Migrate part of GTM to another GTM
Hi, currently our GTM's have both test and prod config. We have buildup new test GTM's and want to migrate the test config (LTM's, Virtual servers, Pools, Wide IP etc) to the new pair. What is the suggested approach for this ? Is there any script that we could use ?Solved1.7KViews0likes2CommentsEnable OCSP Stapling via REST API
Hi all I'm struggling with the command syntax that will apply my OCSP stabling configuration on a certificate. I have found a workaround by pushing native tmsh commands via the bash api like this: curl -sk -u admin:password POST -H "Content-type: application/json" https://bigip-mgmt-ip/mgmt/tm/util/bash -d "{\"command\":\"run\", \"utilCmdArgs\": \"-c 'tmsh modify sys crypto cert example.com_2021-12-12 cert-validation-options { ocsp } cert-validators replace-all-with { letsencrypt_ocsp_R3 } issuer-cert R3_LE_2025'\"}" It works but I find itcrude and against the idea of using the API. I would very much like to be able to do it all REST API native but all tries ends up in: {"code":415,"message":"Found invalid content-type. The content-type must be application/json. The received content-type is application/x-www-form-urlencoded","errorStack":[],"apiError":1} Any input is very much appricaited!Solved1.6KViews0likes3CommentsGET all pool /mgmt/tm/ltm/pool/members/stats, but the Partition outside of Common cannot be obtained
1. Get all configuration through API instead of a specific Pool. (https://1.1.1.1/mgmt/tm/ltm/pool/members/stats) 2.This can only obtain Common Partition, and other Partitions cannot be obtained. Obtaining each API separately incurs too much performance overhead on the device (https://1.1.1.1/mgmt/tm/ltm/pool/members/stats) 3.Alternatively, it can support obtaining Pool Members for a specific Partition. 4. Can URLs support adding parameters, such as https://1.1.1.1/mgmt/tm/ltm/pool/members/stats?partition=aaa But? partition=aaa parameter not valid.Solved1.3KViews1like6CommentsHow can I Delete certificate via REST API?
Hello, I created a Client SSL Certificate and now I am trying to delete it from my F5 via REST API, I tried to use this article: https://clouddocs.f5.com/products/big-iq/mgmt-api/v7.0.0/ApiReferences/bigiq_public_api_ref/r_adc_ssl_cert.html This is the syntax of the command that I am typing: (this command supose to show me all my certificates, no?) curl -sk -u admin:Aa123456 -H "Content-Type: application/json" -X GET /mgmt/cm/adc-core/working-config/sys/file/ssl-cert all I got after executing this command is nothing. Also when I trying to excute this command, I get the same result, nothing happens curl -sk -u admin:Aa123456 -H "Content-Type: application/json" -X DELETE /mgmt/cm/adc-core/working-config/sys/file/ssl-cert/cert_name Please somebody explain to me what I am doing wrong950Views0likes2CommentsWhat kind of account do I need to access the REST API?
I'm having issues in accessing the API, I think. I got Error 401 whenever I use my credentials that I believe has admin privileges already. Is there a way to access the API without using the "admin" account? Edit: How do I check if my account has admin privileges? Below is my code: import requests requests.packages.urllib3.disable_warnings() uname = 'myaccount' pw = 'mypassword' req = requests.session() req.auth = (uname, pw) req.verify = False req.headers.update({'Content-Type': 'application/json'}) uri = 'https://[host]/mgmt/tm/ltm' response = req.get(uri) print(response.text) Result: {"code":401,"message":"Authorization failed: user= resource=/mgmt/tm/ltm verb=GET......."}900Views0likes10CommentsWhat is the REST API to check / uncheck checkbox client SSL profile custom cipher cipher string ?
Hello Team, Looking for help to check/uncheck checkbox to enable disable custom cipher string. Need REST API for the same. We are able to update the same using REST API, but cant disable/uncheck it.818Views0likes2CommentsHow to get a monitor from a pool through REST API or Python SDK?
