PermissionDenied without even trying
Hi All, I've come across a strange situation with the powershell icontrol setup I have. I've written a script which (when working) will loop through our LTM estate gathering info and storing it in a DB. This process works fine against the first couple of LTM's I've pointed it at, but when I added another one yesterday I constantly get errors. I've taken my script out of the loop and am trying to connect interactively with still no success: Initialize-F5-iControl : Could not initialize connection with supplied information Line:1 char:23 Initialize-F5.iControl <<<< -HostName XX.XX.XX.XX -Username admin -Password XXXXX CategoryInfo : PermissionDenied: (XX.XX.XX.XX:String) [Initialize-F5.iControl], Exception FullyQualifiedErrorId: 2, icontrolSnapIn.CmdLet.Global.InitializeiiControl I know the answer looks obvious, but apart from me knowing that I do actually have the correct credentials so it can't be a permissions problem, running a tcpdump on the LTM itself shows there is absolutely no traffic hitting it at all, so the snapin is failing without even trying to connect. Does anybody know what this might be? I know that address that I've masked out would go via a set of proxies if I was to browse via IE(because of pac file), but my understanding of the icontrol thing is that you have to specifically ask it to proxy so I wouldn't expect it to be messing around with IE settings or anything. Thanks in advance for any help
Powershell list certificates
Hi, I am trying to list all the details for certificates used in SSL profiles using Powershell. This is the code I am using: Initialize-F5.iControl -hostname $g_bgip -username $user -password $pass|out-null $g_ic = Get-F5.iControl $certs = ($g_ic).ManagementKeyCertificate.get_certificate_list('1'); mode 1 is used for brevity - there is only 1 MANAGEMENT_MODE_WEBSERVER certificate write-host $certs.count "Certs" this returns a count of 1 $certs|format-list $cert = $certs.certificate.serial_number; write-host "Serial number is $cert" $certs|format-list returns is_bundled : False file_name : /config/httpd/conf/ssl.crt/server.crt certificate : iControl.ManagementKeyCertificateCertificateDetail $certs.certificate.version does not return anything at all. I tried using ManagementKeyCertificateCertificateDetail and variations of, in the $certs and $cert variables with no luck. Can anybody see where I am going wrong? Thanks.
Setup iControlSnapin
I downloaded the powershell msi from this forumns download folder and follwed the steps on the tutorial to get it registered and I get the following error.. Assistance would be appreciated. PS C:\Program Files (x86)\F5 Networks\iControlSnapIn> . .\setupSnapIn.ps1 Registering iControlSnapIn... Microsoft (R) .NET Framework Installation utility Version 2.0.50727.4927 Copyright (c) Microsoft Corporation. All rights reserved. The installation failed, and the rollback has been performed. Remove-Item : Cannot find path 'C:\Program Files (x86)\F5 Networks\iControlSnapIn\iControlSnapIn.InstallLog' because it does not exist. At C:\Program Files (x86)\F5 Networks\iControlSnapIn\setupSnapIn.ps1:8 char:5 + del <<<< iControlSnapIn.InstallLog + CategoryInfo : ObjectNotFound: (C:\Program File...apIn.InstallLog:String) [Remove-Item], ItemNotFoundEx ception + FullyQualifiedErrorId : PathNotFound,Microsoft.PowerShell.Commands.RemoveItemCommand Remove-Item : Cannot find path 'C:\Program Files (x86)\F5 Networks\iControlSnapIn\iControlSnapIn.InstallState' because it does not exist. At C:\Program Files (x86)\F5 Networks\iControlSnapIn\setupSnapIn.ps1:9 char:5 + del <<<< iControlSnapIn.InstallState + CategoryInfo : ObjectNotFound: (C:\Program File...In.InstallState:String) [Remove-Item], ItemNotFoundEx ception + FullyQualifiedErrorId : PathNotFound,Microsoft.PowerShell.Commands.RemoveItemCommandWhat is the path to a user's home directory from root?
I have a PowerShell script that uploads a pfx file using psftp.exe from PuTTY. When I first sftp'd to the BIG-IP I created a folder named "cert", and the path is /home/USERNAME/cert. I upload the pfx file. My problem is I have another PowerShell script that imports the pfx file. Here's my code: if ( (Get-PSSnapin | Where-Object { $_.Name -eq "iControlSnapIn"}) -eq $null ){ Add-PSSnapIn iControlSnapIn } $bigip_name = 'QA' $user = 'USERNAME' $pass = 'Password' $bigip = New-Object -TypeName iControl.Interfaces; $success = $bigip.initialize($bigip_name, $user, $pass); $bigip.ManagementPartition.Set_active_partition("Common"); $mgmtmode = New-Object -TypeName iControl.ManagementKeyCertificateManagementModeType $mgmtmode.value__ = 0 $SSLDir = "E:\PowerShell\SSL\IssuedCerts\PFXs" $url = "test.hanktest22.com" $pfxfilename = $url + ".pfx" $pfxfile = "/home/USERNAME/cert/" + $pfxfilename $exportPass = "exportPass" Set-Location -Path $SSLDir $bigip.ManagementPartition.Set_active_partition("Common") $bigip.ManagementKeyCertificate.pkcs12_import_from_file( ($mgmtmode), ($url), ($pfxfile), ($exportPass), ($true) ) This worked the other day, however it isn't working today. I believe I can't see that folder and perhaps the home folder is an alias for a longer path. Thanks in advance for the help! Hank
Issues with iControl.dll on network?
