvertTo-Json
$secpasswd = ConvertTo-SecureString $Pass -AsPlainText -Force
$mycreds = New-Object System.Management.Automation.PSCredential ($User, $secpasswd)

$obj = Invoke-RestMethod -Method PUT -Uri $link -Headers $headers -Credential $mycreds -Body $body;
    Get-systemDNS;

}

Python DNS Settings

def get_sys_dns(bigip, url):
    try:
        dns = bigip.get('%s/sys/dns' % url).json()
        print "\n\n\tName Servers:"
        for server in dns['nameServers']:
            print "\t\t%s" % server
        print "\n\tSearch Domains:"
        for domain in dns['search']:
            print "\t\t%s\n\n" %domain

    except Exception, e:
        print e


def set_sys_dns(bigip, url, servers, search):
    servers = [x.strip() for x in servers.split(',')]
    search = [x.strip() for x in search.split(',')]
    payload = {}
    payload['nameServers'] = servers
    payload['search'] = search
    try:
        bigip.put('%s/sys/dns' % url, json.dumps(payload))
        get_sys_dns(bigip, url)
    except Exception, e:
        print e

System NTP Settings

NTP is another service that some functions like APM access require. In the GUI, the settings for NTP are configured in two places. First, the servers are configured in System->Configuration->Device->NTP. The timezone is configured on the System->Platform page. In tmsh, the settings are configured in /sys/ntp. Like DNS, these objects already exist, so the iControl rest method will be a PUT instead of a POST. An example tmsh configuration for the NTP settings is below:

[root@ltm3:Active:Standalone] config # tmsh list sys ntp
sys ntp {
    servers { 10.10.10.1 }
    timezone America/Chicago
}

This formatted in json looks like this:

{"servers": ["10.10.10.1"], "timezone": "America/Chicago"}
with a PUT to https://hostname/mgmt/tm/sys/ntp.

Powershell NTP Settings

#----------------------------------------------------------------------------
function Get-systemNTP()
#
# Description
#   This function retrieves the system NTP configuration
#
#----------------------------------------------------------------------------
{
$uri = "/mgmt/tm/sys/ntp";
$link = "https://$Bigip$uri";
$headers = @{};
$headers.Add("ServerHost", $Bigip);

$secpasswd = ConvertTo-SecureString $Pass -AsPlainText -Force
$mycreds = New-Object System.Management.Automation.PSCredential ($User, $secpasswd)

$obj = Invoke-RestMethod -Method GET -Headers $headers -Uri $link -Credential $mycreds

    Write-Host "`nNTP Servers";
    Write-Host "------------";
    $items = $obj.servers;
    for($i=0; $i -lt $items.length; $i++) {
        $name = $items[$i];
        Write-Host "`t$name";
    }

    Write-Host "`nTimezone";
    $item = $obj.timezone;
    Write-Host "`t$item`n";

}

#----------------------------------------------------------------------------
function Set-systemNTP()
#
# Description
#   This function sets the system NTP configuration
#
#----------------------------------------------------------------------------
{
    param(
        [array]$Servers,
        [string]$TimeZone
    );
    $uri = "/mgmt/tm/sys/ntp";
    $link = "https://$Bigip$uri";
    $headers = @{};
    $headers.Add("ServerHost", $Bigip);
    $headers.Add("Content-Type", "application/json");

    $obj = @{
        servers = $Servers
        timezone = $TimeZone
    };
    $body = $obj | ConvertTo-Json
$secpasswd = ConvertTo-SecureString $Pass -AsPlainText -Force
$mycreds = New-Object System.Management.Automation.PSCredential ($User, $secpasswd)

$obj = Invoke-RestMethod -Method PUT -Uri $link -Headers $headers -Credential $mycreds -Body $body;
    Get-systemNTP;

}

Python NTP Settings

def get_sys_ntp(bigip, url):
    try:
        ntp = bigip.get('%s/sys/ntp' % url).json()
        print "\n\n\tNTP Servers:"
        for server in ntp['servers']:
            print "\t\t%s" % server
        print "\n\tTimezone: \n\t\t%s" % ntp['timezone']

    except Exception, e:
        print e


def set_sys_ntp(bigip, url, servers, tz):
    servers = [x.strip() for x in servers.split(',')]
    payload = {}
    payload['servers'] = servers
    payload['timezone'] = tz
    try:
        bigip.put('%s/sys/ntp' % url, json.dumps(payload))
        get_sys_ntp(bigip, url)
    except Exception, e:
        print e

Generating a qkview

Moving on from configuring some system settings to running a system task, we’ll now focus on a common operational task: running a qkview. In the GUI, this is done via System->Support. This is easy enough at the command line as well with the simple 

qkview
 command at the bash prompt, or via tmsh as show below:

[root@ltm3:Active:Standalone] config # tmsh run util qkview
Gathering System Diagnostics: Please wait ...
Diagnostic information has been saved in:
/var/tmp/ltm3.test.local.qkview
Please send this file to F5 support.

This formatted in json looks like this:

{"command": "run"}
with a POST to https://hostname/mgmt/tm/util/qkview.

Powershell - Run a qkview

#----------------------------------------------------------------------------
function Gen-QKView()
#
# Description
#   This function generates a qkview on the system
#
#----------------------------------------------------------------------------
{
    $uri = "/mgmt/tm/util/qkview";
    $link = "https://$Bigip$uri";
    $headers = @{};
    $headers.Add("serverHost", $Bigip);
    $headers.Add("Content-Type", "application/json");
    $secpasswd = ConvertTo-SecureString $Pass -AsPlainText -Force
    $mycreds = New-Object System.Management.Automation.PSCredential ($User, $secpasswd)

    $obj = @{
        command='run'
    };
    $body = $obj | ConvertTo-Json
    Write-Host ("Running qkview...standby")
    $obj = Invoke-RestMethod -Method POST -Uri $link -Headers $headers -Credential $mycreds -Body $body;
    Write-Host ("qkview is complete and is available in /var/tmp.")
}

Python - Run a qkview

def gen_qkview(bigip, url):
    payload = {}
    payload['command'] = 'run'
    try:
        print "\n\tRunning qkview...standby"
        qv = bigip.post('%s/util/qkview' % url, json.dumps(payload)).text
        if 'saved' in qv:
            print '\tqkview is complete and available in /var/tmp.'
    except Exception, e:
        print e

Going Further

Now that you have a couple basic tasks in your arsenal, what else might you add? Here are a couple exercises for you to build your toolbox:

  • Configure sshd, creating a custom security banner.
  • Configure snmp
  • Extend the qkview function to support downloading the qkview file generated.

Resources

All the scripts for this article are available in the codeshare under "Getting Started with iControl Code Samples."

Updated Jun 06, 2023
Version 2.0
  • AN's avatar
    AN
    Icon for Nimbostratus rankNimbostratus

    how you access different partition on big IP using iControl..

     

  • Note on "Generating a qkview":

     

    In v12.1.2, the QKView is located in a temporarily created folder: /shared/support/support.tar.gz

     

    When the file is deleted via the WebGUI, the /support/ folder is also deleted.

     

    ...Patrick