Learn F5 Technologies, Get Answers & Share Community Solutions Join DevCentral

Filter by:
  • Solution
  • Technology
code share

Big-IQ bulk trust, discovery and import of Big-IP using REST API

Problem this snippet solves:

Attached is a link to github which provides the user with an comprehensive example of how to discover and import many BIGIP device via BIGIQ CM REST API.

Script bulkDiscovery.pl is a standalone script installed directly in the BIGIQ shell.

Suggested recommendations: 1. Create a /shared/scripts/. directory 2. scp file to BIGIQ, 3. Usage below.

This automation will invoke a device trust task to negotiate certificate, discover device to population in resolver groups (maintained per module) and import configuration of BIGIP's as defined in bulk_discovery.csv file. This happens sequentially and is very useful when administrator's goal is to discover and import many BIGIP devices in a programmatic manner.

** tested with perl distribution present on bigiq v5.8.8

How to use this snippet:

Usage: ./bulkDiscovery -c bulk_discovery.csv

    Program: bulkDiscovery.pl  Version: v2.00.00
    ##### Discover multiple BIG-IP devices.
    -r      Root credentials for every BIG-IP (such as root:default) - overrides root creds in CSV
    -a      Admin credentials for every BIG-IP (such as admin:admin) - overrides any creds in CSV
    -v      Verbose screen output
    -s      Discover ASM
    -l      Discover LTM
    -p      Discover APM
    -c      Path to CSV file with all BIG-IP devices - REQUIRED
    -u      Update framework if needed
    -h      Help
    -k      Keep the CSV file after this finishes (not recommended if it contains creds)
    -q      BIG-IQ admin credentials in form admin:password - REQUIRED if not using default
    -g      access group name if needed
    -f      Discover AFM

    csv format: ip, user, pw, cluster-name, framework-action, root-user, root-pw
    ip: ip address of the BigIP to discover.
    user, pw: username & password of the BigIP.  Will be overridden if -a is specified on the command     
    line.

    configuration csv example format:
    1.2.3.4
    1.2.3.4, admin, pw
    1.2.3.4, admin, pw, ha-name
    1.2.3.4,,, ha-name
    1.2.3.4, admin, pw,, skip
    1.2.3.4, admin, pw,, update, root, root-pw
Tested on Version:
12.0
Comments on this Snippet
Comment made 03-Nov-2016 by Haitao Huang

This works great with BIG-IQ 5.1 and BIG-IP 12.1! Two notes when I tried in my lab environment:

  1. use chmod 744 bulkDiscovery.pl to make executable
  2. set-basic-auth on to allow local authentication

Thank you! - Haitao

0
Comment made 27-Apr-2017 by vmathur

A new version of this script is available on https://downloads.f5.com/esd/product.jsp?sw=BIG-IQ&pro=big-iq_CM

( BIG-IQ Centralized Management , Release 5.2 with following functionality )

[root@bigiq2:Active:Standalone] images # ./bulkDiscovery.pl -h

Program: bulkDiscovery.pl Version: v2.2.0

Discover or rediscover multiple BIG-IP devices. If the csv file does not exist and the -m option is passed, the script will generate a file based on the existing discovered BIG-IPs on the BIG-IQ. This new csv file can then be edited and used for subsequent re-discoveries and re-imports.

Additional important notes:

The -l option must be included when performing initial trust, discovery and import of services.

The -m option must be used for re-discovery if any BIG-IP requires a framework upgrade.

The -n option can be used to skip service import, this is recommended if there are outstanding changes to be deployed

If a framework upgrade is required for any device, that device requires the administrator and root credentials passed either in the CSV file or using the -a and -r options.

If a failure is encountered, the script logs the error and continues. If conflicts are detected, the BIG-IQ version is selected by default, the CSV and -o option can override this. For the Access module re-import, the 'Device specific configuration' option will be used.

Allowed command line options: -h Help

    -c      Path to CSV file with all BIG-IP devices - REQUIRED, if it doesn't exist and -m is used, a new one is generated.

    -q      BIG-IQ admin credentials in form admin:password - REQUIRED if not using default

    -a      Admin credentials for every BIG-IP (such as admin:admin) - overrides any creds in CSV

    -r      Root credentials for every BIG-IP (such as root:default) - overrides root creds in CSV

    -u      Update framework if needed, CSV value overrides this value if CSV value is not null

    -g      access group name if needed, not required for re-discovery

    -l      Discover LTM, this must be included for initial discovery and import of services

    -p      Discover APM

    -s      Discover ASM

    -f      Discover AFM

    -d      Discover DNS

    -v      Verbose screen output

    -m      Perform a re-discovery and re-import, do not perform trust operation. Also include with -c to generate a new file.

    -o      USE_BIGIP for conflict resolution for any module conflict def: USE_BIGIQ, CSV value overrides this value if CSV value is not null

    -n      Do not import the service, only discover the service, the service import will be done manually

CSV file format: ip, user, pw, cluster-name, framework-action, root-user, root-pw, resolution

ip: ip address of the BIG-IP to discover. user, pw: username & password of the BIG-IP. Will be overridden if -a is specified on the command line.

cluster-name: the cluster name that will group the BIG-IP DSC cluster pair framework-action: upgrade - upgrade framework if needed, skip - skip framework update check, blank - do not attempt to update root-user, root-password: only needed for framework update of 11.5.x through 11.6.x devices. Will be overridden if -r is specified on the command line conflict resolution: can either be USE_BIGIQ or USE_BIGIP, defaults to USE_BIGIP if '-o' option is specified else USE_BIGIQ

example lines:

1.2.3.4

1.2.3.4, admin, pw

1.2.3.4, admin, pw, cluster-name

1.2.3.4,,, cluster-name,,,, USE_BIGIP

1.2.3.4, admin, pw,, skip,,, USE_BIGIP

1.2.3.4, admin, pw,, upgrade, root, root-pw

1.2.3.4, admin, pw,, upgrade, root, root-pw, USE_BIGIP

0
Comment made 13-Nov-2017 by oogabooga 70

I didn't have a lot of luck using the switches like -m, however this command worked for me

./bulkDiscovery.pl -c test-hosts.csv -q admin:PASS -a admin:PASS -v -l -o USE_BIGIP

where test-hosts.csv was just the IP address of a BIGIP

cat test-hosts.csv

1.2.3.4

0
Comment made 19-Dec-2017 by shawn.watson 0

BIGIQ 5.2.0 BIGIP12.1.2 I'm having unusual issues. The trust goes to IP in the .csv - i skip this it already exists The discovery goes to a random ip on the bigiq box - no idea why its not using .csv IP The import goes to the IP in the .csv but always presents the following error: DEVICE_RESOLVER Failed to identify and discover device; reason: Can not discover device not in ACTIVE state.

Anyone run into this issue? Using the file from the link above for BIGIQ 5.2

0