Hi: I have a few PowerShell Cmdlets in a dll that in turn uses iControl.dll to access configuration in the F5 switch. Execution from a local machine succeeds, however, when the module is imported from the network and Cmdlets are executed, iControl seem to be unable to access the F5 switch. Unfortunately, since interfaces.initialize only returns a true or a false, it is not clear what exactly the issue is. Two questions: 1) What is the best mechanism to get a detailed log of what is happening within iControl, or last error code/message? 2) Are there any known security or code access restrictions on iControl.dll that may be preventing it from accessing the F5 switch? Thanks, OmerPowershell - Get Current Connection for Nodes
Hello, I've been unable to find any posts with solutions to this problem. It's been asked a few times, but either the question is never answered, or at the very least nobody can provide a way to do this with the PS Snapin's F5 developed. Question: How do you query for the Current Connections for a given Node? The cmdlets Get- and Get- don't seem to provide this information. Is there an object associated with 'Get-' cmdlet that will allow for this query? I can't seem to find any documentation for all the objects tied with this cmdlet. I think this might be the route to go, but am having a difficult time finding something for 'Current Connections'. I need a Powershell solution for this, not Bash or Python. Thank you for your help!Clearing of RAM-Cache or Web Acceleration profiles
I need a way to clear the web cache from off box. I'm playing around with PowerShell for iControl but don't see any ramcache related commands listed. I found a sample script the references the 'Get-RAMCacheEntry' command but this doesn't seem to exist any more. Basically, I need a good way of doing what this command does without giving my application people CLI access to the big-ip. tmsh delete ltm profile ramcache [cache profile name] Ideas? Thanks, Patrick
iControlRest - Using Powershell's Invoke-RestMethod to obtain connections stats from pool members?
Hi, I'm hoping someone can help here, I'm 2 days and counting and have hit a brick-wall on it. I personally have doubts if this can work, although I'd like to think it is possible. I'm writing a script in Powershell to monitor the serverside.curConns value and return it using Powershell. The plan is to incorporate this into a bigger script to allow a server reboot once the value reaches 0 At the moment, we have 8 (and growing) servers in this pool, and the idea is to run this on each server when it goes to do a system restart during patching. I only want to change the values at the top of my script, so this script will remain unchanged across the 8 servers when copied locally. For example, lets say the 8 servers are named... PROD_SERVER01 to PROD_SERVER08 My script is below. ======= CHANGE PER ENVIRONMENT ========== $f5partition = "Production" $f5poolname = "Frontend_App_pool" $f5port = 8080 $user = "myf5userid" $pass = "myf5password" $f5server = "myf5server.mydomain.local" ======= NO CHANGES BELOW THIS LINE! ======= $servername = $env:COMPUTERNAME ====== AUTHORISATION SECTION ========== $pair = "$($user):$($pass)" $encodedCreds = [System.Convert]::ToBase64String([System.Text.Encoding]::ASCII.GetBytes($pair)) $basicAuthValue = "Basic $encodedCreds" $Headers = @{ Authorization = $basicAuthValue } === CONNECT TO F5 API ========= $reply = Invoke-RestMethod -Uri https://${f5server}/mgmt/tm/ltm/pool/~${f5partition}~${f5poolname}/members/~${f5partition}~${servername}:${f5port}/stats/?$select=serverside.curConns -Headers $Headers My JSON results will look like this...Just like the ones detailed in the IControlRest pdf manual...results below truncated for readability... { "generation": 263285, "kind": "tm:ltm:pool:members:membersstats", "selfLink": "https://localhost/mgmt/tm/ltm/pool/~Production~Frontend_App_pool/members/~Production~PROD_SERVER01:8080/stats?ver=12.1.3", "entries": { "https://localhost/mgmt/tm/ltm/pool/~Production~Frontend_App_pool/members/~Production~PROD_SERVER01:8080/~Production~PROD_SERVER01:8080/stats": { "nestedStats": { "kind": "tm:ltm:pool:members:membersstats", "selfLink": "https://localhost/mgmt/tm/ltm/pool/~Production~Frontend_App_pool/members/~Production~PROD_SERVER01:8080/~Production~PROD_SERVER01:8080/stats?ver=12.1.3", "entries": { "serverside.curConns": { "value": 0 } } } } } } If I run the script above once, I then have the JSON loaded into the $reply variable. Using Powershell ISE, if I then construct a WRITE-HOST statement and start typing, the remaining will fill in automatically. For example, I started with $reply. then the first entry is $reply.entries and so on, until I can find what I want... Write-Host $reply.entries.'https://localhost/mgmt/tm/ltm/pool/~Production~Frontend-App_pool/members/~Production~PROD_SERVER01:8080/~Production~PROD_SERVER01:8080/stats'.nestedStats.entries.'serverside.curConns'.value This will display the value to the screen My problem is that I am having trouble writing the script to run on PROD_SERVERS02-08, because that above WRITE-HOST statement uses fixed properties. I've tried lots of variable substitutions on this line to no avail. I'm also struggling to do anything constructive with enumerating through the multi-tiered JSON in a loop to extract the value. Any help greatly received! Thanks in advance. I'm trying to write something that doesn't have any baggage with it, so not downloading curl .exes or pre-built functions to cart around server-to-server. Neil
Snap-in installed but cmdlets not visible
So I have the snapin installed and have a script that starts off with this code, straight from examples here if ( (Get-PSSnapin | Where-Object { $_.Name -eq "iControlSnapIn"}) -eq $null ) { Add-PSSnapIn iControlSnapIn } $success = Initialize-F5.iControl -HostName $bigip -Username $user -Password $pass I run it the first time and everything works fine. Subsequent times I get this error: Get-Command : The term 'iControlSnapIn' is not recognized as the name of a cmdlet, function, script file, or operable program. The first command works and the snap-in is detected: Name : iControlSnapIn PSVersion : 2.0 Description : iControl Snap-in for F5 Device Management but it won't let me call the cmdlets. Any idea why?