cancel
Showing results for 
Search instead for 
Did you mean: 
Login & Join the DevCentral Connects Group to watch the Recorded LiveStream (May 12) on Basic iControl Security - show notes included.

Problem this snippet solves:

This codeshare has been deprecated due to a hosting platform corruption. I have moved code and conversation to a new record (on the same original URL) https://devcentral.f5.com/s/articles/bigip-report


can be Overview

This is a script which will generate a report of the BigIP LTM configuration on all your load balancers making it easy to find information and get a comprehensive overview of virtual servers and pools connected to them.

This information is used to relay information to our NOC and developers to give them insight in where things are located and to be able to plan patching and deploys. I also use it myself as a quick way get information or gather data used as a foundation for RFC's, ie get a list of all external virtual servers without compression profiles.

The script has been running on 13 pairs of load balancers, indexing over 1200 virtual servers for several years now and the report is widely used across the company and by many companies and governments across the world.

It's easy to setup and use and only requires guest permissions on your devices.

Demo/Preview

Please note that it takes time to make these so sometimes they're a bit outdated and they only cover one HA pair. However, they still serve the purpose of showing what you can expect from the report.

Interactive demo

http://loadbalancing.se/bigipreportdemo/

 

Screen shots

The main report:

0151T000003kQn1QAE.png

 

The device overview:

0151T000003kQn6QAE.png

Certificate details:

0151T000003kQn7QAE.png

How to use this snippet:

This codeshare has been deprecated due to a hosting platform corruption. I have moved code and conversation to a new record (on the same original URL) https://devcentral.f5.com/s/articles/bigip-report

Installation instructions

BigipReport REST

This is the only branch we're updating since middle of 2020 and it supports 12.x and upwards (maybe even 11.6).

Downloadhttps://loadbalancing.se/downloads/bigipreport-v5.5.4.zip

Documentation, installation instructions and troubleshooting: https://loadbalancing.se/bigipreport-rest/

Docker support

This will be the recommended way of running bigipreport in the near future. It's still undergoing testing but it's looking really good so far.

https://loadbalancing.se/2021/01/05/running-bigipreport-on-docker/

BigipReport (Legacy)

Older version of the report that only runs on Windows and is depending on a Powershell plugin originally written by Joe Pruitt (F5).

 

BigipReport (Stable):

https://loadbalancing.se/downloads/bigipreport-5.3.1.zip

BigipReport (BETA): https://loadbalancing.se/downloads/bigipreport-5.4.0-beta.zip

iControl Snapin: https://loadbalancing.se/downloads/f5-icontrol.zip

Documentation and installation instructions:

https://loadbalancing.se/bigip-report/

Upgrade instructions

Protect the report using APM and active directory

Written by DevCentral member Shann_P:

https://loadbalancing.se/2018/04/08/protecting-bigip-report-behind-an-apm-by-shannon-poole/

Got issues/problems/feedback?

Still have issues? Drop a comment below. We usually reply quite fast. Any bugs found, issues detected or ideas contributed makes the report better for everyone, so it's always appreciated.

---

Also trying out a Discord channel now. You're welcome to hang out with us there: https://discord.gg/RzmjgneW

Code :

85931,86647,90730

Tested this on version:

13.0
Comments
danielpenna_196
Nimbostratus
Nimbostratus
That is awesome, have run it up ourselves as a PoC and will set it up into production. The only thing extra I would like to see ( and will try and get it working ourselves ) is the iRules associated with a Virtual Server and the ability to see that iRule.
thennessey_2290
Nimbostratus
Nimbostratus
Excellent! Thanks for this!
Thanks guys, glad you liked it!
cookie2323_2299
Nimbostratus
Nimbostratus
i like this i am newwwwww...........................
Andrew78
Nimbostratus
Nimbostratus
This worked out great for me. My only comment is it wasn't abundantly clear on how to configure multiple load balancers. The syntax tripped me up since there was no example for multiple. I was trying commas, commas and parentheses... Finally figured out it's a semi-colon to delimit each load balancer and the parentheses needs to be changed to a curly brace. In case anyone else gets stuck on this... Example: $Global:bigipdict = @{ "172.16.0.1" = "LB1"; "172.16.0.2" = "LB2"; "172.16.0.3" = "LB3" }
Thank you for your comment Andrew, I will make it easier in the next version.
Walter_Kacynski
Cirrostratus
Cirrostratus
Can this script be adapted to report on "sys db" values? We have a need to reconcile any differences in this information since this falls outside of a sync group.
Yeah, it could. But I'm not sure how this would be presented and/or be beneficial as a permanent part in the report? I believe though that it would be easy to generate a comparison table. Can check it out tomorrow after work.
Here you go: http://pastebin.com/7Le9JFue /Patrik
tonytroubleshoo
Nimbostratus
Nimbostratus
Hi Patrick, this would work wonders in our environment. I am having issues getting it running...Do you have some simple instructions or quick guide to getting this up and running? I Powershell minimum version 3.0 - Check F5 Powershell Snap-in - Check A web server of your choice - ? You mean an F5 load-balancer of our choice to report from? I am surprised of how long F5 has had Load balalncers, but not a simplified way or guided way, to report configuration settings on them in our environment.. i.e. VIP's, pools, pool members, nodes, nodes IP, nodes port. Any help is much appreciated. Thanks again, Tony
Oh dear. The project information disappeared 2 months ago or so (devcentral bug) and it seems like I did not restore the installation instructions. Will do that right away!
For some reason I can't update the snippet. While waiting for the DC superheroes I'll add the info here. Brace yourself for no formatting at all! Instructions: 1. Copy the content of the Web folder to the root of your Web server. 2. Open the script and configure it. Minimum configuration is $user, pass, bigipdict and reportpath. Report path should point to the root of your web server. I recommend using a separate user for the report generation (Only guest access needed). 3. Run the script. 4. Done! Additional instructions: One thing that I have seen in the comments is that the bigipdict can be a bit tricky to declare. I will simplify that in a later version but for now I'll add some extra information here: Example: $Global:bigipdict = @{"192.168.100.1" = "mybigip.domain.local";"192.168.100.11" = "mybigip2.domain.local";} If you run into problems, just leave feedback in the comment section below. I'll do my best to help as soon as I can.
Hope that answered your questions Tony!
tonytroubleshoo
Nimbostratus
Nimbostratus
Thank you very much Patrik! I am now moving forward. For the web server, I am actually working off a Xeon system in the NOC, and want to just use it as the web server, I started up ISS, and have the inetpub folder and all. But I dont have a default.html in my webroot folder.. do I need to just create it? Thanks.. oh here are the first few errors I am getting.. 🙂 hopefully it helps... S C:\BigipReport3.8> C:\BigipReport3.8\NewBigIPReport3.8.ps1 Exception setting "OutputEncoding": "The handle is invalid. " At C:\BigipReport3.8\NewBigIPReport3.8.ps1:291 char:1 + [Console]::OutputEncoding = [System.Text.Encoding]::UTF8 + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : NotSpecified: (:) [], SetValueInvocationException + FullyQualifiedErrorId : ExceptionWhenSetting Test-Path : Cannot bind argument to parameter 'Path' because it is an empty string. At C:\BigipReport3.8\NewBigIPReport3.8.ps1:363 char:20 + if(Test-Path -Path $Global:NATFilePath){ + ~~~~~~~~~~~~~~~~~~~ + CategoryInfo : InvalidData: (:) [Test-Path], ParameterBindingValidationException + FullyQualifiedErrorId : ParameterArgumentValidati EmptyStringNotAllowed,Microsoft.PowerShell.Commands.TestPathComm and Initialize-F5.iControl : Could not initialize connection with supplied information At C:\BigipReport3.8\NewBigIPReport3.8.ps1:802 char:13 + $success = Initialize-F5.iControl -Username $user -Password $pass -HostName $bi ... + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : PermissionDenied: (10.8.96.175:String) [Initialize-F5.iControl], Exception + FullyQualifiedErrorId : 2,iControlSnapIn.CmdLet.Global.InitializeiControl
