Programmatically authenticate with F5 VPN
- a PHP application on a server (Digital Ocean)
- this application needs to receive data updates every 30m from an external data source
- a database on a server managed by a different source (external to both our team and environments)
- to access this DB, we must first sign into the F5 VPN
What I'm looking for is a manner in which we can programmatically auth with F5 VPN so we can achieve a data pull programmatically every 30m per our requirements.
4 Replies
The only thing with such scripts is how to see the real output when using API:
curl -sku admin:niki@111 https://10.1.1.130/mgmt/tm/cli/script/niki -H "Content-Type: application/json"
Output API:
{"kind":"tm:cli:script:scriptstate","name":"niki","fullPath":"niki","generation":7832,"selfLink":"https://localhost/mgmt/tm/cli/script/niki?ver=16.1.3.2","apiAnonymous":"proc script::init {} {\n}\n\nproc script::run {} {\nreturn [tmsh::list ltm pool]\n}\n\nproc script::help {} {\n}\n\nproc script::tabc {} {\n}\n","ignoreVerification":"false","totalSigningStatus":"not-all-signed","verificationStatus":"none"}Output CLI:
root@(bigip2)(cfg-sync Standalone)(Active)(/Common)(tmos)# run cli script niki
ltm pool Fake-ICAP-pool {
members {
1.1.1.1:icap {
address 1.1.1.1
}
}Script:
root@(bigip2)(cfg-sync Standalone)(Active)(/Common)(tmos)# edit cli script niki
modify script niki {
proc script::init {} {
}proc script::run {} {
puts [tmsh::list ltm pool]
}proc script::help {} {
}proc script::tabc {} {
}Great thanks! I needed to run a bash command but I decided to go with "util/bash" API endpoint (https://community.f5.com/t5/technical-forum/running-bash-commands-via-rest-api/td-p/272516 ) but now I know I can also run bash commands from a tmsh script 🙂