Inventory LB VIP’s with F5 iControl and Python

Ever since I first looked at Python years ago, the whitespace sensitivity kind of put me off from really using it for anything. Having made several small scripts and Django sites with Python recently though, I think that was definitely a mistake. While using whitespace instead of curly braces for structure still feels slightly strange, Python by and large has been very pleasant and straightforward to use. It feels a lot more conventional than Ruby.

The organization that I work at has a fairly large number of F5 load balancers (40+). Occasionally, we have to track down which load balancers a particular server is on. In general, this is easy, given that different load balancers serve different locations / environments. But it would be nice to have an easy way of verifying which load balancer pools / VIP’s a given server is configured on globally.

F5 has a SOAP based API for managing their devices called iControl. They also have an unofficial library for interacting with iControl in Python, bigsuds. The admittedly fairly minor need to search for a node on multiple F5’s, combined with a desire to familiarize myself with the “bigsuds” library prompted me to write some Python scripts for this.  iControl really seems pretty easy to use.  I think there’s definitely a lot of useful automation we can do with iControl in our environment, beyond little helper scripts like this.

Usage

./load_ltm_data.py <db_filename>

./search_by_node.py <db_filename> 

./search_by_vip.py <db_filename>

Once you download and extract the scripts, you’ll need to modify the ltm_list array to contain the FQDN or IP address of each of the F5’s you are wanting to scan.

ltm_list = [ "10.1.1.1", "myf5.example.com", "myf5-2.eample.com"]

When the load_ltm_data.py script is ran, it prompts for credentials, and then connects to each of the F5’s specified in the ltm_list array. By default, the admin user account is able to connect via iControl.  The root account is not.

The load_ltm_data script rebuilds the database, and stores all of the partitions / virtuals / pools / etc that it finds. The search_by scripts search the specified database and display each of the VIP’s that match, along with the related pools / etc. search_by_node.py will display all of the VIP’s that the specified node is a part of. Here is an example output from one of the search scripts:

LTM: 192.168.16.31
        VIP Name: /Common/READINGLIST-DEV
                Destination: 192.168.81.3:443
                Pool: /Common/VOYAGER-INTERNAL
                        - Member: /Common/VOYAGER-INTERNAL : 443
                                Node IP: 192.168.17.17:443
                Rules:
                        - Rule Name: /Common/READINGLIST-DEV-IRULE
                        - Rule Name: /Common/TEST2

You can search by either the full IP address, or a partial name (for instance “eading” would match the READINGLIST-DEV VIP in the output above).

Requirements

This requires Python 2.6. I don’t think the bigsuds library is compatible with Python 3.x.  It also requires SQLite 3. That works with Python out of the box on RHEL 6 based distros for me.

The F5 “bigsuds” library is available here.  After downloading and extracting that, you can run “python setup.py install” to install the module.

On the F5 side, this should work with 11.x F5’s.  Interacting with version 10 requires using different methods in bigsuds.  There’s no reason it couldn’t be modified to work with 10.x, but I don’t use 10.x devices enough myself for it to be worthwhile.

Download

I’ve created a GitHub repo for this.  You can also download a .zip file.

2 thoughts on “Inventory LB VIP’s with F5 iControl and Python

  1. Hi Oliver,

    I found your app LTM Scan to be very useful. I’d like to ask what license it is released under, as I did not see any license added to the code.

    Thanks.
    Josh