| 1 | # Usage
|
| 2 |
|
| 3 | ## onboard.js
|
| 4 |
|
| 5 | Does initial configuration and provisioning of a BIG-IP.
|
| 6 |
|
| 7 | Usage: onboard [options]
|
| 8 |
|
| 9 | Options:
|
| 10 |
|
| 11 | -V, --version output the version number
|
| 12 | --host <ip_address> Device management IP to which to send commands.
|
| 13 | -u, --user <user> Device admin user name. Default is to create a temporary user (this only works when running on the device).
|
| 14 | -p, --password [password] Device admin user password. Use this or --password-url. One of these is required when specifying the user.
|
| 15 | --password-url [password_url] URL (file, http(s)) to location that contains device admin user password. Use this or --password. One of these is required when specifying the user.
|
| 16 | --password-encrypted Indicates that the password is encrypted (either with encryptDataToFile or generatePassword)
|
| 17 | --port <port> device management SSL port to connect to. Default 443.
|
| 18 | --no-reboot Skip reboot even if it is recommended.
|
| 19 | --background Spawn a background process to do the work. If you are running in cloud init, you probably want this option.
|
| 20 | --signal <signal> Signal to send when done. Default ONBOARD_DONE.
|
| 21 | --wait-for <signal> Wait for the named signal before running.
|
| 22 | --log-level <level> Log level (none, error, warn, info, verbose, debug, silly). Default is info. (default: "info")
|
| 23 | -o, --output <file> Log to file as well as console. This is the default if background process is spawned. Default is /tmp/onboard.log
|
| 24 | -e, --error-file <file> Log exceptions to a specific file. Default is /tmp/cloudLibsError.log, or cloudLibsError.log in --output file directory
|
| 25 | --no-console Do not log to console. Default false (log to console).
|
| 26 | --ntp <ntp_server> Set NTP server. For multiple NTP servers, use multiple --ntp entries. (default: [])
|
| 27 | --tz <timezone> Set timezone for NTP setting.
|
| 28 | --dns <DNS server> Set DNS server. For multiple DNS severs, use multiple --dns entries. (default: [])
|
| 29 | --ssl-port <ssl_port> Set the SSL port for the management IP
|
| 30 | -l, --license <license_key> License device with <license_key>.
|
| 31 | -a, --add-on <add_on_key> License device with <add_on_key>. For multiple keys, use multiple -a entries. (default: [])
|
| 32 | --cloud <provider> Cloud provider (aws | azure | etc.). This is required if licensing via BIG-IQ 5.4+ is being used, signalling resource provisioned, or providing a primary passphrase
|
| 33 | --provider-options <cloud_options> Options specific to cloud_provider. Ex: param1:value1,param2:value2 (default: {})
|
| 34 | --license-pool License BIG-IP from a BIG-IQ license pool. Supply the following:
|
| 35 | --big-iq-host <ip_address or FQDN> IP address or FQDN of BIG-IQ
|
| 36 | --big-iq-user <user> BIG-IQ admin user name
|
| 37 | --big-iq-password [password] BIG-IQ admin user password.
|
| 38 | --big-iq-password-uri [password_uri] URI (file, http(s), arn) to location that contains BIG-IQ admin user password. Use this or --big-iq-password.
|
| 39 | --big-iq-password-encrypted Indicates that the BIG-IQ password is encrypted.
|
| 40 | --license-pool-name <pool_name> Name of BIG-IQ license pool.
|
| 41 | --sku-keyword-1 [sku_keyword_1] skuKeyword1 parameter for CLPv2 licensing. Default none.
|
| 42 | --sku-keyword-2 [sku_keyword_2] skuKeyword2 parameter for CLPv2 licensing. Default none.
|
| 43 | --unit-of-measure [unit_of_measure] unitOfMeasure parameter for CLPv2 licensing. Default none.
|
| 44 | --tenant [tenant]
|
| 45 | --big-ip-mgmt-address <big_ip_address> IP address or FQDN of BIG-IP management port. Use this if BIG-IP reports an address not reachable from BIG-IQ.
|
| 46 | --big-ip-mgmt-port <big_ip_port> Port for the management address. Use this if the BIG-IP is not reachable from BIG-IQ via the port used in --port
|
| 47 | --no-unreachable Do not use the unreachable API even if it is supported by BIG-IQ.
|
| 48 | --revoke Request BIG-IQ to revoke this units license rather than granting one.
|
| 49 | --signal-resource Signal cloud provider when BIG-IP has been provisioned.
