Introduction

This is a script which will generate a report of the BigIP LTM configuration on all your load balancers making it easy to find information and get a comprehensive overview of virtual servers and pools connected to them (including those specified in iRules).

This information is used to relay information to our NOC and developers to give them insight in where things are located and to be able to plan patching and deploys. I also use it myself as a quick way get information or gather data used as a foundation for RFC’s, ie get a list of all external virtual servers without compression profiles.

The script has been running on 13 pair of load balancers, indexing over 1200 virtual servers for over 3 years now and the report is widely used across the company.

Since the 4.1.2 release the configuration of Bigip report is done via a separate configuration file. This will make updating the script much easier when there’s minor updates and makes it easier for me to test and deploy new version.

Demo

A live demo can be found here:
http://loadbalancing.se/bigipreportdemo/

Youtube video of an older version can be found here:

 

Requirements

  • Powershell version 4.0 (might work on earlier versions too, but not tested)
  • F5 Powershell Snap-in
  • A web server of your choice

Fast track installation instructions

If you haven’t set this up before I would recommend following the more detailed path below. If you’re in a rush or simply don’t want to read that much, here’s the quick and dirty alternative.

  1. Setup a guest user with the same password on all load balancers.
  2. Make sure that the server/client running the script has HTTPS access to all load balancers.
  3. Configure the script (see the mandatory minimum section in the configuration file)
  4. Cross your fingers for luck
  5. Run the script
  6. Browse your report in a web browser (only Chrome and Firefox tested, gave up on IE).

iControl installation

If you’re running Windows 10 (and maybe Windows 8) you might have to install .NET version 2 in order to be able to install the iControl snapin for Powershell.

Verify if .NET 2.0 is installed or not

  1. Click start and search for Turn Windows Features on or off:
    WindowsFeatures
  2. Click it to get a list of optional features:
    AddFeatures
  3. If .NET Framework 3.5 is enabled you’re good to go. Otherwise enable it and click OK (Windows 10 installation media might be required).
  4. Done

Install the iControl snapin

  1. Navigate to the iControl snapin download page at Devcentral and click on the download button:
    downloadbutton
  2. Extract the downloaded file to a new folder:
    icontrolfolder
  3.  Click on start and type “Powershell“, right click on Powershell and choose “Run as administrator“:
    runpowershellasadmin
  4. A powershell window should now start. Navigate to your downloads folder and run “.\setupSnapin“:
    installingicontrol
  5. Also run “Set-ExecutionPolicy RemoteSigned” to allow unsigned powershell scripts to be running on your system (otherwise you can’t run the BigIP Report script later on).
    scriptexecutionpolicy

Install a web server

The Bigip report script needs a web server to host the results of the script. Since there’s no server side execution it does not matter which Web server you choose, just that you have one (I’ve been hosting Bigipreport on both IIS and Apache).

I won’t bother writing a guide on how to install a web server since there’s so many online, but here’s a few direct links:

Windows 8/10
http://www.howtogeek.com/112455/how-to-install-iis-8-on-windows-8/

Windows server 2012
http://www.iis.net/learn/install/installing-iis-85/installing-iis-85-on-windows-server-2012-r2

Apache on Ubuntu
https://help.ubuntu.com/lts/serverguide/httpd.html

Download the BigipReport package

  1. Download the latest version from Devcentral:
    https://devcentral.f5.com/codeshare/bigip-report
  2. Unpack the zip file to a directory of your choosing.
  3. The content of the folder “Move the content of this folder to your wwwroot” should perhaps not so surprisingly be moved to the root of your web server (“c:\inetpub\wwwroot” is detault for IIS, “/var/www/html/” is default for Apache):
    folder structure
  4. The script and the bigipreportconfig.xml file should be copied to where you store scripts (up to you).

Create a read-only user on the F5 Load balancers

The script will need a user on the F5 load balancers. While it’s possible to use your own user it’s highly recommended out of security reasons to create a guest user for the script.

