cancel
Showing results for 
Search instead for 
Did you mean: 
Login & Join the DevCentral Connects Group to watch the Recorded LiveStream (May 12) on Basic iControl Security - show notes included.

Problem this snippet solves:

Available script and rest-api options for f5 automatic configurations.

How to use this snippet:


Code :

I think that it is interesting to share how on F5 different scripts can be run at different times and states.

 

 

1.You can use the cron job like on any linux device to run a script. As I have used this to restart the tomcat and httpd each night with "bigstart restart " or "tmsh restart /sys service " (https://support.f5.com/csp/article/K89999342), because of a bug till I upgade the devices (https://support.f5.com/csp/article/K25554628 ).

 

 

https://support.f5.com/csp/article/K03108954

 

 

 

 

 

2.Newer versions of F5 also have anacron tool that can add some randomness to the timframe when a script is run and many F5 default scripts use this and not the crontab:

 

 

https://support.f5.com/csp/article/K33730915

 

 

 

3.You can even trigger scripts on the F5 device if the state changes from active to standby or from standby to active by adding the scripts under /config/failover/. For example if you have a bug for a critical process that causes a failover ( you can use the command show /sys ha-status all-properties to check for this https://support.f5.com/csp/article/K20060182 ) but the device does not reboot or fix the process you can run a script to when the device becomes standby to restart the process.

 

 

https://support.f5.com/csp/article/K6008

 

 

 

 

 

4.You afcource can run scripts at the F5 start time (startup/bootup):

 

 

https://support.f5.com/csp/article/K11948

 

 

 

 

 

5.The final thing thing I can think of is to run a script at the backround that monitors the log and for example when there is a specific message in /var/log/ltm to trigger a tcpdump (in some cases better than creating a rotating tcpdum to catch an issue as per https://support.f5.com/csp/article/K65251607 ). The script can be a bash script with "tail -f" command that is run on the backround or better use the F5 intergrated "icall" feature.

 

 

Bash:

 

https://www.thegeekstuff.com/2010/12/5-ways-to-execute-linux-command/

 

 

Icall:

 

https://devcentral.f5.com/s/articles/what-is-icall-27404

 

https://devcentral.f5.com/s/articles/run-tcpdump-on-event

 

 

 

 

 

5.You can use utility "logger -p" to generate manually log messages in the F5 device's log for testing of your scripts as this is used also for SNMP custom alarm traps tests (for more about SNMP https://support.f5.com/csp/article/K3727 )

 

 

https://support.f5.com/csp/article/K86480148

 

 

 

6.You can also trigger scripts from an BIG-IQ device bt you still can't schedule them when to run:

 

https://clouddocs.f5.com/training/community/big-iq-cloud-edition/html/class5/module1/lab6.html

 

 

 

 

7.Of course the final option is to use ansible or python SDK that uses the F5 rest-api to execute commands on the F5 devices.

 

 

https://f5-sdk.readthedocs.io/en/latest/

 

 

 

 

 

 

8. You can even use TCP expect and bash for automations using SSH connection but this is really old way to do things:

 

 

https://devcentral.f5.com/s/articles/f5-automation-tcl-amp-bash-921

 

 https://f5-sdk.readthedocs.io/en/latest/userguide/ltm_pools_members_code_example.html

 

 

 

 

 

 

9.F5 is well integrated with Ansible and it is better than REST-API Python SDK or TCL for me as even the declarative AS3 interface is supported:

 

 

https://clouddocs.f5.com/products/orchestration/ansible/devel/

 

 https://clouddocs.f5.com/products/orchestration/ansible/devel/

 

 

https://www.f5.com/partners/technology-alliances/ansible

 

 

Imperative:

 

https://support.f5.com/csp/article/K42420223

 

https://clouddocs.f5.com/products/orchestration/ansible/devel/usage/playbook_tutorial.html

 

Declaritive:

 

https://www.f5.com/company/blog/f5-as3-and-red-hat-ansible-automation

 

https://clouddocs.f5.com/training/fas-ansible-workshop-101/3.0-as3-intro.html

 

 

 

 

 

10.For some automations without rest-api better use the F5 native cli scripts than bash with tmsh commands:

 

 

https://clouddocs.f5.com/cli/tmsh-reference/v14/modules/cli/cli_script.html

 

 

https://clouddocs.f5.com/api/tmsh/script__run.html

Tested this on version:

No Version Found
Version history
Last update:
‎30-Jun-2021 02:52
Updated by:
Contributors