|
| 50 | --big-iq-password-data-uri <key_uri> URI (arn, url, etc.) to a JSON file containing the BIG-IQ passwords (required keys: admin, root, primarypassphrase)
|
| 51 | --big-iq-password-data-encrypted Indicates that the BIG-IQ password data is encrypted (either with encryptDataToFile or generatePassword)
|
| 52 | -n, --hostname <hostname> Set device hostname.
|
| 53 | -g, --global-setting <name:value> Set global setting <name> to <value>. For multiple settings, use multiple -g entries. (default: {})
|
| 54 | -d, --db <name:value> Set db variable <name> to <value>. For multiple settings, use multiple -d entries. (default: {})
|
| 55 | --set-root-password <old:old_password,new:new_password> Set the password for the root user from <old_password> to <new_password>.
|
| 56 | --set-primary-key If running on a BIG-IQ, set the primary key with a random passphrase
|
| 57 | --create-license-pool <name:reg_key> If running on a BIG-IQ, create a pool-style license (purchased pool, utility, volume, or FPS) with the name and reg key. (default: {})
|
| 58 | --create-reg-key-pool <name:reg_key_list> If running on a BIG-IQ, create a reg key pool with the given name and reg keys. Reg keys should be comma separated. (default: {})
|
| 59 | --update-user <user:user,password:password,passwordUrl:passwordUrl,role:role,shell:shell> Update user password (or password from passwordUrl), or create user with password, role, and shell. Role and shell are only valid on create. (default: [])
|
| 60 | -m, --module <name:level> Provision module <name> to <level>. For multiple entries, use --modules (default: {})
|
| 61 | --modules <name:level> Provision module(s) <name> to <level> (comma-separated list of module:level pairs). (default: {})
|
| 62 | --install-ilx-package <package_uri> URI (file) of an iControl LX/iApps LX package to install. The package must already exist at this location. (default: [])
|
| 63 | --ping [address] Do a ping at the end of onboarding to verify that the network is up. Default address is f5.com
|
| 64 | --update-sigs Update ASM signatures
|
| 65 | --metrics [customerId:unique_id, deploymentId:deployment_id, templateName:template_name, templateVersion:template_version, cloudName:[aws | azure | gce | etc.], region:region, bigIpVersion:big_ip_version, licenseType:[byol | payg]] Optional usage metrics to collect. Customer ID should not identify a specific customer. (default: {})
|
| 66 | --force-reboot Force a reboot at the end. This may be necessary for certain configurations. Option --force-reboot and --no-reboot cannot be specified simultaneously.
|
| 67 | -h, --help output usage information
|
| 68 | ## cluster.js
|
| 69 |
|
| 70 | Sets up BIG-IPs in a cluster.
|
| 71 |
|
| 72 | Usage: cluster [options]
|
| 73 |
|
| 74 | Options:
|
| 75 |
|
| 76 | -V, --version output the version number
|
| 77 | --host <ip_address> Device management IP to which to send commands.
|
| 78 | -u, --user <user> Device admin user name. Default is to create a temporary user (this only works when running on the device).
|
| 79 | -p, --password [password] Device admin user password. Use this or --password-url. One of these is required when specifying the user.
|
| 80 | --password-url [password_url] URL (file, http(s)) to location that contains device admin user password. Use this or --password. One of these is required when specifying the user.
|
| 81 | --password-encrypted Indicates that the password is encrypted (either with encryptDataToFile or generatePassword)
|
| 82 | --port <port> device management SSL port to connect to. Default 443.
|
| 83 | --no-reboot Skip reboot even if it is recommended.
|
| 84 | --background Spawn a background process to do the work. If you are running in cloud init, you probably want this option.
|
| 85 | --signal <signal> Signal to send when done. Default ONBOARD_DONE.
|
| 86 | --wait-for <signal> Wait for the named signal before running.
|
| 87 | --log-level <level> Log level (none, error, warn, info, verbose, debug, silly). Default is info. (default: "info")
|
| 88 | -o, --output <file> Log to file as well as console. This is the default if background process is spawned. Default is /tmp/cluster.log
|
| 89 | -e, --error-file <file> Log exceptions to a specific file. Default is /tmp/cloudLibsError.log, or cloudLibsError.log in --output file directory
|
| 90 | --no-console Do not log to console. Default false (log to console).
|
| 91 | --config-sync-ip <config_sync_ip> IP address for config sync.
|
| 92 | --big-iq-failover-peer-ip <peer_ip> If configuring a BIG-IQ failover primary, this is the management IP address for the secondary
|
| 93 | --cloud <provider> Cloud provider (aws | azure | etc.). Optionally use this if passwords are stored in cloud storage. This replaces the need for --remote-user/--remote-password(-url). An implemetation of cloudProvider must exist at the correct location.
