Error when running bigip_command Playbook against LTM : Syntax Error: unexpected argument /bin/sh\n
I am running a Playbook to test bigip_command using ansible [core 2.15.3] against LTM running 15.1.6.1. When I run the playbook I get the following message: UNREACHABLE! => { “changed”: false, “msg”: “Failed to create temporary directory. In some cases, you may have been able to authenticate and did not have permissions on the target directory. Consider changing the remote tmp path in ansible.cfg to a path rooted in "/tmp", for more error information use -vvv. Failed command was: ( umask 77 && mkdir -p "echo $HOME/tmp"&& mkdir "echo $HOME/tmp/ansible-tmp-1709037153.0021555-3167181-73985055078518" && echo ansible-tmp-1709037153.0021555-3167181-73985055078518="echo $HOME/tmp/ansible-tmp-1709037153.0021555-3167181-73985055078518" ), exited with result 1”, “unreachable”: true } When I run the Playbook with -vvv flags I see the following line just before the error message pasted above: Failed to connect to the host via ssh: Syntax Error: unexpected argument “/bin/sh” Similarly, if I test the ssh I also see this same unexpected argument message: ansible all -m shell -a id -vvv Syntax Error: unexpected argument “/bin/sh”\n’ I have tried editing various things in hosts file and ansible.cfg but nothing I have tried seems to have made a difference. Is anyone familiar with this and what is needed to resolve this. Any help is greatly appreciated!
Import PKCS 12 SSL to Device Certificate via API/Script or CLI on BIG-IP
We have more than 160 BIG-IP Virtual Edition with version 15.1.10.3 build 0.0.12. We need to import, in each one, an SSL Certificate in PFX/PKCS 12 format in the path System ›› Certificate Management: Device Certificate Management: Device Certificate. We looked in the documentation and the KB but we couldn't find a way to do it. Has anyone dealt with this and have a solution to do it via Script, CLI or API? Thank you.
Need help in automating BigIQ session summary reports
I have been asked to work out a way of automating the CSV report from BigIQ Monitoring Access Dashboard. Under Access > Sessions > Session Summary I have been filtering Network_Access as the AP result and then manually exporting the CSV there. Our security who does not have a Splunk server is asking for this every 24 hours. Therefore I am looking to see if there is a way I can have a scheduled job run for this. Only things I am finding are configuration automation or automation dealing with ASM. Any help would be greatly appreciated.F5 + VSCode; 2024 roadmap
Greetings team! As I started the vscode project in 2019, I had no idea where it would go. I just knew there was value in using it as a workbence to streamline f5 automations. Since then it has grown into a handful of project covering several different aspects of F5. I am very thankful for all the great comments and feedback over the last couple of years. As the 2023 year comes to an end, I wanted to take a moment to step back and solicit some feedback from the community. Please take a couple of minutes to review the following link and provide feedback. https://github.com/f5devcentral/vscode-f5/discussions/234 In short, this is a way for me to guage where I can make the biggest impact with these projects. Thank you.
Automating iControlSnapIn installation from Powershell
Hi, I am trying to automate the installation of the iControlSnapIn from a Powershell script. The installation should be silent so that it can ran unsupervised and automatically. From the script I am trying to invoke something like Start-Process "msiexec" -ArgumentList /i iControlSnapInSetup.msi /qn -Wait -Passthru This does not return any error; however the snapin is not installed at the end. No files are copied to the program files folder. Has anyone successfully attempted this? Is there any other argument to be passed in to the msiexec to make this work? UPDATE: if I remove the /qn option to run without UI and manually click throgh the wizard then it works. Therefore I believe there's something related to running silently that makes this installation fail (some missing parameter?)
TCL & regex - help to parse APM configuration in tmsh
Hello World, I'm using a script to bring some automation to APM and provision resources to my AP from an external server. I'm stuck when comes the time to capture the macro name that I want to provision to the VPE. In a full APM config dump I can get the full resource assign objects using a regex like: apm policy policy-item AP_NAME-resources_assignment_act_full_resource_assign.+?caption "Dynamic Resource Assign" (in the VPE I have my macro named Dynamic Resource Assign of course) This returns me a string that contains (in my environment) 2 macros: apm policy policy-item AP_NAME-resources_assignment_act_full_resource_assign { agents { AP_SAG_NAME-resources_assignment_act_full_resource_assign_ag { type resource-assign } } app-service none caption "webtop Assign" color 1 item-type action loop false macro none partition Common rules { { caption fallback expression none next-item AP_NAME-resources_assignment_act_empty_2 } } } apm policy policy-item AP_NAME-resources_assignment_act_full_resource_assign_1 { agents { AP_NAME-resources_assignment_act_full_resource_assign_1_ag { type resource-assign } } app-service none caption "Dynamic Resource Assign" I'm stuck in finding the right regex to capture the macro name of the second occurrence (AP_NAME-resources_assignment_act_full_resource_assign_1_ag). I tried: AP_SAG_E11TST-resources_assignment_act_full_resource_assign.?.?_ag but of course it returns two entries: AP_SAG_NAME-resources_assignment_act_full_resource_assign_ag AP_SAG_NAME-resources_assignment_act_full_resource_assign_1_ag If anyone has a clue on how to filter out the caption "webtop Assign" entry or (better) make sure only the caption "Dynamic Resource Assign" one is returned that would help me quite a lot... Thank you all! JérômeAccess to F5's mysql from remote server
Hi there, I need to export a lot of learning suggestions from the ASM together with request data which triggered these suggestions. GUI does not allow to export learning suggestions. I realized that ASM learning suggestions are stored in the local mysql database PRX, to which I have access from F5's CLI as the 'asm' user. In order to work with these data efficiently and also because F5 does not allow me to install additional Python modules directly on the F5, I thought I could connect to this database from my remote server. But it looks like the F5 is refusing TCP/3306 connections although the 'asm' user is granted required privileges: GRANT USAGE ON *.* TO 'asm'@'%' IDENTIFIED BY PASSWORD '****' I assume that mysql is only allowing local connections from localhost, but I cannot verify it because I am not able to find the my.cnf on the F5 system. I tried connecting through management interface and also selfIP, but nothing worked. Port lock-down for my selfIP is allow any. According to netstat, F5 should be listening to port 3306 on all interfaces: tcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN 19397/mysqld TCPDUMP on the last firewall in front of the F5 shows me SYN reaching the F5 and immediate RST sent back from the F5. Any ideas how to connect to F5 mysql from remote server? What do I need to check further? Is it even allowed by the system? thanks.
