BigIP Report Old
Problem this snippet solves: This codeshare has been deprecated due to a hosting platform corruption. I have movedcode and conversation to a new record (on the same original URL) https://devcentral.f5.com/s/articles/bigip-report can be Overview This is a script which will generate a report of the BigIP LTM configuration on all your load balancers making it easy to find information and get a comprehensive overview of virtual servers and pools connected to them. This information is used to relay information to our NOC and developers to give them insight in where things are located and to be able to plan patching and deploys. I also use it myself as a quick way get information or gather data used as a foundation for RFC's, ie get a list of all external virtual servers without compression profiles. The script has been running on 13 pairs of load balancers, indexing over 1200 virtual servers for several years now and the report is widely used across the company and by many companies and governments across the world. It's easy to setup and use and only requires guest permissions on your devices. Demo/Preview Please note that it takes time to make these so sometimes they're a bit outdated and they only cover one HA pair. However, they still serve the purpose of showing what you can expect from the report. Interactive demo http://loadbalancing.se/bigipreportdemo/ Screen shots The main report: The device overview: Certificate details: How to use this snippet: This codeshare has been deprecated due to a hosting platform corruption. I have movedcode and conversation to a new record (on the same original URL) https://devcentral.f5.com/s/articles/bigip-report Installation instructions BigipReport REST This is the only branch we're updating since middle of 2020 and it supports 12.x and upwards (maybe even 11.6). Download:https://loadbalancing.se/downloads/bigipreport-v5.5.4.zip Documentation, installation instructions and troubleshooting:https://loadbalancing.se/bigipreport-rest/ Docker support This will be the recommended way of running bigipreport in the near future. It's still undergoing testing but it's looking really good so far. https://loadbalancing.se/2021/01/05/running-bigipreport-on-docker/ BigipReport (Legacy) Older version of the report that only runs on Windows and is depending on a Powershell plugin originally written by Joe Pruitt (F5). BigipReport (Stable): https://loadbalancing.se/downloads/bigipreport-5.3.1.zip BigipReport (BETA): https://loadbalancing.se/downloads/bigipreport-5.4.0-beta.zip iControl Snapin: https://loadbalancing.se/downloads/f5-icontrol.zip Documentation and installation instructions: https://loadbalancing.se/bigip-report/ Upgrade instructions Protect the report using APM and active directory Written by DevCentral member Shann_P: https://loadbalancing.se/2018/04/08/protecting-bigip-report-behind-an-apm-by-shannon-poole/ Got issues/problems/feedback? Still have issues? Drop a comment below. We usually reply quite fast. Any bugs found, issues detected or ideas contributed makes the report better for everyone, so it's always appreciated. --- Also trying out a Discord channel now. You're welcome to hang out with us there: https://discord.gg/7JJvPMYahA Code : 85931,86647,90730 Tested this on version: 13.0
PowerShell module for the F5 LTM REST API
Problem this snippet solves: To report an issue with the F5-LTM or F5-BIGIP modules, please use the Issues sections of the GitHub repos (here and here) instead of commenting here. Thanks! This PowerShell module uses the iControlREST API to manipulate and query pools, pool members, virtual servers, and iRules. It aims to support version 11.5.1 and higher, and to conform to the schedule for technical support of versions, though this may eventually prove to become difficult. The module currently includes some functionality that, strictly speaking, is outside the scope of the LTM module. Hence, there is an active effort to wrap this LTM module into a larger BIG-IP module, and relocate that functionality elsewhere within that parent module, as well as expand the scope of functionality to include BIG-IP DNS (formerly GTM) and possibly other areas. Both the LTM module and the parent BIG-IP module are projects on github. Please use these projects to report any issues you discover. Thanks! The module contains the following functions. Add-iRuleToVirtualServer Add-iRuleToVirtualServer Add-PoolMember Add-PoolMonitor Disable-PoolMember Disable-VirtualServer Enable-PoolMember Enable-VirtualServer Get-CurrentConnectionCount (deprecated; use Get-PoolMemberStats | Select-Object -ExpandProperty 'serverside.curConns') Get-F5Session (will be deprecated in future versions. use New-F5Session) Get-F5Status Get-HealthMonitor