Microsoft Powershell with iControl

This component is not supported and we recommend reviewing Joel Newton's Powershell Module for iControlREST Code submission first.

From the desk of Joe Pruitt (July 29, 2013)

When we shipped DC4, we started looking at Windows PowerShell and how we could build some integration points with our products. The first pass was a set of PowerShell script files that we introduced in the PowerShell Labs section of DevCentral. No soon after we posted them, the requests started pouring in on when we would provide some native PowerShell CmdLets in addition to the function scripts.

Well, I spent a little bit of time working some out and whipped out a good first rough draft. I've been holding on to these for a while now but figured they would do better out in the wild then trapped in a folder on my laptop.

So, last night I posted an installer for the first release of the iControl CmdLets for PowerShell. Here's a step by step on getting up and running with the new bits.

Download and install PowerShell from Microsoft
Go to the PowerShell Labs page on DevCentral and select the "Download Now" link.  This will download the Cmdlet installer.
Run the iControlSnapInSetup.msi installer.  This will install the SnapIn into the c:\program files\F5 Networks\iControlSnapIn directory.

Start PowerShell from the Windows Start menu.
Cd to c:\program files\F5 Networks\iControlSnapIn directory
Dot Source the setup script (only once after the install)
PS > . .\setupSnapIn.ps1)

Load the SnapIn into the Runtime
PS > Add-PSSnapIn iControlSnapIn

Initialize the iControl connection with the Initialize-F5.iControl CmdLet
PS > Initialize-F5.iControl -Hostname bigip_address -Credentials (Get-Credential)

Run the Get-F5.iControlCommands CmdLet to list out all the available Cmdlets.
PS > Get-F5.iControlCommands

Try out some of the CmdLets
PS > Get-F5.LTMPool

 

Notes From the Legacy Download:

Comment made 08-Jun-2016 by Patrik Jonsson

Needed to add .Net 2.0 in add/remove windows features. Then it worked in Windows 10. The installation script should be changed to throw and error if the installutil file does not exist instead of quitting silently.

 Ken B Comment made 22-Jun-2016 by Ken B

The problem I had getting this working was that I had to right-click the downloaded .zip file, properties, and click the "unblock" button on the General tab. Then I had to copy the files from the .zip to a folder under c:\Program Files\f5\icontrol. Then I ran PS As Administrator, then ran .\setupSnapIn.ps1, then I was *finally* able to run the "Add-PSSnapIn iControlSnapIn" command to get things going.

Comment made 17-Jan-2017 by Joel Newton

You can update the InstallPSSnapin.ps1 script to reference the .NET v4 install utility. Just replace the reference in setupSnapin.ps1 from

$env:windir\Microsoft.Net\Framework${platform}\v2.0.50727\installUtil.exe

to

$env:windir\Microsoft.Net\Framework${platform}\v4.0.30319\installUtil.exe

I don't believe there are any plans to replace the snapin with a module. My recommendation would be to use the REST API if possible.

Comment made 05-Jul-2017 by Patrik Jonsson

You can also use Joel's module: Powershell Module for the F5 LTM REST API

Downloads:

v11.00.00 Released August 10, 2013
v11.04.01 Released December 02, 2013
v11.05.00 Released February 18, 2014
v11.06.00 Released August 28, 2014
v12.01.00 Released May 09, 2016
v13.00.00 Released March 21, 2017
v13.01.00 Released November 11, 2017
Published Jun 21, 2019
Version 1.0
  • - this content is outside my wheelhouse BUT...did you make sure to check Joel's Codeshare? https://devcentral.f5.com/s/articles/powershell-module-for-the-f5-ltm-rest-api

    The note at the top of this article says this particular component isn't supported anymore...so maybe you'll have better luck reviewing Joel's contribution.

     

    IF, on the other hand, that doesn't apply to you then you might try PM'ng Joel directly.

    You can do that under Profile Icon > Messages

     

    Hope that helps.

    Lief

  • For any others looking to extend the session for a powershell connection to LTM, after installing the module find the new-f5session file under "C:\Program Files\WindowsPowerShell\Modules\F5-LTM\1.4.295\Public" you can edit line 20 to a greater value.

    -    [ValidateRange(300,36000)][int]$TokenLifespan=1200

     

    If a session does end, you can exit powershell, restart it and run new-f5session again.

  • Thanks Leif. Here's my question for just getting started.

    Thought I would finally try this out, I have an irule to add to all VIPs using HTTPs. Seemed that would be easy and quick. I loaded the module, all went well and pretty slick. I needed to use -passthrough with the session to be able to run:

    Get-VirtualServer | Where-Object {($_.Destination -like "*443*")} | Select-Object Name

    with passthrough in my new-f5session command I was good.

    Then a few minutes later I got this error and do not know how to get around it.

    Invoke-F5RestMethod : "401 F5 Authorization Required: X-F5-Auth-Token does not exist.

    I tried new-f5session, logged in again, still got the error. Shut down powershell and tried it all again, still got th error.

     

    How do I set my session to last longer?

    What are the steps required to set a new token?

    Within powershell what is the syntax for add-iruletovirtualserver? I have an irule that I want to apply to virtual servers, is this run with the get-virtualserver context?

    get-virtualserver $vsname | add-iruletovirtualserver $irulename?

    I keep getting False returned.

    @Joel Newton(MVP) can you help?

  • @The-messenger

     

    The original author of this article is no longer with F5 and while I wouldn't be surprised if there is an F5'er who might engage to dig deeper with you - the chances of finding him or her or any other skilled individual goes up really fast by starting a question.

     

    Feel free to link this article in your question, @mention folks (such as Gianluca, @Patrik Jonsson (MVP), etc here who have been engaged) to 'guide' them to your conversation, and give as much detail as you feel comfortable giving; detail stimulates conversation.

     

    If you do that and don't get any reasonable response..send me the URL (either @mention me or send me a Direct Message) and I will kick it around our ENG groups to see if there is .

  • Is there a location to discuss and understand better the use of the module? I installed it ran a couple commands, wow! really cool, came back a few minutes later and the X-F5-Auth-Token doesn't exist. Creating a new session didn't help. Not what I expected but surely I'm missing something I need to do, to make this useful.

     

    Can you point me to a place to discuss, ask, get more information?

  • Hello,

    after latest updates from MS the initialize function does not work anymore without TLS. Simpy add

    [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12

    before Initialize-F5.iControl -Hostname bigip_address -Credentials (Get-Credential)

    Regards.

     

    G.