BIG-IP Report
Problem this snippet solves: Overview This is a script which will generate a report of the BIG-IP LTM configuration on all your load balancers making it easy to find information and get a comprehensive overview of virtual servers and pools connected to them. This information is used to relay information to NOC and developers to give them insight in where things are located and to be able to plan patching and deploys. I also use it myself as a quick way get information or gather data used as a foundation for RFC's, ie get a list of all external virtual servers without compression profiles. The script has been running on 13 pairs of load balancers, indexing over 1200 virtual servers for several years now and the report is widely used across the company and by many companies and governments across the world. It's easy to setup and use and only requires auditor (read-only) permissions on your devices. Demo/Preview Interactive demo http://loadbalancing.se/bigipreportdemo/ Screen shots The main report: The device overview: Certificate details: How to use this snippet: Installation instructions BigipReport REST This is the only branch we're updating since middle of 2020 and it supports 12.x and upwards (maybe even 11.6). Downloads: https://loadbalancing.se/downloads/bigipreport-v5.7.13.zip Documentation, installation instructions and troubleshooting:https://loadbalancing.se/bigipreport-rest/ Docker support https://loadbalancing.se/2021/01/05/running-bigipreport-on-docker/ Kubernetes support https://loadbalancing.se/2021/04/16/bigipreport-on-kubernetes/ BIG-IP Report (Legacy) Older version of the report that only runs on Windows and is depending on a Powershell plugin originally written by Joe Pruitt (F5) BIG-IP Report (only download this if you have v10 devices): https://loadbalancing.se/downloads/bigipreport-5.4.0-beta.zip iControl Snapin https://loadbalancing.se/downloads/f5-icontrol.zip Documentation and Installation Instructions https://loadbalancing.se/bigip-report/ Upgrade instructions Protect the report using APM and active directory Written by DevCentral member Shann_P: https://loadbalancing.se/2018/04/08/protecting-bigip-report-behind-an-apm-by-shannon-poole/ Got issues/problems/feedback? Still have issues? Drop a comment below. We usually reply quite fast. Any bugs found, issues detected or ideas contributed makes the report better for everyone, so it's always appreciated. --- Join us on Discord: https://discord.gg/7JJvPMYahA Code : BigIP Report Tested this on version: 12, 13, 14, 15, 16
PowerShell module for the F5 LTM REST API
Problem this snippet solves: To report an issue with the F5-LTM or F5-BIGIP modules, please use the Issues sections of the GitHub repos (here and here) instead of commenting here. Thanks! This PowerShell module uses the iControlREST API to manipulate and query pools, pool members, virtual servers, and iRules. It aims to support version 11.5.1 and higher, and to conform to the schedule for technical support of versions, though this may eventually prove to become difficult. The module currently includes some functionality that, strictly speaking, is outside the scope of the LTM module. Hence, there is an active effort to wrap this LTM module into a larger BIG-IP module, and relocate that functionality elsewhere within that parent module, as well as expand the scope of functionality to include BIG-IP DNS (formerly GTM) and possibly other areas. Both the LTM module and the parent BIG-IP module are projects on github. Please use these projects to report any issues you discover. Thanks! The module contains the following functions. Add-iRuleToVirtualServer Add-iRuleToVirtualServer Add-PoolMember Add-PoolMonitor Disable-PoolMember Disable-VirtualServer Enable-PoolMember Enable-VirtualServer Get-CurrentConnectionCount (deprecated; use Get-PoolMemberStats | Select-Object -ExpandProperty 'serverside.curConns') Get-F5Session (will be deprecated in future versions. use New-F5Session) Get-F5Status Get-HealthMonitor Get-HealthMonitorType Get-iRule Get-iRuleCollection (deprecated; use Get-iRule) Get-Node Get-BIGIPPartition Get-Pool Get-PoolList (deprecated; use Get-Pool) Get-PoolMember Get-PoolMemberCollection (deprecated; use Get-PoolMember) Get-PoolMemberCollectionStatus Get-PoolMemberDescription (deprecated; use Get-PoolMember) Get-PoolMemberIP (deprecated; use Get-PoolMember) Get-PoolMembers (deprecated; use Get-PoolMember) Get-PoolMemberStats Get-PoolMemberStatus (deprecated; use Get-PoolMember) Get-PoolMonitor Get-PoolsForMember Get-StatusShape Get-VirtualServer Get-VirtualServeriRuleCollection (deprecated; use Get-VirtualServer | Where rules | Select -ExpandProperty rules) Get-VirtualServerList (deprecated; use