Wiki: iControl

PowerShell

RSS
Microsoft Windows PowerShell command line shell and scripting language helps IT professionals achieve greater control and productivity. Using an admin-focused scripting language, more than 130 standard command line tools, and consistent syntax and utilities, Windows PowerShell allows IT professionals to more easily control system administration and accelerate automation. Windows PowerShell is easy to adopt, learn, and use, because it works with your existing IT infrastructure and existing script investments, and because it runs on Windows XP, Windows Vista, and Windows Server 2003. Windows PowerShell is installed as part of the Windows Management Framework. Windows Server 2008 and later come with Windows PowerShell already installed. Exchange Server (2007 and later), System Center Operations Manager (2007 and later), System Center Data Protection Manager V2, and System Center Virtual Machine Manager also leverage Windows PowerShell to improve administrator control, efficiency, and productivity. As of 2009, all Microsoft server products must support PowerShell.

Below are a list of PowerShell related resources here on DevCentral.

PowerShell Snapin

The iControl PowerShell Snapin is a set of Cmdlets for Windows PowerShell that give you the full power of the iControl API. They can be downloaded from the DevCentral PowerShell Labs Project

Tech Tips

The following technical articles have been written that provide examples implemented in Windows PowerShell.

Tech Tip Description
PowerShell - Getting Started In this tutorial, Joe walks through downloading, installing, configuring, and using the iControl PowerShell
iControl 101 - #08 - Partitions Configuration Partitions allow you to control access to BIG-IP system resources by BIG-IP administrative users. This article will discuss how to manage Configuration Partitions with the iControl programming interfaces.
iControl 101 - #09 - iRules iRules are the internal scripting language of the BIG-IP and can be used to attain full control of traffic flowing through your network. But, did you know that you can automate the management of iRules across your Virtual Servers with iControl? This article will discuss the iControl methods that can be used to query, create, delete iRules as well as how to apply them to Virtual Servers.
iControl 101 - #10 - System Inet The little-known System Inet interface is used to access internal API functionality that you can use to test name resolutions as well as service mappings and time settings. This article will discuss the methods in and illustrate some example usages of the System Inet interface.
iControl 101 - #11 - Performance Graphs The BIG-IP stores history of certain types of data for reporting purposes. The Performance item in the Overview tab shows the report graphs for this performance data. The management GUI gives you the options to customize the graph interval but it stops short of giving you access to the raw data behind the graphs. Never fear, the System.Statistics interface contains methods to query the report types and extract the CSV data behind them. You can even select the start and end times as well as the poll intervals. This article will discuss the performance graph methods and how you can query the data behind them and build a chart of your own.
iControl 101 - #12 - Database Variables iControl exposes thousands of methods to get and set attributes associated with all of the core object types (Virtuals, Pools, etc). The API also covers non-core objects such as SNMP and Certificates. But, there are some settings that are stored in our internal database that are not directly exposed via the API, but that's not to say that they are not "indirectly" exposed. This article will discuss how to use the Management::DBVariable interface to get at those hidden configuration settings.
iControl 101 - #13 - Data Groups Data Groups can be useful when writing iRules. A data group is simply a group of related elements, such as a set of IP addresses, URI paths, or document extensions. When used in conjuction with the matchclass or findclass commands, you eliminate the need to list multiple values as arguments in an iRule expression. This article will discuss how to use the methods in the LocalLB Class interface to manage the Data Groups for use within iRules.
iControl 101 - #14 - License Administration An important aspect of system management is maintaining the licenses on the devices you are responsible for. The BIG-IP includes a programmatic interface to allow you to query the current license information and upload and apply new licenses to the device allowing the automation of this management task. This article will discuss the Management.LicenseManagement interface in the iControl API and how you can use it to keep your BIG-IP's license up to date.
iControl 101 - #15 - System Services This installment of iControl 101, I'll focus on the System Service interface where you can have full control of the running state of all the services on the system
iControl 101 - #16 - Self IPs In this article, I will discuss the Networking.SelfIP interface in which you have control over the IP addresses owned by the BIG-IP system that you use to access the internal and external VLANs
iControl 101 - #17 - Port Mirror Port mirroring, also known as Interface mirroring, is a feature that allows you to copy traffic from any port or set of ports to a single, separate port where a sniffing device is attached. This is commonly used for network appliances that require monitoring of network traffic, such as an intrusion-detection system (IDS). The BIG-IP allows for creating mirroring on network interfaces and this article will discuss how to create and manage those mirrors with the iControl API.
iControl 101 - #18 - Stream Profile One of the common uses for an iRule is to search for a string and replace it with another string. For advanced searches that involve complex string parsing or regular expressions, iRules are the way to go. But if you are just looking at modifying a hostname in a URI or maybe even just changing all returned URI's from http to https for a ssl offloaded server farm, then the often overlooked Stream Profile is a highly optimized way to do this. This article will discuss how to programmatically create a Stream Profile to replace all occurances of "http://" with "https://", apply it to a virtual server, query statistics, and undo the process
iControl 101 - #19 - Time Conversions In the iControl API there are several methods that return time values. Some are in nicely packed structures with the year, month, day, hour, minute, and second extracted for you, but there are other methods that return just a single long integer for the time. This article will discuss how to work with the different time values and convert them to local time.
iControl 101 - #20 - Port Lockdown Each self IP address has a feature known as port lockdown. Port lockdown is a security feature that allows you to specify particular UDP and TCP protocols and services from which the self IP address can accept traffic. This article will dicuss how to use the iControl API to manage Port Lockdown Access Lists.
iControl 101 - #21 - Rate Classes The BIG-IP local traffic management system includes a feature called rate shaping which allows you to enforce a throughput policy on incoming traffic. Throughput policies are useful for prioritizing and restricting bandwidth on selected traffic patterns.
iControl 101 - #22 - GTM Data Centers The components that make up the BIG-IP Global Traffic Manager can be divided into two categories: logical and physical components. Logical Components are abstractions of network resources, such as virtual servers. Physical components, on the other hand, have a direct correlation with one or more physical entities on the network. In this article, I will disucss Data Centers (one of the physical network components in the Global Traffic Manager) and illustrate how to programmatically manage them with the iControl API
iControl 101 - #23 - Module Resource Provisioning A somewhat unknown feature on the BIG-IP is the ability to override the default resource allocations for core modules on the BIG-IP. This is available in the product GUI under the System’s “Resource Provisioning menu”. In this article, I’m going to walk you through the iControl Management.Provision interface and show you how to automate the configuration of the resources.
iControl Apps - #02 - Local Traffic Summary The BIG-IP Management GUI has a feature called the Network Map that includes a summary of the objects on the system and their current statuses. This tech tip will take that GUI component and break it down into the underlying iControl method calls and present an alternative implementation from within Windows PowerShell
iControl Apps - #03 - Local Traffic Map The BIG-IP Management GUI has a feature called the Network Map that includes a hierarchical summary of the objects on the system and their current statuses. This tech tip follows on to my previous Local Traffic Summary article and will take that GUI component and break it down into the underlying iControl method calls and present an alternative implementation from within Windows PowerShell
iControl Apps - #04 - Graceful Server Shutdown This question comes up quite often here on DevCentral: "How can I gracefully shut down my servers for maintenance without disrupting current user sessions?". In fact, I answered this question just the other day again in the iControl forum and figured I'd throw out an application that accomplished this. So I went about writing this application to allow for the graceful shutdown of a given pool member. Of course, the application wouldn't be complete without listing the pools and members for a specified pool as well as allowing for enabling and disabling of the server so I went ahead and included those pieces as a bonus.
iControl Apps - #05 - Rate Based Statistics One of the key features of iControl is the ability to monitor statistics of the various objects on the system. Whether it's for capacity planning or auditing and billing purposes, the numbers behind how your applications are being utilized on the network are very important. The iControl API allows for querying of statistics for most of the major objects including Virtual Servers, Pools, Pool Members, and Node Addresses. This data is returned as counters but most often the desired presentation of this data is in the form of a rate such as bits or connections per second. This article will show how to query the counter values and calculate rate based statistics for a given virtual server.