|
| 94 | --big-iq-password-data-uri <key_uri> URI (arn, url, etc.) to a JSON file containing the BIG-IQ passwords (required keys: admin, root)
|
| 95 | --big-iq-password-data-encrypted Indicates that the BIG-IQ password data is encrypted (either with encryptDataToFile or generatePassword)
|
| 96 | --primary If using a cloud provider, indicates that this is the primary. If running on a BIG-IP credentials should be stored. If running on a BIG-IQ, --create-group and --join-group options are not needed.
|
| 97 | --provider-options <cloud_options> Any options (JSON stringified) that are required for the specific cloud provider. (default: {})
|
| 98 | --create-group Create a device group with the options:
|
| 99 | --device-group <device_group> Name of the device group.
|
| 100 | --sync-type <sync_type> Type of sync this cluster is for ("sync-only" | "sync-failover").
|
| 101 | --device <device_name> A device name to add to the group. For multiple devices, use multiple --device entries. (default: [])
|
| 102 | --auto-sync Enable auto sync.
|
| 103 | --save-on-auto-sync Enable save on sync if auto sync is enabled.
|
| 104 | --full-load-on-sync Enable full load on sync.
|
| 105 | --asm-sync Enable ASM sync.
|
| 106 | --network-failover Enable network failover.
|
| 107 | --join-group Join a remote device group with the options:
|
| 108 | --remote-host <remote_ip_address> Managemnt IP for the BIG-IP on which the group exists.
|
| 109 | --remote-user <remote_user> Remote BIG-IP admin user name.
|
| 110 | --remote-password [remote_password] Remote BIG-IP admin user password. Use this or --remote-password-url
|
| 111 | --remote-password-url [remote_password_url] URL (file, http(s)) that contains. Use this or --remote-password
|
| 112 | --remote-port <remote_port> Remote BIG-IP port to connect to. Default is port of this BIG-IP.
|
| 113 | --device-group <remote_device_group_name> Name of existing device group on remote BIG-IP to join.
|
| 114 | --sync Tell the remote to sync to us after joining the group.
|
| 115 | --remove-from-cluster Remove a device from the cluster
|
| 116 | --device-group <device_group> Name of the device group.
|
| 117 | --device <device_name> Device name to remove.
|
| 118 | -h, --help output usage information
|
| 119 | ## autoscale.js
|
| 120 |
|
| 121 | Runs autoscale code to elect primary and cluster
|
| 122 |
|
| 123 | Usage: autoscale [options]
|
| 124 |
|
| 125 | Options:
|
| 126 |
|
| 127 | -V, --version output the version number
|
| 128 | --host <ip_address> Device management IP to which to send commands.
|
| 129 | -u, --user <user> Device admin user name. Default is to create a temporary user (this only works when running on the device).
|
| 130 | -p, --password [password] Device admin user password. Use this or --password-url. One of these is required when specifying the user.
|
| 131 | --password-url [password_url] URL (file, http(s)) to location that contains device admin user password. Use this or --password. One of these is required when specifying the user.
|
| 132 | --password-encrypted Indicates that the password is encrypted (either with encryptDataToFile or generatePassword)
|
| 133 | --port <port> device management SSL port to connect to. Default 443.
|
| 134 | --no-reboot Skip reboot even if it is recommended.
|
| 135 | --background Spawn a background process to do the work. If you are running in cloud init, you probably want this option.
|
| 136 | --signal <signal> Signal to send when done. Default ONBOARD_DONE.
|
| 137 | --wait-for <signal> Wait for the named signal before running.
|
| 138 | --log-level <level> Log level (none, error, warn, info, verbose, debug, silly). Default is info. (default: "info")
|
| 139 | -o, --output <file> Log to file as well as console. This is the default if background process is spawned. Default is /tmp/autoscale.log
|
| 140 | -e, --error-file <file> Log exceptions to a specific file. Default is /tmp/cloudLibsError.log, or cloudLibsError.log in --output file directory
|
| 141 | --no-console Do not log to console. Default false (log to console).
|
| 142 | --cloud <cloud_provider> Cloud provider (aws | azure | etc.)
|
| 143 | --provider-options <cloud_options> Options specific to cloud_provider. Ex: param1:value1,param2:value2 (default: {})
|
| 144 | -c, --cluster-action <type> join (join a cluster) | update (update cluster to match existing instances | unblock-sync (allow other devices to sync to us) | backup-ucs (save a ucs to cloud storage)
|
| 145 | --device-group <device_group> Device group name.