I have a simple challenge: Given a pool, find its associated monitor. The problem is that the query for a monitor requires the monitor type. LTM pools don't carry info on the kind of monitor they use, only the partition and name of the monitor. I could theoretically iterate through all possible types of monitors there are, but what is the correct way to do it?741Views0likes0CommentsAn example of an AS3 Rest API call to create a GSLB configuration on BIG-IP.
Hi everyone, Below you can find an example of an AS3 Rest API call that creates a simple GSLB configuration on BIG-IP devices. The main purpose of this article is to share this configuration with others. Of course, on different sites (github, etc) you can find different bits of data, but I think this example will be useful, because it contains all the necessary information about how to create different GSLB objects at the same time, such as: Data Centers (DCs), Servers, Virtual Servers (VSs), Wide IPs, pools and more over. { "class": "AS3", "declaration": { "class": "ADC", "schemaVersion": "3.21.0", "id": "GSLB_test", "Common": { "class": "Tenant", "Shared": { "class": "Application", "template": "shared", "DC1": { "class": "GSLB_Data_Center" }, "DC2": { "class": "GSLB_Data_Center" }, "device01": { "class": "GSLB_Server", "dataCenter": { "use": "DC1" }, "virtualServers": [ { "name": "/ocp/Shared/ingress_vs_1_443", "address": "A.B.C.D", "port": 443, "monitors": [ { "bigip": "/Common/custom_icmp_2" } ] } ], "devices": [ { "address": "A.B.C.D" } ] }, "device02": { "class": "GSLB_Server", "dataCenter": { "use": "DC2" }, "virtualServers": [ { "name": "/ocp2/Shared/ingress_vs_2_443", "address": "A.B.C.D", "port": 443, "monitors": [ { "bigip": "/Common/custom_icmp_2" } ] } ], "devices": [ { "address": "A.B.C.D" } ] }, "dns_listener": { "class": "Service_UDP", "virtualPort": 53, "virtualAddresses": [ "A.B.C.D" ], "profileUDP": { "use": "custom_udp" }, "profileDNS": { "use": "custom_dns" } }, "custom_dns": { "class": "DNS_Profile", "remark": "DNS Profile test", "parentProfile": { "bigip": "/Common/dns" } }, "custom_udp": { "class": "UDP_Profile", "datagramLoadBalancing": true }, "testpage_local": { "class": "GSLB_Domain", "domainName": "testpage.local", "resourceRecordType": "A", "pools": [ { "use": "testpage_pool" } ] }, "testpage_pool": { "class": "GSLB_Pool", "resourceRecordType": "A", "members": [ { "server": { "use": "/Common/Shared/device01" }, "virtualServer": "/ocp/Shared/ingress_vs_1_443" }, { "server": { "use": "/Common/Shared/device02" }, "virtualServer": "/ocp2/Shared/ingress_vs_2_443" } ] } } } } } P.S. The AS3 scheme guide was very helpful: https://clouddocs.f5.com/products/extensions/f5-appsvcs-extension/latest/refguide/schema-reference.html632Views1like2CommentsREST API authorization in a cronjob, recommendation
I'd like to run an automatic script via cronjob to trigger REST API calls on a BIG-IQ (the script is located on the BIG-IQ itself). What possibilities are available in regards to authorization, especially from a security point of view, meaning avoiding placing credentials in the script. Is there maybe an option to use mutual SSL as trust? Right now doing manual testing I first create a token with basic credentials and then doing the REST-call with this token. But having an automatic script, there is no posibility to enter the password, means it needs to be placed somewhere. Any ideas would be very helpful. Thank you! Regards Stefan 🙂534Views0likes3CommentsFinding all virtual servers with "log all traffic" policy applied via API
Hello, I am trying to locate virtual server configs in my F5 environment that are configured to log all traffic requests. Obviously, this has a detrimental impact to F5 logging performance. Is there a way to use the TMSH shell or REST API to interrogate the F5 appliance via a script and get a listing of all virtuals that use a "log all traffic" policy so I can change the policy and give our logging servers a bit of respite? Thank you, Kyle503Views1like3Comments