Import PKCS 12 SSL to Device Certificate via API/Script or CLI on BIG-IP
We have more than 160 BIG-IP Virtual Edition with version 15.1.10.3 build 0.0.12. We need to import, in each one, an SSL Certificate in PFX/PKCS 12 format in the path System ›› Certificate Management: Device Certificate Management: Device Certificate. We looked in the documentation and the KB but we couldn't find a way to do it. Has anyone dealt with this and have a solution to do it via Script, CLI or API? Thank you.98Views0likes1CommentBIG-IP Next HA Pair Onboarding REST API
I've been playing around with BIG-IP Next in my home lab for the past few days and have managed to successfully onboard an HA pair of BIG-IP Next instances via the BIG-IP Next Central Manager GUI. I am now trying to do the same thing, but this time with the REST API. However, when I attempt to do this, I receive the following error when checking the onboarding task from Postman : "failure_reason": "failed to save details about new onboarding node (address 10.1.0.242)", I am using the following JSON documented under the 'Deploy an Onboarding Manifest' heading (I have just substituted the property values to reflect my lab environment) andI am sending the API call to the Central Manager management IP. https://clouddocs.f5.com/products/big-iq/mgmt-api/v0.0.1/ApiReferences/bigip_public_api_ref/r_openapi-next.html#operation/DeployOnboardingManifest Out of interest, has anyone managed to get this working?239Views2likes0CommentsFinding all virtual servers with "log all traffic" policy applied via API
Hello, I am trying to locate virtual server configs in my F5 environment that are configured to log all traffic requests. Obviously, this has a detrimental impact to F5 logging performance. Is there a way to use the TMSH shell or REST API to interrogate the F5 appliance via a script and get a listing of all virtuals that use a "log all traffic" policy so I can change the policy and give our logging servers a bit of respite? Thank you, Kyle592Views1like3CommentsREST API authorization in a cronjob, recommendation
I'd like to run an automatic script via cronjob to trigger REST API calls on a BIG-IQ (the script is located on the BIG-IQ itself). What possibilities are available in regards to authorization, especially from a security point of view, meaning avoiding placing credentials in the script. Is there maybe an option to use mutual SSL as trust? Right now doing manual testing I first create a token with basic credentials and then doing the REST-call with this token. But having an automatic script, there is no posibility to enter the password, means it needs to be placed somewhere. Any ideas would be very helpful. Thank you! Regards Stefan 🙂579Views0likes3CommentsGET all pool /mgmt/tm/ltm/pool/members/stats, but the Partition outside of Common cannot be obtained
1. Get all configuration through API instead of a specific Pool. (https://1.1.1.1/mgmt/tm/ltm/pool/members/stats) 2.This can only obtain Common Partition, and other Partitions cannot be obtained. Obtaining each API separately incurs too much performance overhead on the device (https://1.1.1.1/mgmt/tm/ltm/pool/members/stats) 3.Alternatively, it can support obtaining Pool Members for a specific Partition. 4. Can URLs support adding parameters, such as https://1.1.1.1/mgmt/tm/ltm/pool/members/stats?partition=aaa But? partition=aaa parameter not valid.Solved1.3KViews1like6CommentsHow can I Delete certificate via REST API?
Hello, I created a Client SSL Certificate and now I am trying to delete it from my F5 via REST API, I tried to use this article: https://clouddocs.f5.com/products/big-iq/mgmt-api/v7.0.0/ApiReferences/bigiq_public_api_ref/r_adc_ssl_cert.html This is the syntax of the command that I am typing: (this command supose to show me all my certificates, no?) curl -sk -u admin:Aa123456 -H "Content-Type: application/json" -X GET /mgmt/cm/adc-core/working-config/sys/file/ssl-cert all I got after executing this command is nothing. Also when I trying to excute this command, I get the same result, nothing happens curl -sk -u admin:Aa123456 -H "Content-Type: application/json" -X DELETE /mgmt/cm/adc-core/working-config/sys/file/ssl-cert/cert_name Please somebody explain to me what I am doing wrong998Views0likes2CommentsAn example of an AS3 Rest API call to create a GSLB configuration on BIG-IP.
