Learn F5 Technologies, Get Answers & Share Community Solutions Join DevCentral

Filter by:
  • Solution
  • Technology
code share

PowerShell module for the F5 LTM REST API

Problem this snippet solves:

This PowerShell module uses the iControlREST API to manipulate and query pools, pool members, virtual servers, and iRules. It aims to support version 11.5.1 and higher, and to conform to the schedule for technical support of versions, though this may eventually prove to become difficult.

The module currently includes some functionality that, strictly speaking, is outside the scope of the LTM module. Hence, there is an active effort to wrap this LTM module into a larger BIG-IP module, and relocate that functionality elsewhere within that parent module, as well as expand the scope of functionality to include BIG-IP DNS (formerly GTM) and possibly other areas. Both the LTM module and the parent BIG-IP module are projects on github. Please use these projects to report any issues you discover. Thanks!

The module contains the following functions.

  • Add-iRuleToVirtualServer
  • Add-iRuleToVirtualServer
  • Add-PoolMember
  • Add-PoolMonitor
  • Disable-PoolMember
  • Disable-VirtualServer
  • Enable-PoolMember
  • Enable-VirtualServer
  • Get-CurrentConnectionCount (deprecated; use Get-PoolMemberStats | Select-Object -ExpandProperty 'serverside.curConns')
  • Get-F5Session (will be deprecated in future versions. use New-F5Session)
  • Get-F5Status
  • Get-HealthMonitor
  • Get-HealthMonitorType
  • Get-iRule
  • Get-iRuleCollection (deprecated; use Get-iRule)
  • Get-Node
  • Get-BIGIPPartition
  • Get-Pool
  • Get-PoolList (deprecated; use Get-Pool)
  • Get-PoolMember
  • Get-PoolMemberCollection (deprecated; use Get-PoolMember)
  • Get-PoolMemberCollectionStatus
  • Get-PoolMemberDescription (deprecated; use Get-PoolMember)
  • Get-PoolMemberIP (deprecated; use Get-PoolMember)
  • Get-PoolMembers (deprecated; use Get-PoolMember)
  • Get-PoolMemberStats
  • Get-PoolMemberStatus (deprecated; use Get-PoolMember)
  • Get-PoolMonitor
  • Get-PoolsForMember
  • Get-StatusShape
  • Get-VirtualServer
  • Get-VirtualServeriRuleCollection (deprecated; use Get-VirtualServer | Where rules | Select -ExpandProperty rules)
  • Get-VirtualServerList (deprecated; use Get-VirtualServer)
  • Invoke-RestMethodOverride
  • New-F5Session
  • New-HealthMonitor
  • New-Node
  • New-Pool
  • New-VirtualServer
  • Remove-HealthMonitor
  • Remove-iRule
  • Remove-iRuleFromVirtualServer
  • Remove-Pool
  • Remove-PoolMember
  • Remove-PoolMonitor
  • Remove-ProfileRamCache
  • Remove-Node
  • Remove-VirtualServer
  • Set-iRule
  • Set-PoolLoadBalancingMode (deprecated; use Set-Pool)
  • Set-PoolMemberDescription
  • Set-Pool
  • Set-VirtualServer
  • Sync-DeviceToGroup
  • Test-F5Session
  • Test-Functionality
  • Test-HealthMonitor
  • Test-Node
  • Test-Pool
  • Test-VirtualServer
How to use this snippet:

To use the module, click 'Download Zip', extract the files, and place them in a folder named F5-LTM beneath your PowerShell modules folder. By default, this is %USERPROFILE%\Documents\WindowsPowerShell\Modules. The WindowsPowerShell and Modules folders may need to be created.

You will most likely need to unblock the files after extracting them. Use the Unblock-File PS cmdlet to accomplish this.

The Validation.cs class file (based on code posted by Brian Scholer) allows for using the REST API with LTM devices with self-signed SSL certificates.

Nearly all of the functions require an F5 session object as a parameter, which contains the base URL for the F5 LTM and a credential object for a user with privileges to manipulate the F5 LTM via the REST API. Use the New-F5session function to create this object. This function expects the following parameters:

  • The name or IP address of the F5 LTM device
  • A credential object for a user with rights to use the REST API
  • An optional TokenLifespan value for extending the life of the authentication token past the default 20 minutes

You can create a credential object using Get-Credential and entering the username and password at the prompts, or programmatically like this:

$secpasswd = ConvertTo-SecureString "PlainTextPassword" -AsPlainText -Force
$mycreds = New-Object System.Management.Automation.PSCredential "username", $secpasswd

Thanks to Kotesh Bandhamravuri and his blog entry for this snippet.

There is a function called Test-Functionality that takes an F5Session object, a new pool name, a new virtual server, an IP address for the virtual server, and a computer name as a pool member, and validates nearly all the functions in the module.

I've also contributed this code sample for how to gather some basic info about your LTM with this PS module.

The module has been tested on:

  • 11.5.1 Build 8.0.175 Hotfix 8 and later
  • 11.6.0 Build 5.0.429 Hotfix 4 and later
  • 12.0 / 12.1
  • 13.0
Tested on Version:
11.5
Comments on this Snippet
Comment made 10-Dec-2015 by Grayson 338
So I just copied and pasted all three files to both of the following locations: %USERPROFILE%\Documents\WindowsPowerShell\Modules && C:\Windows\System32\WindowsPowerShell\v1.0\Modules\F5-LTM. I then type: Import-Module F5-LTM Then I get the following error: could not be processed because it is not a valid Windows PowerShell restricted language file. Remove the elements that are not permitted by the restricted language. I set my policy execution to unrestricted. I am running Powershell 4. I feel like some instructions are missing somewhere.
0
Comment made 10-Dec-2015 by Joel Newton 392
Hi, Grayson. Thanks for the feedback. I found that I have to unblock all four files ones they have been downloaded and extracted. To do this, right-click on the files, select 'Properties' and then 'Unblock.' The files only need to be placed in one of the two locations - %USERPROFILE% is the preferred one, as C:\Windows\... is typically reserved for Microsoft modules. Can you verify that the structure looks like: C:\Users\(Your user name)\Documents\WindowsPowerShell\Modules\F5-LTM\(downloaded files). If this still doesn't work, please let me know. Thanks.
0
Comment made 10-Dec-2015 by Grayson 338
he '<' operator is reserved for future use. At C:\Users\jbob\Documents\f5\F5-LTM.psm1:5761 char:203 + ... g:0;display:inline"><input name="utf8" type="hidden" value="&#x2713;" ... + ~ The ampersand (&) character is not allowed. The & operator is reserved for future use; wrap an ampersand in double quotation marks ("&") to pass it as part of a string. At C:\Users\jbob\Documents\f5\F5-LTM.psm1:5792 char:11 + <li>&copy; 2015 <span title="0.10905s from github-fe131-cp1-prd ... + ~ The ampersand (&) character is not allowed. The & operator is reserved for future use; wrap an ampersand in double quotation marks ("&") to pass it as part of a string. At C:\Users\jbob\Documents\f5\F5-LTM.psm1:5792 char:23 + <li>&copy; 2015 <span title="0.10905s from github-fe131-cp1-prd ... Still having issues, I had unblocked them all.
0
Comment made 10-Dec-2015 by Joel Newton 392
Hi, Grayson. Did you put the files in C:\Users\jbob\Documents\f5? They should be in C:\Users\jbob\Documents\WindowsPowerShell\Modules\F5-LTM. Please try that and see if it fixes the issue. You may need to create the 'WindowsPowerShell' and 'Modules' folders if they don't exist. Also, I'm not sure what the references to the ampersands are from. Is that in your error message?
0
Comment made 10-Dec-2015 by Grayson 338
I did not have that folder originally, but I did create it. C:\Users\jbob\Documents\WindowsPowershell\Modules\F5-LTM. I have all four files downloaded there and unblocked them. I change my computer environmental variables to point to the path above. I refresh PowerShell and run "Import-Module F5-LTM" and then gives a bunch of errors. Formatting here isn't great or I'd code paste it. I've tried this one different systems and get the same issues.
0
Comment made 10-Dec-2015 by Joel Newton 392
(This was resolved. There was an issue with how Grayson was downloading the files from GitHub.)
0
Comment made 07-Mar-2016 by J. Navarro 259
Hi! I am getting an error: PS C:\Users\user-1> Get-Pool | Select-Object -ExpandProperty fullPath ConvertFrom-Json : Cannot bind argument to parameter 'InputObject' because it is null. At C:\Users\user-1\Documents\WindowsPowerShell\Modules\F5-LTM\Public\Invoke-RestMethodOverride.ps1:29 char:50 + $message = $_.ErrorDetails.Message | ConvertFrom-json | Select-Objec ... + ~~~~~~~~~~~~~~~~ + CategoryInfo : InvalidData: (:) [ConvertFrom-Json], ParameterBindingValidationException + FullyQualifiedErrorId : ParameterArgumentValidati NullNotAllowed,Microsoft.PowerShell.Commands.ConvertFrom JsonCommand Invoke-RestMethodOverride : "401 F5 Authorization Required: Failed to get the /*/*' pool(s). At C:\Users\user-1\Documents\WindowsPowerShell\Modules\F5-LTM\Public\Get-Pool.ps1:28 char:21 + $JSON = Invoke-RestMethodOverride -Method Get -Uri $Uri -Credential ... + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : NotSpecified: (:) [Write-Error], WriteErrorException + FullyQualifiedErrorId : Microsoft.PowerShell.Commands.WriteErrorException,Invoke-RestMethodOverride PS C:\Users\user-1> Please advise
0
Comment made 09-Mar-2016 by Joel Newton 392
Hi, J. It looks like you may not have authorized yet to the F5. You'll need to create the F5 session first (i.e. New-F5Session -LTMName (myLTM) -LTMCredentials $mycredsobject -Default ) and then you should be able to call Get-Pool | Select-Object -ExpandProperty fullPath ConvertFrom-Json without issue. Let me know. Thanks.
0
Comment made 20-Mar-2016 by prole92 211
Can't believe I saw this just now. I started scripting my own module a couple of days ago. This one is a bit more extensive however, it will be really useful. Do you have any plans to cover other modules as well? I was planning on making one for ASM.
0
Comment made 21-Mar-2016 by Joel Newton 392
No plans to cover modules other than LTM right now, as that's all I have access to. If I can assist by reviewing code or offering snippets to help with other modules, please let me know.
0
Comment made 21-Apr-2016 by pbarbuto 0
I get this error "'Register-ArgumentCompleter' is not recognized as the name of a cmdlet" Is this a PowerShell 5.0 comdlet or should I be able to complete this with 4.0? Update: updating to PowerShell 5.0 resolved this issue. Thanks!
0
Comment made 21-Apr-2016 by Joel Newton 392
Hi. You are correct - Register-ArgumentCompleter is a PS5 cmdlet. I didn't realize this was a requirement when this function was contributed to the module. I'd prefer to have the minimum version requirement be v4, so I'm going to see about changing this. Thanks.
0
Comment made 21-Apr-2016 by pbarbuto 0
Joel, thanks for your response. We needed to upgrade to PS 5.0 anyway :/ One more thing though, it seems like the module cant be imported in PowerShell (x86). It imports fine in PS x64, but when I try to import it in an x86 PS window I get an error that the module cannot be found. Have you encountered this and is it expected? Thanks!
0
Comment made 21-Apr-2016 by Joel Newton 392
Hi, pbarbuto, I just tested to confirm that I could import the module into an x86 PS shell, and it worked. Assuming that the module is in one of the folders listed in the PSModulePath environment variable, you should be able to import it without issue. You could also try typing in the full path to the module. Please let me know if you're still having issues. Thanks.
0
Comment made 21-Apr-2016 by pbarbuto 0
I got it. Thanks!
0
Comment made 29-Apr-2016 by CRM 0
I'm new to using PowerShell and the LTM-REST module and a little help would be appreciated. I'm getting this error when trying to connect to a F5 and get a list of the existing pools. ConvertFrom-Json : Cannot bind argument to parameter 'InputObject' because it is null. At C:\windows\system32\windowspowershell\v1.0\Modules\F5-LTM\1.3.26\Public\Invoke-RestMethodOverride.ps1:36 char:50 + ... $message = $_.ErrorDetails.Message | ConvertFrom-json | Selec ... + ~~~~~~~~~~~~~~~~ + CategoryInfo : InvalidData: (:) [ConvertFrom-Json], ParameterBindingValidationException + FullyQualifiedErrorId : ParameterArgumentValidati NullNotAllowed,Microsoft.PowerShell.Commands.ConvertFromJsonCommand Invoke-RestMethodOverride : "404 Not Found: At C:\windows\system32\windowspowershell\v1.0\Modules\F5-LTM\1.3.26\Public\Get-Pool.ps1:32 char:21 + ... $JSON = Invoke-RestMethodOverride -Method Get -Uri $URI -Credenti ... + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : NotSpecified: (:) [Write-Error], WriteErrorException + FullyQualifiedErrorId : Microsoft.PowerShell.Commands.WriteErrorException,Invoke-RestMethodOverride And I am not positive whether I am even getting authenticated. This is the script being used: $host_address = "IPAddress_of_F5_Appliance" $user_id = "F5_Account_ID" $secpasswd = "Pasword_Assigned_To_F5_Account_ID" $secpasswd = ConvertTo-SecureString "Pasword_Assigned_To_F5_Account_ID" -AsPlainText -Force $mycreds = New-Object System.Management.Automation.PSCredential ($user_id, $secpasswd) New-F5session -LTMName $host_address -LTMCredentials $mycreds -PassThrough Get-Pool | Select-Object -ExpandProperty fullPath ConvertFrom-Json I'm running PowerShell v.5 Thanks.
0
Comment made 29-Apr-2016 by Joel Newton 392
Hi, it looks like you're close. When you call: New-F5session -LTMName $host_address -LTMCredentials $mycreds -PassThrough you should see your session object written out to the console if you successfully connect. -PassThrough is really only needed if you're going to capture the session in a variable and then pass it to a function. You could try: $F5Session = New-F5session -LTMName $host_address -LTMCredentials $mycreds -PassThrough; Get-Pool -F5Session $F5Session | Select-Object -ExpandProperty fullPath; Let me know if this helps. Thanks.
0
Comment made 29-Apr-2016 by CRM 0
Thank you very much for the quick response Joel. I tried the method you recommended and even change the F5 being accessed but I'm still getting the same response or a similar one. PS C:\WINDOWS\system32> $host_address = "F5_IP_Address" $secpasswd = ConvertTo-SecureString "F5_Account_Password" -AsPlainText -Force $mycreds = New-Object System.Management.Automation.PSCredential ("F5_Account", $secpasswd) $F5Session = New-F5session -LTMName $host_address -LTMCredentials $mycreds -PassThrough PS C:\WINDOWS\system32> $F5Session Name BaseURL Credential ---- ------- ---------- F5_IP_Address https://F5_IP_Address/mgmt/tm/ltm/ System.Management.Automation.PSCredential Up to this point no errors displayed; but , once I run the next command, the error shown below is displayed. PS C:\WINDOWS\system32> Get-Pool -F5Session $F5Session | Select-Object -ExpandProperty fullPath ConvertFrom-Json : Cannot bind argument to parameter 'InputObject' because it is null. At C:\windows\system32\windowspowershell\v1.0\Modules\F5-LTM\1.3.26\Public\Invoke-RestMethodOverride.ps1:36 char:50 + ... $message = $_.ErrorDetails.Message | ConvertFrom-json | Selec ... + ~~~~~~~~~~~~~~~~ + CategoryInfo : InvalidData: (:) [ConvertFrom-Json], ParameterBindingValidationException + FullyQualifiedErrorId : ParameterArgumentValidati NullNotAllowed,Microsoft.PowerShell.Commands.ConvertFromJsonCommand Invoke-RestMethodOverride : " : At C:\windows\system32\windowspowershell\v1.0\Modules\F5-LTM\1.3.26\Public\Get-Pool.ps1:32 char:21 + ... $JSON = Invoke-RestMethodOverride -Method Get -Uri $URI -Credenti ... + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : NotSpecified: (:) [Write-Error], WriteErrorException + FullyQualifiedErrorId : Microsoft.PowerShell.Commands.WriteErrorException,Invoke-RestMethodOverride Finally, the only other information that I can add is that the SSL certificate on the F5 is self-signed and that when look at the content of the variables I can see that the correct values are contained. Once again thanks in advance for time and attention to this matter.
0
Comment made 29-Apr-2016 by Joel Newton 392
Hi, Thanks for trying that. It seems like, for some reason, the message being returned from the failed login attempt can't be converted from JSON. Are you definitely using v11.6 or higher of the LTM? One way to try and get a little more info about the error message would be to: 1) Open the file F5-LTM\Public\Invoke-RestMethodOverride.ps1 file in a text editor 2) On line 36, add a # to comment out the JSON conversion and expanded property selection: $message = $_.ErrorDetails.Message # | ConvertFrom-json | Select-Object -expandproperty message 3) Add a new line below line 36 to write out the content of $message: Write-Output $message Maybe that will give us a better idea of what's going on. Thanks.
0
Comment made 21-Sep-2016 by Joshua Bines 182

