Running BASH commands via REST API
I am trying to run bash commands via the REST API but am getting an error. When trying to use the following syntax I am getting a 403 running with Admin authentication... GET: https://F5LTM/mgmt/tm/util/bash Output: {"code":403,"message":"Operation is not allowed on component /util/bash.","errorStack":[]} Does anyone know if this is possible, or have any syntax examples of how to run bash commands? I assume you need to submit a post request, but I am not sure how to structure the syntax in the body of the request and cannot find any examples.3.6KViews1like3CommentsCreate iRule REST error: Found invalid JSON body in the request
Greetings, I saw a few other forums posts about the same error but I was not able to figure out what is wrong with the command below: curl -sku admin:admin -H "Content-Type: application/json" -X POST https://sampleF5name.test.com/mgmt/tm/ltm/rule -d '{"name":"f5RESTSampleRule", "apiAnonymous":"when CLIENT_ACCEPTED {\n node 172.28.0.41 \n}" }' I changed the admin credentials and F5 name to post here. When I run the following command, I get the following back: { "code": 400, "message": "Found invalid JSON body in the request.", "errorStack": [], "apiError": 1 } I ran my JSON through a JSON validator and there were no issues with it so my assumption is that I am passing something to the F5 that is not valid but I am not sure what it is. We already have a few rules like this setup but they were created through the UI. Any help would be greatly appreciated! I assume im missing something simple here. BIG-IP v15.1.5 (Build 0.0.10)Solved2.3KViews1like3CommentsGetting active pool member connections using Python
If I want to see all of the client connections connecting to a pool member from the CLI I can do something like a "show sys connection ss-server-addr 1.2.3.4". I can also do this using Postman mapping to ";, but I cannot figure out how to do this via Python. Using Python if I try to connect to "bigip.sys.raw" I do not see a module called "connection" or anything similar. Does anyone know how, or have some sample code on how to accomplish this? Thanks!1.2KViews0likes10CommentsREST API access right
Hi all, We're running F5 LTM (version 14.1.4.x) and sorry for any newbie question. We're trying to perform some tasks through REST API to the LTM: 1. Check system status, e.g. curl -ks -H "Content-Type: application/json" -u admin:admin "https://192.168.1.1/mgmt/tm" -d "{\"command\":\"show\", \"utilCmdArgs\":\"-c 'cm failover-status'\"}" 2. Perform failover, e.g. curl -ks -H "Content-Type: application/json" -u admin:admin "https://192.168.1.1/mgmt/tm" -d "{\"command\":\"run\", \"utilCmdArgs\":\"-c 'sys failover standby'\"}" We don't want to expose admin password in any script, while authentication token seems only valid for 10 hours at most and not suitable to be used in cronjobs.We create user for this specific purpose with user role Resource Administrator who can perform the task through ssh or GUI. However, both commands can run as that specific user (testuser1) in tmsh interactively, but fail when running through curl with error: {"code":401,"message":"Authorization failed: user=https://localhost/mgmt/shared/authz/users/testuser1 resource=/mgmt/tm verb=POST uri:http://localhost:8100/mgmt/tm referrer:192.168.1.8 sender:192.168.1.8","referer":"192.168.1.8","restOperationId":2225072,"kind":":resterrorresponse"} I'm afraid we've something missed or setting up based on wrong concept... Would anyone please help? Thanks and Rgds /st wong1.1KViews0likes6CommentsCert Invalid Parameter
I am getting a 400 response from the /mgmt/tm/sys/crypto/cert endpoint. The body I am passing is: {"command":"install","name":"testdomain","from-local-file":"/var/config/rest/downloads/testdomain.key"} . The file exists and if I remove the file, I get an error that the file could not be copied, so I think this actually is copying this file. The response body is: Key management library returned bad status: -4, Invalid Parameter . Any help would be really appreciated. I am following the instruction here, but I am using token auth: https://devcentral.f5.com/questions/upload-ssl-keys-certs-via-icontrol-rest-api This could be related to the issue I am having with uploading files, I opened a question here: https://devcentral.f5.com/questions/unable-to-upload-file-through-icontrol-rest-interface-49232Solved912Views0likes5CommentsHow to attach TCP profile for server/client individually via REST API?