|
| 146 | --full-load-on-sync Enable full load on sync. Default false.
|
| 147 | --asm-sync Enable ASM sync. Default sets ASM sync if ASM is provisioned.
|
| 148 | --network-failover Enable network failover. Default false.
|
| 149 | --no-auto-sync Enable auto sync. Default false (auto sync).
|
| 150 | --no-save-on-auto-sync Enable save on sync if auto sync is enabled. Default false (save on auto sync).
|
| 151 | --block-sync If this device is primary, do not allow other devices to sync to us. This prevents other devices from syncing to it until we are called again with --cluster-action unblock-sync.
|
| 152 | --static Indicates that this instance is not autoscaled. Default false (instance is autoscaled)
|
| 153 | --external-tag <tag> If there are instances in the autoscale cluster that are not autoscaled, the cloud tag applied to those instances. Format 'key:<tag_key>,value:<tag_value>' (default: {})
|
| 154 | --license-pool BIG-IP was licensed from a BIG-IQ license pool. This is so licenses can be revoked when BIG-IPs are scaled in. Supply the following:
|
| 155 | --big-iq-host <ip_address or FQDN> IP address or FQDN of BIG-IQ
|
| 156 | --big-iq-user <user> BIG-IQ admin user name
|
| 157 | --big-iq-password [password] BIG-IQ admin user password.
|
| 158 | --big-iq-password-uri [password_uri] URI (file, http(s), arn) to location that contains BIG-IQ admin user password. Use this or --big-iq-password.
|
| 159 | --big-iq-password-encrypted Indicates that the BIG-IQ password is encrypted.
|
| 160 | --license-pool-name <pool_name> Name of BIG-IQ license pool.
|
| 161 | --big-ip-mgmt-address <big_ip_address> IP address or FQDN of BIG-IP management port. Use this if BIG-IP reports an address not reachable from BIG-IQ.
|
| 162 | --big-ip-mgmt-port <big_ip_port> Port for the management address. Use this if the BIG-IP is not reachable from BIG-IQ via the port used in --port
|
| 163 | --no-unreachable Do not use the unreachable API even if it is supported by BIG-IQ.
|
| 164 | --dns <dns_provider> Update the specified DNS provider when autoscaling occurs (gtm is the only current provider)
|
| 165 | --dns-ip-type <address_type> Type of ip address to use (public | private).
|
| 166 | --dns-app-port <port> Port on which application is listening on for health check
|
| 167 | --dns-provider-options <dns_provider_options> Options specific to dns_provider. Ex: param1:value1,param2:value2 (default: {})
|
| 168 | --max-ucs-files <max_ucs_files_to_save> When running cluster action backup-ucs, maximum number of backup files to keep. (default: 7)
|
| 169 | --autoscale-timeout <autoscale_timeout> Number of minutes after which autoscale process execution should be terminated
|
| 170 | --master-disconnected-time <master_disconnected_time> Time (in milliseconds) after which primary host is considered to be expired
|
| 171 | -h, --help output usage information
|
| 172 | ## network.js
|
| 173 |
|
| 174 | Sets up default gateway, VLANs and self IPs
|
| 175 |
|
| 176 | Usage: network [options]
|
| 177 |
|
| 178 | Options:
|
| 179 |
|
| 180 | -V, --version output the version number
|
| 181 | --host <ip_address> BIG-IP management IP to which to send commands.
|
| 182 | -u, --user <user> BIG-IP admin user name. Default is to create a temporary user (this only works when running on the device).
|
| 183 | -p, --password [password] BIG-IP admin user password. Use this or --password-url. One of these is required when specifying the user.
|
| 184 | --password-url [password_url] URL (file, http(s)) to location that contains BIG-IP admin user password. Use this or --password. One of these is required when specifying the user.
|
| 185 | --password-encrypted Indicates that the password is encrypted (either with encryptDataToFile or generatePassword)
|
| 186 | --port <port> BIG-IP management SSL port to connect to. Default 443.
|
| 187 | --background Spawn a background process to do the work. If you are running in cloud init, you probably want this option.
|
| 188 | --signal <signal> Signal to send when done. Default NETWORK_DONE.
|
| 189 | --wait-for <signal> Wait for the named signal before running.
|
| 190 | --log-level <level> Log level (none, error, warn, info, verbose, debug, silly). Default is info. (default: "info")
|
| 191 | -o, --output <file> Log to file as well as console. This is the default if background process is spawned. Default is /tmp/network.log
|
| 192 | -e, --error-file <file> Log exceptions to a specific file. Default is /tmp/cloudLibsError.log, or cloudLibsError.log in --output file directory
|
| 193 | --no-console Do not log to console. Default false (log to console).