Awesome work thank you!!!!

0
Comment made 22-Sep-2016 by Joel Newton 392

You're welcome, Joshua. I'm very glad you found it useful.

0
Comment made 31-Oct-2016 by HLS 2

Would you please update the document to include the correct process for establishing the connection? Powershell doesn't use parentheses when passing parameters. While the comments section is helpful, a newbie (like myself) would have thought the document as displayed was correct.

`Function F5-Connect {

if ( (Get-Module | Where-Object { $_.Name -eq "F5-LTM"}) -eq $null ) {

    Write-error "'F5-LTM' is not installed on this computer."
    Exit

} else {

    # Connect to the F5 Load Balancer using the predefined credentials for node management

    $myhost = 'myf5.mycompany.com'
    $myuser = 'f5adminusername'
    $mysecpass = ConvertTo-SecureString "f5adminpassword" -AsPlainText -Force
    $mycreds = New-Object System.Management.Automation.PSCredential $myuser, $mysecpass
    $SessionToken = New-F5Session -LTMName $myhost -LTMCredentials $mycreds -Passthrough
}

Return $SessionToken

} `

0
Comment made 31-Oct-2016 by Joel Newton 392

Hi, I'd be happy to correct whatever is currently incorrect, but I'm not clear on the function call with parentheses that you're referring to. Could you please include the line with the params? Are you referring to something on devcentral.com or the github repo?

Thanks, Joel

0
Comment made 31-Oct-2016 by HLS 2

The code snippet at the top of this page:

$mycreds = New-Object System.Management.Automation.PSCredential ("username", $secpasswd)

Should be:

$mycreds = New-Object System.Management.Automation.PSCredential "username", $secpasswd

0
Comment made 31-Oct-2016 by HLS 2

Another gotcha I found with the commands was capturing the Pool membership statistics. In a comment on this page, someone posted this solution:

Get-Pool -F5Session $F5Session | Select-Object -ExpandProperty fullPath;

The problem I had was determining what "fullPath" was. I wanted to see the number of server connections for a given node. I stumbled onto a solution using -ExpandProperty *. A sample:

$PoolConnections = Get-PoolMemberStats -F5Session $F5Session -PoolName $Poolname -Partition $PoolPartition -Address $IPAddress | Select -ExpandProperty * | % { $_.nestedStats.entries.'serverside.curConns'.value }

0
Comment made 31-Oct-2016 by Joel Newton 392

Thanks for clarifying re: the parentheses in the New-Object call. The code works as is, but it is more in line with PowerShell standards to not include the parentheses, so I'll remove them.

Re: the call to get pool member connections, if you call the deprecated function Get-CurrentConnectionCount, you'll get a message that it's recommended to use:

Get-PoolMemberStats | Select-Object -ExpandProperty 'serverside.curConns'

which is similar to your method. However, this may no longer work as of v12.1, so I have an open issue in the GitHub project to look into this.

Cheers, Joel

0
Comment made 05-Dec-2016 by Alvinm 0

what is the usage for new-virtualserver? I've tried using it like this: New-VirtualServer -name "test" -DestinationIP 192.168.15.98 -DestinationPort 30784 -DefaultPool "testpool"

I get this error:

New-VirtualServer : Parameter set cannot be resolved using the specified named parameters.

0
Comment made 06-Dec-2016 by Joel Newton 392

Hi, Alvin. Thanks for catching this. The issue was that, when neither VlanEnabled or VlanDisabled were specified, the cmdlet didn't know how to process. I've fixed that and committed it to the github repo (https://github.com/joel74/POSH-LTM-Rest/commit/cdb7f03ca90f87af739b61d8ba29294abc3f18e6), but I'm not seeing the commit show up yet.

