F5 Automation with PowerShell - Part 1
Introduction
Automation with F5 tools is a well-documented and searchable topic on F5 with numerous examples demonstrating both imperative and declarative techniques. Curl, python, Ansible, Terraform and several other tools present prominently within search results across numerous resources but PowerShell is sparsely represented. While PowerShell doesn’t provide anything past a language to invoke existing tools there are some peculiarities in getting PowerShell to exercise those tools in addition to collecting responses in manner that some logic can be applied to determine success.
This article explores the use of PowerShell as a medium for onboarding F5 equipment using the Declarative Onboarding (DO) and Application Services 3 (AS3) extensions. The resulting code is not intended to be a final product but more of a cookbook of sorts that can be executed start to finish to achieve the intent while preserving an ease at which parts of it can be extracted and incorporated into existing tools or architectures with minimal effort. For that reason, the code is intentionally left in a rough state. There is a lot of duplicate code and arguably a great deal of this could be refactored into a more elegant final product.
Before exploring the code, we provide an overview of the tools and resources used. If you are familiar with these, feel free to skip the next sections.
PowerShell
PowerShell is a command-line shell and scripting language that can be used for task automation and configuration management within the Windows family of software. It was made open source in 2016 so there are no doubt implementations that extend its reach to other systems and uses; however, those are not likely seen very often. Administrative tasks are usually performed by a cmdlet which are specialized classes that implement a specific operation. Access to data and data stores is provided by means of providers. Lastly, PowerShell provides access to COM and WMI (Windows Management Instrumentation) which allows administrative tasks to both local and remote Windows systems. WS-Management and CIM allows for remote management of Linux systems and network devices.
This article will focus on PowerShell as a scripting language almost exclusively. There are many resources far better to explore the various features of PowerShell and our intention here is to demonstrate how to interact with DO and AS3 rather than write PowerShell cmdlets and functions. However, this work could evolve in that direction and provide a robust set of tooling if desired.
For this article and code, PowerShell 7.1 was used, and it’s advised that the reader start there. If operationally that is not allowed or possible, some functions and techniques will need to be ported/modified to work properly in the supported environment. Lastly, there are two functions which will be used liberally to interact with the F5 system, more specifically DO and AS3. These will be discussed next.
Invoke-WebRequest
The Invoke-WebRequest cmdlet sends HTTP and HTTPS requests to a web page or web service. It parses the response and returns collections of links, images, and other significant HTML elements. It was introduced in PowerShell 3.0. An example request looks like the following:
$Response = Invoke-WebRequest -URI https://www.bing.com/search?q=how+many+feet+in+a+mile
$Response.InputFields | Where-Object {
$_.name -like "* Value*"
} | Select-Object Name, Value
Invoke-WebRequest is only used in a few places where more refined access to return values were required or not completely obvious with the next cmdlet.
A reference to Microsoft’s documentation can be found here: Invoke-WebRequest
Invoke-RestMethod
The Invoke-RestMethod cmdlet sends HTTP and HTTPS requests to Representational State Transfer (REST) web services that return richly structured data. PowerShell formats the response based to the data type. For an RSS or ATOM feed, PowerShell returns the Item or Entry XML nodes. For JavaScript Object Notation (JSON) or XML, PowerShell converts, or deserializes, the content into [PSCustomObject] objects.
Invoke-RestMethod is the preferred cmdlet for interaction with the F5 REST endpoints although in a few places the massaging of the return data is an inconvenience and thus Invoke-WebRequest was used instead. Its probable that Invoke-RestMethod could be used entirely, and for that matter Invoke-WebRequest, but demonstrations of both are hopefully of value. An example request looks like the following:
Invoke-RestMethod -Uri https://blogs.msdn.microsoft.com/powershell/feed/ | Format-Table -Property Title, pubDate
A reference to Microsoft’s documentation can be found here: Invoke-RestMethod
PSCustomObject
This is the return object from Invoke-RestMethod and this data type will need to be manipulated to process return data from the F5 REST endpoints. Microsoft provides a deep dive article on the topic that can be found here: PSCustomObject Deep Dive
F5 Automation Toolchain
F5 Automation Toolchain is a set of automation tools that makes it faster and easier to deploy and configure F5 application services via simple yet powerful declarative interfaces. It includes F5 Declarative Onboarding for layer 1–3 device provisioning, F5 Application Services 3 Extension for layer 4–7 configuration, and Telemetry Streaming for aggregating, normalizing, and forwarding app statistics and events to 3rd-party analytics. The toolchain enables developers to programmatically extend F5 application services—and integrate with CI/CD toolchains, orchestration systems, and 3rd-party ecosystems.
