Prepare BIG-IP Central Manager for Automation

This guide describes the process of setting up F5 BIG-IP Central Manager (CM) via Postman to manage BIG-IP instances with automation templates. It is essential to note that this information is specific to the current version of CM/BIG-IP NEXT (v20) and may change in the future.

Introduction

Beginning with BIG-IP version 20, F5 has implemented significant changes in managing the new BIG-IP OS, now referred to as BIG-IP Next. BIG-IP NEXT leverages a modern, highly scalable software architecture to support vast, dynamic application service deployment.

This new iteration adopts an API-first approach to management, offering enhanced automation capabilities and improved scalability for service expansion. Learn more about BIG-IP Next here.

BIG-IP NEXT Central Manager (also known as BIG-IP CM) represents the next-generation management suite for the new BIG-IP OS across hardware and software instances. It provides simplified lifecycle and configuration management tasks across F5 BIG-IP NEXT fleets.

There are two primary methods for managing BIG-IP NEXT instances via Central Manager software: through a web browser-based portal or via API-based templates. Notably, BIG-IP NEXT no longer supports individual management through the CLI (tmsh).

Before managing Central Manager via postman, it is highly recommended to start with essential components such as managing license and deploying BIG-IP NEXT instance via Central Manager via Web GUI. Detailed instructions for adding and managing BIG-IP NEXT instances and configurations can be found in this KB library

https://community.f5.com/kb/technicalarticles/prepare-big-ip-central-manager-for-automation/327785.

Getting Started with API-Based Management

In addition to the web-based portal, BIG-IP CM provides APIs for orchestration, facilitating instance and configuration management using RestAPI.

Authentication to the API requires a token for access and control.

To interact with BIG-IP CM, clients must utilize token-based authentication instead of basic authentication. By default, BIG-IP CM rejects API requests made without proper token value.

To obtain an access token,  we need to send a token request to API login URL with a pre-set username/password for administration, the combination could be changed via WebGUI.

To get access token, use a post request to following URL:

POST https://<big-ip_next_cm_mgmt_ip>/api/login

Include the following syntax in the request body:

{
"username": "admin",
"password": "Welcome123!"
}

Upon successful authentication, the response body will contain an access token. This token can be utilized in future API calls to manage CM configuration and settings.

Let's try injecting an access token from the preceding response and use it as the bearer token of a request to get the current config.

Now, we can proceed with a simple get request to test the token by sending a get request without body to the URL 

https://<big-ip-cm-hostname>/api/v1/spaces/default/appsvcs/blueprints

Now let's automate token refresh in Postman and store the access token in a variable, so the request can always use the latest access token.

Within the "test" section in Postman, add the following syntax:

pm.test("Login status code is 200", function () {
    pm.response.to.have.status(200);
});
var resp = pm.response.json();
pm.globals.set("bigip_next_cm_token", resp.access_token);
pm.environment.set("bigip_next_rf_token", resp.refresh_token);

The above script will trigger an access token refresh and store the token into a variable named "big-ip_next_cm_token" in the global set when Postman sends a successful login request with a 200 response code.

To include the stored access token variable in future requests, you can simply use

{{bigip_next_cm_token}} 

as bearer token value for API requests or as an environment variable. This approach ensures that the token will be automatically attached to each request without requiring manual intervention to get and setting token value.

Now let's try creating a sample App via postman using access token bearer: To Create the application service by sending a Post to the /api/v1/spaces/default/appsvcs endpoint.

POST https://<big-ip_next_cm_mgmt_ip>POST /api/v1/spaces/default/appsvcs

Following is an example of an application service template as API body:

{
  "name": "HelloWorld",
  "set_name": "Examples",
  "template_name": "http",
  "parameters": {
    "pools": [
     {
        "loadBalancingMode": "round-robin",
        "loadBalancingRatio": 10,
        "monitorType": [
          "http"
        ],
        "servicePort": 80,
        "application_name": "App3",
        "poolName": "pool1"
      },
      {
        "loadBalancingMode": "round-robin",
        "loadBalancingRatio": 10,
        "monitorType": [
          "https"
        ],
        "servicePort": 443,
        "application_name": "App3",
        "poolName": "pool2"
      }
    ],
    "virtuals": [
      {
        "FastL4_idleTimeout": 600,
        "FastL4_looseClose": true,
        "FastL4_looseInitialization": true,
        "FastL4_resetOnTimeout": true,
        "FastL4_tcpCloseTimeout": 43200,
        "FastL4_tcpHandshakeTimeout": 43200,
        "TCP_idle_timeout": 60,
        "UDP_idle_timeout": 60,
        "accessAdditionalConfigurations": " ",
        "enable_FastL4": false,
        "enable_HTTP2_Profile": true,
        "enable_TCP_Profile": false,
        "enable_TLS_Client": false,
        "enable_TLS_Server": true,
        "enable_UDP_Profile": false,
        "enable_snat": true,
        "snat_addresses": [],
        "snat_automap": true,
        "enable_WAF": true,
        "enable_Access": false,
        "enable_iRules": false,
        "virtualPort": 80,
        "pool": "pool1",
        "virtualName": "vs1",
        "certificatesEnum": "test11",
        "WAFPolicyName": "test1"
      },
      {
        "FastL4_idleTimeout": 600,
        "FastL4_looseClose": true,
        "FastL4_looseInitialization": true,
        "FastL4_resetOnTimeout": true,
        "FastL4_tcpCloseTimeout": 43200,
        "FastL4_tcpHandshakeTimeout": 43200,
        "TCP_idle_timeout": 60,
        "UDP_idle_timeout": 60,
        "accessAdditionalConfigurations": " ",
        "enable_FastL4": false,
        "enable_HTTP2_Profile": true,
        "enable_TCP_Profile": false,
        "enable_TLS_Client": false,
        "enable_TLS_Server": true,
        "enable_UDP_Profile": false,
        "enable_snat": true,
        "snat_addresses": [],
        "snat_automap": true,
        "enable_WAF": true,
        "enable_Access": false,
        "enable_iRules": false,
        "virtualPort": 80,
        "pool": "pool2",
        "virtualName": "vs2",
       "certificatesEnum": "test12",
        "WAFPolicyName": "test2"
      }
    ],
    "application_name": "App3",
    "application_description": "TestApp"
  }
}

 

You could further verify the application service status via BIG-IP Central Manager WebGUI.

Updated Mar 14, 2024
Version 6.0
application delivery
big-ip next
central manager

Was this article helpful?

No CommentsBe the first to comment