Learn F5 Technologies, Get Answers & Share Community Solutions Join DevCentral

Filter by:
  • Solution
  • Technology
code share

PowerShell module for the F5 LTM REST API

Problem this snippet solves:

To report an issue with the F5-LTM or F5-BIGIP modules, please use the Issues sections of the GitHub repos (here and here) instead of commenting here. Thanks!

This PowerShell module uses the iControlREST API to manipulate and query pools, pool members, virtual servers, and iRules. It aims to support version 11.5.1 and higher, and to conform to the schedule for technical support of versions, though this may eventually prove to become difficult.

The module currently includes some functionality that, strictly speaking, is outside the scope of the LTM module. Hence, there is an active effort to wrap this LTM module into a larger BIG-IP module, and relocate that functionality elsewhere within that parent module, as well as expand the scope of functionality to include BIG-IP DNS (formerly GTM) and possibly other areas. Both the LTM module and the parent BIG-IP module are projects on github. Please use these projects to report any issues you discover. Thanks!

The module contains the following functions.

  • Add-iRuleToVirtualServer
  • Add-iRuleToVirtualServer
  • Add-PoolMember
  • Add-PoolMonitor
  • Disable-PoolMember
  • Disable-VirtualServer
  • Enable-PoolMember
  • Enable-VirtualServer
  • Get-CurrentConnectionCount (deprecated; use Get-PoolMemberStats | Select-Object -ExpandProperty 'serverside.curConns')
  • Get-F5Session (will be deprecated in future versions. use New-F5Session)
  • Get-F5Status
  • Get-HealthMonitor
  • Get-HealthMonitorType
  • Get-iRule
  • Get-iRuleCollection (deprecated; use Get-iRule)
  • Get-Node
  • Get-BIGIPPartition
  • Get-Pool
  • Get-PoolList (deprecated; use Get-Pool)
  • Get-PoolMember
  • Get-PoolMemberCollection (deprecated; use Get-PoolMember)
  • Get-PoolMemberCollectionStatus
  • Get-PoolMemberDescription (deprecated; use Get-PoolMember)
  • Get-PoolMemberIP (deprecated; use Get-PoolMember)
  • Get-PoolMembers (deprecated; use Get-PoolMember)
  • Get-PoolMemberStats
  • Get-PoolMemberStatus (deprecated; use Get-PoolMember)
  • Get-PoolMonitor
  • Get-PoolsForMember
  • Get-StatusShape
  • Get-VirtualServer
  • Get-VirtualServeriRuleCollection (deprecated; use Get-VirtualServer | Where rules | Select -ExpandProperty rules)
  • Get-VirtualServerList (deprecated; use Get-VirtualServer)
  • Invoke-RestMethodOverride
  • New-F5Session
  • New-HealthMonitor
  • New-Node
  • New-Pool
  • New-VirtualServer
  • Remove-HealthMonitor
  • Remove-iRule
  • Remove-iRuleFromVirtualServer
  • Remove-Pool
  • Remove-PoolMember
  • Remove-PoolMonitor
  • Remove-ProfileRamCache
  • Remove-Node
  • Remove-VirtualServer
  • Set-iRule
  • Set-PoolLoadBalancingMode (deprecated; use Set-Pool)
  • Set-PoolMemberDescription
  • Set-Pool
  • Set-VirtualServer
  • Sync-DeviceToGroup
  • Test-F5Session
  • Test-Functionality
  • Test-HealthMonitor
  • Test-Node
  • Test-Pool
  • Test-VirtualServer
How to use this snippet:

To use the module, click 'Download Zip', extract the files, and place them in a folder named F5-LTM beneath your PowerShell modules folder. By default, this is %USERPROFILE%\Documents\WindowsPowerShell\Modules. The WindowsPowerShell and Modules folders may need to be created.

You will most likely need to unblock the files after extracting them. Use the Unblock-File PS cmdlet to accomplish this.

The Validation.cs class file (based on code posted by Brian Scholer) allows for using the REST API with LTM devices with self-signed SSL certificates.

Nearly all of the functions require an F5 session object as a parameter, which contains the base URL for the F5 LTM and a credential object for a user with privileges to manipulate the F5 LTM via the REST API. Use the New-F5session function to create this object. This function expects the following parameters:

  • The name or IP address of the F5 LTM device
  • A credential object for a user with rights to use the REST API
  • An optional TokenLifespan value for extending the life of the authentication token past the default 20 minutes

You can create a credential object using Get-Credential and entering the username and password at the prompts, or programmatically like this:

$secpasswd = ConvertTo-SecureString "PlainTextPassword" -AsPlainText -Force
$mycreds = New-Object System.Management.Automation.PSCredential "username", $secpasswd

Thanks to Kotesh Bandhamravuri and his blog entry for this snippet.

There is a function called Test-Functionality that takes an F5Session object, a new pool name, a new virtual server, an IP address for the virtual server, and a computer name as a pool member, and validates nearly all the functions in the module.

I've also contributed this code sample for how to gather some basic info about your LTM with this PS module.

The module has been tested on:

  • 11.5.1 Build 8.0.175 Hotfix 8 and later
  • 11.6.0 Build 5.0.429 Hotfix 4 and later
  • 12.0 / 12.1
  • 13.0
Tested on Version:
11.5
Comments on this Snippet
Comment made 10-Dec-2015 by Grayson 340
So I just copied and pasted all three files to both of the following locations: %USERPROFILE%\Documents\WindowsPowerShell\Modules && C:\Windows\System32\WindowsPowerShell\v1.0\Modules\F5-LTM. I then type: Import-Module F5-LTM Then I get the following error: could not be processed because it is not a valid Windows PowerShell restricted language file. Remove the elements that are not permitted by the restricted language. I set my policy execution to unrestricted. I am running Powershell 4. I feel like some instructions are missing somewhere.
0
Comment made 10-Dec-2015 by Joel Newton 400
Hi, Grayson. Thanks for the feedback. I found that I have to unblock all four files ones they have been downloaded and extracted. To do this, right-click on the files, select 'Properties' and then 'Unblock.' The files only need to be placed in one of the two locations - %USERPROFILE% is the preferred one, as C:\Windows\... is typically reserved for Microsoft modules. Can you verify that the structure looks like: C:\Users\(Your user name)\Documents\WindowsPowerShell\Modules\F5-LTM\(downloaded files). If this still doesn't work, please let me know. Thanks.
0
Comment made 10-Dec-2015 by Grayson 340
he '<' operator is reserved for future use. At C:\Users\jbob\Documents\f5\F5-LTM.psm1:5761 char:203 + ... g:0;display:inline"><input name="utf8" type="hidden" value="&#x2713;" ... + ~ The ampersand (&) character is not allowed. The & operator is reserved for future use; wrap an ampersand in double quotation marks ("&") to pass it as part of a string. At C:\Users\jbob\Documents\f5\F5-LTM.psm1:5792 char:11 + <li>&copy; 2015 <span title="0.10905s from github-fe131-cp1-prd ... + ~ The ampersand (&) character is not allowed. The & operator is reserved for future use; wrap an ampersand in double quotation marks ("&") to pass it as part of a string. At C:\Users\jbob\Documents\f5\F5-LTM.psm1:5792 char:23 + <li>&copy; 2015 <span title="0.10905s from github-fe131-cp1-prd ... Still having issues, I had unblocked them all.
0
Comment made 10-Dec-2015 by Joel Newton 400
Hi, Grayson. Did you put the files in C:\Users\jbob\Documents\f5? They should be in C:\Users\jbob\Documents\WindowsPowerShell\Modules\F5-LTM. Please try that and see if it fixes the issue. You may need to create the 'WindowsPowerShell' and 'Modules' folders if they don't exist. Also, I'm not sure what the references to the ampersands are from. Is that in your error message?
0
Comment made 10-Dec-2015 by Grayson 340
I did not have that folder originally, but I did create it. C:\Users\jbob\Documents\WindowsPowershell\Modules\F5-LTM. I have all four files downloaded there and unblocked them. I change my computer environmental variables to point to the path above. I refresh PowerShell and run "Import-Module F5-LTM" and then gives a bunch of errors. Formatting here isn't great or I'd code paste it. I've tried this one different systems and get the same issues.
0
Comment made 10-Dec-2015 by Joel Newton 400
(This was resolved. There was an issue with how Grayson was downloading the files from GitHub.)
0
Comment made 07-Mar-2016 by J. Navarro 265
Hi! I am getting an error: PS C:\Users\user-1> Get-Pool | Select-Object -ExpandProperty fullPath ConvertFrom-Json : Cannot bind argument to parameter 'InputObject' because it is null. At C:\Users\user-1\Documents\WindowsPowerShell\Modules\F5-LTM\Public\Invoke-RestMethodOverride.ps1:29 char:50 + $message = $_.ErrorDetails.Message | ConvertFrom-json | Select-Objec ... + ~~~~~~~~~~~~~~~~ + CategoryInfo : InvalidData: (:) [ConvertFrom-Json], ParameterBindingValidationException + FullyQualifiedErrorId : ParameterArgumentValidati NullNotAllowed,Microsoft.PowerShell.Commands.ConvertFrom JsonCommand Invoke-RestMethodOverride : "401 F5 Authorization Required: Failed to get the /*/*' pool(s). At C:\Users\user-1\Documents\WindowsPowerShell\Modules\F5-LTM\Public\Get-Pool.ps1:28 char:21 + $JSON = Invoke-RestMethodOverride -Method Get -Uri $Uri -Credential ... + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : NotSpecified: (:) [Write-Error], WriteErrorException + FullyQualifiedErrorId : Microsoft.PowerShell.Commands.WriteErrorException,Invoke-RestMethodOverride PS C:\Users\user-1> Please advise
0
Comment made 09-Mar-2016 by Joel Newton 400
Hi, J. It looks like you may not have authorized yet to the F5. You'll need to create the F5 session first (i.e. New-F5Session -LTMName (myLTM) -LTMCredentials $mycredsobject -Default ) and then you should be able to call Get-Pool | Select-Object -ExpandProperty fullPath ConvertFrom-Json without issue. Let me know. Thanks.
0
Comment made 20-Mar-2016 by prole92 222
Can't believe I saw this just now. I started scripting my own module a couple of days ago. This one is a bit more extensive however, it will be really useful. Do you have any plans to cover other modules as well? I was planning on making one for ASM.
0
Comment made 21-Mar-2016 by Joel Newton 400
No plans to cover modules other than LTM right now, as that's all I have access to. If I can assist by reviewing code or offering snippets to help with other modules, please let me know.
0
Comment made 21-Apr-2016 by pbarbuto 0
I get this error "'Register-ArgumentCompleter' is not recognized as the name of a cmdlet" Is this a PowerShell 5.0 comdlet or should I be able to complete this with 4.0? Update: updating to PowerShell 5.0 resolved this issue. Thanks!
0
Comment made 21-Apr-2016 by Joel Newton 400
Hi. You are correct - Register-ArgumentCompleter is a PS5 cmdlet. I didn't realize this was a requirement when this function was contributed to the module. I'd prefer to have the minimum version requirement be v4, so I'm going to see about changing this. Thanks.
0
Comment made 21-Apr-2016 by pbarbuto 0
Joel, thanks for your response. We needed to upgrade to PS 5.0 anyway :/ One more thing though, it seems like the module cant be imported in PowerShell (x86). It imports fine in PS x64, but when I try to import it in an x86 PS window I get an error that the module cannot be found. Have you encountered this and is it expected? Thanks!
0
Comment made 21-Apr-2016 by Joel Newton 400
Hi, pbarbuto, I just tested to confirm that I could import the module into an x86 PS shell, and it worked. Assuming that the module is in one of the folders listed in the PSModulePath environment variable, you should be able to import it without issue. You could also try typing in the full path to the module. Please let me know if you're still having issues. Thanks.
0
Comment made 21-Apr-2016 by pbarbuto 0
I got it. Thanks!
0
Comment made 29-Apr-2016 by CRM 0
I'm new to using PowerShell and the LTM-REST module and a little help would be appreciated. I'm getting this error when trying to connect to a F5 and get a list of the existing pools. ConvertFrom-Json : Cannot bind argument to parameter 'InputObject' because it is null. At C:\windows\system32\windowspowershell\v1.0\Modules\F5-LTM\1.3.26\Public\Invoke-RestMethodOverride.ps1:36 char:50 + ... $message = $_.ErrorDetails.Message | ConvertFrom-json | Selec ... + ~~~~~~~~~~~~~~~~ + CategoryInfo : InvalidData: (:) [ConvertFrom-Json], ParameterBindingValidationException + FullyQualifiedErrorId : ParameterArgumentValidati NullNotAllowed,Microsoft.PowerShell.Commands.ConvertFromJsonCommand Invoke-RestMethodOverride : "404 Not Found: At C:\windows\system32\windowspowershell\v1.0\Modules\F5-LTM\1.3.26\Public\Get-Pool.ps1:32 char:21 + ... $JSON = Invoke-RestMethodOverride -Method Get -Uri $URI -Credenti ... + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : NotSpecified: (:) [Write-Error], WriteErrorException + FullyQualifiedErrorId : Microsoft.PowerShell.Commands.WriteErrorException,Invoke-RestMethodOverride And I am not positive whether I am even getting authenticated. This is the script being used: $host_address = "IPAddress_of_F5_Appliance" $user_id = "F5_Account_ID" $secpasswd = "Pasword_Assigned_To_F5_Account_ID" $secpasswd = ConvertTo-SecureString "Pasword_Assigned_To_F5_Account_ID" -AsPlainText -Force $mycreds = New-Object System.Management.Automation.PSCredential ($user_id, $secpasswd) New-F5session -LTMName $host_address -LTMCredentials $mycreds -PassThrough Get-Pool | Select-Object -ExpandProperty fullPath ConvertFrom-Json I'm running PowerShell v.5 Thanks.
0
Comment made 29-Apr-2016 by Joel Newton 400
Hi, it looks like you're close. When you call: New-F5session -LTMName $host_address -LTMCredentials $mycreds -PassThrough you should see your session object written out to the console if you successfully connect. -PassThrough is really only needed if you're going to capture the session in a variable and then pass it to a function. You could try: $F5Session = New-F5session -LTMName $host_address -LTMCredentials $mycreds -PassThrough; Get-Pool -F5Session $F5Session | Select-Object -ExpandProperty fullPath; Let me know if this helps. Thanks.
0
Comment made 29-Apr-2016 by CRM 0
Thank you very much for the quick response Joel. I tried the method you recommended and even change the F5 being accessed but I'm still getting the same response or a similar one. PS C:\WINDOWS\system32> $host_address = "F5_IP_Address" $secpasswd = ConvertTo-SecureString "F5_Account_Password" -AsPlainText -Force $mycreds = New-Object System.Management.Automation.PSCredential ("F5_Account", $secpasswd) $F5Session = New-F5session -LTMName $host_address -LTMCredentials $mycreds -PassThrough PS C:\WINDOWS\system32> $F5Session Name BaseURL Credential ---- ------- ---------- F5_IP_Address https://F5_IP_Address/mgmt/tm/ltm/ System.Management.Automation.PSCredential Up to this point no errors displayed; but , once I run the next command, the error shown below is displayed. PS C:\WINDOWS\system32> Get-Pool -F5Session $F5Session | Select-Object -ExpandProperty fullPath ConvertFrom-Json : Cannot bind argument to parameter 'InputObject' because it is null. At C:\windows\system32\windowspowershell\v1.0\Modules\F5-LTM\1.3.26\Public\Invoke-RestMethodOverride.ps1:36 char:50 + ... $message = $_.ErrorDetails.Message | ConvertFrom-json | Selec ... + ~~~~~~~~~~~~~~~~ + CategoryInfo : InvalidData: (:) [ConvertFrom-Json], ParameterBindingValidationException + FullyQualifiedErrorId : ParameterArgumentValidati NullNotAllowed,Microsoft.PowerShell.Commands.ConvertFromJsonCommand Invoke-RestMethodOverride : " : At C:\windows\system32\windowspowershell\v1.0\Modules\F5-LTM\1.3.26\Public\Get-Pool.ps1:32 char:21 + ... $JSON = Invoke-RestMethodOverride -Method Get -Uri $URI -Credenti ... + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : NotSpecified: (:) [Write-Error], WriteErrorException + FullyQualifiedErrorId : Microsoft.PowerShell.Commands.WriteErrorException,Invoke-RestMethodOverride Finally, the only other information that I can add is that the SSL certificate on the F5 is self-signed and that when look at the content of the variables I can see that the correct values are contained. Once again thanks in advance for time and attention to this matter.
0
Comment made 29-Apr-2016 by Joel Newton 400
Hi, Thanks for trying that. It seems like, for some reason, the message being returned from the failed login attempt can't be converted from JSON. Are you definitely using v11.6 or higher of the LTM? One way to try and get a little more info about the error message would be to: 1) Open the file F5-LTM\Public\Invoke-RestMethodOverride.ps1 file in a text editor 2) On line 36, add a # to comment out the JSON conversion and expanded property selection: $message = $_.ErrorDetails.Message # | ConvertFrom-json | Select-Object -expandproperty message 3) Add a new line below line 36 to write out the content of $message: Write-Output $message Maybe that will give us a better idea of what's going on. Thanks.
0
Comment made 21-Sep-2016 by Joshua Bines 182

Awesome work thank you!!!!

0
Comment made 22-Sep-2016 by Joel Newton 400

You're welcome, Joshua. I'm very glad you found it useful.

0
Comment made 31-Oct-2016 by HLS 2

Would you please update the document to include the correct process for establishing the connection? Powershell doesn't use parentheses when passing parameters. While the comments section is helpful, a newbie (like myself) would have thought the document as displayed was correct.