Get-HealthMonitorType Get-iRule Get-iRuleCollection (deprecated; use Get-iRule) Get-Node Get-BIGIPPartition Get-Pool Get-PoolList (deprecated; use Get-Pool) Get-PoolMember Get-PoolMemberCollection (deprecated; use Get-PoolMember) Get-PoolMemberCollectionStatus Get-PoolMemberDescription (deprecated; use Get-PoolMember) Get-PoolMemberIP (deprecated; use Get-PoolMember) Get-PoolMembers (deprecated; use Get-PoolMember) Get-PoolMemberStats Get-PoolMemberStatus (deprecated; use Get-PoolMember) Get-PoolMonitor Get-PoolsForMember Get-StatusShape Get-VirtualServer Get-VirtualServeriRuleCollection (deprecated; use Get-VirtualServer | Where rules | Select -ExpandProperty rules) Get-VirtualServerList (deprecated; use Get-VirtualServer) Invoke-RestMethodOverride New-F5Session New-HealthMonitor New-Node New-Pool New-VirtualServer Remove-HealthMonitor Remove-iRule Remove-iRuleFromVirtualServer Remove-Pool Remove-PoolMember Remove-PoolMonitor Remove-ProfileRamCache Remove-Node Remove-VirtualServer Set-iRule Set-PoolLoadBalancingMode (deprecated; use Set-Pool) Set-PoolMemberDescription Set-Pool Set-VirtualServer Sync-DeviceToGroup Test-F5Session Test-Functionality Test-HealthMonitor Test-Node Test-Pool Test-VirtualServer How to use this snippet: To use the module, click 'Download Zip', extract the files, and place them in a folder named F5-LTM beneath your PowerShell modules folder. By default, this is %USERPROFILE%\Documents\WindowsPowerShell\Modules. The WindowsPowerShell and Modules folders may need to be created. You will most likely need to unblock the files after extracting them. Use the Unblock-File PS cmdlet to accomplish this. The Validation.cs class file (based on code posted by Brian Scholer) allows for using the REST API with LTM devices with self-signed SSL certificates. Nearly all of the functions require an F5 session object as a parameter, which contains the base URL for the F5 LTM and a credential object for a user with privileges to manipulate the F5 LTM via the REST API. Use the New-F5session function to create this object. This function expects the following parameters: The name or IP address of the F5 LTM device A credential object for a user with rights to use the REST API An optional TokenLifespan value for extending the life of the authentication token past the default 20 minutes You can create a credential object using Get-Credential and entering the username and password at the prompts, or programmatically like this: $secpasswd = ConvertTo-SecureString "PlainTextPassword" -AsPlainText -Force $mycreds = New-Object System.Management.Automation.PSCredential "username", $secpasswd Thanks to Kotesh Bandhamravuri and his blog entry for this snippet. There is a function called Test-Functionality that takes an F5Session object, a new pool name, a new virtual server, an IP address for the virtual server, and a computer name as a pool member, and validates nearly all the functions in the module. I've also contributed this code sample for how to gather some basic info about your LTM with this PS module. The module has been tested on: 11.5.1 Build 8.0.175 Hotfix 8 and later 11.6.0 Build 5.0.429 Hotfix 4 and later 12.0 / 12.1 13.0 Code : https://github.com/joel74/POSH-LTM-Rest Tested this on version: 11.5BIG-IP Report
Problem this snippet solves: Overview This is a script which will generate a report of the BIG-IP LTM configuration on all your load balancers making it easy to find information and get a comprehensive overview of virtual servers and pools connected to them. This information is used to relay information to NOC and developers to give them insight in where things are located and to be able to plan patching and deploys. I also use it myself as a quick way get information or gather data used as a foundation for RFC's, ie get a list of all external virtual servers without compression profiles. The script has been running on 13 pairs of load balancers, indexing over 1200 virtual servers for several years now and the report is widely used across the company and by many companies and governments across the world. It's easy to setup and use and only requires auditor (read-only) permissions on your devices. Demo/Preview Interactive demo http://loadbalancing.se/bigipreportdemo/ Screen shots The main report: The device overview: Certificate details: How to use this snippet: Installation instructions BigipReport REST This is the only branch we're updating since middle of 2020 and it supports 12.x and upwards (maybe even 11.6). Downloads: https://loadbalancing.se/downloads/bigipreport-v5.7.13.zip Documentation, installation instructions and troubleshooting:https://loadbalancing.se/bigipreport-rest/ Docker support https://loadbalancing.se/2021/01/05/running-bigipreport-on-docker/ Kubernetes