Import PKCS 12 SSL to Device Certificate via API/Script or CLI on BIG-IP
We have more than 160 BIG-IP Virtual Edition with version 15.1.10.3 build 0.0.12. We need to import, in each one, an SSL Certificate in PFX/PKCS 12 format in the path System ›› Certificate Management: Device Certificate Management: Device Certificate. We looked in the documentation and the KB but we couldn't find a way to do it. Has anyone dealt with this and have a solution to do it via Script, CLI or API? Thank you.BIG-IP Next HA Pair Onboarding REST API
I've been playing around with BIG-IP Next in my home lab for the past few days and have managed to successfully onboard an HA pair of BIG-IP Next instances via the BIG-IP Next Central Manager GUI. I am now trying to do the same thing, but this time with the REST API. However, when I attempt to do this, I receive the following error when checking the onboarding task from Postman : "failure_reason": "failed to save details about new onboarding node (address 10.1.0.242)", I am using the following JSON documented under the 'Deploy an Onboarding Manifest' heading (I have just substituted the property values to reflect my lab environment) andI am sending the API call to the Central Manager management IP. https://clouddocs.f5.com/products/big-iq/mgmt-api/v0.0.1/ApiReferences/bigip_public_api_ref/r_openapi-next.html#operation/DeployOnboardingManifest Out of interest, has anyone managed to get this working?
Finding all virtual servers with "log all traffic" policy applied via API
Hello, I am trying to locate virtual server configs in my F5 environment that are configured to log all traffic requests. Obviously, this has a detrimental impact to F5 logging performance. Is there a way to use the TMSH shell or REST API to interrogate the F5 appliance via a script and get a listing of all virtuals that use a "log all traffic" policy so I can change the policy and give our logging servers a bit of respite? Thank you, KyleREST API authorization in a cronjob, recommendation
I'd like to run an automatic script via cronjob to trigger REST API calls on a BIG-IQ (the script is located on the BIG-IQ itself). What possibilities are available in regards to authorization, especially from a security point of view, meaning avoiding placing credentials in the script. Is there maybe an option to use mutual SSL as trust? Right now doing manual testing I first create a token with basic credentials and then doing the REST-call with this token. But having an automatic script, there is no posibility to enter the password, means it needs to be placed somewhere. Any ideas would be very helpful. Thank you! Regards Stefan 🙂
How can I Delete certificate via REST API?
Hello, I created a Client SSL Certificate and now I am trying to delete it from my F5 via REST API, I tried to use this article: https://clouddocs.f5.com/products/big-iq/mgmt-api/v7.0.0/ApiReferences/bigiq_public_api_ref/r_adc_ssl_cert.html This is the syntax of the command that I am typing: (this command supose to show me all my certificates, no?) curl -sk -u admin:Aa123456 -H "Content-Type: application/json" -X GET /mgmt/cm/adc-core/working-config/sys/file/ssl-cert all I got after executing this command is nothing. Also when I trying to excute this command, I get the same result, nothing happens curl -sk -u admin:Aa123456 -H "Content-Type: application/json" -X DELETE /mgmt/cm/adc-core/working-config/sys/file/ssl-cert/cert_name Please somebody explain to me what I am doing wrong
An example of an AS3 Rest API call to create a GSLB configuration on BIG-IP.
Hi everyone, Below you can find an example of an AS3 Rest API call that creates a simple GSLB configuration on BIG-IP devices. The main purpose of this article is to share this configuration with others. Of course, on different sites (github, etc) you can find different bits of data, but I think this example will be useful, because it contains all the necessary information about how to create different GSLB objects at the same time, such as: Data Centers (DCs), Servers, Virtual Servers (VSs), Wide IPs, pools and more over. { "class": "AS3", "declaration": { "class": "ADC", "schemaVersion": "3.21.0", "id": "GSLB_test", "Common": { "class": "Tenant", "Shared": { "class": "Application", "template": "shared", "DC1": { "class": "GSLB_Data_Center" }, "DC2": { "class": "GSLB_Data_Center" }, "device01": { "class": "GSLB_Server", "dataCenter": { "use": "DC1" }, "virtualServers": [ { "name": "/ocp/Shared/ingress_vs_1_443", "address": "A.B.C.D", "port": 443, "monitors": [ { "bigip": "/Common/custom_icmp_2" } ] } ], "devices": [ { "address": "A.B.C.D" } ] }, "device02": { "class": "GSLB_Server", "dataCenter": { "use": "DC2" }, "virtualServers": [ { "name": "/ocp2/Shared/ingress_vs_2_443", "address": "A.B.C.D", "port": 443, "monitors": [ { "bigip": "/Common/custom_icmp_2" } ] } ], "devices": [ { "address": "A.B.C.D" } ] }, "dns_listener": { "class": "Service_UDP", "virtualPort": 53, "virtualAddresses": [ "A.B.C.D" ], "profileUDP": { "use": "custom_udp" }, "profileDNS": { "use": "custom_dns" } }, "custom_dns": { "class": "DNS_Profile", "remark": "DNS Profile test", "parentProfile": { "bigip": "/Common/dns" } }, "custom_udp": { "class": "UDP_Profile", "datagramLoadBalancing": true }, "testpage_local": { "class": "GSLB_Domain", "domainName": "testpage.local", "resourceRecordType": "A", "pools": [ { "use": "testpage_pool" } ] }, "testpage_pool": { "class": "GSLB_Pool", "resourceRecordType": "A", "members": [ { "server": { "use": "/Common/Shared/device01" }, "virtualServer": "/ocp/Shared/ingress_vs_1_443" }, { "server": { "use": "/Common/Shared/device02" }, "virtualServer": "/ocp2/Shared/ingress_vs_2_443" } ] } } } } } P.S. The AS3 scheme guide was very helpful: https://clouddocs.f5.com/products/extensions/f5-appsvcs-extension/latest/refguide/schema-reference.htmlUsing Powershell to create an iApp Service
HI All, Long time user first time poster 🙂 I am currently tryinbg to use the REST API to automate the creatation of iApps for a project we are working on. We are trying to create a basic vServer with one pool on port 80 with no profiles, and creating this under an Application Service. using the predefied iApp http template. I am trying to use Powershell to do this, and using the PS Module that is up on GitHub (https://github.com/joel74/POSH-LTM-Rest) as the basis for my script. I have been able to run a GET and get the JSON of an existing Application Service, and changing the parameters and doing a POST it is failing with the below error Invoke-RestMethodOverride : "400 Bad Request: "name" unexpected argument At line:1 char:7 + Invoke-RestMethodOverride -Method POST -Uri "$URI" ` + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : NotSpecified: (:) [Write-Error], WriteErrorException + FullyQualifiedErrorId : Microsoft.PowerShell.Commands.WriteErrorException,Invoke-RestMethodOverride Has been driving me crazy, any recommendations? Devcentral is not letting me upload the JSON Body cause it is too long, but below is a link to download my script, it is a txt file. https://goo.gl/4Cc3z2 Thanks
