We support 48 virtual F5s as part of a pair of Viprions and were wondering if there's a way to push a new user from BigIQ, that manages these virtual F5s, to these F5s..
@newbie Sadly you cannot create a user on the BIG-IQ and push it to the devices it manages. The only user modifications that you are capable of doing from the BIG-IQ to the BIG-IP is changing the default admin and root users password. You might be able to create a script that uses REST API and you feed it a list of devices to connect to and make the change. The following link has the command to create a new user on the BIG-IP using REST API under the section "Creating a new BIG-IP system user account" about halfway down the page.
@Nikoolayy1 Nice to see that this is hidden as much as possible. Also nice to see that it is the exact same thing that I recommended but in an existing script on the BIG-IQ. About the only thing I don't like about this script is that it has the credentials listed in the file at the top in clear text. I'm sure if I spend enough time I might be able to figure out how to reference a credentials file and run it from a management station instead. Did I mention that I dislike the BIG-IQ?
09-May-2023 07:48 - edited 09-May-2023 07:53
BIG-IQ gets this bad reputation because of the strange design choices that the developers had compared to BIG-IP 🙂
Still also the bash script curl command can use a token not the username and password as first the token is generated and saved to a file on the big-ip by the script then it can be referenced.
Outside of that the scrript can just trigger tmsh commands like "tmsh <the command >" and as the create user tmsh command I think was interactive there is workaround described in https://community.f5.com/t5/codeshare/ansible-running-bash-commands-with-bigip-command-module-how-it...
@Nikoolayy1 It definitely is different and infuriating in some situations. I think one of the biggest pieces for me that's so frustrating is that you can configure some settings on the BIG-IQ but then can't configure some sub-settings for instance setting LACP on a trunked port. What you end up having to do is configure it on the BIG-IPs and then sync their config back to the BIG-IQ. This is only one of the many configuration pieces that I found but the first one that I experienced and why it's stuck in my mind. The BIG-IQ does do thing well but a whole lot not so much or it could but documentation around the BIG-IQ is almost non-existent so it makes it even harder.