F5 Automation with PowerShell - Part 5

Getting Started

Before jumping straight into the code, we should layout the activities that we will need to explore as well as the goal of this script as a composite. The basic objective will be to take a deployed F5 Big-IP that has only a management IP address and after completion be a fully deployed Big-IP with an example Virtual IP (VIP) and Pool. The configuration will be purposes terse, as the goal is less about complex configuration and more how to perform these actions with PowerShell. These objectives can be broken down as follows:

• Collect username and password from the command line
• Get an Authentication Token from the Big-IP
• Verify the Authentication Token
• Change the Password Policy
• Change Passwords
• Get the System Version with the Token
• Upload the DO RPM
• Upload the AS3 RPM
• Install the DO Package
• Install the AS3 Package
• Upload a DO Configuration and Verify
• Upload an AS3 Configuration and Verify

Part 5 of this series will provide some final thoughts on where the code can be evolved.

Crafting Declarations and Visual Studio Code

Initially, I had wanted to include a section that would focus on using Visual Studio Code to work with the declarations, and PowerShell code if desired. After completing the bulk of this content it became clear that the Visual Studio Code content would be best covered in an independent and focused article. However, I will make a few points here in brevity that I feel are critical:

If you are not using Visual Studio Code (VS Code) to interact with your Big-IP systems, you should take a little time and familiarize yourself with VS Code and The F5 Extension. This was initially a replacement for the iRule editor that F5 used to distribute but has evolved into a much more powerful tool. This was discussed at the top of this article, but I want to emphasize that all the code and declarations for this article were constructed and tested using VS Code exclusively. The declarations can be written, syntactically verified, and uploaded to a Big-IP system and the return data is easily displayed for interrogation. I would personally accept no alternative when crafting declarations.

I also used VS Code for the PowerShell cookbook; however, I will concede that there are other tools and resources that are likely popular alternatives. The integration of source control and having all your automation maintainable within a single tool is compelling and if you need to build an extensive framework you should carefully assess these tools in keeping your architecture streamlined.

Lastly, if you are not a ‘code monkey’ and developer IDEs are things you try to avoid I would encourage you at least peek at VS Code and The F5 Extension.  While its real power lies in scripting, development, automation, and other data manipulation there are tools to more traditional users that are also valuable.

Final Thoughts

Throughout the creation of this content, I discovered and evolved some of my thinking on how to craft the requests and returns, which should be evident when looking through the code. I resisted going back and updating earlier parts of the code purposefully both for clarity and to present some alternatives in your approach. This code can be vigorously refactored for a more enterprise level approach. A few ideas would be:

• Refactor the Invoke-WebMethod and Invoke-RestMethod calls into a general function and provide a robust try/catch handler to distinguish between critical and non-critical errors.
• Refactor the polling into its own general routine.
• Create some classes/objects that consolidate headers, authorization token, etc. and provide some functions for maintaining that data.
• Add more robust logging that will save all the logs, of various detail, into a single session per script run.
  Add some parametrization to the cookbook so that it can be better integrated into an orchestration engine like Postman or Jenkins.
• Refactor the bulk of this logic into a PowerShell cmdlet