In this lab, the iControl REST API will be used to provision a module on the BIG-IP. More specifically, the Advanced Firewall Manager (AFM) module will be provisioned for use in Module 2: Configuring AFM (Advanced Firewall Module).
Prior to performing the below steps, validate the {{module}} Postman environment variable. The {{module}} should be set to afm.
Follow the below steps in order found in the Postman collection to complete this portion of the lab. The requests and responses have been included below for reference.
Attention
Some response content has been removed for brevity.
Request
GET https://{{big_ip_a_mgmt}}/mgmt/tm/sys/provision
Headers
X-F5-Auth-Token: {{big_ip_a_auth_token}}
Example Response
Note
The afm module is currently provisioned for none while the ltm module is provisioned for nominal.
{
"kind": "tm:sys:provision:provisioncollectionstate",
"selfLink": "https://localhost/mgmt/tm/sys/provision?ver=13.0.0",
"items": [
{
"kind": "tm:sys:provision:provisionstate",
"name": "afm",
"fullPath": "afm",
"generation": 5609,
"selfLink": "https://localhost/mgmt/tm/sys/provision/afm?ver=13.0.0",
"cpuRatio": 0,
"diskRatio": 0,
"level": "none",
"memoryRatio": 0
},
{
"kind": "tm:sys:provision:provisionstate",
"name": "ltm",
"fullPath": "ltm",
"generation": 1,
"selfLink": "https://localhost/mgmt/tm/sys/provision/ltm?ver=13.0.0",
"cpuRatio": 0,
"diskRatio": 0,
"level": "nominal",
"memoryRatio": 0
}
]
}
Request
GET https://{{big_ip_a_mgmt}}/mgmt/tm/sys/provision/{{module}}
Headers
X-F5-Auth-Token: {{big_ip_a_auth_token}}
Example Response
Note
The afm module should still be provisioned after performing the steps in Lab 1.
{
"kind": "tm:sys:provision:provisionstate",
"name": "afm",
"fullPath": "afm",
"generation": 5609,
"selfLink": "https://localhost/mgmt/tm/sys/provision/afm?ver=13.0.0",
"cpuRatio": 0,
"diskRatio": 0,
"level": "none",
"memoryRatio": 0
}
Warning
This step is optional and should only be performed if afm is not provisioned.
The afm module is provisioned using an HTTP PATCH with a body containing a provisioning level to the REST endpoint for mgmt/tm/sys/provision/{{module}}
.
Note
Performing a provision/deprovision operation takes some time to complete. If the original request is still being processed, the below error may be encountered.
{
"code": 400,
"message": "01071003:3: A previous provisioning operation is in progress. Try again when the BIGIP is active.",
"errorStack": [],
"apiError": 3
}
Request
PATCH https://{{big_ip_a_mgmt}}/mgmt/tm/sys/provision/{{module}}
Headers
Content-Type: application/json
X-F5-Auth-Token: {{big_ip_a_auth_token}}
Body
{
"level":"nominal"
}
Example Response
Note
The afm module has been provisioned with a level of nominal.
{
"kind": "tm:sys:provision:provisionstate",
"name": "afm",
"fullPath": "afm",
"generation": 10636,
"selfLink": "https://localhost/mgmt/tm/sys/provision/afm?ver=13.0.0",
"cpuRatio": 0,
"diskRatio": 0,
"level": "nominal",
"memoryRatio": 0
}
This request will serve as an example of how to deprovision a BIG-IP module.
Request
PATCH https://{{big_ip_a_mgmt}}/mgmt/tm/sys/provision/{{module}}
Headers
Content-Type: application/json
X-F5-Auth-Token: {{big_ip_a_auth_token}}
Body
{
"level":"none"
}
Example Response
{
"kind": "tm:sys:provision:provisionstate",
"name": "afm",
"fullPath": "afm",
"generation": 10714,
"selfLink": "https://localhost/mgmt/tm/sys/provision/afm?ver=13.0.0",
"cpuRatio": 0,
"diskRatio": 0,
"level": "none",
"memoryRatio": 0
}
Re-provision the afm module if previously deprovisioned.
Request
PATCH https://{{big_ip_a_mgmt}}/mgmt/tm/sys/provision/{{module}}
Headers
Content-Type: application/json
X-F5-Auth-Token: {{big_ip_a_auth_token}}
Body
{
"level":"nominal"
}
Example Response
{
"kind": "tm:sys:provision:provisionstate",
"name": "afm",
"fullPath": "afm",
"generation": 10636,
"selfLink": "https://localhost/mgmt/tm/sys/provision/afm?ver=13.0.0",
"cpuRatio": 0,
"diskRatio": 0,
"level": "nominal",
"memoryRatio": 0
}