Get-VirtualServer) Invoke-RestMethodOverride New-F5Session New-HealthMonitor New-Node New-Pool New-VirtualServer Remove-HealthMonitor Remove-iRule Remove-iRuleFromVirtualServer Remove-Pool Remove-PoolMember Remove-PoolMonitor Remove-ProfileRamCache Remove-Node Remove-VirtualServer Set-iRule Set-PoolLoadBalancingMode (deprecated; use Set-Pool) Set-PoolMemberDescription Set-Pool Set-VirtualServer Sync-DeviceToGroup Test-F5Session Test-Functionality Test-HealthMonitor Test-Node Test-Pool Test-VirtualServer How to use this snippet: To use the module, click 'Download Zip', extract the files, and place them in a folder named F5-LTM beneath your PowerShell modules folder. By default, this is %USERPROFILE%\Documents\WindowsPowerShell\Modules. The WindowsPowerShell and Modules folders may need to be created. You will most likely need to unblock the files after extracting them. Use the Unblock-File PS cmdlet to accomplish this. The Validation.cs class file (based on code posted by Brian Scholer) allows for using the REST API with LTM devices with self-signed SSL certificates. Nearly all of the functions require an F5 session object as a parameter, which contains the base URL for the F5 LTM and a credential object for a user with privileges to manipulate the F5 LTM via the REST API. Use the New-F5session function to create this object. This function expects the following parameters: The name or IP address of the F5 LTM device A credential object for a user with rights to use the REST API An optional TokenLifespan value for extending the life of the authentication token past the default 20 minutes You can create a credential object using Get-Credential and entering the username and password at the prompts, or programmatically like this: $secpasswd = ConvertTo-SecureString "PlainTextPassword" -AsPlainText -Force $mycreds = New-Object System.Management.Automation.PSCredential "username", $secpasswd Thanks to Kotesh Bandhamravuri and his blog entry for this snippet. There is a function called Test-Functionality that takes an F5Session object, a new pool name, a new virtual server, an IP address for the virtual server, and a computer name as a pool member, and validates nearly all the functions in the module. I've also contributed this code sample for how to gather some basic info about your LTM with this PS module. The module has been tested on: 11.5.1 Build 8.0.175 Hotfix 8 and later 11.6.0 Build 5.0.429 Hotfix 4 and later 12.0 / 12.1 13.0 Code : https://github.com/joel74/POSH-LTM-Rest Tested this on version: 11.5
Ps ARX Monitor
Problem this snippet solves: These examples show how to use PowerShell to monitor an ARX through the iControl interfaces. The attached zip file includes the following scripts libArxApi.ps1 is the common library used by all examples. arxApiCpu.ps1 monitors the ARX CPU usages. arxApiVolume.ps1 monitors the ARX volumes. arxApiVs.ps1 monitors the ARX virtual services. csv.ps1 is an utility to merge multiple csv files generated by the above examples into one. How to use this snippet: Run arxApiCpu.ps1, arxApiVolume.ps1 and arxApiVs.ps1 without arguments, and they will print out the usage. Prerequisites Powershell 2.0 or later iControl-ARX assembly 6.02 or later. The common library at c:\dev\ps\libArxApi.ps1. An F5 ARX system running release V6.02.000 or later. Management access on the ARX must be permitted for HTTPs-API or HTTP-API services.
How can I create member with name using powershell cmdlet?
How can you create pool members with descriptive names? When I create a new vm, I'm able to automatically add it to a pool. Add-F5.LTMPoolMember -Pool $PoolName -Member "${VMIP}:${Port}" However the name of the node is its ip address. I've also tried using the more low level way of adding a node $PoolList = @($PoolName) $Node = New-Object -TypeName iControl.CommonAddressPort; $Node.address = $VMIP $Node.port = $Port (Get-F5.iControl).LocalLBPool.add_member_v2($PoolList, $Node) I can't find any way to change the node name with add_member_v2
Query Current Connections at the Node Level
I am working on Powershell scripts to do automated deployments to our servers behind our BIG-IP LTM. I have simple scripts that use the iControl powershell cmdlets Disable-F5.LTMNodeAddress -Node xxx.xxx.xxx.xxx These work quite well, however, what I need next is a way to query the Current Connections to the node as they bleed off so that my automation doesn't begin the deployment until current connections = 0. I'm assuming I'm just not formatting my searches right as someone must have figured this out by now. Any help would be greatly appreciated. Thanks!
iControlRest - Using Powershell's Invoke-RestMethod to obtain connections stats from pool members?