`Function F5-Connect {

if ( (Get-Module | Where-Object { $_.Name -eq "F5-LTM"}) -eq $null ) {

    Write-error "'F5-LTM' is not installed on this computer."
    Exit

} else {

    # Connect to the F5 Load Balancer using the predefined credentials for node management

    $myhost = 'myf5.mycompany.com'
    $myuser = 'f5adminusername'
    $mysecpass = ConvertTo-SecureString "f5adminpassword" -AsPlainText -Force
    $mycreds = New-Object System.Management.Automation.PSCredential $myuser, $mysecpass
    $SessionToken = New-F5Session -LTMName $myhost -LTMCredentials $mycreds -Passthrough
}

Return $SessionToken

} `

0
Comment made 31-Oct-2016 by Joel Newton 400

Hi, I'd be happy to correct whatever is currently incorrect, but I'm not clear on the function call with parentheses that you're referring to. Could you please include the line with the params? Are you referring to something on devcentral.com or the github repo?

Thanks, Joel

0
Comment made 31-Oct-2016 by HLS 2

The code snippet at the top of this page:

$mycreds = New-Object System.Management.Automation.PSCredential ("username", $secpasswd)

Should be:

$mycreds = New-Object System.Management.Automation.PSCredential "username", $secpasswd

0
Comment made 31-Oct-2016 by HLS 2

Another gotcha I found with the commands was capturing the Pool membership statistics. In a comment on this page, someone posted this solution:

Get-Pool -F5Session $F5Session | Select-Object -ExpandProperty fullPath;

The problem I had was determining what "fullPath" was. I wanted to see the number of server connections for a given node. I stumbled onto a solution using -ExpandProperty *. A sample:

$PoolConnections = Get-PoolMemberStats -F5Session $F5Session -PoolName $Poolname -Partition $PoolPartition -Address $IPAddress | Select -ExpandProperty * | % { $_.nestedStats.entries.'serverside.curConns'.value }

0
Comment made 31-Oct-2016 by Joel Newton 400

Thanks for clarifying re: the parentheses in the New-Object call. The code works as is, but it is more in line with PowerShell standards to not include the parentheses, so I'll remove them.

Re: the call to get pool member connections, if you call the deprecated function Get-CurrentConnectionCount, you'll get a message that it's recommended to use:

Get-PoolMemberStats | Select-Object -ExpandProperty 'serverside.curConns'

which is similar to your method. However, this may no longer work as of v12.1, so I have an open issue in the GitHub project to look into this.

Cheers, Joel

0
Comment made 05-Dec-2016 by Alvinm 0

what is the usage for new-virtualserver? I've tried using it like this: New-VirtualServer -name "test" -DestinationIP 192.168.15.98 -DestinationPort 30784 -DefaultPool "testpool"

I get this error:

New-VirtualServer : Parameter set cannot be resolved using the specified named parameters.

0
Comment made 06-Dec-2016 by Joel Newton 400

Hi, Alvin. Thanks for catching this. The issue was that, when neither VlanEnabled or VlanDisabled were specified, the cmdlet didn't know how to process. I've fixed that and committed it to the github repo (https://github.com/joel74/POSH-LTM-Rest/commit/cdb7f03ca90f87af739b61d8ba29294abc3f18e6), but I'm not seeing the commit show up yet.

One thing to note, you'll need to include the ipProtocol parameter and a value for that, as that's a mandatory param. In my testing with the committed change, this worked for me:

new-virtualserver -name "test" -DestinationIP "192.168.15.98" -DestinationPort "30784" -DefaultPool "TEST_POOL" -ipProtocol tcp

0
Comment made 03-Feb-2017 by Spontaneous1980 10

PS C:\Windows\system32> $F5Session = New-F5session -LTMName "ServerNameHere" -LTMCredentials $mycreds -PassThrough; Get-Pool -F5Session $F5Session | Select-Object -ExpandProperty fullPath; ConvertFrom-Json : Cannot bind argument to parameter 'InputObject' because it is null. At C:\Windows\system32\WindowsPowerShell\v1.0\Modules\F5-LTM\Public\Invoke-RestMethodOverride.ps1:64 char:50 + $message = $_.ErrorDetails.Message | ConvertFrom-json | Select-Objec ... + ~~~~~~~~~~~~~~~~ + CategoryInfo : InvalidData: (:) [ConvertFrom-Json], ParameterBindingValidationException + FullyQualifiedErrorId : ParameterArgumentValidationErrorNullNotAllowed,Microsoft.PowerShell.Commands.ConvertFromJsonCommand

Invoke-RestMethodOverride : " : At C:\Windows\system32\WindowsPowerShell\v1.0\Modules\F5-LTM\Public\New-F5Session.ps1:27 char:15 + $Result = Invoke-RestMethodOverride -Method POST -Uri $AuthURL -Body $JSONBo ... + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : NotSpecified: (:) [Write-Error], WriteErrorException + FullyQualifiedErrorId : Microsoft.PowerShell.Commands.WriteErrorException,Invoke-RestMethodOverride

ConvertFrom-Json : Cannot bind argument to parameter 'InputObject' because it is null. At C:\Windows\system32\WindowsPowerShell\v1.0\Modules\F5-LTM\Public\Invoke-RestMethodOverride.ps1:64 char:50 + $message = $_.ErrorDetails.Message | ConvertFrom-json | Select-Objec ... + ~~~~~~~~~~~~~~~~ + CategoryInfo : InvalidData: (:) [ConvertFrom-Json], ParameterBindingValidationException + FullyQualifiedErrorId : ParameterArgumentValidationErrorNullNotAllowed,Microsoft.PowerShell.Commands.ConvertFromJsonCommand

Invoke-RestMethodOverride : " : At C:\Windows\system32\WindowsPowerShell\v1.0\Modules\F5-LTM\Public\Get-Pool.ps1:32 char:21 + $JSON = Invoke-RestMethodOverride -Method Get -Uri $URI -WebSession ... + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : NotSpecified: (:) [Write-Error], WriteErrorException + FullyQualifiedErrorId : Microsoft.PowerShell.Commands.WriteErrorException,Invoke-RestMethodOverride

0
Comment made 03-Feb-2017 by Joel Newton 400

This happens when the LTM device can't be found. I could add a check to test that the name / IP entered for the LTM is a reachable device (i.e. responds to a ping) but it's still up to the user to use the correct LTM name.

0
Comment made 09-Feb-2017 by Mayur Kirtani 0

Do I need special permissions in F5 to be able to run PS commands?

I am able to get a session

PS C:\Windows\system32> $F5session = New-F5Session -LTMName 192.168.XXX.XXX -LTMCredentials $mycredentials -Passthrough

PS C:\Windows\system32> $F5session

Name BaseURL WebSession ---- ------- ---------- 192.168.XXX.XXX https://192.168.XXX.XXX/mgmt/tm/ltm/ Microsoft.PowerShell.Commands.WebReq...

but when I try get-pool, i get this

PS C:\Windows\system32> Get-Pool $F5session Invoke-RestMethodOverride : "401 F5 Authorization Required: Authorization failed: user=https://localhost/mgmt/shared/authz/users/Mayur.Kirtani resource=/mgmt/tm/ltm/pool verb=GET uri:http://localhost:8100/mgmt/tm/ltm/pool/ referrer:10.XXX.XXX.XXX sender:10.XXX.XXX.XXX At C:\windows\system32\windowspowershell\v1.0\Modules\F5-LTM\Public\Get-Pool.ps1:32 char:21 + $JSON = Invoke-RestMethodOverride -Method Get -Uri $URI -WebSession ... + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : NotSpecified: (:) [Write-Error], WriteErrorException + FullyQualifiedErrorId : Microsoft.PowerShell.Commands.WriteErrorException,Invoke-RestMethodOverride

am i missing something?

thanks M

0
Comment made 09-Feb-2017 by Joel Newton 400

Hi, Mayur,

You'll need tmsh terminal access to be able to successfully make calls against the iControlREST API. I'd recommend checking your user permissions in the F5 and seeing if this is enabled.

Cheers, Joel

0
Comment made 09-Feb-2017 by Buddy Edwards 3

I would first like to say this is awesome, great work! I was able to easily deploy a node in about 5 minutes of scripting development. I don't know if this is on the roadmap or not but would be very useful for me is a way to deploy an entire iApp using something like this. I have went through the documentation Here: which was pretty good at explaining some of the REST options but didn't seem to have a good way of showing how to add members to a pool since those parts are truncated. I have a custom iApp that I have created that I use for most of my HTTP deployments. I am looking for an easier way to deploy VIPs in our HQ and DR environments at the same time if possible in a more automated fashion. It looks like REST will do it, is there a really good article on the API, possibly with complete examples someone could point me to?

Thanks! Buddy

0
Comment made 13-Feb-2017 by Joel Newton 400

Hi, Buddy. Thanks for the kind words! I haven't used iApps for anything, so I've been relying on others' experience and contributions to get iApp support into the module. The best way to get something on the roadmap for the module is to open an issue in the github repo, so if this is something you'd like to see added, please consider doing that. Thanks!

Cheers, Joel

0
Comment made 14-Feb-2017 by bujnovskyd 0

This worked when I initially installed the module. And now it is not working.

