Introducing the F5 CLI – Easy button for the F5 Automation Toolchain

The F5 command-line interface (F5-CLI) is the latest addition to the F5 automation family and helps to enable the ease of F5 deployment of application services using the F5 Automation toolchain and F5 cloud services.

The F5-CLI was built with ease of use in mind and takes its inspiration from other cloud-based command-line interfaces like those delivered via AWS, Azure, and GCP.

The beauty of the F5 CLI is that you can easily deploy your applications by using the AS3/DO/TS or the cloud services declarative model without any software development or coding knowledge, or the need to use third-party tools or programming languages in order to make use of the APIS.

Benefits of the F5 CLI:

• Quickly access and consume F5’s APIs and Services with familiar remote CLI UX

• Configurable settings

• Include common actions in Continuous Deployment (CD) pipelines

• Prototyping

Test calls that may be used in more complex custom integrations using the underlying SDK
Supports discovery activities/querying of command-line results (for example, “list accounts” to find the desired account which will be used as an input to final automation)

• Support quick one-off automation activities (for example, leveraging a bash loop to create/delete large lists of objects)

Ease of use

We are going to show two examples of using the F5 Command Line Interface (F5 CLI)

• Using the F5 CLI as a simple command line interface and

• Using the F5 CLI for rapid F5 integration into a simple automation pipeline

Using the F5 CLI straight from the command line

The F5 CLI is delivered as a docker container or as a Python application and is very simple to run.

One command is required to get the F5 CLI going as a docker image; for example:

docker run -it -v "$HOME/.f5_cli:/root/.f5_cli" -v "$(pwd):/f5-cli" f5devcentral/f5-cli:latest /bin/bash

And from there you can simply type “f5” and you will be presented with the command line options.

#f5 --help
Usage: f5 [OPTIONS] COMMAND [ARGS]...

Welcome to the F5 command line interface.

Options:
--version Show the version and exit.
--help Show this message and exit.

Commands:
bigip Manage BIG-IP
login Login to BIG-IP, F5 Cloud Services, etc.
cs Manage F5 Cloud Services
config Configure CLI authentication and configuration

--help is your friend here as it will show you all of the various options that you have.

Let’s look at a simple example of logging in and sending an F5 AS3 declaration to a Big-IP:

Login

#f5 login --authentication-provider bigip --host 2.2.2.2 --user auser --password apassword
{
    "message": "Logged in successfully"
}

Next, send a declaration to your BIG-IP, BIGIQ, F5 Cloud Services; for example:

The following command creates a VIP on a BIG-IP with 2 pool members and associates a WAF Policy.

bash-5.0# f5 bigip extension as3 create --declaration basicwafpolicy.json

Reference:

- Review the AS3 declaration above here

Using the F5 CLI as part of a continuous deployment pipeline

From there, it is also simple to think about ways that you could use the F5 CLI as part of a continuous deployment pipeline.

This example uses Jenkins. Jenkins is an open-source automation server. It helps automate the parts of software development related to building, testing, deploying, and facilitating continuous integration and continuous delivery.

It is relatively simple to use the F5 CLI as part of a Jenkins pipeline.

In my example, I run a docker container that is running a container-based Cloud Bees Jenkins distribution which in turn is running docker inside of the container in order to make use of the F5 CLI.

Configuring the F5 CLI to run on a Jenkins Docker container

In order to get Jenkins running in my lab I use the cloud bees Jenkins distribution. In my case for this demonstration I am running docker on my laptop. A production deployment would be configured slightly differently.

- First install docker: For more information on how to install docker, see the following. https://docs.docker.com/get-docker/

- Pull a cloud bees Jenkins distribution. https://hub.docker.com/r/cloudbees/cloudbees-jenkins-distribution/

docker pull cloudbees/cloudbees-jenkins-distribution

- Run the following command in a terminal in order to start the initial Jenkins setup.

docker run -u root -p 8080:8080 -p 50000:50000 -v ~/tmp/jenkins-data:/var/cloudbees-distribution -v /var/run/docker.sock:/var/run/docker.sock cloudbees/cloudbees-jenkins-distribution

- Access the Jenkins interface to perform the initial setup on

http://0.0.0.0:8080

You will need the initial admin password to proceed, which in my case is written into the terminal window from where I am running Jenkins.

