Automatically take server out of service

You have several choices.

 

 

1. Use CLI commands in a script on the F5 itself.

 

2. Use a ksh or bash script on a separate server to call CLI commands via ssh on the F5

 

3. Use the iControl interface from an external host to do your stuff

 

 

There's a lot of codeshare stuff in the CodeShare part of the website that demonstrates this. Along with the iControl SDK's etc.

Another option that would allow the server admins to take a server out of active use in the pools is to configure a monitor to check a page on the server for a specific string like "UP". The server admins could then change the monitored page to not include the string to prevent LTM from using that server.

 

 

Aaron

Is icontrol an API or does it have to be manual? Can you please point me to the sample example and docs since I am new to this website? I am looking for something that can be automated and doesn't need a root access. Something where the access is limited to just my application vips. Could you please help a little and give me some advise as to how to go about it, or if it's even possible?

Could someone please reply and let me know if it's possible to create icontrol user id in a way that it has access to only selected VIPs or pool members?

iControl is an API. To be more precise it's a SOAP API. The links are at the RHS of the webpage you used to post the message.

 

 

The SDK is available at http://devcentral.f5.com/wiki/default.aspx/iControl/F5Downloads.html and the eocs are part of it. Sample code is available from the codeshare at http://devcentral.f5.com/Default.aspx?tabid=58 (Also available at the RHS of the webpage you're looking at).

 

Thanks. My real question around icontrol is:

 

 

Is it possible to create icontrol user id in a way that it has access to only selected VIPs or pool members?

The only way at this point is to use administrative domains (partitions). You can create a partition with the vips you want to target. You then associate user accounts with those partitions. In your iControl apps, you'll then have to query which partition the current user has access to and switch to that partition before you make any method calls.

 

 

-Joe

Posted By manc on 01/09/2010 12:46 PM

 

 

Is icontrol an API or does it have to be manual? Can you please point me to the sample example and docs since I am new to this website? I am looking for something that can be automated and doesn't need a root access. Something where the access is limited to just my application vips. Could you please help a little and give me some advise as to how to go about it, or if it's even possible?

 

 

 

iControl is an API. We have documentation for the API in the iControl Wiki.

 

 

http://devcentral.f5.com/wiki/default.aspx/iControl/APIReference.html

 

Click here

 

 

 

The API wraps the functionality of the product admin GUI. My recommendation is to create the configuration you would like in the product GUI (with login settings/etc) and then access those settings with iControl. The user accounts are the same under the seams.

 

 

-Joe

Could you please point me to the doc and the code that utilizes this functionality?

 

 

Thanks for your help

The API reference documentation is in the above link. The documentation for configuring administrative domains can be found in the administrator manual for the BIG-IP version you are running. If you don't have access, you can view the manuals online at ask.f5.com.

 

 

As for the specific APIs you'll want to implement this, you can determine what partitions the use has access to by calling the Management.UserManagement.get_my_permission() method

 

 

http://devcentral.f5.com/wiki/default.aspx/iControl/Management__UserManagement__get_my_permission.html

 

Click here

 

 

 

This will return, for the current logged in user, an array of partition names it has access to along with the management role associated with that connection.

 

 

To query the current active partition for the given user, you will use the Management.Partition.get_active_partition() method.

 

 

http://devcentral.f5.com/wiki/default.aspx/iControl/Management__Partition__get_active_partition.html

 

Click here

 

 

 

To switch to a new partition, you'll want to use the Management.Partition.set_active_partition() method

 

 

http://devcentral.f5.com/wiki/default.aspx/iControl/Management__Partition__set_active_partition.html

 

Click here

 

 

 

I just put together a little PowerShell script that illustrates how to use the various APIs.

 

 

http://devcentral.f5.com/wiki/default.aspx/iControl/PsPartitionAccess.html

 

Click here

 

 

 

Here's some sample output (replace bigip, user, and pass with your settings).

 

 

PS C:\scripts> .\PartitionAccess.ps1 -hostname bigip -user user -pass pass

 

Active Partition : Common

 

Available User Partitions

 

-------------------------

 

DevCentral : USER_ROLE_MANAGER

 

-------------------------

 

 

PS C:\scripts> .\PartitionAccess.ps1 -hostname bigip -user user -pass pass -partition DevCentral

 

Active Partition : DevCentral

 

 

PS C:\scripts> .\PartitionAccess.ps1 -hostname bigip -user user -pass pass

 

Active Partition : DevCentral

 

Available User Partitions

 

-------------------------

 

DevCentral : USER_ROLE_MANAGER

 

-------------------------

 

 

PS C:\scripts> .\PartitionAccess.ps1 -hostname bigip -user user -pass pass -partition Common

 

Active Partition : Common

 

 

PS C:\scripts> .\PartitionAccess.ps1 -hostname bigip -user user -pass pass

 

Active Partition : Common

 

Available User Partitions

 

-------------------------

 

DevCentral : USER_ROLE_MANAGER

 

-------------------------

 

 

 

Hope this helps...

 

 

-Joe