I will make a fresh install myself and test it. 🙂
Good news is that I fixed it. Bad news is that I can't update the file on devcentral! Will report to the DC guys.
Ok, you can try this link until they have fixed the problem with the forum: http://www.filedropper.com/bigipreport39 First time using file dropper for me so download and scan it at virustotal or something first. :) /Patrik
Sorry mate, I keep chasing them but no news yet.
Chased them again just now.
Adam_Embrey_252
Nimbostratus
Nimbostratus
Patrick, I am getting the following error Exception setting "SecurityProtocol": "Cannot convert null to type "System.Net.SecurityProtocolType" due to invalid enumeration values. Specify one of the following enumeration values and try again. The possible enumeration values are "Ssl3, Tls"." i have tried to edit line 287 to contain SSl3 or Tls and nothing seems to fix this. can you please advise? Thank you
Hi Adam! Which version of powershell are you using? Have you tried setting the variable $Global:useTLS12 to $false (or removing those 3 lines altogether)? Since I still can't update the project via DC I'll leave the last "stable" version in my dropbox for now: https://dl.dropboxusercontent.com/u/17343231/BigipReport3.9.zip Note that you need to re-configure the script a bit with the new version as it uses a list instead of dictionary when specifying the F5s. /Patrik
RossVermette
Nimbostratus
Nimbostratus
Hey, Love the script, but I have an issue when the pool members are defined using fqdn nodes. (Where you have a non and ephemeral node defined to represent the same server) The Pool/Members displays all nodes in the table even though they do not belong to the pool. any ideas on how to fix this?
Hi! Thanks! Keep an eye out for the next version. There's going to be quite a bit of improvement in usability. About your issue, could you please post a ltm config example (feel free to use dummy objects) which I can use to replicate the issue? /Patrik
Allright! Now I can update the codeshare again!
New versions out. Hope you like the new one! 🙂
RossVermette
Nimbostratus
Nimbostratus
Hey Patrik, Here is the sample conf: ltm pool /Common/ServicesUAT1_pool { description "" load-balancing-mode fastest-node members { /Common/nodename01.domainname.ca:80 { fqdn { autopopulate enabled name nodename01.domainname.ca } } /Common/nodename02.domainname.ca:80 { fqdn { autopopulate enabled name nodename02.domainname.ca } } } monitor /Common/HTTP-Head-Monitor } ltm node /Common/nodename01.domainname.ca { description "" fqdn { autopopulate enabled name nodename01.domainname.ca } } ltm node /Common/nodename02.domainname.ca { description "" fqdn { autopopulate enabled name nodename02.domainname.ca } }
I added the config and changed the nodes to facebook and google. Is this what you're seeing? http://imgur.com/rYnIAmp /Patrik
RossVermette
Nimbostratus
Nimbostratus
Sort of, it would show me all the fqdn nodes defined, even though they did not belong to that pool. (I haven't tried the latest 4.0 code, but was happening in the 3.9)
This is great, looking forward to building it out in my lab
Ross, could you please try version 4.0 and let me know the result? /Patrik
Thank you Sebastian! 🙂
RossVermette
Nimbostratus
Nimbostratus
I tried the 4.0 code but I seem to have issues with the following: access.log shows 10.0.2.2 - - [11/Mar/2016:15:11:22 -0600] "GET /json/virtualservers.json HTTP/1.1" 404 514 "http://127.0.0.1:22280/default.html" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.87 Safari/537.36" For some reason, the "json/virtualservers.json" doesn't get created. (The other json/monitors.json and pools.json do get created) I don't see any errors when I run the powershell script either. (Even enabled debug loggin, and no errors are thrown)
I think I know what it is. New version in a few minutes.
It was a referal to a future function that broke it. Try the new version? /Patrik
RossVermette
Nimbostratus
Nimbostratus
Sorry for the Delay, but you Rock! Latest version fixed the issue I was seeing with the fqdn members. I love the pool details view.(especially the curl/netcat links)
Thanks for your kind words! You might want to check out this one too? https://devcentral.f5.com/s/articles/web-ui-tweaks
DebenB_254182
Nimbostratus
Nimbostratus
thanks for posting such helpful content.. Tried this , its awesome. I this i can see client ssl-profile shows only YES and NO. I will like to add the profile name so thinking to modify below section ; please suggest if that work or any other changes needed. "@ } if($vs.sslprofile -ne "None"){ $Global:html += @" $($vs.sslprofile) ---> Modified from Yes to the added content. "@ } else { $Global:html += @" No "@ Also please guide how i can add VIP enabled / disabled status and poo/node availability status like UP or down. Regards Deben
