- 1 Introduction
- 2 iControl installation
- 3 Install the iControl snapin
- 4 Install a web server
- 5 Download the BigipReport package
- 6 Create a read-only user on the F5 Load balancers
- 7 Configure the script
- 8 Testing the script
- 9 Schedule the script
- 10 Additional recommended script configurations
- 11 F.A.Q
- 12 I have scheduled the report but it does not write any files
This is a script which will generate a report of the BigIP LTM configuration on all your load balancers making it easy to find information and get a comprehensive overview of virtual servers and pools connected to them (including those specified in iRules).
This information is used to relay information to our NOC and developers to give them insight in where things are located and to be able to plan patching and deploys. I also use it myself as a quick way get information or gather data used as a foundation for RFC’s, ie get a list of all external virtual servers without compression profiles.
The script has been running on 13 pair of load balancers, indexing over 1200 virtual servers for over 3 years now and the report is widely used across the company.
Since the 4.1.2 release the configuration of Bigip report is done via a separate configuration file. This will make updating the script much easier when there’s minor updates and makes it easier for me to test and deploy new version.
A live demo can be found here:
Youtube video of an older version can be found here:
- Powershell version 4.0 (might work on earlier versions too, but not tested)
- F5 Powershell Snap-in
- A web server of your choice
Fast track installation instructions
If you haven’t set this up before I would recommend following the more detailed path below. If you’re in a rush or simply don’t want to read that much, here’s the quick and dirty alternative.
- Setup a guest user with the same password on all load balancers.
- Make sure that the server/client running the script has HTTPS access to all load balancers.
- Configure the script (see the mandatory minimum section in the configuration file)
- Cross your fingers for luck
- Run the script
- Browse your report in a web browser (only Chrome and Firefox tested, gave up on IE).
If you’re running Windows 10 (and maybe Windows 8) you might have to install .NET version 2 in order to be able to install the iControl snapin for Powershell.
Verify if .NET 2.0 is installed or not
- Click start and search for Turn Windows Features on or off:
- Click it to get a list of optional features:
- If .NET Framework 3.5 is enabled you’re good to go. Otherwise enable it and click OK (Windows 10 installation media might be required).
Install the iControl snapin
- Navigate to the iControl snapin download page at Devcentral and click on the download button:
- Extract the downloaded file to a new folder:
- Click on start and type “Powershell“, right click on Powershell and choose “Run as administrator“:
- A powershell window should now start. Navigate to your downloads folder and run “.\setupSnapin“:
- Also run “Set-ExecutionPolicy RemoteSigned” to allow unsigned powershell scripts to be running on your system (otherwise you can’t run the BigIP Report script later on).
Install a web server
The Bigip report script needs a web server to host the results of the script. Since there’s no server side execution it does not matter which Web server you choose, just that you have one (I’ve been hosting Bigipreport on both IIS and Apache).
I won’t bother writing a guide on how to install a web server since there’s so many online, but here’s a few direct links:
Apache on Ubuntu
Download the BigipReport package
- Download the latest version from Devcentral:
- Unpack the zip file to a directory of your choosing.
- The content of the folder “Move the content of this folder to your wwwroot” should perhaps not so surprisingly be moved to the root of your web server (“c:\inetpub\wwwroot” is detault for IIS, “/var/www/html/” is default for Apache):
- The script and the bigipreportconfig.xml file should be copied to where you store scripts (up to you).
Create a read-only user on the F5 Load balancers
The script will need a user on the F5 load balancers. While it’s possible to use your own user it’s highly recommended out of security reasons to create a guest user for the script.
Just make sure that the user has read access to all partitions and that the same credentials is used on all load balancers.
Configure the script
So you’ve prepared the iControl snapin, the web server, downloaded the Bigip Report package and configured user accounts for the script? Well done, almost there!
The configuration file has explanations in it so I won’t go through more than the bare minimum in this guide. If you feel something is missing, please let me know!
- Open the “bigipreportconfig.xml“
- First we need to configure the credentials the script uses:
- Then we need to tell the script which load balancers to connect to:
- And where to put the result of the script:
- And finally the default document:
That’s it for the script configuration!
Testing the script
- Open a powershell window as a non-admin
- Navigate to the script directory
- Execute the script by entering .\[script name] and enter
- Watch for any exceptions or errors
Schedule the script
If you’re happy with the result you might want to schedule the script to keep the content updated.
- Click on the start menu and then enter “task scheduler“
- In the task scheduler, click on create task (located on the right hand side:
- Under the general tab, choose a name for the task and choose to run the task whether the user is logged in or not
For security reasons you might want to change the user the script is running as as well
- Then click on the tab called “Trigger” and click “New”
Enter the settings you desire and click OK.
- Move on to the tab called “Action” and click “New”
Action: Start a program
Program/Script: Browse to the script
- Click OK and then “OK“
- Enter the credentials of the chosen account and then click “OK“
Additional recommended script configurations
I would highly recommend to also configure logging. It will help you troubleshoot in case the report is failing later on.
Edit the bigipreportconfig.xml file and modify the section called LogSettings. Examples are available in the file.
Configure error reporting
Error reporting will have the script send an email when the script runs into trouble. Configure the ErrorReporting section in the bigipreportconfig.xml file. Examples are available in the file.
I get a status code of 403 when browsing to the script directory
This is probably due to the web server not having the chosen report file name in its default document list.
- Add the chosen report file name to the web server default document list
- Change the DefaultDocument setting to one of the web servers default documents
- Specify the path when browsing to the report, ie. http://bigipreport.mydomain.local/yourdefaultdocument.html
The script finished, but no file was written
Run the script manually and check the logs.
|The script failed to connect to one or more of the configured load balancers||Remove the failing load balancer from the configuration
Check the credentials of the script user
|The user running the script does not have permissions to write to the folder||
Grant permissions to the user running the script
|Script and web server is running on separate servers and the firewall is not open between the server running the script and the web server.||Open the firewall|
The script has failed but no report has been sent
Always try to run the script manually in a powershell window to get exact details.
You can simulate an error by issuing a syntax error prior to running the script.
|The firewall is not opened for smtp traffic from the script server to the smtp server||Open the firewall|
|The mail server does not allow the script server to send emails through it||Configure the mail server to allow relay from the script server|
Could not initialize connection with supplied information
This is a tricky one. If the iControl snap-in tries to connect to the load balancers but fails for some reason this is the exception being thrown as a default error. And the reason could be other things than the credentials.
|Your credentials could actually be wrong. Don’t forget that the username is case sensitive!||Check your credentials in the configuration file|
|The script and the load balancer could not agree on a cipher.||Enable/disable TLSv2 in the configuration file|
|A firewall is dropping your requests||Open the firewall for port 443 from the server running your script|
|A proxy is dropping/denying your requests||Configure the proxy|
|The ip of the load balancer is wrong||Modify the IP in the configuration file|
I have scheduled the report but it does not write any files
There could be multiple reasons for this, and the best way to troubleshoot is to start a powershell window as the user running the report. Then execute the script manually.
|The user does not have write access to the configured log folder||Check the log folder permissions|
|The user running the script does not have Run as batchjob user permissions||Edit the group policy to allow the user access|
|Some pre-execution tests failed||Run the script as the intended user and fix the problem.|
|The script user does not have write permissions in the report directory||Add permissions to the report directory|