測試環境:F5-Ltm V11.6.0版本
目的:自動化發佈鋪墊,通過遠程Api命令調用F5 Rest 實現 查看,增加,開關,節點和配置Irule規則。
資源地址:https://devcentral.f5.com iControl REST API Reference Version 12.0.Pdf
測試F5地址:10.129.9.222
備註:官方文檔PDFjson有部分錯誤
#########F5 iControl REST APi Url 控制方法#####
curl -k -u username:password -H "Content-Type: application/json"
-X http-method uri
##########標準方法+Json輸出即可###########
http-method GET PUT POST DEL
#########查看pool_member當前連接數#############
#查看pool全部成員連接狀態,curConns":{"value":0}
curl -k -u admin:mysecret -X GET
https://10.129.9.222/mgmt/tm/ltm/pool/xzm_pool/members/stats/
#查看單獨xzm-pool成員連接狀態,curConns":{"value":0}
https://10.129.9.222/mgmt/tm/ltm/pool/xzm_pool/members/stats/
##########修改查看pool和member########
#查看所有Pool和member
curl -k -u admin:mysecret -X GET https://10.129.9.222/mgmt/tm/ltm/pool
#增加tcb-pool和member,192.168.25.32:80
curl -k -u admin:mysecret -H "Content-Type: application/json" -X POST -d '{"name":"tcb-pool","partition":"Common", "members":[{"name":"192.168.25.32:80","description":"Web server"}]}' https://10.129.9.222/mgmt/tm/ltm/pool
#修改mem成員描述 ,此操作是覆蓋配置,請注意
curl -k -u admin:mysecret -H "Content-Type: application/json" -X PUT -d '{"name":"tcb-pool2","partition":"Common","members":[{"name":"192.168.25.32:80","session":"user-enabled"}]}' https://10.129.9.222/mgmt/tm/ltm/pool/tcb-pool2
#設置Member_enable,會清空之前member
curl -k -u admin:mysecret -H "Content-Type: application/json" -X PUT -d '{"name":"tcb-pool2","partition":"Common","members":[{"name":"192.168.25.32:80","session":"user-enabled"}]}' https://10.129.9.222/mgmt/tm/ltm/pool/tcb-pool2
#設置Member_disable,會清空之前member
curl -k -u admin:mysecret -H "Content-Type: application/json" -X PUT -d '{"name":"tcb-pool2","partition":"Common","members":[{"name":"192.168.25.32:80","session":"user-disabled"}]}' https://10.129.9.222/mgmt/tm/ltm/pool/tcb-pool2
#設置Pool增加2個 Member
curl -k -u admin:mysecret -H "Content-Type: application/json" -X POST -d '{"name":"xzm_pool","partition":"Common","members":[{"name":"a:80","session":"user-enabled"},{"name":"b:80","session":"user-enabled"}]}' https://10.129.9.222/mgmt/tm/ltm/pool/xzm_pool
#########單獨控制member狀態#########
#單獨管理Member_disabled控制a:80節點
curl -k -u admin:mysecret -H "Content-Type: application/json" -X PUT -d '{"session":"user-disabled"}' https://10.129.9.222/mgmt/tm/ltm/pool/xzm_pool/members/a:80
#單獨啓動Member_enabled控制a:80節點
curl -k -u admin:mysecret -H "Content-Type: application/json" -X PUT -d '{"session":"user-enabled"}' https://10.129.9.222/mgmt/tm/ltm/pool/xzm_pool/members/a:80
#########查看和修改Vs_rule規則#####
#查看某vs_Rule規則 irule
curl -k -u admin:mysecret -X GET https://10.129.9.222/mgmt/tm/ltm/virtual/~Common~vs_tms?
#查看所有Virtual Servers_irule規則
curl -k -u admin:mysecret -X GET https://10.129.9.222/mgmt/tm/ltm/virtual
#查看Virtual Servers實例vs_tms規則
curl -k -u admin:mysecret -X GET https://10.129.9.222/mgmt/tm/ltm/virtual/vs_tms
#增加Vs實例Irule規則,
curl -k -u admin:mysecret -H "Content-Type: application/json" -X PUT -d '{"rules":["/Common/out_log","/Common/out_log2"]}' https://10.129.9.222/mgmt/tm/ltm/virtual/vs_tms
curl -k -u admin:mysecret -H "Content-Type: application/json" -X PUT -d '{"rules":["/Common/out_log"]}' https://10.129.9.222/mgmt/tm/ltm/virtual/vs_tms
補充:中間還有很多參數可以,查看官方說明文檔,這種方式雖然是結構化JSson,需要有又一個集中存儲所有pool和member的地方
通過遍歷所有,保存pool和member發佈服務器清單https://10.129.9.222/mgmt/tm/ltm/pool/xzm_pool/members/stats/
通過清單,生成發佈滾動腳本,滾動中需要定期監控節點連接數
#不過感覺這樣效率比較慢全不流暢相對負載,
在測試2款自動配置管理工具,ansibler和saltstack
ansbile F5控制模板
優點:1.SSH安裝簡單,2.f5官方社區支持,6個人維護,鬆散維護,但是f5官方模板目前看功能沒啥幫助,並且官方沒有收錄,社區版本目前有一個bug 對pythong 2.7.9以上版本需要手動導入import ssl解決證書問題
缺點:支持windows不是特別好,開原版不支持計劃調度任務
saltstack F5控制模板
有點: 1.可以windows客戶端和SSH雙模式管理,2.支持計劃調度 3.F5模塊 3個人維護管控嚴格
缺點:1.社區模塊較少,沒有ansbile社區活躍度高,2.功能還沒測試暫時保留,
3. puppet F5控制模板 功能太重,學習成本較高,但是windows支持成熟