Hi everyone, Below you can find an example of an AS3 Rest API call that creates a simple GSLB configuration on BIG-IP devices. The main purpose of this article is to share this configuration with others. Of course, on different sites (github, etc) you can find different bits of data, but I think this example will be useful, because it contains all the necessary information about how to create different GSLB objects at the same time, such as: Data Centers (DCs), Servers, Virtual Servers (VSs), Wide IPs, pools and more over. { "class": "AS3", "declaration": { "class": "ADC", "schemaVersion": "3.21.0", "id": "GSLB_test", "Common": { "class": "Tenant", "Shared": { "class": "Application", "template": "shared", "DC1": { "class": "GSLB_Data_Center" }, "DC2": { "class": "GSLB_Data_Center" }, "device01": { "class": "GSLB_Server", "dataCenter": { "use": "DC1" }, "virtualServers": [ { "name": "/ocp/Shared/ingress_vs_1_443", "address": "A.B.C.D", "port": 443, "monitors": [ { "bigip": "/Common/custom_icmp_2" } ] } ], "devices": [ { "address": "A.B.C.D" } ] }, "device02": { "class": "GSLB_Server", "dataCenter": { "use": "DC2" }, "virtualServers": [ { "name": "/ocp2/Shared/ingress_vs_2_443", "address": "A.B.C.D", "port": 443, "monitors": [ { "bigip": "/Common/custom_icmp_2" } ] } ], "devices": [ { "address": "A.B.C.D" } ] }, "dns_listener": { "class": "Service_UDP", "virtualPort": 53, "virtualAddresses": [ "A.B.C.D" ], "profileUDP": { "use": "custom_udp" }, "profileDNS": { "use": "custom_dns" } }, "custom_dns": { "class": "DNS_Profile", "remark": "DNS Profile test", "parentProfile": { "bigip": "/Common/dns" } }, "custom_udp": { "class": "UDP_Profile", "datagramLoadBalancing": true }, "testpage_local": { "class": "GSLB_Domain", "domainName": "testpage.local", "resourceRecordType": "A", "pools": [ { "use": "testpage_pool" } ] }, "testpage_pool": { "class": "GSLB_Pool", "resourceRecordType": "A", "members": [ { "server": { "use": "/Common/Shared/device01" }, "virtualServer": "/ocp/Shared/ingress_vs_1_443" }, { "server": { "use": "/Common/Shared/device02" }, "virtualServer": "/ocp2/Shared/ingress_vs_2_443" } ] } } } } } P.S. The AS3 scheme guide was very helpful: https://clouddocs.f5.com/products/extensions/f5-appsvcs-extension/latest/refguide/schema-reference.html690Views1like2CommentsUsing Powershell to create an iApp Service
HI All, Long time user first time poster 🙂 I am currently tryinbg to use the REST API to automate the creatation of iApps for a project we are working on. We are trying to create a basic vServer with one pool on port 80 with no profiles, and creating this under an Application Service. using the predefied iApp http template. I am trying to use Powershell to do this, and using the PS Module that is up on GitHub (https://github.com/joel74/POSH-LTM-Rest) as the basis for my script. I have been able to run a GET and get the JSON of an existing Application Service, and changing the parameters and doing a POST it is failing with the below error Invoke-RestMethodOverride : "400 Bad Request: "name" unexpected argument At line:1 char:7 + Invoke-RestMethodOverride -Method POST -Uri "$URI" ` + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : NotSpecified: (:) [Write-Error], WriteErrorException + FullyQualifiedErrorId : Microsoft.PowerShell.Commands.WriteErrorException,Invoke-RestMethodOverride Has been driving me crazy, any recommendations? Devcentral is not letting me upload the JSON Body cause it is too long, but below is a link to download my script, it is a txt file. https://goo.gl/4Cc3z2 Thanks404Views0likes2CommentsMigrate part of GTM to another GTM
Hi, currently our GTM's have both test and prod config. We have buildup new test GTM's and want to migrate the test config (LTM's, Virtual servers, Pools, Wide IP etc) to the new pair. What is the suggested approach for this ? Is there any script that we could use ?Solved1.7KViews0likes2CommentsEnable OCSP Stapling via REST API
Hi all I'm struggling with the command syntax that will apply my OCSP stabling configuration on a certificate. I have found a workaround by pushing native tmsh commands via the bash api like this: curl -sk -u admin:password POST -H "Content-type: application/json" https://bigip-mgmt-ip/mgmt/tm/util/bash -d "{\"command\":\"run\", \"utilCmdArgs\": \"-c 'tmsh modify sys crypto cert example.com_2021-12-12 cert-validation-options { ocsp } cert-validators replace-all-with { letsencrypt_ocsp_R3 } issuer-cert R3_LE_2025'\"}" It works but I find itcrude and against the idea of using the API. I would very much like to be able to do it all REST API native but all tries ends up in: {"code":415,"message":"Found invalid content-type. The content-type must be application/json. The received content-type is application/x-www-form-urlencoded","errorStack":[],"apiError":1} Any input is very much appricaited!Solved1.6KViews0likes3Comments