One thing to note, you'll need to include the ipProtocol parameter and a value for that, as that's a mandatory param. In my testing with the committed change, this worked for me:

new-virtualserver -name "test" -DestinationIP "192.168.15.98" -DestinationPort "30784" -DefaultPool "TEST_POOL" -ipProtocol tcp

0
Comment made 03-Feb-2017 by Spontaneous1980 10

PS C:\Windows\system32> $F5Session = New-F5session -LTMName "ServerNameHere" -LTMCredentials $mycreds -PassThrough; Get-Pool -F5Session $F5Session | Select-Object -ExpandProperty fullPath; ConvertFrom-Json : Cannot bind argument to parameter 'InputObject' because it is null. At C:\Windows\system32\WindowsPowerShell\v1.0\Modules\F5-LTM\Public\Invoke-RestMethodOverride.ps1:64 char:50 + $message = $_.ErrorDetails.Message | ConvertFrom-json | Select-Objec ... + ~~~~~~~~~~~~~~~~ + CategoryInfo : InvalidData: (:) [ConvertFrom-Json], ParameterBindingValidationException + FullyQualifiedErrorId : ParameterArgumentValidationErrorNullNotAllowed,Microsoft.PowerShell.Commands.ConvertFromJsonCommand

Invoke-RestMethodOverride : " : At C:\Windows\system32\WindowsPowerShell\v1.0\Modules\F5-LTM\Public\New-F5Session.ps1:27 char:15 + $Result = Invoke-RestMethodOverride -Method POST -Uri $AuthURL -Body $JSONBo ... + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : NotSpecified: (:) [Write-Error], WriteErrorException + FullyQualifiedErrorId : Microsoft.PowerShell.Commands.WriteErrorException,Invoke-RestMethodOverride

ConvertFrom-Json : Cannot bind argument to parameter 'InputObject' because it is null. At C:\Windows\system32\WindowsPowerShell\v1.0\Modules\F5-LTM\Public\Invoke-RestMethodOverride.ps1:64 char:50 + $message = $_.ErrorDetails.Message | ConvertFrom-json | Select-Objec ... + ~~~~~~~~~~~~~~~~ + CategoryInfo : InvalidData: (:) [ConvertFrom-Json], ParameterBindingValidationException + FullyQualifiedErrorId : ParameterArgumentValidationErrorNullNotAllowed,Microsoft.PowerShell.Commands.ConvertFromJsonCommand

Invoke-RestMethodOverride : " : At C:\Windows\system32\WindowsPowerShell\v1.0\Modules\F5-LTM\Public\Get-Pool.ps1:32 char:21 + $JSON = Invoke-RestMethodOverride -Method Get -Uri $URI -WebSession ... + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : NotSpecified: (:) [Write-Error], WriteErrorException + FullyQualifiedErrorId : Microsoft.PowerShell.Commands.WriteErrorException,Invoke-RestMethodOverride

0
Comment made 03-Feb-2017 by Joel Newton 392

This happens when the LTM device can't be found. I could add a check to test that the name / IP entered for the LTM is a reachable device (i.e. responds to a ping) but it's still up to the user to use the correct LTM name.

0
Comment made 09-Feb-2017 by Mayur Kirtani 0

Do I need special permissions in F5 to be able to run PS commands?

I am able to get a session

PS C:\Windows\system32> $F5session = New-F5Session -LTMName 192.168.XXX.XXX -LTMCredentials $mycredentials -Passthrough

PS C:\Windows\system32> $F5session

Name BaseURL WebSession ---- ------- ---------- 192.168.XXX.XXX https://192.168.XXX.XXX/mgmt/tm/ltm/ Microsoft.PowerShell.Commands.WebReq...

but when I try get-pool, i get this

PS C:\Windows\system32> Get-Pool $F5session Invoke-RestMethodOverride : "401 F5 Authorization Required: Authorization failed: user=https://localhost/mgmt/shared/authz/users/Mayur.Kirtani resource=/mgmt/tm/ltm/pool verb=GET uri:http://localhost:8100/mgmt/tm/ltm/pool/ referrer:10.XXX.XXX.XXX sender:10.XXX.XXX.XXX At C:\windows\system32\windowspowershell\v1.0\Modules\F5-LTM\Public\Get-Pool.ps1:32 char:21 + $JSON = Invoke-RestMethodOverride -Method Get -Uri $URI -WebSession ... + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : NotSpecified: (:) [Write-Error], WriteErrorException + FullyQualifiedErrorId : Microsoft.PowerShell.Commands.WriteErrorException,Invoke-RestMethodOverride

am i missing something?

thanks M

0
Comment made 09-Feb-2017 by Joel Newton 392

Hi, Mayur,

You'll need tmsh terminal access to be able to successfully make calls against the iControlREST API. I'd recommend checking your user permissions in the F5 and seeing if this is enabled.

Cheers, Joel

0
Comment made 09-Feb-2017 by Buddy Edwards 3

I would first like to say this is awesome, great work! I was able to easily deploy a node in about 5 minutes of scripting development. I don't know if this is on the roadmap or not but would be very useful for me is a way to deploy an entire iApp using something like this. I have went through the documentation Here: which was pretty good at explaining some of the REST options but didn't seem to have a good way of showing how to add members to a pool since those parts are truncated. I have a custom iApp that I have created that I use for most of my HTTP deployments. I am looking for an easier way to deploy VIPs in our HQ and DR environments at the same time if possible in a more automated fashion. It looks like REST will do it, is there a really good article on the API, possibly with complete examples someone could point me to?

Thanks! Buddy

0
Comment made 13-Feb-2017 by Joel Newton 392

Hi, Buddy. Thanks for the kind words! I haven't used iApps for anything, so I've been relying on others' experience and contributions to get iApp support into the module. The best way to get something on the roadmap for the module is to open an issue in the github repo, so if this is something you'd like to see added, please consider doing that. Thanks!

Cheers, Joel

0
Comment made 14-Feb-2017 by bujnovskyd 0

This worked when I initially installed the module. And now it is not working.

PS C:> import-module -name f5-ltm PS C:> $secpasswd = ConvertTo-SecureString "MYPASSWORD" -AsPlainText -Force PS C:> $mycreds = New-Object System.Management.Automation.PSCredential "admin", $secpasswd PS C:> PS C:> $MyLTM_IP=”MYIP” PS C:> $F5Sess= New-F5Session -LTMName $MyLTM_IP -LTMCredentials $MyCreds –PassThru PS C:> $F5Sess

Name BaseURL Credential WebSession


MYIP https://MYIP/mgmt/tm/ltm/ System.Management.Automation.PSCredential Microsoft.PowerShell.Commands.WebRequestSessi

PS C:> get-virtualserver -F5Session $F5Sess ConvertFrom-json : Invalid JSON primitive: Document. At C:\Program Files\WindowsPowerShell\Modules\f5-ltm\1.4.110\Private\Invoke-F5RestMethod.ps1:39 char:50 + ... $message = $_.ErrorDetails.Message | ConvertFrom-json | Selec ... + ~~~~~~~~~~~~~~~~ + CategoryInfo : NotSpecified: (:) [ConvertFrom-Json], ArgumentException + FullyQualifiedErrorId : System.ArgumentException,Microsoft.PowerShell.Commands.ConvertFromJsonCommand

I get a convertfrom-json issue with pretty much any get command I try.
0
Comment made 15-Feb-2017 by Joel Newton 392

Hi, bujnovskyd, what version of the LTM do you have, and are you using local authentication or external (i.e. AD or something)?