Thank you for your kind words and suggestions. What you seek will come in the next version. I working on making a similar setup for the virtual servers as I did with the pool details. The issue I had with writing out the name of the SSL profile is that it would take up too much horizontal space in the table. What you suggested seems to be correct though and you're free to make any modifications to the code that you like. 🙂
DebenB_254182
Nimbostratus
Nimbostratus
Thanks Patrik, Eagerly waiting for next version :).. Meanwhile i will try bit modification if that works for me :) Regards A Cisco guy trying powershell .. ha ha ..:)
Andy_Edwards_25
Nimbostratus
Nimbostratus
I am getting the following error every time I run the script. It appears that the variable $pools is never declared. You cannot call a method on a null-valued expression. At C:\temp\Bigipreport4.0.1\Bigipreport-4.0.1.ps1:1262 char:6 + if(!$pools.loadbalancer.contains($Loadbalancer)){ + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : InvalidOperation: (:) [], RuntimeException + FullyQualifiedErrorId : InvokeMethodOnNull
Hi Andrew! Which variables have you configured. What happens if you in the powershell window enter "$pools" and press enter. I suspect that you've missed something in the config section.
mike_89584
Nimbostratus
Nimbostratus
Fantastic! - is it possible to auto refresh? / make it dynamic? - also in our particular scenario, we want to monitor one particular pool, and would be great if that could be made to be the default page? (with node view expanded? ) many thanks
Hi Mike! Thank you for your nice comments! Making it dynamic (getting realtime data) is too slow, but you could make it auto refresh. As it is today though you should bet a yellow/red button saying that a new report is available. I chose that way because I figured it would be annoying to look at a report data post and suddenly the page reloaded. Regarding the start page I might suggest that you use the share feature of the report and use that link to access the report. Would that work?
Andy
Nimbostratus
Nimbostratus
I have been trying to run this against a list of 45 F5, with ~750 VIPs but with no success. The script interrogates the F5 correctly and parses the information but no files are output, is there an upper limit on the amount of files that can be parsed? Also I tried running this in separate scripts and noticed that the output uses html absolute paths, rather than relative paths within the web server, if this were resolved I could split this into multiple scripts which seemed to resolve my issue.
Hi Andy! That's quite many machines. 🙂 You say the F5 parses the information from the F5's which means that the data collection should work. You can double check this by entering "$pools" in the Powershell prompt after the script has been running. If you get a long list of pools you should be good to go in terms of that. Another thing that could be an issue could be if one of the load balancers has not returned any data to the script (refer to the last section of the script where $loadbalancerdatamissing is set). Double check the execution to check for errors, or manually set the $loadbalancerdatamissing to $true before the check occurs.
DebenB_254182
Nimbostratus
Nimbostratus
@ paul.dawson Think you have to adjust PS ExecutionPolicy ; please check below Get-ExecutionPolicy –List ---> List all policies Set-ExecutionPolicy AllSigned -Scope CurrentUser ---> Set execution policy for current user
Hi Paul Which version of TMM are you running? The powershell script has a section where you can enable/disable TLS1.2. If the F5 powershell snap-in is not able to negotiate a cipher it will throw an exception that indicates invalid credentials, but this is NOT true. Also, get-credentials will not help you in this case as the user and password variables expects a string. I would also recommend you to run the script as a non-admin use later when you have made everything work as it does not require and special permissions on the server (just access to write the html files to the web root). Please update this thread if you still have problems.
Could be newer version of powershell than I use. I will issue a patch soon. Hang on. 🙂
Try the new version and please let me know if that solved it for you? Out of curiosity, could you please tell me the PS-version running on your server? Would like to figure out if it's a policy setting of version issue. /Patrik
Hi Paul! The color setting you're looking for is in /css/bigipreportstyle.css. 🙂 /Patrik
Version history
Last update:
‎05-Sep-2015 02:08
Updated by:
Contributors