Uploading bigip.conf using iControl.

Question

When we set out to build a centralized management system for our LTMs a few years ago, we were excited to use iControl at first.  However, upon further consideration it ended up being far cleaner to template the bigip.conf using something like Freemarker and injecting the appropriate fields from Java objects persisted from a centralized database.  That is because the LTM will load the bigip.conf wholesale, without disturbing running traffic, without having to worry about dependencies in iControl that could leave unutilized resources around (pools or rules without virtuals, monitors without pools, etc) as well as having to make sure that resources are created in the right order.  Instead, we generate an entire bigip.conf, scp it to the host, and issue a 'b load'.  It works rather well.&nbsp;
&nbsp;The trouble is that SSH + 'b' commands are an ugly way to perform the actual tasks.  They require us to keep around lists of commands and RSA keys, parse the output of 'b load' to verify success, etc.  It works, but it's just not _clean_, and using RSA keys is rife with security concerns.&nbsp;
&nbsp;It would be nice if there was a way to pass iControl a bigip.conf file via an HTTP/HTTPS POST, and have it parse the file and return some value.&nbsp;
&nbsp;What do you think?

joe_pruitt · Answer

Glad you've found a solution that works for you.  I would just keep in mind that the format of bigip.conf is not guaranteed to be constant from version to version so will have to rebuild your templates every time you upgrade the BIG-IP software to make sure that there aren't issues with configuration format changes.  iControl solutions give you a version independent way to manage the configuration.&nbsp;
&nbsp;But, since you've determined that going the template route for you works best, you are in luck in that we have an alternative to "scp"/"b load".  iControl has methods for uploading, downloading, and loading configurations and files.&nbsp;
&nbsp;The upload_configuration() and download_configuration() commands are for our configuration archive (.ucs files).  If you are looking to just upload a single bigip.conf file, you can use the upload_file() command.  There are samples in the SDK on how to use this method.  It works by sending "chunks" of the file at a time.  With bigip.conf, you can probably send the whole thing in one shot.&nbsp;
&nbsp;You can then use the load_configuration() method to load the BASE_LEVEL_CONFIGURATION (ie. bigip_base.conf) or the HIGH_LEVEL_CONFIGURATION (ie. bigip.conf).&nbsp;
&nbsp;If you want to test things out first, you can always upload a file and name it something unique (ie. bigip-20071127.conf) and then pass that value in the load_configuration() command.  This way you can test out a new config without overwriting the old one.  If it succeeds, you can upload the file again into the default name (bigip.conf) and use delete_file() to delete the test file.&nbsp;
&nbsp;Lots of options, hope they work out for you.  Feel free to post again if you have anything else comes up...&nbsp;
&nbsp;-Joe

Forum Discussion

Uploading bigip.conf using iControl.

1 Reply

Recent Discussions

Failed to convert character dclid=%EDclid!

ASM - Parent policy vs OWASPcompliance

Rewrite uri translation not working

CONNECTION IS LOST DUE TO SELF IP IS DELIVERED

APM OCSP Responder Issues

Related Content

File Upload via iControl REST

File upload and ASM

File Uploads and ASM

Icontrol REST upload and apply policy- section "http-protocols" ignored?

iControl REST Authentication Token Management