|
| 194 | --single-nic Set db variables for single NIC configuration.
|
| 195 | --multi-nic Set db variables for multi NIC configuration.
|
| 196 | --default-gw <gateway_address> Set default gateway to gateway_address.
|
| 197 | --route <name:name, gw:address, network:network, interface:interface_name> Create arbitrary route with name for destination network via gateway address or interface name (default: [])
|
| 198 | --mgmt-route <name:name, gw:address, network:network> Create management route with name for destination network via gateway address. (default: [])
|
| 199 | --local-only Create LOCAL_ONLY partition for gateway and assign to traffic-group-local-only.
|
| 200 | --vlan <name:name, nic:nic, [mtu:mtu], [tag:tag]> Create vlan with name on nic (for example, 1.1). Optionally specify mtu and tag. For multiple vlans, use multiple --vlan entries. (default: [])
|
| 201 | --self-ip <name:name, address:ip_address, vlan:vlan_name, [allow:service1:port1 service2:port2], [trafficGroup:traffic_group_name]> Create self IP with name and ip_address on vlan with optional port lockdown. For multiple self IPs, use multiple --self-ip entries. Default CIDR prefix is 24 if not specified. (default: [])
|
| 202 | --discovery-address <ip_address> IP address that the BIG-IQ will use for device discovery. This is required for onboarding a BIG-IQ. The IP address must already exist on the BIG-IQ device. For clustering, this should be a Self IP address.
|
| 203 | --force-reboot Force a reboot at the end. This may be necessary for certain configurations.
|
| 204 | -h, --help output usage information
|
| 205 | ## runScript.js
|
| 206 |
|
| 207 | Runs an arbitrary script.
|
| 208 |
|
| 209 | Usage: runScript [options]
|
| 210 |
|
| 211 | Options:
|
| 212 |
|
| 213 | -V, --version output the version number
|
| 214 | --background Spawn a background process to do the work. If you are running in cloud init, you probably want this option.
|
| 215 | -f, --file <script> File name of script to run.
|
| 216 | -u, --url <url> URL from which to download script to run. This will override --file.
|
| 217 | --cl-args <command_line_args> String of arguments to send to the script as command line arguments.
|
| 218 | --shell <full_path_to_shell> Specify the shell to run the command in. Default is to run command as a separate process (not through a shell).
|
| 219 | --signal <signal> Signal to send when done. Default SCRIPT_DONE.
|
| 220 | --wait-for <signal> Wait for the named signal before running.
|
| 221 | --cwd <directory> Current working directory for the script to run in.
|
| 222 | --log-level <level> Log level (none, error, warn, info, verbose, debug, silly). Default is info. (default: "info")
|
| 223 | -o, --output <file> Log to file as well as console. This is the default if background process is spawned. Default is /tmp/runScript.log
|
| 224 | -e, --error-file <file> Log exceptions to a specific file. Default is /tmp/cloudLibsError.log, or cloudLibsError.log in --output file directory
|
| 225 | --no-console Do not log to console. Default false (log to console).
|
| 226 | -h, --help output usage information
|
| 227 | ## Standalone licensing
|
| 228 |
|
| 229 | ### Install
|
| 230 | admin@(bigip1)(cfg-sync Standalone)(NO LICENSE)(/Common)(tmos)# run util bash -c "mkdir -p /config/licensing; cd /config/licensing; npm --loglevel=error install @f5devcentral/f5-cloud-libs"
|
| 231 |
|
| 232 | ### License from BIG-IQ
|
| 233 | admin@(bigip1)(cfg-sync Standalone)(NO LICENSE)(/Common)(tmos)# license path <install_path> password <big_ip_admin_password> big-iq-host <big_iq_ip_address> big-iq-user <big_iq_admin_user> big-iq-password <big_iq_admin_password> license-pool-name <license_pool>
|
| 234 |
|
| 235 | ### Issue revoke request to BIG-IQ
|
| 236 | admin@(bigip1)(cfg-sync Standalone)(NO LICENSE)(/Common)(tmos)# license path <install_path> password <big_ip_admin_password> big-iq-host <big_iq_ip_address> big-iq-user <big_iq_admin_user> big-iq-password <big_iq_admin_password> license-pool-name <license_pool> revoke
|
| 237 |
|
| 238 | ### Other licensing options
|
| 239 | admin@(bigip1)(cfg-sync Standalone)(NO LICENSE)(/Common)(tmos)# license help
|