Learn F5 Technologies, Get Answers & Share Community Solutions Join DevCentral

Filter by:
  • Solution
  • Technology
Answers

Native tmsh/bash commands via REST API

Hi all,

is there a way to execute native tmsh or bash commands using the REST API? As long as there are not all configurations controllable by REST i would like to execute some commands directly.

0
Rate this Question
Comments on this Question
Comment made 02-Feb-2017 by Eric Flores

Here is an example of bash over REST -

$ curl -sk -u 'admin:admin' -H 'Content-Type: application/json' -X POST  \
    -d '{"command": "run", "utilCmdArgs": "-c \"date -u\""}' \
    https://$HOST/mgmt/tm/util/bash | jq .
{
  "kind": "tm:util:bash:runstate",
  "command": "run",
  "utilCmdArgs": "-c \"date -u\"",
  "commandResult": "Fri Feb  3 01:11:56 UTC 2017\n"
}
0

Answers to this Question

placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

I am not sure if this ability has been provided in newer code versions. Last I remember from this thread, it isn't directly feasible but you can do something similar to the idea proposed in the thread.

0
placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

If you are looking for the iControl REST endpoint for executing a Unix command, that's /mgmt/tm/util/bash. Here's an example (for ls /tmp):

curl -sku user:password -X POST -H "Content-type: application/json" \
  -d "{\"command\":\"run\", \"utilCmdArgs\": \"-c 'ls /tmp'\"}" \
  https://<management port>/mgmt/tm/util/bash 

You can run a tmsh command in the same manner (e.g., tmsh list ltm virtual):

curl -sku user:password -X POST -H "Content-type: application/json" \
  -d "{\"command\":\"run\", \"utilCmdArgs\": \"-c 'tmsh list ltm virtual'\"}" \
  https://<management port>/mgmt/tm/util/bash 

Output lines are concatenated (not easy to read), so you may want to parse it by piping the result to python -m json.tool | sed 's/\\n/\n/g'

Note that you will get 50x error when the execution of the specified command takes longer than a predefined timeout (about 60-90 seconds).

For more on the API, please refer to iControl REST API Reference Version 12.0.

0
Comments on this Answer
Comment made 03-Feb-2017 by mvo 53

Thanks a lot for all answers! That is exactly what i need. I now managed to implement it in a python script.

Here is a snippet which works with v12.1. Maybe it is helpful for anyone else.

import re, requests, json
# get auth token
def get_token(bigip, url, username, password):
    payload = {}
    payload['username'] = username
    payload['password'] = password
    payload['loginProviderName'] = 'tmos'
    token = bigip.post(url, json.dumps(payload)).json()
    return token

# send tmsh command (via bash)
def send_tmsh_command(bigip,hostname, command):
    payload = {}
    cmd = "-c \'" + command + "\'"
    payload['command'] = 'run'
    payload['utilCmdArgs'] = cmd

    URL = 'https://%s/mgmt/tm/util/bash' % hostname
    result = bigip.post(URL, data=json.dumps(payload))

    if result.status_code is not 200:
        print(result.content)
    else:
        print("ok")

def main():
    requests.packages.urllib3.disable_warnings()
    hostname = "1.1.1.1"    # enter your IP here
    username = "username"   # enter your username here
    password = "password"   # enter your password here

    # define base urls for rest
    url = 'https://%s/mgmt' % hostname
    url_auth = '%s/shared/authn/login' % url

    # init session
    bigip = requests.session()
    bigip.headers.update({'Content-Type': 'application/json'})
    bigip.auth = (username, password)
    bigip.verify = False

    #receive login auth token
    token = get_token(bigip, url_auth, username, password)
    token1 = token['token']
    bigip.auth = None
    token1 = token1['token']
    # update session header
    bigip.headers.update({'X-F5-Auth-Token': token1})

    # execute tmsh commands from given textfile
    tmsh_commandlist = open("tmsh_commandlist.txt")
    for line in iter(tmsh_commandlist):
        line = re.sub(r"\"", "\\\"", line, flags=re.S)
        send_tmsh_command(bigip, hostname, line)

main()
0
placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

Hi, is here any way how to call tmsh command within a partition?

0
placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

To list virtuals under the partition /Test directly from bash, for example, you can use echo to pass multiple statements to tmsh:

# bash -c 'echo "cd /Test; list ltm virtual" | tmsh'

That's what you want to send to the /mgmt/tm/util/bash endpoint. e.g.,

 # curl -sku admin:admin https://192.168.184.30/mgmt/tm/util/bash \
  -X POST -H "Content-Type: application/json" \
  -d "{\"command\":\"run\", \"utilCmdArgs\":\"-c 'echo \\\"cd /Test; list ltm virtual\\\" | tmsh'\"}"

Example output:

{
    "command": "run",
    "commandResult": "ltm virtual testvs {\n    destination 172.16.10.45:http\n    ip-protocol tcp\n    mask 255.255.255.255\n    partition Test\n    pool /Common/CentOS-All\n    profiles {\n        /Common/tcp { }\n    }\n    source 0.0.0.0/0\n    translate-address enabled\n    translate-port enabled\n    vs-index 7\n}\n",
    "kind": "tm:util:bash:runstate",
    "utilCmdArgs": "-c 'echo \"cd /Test; list ltm virtual\" | tmsh'"
}

Please be careful with the escaping sequences.

If you have a more complex tmsh call, consider writing a tmsh script and call it via the /mgmt/tm/cli/script endpoint: e.g.,

curl -sku admin:admin https://192.168.184.30/mgmt/tm/cli/script

Obviously, it does not make any sense calling tmsh via bash via tmsh (the iControl REST is just a wrapper for tmsh). Look for an endpoint that you can call directly for your purpose.

0
Comments on this Answer
Comment made 3 months ago by Zdenda 445

Thanks for this tip, that helps. The reason why I want to use it is that I'm not able to use rest to create CSR in the partition. I use what's working for others here, but without luck.

0
Comment made 3 months ago by Zdenda 445

Thanks for this tip, that helps. The reason why I want to use it is that I'm not able to use rest to create CSR in the partition. I use what's working for others here, but without luck.

0
placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

I am trying tmsh_commandlist = open("tmsh_commandlist.txt") from the python program specified above. I created command file tmsh_commandlist.txt which has a tmsh command i want to execute "create ltm node TEST3 address 3.3.3.3". When i run the program it completes successfully however does not create the new node on the LTM itself. As per my understanding i just have to specify the ltm commands as we type it on the F5 CLI to the text file and this program will configure it on the device. Any suggestions What could be the problem.

Thanks

0
placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

You can use the /mgmt/tm/ltm/node endpoint for node creation instead of calling /mgmt/tm/util/bash to run the tmsh command. The equivalent curl command for tmsh create ltm node TEST3 address 3.3.3.3 is

curl -sku <admin>:<adminPass> https://<host>/mgmt/tm/ltm/node \
  -X POST -H 'Content-type: application/json' \
  -d '{"name":"TEST3", "address":"3.3.3.3"}'

If Python is your choice, you may want to check the F5 Python SDK. See F5 Python SDK Documentation.

0