support https://loadbalancing.se/2021/04/16/bigipreport-on-kubernetes/ BIG-IP Report (Legacy) Older version of the report that only runs on Windows and is depending on a Powershell plugin originally written by Joe Pruitt (F5) BIG-IP Report (only download this if you have v10 devices): https://loadbalancing.se/downloads/bigipreport-5.4.0-beta.zip iControl Snapin https://loadbalancing.se/downloads/f5-icontrol.zip Documentation and Installation Instructions https://loadbalancing.se/bigip-report/ Upgrade instructions Protect the report using APM and active directory Written by DevCentral member Shann_P: https://loadbalancing.se/2018/04/08/protecting-bigip-report-behind-an-apm-by-shannon-poole/ Got issues/problems/feedback? Still have issues? Drop a comment below. We usually reply quite fast. Any bugs found, issues detected or ideas contributed makes the report better for everyone, so it's always appreciated. --- Join us on Discord: https://discord.gg/7JJvPMYahA Code : BigIP Report Tested this on version: 12, 13, 14, 15, 16
PermissionDenied without even trying
Hi All, I've come across a strange situation with the powershell icontrol setup I have. I've written a script which (when working) will loop through our LTM estate gathering info and storing it in a DB. This process works fine against the first couple of LTM's I've pointed it at, but when I added another one yesterday I constantly get errors. I've taken my script out of the loop and am trying to connect interactively with still no success: Initialize-F5-iControl : Could not initialize connection with supplied information Line:1 char:23 Initialize-F5.iControl <<<< -HostName XX.XX.XX.XX -Username admin -Password XXXXX CategoryInfo : PermissionDenied: (XX.XX.XX.XX:String) [Initialize-F5.iControl], Exception FullyQualifiedErrorId: 2, icontrolSnapIn.CmdLet.Global.InitializeiiControl I know the answer looks obvious, but apart from me knowing that I do actually have the correct credentials so it can't be a permissions problem, running a tcpdump on the LTM itself shows there is absolutely no traffic hitting it at all, so the snapin is failing without even trying to connect. Does anybody know what this might be? I know that address that I've masked out would go via a set of proxies if I was to browse via IE(because of pac file), but my understanding of the icontrol thing is that you have to specifically ask it to proxy so I wouldn't expect it to be messing around with IE settings or anything. Thanks in advance for any helpPowerShell Setup Snapin
Problem this snippet solves: This PowerShell script will register the iControl Snapin on 32 and 64 bit platforms. Code : param([switch]$force) function Is-SnapinRegistered() { $registered = $false; if ( $null -ne (Get-PSSnapIn -Registered | where { $_.Name -eq "iControlSnapIn" } ) ) { $registered = $true; } $registered; } function Install-Snapin() { param( [string]$assembly = $null ); foreach ($platform in ("", "64") ) { Write-Host "Registering $assembly on platform '$platform'"; $installUtil = "$env:windir\Microsoft.Net\Framework${platform}\v2.0.50727\installUtil.exe"; if ( [System.IO.File]::Exists($installUtil) ) { Set-Alias installUtil $installUtil; installUtil $assembly /LogToConsole=false /LogFile=; } } } function Remove-Snapin() { param( [string]$assembly = $null ); foreach ($platform in ("", "64") ) { Write-Host "Unregistering $assembly on platform '$platform'"; $installUtil = "$env:windir\Microsoft.Net\Framework${platform}\v2.0.50727\installUtil.exe"; if ( [System.IO.File]::Exists($installUtil) ) { Set-Alias installUtil $installUtil; installUtil /u $assembly /LogToConsole=false /LogFile=; } } } if ( ($force) -or !(Is-SnapinRegistered) ) { Install-Snapin -assembly iControlSnapin.dll; } else { Write-Host "iControlSnapIn already registered..." }
Powershell list certificates
Hi, I am trying to list all the details for certificates used in SSL profiles using Powershell. This is the code I am using: Initialize-F5.iControl -hostname $g_bgip -username $user -password $pass|out-null $g_ic = Get-F5.iControl $certs = ($g_ic).ManagementKeyCertificate.get_certificate_list('1'); mode 1 is used for brevity - there is only 1 MANAGEMENT_MODE_WEBSERVER certificate write-host $certs.count "Certs" this returns a count of 1 $certs|format-list $cert = $certs.certificate.serial_number; write-host "Serial number is $cert" $certs|format-list returns is_bundled : False file_name : /config/httpd/conf/ssl.crt/server.crt certificate : iControl.ManagementKeyCertificateCertificateDetail $certs.certificate.version does not return anything at all. I tried using ManagementKeyCertificateCertificateDetail and variations of, in the $certs and $cert variables with no luck. Can anybody see where I am going wrong? Thanks.