Hi, I'm hoping someone can help here, I'm 2 days and counting and have hit a brick-wall on it. I personally have doubts if this can work, although I'd like to think it is possible. I'm writing a script in Powershell to monitor the serverside.curConns value and return it using Powershell. The plan is to incorporate this into a bigger script to allow a server reboot once the value reaches 0 At the moment, we have 8 (and growing) servers in this pool, and the idea is to run this on each server when it goes to do a system restart during patching. I only want to change the values at the top of my script, so this script will remain unchanged across the 8 servers when copied locally. For example, lets say the 8 servers are named... PROD_SERVER01 to PROD_SERVER08 My script is below. ======= CHANGE PER ENVIRONMENT ========== $f5partition = "Production" $f5poolname = "Frontend_App_pool" $f5port = 8080 $user = "myf5userid" $pass = "myf5password" $f5server = "myf5server.mydomain.local" ======= NO CHANGES BELOW THIS LINE! ======= $servername = $env:COMPUTERNAME ====== AUTHORISATION SECTION ========== $pair = "$($user):$($pass)" $encodedCreds = [System.Convert]::ToBase64String([System.Text.Encoding]::ASCII.GetBytes($pair)) $basicAuthValue = "Basic $encodedCreds" $Headers = @{ Authorization = $basicAuthValue } === CONNECT TO F5 API ========= $reply = Invoke-RestMethod -Uri https://${f5server}/mgmt/tm/ltm/pool/~${f5partition}~${f5poolname}/members/~${f5partition}~${servername}:${f5port}/stats/?$select=serverside.curConns -Headers $Headers My JSON results will look like this...Just like the ones detailed in the IControlRest pdf manual...results below truncated for readability... { "generation": 263285, "kind": "tm:ltm:pool:members:membersstats", "selfLink": "https://localhost/mgmt/tm/ltm/pool/~Production~Frontend_App_pool/members/~Production~PROD_SERVER01:8080/stats?ver=12.1.3", "entries": { "https://localhost/mgmt/tm/ltm/pool/~Production~Frontend_App_pool/members/~Production~PROD_SERVER01:8080/~Production~PROD_SERVER01:8080/stats": { "nestedStats": { "kind": "tm:ltm:pool:members:membersstats", "selfLink": "https://localhost/mgmt/tm/ltm/pool/~Production~Frontend_App_pool/members/~Production~PROD_SERVER01:8080/~Production~PROD_SERVER01:8080/stats?ver=12.1.3", "entries": { "serverside.curConns": { "value": 0 } } } } } } If I run the script above once, I then have the JSON loaded into the $reply variable. Using Powershell ISE, if I then construct a WRITE-HOST statement and start typing, the remaining will fill in automatically. For example, I started with $reply. then the first entry is $reply.entries and so on, until I can find what I want... Write-Host $reply.entries.'https://localhost/mgmt/tm/ltm/pool/~Production~Frontend-App_pool/members/~Production~PROD_SERVER01:8080/~Production~PROD_SERVER01:8080/stats'.nestedStats.entries.'serverside.curConns'.value This will display the value to the screen My problem is that I am having trouble writing the script to run on PROD_SERVERS02-08, because that above WRITE-HOST statement uses fixed properties. I've tried lots of variable substitutions on this line to no avail. I'm also struggling to do anything constructive with enumerating through the multi-tiered JSON in a loop to extract the value. Any help greatly received! Thanks in advance. I'm trying to write something that doesn't have any baggage with it, so not downloading curl .exes or pre-built functions to cart around server-to-server. NeilFind a node using LocalLBNodeAddressV2 based on IP address (not name)