Just make sure that the user has read access to all partitions and that the same credentials is used on all load balancers.

Configure the script

So you’ve prepared the iControl snapin, the web server, downloaded the Bigip Report package and configured user accounts for the script? Well done, almost there!

The configuration file has explanations in it so I won’t go through more than the bare minimum in this guide. If you feel something is missing, please let me know!

  1. Open the “bigipreportconfig.xml
  2. First we need to configure the credentials the script uses:
  3. Then we need to tell the script which load balancers to connect to:
  4. And where to put the result of the script:
  5. And finally the default document:

That’s it for the script configuration!

Testing the script

  1. Open a powershell window as a non-admin
  2. Navigate to the script directory
  3. Execute the script by entering .\[script name] and enter
  4. Watch for any exceptions or errors

Schedule the script

If you’re happy with the result you might want to schedule the script to keep the content updated.

  1. Click on the start menu and then enter “task scheduler
  2. In the task scheduler, click on create task (located on the right hand side:
    schedule
  3. Under the general tab, choose a name for the task and choose to run the task whether the user is logged in or not
    For security reasons you might want to change the user the script is running as as well
  4. Then click on the tab called “Trigger” and click “New
    Enter the settings you desire and click OK.
  5. Move on to the tab called “Action” and click “New
    Action: Start a program
    Program/Script: Browse to the script
  6. Click OK and then “OK
  7. Enter the credentials of the chosen account and then click “OK

Additional recommended script configurations

Configure logging

I would highly recommend to also configure logging. It will help you troubleshoot in case the report is failing later on.

Edit the bigipreportconfig.xml file and modify the section called LogSettings. Examples are available in the file.

Configure error reporting

Error reporting will have the script send an email when the script runs into trouble. Configure the ErrorReporting section in the bigipreportconfig.xml file. Examples are available in the file.

F.A.Q

I get a status code of 403 when browsing to the script directory

This is probably due to the web server not having the chosen report file name in its default document list.

Possible solutions

The script finished, but no file was written

Run the script manually and check the logs.

Possible Reason Solution
The script failed to connect to one or more of the configured load balancers Remove the failing load balancer from the configuration
Check the credentials of the script user
The user running the script does not have permissions to write to the folder

Grant permissions to the user running the script
Open a windows share by configuring a share in the bigipreportconfig.xml file (shares section)

Script and web server is running on separate servers and the firewall is not open between the server running the script and the web server. Open the firewall

The script has failed but no report has been sent

Always try to run the script manually in a powershell window to get exact details.
You can simulate an error by issuing a syntax error prior to running the script.

Possible reason Solution
The firewall is not opened for smtp traffic from the script server to the smtp server Open the firewall
The mail server does not allow the script server to send emails through it Configure the mail server to allow relay from the script server

Could not initialize connection with supplied information

This is a tricky one. If the iControl snap-in tries to connect to the load balancers but fails for some reason this is the exception being thrown as a default error. And the reason could be other things than the credentials.

Possible reason
Solution
Your credentials could actually be wrong. Don’t forget that the username is case sensitive! Check your credentials in the configuration file
The script and the load balancer could not agree on a cipher. Enable/disable TLSv2 in the configuration file
A firewall is dropping your requests Open the firewall for port 443 from the server running your script
A proxy is dropping/denying your requests Configure the proxy
The ip of the load balancer is wrong Modify the IP in the configuration file

I have scheduled the report but it does not write any files

There could be multiple reasons for this, and the best way to troubleshoot is to start a powershell window as the user running the report. Then execute the script manually.

Possible reason
Solution
The user does not have write access to the configured log folder Check the log folder permissions
The user running the script does not have Run as batchjob user permissions Edit the group policy to allow the user access
Some pre-execution tests failed Run the script as the intended user and fix the problem.
The script user does not have write permissions in the report directory Add permissions to the report directory