0
Comment made 15-Feb-2017 by bujnovskyd 0

Well it is working today again. Hurray. FYI updated to f5-ltm 1.4.111 today. F5 is Version 12.1.1 Build 2.0.204 Hotfix HF2 and I am using local Authentication on the F5.

Not sure what was happening yesterday, and maybe a local computer reboot helped?

Thank you for the quick response and all of your hard work on this module.

0
Comment made 16-Feb-2017 by Joel Newton 392

You're welcome, and I'm glad to hear it's working again.

All the best, Joel

0
Comment made 24-Feb-2017 by Spontaneous1980 10

Ok, when I run

New-F5Session -LTMName 0.0.0.0 -LTMCredentials $cred

I get nothing back to let me know the session.

0
Comment made 24-Feb-2017 by Joel Newton 392

If you want your session returned, you need to use -PassThru. Otherwise it gets assigned to the Script scope.

0
Comment made 24-Feb-2017 by Spontaneous1980 10

Hi Joel!

Excellent work on your module. I thought you could help eliminate people having trouble installing this module.

here is an example I found: https://gist.github.com/darkoperator/3f9da4b780b5a0206bca

In here you even do an unblock-file in small loop. All you need to do then is add you gist.github.com url. This can also help with deploying in break fix for bugs that you may find.

Thank you for developing this excellent module!!!

0
Comment made 27-Feb-2017 by Joel Newton 392

Thanks - I like the simplicity and helpfulness of that script.

I created a gist and included notes on installing via PSGet. Hopefully that helps.

0
Comment made 17-Mar-2017 by SickPanda 0

Hi Joel

I am at a loss here. I can successfully run functions which don't in turn call other functions, however when I run functions like Get-PoolMember which in turn calls Get-Pool, my session object is not being carried through. I am using the -passthru parameter.

This Works* $MyLTM_IP = '10.0.0.1' $PoolName = 'myPoolName' $Partition = 'myPartition'

$F5Session = New-F5Session -LTMName $MyLTM_IP -LTMCredentials $MyLTMCreds -PassThru

Get-Pool -F5Session $F5Session -Name $PoolName -Partition $Partition


This DOESNT work* $MyLTM_IP = '10.0.0.1' $PoolName = 'myPoolName' $Partition = 'myPartition'

$F5Session = New-F5Session -LTMName $MyLTM_IP -LTMCredentials $MyLTMCreds -PassThru

Get-PoolMember -F5Session $F5Session -PoolName $PoolName -Partition $Partition


I get this error : Invoke-F5RestMethod : "401 F5 Authorization Required: An authorization header is missing.

Thanks Mike

0
Comment made 17-Mar-2017 by Joel Newton 392

Hi, Mike. Thanks for reporting this issue. I haven't been able to repro it on 11.6 or 12.1. What version of the LTM are you running? Does the issue happen if you use the -Default switch for New-F5Session and then don't pass a session to Get-PoolMember?

Thanks, Joel

0
Comment made 19-Mar-2017 by matvan 0

Hi,

I'm running 11.6.1 Build 1.0.326 HF1 and i have a very weird issue where I get a 401 access denied (using a get-pool) unless i have previously given the user administrator access to all partitions.

I can return the user back to guest after i have granted the admin and it still works.

If i create a guest account straight up (with tmsh access granted) it gives a 401 error. Yet if i change that account to administrator, then back to guest it will work.

0
Comment made 20-Mar-2017 by SickPanda 0

Hi Joel

Running this gives me the same error :

$MyLTM_IP = '192.168.0.1' $PoolName = 'mypoolname' $Partition = 'common'

New-F5Session -LTMName $MyLTM_IP -LTMCredentials $MyLTMCreds -Default Get-Poolmember -PoolName $PoolName -Partition $Partition

I am running BIG-IP 11.5.4 Build 0.0.256 Final

Thanks Mike

0
Comment made 20-Mar-2017 by Joel Newton 392

Hi, matvan, per the v11.6 docs, "administrative level access to the iControl® REST namespace [is needed] to make iControl REST requests." That you're able to remove admin access and still use iControlREST is strange, and seemingly not intended. On 11.6.0 HF4, if I remove admin access, I can no longer access iControlREST.

0
Comment made 20-Mar-2017 by Joel Newton 392

Thanks, Mike. Thanks for testing that. I'm assuming but want to clarify that you're using a local account, and that that account has the admin role for the common partition. Is that correct? Cheers.

0
Comment made 22-Mar-2017 by SickPanda 0

Hi Joel

Yep that's correct. I am using a local admin account. I tried 2 admin accounts actually, one with tmsh and without with the same results.

Thanks Mike

0
Comment made 23-Mar-2017 by Joel Newton 392

Hi, Mike, I only have 11.6 and 12.1 available to me at the moment. I'll see if I can spin up 11.5.4 in AWS and repro this issue. In the meantime, what happens if you execute that line explicitly, i.e. create an F5 session and call:

Get-Pool -F5Session $F5Session -Name 'MyPool' -Partition 'Common' | Get-PoolMember -F5session $F5Session -Address * -Name *

Cheers, Joel

0
Comment made 24-Mar-2017 by SickPanda 0

Hi Joel

When running the line explicitly I get the same error :

Invoke-F5RestMethod : "401 F5 Authorization Required: An authorization header is missing.

Thanks Mike

0
Comment made 24-Mar-2017 by Joel Newton 392

Hi, Mike,

Let's move our troubleshooting thread outside this page - you can reach me directly at jnewton@springcm.com. Please let me know where I can reach you.

Thanks, Joel

0
Comment made 04-Apr-2017 by MLennon 0

I had trouble using Get-PoolMember and Get-PoolMemberStats when trying to retrieve info on pools created by Exchange iApp; they always gave error about not being able to find pool. What I did was to add a -Application parameter, same as seen in Get-Pool. Then modified both function's code accordingly to use the new param. Worked! Awesome modules!

0
Comment made 05-Apr-2017 by Joel Newton 392

Thanks, MLennon. I've updated all functions that relate to pool members with the Application param (get/add/delete) and published the changes (github / PSGallery). I'm glad you like the module!

0
Comment made 10-Apr-2017 by wrapsbear 1

Hi Joel,

I stumbled across this when I discovered that the existing iControl PS Snapin only returns pools in Common (and doesn't return pools that are a part of an iApp). Thanks for sharing this!