Hello. We have some iControl PowerShell scripts that we're using with our Private Cloud (IaaS) platform to add/remove VIPs, Pools and Nodes. Previously we were using LTM v10 so we couldn't set a friendly name for the node. Once we upgraded to v11 we started to set the "name" to match the actual server name. So for example we might have SERVER0121 as the node's Name and 192.168.1.17 as the node's address. It has been working fine, but now we've run into a situation where we have stale data - servers that are in the F5 but should have been removed and never were. So we're running into the following error: Exception calling "create" with "3" argument(s): "Exception caught in LocalLB::urn:iControl:LocalLB/NodeAddressV2::create() Exception: Common::OperationFailed primary_error_code : 17237812 (0x01070734) secondary_error_code : 0 error_string : 01070734:3: Configuration error: invalid node address, the IP address 10.27.197.106 already exists" So I'd like to be able to remove these stale entries as we see them. But I'm not sure how to remove this node based on IP address only. For example if I try delete_node_address using the IP address. Exception calling "delete_node_address" with "1" argument(s): "Exception caught in LocalLB::urn:iControl:LocalLB/NodeAddressV2::delete_node_address() Exception: Common::OperationFailed primary_error_code : 16908342 (0x01020036) secondary_error_code : 0 error_string : 01020036:3: The requested node address (/Common/10.27.197.117) was not found." At line:1 char:1 + (Get-F5.iControl).LocalLBNodeAddressV2.delete_node_address($server_ip); + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : NotSpecified: (:) [], MethodInvocationException + FullyQualifiedErrorId : SoapHeaderException It's expecting the "name" which is SERVER0117. So how do I remove the node based only on IP address? Thanks. Rezilient
Clearing of RAM-Cache or Web Acceleration profiles
I need a way to clear the web cache from off box. I'm playing around with PowerShell for iControl but don't see any ramcache related commands listed. I found a sample script the references the 'Get-RAMCacheEntry' command but this doesn't seem to exist any more. Basically, I need a good way of doing what this command does without giving my application people CLI access to the big-ip. tmsh delete ltm profile ramcache [cache profile name] Ideas? Thanks, PatrickPowershell and iControl : ManagementDeviceGroup.get_list
Hi, We are using Powershell and iControl to make some job on our F5 BigIP. I am trying to get the Group Device list with the follow commands line : 01 $f5_server_01 = "servername" 02 $f5_user_01 = "admin" 03 $f5_password_01 = "password" 04 $ic_01 = New-Object iControl.Interfaces 05 $ic_01.initialize("$f5_server_01", "$f5_user_01", "$f5_password_01") 06 $ic_01.ManagementDeviceGroup.get_list() When every thing is ok, the last line (06) should return something like this : /Common/HA-Sync /Common/device_trust_group /Common/gtm But some time to time, it is retunring nothing, and I have to wait a while before it come back 😞 Is anyone already get this problem ? Is there any iControl limitation ? Thank for you help. JB
How do I read the send string for a monitor using powershell icontrol?
I have an (unknown) number of monitors that look at an asp page. I need to create an equivalent monitor for each of these that looks at the new htm page. My thought was to script this using powershell and icontrol. I want to look at all the send string on each monitor on an LTM, if the send string contains the name of the asp page, create a new monitor based on that monitor name referencing the new htm page. But I can't seem to pull the send string off the monitor. I've googled around and i see examples for listing, adding and removing monitors - but not listing the details of a monitor. I'm currently (failing) using the following: $sv = New-Object -TypeName iControl.LocalLBMonitorStringValue $sv.type = 'STYPE_SEND' $monitorname = 'rollout' $Control.locallbmonitor.get_template_user_defined_string_property(@($monitorname),@($sv.type)) I get the following error: Exception calling "get_template_user_defined_string_property" with "2" argument(s): "Exception caught in LocalLB::urn:iControl:LocalLB/Monitor::get_template_user_defined_string_property() Exception: Common::OperationFailed primary_error_code : 16908342 (0x01020036) secondary_error_code : 0 error_string : 01020036:3: The requested monitor parameter (rollout_HTTPS 1 STYPE_SEND=) was not found." At line:1 char:89 + ... lout_HTTPS"),@($sv.type)) + ~~~~~~~~ + CategoryInfo : NotSpecified: (:) [], MethodInvocationException + FullyQualifiedErrorId : SoapHeaderException