PS C:> import-module -name f5-ltm PS C:> $secpasswd = ConvertTo-SecureString "MYPASSWORD" -AsPlainText -Force PS C:> $mycreds = New-Object System.Management.Automation.PSCredential "admin", $secpasswd PS C:> PS C:> $MyLTM_IP=”MYIP” PS C:> $F5Sess= New-F5Session -LTMName $MyLTM_IP -LTMCredentials $MyCreds –PassThru PS C:> $F5Sess

Name BaseURL Credential WebSession


MYIP https://MYIP/mgmt/tm/ltm/ System.Management.Automation.PSCredential Microsoft.PowerShell.Commands.WebRequestSessi

PS C:> get-virtualserver -F5Session $F5Sess ConvertFrom-json : Invalid JSON primitive: Document. At C:\Program Files\WindowsPowerShell\Modules\f5-ltm\1.4.110\Private\Invoke-F5RestMethod.ps1:39 char:50 + ... $message = $_.ErrorDetails.Message | ConvertFrom-json | Selec ... + ~~~~~~~~~~~~~~~~ + CategoryInfo : NotSpecified: (:) [ConvertFrom-Json], ArgumentException + FullyQualifiedErrorId : System.ArgumentException,Microsoft.PowerShell.Commands.ConvertFromJsonCommand

I get a convertfrom-json issue with pretty much any get command I try.
0
Comment made 15-Feb-2017 by Joel Newton 400

Hi, bujnovskyd, what version of the LTM do you have, and are you using local authentication or external (i.e. AD or something)?

0
Comment made 15-Feb-2017 by bujnovskyd 0

Well it is working today again. Hurray. FYI updated to f5-ltm 1.4.111 today. F5 is Version 12.1.1 Build 2.0.204 Hotfix HF2 and I am using local Authentication on the F5.

Not sure what was happening yesterday, and maybe a local computer reboot helped?

Thank you for the quick response and all of your hard work on this module.

0
Comment made 16-Feb-2017 by Joel Newton 400

You're welcome, and I'm glad to hear it's working again.

All the best, Joel

0
Comment made 24-Feb-2017 by Spontaneous1980 10

Ok, when I run

New-F5Session -LTMName 0.0.0.0 -LTMCredentials $cred

I get nothing back to let me know the session.

0
Comment made 24-Feb-2017 by Joel Newton 400

If you want your session returned, you need to use -PassThru. Otherwise it gets assigned to the Script scope.

0
Comment made 24-Feb-2017 by Spontaneous1980 10

Hi Joel!

Excellent work on your module. I thought you could help eliminate people having trouble installing this module.

here is an example I found: https://gist.github.com/darkoperator/3f9da4b780b5a0206bca

In here you even do an unblock-file in small loop. All you need to do then is add you gist.github.com url. This can also help with deploying in break fix for bugs that you may find.

Thank you for developing this excellent module!!!

0
Comment made 27-Feb-2017 by Joel Newton 400

Thanks - I like the simplicity and helpfulness of that script.

I created a gist and included notes on installing via PSGet. Hopefully that helps.

0
Comment made 17-Mar-2017 by SickPanda 1

Hi Joel

I am at a loss here. I can successfully run functions which don't in turn call other functions, however when I run functions like Get-PoolMember which in turn calls Get-Pool, my session object is not being carried through. I am using the -passthru parameter.

This Works* $MyLTM_IP = '10.0.0.1' $PoolName = 'myPoolName' $Partition = 'myPartition'

$F5Session = New-F5Session -LTMName $MyLTM_IP -LTMCredentials $MyLTMCreds -PassThru

Get-Pool -F5Session $F5Session -Name $PoolName -Partition $Partition


This DOESNT work* $MyLTM_IP = '10.0.0.1' $PoolName = 'myPoolName' $Partition = 'myPartition'

$F5Session = New-F5Session -LTMName $MyLTM_IP -LTMCredentials $MyLTMCreds -PassThru

Get-PoolMember -F5Session $F5Session -PoolName $PoolName -Partition $Partition


I get this error : Invoke-F5RestMethod : "401 F5 Authorization Required: An authorization header is missing.

Thanks Mike

0
Comment made 17-Mar-2017 by Joel Newton 400

Hi, Mike. Thanks for reporting this issue. I haven't been able to repro it on 11.6 or 12.1. What version of the LTM are you running? Does the issue happen if you use the -Default switch for New-F5Session and then don't pass a session to Get-PoolMember?

Thanks, Joel

0
Comment made 19-Mar-2017 by matvan 0

Hi,

I'm running 11.6.1 Build 1.0.326 HF1 and i have a very weird issue where I get a 401 access denied (using a get-pool) unless i have previously given the user administrator access to all partitions.

I can return the user back to guest after i have granted the admin and it still works.

If i create a guest account straight up (with tmsh access granted) it gives a 401 error. Yet if i change that account to administrator, then back to guest it will work.

0
Comment made 20-Mar-2017 by SickPanda 1

Hi Joel

Running this gives me the same error :

$MyLTM_IP = '192.168.0.1' $PoolName = 'mypoolname' $Partition = 'common'

New-F5Session -LTMName $MyLTM_IP -LTMCredentials $MyLTMCreds -Default Get-Poolmember -PoolName $PoolName -Partition $Partition

I am running BIG-IP 11.5.4 Build 0.0.256 Final

Thanks Mike

0
Comment made 20-Mar-2017 by Joel Newton 400

Hi, matvan, per the v11.6 docs, "administrative level access to the iControl® REST namespace [is needed] to make iControl REST requests." That you're able to remove admin access and still use iControlREST is strange, and seemingly not intended. On 11.6.0 HF4, if I remove admin access, I can no longer access iControlREST.

0
Comment made 20-Mar-2017 by Joel Newton 400

Thanks, Mike. Thanks for testing that. I'm assuming but want to clarify that you're using a local account, and that that account has the admin role for the common partition. Is that correct? Cheers.

0
Comment made 22-Mar-2017 by SickPanda 1

Hi Joel

Yep that's correct. I am using a local admin account. I tried 2 admin accounts actually, one with tmsh and without with the same results.

Thanks Mike

0
Comment made 23-Mar-2017 by Joel Newton 400

Hi, Mike, I only have 11.6 and 12.1 available to me at the moment. I'll see if I can spin up 11.5.4 in AWS and repro this issue. In the meantime, what happens if you execute that line explicitly, i.e. create an F5 session and call:

Get-Pool -F5Session $F5Session -Name 'MyPool' -Partition 'Common' | Get-PoolMember -F5session $F5Session -Address * -Name *

Cheers, Joel

0
Comment made 24-Mar-2017 by SickPanda 1

Hi Joel

When running the line explicitly I get the same error :

Invoke-F5RestMethod : "401 F5 Authorization Required: An authorization header is missing.

Thanks Mike

0
Comment made 24-Mar-2017 by Joel Newton 400

Hi, Mike,

Let's move our troubleshooting thread outside this page - you can reach me directly at jnewton@springcm.com. Please let me know where I can reach you.

Thanks, Joel

0
Comment made 04-Apr-2017 by MLennon 0

I had trouble using Get-PoolMember and Get-PoolMemberStats when trying to retrieve info on pools created by Exchange iApp; they always gave error about not being able to find pool. What I did was to add a -Application parameter, same as seen in Get-Pool. Then modified both function's code accordingly to use the new param. Worked! Awesome modules!

0
Comment made 05-Apr-2017 by Joel Newton 400

Thanks, MLennon. I've updated all functions that relate to pool members with the Application param (get/add/delete) and published the changes (github / PSGallery). I'm glad you like the module!

0
Comment made 10-Apr-2017 by wrapsbear 1

Hi Joel,

I stumbled across this when I discovered that the existing iControl PS Snapin only returns pools in Common (and doesn't return pools that are a part of an iApp). Thanks for sharing this!

1
Comment made 11-Apr-2017 by MLennon 0

I've downloaded the latest zip but now I'm also now getting "Invoke-F5RestMethod : "401 F5 Authorization Required: An authorization header is missing." Did not see this in my previous package which I think I downloaded on Dec 20, 2016. Its strange. Using just command line, I import the module, run New-F5Session then type simply Get-Pool and it returns all my pools. If I run it again I get the 401 error. Running BIG-IP 11.5.1 Build 10.0.180 Hotfix HF10 (virtual ed. in my lab)

0
Comment made 11-Apr-2017 by Joel Newton 400

Hi, MLennon, I'm pretty sure it's a 11.5-related issue, and that SickPanda was running into the same or similar problems (see above). Unfortunately, I only have 11.6 and higher to test on. Interesting that it seems like a change between Dec 20, '16 and now. Unfortunately there's been 20+ versions between then and now. At least there's a pattern, though.

0
Comment made 13-Apr-2017 by Matan 0

Hey Joel Newton, First of all, this module is awesome! ty!

I have 1 question and maybe 1 bug to reporting.

Question: This module support FQDN nodes? and if yes, how? because i tried the most of the functions and found nothing.

Maybe bug: Add-PoolMember not support adding exist nodes to pool. it is working just if the node doesn't exist. it's failed on partition part, looks like it looking for the exist nodes only in common partition, even if I mention "-Partition $Partition".