Setup iControlSnapin
I downloaded the powershell msi from this forumns download folder and follwed the steps on the tutorial to get it registered and I get the following error.. Assistance would be appreciated. PS C:\Program Files (x86)\F5 Networks\iControlSnapIn> . .\setupSnapIn.ps1 Registering iControlSnapIn... Microsoft (R) .NET Framework Installation utility Version 2.0.50727.4927 Copyright (c) Microsoft Corporation. All rights reserved. The installation failed, and the rollback has been performed. Remove-Item : Cannot find path 'C:\Program Files (x86)\F5 Networks\iControlSnapIn\iControlSnapIn.InstallLog' because it does not exist. At C:\Program Files (x86)\F5 Networks\iControlSnapIn\setupSnapIn.ps1:8 char:5 + del <<<< iControlSnapIn.InstallLog + CategoryInfo : ObjectNotFound: (C:\Program File...apIn.InstallLog:String) [Remove-Item], ItemNotFoundEx ception + FullyQualifiedErrorId : PathNotFound,Microsoft.PowerShell.Commands.RemoveItemCommand Remove-Item : Cannot find path 'C:\Program Files (x86)\F5 Networks\iControlSnapIn\iControlSnapIn.InstallState' because it does not exist. At C:\Program Files (x86)\F5 Networks\iControlSnapIn\setupSnapIn.ps1:9 char:5 + del <<<< iControlSnapIn.InstallState + CategoryInfo : ObjectNotFound: (C:\Program File...In.InstallState:String) [Remove-Item], ItemNotFoundEx ception + FullyQualifiedErrorId : PathNotFound,Microsoft.PowerShell.Commands.RemoveItemCommandWhat is the path to a user's home directory from root?
I have a PowerShell script that uploads a pfx file using psftp.exe from PuTTY. When I first sftp'd to the BIG-IP I created a folder named "cert", and the path is /home/USERNAME/cert. I upload the pfx file. My problem is I have another PowerShell script that imports the pfx file. Here's my code: if ( (Get-PSSnapin | Where-Object { $_.Name -eq "iControlSnapIn"}) -eq $null ){ Add-PSSnapIn iControlSnapIn } $bigip_name = 'QA' $user = 'USERNAME' $pass = 'Password' $bigip = New-Object -TypeName iControl.Interfaces; $success = $bigip.initialize($bigip_name, $user, $pass); $bigip.ManagementPartition.Set_active_partition("Common"); $mgmtmode = New-Object -TypeName iControl.ManagementKeyCertificateManagementModeType $mgmtmode.value__ = 0 $SSLDir = "E:\PowerShell\SSL\IssuedCerts\PFXs" $url = "test.hanktest22.com" $pfxfilename = $url + ".pfx" $pfxfile = "/home/USERNAME/cert/" + $pfxfilename $exportPass = "exportPass" Set-Location -Path $SSLDir $bigip.ManagementPartition.Set_active_partition("Common") $bigip.ManagementKeyCertificate.pkcs12_import_from_file( ($mgmtmode), ($url), ($pfxfile), ($exportPass), ($true) ) This worked the other day, however it isn't working today. I believe I can't see that folder and perhaps the home folder is an alias for a longer path. Thanks in advance for the help! Hank
Issues with iControl.dll on network?
Hi: I have a few PowerShell Cmdlets in a dll that in turn uses iControl.dll to access configuration in the F5 switch. Execution from a local machine succeeds, however, when the module is imported from the network and Cmdlets are executed, iControl seem to be unable to access the F5 switch. Unfortunately, since interfaces.initialize only returns a true or a false, it is not clear what exactly the issue is. Two questions: 1) What is the best mechanism to get a detailed log of what is happening within iControl, or last error code/message? 2) Are there any known security or code access restrictions on iControl.dll that may be preventing it from accessing the F5 switch? Thanks, Omer