1
Comment made 11-Apr-2017 by MLennon 0

I've downloaded the latest zip but now I'm also now getting "Invoke-F5RestMethod : "401 F5 Authorization Required: An authorization header is missing." Did not see this in my previous package which I think I downloaded on Dec 20, 2016. Its strange. Using just command line, I import the module, run New-F5Session then type simply Get-Pool and it returns all my pools. If I run it again I get the 401 error. Running BIG-IP 11.5.1 Build 10.0.180 Hotfix HF10 (virtual ed. in my lab)

0
Comment made 11-Apr-2017 by Joel Newton 392

Hi, MLennon, I'm pretty sure it's a 11.5-related issue, and that SickPanda was running into the same or similar problems (see above). Unfortunately, I only have 11.6 and higher to test on. Interesting that it seems like a change between Dec 20, '16 and now. Unfortunately there's been 20+ versions between then and now. At least there's a pattern, though.

0
Comment made 13-Apr-2017 by Matan 0

Hey Joel Newton, First of all, this module is awesome! ty!

I have 1 question and maybe 1 bug to reporting.

Question: This module support FQDN nodes? and if yes, how? because i tried the most of the functions and found nothing.

Maybe bug: Add-PoolMember not support adding exist nodes to pool. it is working just if the node doesn't exist. it's failed on partition part, looks like it looking for the exist nodes only in common partition, even if I mention "-Partition $Partition".

0
Comment made 13-Apr-2017 by Joel Newton 392

Hi, Matan, Thanks! I'll have to check re: FQDN. I don't use them in my setup, but I believe other users have. I'll also look into the issue of adding existing nodes in non-common partitions. The best way to log and track issues is to open an issue in github (https://github.com/joel74/POSH-LTM-Rest).

Cheers, Joel

0
Comment made 23-Apr-2017 by Matan 0

Hey Joel, thanks for the help. i found the bug. just need to change on Add-PoolMember.ps1:

from: $JSONBody = @{name=('{0}:{1}' -f $ExistingNode.name,$PortNumber)}

to: $ExistingNodeName = '{0}:{1}' -f $ExistingNode.name,$PortNumber $JSONBody = @{name=$ExistingNodeName;partition=$Partition}

1
Comment made 24-Apr-2017 by Joel Newton 392

Thanks, Matan. To get this change to one line, I believe the following will work the same:

$JSONBody = @{name=('{0}:{1}' -f $ExistingNode.name,$PortNumber);partition=('{0}' -f $Partition)}

I'll made this change to the module.

Cheers, Joel

0
Comment made 5 months ago by blashmet 0

Running the following...

$LTMCredentials = Get-Credential

$LTMName = "name"

Import-Module F5-LTM

$F5Session = New-F5session -LTMName $LTMName -LTMCredentials $LTMCredentials -PassThrough

Get-Pool -F5Session $F5Session | Select-Object -ExpandProperty fullPath

Gives the following errors:

[BEGIN ERROR MESSAGES]

Supply values for the following parameters: ConvertFrom-Json : Cannot bind argument to parameter 'InputObject' because it is null. At C:\Users\a_blashmet\Documents\WindowsPowerShell\Modules\F5-LTM\Private\Invoke-F5RestMethod.ps1:40 char:50 + $message = $_.ErrorDetails.Message | ConvertFrom-json | Select-Objec ... + ~~~~~~~~~~~~~~~~ + CategoryInfo : InvalidData: (:) [ConvertFrom-Json], ParameterBindingValidationException + FullyQualifiedErrorId : ParameterArgumentValidationErrorNullNotAllowed,Microsoft.PowerShell.Commands.ConvertFromJsonCommand

Invoke-F5RestMethod : "401 F5 Authorization Required: At C:\Users\a_blashmet\Documents\WindowsPowerShell\Modules\F5-LTM\Public\New-F5Session.ps1:95 char:13 + $JSON = Invoke-F5RestMethod -Method Get -Uri $VersionURL -F5Session $newSess ... + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : NotSpecified: (:) [Write-Error], WriteErrorException + FullyQualifiedErrorId : Microsoft.PowerShell.Commands.WriteErrorException,Invoke-F5RestMethod

ConvertFrom-Json : Cannot bind argument to parameter 'InputObject' because it is null. At C:\Users\a_blashmet\Documents\WindowsPowerShell\Modules\F5-LTM\Private\Invoke-F5RestMethod.ps1:40 char:50 + $message = $_.ErrorDetails.Message | ConvertFrom-json | Select-Objec ... + ~~~~~~~~~~~~~~~~ + CategoryInfo : InvalidData: (:) [ConvertFrom-Json], ParameterBindingValidationException + FullyQualifiedErrorId : ParameterArgumentValidationErrorNullNotAllowed,Microsoft.PowerShell.Commands.ConvertFromJsonCommand

Invoke-F5RestMethod : "401 F5 Authorization Required: At C:\Users\a_blashmet\Documents\WindowsPowerShell\Modules\F5-LTM\Public\Get-Pool.ps1:32 char:21 + $JSON = Invoke-F5RestMethod -Method Get -Uri $URI -F5Session $F5Sess ... + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : NotSpecified: (:) [Write-Error], WriteErrorException + FullyQualifiedErrorId : Microsoft.PowerShell.Commands.WriteErrorException,Invoke-F5RestMethod

[END ERROR MESSAGES]

The content of $F5Session is:

Name : usdc-ltm-tst-mgmt BaseURL : https://usdc-ltm-tst-mgmt/mgmt/tm/ltm/ Credential : System.Management.Automation.PSCredential WebSession : Microsoft.PowerShell.Commands.WebRequestSession LTMVersion :

So the version of the LTM isn't being picked up, which is 11.6, but it's not clear whether the session is established.

Looking at New-F5Session.ps1, it appears the user credentials need access to https://$LTMName/mgmt/tm/ltm/.

When I visit that URI from a browser and enter my credentials, I get:

{"code":401,"message":"Authorization failed: user=https://localhost/mgmt/shared/authz/users/a_blashmet resource=/mgmt/tm/ltm verb=GET uri:http://localhost:8100/mgmt/tm/ltm/

I ensured that Terminal Access is set to tmsh for this account and verified that it has Manager access on all partitions.

Is there any other access or config that I am missing?

Thank you for any help.

0
Comment made 5 months ago by Joel Newton 392

Hi, blashmet, at least on 11.6, you need admin-level access to the partition(s) to be able to connect via iControlREST. Are you able to make that change and retest?

-Joel

0
Comment made 5 months ago by anbe17 0

Hi! Is it possible to query info from SSL Certificates with this powershell module? Expiration Dates etc.. cant find any info about that.

0
Comment made 5 months ago by Joel Newton 392

Hi, No, not currently, as SSL cert management is outside of the LTM management space (see the structure here)

0
Comment made 5 months ago by RyanFeiock 80

Hi Joel, thanks a ton for this module. I have been able to quickly automate the enabling and disabling of pool members during my deployment process.