0
Comment made 13-Apr-2017 by Joel Newton 400

Hi, Matan, Thanks! I'll have to check re: FQDN. I don't use them in my setup, but I believe other users have. I'll also look into the issue of adding existing nodes in non-common partitions. The best way to log and track issues is to open an issue in github (https://github.com/joel74/POSH-LTM-Rest).

Cheers, Joel

0
Comment made 23-Apr-2017 by Matan 0

Hey Joel, thanks for the help. i found the bug. just need to change on Add-PoolMember.ps1:

from: $JSONBody = @{name=('{0}:{1}' -f $ExistingNode.name,$PortNumber)}

to: $ExistingNodeName = '{0}:{1}' -f $ExistingNode.name,$PortNumber $JSONBody = @{name=$ExistingNodeName;partition=$Partition}

1
Comment made 24-Apr-2017 by Joel Newton 400

Thanks, Matan. To get this change to one line, I believe the following will work the same:

$JSONBody = @{name=('{0}:{1}' -f $ExistingNode.name,$PortNumber);partition=('{0}' -f $Partition)}

I'll made this change to the module.

Cheers, Joel

0
Comment made 04-May-2017 by blashmet 0

Running the following...

$LTMCredentials = Get-Credential

$LTMName = "name"

Import-Module F5-LTM

$F5Session = New-F5session -LTMName $LTMName -LTMCredentials $LTMCredentials -PassThrough

Get-Pool -F5Session $F5Session | Select-Object -ExpandProperty fullPath

Gives the following errors:

[BEGIN ERROR MESSAGES]

Supply values for the following parameters: ConvertFrom-Json : Cannot bind argument to parameter 'InputObject' because it is null. At C:\Users\a_blashmet\Documents\WindowsPowerShell\Modules\F5-LTM\Private\Invoke-F5RestMethod.ps1:40 char:50 + $message = $_.ErrorDetails.Message | ConvertFrom-json | Select-Objec ... + ~~~~~~~~~~~~~~~~ + CategoryInfo : InvalidData: (:) [ConvertFrom-Json], ParameterBindingValidationException + FullyQualifiedErrorId : ParameterArgumentValidationErrorNullNotAllowed,Microsoft.PowerShell.Commands.ConvertFromJsonCommand

Invoke-F5RestMethod : "401 F5 Authorization Required: At C:\Users\a_blashmet\Documents\WindowsPowerShell\Modules\F5-LTM\Public\New-F5Session.ps1:95 char:13 + $JSON = Invoke-F5RestMethod -Method Get -Uri $VersionURL -F5Session $newSess ... + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : NotSpecified: (:) [Write-Error], WriteErrorException + FullyQualifiedErrorId : Microsoft.PowerShell.Commands.WriteErrorException,Invoke-F5RestMethod

ConvertFrom-Json : Cannot bind argument to parameter 'InputObject' because it is null. At C:\Users\a_blashmet\Documents\WindowsPowerShell\Modules\F5-LTM\Private\Invoke-F5RestMethod.ps1:40 char:50 + $message = $_.ErrorDetails.Message | ConvertFrom-json | Select-Objec ... + ~~~~~~~~~~~~~~~~ + CategoryInfo : InvalidData: (:) [ConvertFrom-Json], ParameterBindingValidationException + FullyQualifiedErrorId : ParameterArgumentValidationErrorNullNotAllowed,Microsoft.PowerShell.Commands.ConvertFromJsonCommand

Invoke-F5RestMethod : "401 F5 Authorization Required: At C:\Users\a_blashmet\Documents\WindowsPowerShell\Modules\F5-LTM\Public\Get-Pool.ps1:32 char:21 + $JSON = Invoke-F5RestMethod -Method Get -Uri $URI -F5Session $F5Sess ... + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : NotSpecified: (:) [Write-Error], WriteErrorException + FullyQualifiedErrorId : Microsoft.PowerShell.Commands.WriteErrorException,Invoke-F5RestMethod

[END ERROR MESSAGES]

The content of $F5Session is:

Name : usdc-ltm-tst-mgmt BaseURL : https://usdc-ltm-tst-mgmt/mgmt/tm/ltm/ Credential : System.Management.Automation.PSCredential WebSession : Microsoft.PowerShell.Commands.WebRequestSession LTMVersion :

So the version of the LTM isn't being picked up, which is 11.6, but it's not clear whether the session is established.

Looking at New-F5Session.ps1, it appears the user credentials need access to https://$LTMName/mgmt/tm/ltm/.

When I visit that URI from a browser and enter my credentials, I get:

{"code":401,"message":"Authorization failed: user=https://localhost/mgmt/shared/authz/users/a_blashmet resource=/mgmt/tm/ltm verb=GET uri:http://localhost:8100/mgmt/tm/ltm/

I ensured that Terminal Access is set to tmsh for this account and verified that it has Manager access on all partitions.

Is there any other access or config that I am missing?

Thank you for any help.

0
Comment made 05-May-2017 by Joel Newton 400

Hi, blashmet, at least on 11.6, you need admin-level access to the partition(s) to be able to connect via iControlREST. Are you able to make that change and retest?

-Joel

0
Comment made 10-May-2017 by anbe17 0

Hi! Is it possible to query info from SSL Certificates with this powershell module? Expiration Dates etc.. cant find any info about that.

0
Comment made 10-May-2017 by Joel Newton 400

Hi, No, not currently, as SSL cert management is outside of the LTM management space (see the structure here)

0
Comment made 17-May-2017 by RyanFeiock 80

Hi Joel, thanks a ton for this module. I have been able to quickly automate the enabling and disabling of pool members during my deployment process.

There is one piece of functionality that I am looking for that I am not sure is available in the module, and that is the deletion of existing connections. I am able to handle this in my Powershell script by running this:

& "$PSScriptRoot..\plink.exe" -ssh scm@$BigIpServerIp -pw $BigIpUserPassword tmsh delete /sys connection ss-server-addr $ipAddress

But I was wondering if there was a command in the module that would do the same. In looking over the documentation, I don't see anything obvious, but thought I would ask.

0
Comment made 17-May-2017 by Joel Newton 400

Hi, Ryan,

Cheers! I'm glad to hear you've been finding the module to be useful. I took a look around at the docs, and I don't believe there's a way to utilize iControlREST to delete connections. This question was posed a few years back here, and from what I can tell of the LTM v13 docs, I don't believe that functionality has been added, which is too bad.

Cheers, Joel

0
Comment made 04-Jul-2017 by Daniel 15

Hi Joel,

Just wanted to say thanks heaps for this. I had been trying to get the iControlSnapIn one to work and then came across this one which has proven to be a million times better.

Only thing is I was hoping to use this to pull out all of the virtual servers from the LTM and any iRules that are bound to them. I am struggling to do this at the moment as I can not find a lot of information using the "Get-VirtualServer | Where rules | Select-Objects -ExpandProperty rules" function is being used. I was hoping to modify your Get-PoolMembers.ps1 to just include the iRule information but I can not work out how to pull the iRules in use and then export them out to the file.

Any assistance would be much appreciated.

Thanks

0
Comment made 05-Jul-2017 by Joel Newton 400

[Comment Updated]

Hi, Daniel.

Cheers. I think you can just use something like the snippet below. The first part creates a hash table with all the virtual server names in it, and the second part adds the iRules assigned to each server to the hash table.

I don't think we'd want to modify Get-PoolMembers.ps1, because pool members aren't associated with which iRules are assigned to a virtual server. Let me know if you have any issues with the code.

-Joel

$VS_iRules = Get-VirtualServer |
    ForEach {
        New-Object psobject -Property @{
            Name = $_.name;
            Partition = $_.partition;
            Rules = @{}
        }
    }

$VS_iRules | ForEach { $_.Rules = (Get-VirtualServer -Name $_.Name -Partition $_.Partition | Select-Object -ExpandProperty rules -ErrorAction SilentlyContinue  ) } 

I updated the snippet to include the retrieve partition for each virt server and include that in the request for iRules. The output is stored in $VS_iRules, so that's probably what you want to set your $Output to, and then format as desired.

0
Comment made 05-Jul-2017 by Daniel 15

Hey Joel,

Thanks for getting back to me. Have tried running that and it is throwing an error which I believe is related to the fact we are using partitions. I tried to remove the partition name but have had no luck.

I have taken what you posted and added the following from the Get-Poolmembers:

param(

[Parameter(Mandatory=$true)]
[string]
$LTMName,

[Parameter(Mandatory=$true)]
[System.Management.Automation.PSCredential]
$LTMCredentials,

[ValidateSet("Screen","CSV")]
$OutputDestination="Screen"
)

$Output = " "

New-F5Session -LTMName $LTMName -LTMCredentials $LTMCredentials 

$VS_iRules = Get-VirtualServer |
foreach {

    $VirtualServerName = $VS_iRules.Name -replace '/Common/',''

    new-object psobject -Property @{
        Name = $_.name;
        Rules = @{}
    }
}

$VS_iRules | ForEach { $_.Rules = (Get-VirtualServer -Name $_.Name | Select-Object -ExpandProperty rules -ErrorAction SilentlyContinue  ) } 

If ($OutputDestination -eq 'CSV'){
   Write-Output $Output | Out-File -filepath '.\LTM_iRules.csv'
}
Else {
    Write-Output $Output
}

Not sure I have the stripping of the partition in the right place and also not sure what values to put in for the $Output.