iControl Apps - #06 - Configuration Archiving Let's face it, we like to believe that disaster will never happen, but how many times have you accidentally deleted a document you have been working on for a presentation without a working backup? Odds are more than once. If it can happen on your desktop, then it can happen on the network and imagine the situation where your network configuration is running the bread and butter for your company. Wouldn't it be nice to have the knowledge that your network configuration is securely archived for easy recovery? Well, this article will illustrate an application that performs configuration archiving for a BIG-IP device by allowing for the creation of configuration restore points as well as remote file upload/download capabilities. Read this article, and fear no more!
iControl Apps - #07 - System HTTP Statistics I was digging through the iControl interfaces the other day and it's still amazing to me, after being around since the beginning of the API, to find new and cool stuff hiding in there. Today's find was lurking within the System.Statistics interface. There are literally dozens of method calls to pull out all sorts of useful statistics and the one I picked for today is the System HTTP Statistics which are a rollup of all HTTP Profiles' statistics. This application will build a report on everything you wanted to know from an HTTP level such as how many 5xx responses have been served to the number of bytes of compressed video and the RAM cache hits and misses.
iControl Apps - #08 - System IP Statistics A question came across recently about how to query aggregate IP based statistics for the entire BIG-IP. My previous tech tip covered reporting on System HTTP statistics so I thought this was a great chance to continue on that thread with another PowerShell
iControl Apps - #09 - System TMM Statistics Continuing on with my series of applications on system level statistics, this application will look into the insides of the TMOS processes on the system and dump out the available statistics exposed in the System.Statistics.get_tmm_statistics() method.
iControl Apps - #10 - Bigpipe List A question came across the forums a while ago around how to get a human readable version of the configuration on the BIG-IP LTM from the iControl APIs
iControl Apps - #11 - Global GTM Statistics Continuing on with my series of applications on system level statistics, this application will look into the insides of the GTM processes on the system and dump out the available statistics exposed in the System.Statistics.get_gtm_global_statistics() method.
iControl Apps - #12 - Global SSL Statistics Continuing on with my series of applications on system level statistics, this application will look into the insides of the SSL subsystem and dump out the available statistics for client and server based SSL processing.
iControl Apps - #13 - System PVA Statistics Continuing on with my series of applications on system level statistics, this application will look into the insides of the Packet Velocity ASIC (PVA) subsystem and dump out the available statistics for client and server based hardware offloaded processing.
iControl Apps - #14 - Global Statistics Continuing on with my series of applications on system level statistics, this application will look into the insides of the global system level statistics for the device. The global statistics contain information on Auth, Bytes, Connections, CPU, Denials, Errors, Hardware, HTTP, Memory, Packets, and the TMM.
iControl Apps - #18 - Virtual Server Reverse Lookup Virtual Servers are accessed by user friendly name. In some cases you will want to know which Virtual Servers are using a given address. This script takes as input a wildcard spec for the address:port of a virtual server and lists the address:port and name for all matches.
iControl Apps - #19 - Pool Membership Reverse Lookup Pool's are collections of pool members which are IP address and ports for a specific back end application server. Currently through the iControl API there is no direct way to do a reverse lookup of which pools a specified application server is a member of. This application will, given a pool member specification, do a reverse lookup and list all the associated pools that member is included in.
iControl Apps - #20 - Server Control The issue of server state continues to come up in the DevCentral
Creating An iControl Monitoring Dashboard With Google Charts PowerShell is a very extensible scripting language and the fact that it integrates so nicely with iControl means you can do all sorts of fun things with it. In this tech tip, I'll illustrate how to use just a couple of iControl method calls (3 to be exact) to create a load distribution dashboard for you desktop (with a little help from the Google Chart API).
Concurrent iControl Programming Explained iControl is a set of web services methods that can be called in any order by any number of clients. Typically an application is written with the plan that it is the only one accessing your devices. In some cases though, you may require the ability to have programs making configuration changes concurrently. In this article, I'll discuss the iControl lock methods that allow for each application to play well with each other.
Managing the System Boot Location with iControl The BIG-IP has the ability to partition off different "slots" for multiple software installs. This allows for installing a second version of the software on the system without overwriting the existing configuration to allow for an easy rollback in the case you prefer to roll back to your previous version. The System.SoftwareManagement interface contains the methods to manage the software on the system and hidden in there are the methods for getting and setting the current "boot locations". This article will illustrate the use of those methods.