There is one piece of functionality that I am looking for that I am not sure is available in the module, and that is the deletion of existing connections. I am able to handle this in my Powershell script by running this:

& "$PSScriptRoot..\plink.exe" -ssh scm@$BigIpServerIp -pw $BigIpUserPassword tmsh delete /sys connection ss-server-addr $ipAddress

But I was wondering if there was a command in the module that would do the same. In looking over the documentation, I don't see anything obvious, but thought I would ask.

0
Comment made 5 months ago by Joel Newton 392

Hi, Ryan,

Cheers! I'm glad to hear you've been finding the module to be useful. I took a look around at the docs, and I don't believe there's a way to utilize iControlREST to delete connections. This question was posed a few years back here, and from what I can tell of the LTM v13 docs, I don't believe that functionality has been added, which is too bad.

Cheers, Joel

0
Comment made 3 months ago by Daniel 15

Hi Joel,

Just wanted to say thanks heaps for this. I had been trying to get the iControlSnapIn one to work and then came across this one which has proven to be a million times better.

Only thing is I was hoping to use this to pull out all of the virtual servers from the LTM and any iRules that are bound to them. I am struggling to do this at the moment as I can not find a lot of information using the "Get-VirtualServer | Where rules | Select-Objects -ExpandProperty rules" function is being used. I was hoping to modify your Get-PoolMembers.ps1 to just include the iRule information but I can not work out how to pull the iRules in use and then export them out to the file.

Any assistance would be much appreciated.

Thanks

0
Comment made 3 months ago by Joel Newton 392

[Comment Updated]

Hi, Daniel.

Cheers. I think you can just use something like the snippet below. The first part creates a hash table with all the virtual server names in it, and the second part adds the iRules assigned to each server to the hash table.

I don't think we'd want to modify Get-PoolMembers.ps1, because pool members aren't associated with which iRules are assigned to a virtual server. Let me know if you have any issues with the code.

-Joel

$VS_iRules = Get-VirtualServer |
    ForEach {
        New-Object psobject -Property @{
            Name = $_.name;
            Partition = $_.partition;
            Rules = @{}
        }
    }

$VS_iRules | ForEach { $_.Rules = (Get-VirtualServer -Name $_.Name -Partition $_.Partition | Select-Object -ExpandProperty rules -ErrorAction SilentlyContinue  ) } 

I updated the snippet to include the retrieve partition for each virt server and include that in the request for iRules. The output is stored in $VS_iRules, so that's probably what you want to set your $Output to, and then format as desired.

0
Comment made 3 months ago by Daniel 15

Hey Joel,

Thanks for getting back to me. Have tried running that and it is throwing an error which I believe is related to the fact we are using partitions. I tried to remove the partition name but have had no luck.

I have taken what you posted and added the following from the Get-Poolmembers:

param(

[Parameter(Mandatory=$true)]
[string]
$LTMName,

[Parameter(Mandatory=$true)]
[System.Management.Automation.PSCredential]
$LTMCredentials,

[ValidateSet("Screen","CSV")]
$OutputDestination="Screen"
)

$Output = " "

New-F5Session -LTMName $LTMName -LTMCredentials $LTMCredentials 

$VS_iRules = Get-VirtualServer |
foreach {

    $VirtualServerName = $VS_iRules.Name -replace '/Common/',''

    new-object psobject -Property @{
        Name = $_.name;
        Rules = @{}
    }
}

$VS_iRules | ForEach { $_.Rules = (Get-VirtualServer -Name $_.Name | Select-Object -ExpandProperty rules -ErrorAction SilentlyContinue  ) } 

If ($OutputDestination -eq 'CSV'){
   Write-Output $Output | Out-File -filepath '.\LTM_iRules.csv'
}
Else {
    Write-Output $Output
}

Not sure I have the stripping of the partition in the right place and also not sure what values to put in for the $Output.

Really appreciate the assistance as well.

Thanks

0
Comment made 3 months ago by blashmet 0

Can this module be used to return the state of the "Source Address Translation" property on a VIP? (e.g., return whether it is set to SNAT, AutoMap, or none).

Thank you.

EDIT:

Turns out this property is accessible on a virtual server object:

$virtualserver = Get-VirtualServer | where-object {$_.name -eq "virtualservername" }

$virtualserver.sourceAddressTranslation

0
Comment made 3 months ago by Joel Newton 392

Correct. Not all available properties, such as sourceAddressTranslation, gtmScore and mobileAppTunnel, are defined in the VirtualServer LTM object type, but they are still accessible via the object.

0
Comment made 3 months ago by ELtheNINO 0

When using a try catch block with Get-Virtualserver the error terminates in the try block

EXAMPLE:

try
 {
    get-VirtualServer -F5Session <some session> -Name <EnterSomethingFalse>|select rules
 }
 catch [System.Exception]
 {
    Write-Host "NOPE $_.Exception.Message" -ForegroundColor Cyan
 }

It returns:

Invoke-F5RestMethod : "404 Not Found: 01020036:3: The requested Virtual Server (/Common/EnterSomethingFalse) was not found. At C:\Program Files\WindowsPowerShell\Modules\F5-LTM\1.4.196\Public\Get-VirtualServer.ps1:42 char:21 + ... $JSON = Invoke-F5RestMethod -Method Get -Uri $URI -F5Session $F5S ... + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : NotSpecified: (:) [Write-Error], WriteErrorException

INSTEAD OF in the catch block

NOPE. ERROR MESSAGE

Is anyone else experiencing this?

0
Comment made 3 months ago by Joel Newton 392

Hi, This is a PowerShell thing, not something specific to this module. The error thrown is non-terminating, so PowerShell doesn't go into the Catch block. If you set $ErrorActionPreference to 'Stop', then it will be caught.

0
Comment made 2 months ago by igor.curic 10

Hi,

I'm trying to automate virtual server deployment from top to bottom, an currently am failing on Add-PoolMember.

PS C:\Windows\system32> Add-PoolMember -Address 10.18.2.22 -PoolName iCPRF02BO.pool_80 -PortNumber 80 -Status Enabled -F5Session $SessionToken -Name ICPRF02-BO1 Invoke-F5RestMethod : "400 Bad Request: 01070734:3: Configuration error: Cannot assign (/Common/ICPRF02-BO1-10.18.2.22) as a pool member. At C:\Program Files\WindowsPowerShell\Modules\f5-ltm\Public\Add-PoolMember.ps1:88 char:33 + Invoke-F5RestMethod -Method POST -Uri "$MembersL ... + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : NotSpecified: (:) [Write-Error], WriteErrorExceptio n + FullyQualifiedErrorId : Microsoft.PowerShell.Commands.WriteErrorException,I nvoke-F5RestMethod

I can add it manually through GUI, but this function returns an error.
Alos, I double checked the function and it contains $JSONBody = @{name=('{0}:{1}' -f $ExistingNode.name,$PortNumber);partition=('{0}' -f $Partition);description=$Description} you mentioned would solve the problem Matan had a few months ago.

Any help would be appreciated.