Really appreciate the assistance as well.

Thanks

0
Comment made 12-Jul-2017 by blashmet 0

Can this module be used to return the state of the "Source Address Translation" property on a VIP? (e.g., return whether it is set to SNAT, AutoMap, or none).

Thank you.

EDIT:

Turns out this property is accessible on a virtual server object:

$virtualserver = Get-VirtualServer | where-object {$_.name -eq "virtualservername" }

$virtualserver.sourceAddressTranslation

0
Comment made 13-Jul-2017 by Joel Newton 400

Correct. Not all available properties, such as sourceAddressTranslation, gtmScore and mobileAppTunnel, are defined in the VirtualServer LTM object type, but they are still accessible via the object.

0
Comment made 14-Jul-2017 by ELtheNINO 0

When using a try catch block with Get-Virtualserver the error terminates in the try block

EXAMPLE:

try
 {
    get-VirtualServer -F5Session <some session> -Name <EnterSomethingFalse>|select rules
 }
 catch [System.Exception]
 {
    Write-Host "NOPE $_.Exception.Message" -ForegroundColor Cyan
 }

It returns:

Invoke-F5RestMethod : "404 Not Found: 01020036:3: The requested Virtual Server (/Common/EnterSomethingFalse) was not found. At C:\Program Files\WindowsPowerShell\Modules\F5-LTM\1.4.196\Public\Get-VirtualServer.ps1:42 char:21 + ... $JSON = Invoke-F5RestMethod -Method Get -Uri $URI -F5Session $F5S ... + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : NotSpecified: (:) [Write-Error], WriteErrorException

INSTEAD OF in the catch block

NOPE. ERROR MESSAGE

Is anyone else experiencing this?

0
Comment made 15-Jul-2017 by Joel Newton 400

Hi, This is a PowerShell thing, not something specific to this module. The error thrown is non-terminating, so PowerShell doesn't go into the Catch block. If you set $ErrorActionPreference to 'Stop', then it will be caught.

0
Comment made 07-Aug-2017 by igor.curic 10

Hi,

I'm trying to automate virtual server deployment from top to bottom, an currently am failing on Add-PoolMember.

PS C:\Windows\system32> Add-PoolMember -Address 10.18.2.22 -PoolName iCPRF02BO.pool_80 -PortNumber 80 -Status Enabled -F5Session $SessionToken -Name ICPRF02-BO1 Invoke-F5RestMethod : "400 Bad Request: 01070734:3: Configuration error: Cannot assign (/Common/ICPRF02-BO1-10.18.2.22) as a pool member. At C:\Program Files\WindowsPowerShell\Modules\f5-ltm\Public\Add-PoolMember.ps1:88 char:33 + Invoke-F5RestMethod -Method POST -Uri "$MembersL ... + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : NotSpecified: (:) [Write-Error], WriteErrorExceptio n + FullyQualifiedErrorId : Microsoft.PowerShell.Commands.WriteErrorException,I nvoke-F5RestMethod

I can add it manually through GUI, but this function returns an error.
Alos, I double checked the function and it contains $JSONBody = @{name=('{0}:{1}' -f $ExistingNode.name,$PortNumber);partition=('{0}' -f $Partition);description=$Description} you mentioned would solve the problem Matan had a few months ago.

Any help would be appreciated.

Br, Igor

0
Comment made 08-Aug-2017 by Joel Newton 400

Hi, Igor,

I tested this, and I can successfully execute basically the same Add-PoolMember command you used against 11.5, 11.6 and 12.1. What version LTM are you working with (including hotfixes) and do you have the latest version of the PS module from github? Matan's issue was with searching different partitions. Are you using other than the Common partition?

Cheers, Joel

0
Comment made 08-Aug-2017 by igor.curic 10

Hi Joel,

I'm working on BIG-IP 13.0.0 Build 0.0.1645 Final. I downloaded PS module a week ago from https://github.com/joel74/POSH-LTM-Rest I'm using the Common partition. As you can see from the error, it sees the node, but fails to join it to the pool.

Configuration error: Cannot assign (/Common/ICPRF02-BO1-10.18.2.22) as a pool member.

Br, Igor

0
Comment made 09-Aug-2017 by Joel Newton 400

Hi, Igor, I tested this morning with 13.0.0 Build 2.0.1671 Hotfix HF2 and couldn't repro the error. A couple questions, that may or may not shed some light:

  • Do all calls to Add-PoolMember fail?
  • Did it work initially and then started failing?
  • Does the user creating the iControlRest session have admin privs?
  • Is the pool member (ICPRF02-BO1-10.18.2.22) listed as a node ( https://{BIGIP}/mgmt/tm/ltm/node/ )

Cheers, Joel

0
Comment made 10-Aug-2017 by igor.curic 10

Hi Joel,

Thank you for the quick responses.

First the answer to all questions: 1) yes...but, 2) no, 3) yes, 4) yes

Now but:

My plan is to add nodes using FQDN and I was testing using nodes created manually/or trough script using FQDN and all tests on may BIGIPs failed (i have two in HA). Then I tried creating nodes using IP, and it turns out nodes created that way can be added to the pool using the Add-PoolMember. So my question changes to: Why can't I use Add-PoolMember to add FQDN nodes? Did you test the command with FQDN nodes?

And I have two additional questions, since I wasn't able to find it in the module: 1) Is there a way to add SSL Profile (client) to virtual server? 2) Is there a way to add HTTP profile to virtual server?

Br, Igor

0
Comment made 11-Aug-2017 by Joel Newton 400

Hi, Igor, Answering in reverse order, yes, you can use Set-VirtualServer to add SSL and HTTP (and other server and client) profiles to virtual servers. Check out the examples for that function on how to do this.

Currently, Add-PoolMember does not support the creation of new FQDN nodes. There are a number of additional params that Add-PoolMember would need to accept, so it could pass them on to New-Node. My recommendation for the time-being would be to call New-Node to create your FQDN nodes, and then add the existing nodes with Add-PoolMember. Please let me know if you have any issue accomplishing that.

All the best, Joel

0
Comment made 11-Aug-2017 by igor.curic 10

Hi Joel,

I originally used New-node function to create FQDN node.

New-Node -AddressType ipv4 -AutoPopulate enabled -FQDN ICPRF02-BO1.gaming.lan -F5Session $SessionToken -Name ICPRF02-BO1

And than tried adding it to the pool using Add-PoolMember, and it failed...that's when I sent my first question. After your comment that the function works on your end I changed my approach and created the node using the IP...than Add-PoolMember worked. So when FQDN node is created by scritp/or manually Add-PoolMember failes...works only when node is created using IP (in my case).

And about the Set-VirtualServer examples, do you mean the examples in the script Set-VirtualServer.ps1 or is there an online resource I missed?

Br, Igor

0
Comment made 11-Aug-2017 by Joel Newton 400

Hi, Igor,

Thanks for the additional info. Part of the problem, if not the whole issue, is that nodes created as FQDN, aren't being found by the node check in the Add-PoolMember function, so it's trying to add them again. I'll open an issue on the GitHub repo for this.

For the Set-VirtualServer example, yes, it's in the script.

All the best, Joel

0
Comment made 22-Aug-2017 by johng 1

Can the power shell module be used to change F5 LTM's objects that are under BIG-IQ control? Basically what I'm asking is rather than running power shell scripts directly to the F5 LTM I want to run them through the BIGIQ which has all the F5 objects. Thanks.

0
Comment made 22-Aug-2017 by Joel Newton 400

Hi. The REST endpoints for managing BIG-IP objects - like pools and virtual servers in the LTM module - are the same, whether one is using BIG-IQ or not. There aren't separate endpoints. In my github repos, I've created a new one for BIG-IP, to include LTM functionality as well as DNS functionality that is under development and other traffic management-specific tasks.

0
Comment made 06-Sep-2017 by Mark Curole 128

Just started using this and loving it so far. I'd be glad to help contribute if you are looking for help.

0
Comment made 06-Sep-2017 by bujnovskyd 0

I'm just getting started using this. I am trying use get-virtualserver, on something I manually set up, into a hash table; modify hash table; then splat into new-virtualserver. Does anyone else already have something like this working?

$vs1=get-virtualserver -f5sess -name 'test1' $vs1.destination='Common/192.168.0.10:443' $vs1.fullpath='/Common/test1-443' $vs1.name='test1-443'

new-virtualserver -f5Session $f5sess @vip1

Thanks for the help. I'll keep trying an post it if I get it to work.

EDIT Got it to work, but built my hashtable manually. see hash values below. mostly used the $vip1.add("IPProtocol","tcp") to build PS C:\Windows> $vip1

Name Value


IPProtocol tcp
FallbackPersistence source_addr
Kind tm:ltm:virtual:virtualstate
SourceAddressTranslationType automap
PersistenceProfiles hash
DestinationIP 192.168.0.30
name vip1.dev1-80
ProfileNames http-XF
Partition Common
DefaultPool dev1-80
DestinationPort 80

New-VirtualServer -F5Session $f5Sess @compasswcf

I can now copy hash tables and reassign values to build another virtual server with mostly the same settings. This was all new to me, so maybe it will help someone else get going a little faster then it took me.