Hi, I was trying to attach the TCP profile to virtual server by REST API. But now what I only can do is to specify the context to "all", then call PATCH on /tm/ltm/virtual/VIRTUALNAME. The content is: {"ipProtocol":"tcp","profilesReference":{"items":[{"kind":null,"name":"VIRTUALNAME","partition":null,"fullPath":null,"generation":0,"selfLink":null,"context":"all"}]}} "Context = all" means I am setting both of the client and server side at the same time. But I would like to set them separately to two different profiles, then I tried context = clientside or context = serverside. Then an error like "Less than the required minimum number of profiles found on VIRTUALNAME: Exactly 1 of (UDP Profile (serverside), TCP Profile (serverside), SCTP Profile (serverside))" was returned. Looks like when only setting clientside/serverside profile, F5 will delete both profiles for clientside and serverside firstly, then update the user's profile. But at that time, the profile is only for server or client, the other part of the profile has been deleted in the previous step, which led to this error. Could anyone help figure out if I am doing in the incorrect way? Or if this might be a bug of setting TCP profiles? Heap thanks.849Views0likes0CommentsPowerShell - How to modify system iFile?
I use PowerShell to upload a text file containing a number of parameters that I want to use in an existing iRule. Through the web-gui I have already created an iFile named 'iFileApiKeys'. In PowerShell I use this procedure to upload the text file: $length = "0-" + ($fileContent.Length - 1) + "/" + $fileContent.Length $headers = @{ "Content-Range" = $length} $uploadResult = Invoke-WebRequest $URL -Method POST -Headers $headers -InFile $filePathPlusTextfile - ContentType "multipart/form-data" -TimeoutSec 20 -Credential $mycreds | ConvertFrom-Json Write-Host "Upload Result:" Write-Host $uploadResult According to the 'uploadResult' the file ends up in the folder:'var/config/rest/downloads/iFileApiKeys.txt' on my F5 LTM Using 'SuperPutty' I can via tmos (tmsh) modify the existing system iFile by executing: `tmos> modify /sys file ifile iFileApiKeys source-path file:///var/config/rest/downloads/iFileApiKeys.txt My problem is that I can't seem to find the correct PowerShell command to achieve the same result as the tmos (tmsh) command does. I want to use and actually think I should use: `Invoke-Webrequest -Method Put` I've been trying to emulate an example taken from a Jason Rahm post on this site: https://devcentral.f5.com/articles/getting-started-with-icontrol-working-with-the-system-20592 Like this: $sysIfilePath = "/mgmt/tm/sys/file/ifile/iFileApiKeys" `$sysPath = "https://" + $host_address + $sysIfilePath $updateresult = Invoke-WebRequest -Method Put -Uri $sysPath -Headers $headers -Credential $mycreds -Body $body But this command fails unfortunately, My assumption is that I don't fill $headers and/or $body with the correct values. When executing a GET for my sys iFile object the result is: ``{"kind":"tm:sys:file:ifile:ifilestate","name":"iFileApiKeys","fullPath":"iFileApiKeys","generation":10970077,"selfLink":"https://localhost/mgmt/tm/sys/file/ifile/iFileApiKeys?ver=13.1.0.2","chec ksum":"SHA1:878:52a261b5a113db5c9421a54e1e8b5685e7da7a4d","createTime":"2018-11-26T22:52:08Z","createdBy":"per.eriksson","lastUpdateTime":"2018-12-08T19:49:15Z","mode":33188,"revision":24,"size" :878,"sourcePath":"file:///var/config/rest/downloads/iFileApiKeys.txt","updatedBy":"per.eriksson"} Anyone out there that can point me in the right direction on how to update my sys iFile using PowerShell? Thank you! /Per740Views0likes2CommentsPartial Updates to Metadata for GTM and LTM
I'd like to add metadata to WIPs without overwriting any existing data (or, if the same metadata exists, to update that). I connect to iControl REST with HTTP "PATCH" method and a JSON payload, and that works well enough, but the payload totally overwrites whatever already existed. Looking in the LTM audit log, I see: Jul 24 13:12:55 <snip/> notice icrd_child[17595]: 01420002:5:AUDIT- pid=17595 user=myUser folder=/Common module=(tmos)# status=[Command OK] cmd_data=modifyltmvirtual /Common/myPool-443 {metadata replace-all-with{ dummyMetadata { persist false value IgnoreMe } } } Is there an alternative to replace-all-with? If so, is there a different method or request I should use?Solved676Views0likes2CommentsBIG-IQ - Central Management / Cloud + REST API
Two Questions: 1.) Does anyone happen to have information on where the BIG-IQ Central Manager REST API guide is (specific to central management)? The only REST API guides and Python/REST code examples I've seen, appear to be for the BIG-IQ Cloud product. I'm looking to push out based configurations to new LTMs using Central Management as a REST API proxy for LTMs it's managing. I assume that BIP central management offers APIs to do this sort of thing? 2.) If not using NSX or Cisco ACI does BIG-IQ Cloud still have a place in virtual environment orchestration deployments? Meaning if I had a third party process orchestrator (Scorch, HP OO, etc) + a Vmware VCenter environment (no NSX) would BIG-IQ cloud be the tool of choice for spinning up and configuring LTM instances or is BIG-IQ CLoud just for NSX and ACI based environments?Solved667Views0likes7Comments