F5 Programmability Training

Current Page

Contents:

Previous topic

Module 2: Programmatic Control of Firewall Services

Next topic

Lab 2.2: Create AFM Address List

F5 Programmability Training > Class 3: Introduction to SecDevOps > Module 2: Programmatic Control of Firewall Services Source | Edit on

Lab 2.1: Provisioning AFM

Overview

In this lab, the iControl REST API will be used to provision a module on the BIG-IP. More specifically, the Advanced Firewall Manager (AFM) module will be provisioned for use in Module 2: Configuring AFM (Advanced Firewall Module).

Specific Instructions

Prior to performing the below steps, validate the {{module}} Postman environment variable. The {{module}} should be set to afm.

Follow the below steps in order found in the Postman collection to complete this portion of the lab. The requests and responses have been included below for reference.

Attention

Some response content has been removed for brevity.

1. Retrieve all module provision states

Request

GET https://{{big_ip_a_mgmt}}/mgmt/tm/sys/provision

Headers

X-F5-Auth-Token: {{big_ip_a_auth_token}}

Example Response

Note

The afm module is currently provisioned for none while the ltm module is provisioned for nominal.

{
    "kind": "tm:sys:provision:provisioncollectionstate",
    "selfLink": "https://localhost/mgmt/tm/sys/provision?ver=13.0.0",
    "items": [
        {
            "kind": "tm:sys:provision:provisionstate",
            "name": "afm",
            "fullPath": "afm",
            "generation": 5609,
            "selfLink": "https://localhost/mgmt/tm/sys/provision/afm?ver=13.0.0",
            "cpuRatio": 0,
            "diskRatio": 0,
            "level": "none",
            "memoryRatio": 0
        },
        {
            "kind": "tm:sys:provision:provisionstate",
            "name": "ltm",
            "fullPath": "ltm",
            "generation": 1,
            "selfLink": "https://localhost/mgmt/tm/sys/provision/ltm?ver=13.0.0",
            "cpuRatio": 0,
            "diskRatio": 0,
            "level": "nominal",
            "memoryRatio": 0
        }
    ]
}

2. Retrieve single module provision state

Request

GET https://{{big_ip_a_mgmt}}/mgmt/tm/sys/provision/{{module}}

Headers

X-F5-Auth-Token: {{big_ip_a_auth_token}}

Example Response

Note

The afm module should still be provisioned after performing the steps in Lab 1.

{
    "kind": "tm:sys:provision:provisionstate",
    "name": "afm",
    "fullPath": "afm",
    "generation": 5609,
    "selfLink": "https://localhost/mgmt/tm/sys/provision/afm?ver=13.0.0",
    "cpuRatio": 0,
    "diskRatio": 0,
    "level": "none",
    "memoryRatio": 0
}

3.1. Provision module (OPTIONAL)

Warning

This step is optional and should only be performed if afm is not provisioned.

The afm module is provisioned using an HTTP PATCH with a body containing a provisioning level to the REST endpoint for mgmt/tm/sys/provision/{{module}}.

Note

Performing a provision/deprovision operation takes some time to complete. If the original request is still being processed, the below error may be encountered.

{
    "code": 400,
    "message": "01071003:3: A previous provisioning operation is in progress. Try again when the BIGIP is active.",
    "errorStack": [],
    "apiError": 3
}

Request

PATCH https://{{big_ip_a_mgmt}}/mgmt/tm/sys/provision/{{module}}

Headers

Content-Type: application/json
X-F5-Auth-Token: {{big_ip_a_auth_token}}

Body

{
    "level":"nominal"
}

Example Response

Note

The afm module has been provisioned with a level of nominal.

{
    "kind": "tm:sys:provision:provisionstate",
    "name": "afm",
    "fullPath": "afm",
    "generation": 10636,
    "selfLink": "https://localhost/mgmt/tm/sys/provision/afm?ver=13.0.0",
    "cpuRatio": 0,
    "diskRatio": 0,
    "level": "nominal",
    "memoryRatio": 0
}

3.2. Deprovision module

This request will serve as an example of how to deprovision a BIG-IP module.

Request

PATCH https://{{big_ip_a_mgmt}}/mgmt/tm/sys/provision/{{module}}

Headers

Content-Type: application/json
X-F5-Auth-Token: {{big_ip_a_auth_token}}

Body

{
    "level":"none"
}

Example Response

{
    "kind": "tm:sys:provision:provisionstate",
    "name": "afm",
    "fullPath": "afm",
    "generation": 10714,
    "selfLink": "https://localhost/mgmt/tm/sys/provision/afm?ver=13.0.0",
    "cpuRatio": 0,
    "diskRatio": 0,
    "level": "none",
    "memoryRatio": 0
}

3.3. Re-provision module

Re-provision the afm module if previously deprovisioned.

Request

PATCH https://{{big_ip_a_mgmt}}/mgmt/tm/sys/provision/{{module}}

Headers

Content-Type: application/json
X-F5-Auth-Token: {{big_ip_a_auth_token}}

Body

{
    "level":"nominal"
}

Example Response

{
    "kind": "tm:sys:provision:provisionstate",
    "name": "afm",
    "fullPath": "afm",
    "generation": 10636,
    "selfLink": "https://localhost/mgmt/tm/sys/provision/afm?ver=13.0.0",
    "cpuRatio": 0,
    "diskRatio": 0,
    "level": "nominal",
    "memoryRatio": 0
}
Previous Next

Support Programs

Regionally located support centers enable F5 to provide support in a number of languages through native-speaking support engineers.

See more

Contact Support

North America: 1-888-882-7535
Outside North America: 800-11-275-435

Local Support Numbers

Feedback and Help

Have questions, suggestions, or just want to get something off your chest? Let us know.

Leave feedback

About F5

Education

F5 sites

Support Tasks

Connect with us

© Copyright 2017 by F5 Networks, Inc. | Policies | Trademarks