| name | f5-allinone |
| description | Use when working with F5 BIG-IP load balancers via API - monitoring device status (CPU/memory/HA/connections), querying configuration (virtual servers/pools/profiles/SNAT), managing SSL certificates with expiry alerts, checking which virtual servers have expiring or expired SSL certificates linked via SSL profiles, deploying configuration changes programmatically via iControl REST API, or parsing offline bigip.conf configuration files to extract VS/Pool/Members mappings and export CSV reports |
F5 All-in-One Management Skill
Overview
Full F5 BIG-IP device management via the iControl REST API:
- Status monitoring: CPU / memory / connections / throughput / HA status / interface traffic
- Configuration queries: Virtual Server / Pool / Profile / SNAT
- SSL certificate management: expiry queries, tiered alerts, VS-cert association auditing (certKeyChain / SM2 / SNI)
- Config deployment: atomic transactional config changes
- Offline config parsing: parse bigip.conf, extract VS/Pool/Members mappings, export CSV
Quick Start
from f5_client import F5Client
from f5_monitor import F5Monitor
from f5_config import F5Config
from f5_ssl import F5SSL
from f5_deploy import F5Deploy
client = F5Client(host="192.168.1.1", username="admin", password="your_password")
monitor = F5Monitor(client)
status = monitor.get_all_status()
config = F5Config(client)
vservers = config.list_virtual_servers()
ssl = F5SSL(client)
report = ssl.get_summary_report(days_warning=30, days_critical=7)
deploy = F5Deploy(client)
deploy.create_pool("pool_new", [{"address": "192.168.1.10", "port": 80}])
Status Monitoring (F5Monitor)
| Method | Description |
|---|
get_cpu_usage() | CPU usage (5-second average) |
get_memory_usage() | Memory total / used / usage % |
get_connections() | Active connections / new connections per sec |
get_throughput() | Throughput (bps/Mbps) |
get_ha_status() | HA role (ACTIVE/STANDBY) |
get_sync_status() | Config sync status |
get_interface_stats() | Per-interface traffic in/out |
get_all_status() | All metrics aggregated |
Configuration Queries (F5Config)
| Method | Description |
|---|
list_virtual_servers() | List all Virtual Servers |
get_virtual_server(name) | VS details |
list_pools() | List all Pools with member status |
get_pool_members(pool_name) | Pool member list |
list_profiles(profile_type) | Profile list (http/tcp/ssl-client etc.) |
list_snat_pools() | SNAT Pool list |
SSL Certificate Management (F5SSL)
expiring = ssl.get_expiring_certificates(days_threshold=30)
report = ssl.get_summary_report(days_warning=30, days_critical=7)
print(f"Status: {report['status']}")
print(f"Expired: {len(report['expired'])}")
print(f"Expiring within 7 days: {len(report['critical'])}")
config = F5Config(client)
report = ssl.get_vs_ssl_cert_report(config, days_warning=30, days_critical=7)
print(f"Overall status: {report['status']}")
for r in report['expired']:
print(f"[EXPIRED] VS={r['vs_name']} cert={r['cert_name']}")
for r in report['critical']:
print(f"[CRITICAL] VS={r['vs_name']} cert={r['cert_name']} days_left={r['days_until_expiry']}")
for r in report['warning']:
print(f"[WARNING] VS={r['vs_name']} cert={r['cert_name']} days_left={r['days_until_expiry']}")
for r in report['unknown']:
print(f"[UNKNOWN] VS={r['vs_name']} SSL Profile={r['ssl_profile']} (no cert configured)")
Offline Config Parsing (F5ConfigParser)
Parse F5 BIG-IP config files (bigip.conf) to extract VS/Pool/Members mappings. No F5 device connection required — pure offline text parsing.
| Method | Description |
|---|
parse() | Parse config file; return full nodes/pools/virtuals result |
export_csv(output_path) | Parse and export CSV report |
get_vs_pool_mapping() | Return VS-Pool mapping as flat dict list |
parse_nodes(config) | Parse ltm node config blocks |
parse_pools(config) | Parse ltm pool config blocks |
parse_virtuals(config, pools, nodes) | Parse ltm virtual config blocks |
from f5_config_parser import F5ConfigParser
parser = F5ConfigParser("bigip.conf")
result = parser.parse()
print(f"VS count: {len(result['virtuals'])}")
print(f"Pool count: {len(result['pools'])}")
parser.export_csv("vs_pool_mapping.csv")
for vs in parser.get_vs_pool_mapping():
print(f"{vs['Virtual Name']} -> {vs['Pool Name']}")
CSV columns: Virtual Name / Destination IP / Destination Port / Profiles / Rules / Source Address Translation / Pool Name / Member N Address / Member N Port (dynamic columns)
Supports large file chunked reading (chunk_size is adjustable), FQDN nodes, and multi-partition (non-/Common/) configs.
Config Deployment (F5Deploy)
Single Operations
deploy.create_virtual_server(
name="vs_web_443",
destination="10.0.0.1:443",
pool="pool_web",
profiles=["http", "ssl-offload"]
)
deploy.update_pool_member_state("pool_web", "192.168.1.10:80", enabled=False)
deploy.save_config()
Transactional Batch Deployment
changes = [
{"method": "POST", "path": "/ltm/pool",
"body": {"name": "pool_api", "loadBalancingMode": "round-robin"}},
{"method": "POST", "path": "/ltm/virtual",
"body": {"name": "vs_api", "destination": "/Common/10.0.0.5:8080",
"pool": "/Common/pool_api"}}
]
result = deploy.deploy_with_transaction(changes)
Batch Audit (F5Audit)
For routine auditing of multiple F5 devices, with results exported as a CSV report.
1. Edit device inventory inventory.yaml
devices:
- name: f5-prod-01
host: 10.1.1.14
port: 443
username: admin
password: your_password
- name: f5-prod-02
host: 10.1.1.15
port: 443
username: admin
password: your_password
2. Run audit and export report
from f5_audit import F5Audit
audit = F5Audit("inventory.yaml")
results = audit.run_all()
audit.export_csv(results, "audit_report.csv")
The generated audit_report.csv contains:
| Column | Description |
|---|
| Timestamp | Time the audit ran |
| Device / Host | name and host from inventory |
| Status | ok or error |
| HA Status | ACTIVE / STANDBY |
| CPU Usage % / Memory Usage % | Real-time resource utilization |
| Active Connections / Throughput Mbps | Traffic metrics |
| SSL Status | OK / WARNING / CRITICAL |
| SSL Expired Certs / SSL Warning Certs | Certificate health |
| Error | Exception message on connection failure |
A failure on one device does not interrupt auditing of others; the error is recorded in that device's row.
F5 Device Requirements
- F5 BIG-IP 12.x or later (iControl REST API)
- Account requires Administrator or Resource Administrator role
- Management interface (MGMT) reachable, default port 443
- SSL certificate verification is skipped automatically for self-signed certs (urllib3 warnings suppressed)