Br, Igor

0
Comment made 2 months ago by Joel Newton 392

Hi, Igor,

I tested this, and I can successfully execute basically the same Add-PoolMember command you used against 11.5, 11.6 and 12.1. What version LTM are you working with (including hotfixes) and do you have the latest version of the PS module from github? Matan's issue was with searching different partitions. Are you using other than the Common partition?

Cheers, Joel

0
Comment made 2 months ago by igor.curic 10

Hi Joel,

I'm working on BIG-IP 13.0.0 Build 0.0.1645 Final. I downloaded PS module a week ago from https://github.com/joel74/POSH-LTM-Rest I'm using the Common partition. As you can see from the error, it sees the node, but fails to join it to the pool.

Configuration error: Cannot assign (/Common/ICPRF02-BO1-10.18.2.22) as a pool member.

Br, Igor

0
Comment made 2 months ago by Joel Newton 392

Hi, Igor, I tested this morning with 13.0.0 Build 2.0.1671 Hotfix HF2 and couldn't repro the error. A couple questions, that may or may not shed some light:

  • Do all calls to Add-PoolMember fail?
  • Did it work initially and then started failing?
  • Does the user creating the iControlRest session have admin privs?
  • Is the pool member (ICPRF02-BO1-10.18.2.22) listed as a node ( https://{BIGIP}/mgmt/tm/ltm/node/ )

Cheers, Joel

0
Comment made 2 months ago by igor.curic 10

Hi Joel,

Thank you for the quick responses.

First the answer to all questions: 1) yes...but, 2) no, 3) yes, 4) yes

Now but:

My plan is to add nodes using FQDN and I was testing using nodes created manually/or trough script using FQDN and all tests on may BIGIPs failed (i have two in HA). Then I tried creating nodes using IP, and it turns out nodes created that way can be added to the pool using the Add-PoolMember. So my question changes to: Why can't I use Add-PoolMember to add FQDN nodes? Did you test the command with FQDN nodes?

And I have two additional questions, since I wasn't able to find it in the module: 1) Is there a way to add SSL Profile (client) to virtual server? 2) Is there a way to add HTTP profile to virtual server?

Br, Igor

0
Comment made 2 months ago by Joel Newton 392

Hi, Igor, Answering in reverse order, yes, you can use Set-VirtualServer to add SSL and HTTP (and other server and client) profiles to virtual servers. Check out the examples for that function on how to do this.

Currently, Add-PoolMember does not support the creation of new FQDN nodes. There are a number of additional params that Add-PoolMember would need to accept, so it could pass them on to New-Node. My recommendation for the time-being would be to call New-Node to create your FQDN nodes, and then add the existing nodes with Add-PoolMember. Please let me know if you have any issue accomplishing that.

All the best, Joel

0
Comment made 2 months ago by igor.curic 10

Hi Joel,

I originally used New-node function to create FQDN node.

New-Node -AddressType ipv4 -AutoPopulate enabled -FQDN ICPRF02-BO1.gaming.lan -F5Session $SessionToken -Name ICPRF02-BO1

And than tried adding it to the pool using Add-PoolMember, and it failed...that's when I sent my first question. After your comment that the function works on your end I changed my approach and created the node using the IP...than Add-PoolMember worked. So when FQDN node is created by scritp/or manually Add-PoolMember failes...works only when node is created using IP (in my case).

And about the Set-VirtualServer examples, do you mean the examples in the script Set-VirtualServer.ps1 or is there an online resource I missed?

Br, Igor

0
Comment made 2 months ago by Joel Newton 392

Hi, Igor,

Thanks for the additional info. Part of the problem, if not the whole issue, is that nodes created as FQDN, aren't being found by the node check in the Add-PoolMember function, so it's trying to add them again. I'll open an issue on the GitHub repo for this.

For the Set-VirtualServer example, yes, it's in the script.

All the best, Joel

0
Comment made 2 months ago by johng 1

Can the power shell module be used to change F5 LTM's objects that are under BIG-IQ control? Basically what I'm asking is rather than running power shell scripts directly to the F5 LTM I want to run them through the BIGIQ which has all the F5 objects. Thanks.

0
Comment made 2 months ago by Joel Newton 392

Hi. The REST endpoints for managing BIG-IP objects - like pools and virtual servers in the LTM module - are the same, whether one is using BIG-IQ or not. There aren't separate endpoints. In my github repos, I've created a new one for BIG-IP, to include LTM functionality as well as DNS functionality that is under development and other traffic management-specific tasks.

0
Comment made 1 month ago by Mark Curole 77

Just started using this and loving it so far. I'd be glad to help contribute if you are looking for help.

0
Comment made 1 month ago by bujnovskyd 0

I'm just getting started using this. I am trying use get-virtualserver, on something I manually set up, into a hash table; modify hash table; then splat into new-virtualserver. Does anyone else already have something like this working?

$vs1=get-virtualserver -f5sess -name 'test1' $vs1.destination='Common/192.168.0.10:443' $vs1.fullpath='/Common/test1-443' $vs1.name='test1-443'

new-virtualserver -f5Session $f5sess @vip1

Thanks for the help. I'll keep trying an post it if I get it to work.

EDIT Got it to work, but built my hashtable manually. see hash values below. mostly used the $vip1.add("IPProtocol","tcp") to build PS C:\Windows> $vip1

Name Value


IPProtocol tcp
FallbackPersistence source_addr
Kind tm:ltm:virtual:virtualstate
SourceAddressTranslationType automap
PersistenceProfiles hash
DestinationIP 192.168.0.30
name vip1.dev1-80
ProfileNames http-XF
Partition Common
DefaultPool dev1-80
DestinationPort 80

New-VirtualServer -F5Session $f5Sess @compasswcf

I can now copy hash tables and reassign values to build another virtual server with mostly the same settings. This was all new to me, so maybe it will help someone else get going a little faster then it took me.

David B

0
Comment made 1 month ago by Joel Newton 392

Thanks, Mark. I'd say the best way to contribute is to check out the open issues in the github repo The big things in progress at the moment are creating Pester tests and transitioning from an LTM-only PS module to a PS module that covers additional BIG-IP modules.

David, glad you got that splatting working and thanks for sharing your efforts!

Cheers, Joel

0
Comment made 1 month ago by bujnovskyd 0

I can not seem to get the profiles to work. I have two separate profiles I would like to put into place during the new-virtualserver call.
One is 'http-XF' which is under the "http profile" and then another profile under the "SSL Profile (Client)" area.
I can call set-virtualserver with session and name and assign either one of the profiles with a name, but can't seem to figure out how to set both of them. The example in Set-virtualserver seems to create an array of hash tables in a noteproperty. I've not been able to get the example to work for me.
It seems to have issues when I $vs|set-virtualserver . I think the properties that were originally retrieved with get-virtualserver, do not align completely with the set-virtualserver command.
Should I be posting here or somewhere else for syntax type help?
Thanks. David B

0
Comment made 1 month ago by Joel Newton 392

Hi, David,

The list of profiles is actually just an array of strings. The best place to log issues, fyi, is on the github repo, so please feel free to open an issue there with the specific snippet you're using, and also please let me know what version of the API you're working with.

Cheers, Joel

0