Technical Forum
Ask questions. Discover Answers.
Showing results for 
Search instead for 
Did you mean: 

pushing a new user from BigIQ to BigIPs



We support 48 virtual F5s as part of a pair of Viprions and were wondering if there's a way to push a new user from BigIQ, that manages these virtual F5s, to these F5s..







@newbie Sadly you cannot create a user on the BIG-IQ and push it to the devices it manages. The only user modifications that you are capable of doing from the BIG-IQ to the BIG-IP is changing the default admin and root users password. You might be able to create a script that uses REST API and you feed it a list of devices to connect to and make the change. The following link has the command to create a new user on the BIG-IP using REST API under the section "Creating a new BIG-IP system user account" about halfway down the page.

@Nikoolayy1 Nice to see that this is hidden as much as possible. Also nice to see that it is the exact same thing that I recommended but in an existing script on the BIG-IQ. About the only thing I don't like about this script is that it has the credentials listed in the file at the top in clear text. I'm sure if I spend enough time I might be able to figure out how to reference a credentials file and run it from a management station instead. Did I mention that I dislike the BIG-IQ?

BIG-IQ gets this bad reputation because of the strange design choices that the developers had compared to BIG-IP   🙂


Still also the bash script curl command can use a token not the username and password as first the token is generated and saved to a file on the big-ip by the script then it can be referenced.


Outside of that the scrript can just trigger tmsh commands like "tmsh <the command >" and as the create user tmsh command I think was interactive there is workaround described in



@Nikoolayy1 It definitely is different and infuriating in some situations. I think one of the biggest pieces for me that's so frustrating is that you can configure some settings on the BIG-IQ but then can't configure some sub-settings for instance setting LACP on a trunked port. What you end up having to do is configure it on the BIG-IPs and then sync their config back to the BIG-IQ. This is only one of the many configuration pieces that I found but the first one that I experienced and why it's stuck in my mind. The BIG-IQ does do thing well but a whole lot not so much or it could but documentation around the BIG-IQ is almost non-existent so it makes it even harder.