For this article, only DO and AS3 will be explored although these examples could be easily ported to automate Telemetry Streaming (TS) as well.
F5’s Product page can be found here: F5 Automation and Orchestration
Declarative Onboarding (DO)
F5 Declarative onboarding uses a declarative model to initially configure a BIG-IP device with all the required settings to get up and running. This includes system settings such as licensing and provisioning, network settings such as VLANs and Self IPs, and clustering settings if you are using more than one BIG-IP system.
F5’s documentation on DO can be found here: F5 Declarative Onboarding - 1.27
Application Services 3 Extension (AS3)
Application Services 3 Extension (referred to as AS3 Extension or more often simply AS3) is a flexible, low-overhead mechanism for managing application-specific configurations on a BIG-IP system. AS3 uses a declarative model, meaning you provide a JSON declaration rather than a set of imperative commands. The declaration represents the configuration which AS3 is responsible for creating on a BIG-IP system. AS3 is well-defined according to the rules of JSON Schema, and declarations validate according to JSON Schema. AS3 accepts declaration updates via REST (push), reference (pull), or CLI (flat file editing).
F5’s documentation on AS3 can be found here: F5 Application Services Extension - 3.26
Visual Studio Code
Visual Studio Code is a lightweight but powerful source code editor which runs on your desktop and is available for Windows, macOS and Linux. It comes with built-in support for JavaScript, TypeScript and Node.js and has a rich ecosystem of extensions for other languages (such as C++, C#, Java, Python, PHP, Go) and runtimes (such as .NET and Unity). For out purposes, we will use it as an editor for manipulating the PowerShell script, the JSON declarations that define what DO and AS3 do to configure out devices, and lastly as a platform to interact with the Big-IP for testing declarations. This additional functionality is added into Visual Studio by way of extension, nearly always free, that can extend its capabilities.
Visual Studio is free of charge and downloadable from Microsoft. There are excellent documents and videos of its use there and in other places. You can find Visual Studio Code here: Visual Studio Code
There are a few extensions that you will want to add into Visual Studio Code after you have installed it. Microsoft has documented how to browse and install extensions for Visual Studio Code here: Managing Extensions in Visual Studio Code
The extension you should install are:
The F5 Extension
Published from F5DevCentral, this extension increases your abilities to write Automated Tool Chain declarations with snippets, examples, and declaration schema validation. It will also assist with connecting, deploying, retrieving, and updating declarations on F5 devices. Long time users of F5 will recall the iRule editor. This is similar but far more powerful, on a much more feature rich editor, and actively maintained. Internal F5 makes frequent use of this tool when interacting with F5 Big-IP. The documentation can be found here: The F5 Extension
PowerShell
Ensure you use the Microsoft published extension. The extension rich PowerShell language support for Visual Studio Code. The extension is powered by the PowerShell language server and PowerShell Editor Services.
GitHub Pull Requests and Issues
This is optional but advised. The extension allows you to review and manage GitHub pull requests and issues in Visual Studio Code. Source control with GitHub is a lengthy topic best explored elsewhere but its importance to accessing freely available source is ubiquitous and requires no explanation of its value. This article will not require extensive use of this extension, but it is advised to have a GitHub account and access to the associated tools when exploring the subject beyond the scope of the article.
Source Files
For simplicity, the source files are located on GitHub here: Github - Automation PowerShell . You can download them and review along with the article or follow along and replicate from scratch. The source on GitHub is likely to be changed after publication of this article so some differences might be noticed. The release that was current when this article was written was v0.1.