David B

0
Comment made 07-Sep-2017 by Joel Newton 400

Thanks, Mark. I'd say the best way to contribute is to check out the open issues in the github repo The big things in progress at the moment are creating Pester tests and transitioning from an LTM-only PS module to a PS module that covers additional BIG-IP modules.

David, glad you got that splatting working and thanks for sharing your efforts!

Cheers, Joel

0
Comment made 07-Sep-2017 by bujnovskyd 0

I can not seem to get the profiles to work. I have two separate profiles I would like to put into place during the new-virtualserver call.
One is 'http-XF' which is under the "http profile" and then another profile under the "SSL Profile (Client)" area.
I can call set-virtualserver with session and name and assign either one of the profiles with a name, but can't seem to figure out how to set both of them. The example in Set-virtualserver seems to create an array of hash tables in a noteproperty. I've not been able to get the example to work for me.
It seems to have issues when I $vs|set-virtualserver . I think the properties that were originally retrieved with get-virtualserver, do not align completely with the set-virtualserver command.
Should I be posting here or somewhere else for syntax type help?
Thanks. David B

0
Comment made 07-Sep-2017 by Joel Newton 400

Hi, David,

The list of profiles is actually just an array of strings. The best place to log issues, fyi, is on the github repo, so please feel free to open an issue there with the specific snippet you're using, and also please let me know what version of the API you're working with.

Cheers, Joel

0
Comment made 14-Nov-2017 by Pookie76 0

Hi I am trying to automate simple process to create a simjple TCP load balancing session. I can log in etc using the script but when I try and use the new pool I am getting a value of false returned from the device.....

PS C:\Users\brian.twomey> New-Pool -Name /commom/TEST-Pool -Description Test -LoadBalancingMode least-connections-member False

Have tried with pool members listed PS C:\Users\brian.twomey> New-Pool -Name /commom/TEST-Pool -Description Test -LoadBalancingMode least-connections-member False

Set-Pool -Name TEST-Pool -Partition /common -LoadBalancingMode least-connections(member) -MemberDefinitionList {10.78.49.11,7998},{10.78.49.12,7998} False

I am a newbieto powershell so can someone tell me what the issue is here....

0
Comment made 14-Nov-2017 by Joel Newton 400

Hi, 'common' is misspelled in the example you posted. Assuming your session is good and your user has the permission to makes changes to the F5, I believe that's your issue.

0
Comment made 14-Nov-2017 by Pookie76 0

The TEST-Pool function called from the New-Pool module is ot working correctly as this is returning a value false for all inputs and hence the new-Pool function cannot create the pool. Has there been any fix to this issue or has anyone else come across this???

0
Comment made 14-Nov-2017 by Joel Newton 400

Hi, Pookie76, I don't think you've successfully authenticated to your LTM device. Can you execute Get-Pool and get a list of your pools returned?

0
Comment made 06-Dec-2017 by Christian Lautenschlager 55

Hi Joel, first let me say many thanks for this great module. Maybe you can help me out. Is there a documentation about how to set Profiles of a Virtual Server? I sometimes need to add client/server certificates and also change the tcp Profile. Any suggestions?

Thanks Chris

0
Comment made 07-Dec-2017 by Joel Newton 400

Thanks, Chris. I've included an example on how to set profiles in the Set-VirtualServer function. Just execute 'get-help Set-VirtualServer -Examples' and you'll see that example, among others.

Cheers, Joel

0
Comment made 14-Dec-2017 by Sebastian Maniak 262

Awesome stuff... this worked like a charm.. I might even start using powershell now.

1
Comment made 20-Dec-2017 by Christian Lautenschlager 55

Hi Joel, is there a possibility to add AutoMap to a Virtual Server. Did not find any parameter like Get-Virtualserver -SourceAddressTranslationType automap

Cheers Christian

0
Comment made 22-Dec-2017 by Joel Newton 400

Hi, Christian, SourceAddressTranslationType and SourceAddressTranslationPool are available params in New-VirtualServer, but they haven't yet been added to Get-VirtualServer and Set-VirtualServer. I'll work on bringing over these and the other missing params from New- to Set- and adding them to the formatted type data.

0
Comment made 11-Jan-2018 by The-messenger 355

Will APM data, sessiondump, be accessible through the powershell api?

0
Comment made 16-Jan-2018 by Chris Wolford 15

Will this module work with Authorized AD Credentials?

I'm getting the same error as others when attempting to connect:

PS U:\PowerShell> New-F5Session -LTMName $MyLTM_IP -LTMCredentials $MyLTMCreds ConvertFrom-Json : Cannot bind argument to parameter 'InputObject' because it is null. At C:\Program Files\WindowsPowerShell\Modules\f5-ltm\1.4.213\Private\Invoke-F5RestMethod.ps1:39 char:50 + ... $message = $_.ErrorDetails.Message | ConvertFrom-json | Selec ... + ~~~~~~~~~~~~~~~~ + CategoryInfo : InvalidData: (:) [ConvertFrom-Json], ParameterBindingValidationException + FullyQualifiedErrorId : ParameterArgumentValidationErrorNullNotAllowed,Microsoft.PowerShell.Commands.ConvertFromJsonCommand

Invoke-F5RestMethod : "401 F5 Authorization Required: At C:\Program Files\WindowsPowerShell\Modules\f5-ltm\1.4.213\Public\New-F5Session.ps1:95 char:13 + $JSON = Invoke-F5RestMethod -Method Get -Uri $VersionURL -F5Sessi ... + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : NotSpecified: (:) [Write-Error], WriteErrorException + FullyQualifiedErrorId : Microsoft.PowerShell.Commands.WriteErrorException,Invoke-F5RestMethod

0
Comment made 18-Jan-2018 by Joel Newton 400

It does work with AD credentials. What version of the LTM are you connecting to? If you'd like to pursue this all the way to completion, my suggestion would be to open an issue on the github project and we can use that to delve further and get this resolved. Thanks.

0
Comment made 18-Jan-2018 by Chris Wolford 15

Thanks Joel,

We're running 11.6.1 Build 2.0.338 Hotfix HF2

I'll open an issue on github for it. I'd much prefer to get this working instead of the icontrol module.

0
Comment made 25-Jan-2018 by ramesh 0

I am running Get-PoolMember and it shows the state of the node as UP even though my member is disabled. How can i find the current state of my member ? Please help.

0
Comment made 25-Jan-2018 by Joel Newton 400

Hi, Ramesh, please open an issue on the github project, and I'll help you troubleshoot this. Please provide the LTM version you're connecting to, and whether the pool member is disabled or forced offline. Thanks, Joel

0
Comment made 22-Mar-2018 by WilliamL 0

I am trying to find what permissions are needed for a user to log in using powershell. I have tried with "admin" and that works but logging in as "guest" fails. Is there any info on this? TIA William

0
Comment made 23-Mar-2018 by Joel Newton 400

Hi, William, it somewhat depends on the LTM version. Prior to LTM v 12.1, one needed to be an admin with tmsh rights. With v12+, one could utilize an auth token which could be used to access and work with iControlREST API. That is needed if you're doing remote authentication.

Check out this article for more info on that. https://devcentral.f5.com/articles/demystifying-icontrol-rest-part-6-token-based-authentication

0
Comment made 26-Mar-2018 by WilliamL 0

Thanks Joel for the quick answer. Currently we are using v11.x. Guess I need to look at another way to get pool and node info with guest access via scripting

0
Comment made 03-Apr-2018 by vsundararaj 0

I am looking for some help here with regards to Set-VirtualServer to update/change fwEnforcedPolicy.

From Get-VirtualServer I can see the property fwEnforcedPolicy , example $Data= Get-VirtualServer -Name "VMAS-VirtualServer-namehere-TCP" $Data.fwEnforcedPolicy will result me /Common/MySecurityPolicy but

I would like to change fwEnforcedPolicy to /Common/NewSecurityPolicy 

How can I change the firewall enforced policy using PowerShell?

0
Comment made 03-Apr-2018 by Joel Newton 400

Hi, Venkat, can the fwEnforcedPolicy property be configured via the LTM, or is it officially part of AFM? Currently, the module only attempts to cover LTM functionality.

0
Comment made 03-Apr-2018 by vsundararaj 0

Device have AFM module where I create the firewall policy. Below is the action that I am trying to perform to enforce a policy to virtual server, but looking for ways to do that programmatically. Get-VirtualServer does obtain the property but I was hoping the Set-VirtualServer would have an option to define this enforcement.

Image Text

0
Comment made 03-Apr-2018 by Joel Newton 400

Hi, Venkat, that Security tab is not available to me since I don't have the AFM module installed. My guess is that it would require use of the /tm/security REST endpoints, which is currently outside the scope of the LTM module. I have plans to create a more comprehensive PS module to cover the various other BIG-IP modules, like AFM, but development on that is still beginning, and there's no specific AFM functionality there.