Jenkins initial setup is required. An admin user has been created and a password generated.
Please use the following password to proceed to installation:

d425a181f15e4a6eb95ca59e683d3411

This may also be found at: /var/cloudbees-jenkins-distribution/secrets/initialAdminPassword

- Follow the in browser instructions to create users and then get the recommended plugins installed in Jenkins.

- After you have Jenkins configured you must then install the docker plugin inside of the container. Open another terminal window and in the terminal window run

docker ps

... make a note of the Jenkins container name ...

docker exec -it JENKINSCONTAINERNAME /bin/bash

... inside the container shell ...

apt install docker.io

Setting up your Jenkins pipeline

- Inside of Jenkins, select “new item” and then “pipeline.” You will then name your pipeline and select the “OK” button.

- After that, you will be presented with a list of tabs and you should be able to copy the pipeline code below into the pipeline tab. This then enables a fairly simple Jenkins pipeline that shows how easy it is to build an automation process from scratch.

The following is an example Jenkins pipeline that automates the F5-CLI:

pipeline {
/* These should really be in a vault/credentials store but for testing
* they'll be added as parameters that can be overridden in the job
* configuration.
*/
parameters {
string(name: 'BIG-IP_ADDRESS',
defaultValue: '2.2.2.2',
description: 'The IP address for BIG-IP management.')
string(name: 'BIG-IP_USER',
defaultValue: 'auser',
description: 'The user account for authentication.')
password(name: 'BIG-IP_PASSWORD',
defaultValue: 'apassword',
description: 'The password for authentication.')
booleanParam(name: 'DISABLE_TLS_VERIFICATION',
defaultValue: true,
description: 'Disable TLS and HTTPS certificate checking.')
}
agent {
docker {
image 'f5devcentral/f5-cli:latest'
}
}
stages {
stage('Prepare F5 CLI configuration') {
steps {
script {
if(params.DISABLE_TLS_VERIFICATION) {
echo 'Configuring F5 CLI to ignore TLS/HTTPS certificate errors'
sh 'f5 config set-defaults --disable-ssl-warnings true'
}
}
script {
echo "Authenticating to BIG-IP instance at ${params.BIG-IP_ADDRESS}"
sh "f5 login --authentication-provider bigip --host ${params.BIG-IP_ADDRESS} --user ${params.BIG-IP_USER} --password ${params.BIG-IP_PASSWORD}"
}
}
}
stage('Pull declaration from github (or not)') {
steps {
script {
echo 'Pull Waff Policy from Github'
sh 'wget https://raw.githubusercontent.com/dudesweet/simpleAS3Declare/master/basicwafpolicy.json -O basicwafpolicy.json'
}
}
}
stage('Post declaration to BIG-IP (or not)') {
steps {
script {
echo 'Post declaration to BIG-IP (or not)'
sh 'f5 f5 bigip extension as3 create --declaration basicwafpolicy.json'
}
}
}
}
}

Reference: Review the jenkinsfile here

I have also included a 5-minute presentation and video demonstration that covers using the F5 CLI. The video reviews the F5 CLI then goes on to run the above Jenkins pipeline:

https://youtu.be/1KGPCeZex6A

Conclusion

The F5 CLI is very easy to use and can get you up and running fast with the F5 API. You don’t have to be familiar with any particular programming languages or automation tools. You can use a command-line to use F5 declarative APIs for simple and seamless F5 service verification, automation, and insertion that can get you up and running with F5 services.

Additionally, we showed how easy it is to integrate the F5 CLI into Jenkins, which is an open-source software development and automation server. You can begin your automation journey and easily include F5 as part of your automation pipelines.

Perhaps the final thing I should say is that it doesn’t have to stop here. The next step could be to use the F5 Python SDK or to explore how F5 APIs can be integrated into the F5 Ecosystem like Ansible or Terraform and many more. For more information, your starting point should always be https://clouddocs.f5.com/.