MVPKnowledge sharing: Ways to trigger and schedule scripts on the F5 BIG-IP devices.
I think that it is interesting to share how on F5 different scripts can be run at different times and states.
1. You can use the cron job like on any linux device to run a script. As I have used this to restart the tomcat and httpd each night with "bigstart restart <name>" or "tmsh restart /sys service <name>" (https://support.f5.com/csp/article/K89999342), because of a bug till I upgade the devices (https://support.f5.com/csp/article/K25554628 ).
2.Newer versions of F5 also have anacron tool that can add some randomness to the timframe when a script is run and many F5 default scripts use this and not the crontab:
3.You can even trigger scripts on the F5 device if the state changes from active to standby or from standby to active by adding the scripts under /config/failover/<state>. For example if you have a bug for a critical process that causes a failover ( you can use the command show /sys ha-status all-properties to check for this https://support.f5.com/csp/article/K20060182 ) but the device does not reboot or fix the process you can run a script to when the device becomes standby to restart the process.
4. You afcource can run scripts at the F5 start time (startup/bootup):
5.The final thing thing I can think of is to run a script at the backround that monitors the log and for example when there is a specific message in /var/log/ltm to trigger a tcpdump (in some cases better than creating a rotating tcpdum to catch an issue as per https://support.f5.com/csp/article/K65251607 ). The script can be a bash script with "tail -f" command that is run on the backround or better use the F5 intergrated "icall" feature.
Bash:
Icall:
- https://devcentral.f5.com/s/articles/what-is-icall-27404
- https://devcentral.f5.com/s/articles/run-tcpdump-on-event
5. You can use utility "logger -p" to generate manually log messages in the F5 device's log for testing of your scripts as this is used also for SNMP custom alarm traps tests (for more about SNMP https://support.f5.com/csp/article/K3727 )
6. You can also trigger scripts from an BIG-IQ device bt you still can't schedule them when to run:
7.Of course the final option is to use ansible or python SDK that uses the F5 rest-api to execute commands on the F5 devices.
8. You can even use TCP expect and bash for automations using SSH connection but this is really old way to do things:
- https://devcentral.f5.com/s/articles/f5-automation-tcl-amp-bash-921
- https://f5-sdk.readthedocs.io/en/latest/userguide/ltm_pools_members_code_example.html
9.F5 is well integrated with Ansible and it is better than REST-API Python SDK or TCL for me as even the declarative AS3 interface is supported:
https://clouddocs.f5.com/products/orchestration/ansible/devel/
https://clouddocs.f5.com/products/orchestration/ansible/devel/
https://www.f5.com/partners/technology-alliances/ansible
Imperative:
- https://support.f5.com/csp/article/K42420223
- https://clouddocs.f5.com/products/orchestration/ansible/devel/usage/playbook_tutorial.html
Declaritive:
- https://www.f5.com/company/blog/f5-as3-and-red-hat-ansible-automation
- https://clouddocs.f5.com/training/fas-ansible-workshop-101/3.0-as3-intro.html
10. For some automations without rest-api better use the F5 native cli scripts than bash with tmsh commands:
