How to automate licenses management on F5 BIG-IP via BIG-IQ License Manager ( Part-2 )
To continue Part-1, I wil introduce option-2 in Part-2
Option-2: Send API calls towards to BIG-IP via Declaration Onboarding (DO), automatic assign, revoke and relicense a license (pull) from an ELA/Utility license pool on a BIG-IQ LM.
With this option, we will leverage one of F5 automation tool chain components – Declaration Onboarding (DO) to pull the license on BIG-IP from BIG-IQ LM.
API calls target: BIG-IP
API type: Declarative API
Licenses Action: BIG-IP pulls license from BIG-IQ LM
BIG-IP DO API Endpoint:
POST https://{{big-ip}}/mgmt/shared/declarative-onboarding/
F5 BIG-IP API Document: Clouddocs Link
Prerequisite:
Install DO on BIG-IP (could be part of IaC code when use IaC automation tools like Terraform to provision F5 BIG-IP VE in Cloud)
Note: BIG-IQ LM doesn’t support DO, but BIG-IQ CM support DO. We don’t cover the BIG-IQ CM API use case in this doc.
Check if F5 BIG-IP DO install successful and version.
Declaration Onboarding (DO) API could be used to pull license from BIG-IQ LM and configure L1-L3 configurations on BIG-IP, also could be part of the IaC code and configure these initial configurations on new provisioned BIG-IP.
License assign from BIG-IQ LM
In my below example, I specified BIG-IQ LM management IP address, login credential, license pool name, keywords, BIG-IP login credential and chargebackTag etc. and post API call towards BIG-IP DO API Endpoint.
{
"schemaVersion": "1.0.0",
"class": "Device",
"async": true,
"label": "License BIG-IP via BIG-IQ utility license when BIG-IP is reachable from BIG-IQ",
"Common": {
"class": "Tenant",
"hostname": "bigip-f5vm01.example",
"myLicense": {
"class": "License",
"licenseType": "licensePool",
"bigIqHost": "10.1.1.5",
"bigIqUsername": "admin",
"bigIqPassword": "xxxxxx",
"licensePool": "loadv10",
"skuKeyword1": "MSP",
"skuKeyword2": "BTAWF200M",
"unitOfMeasure": "yearly",
"reachable": true,
"bigIpUsername": "admin",
"bigIpPassword": "xxxxxx",
"chargebackTag": "f5vm01"
}
Check the DO API task status by searching task id on Postman
You also can check or monitor the whole backend process/logs on BIG-IP.
tail -f /var/log/restnoded/restnoded.log
On the new provisioned BIG-IP, you can find the BEST+AWAF 200Mbps MSP license was applied successfully.
On BIG-IQ LM, Devices>License Management>Assignments, you can find this BIG-IP was assigned a right license successfully as expected.
License revoke from BIG-IQ LM
Specified BIG-IQ LM management IP address, login credential, revoke license pool name, keywords, BIG-IP login credential and chargebackTag etc. and post API call towards BIG-IP DO API Endpoint.
Compare the license assignment declaration, the revoke declaration needs to specify a “revokeFrom” with the right license pool name to revoke this license back to the pool.
{
"schemaVersion": "1.0.0",
"class": "Device",
"async": true,
"label": "Revoke BIG-IP via BIG-IQ utility license when BIG-IP is reachable from BIG-IQ",
"Common": {
"class": "Tenant",
"hostname": "bigip-f5vm01.example",
"myLicense": {
"class": "License",
"licenseType": "licensePool",
"bigIqHost": "10.1.1.5",
"bigIqUsername": "admin",
"bigIqPassword": "xxxxxx",
"revokeFrom": "loadv10",
"reachable": true,
"bigIpUsername": "admin",
"bigIpPassword": "xxxxxx",
"chargebackTag": "f5vm01"
}
}
}
Check the DO API task status by searching task id on Postman
Check on the BIG-IP and BIG-IQ LM, there is no license applied/assigned to this BIG-IP.
Summary
Both F5 BIG-IQ License Manager (LM) and BIG-IP VE could be supported to use automation tools/APIs to automate the license assignment/revoke/relicense etc. operations based on business requirements. Customer could choose their desired automation tools to integrate with F5 provided APIs to archive their automation goals.
All of the examples APIs and postman collections in this testing you can find in this Github Repo.
Published Oct 25, 2022
Version 1.0
Gavin_Wu
Employee
EmployeeNo CommentsBe the first to comment