CodeShare Samples

  • PowerShell App Automation - This is a Powershell iControl Sample illustrating how to automate the process of application pools and monitors for a given Application name and version.
  • PowerShell GTM Pool Member - This example illustrates how to query and set the state of GTM Pool Members.
  • PowerShell iApp Template Control - The following PowerShell script illustrates how to support the BIG-IP .tmpl file format for Application Templates.
  • PowerShell Management Folder - This example illustrates how to use the Folder methods to build a console shell allowing you to navigate and manage system Folders on BIG-IP v11 and above.
  • PowerShell Management Provision - This is a Powershell iControl Sample illustrating how to use the module resource provisioning methods to manage the partitioning of memory. disk. and cpu across the modules licensed to run o...
  • Powershell Menu Driven Queries - A menu-based PowerShell application to query information about your BIG-IP
  • PowerShell Pool Member Availability - This PowerShell script will query the status of the pool members for a specified poolname.
  • PowerShell PoolMember Ratio And Priority - This sample PowerShell script illustrates how to use the methods in the LocalLB::Pool interface to get and set the Ratio and Priority for a Pool Member.
  • PowerShell RAM Cache - This PowerShell example illustrates how to query for entries in the RAM Cache.
  • PowerShell Setup Snapin - This PowerShell script will register the iControl Snapin on 32 and 64 bit platforms.
  • PowerShell Software Status - This example illustrates how to use the get_all_software_status method in the System SoftwareManagement interface.
  • PowerShell System Audit - This is a PowerShell iControl Sample illustrating the return values for some system auditing information
  • Ps BIG-IP Interactive Shell - This sample application illustrates how to build an interactive shell to manage your BIG-IP.
  • Ps Bigip List Configuration - This PowerShell application will query the contents of a file in the /config directory on a BIG-IP. save the contents locally. and then display them to the console.
  • Ps Config Archiving - This PowerShell application performs archiving and restoring of your BIG-IP configuration.
  • Ps Get Bigip Routes - This Powershell application prints out the static TMM and Management routing table from the BIG-IP.
  • Ps Global Ssl Statistics - This application will explore the system level ssl statistics available in the System.Statistics interface.
  • Ps Global Statistics - This PowerShell script will query the global system statistics.
  • Ps Gtm Data Center - This sample will illustrate how to use the iControl API to manage Global Traffic Manager Data Centers.
  • Ps Icontrol Concurrency - This sample application will illustrate how to use the locking mechanisms in iControl to allow you to create a multi-threaded iControl application.
  • Ps Icontrol Dashboard - This Powershell application will use iControl and the Google Chart API to build a monitoring dashboard.
  • Ps Irule Dashboard - This Powershell application will use iControl and the Google Chart API to build a dashboard to monitor the usage of your iRules.
  • Ps Local Traffic Map - This application will replicate the network map functionality found in the BIG-IP management GUI with a PowerShell console implementation.
  • Ps Local Traffic Summary - This application will replicate the network status functionality found in the BIG-IP management GUI with a PowerShell console implementation.
  • Ps Object Meta Data - PowerShell library to create and access generic metadata for objects on your BIG-IP systems.
  • Ps Partition Access - This application illustrates how to get and set the users management partitions.
  • ps Pool Lookup - This PowerShell application will do a reverse lookup for pools given a pool member definition.
  • Ps Pool Member Control - This application allows for the graceful shutdown of a pool member. As an added bonus it also allows you to query pools. pool members. pool member status. and enable and disable the pool members.
  • Ps Provision VE For Local Dev - This PowerShell script will illustrate how to deploy an application.
  • Ps Rate Based Statistics - This sample application will illustrate how to take raw statistic counters and turn them into rates.
  • Ps Rate Class - This PowerShell example will illustrate how to create and manage rate classes with the iControl API.
  • Ps Self Ip Port Lockdown - This applications illustrates how to manage Self IP and Default Port Lockdown Access Lists.
  • Ps Server Control - This PowerShell application will get and set the infamous three-way-toggle state (enabled. disabled. offline) for server objects.
  • Ps System Boot Location - This sample will illustrate the usage of the system boot location iControl methods.
  • Ps System Gtm Stats - This PowerShell example will illustrate how to query the global GTM statistics.
  • Ps System Http Stats - This PowerShell application will illustrate how to pull out the rolled up Http Statistics taking from all of the Http Profiles.
  • Ps System Ip Stats - This PowerShell application will query the system wide IP based statistics and display them in columnar format.
  • Ps System Pva Stats - This example will illustrate how to examine the system level PVA statistics.
  • Ps TMM Statistics - this application will look into the insides of the TMOS processes on the system and dump out the available statistics exposed in the System.Statistics.get_tmm_statistics() method.
  • Ps Twitter Api - Here's a set of PowerShell functions implementing the Twitter APIs.
  • Ps Virtual Server Lookup - This powershell script will allow you to do a wildcard reverse lookup for Virtual Servers.

External Links