0
Comment made 03-Apr-2018 by Joel Newton 400

Hi, Venkat, that Security tab is not available to me since I don't have the AFM module installed. My guess is that it would require use of the /tm/security REST endpoints, which is currently outside the scope of the LTM module. I have plans to create a more comprehensive PS module to cover the various other BIG-IP modules, like AFM, but development on that is still beginning, and there's no specific AFM functionality there.

0
Comment made 30-Apr-2018 by LC1729 0

Hi Joel,

I'm looking to script disable/enable of a node for the purpose of server maintenance similar to what is described here: https://support.f5.com/csp/article/K13310

I'm working with f5 BIG-IP LTM 11.6 Build 5.0.429 HF5

I see in the Github repo that there are functions Disable-Node and Enable-Node but they are not listed in the module functions. Is there a reason for that? Can I expect to use those functions still?

From the above article: "When you interrupt access to a network device for maintenance, you should change the state of the node to Disabled or Forced Offline" - so my understanding is that I should be working with the node rather than pool member. It also seems more straight-forward for my pupose. However I'm a software dev/dev ops rather than a network admin and so not an f5 LTM expert & may well be missing something fundamental.

0
Comment made 01-May-2018 by Joel Newton 400

Hi, LC1729, Yeah, sorry for the oversight. It appears that there are some functions missing from that static readme. The Enable-Node and Disable-Node functions are fully functional and supported. Cheers, Joel

0
Comment made 01-May-2018 by LC1729 0

Hi Joel,

Thanks for the clarification and thanks for your work in creating this module.

A couple of further questions, with this module is it possible to

  • list all nodes in a specified partition?
  • check the number of current connections for a specified node?

Cheers

0
Comment made 01-May-2018 by Joel Newton 400

Hi, Yes, you can list all nodes for a partition - just specify the partition name and no node address/name. We don't yet have a function to get node stats, the same way we get pool member stats. I'd imagine it wouldn't be too difficult to implement. If it's something you're interested in, you can open an issue in the github project. -Joel

0
Comment made 03-May-2018 by LC1729 0

Thanks again Joel.

I was able to get node stats like so

$ltmNode = Get-Node -F5Session $F5Session -Name $nodeName -Partition $partition
$nodeStatsUri = $F5Session.GetLink($ltmNode.selfLink)  -replace '\?', '/stats?'
$statsResponse = Invoke-RestMethodOverride -Method Get -URI $nodeStatsUri -WebSession $F5Session.WebSession

And access the properties I'm interested in

$entries = $statsResponse.entries
$currentConnections = $entries.'serverside.curConns'.value
$enabledState = $entries.'status.enabledState'.description
1
Comment made 04-May-2018 by Joel Newton 400

Nice! So you basically just wrote the guts of the new function for me. Cheers, and thanks for sharing.

0
Comment made 4 months ago by Ansh Jain 56

Hi Joel,

I am new to using RestAPIs. I am just trying to establish connection between F5 and chef using New-F5Session function you developed in powershell. But it looks like your function is doing more then just establishing a connection. Could you please help me modify the code according to my purpose ?

Thanks in advance!

0
Comment made 4 months ago by Joel Newton 400

Hi, Ansh, if you're having issues creating/using an F5 session with my PS module and you'd like some assistance with that, I'd be happy to help. Please open an issue in the github repo with your code and the error(s) you're getting and I'll take a look.

Cheers, Joel

0
Comment made 3 months ago by Tim McCarthy 1

Joel,

I run 2 different protocol profiles on my virtual server, one for the client side, and a different one for the server side. When using the New-Virtual-Server module, and specifying profiles using the ProfileNames parameter, it will opnly allow me to specify 1 protocol profile and it always assigns it to the client side. Is there a way to specify both a client and server side profile?

Thanks,

Tim

0
Comment made 3 months ago by Joel Newton 400

Hi, Tim,

At the moment, you'll need to use Set-VirtualServer. If you retrieve a virtual server from your LTM, you can then add client and server side profiles to the VS object, and pass that object to Set-VirtualServer to add them. There's an example in Set-VirtualServer for how to structure the JSON request for adding your profiles. If the virtual server already has a profiles object, you will need to modify the example to set the value of the profiles property, instead of adding it to the virtual server.

-Joel

0
Comment made 3 months ago by Tim McCarthy 1

I've pulled the VS config from the F5 and added the profiles to it, however I'm still missing something as I get the below error.

Image Text

0
Comment made 3 months ago by Joel Newton 400

I'd suggest applying the profiles individually to test, and see if a specific one is causing the error. The syntax that you provided for the profiles looks good to me.

0
Comment made 3 months ago by Tim McCarthy 1

Hmmm same error adding just one profile. I even used Set-VirtualServer to build a new VIP to test with, so I know the module has a good session and works.

Image Text

0
Comment made 3 months ago by Tim McCarthy 1

I thought it might be something with 13.1.1, so I just tried it with 12.1.2, and I got the same results.

0
Comment made 3 months ago by Joel Newton 400

Thanks. Two follow-up questions for you: 1) are you able to successfully set a non-custom profile, like straight HTTP, and what does the content of the profiles object look like if you set the Ascend_HTTP profile in the UI and then retrieve it via Get-VirtualServer? Thanks.

0
Comment made 3 months ago by Tim McCarthy 1

I am not able to set a standard one, see below.

Image Text

0
Comment made 3 months ago by Tim McCarthy 1

This is what the Ascend_HTTP looks like when added manually.

Image Text

0
Comment made 3 months ago by Joel Newton 400

Tim, does the account you're using to create the session for the PS module have the privs needed to make this change? Are you able to successfully set other properties for a virtual server?

0
Comment made 3 months ago by Tim McCarthy 1

Yes, it's the admin account. If you notice higher up in the post, I used Set-VirtualServer to build the VIP I am trying to add the profile to. I have also successfully used the account with New-Pool, New-Node, New-VirtualServer, and Add-iRuleToVirtualServer.

0
Comment made 3 months ago by Tim McCarthy 1

I see this in the F5 log

pid=11420 user=admin folder=/Common module=(tmos)# status=[Syntax Error: one or more configuration identifiers must be provided] cmd_data=modify ltm virtual /Common/test { address-status yes auto-lasthop default cmp-enabled yes connection-limit 0 description "test server" destination /Common/10.186.10.136:80 enabled gtm-score 0 ip-protocol tcp mask 255.255.255.255 mirror disabled mobile-app-tunnel disabled nat64 disabled policies replace-all-with {:

0
Comment made 3 months ago by Joel Newton 400

Tim, let's transfer this thread to this issue in the github repo. Thanks.

0
Comment made 3 months ago by Tim McCarthy 1

ok

0
Comment made 1 month ago by CS 1

Hi,

Any plan to support LTM policies?

Thanks,

0
Comment made 1 month ago by Joel Newton 400

Do you mean the ability to create and remove policies? The functionality already exists for adding, getting and removing existing policies re: virtual servers.

I'm not very familiar with policies, but if someone wants to create a detailed issue in the github project specifying the functionality wanted and how they should work specifically, I can look into it.

0
Comment made 1 month ago by CS 1

Hi Joel,

Yes, and edit policies.

Policies (in LTM context) are basically an iRule replacement (like: if host header equals "something.com", forward traffic to pool X, apply ASM rule Y and do whatever).

I was not super-convinced by this feature because I do what I need with irules and we can't do everything with policies, but when you really want to automate BigIP configuration, you don't want to parse iRules in powershell, and add/update/delete things like this in switch statements for example:

"some.url.com" {
        if { $path equals "/" } {
            HTTP::respond 301 Location "https://[HTTP::host]/logon.jsp"
        }
       use pool something_pool
}

Policies in this respect are much easier to handle.

It seems the issue has already been created by @elijahgagne on github some time ago : #122

Hope it clarifies!

Thanks

0
Comment made 2 weeks ago by Joel Newton 400

Hi,

Yes, that helps clarify a lot. Ideally this functionality would be added to a not-yet-existent ASM PS module that uses the F5 REST API, since strictly speaking it's not LTM functionality. That was the initial intention behind this, with the end goal being to deprecate / subsume the F5-LTM module in favor of the broader F5-BIGIP module. Unfortunately, life and paid work often gets in the way. :)

0
Comment made 1 week ago by Per Eriksson 85

Why is there no functionality included in the module that can manipulate sys iFiles and LTM iFiles? Specifically I need to: 1. Upload a text file with ApiKeys (working using Invoke-WebRequest) 2. Update/modify an already existing sys iFile object to point to the content of the uploaded file in item 1. This would enable me to update the parameter content of an LTM iFile object that I’m using in an iRule.

Suggestions?

0
Comment made 1 week ago by Joel Newton 400

This functionality isn't in the module because it's never been requested. If you want to create an issue in the GitHub repo and see if it's a feature that others would use, then maybe it will get picked up and worked on. Thanks.

0
Comment made 1 week ago by Per Eriksson 85

@Joel Newton Thanks but I managed to find another way to do it: https://devcentral.f5.com/questions/powershell-how-to-modify-system-ifile-62936#answer160648

0