A fortune quote: onfronted by a difficult problem, you can often solve it quite easily by reducing it to the question, "How would the Lone Ranger handle this?"

Manpage

This is the manpage of the current master branch:

NAME
 fapi - A humble command line tool to manage F5 BigIP loadbalancers

SYNOPSIS
 Just run

 fapi -h

 or

 alias f=fapi
 f -h

 because it's shorter to type.

ABOUT
 This is a simple command line client to do basic stuff with the iControl
 F5 API such as:

 Managing Monitors
 Managing Nodes
 Managing Pools
 Managing Virtual Servers

 And some extended usage:

 Managing Folders
 Managing Self IPs
 Managing Traffic Groups
 Managing VLANs

 This is a private programming project programmed in my spare time.
 Therefore I didn't bother to put it on a public website and github.
 Please open bug reports, feature requests and pull requests at
 <https://github.com/buetow/fapi>.

 CAUTION: This script has been tested on Debian GNU/Linux Wheezy only.

BIGSUDS
 Requirement of bigsuds
 This tool depends on bigsuds. Please install this library from F5 dev
 central manually. Otherwise this script will not work.

 You can download bigsuds from here:

 <https://devcentral.f5.com/d/bigsuds-python-icontrol-library>

 Unzip it and run

 sudo python setup.py install

 You may also install bigsuds from the contrib dir of the fapi source
 tree.

 iControl reference
 Through bigsuds you can do everything what iControl can do:

 <https://devcentral.f5.com/wiki/icontrol.apireference.ashx>

QUICK START
 Update your sources list:

 curl http://deb.buetow.org/apt/pubkey.gpg | sudo apt-key add -
 echo deb http://deb.buetow.org/apt wheezy main |
 sudo tee /etc/apt/sourcees.list.d/buetoworg.list
 sudo aptitude update

 And run

 sudo aptitude install fapi
 cp /usr/share/fapi/fapi.conf.sample ~/.fapi.conf
 vim ~/.fapi.conf

 Or if you want to install it from the source dir, just run:

 make
 sudo make install

EXAMPLES
 Listing
 If you want to list all configured objects on your partition just run

 fapi node # To list all nodes
 fapi pool # To list all pool
 ... # etc

 Setting up a simple pool
 # Creating two nodes, fapi auto resolves the IP addresses, and use the
 # FQDN as the node name. 
 fapi node fooserver1.example.com create
 fapi node fooserver2.example.com create

 # Creating a pool and add the nodes to it. Also specify the node ports to 
 # use by the monitors (and maybe PAT if enabled)
 fapi pool foopool create
 fapi pool foopool add member fooserver1.example.com:80
 fapi pool foopool add member fooserver2.example.com:80

 # Add a monitor to the pool
 fapi pool foopool add monitor http_lbtest

 Setting up a simple nPath Service
 A simple nPath service can be created as follows.

 fapi vserver myvserver.example.com:80 create PROTOCOL_TCP nPath
 fapi vserver myvserver.example.com:80 set pool foopool

 # Restrict the vservers to a specific VLAN (IMPORTANT! security
 # hole otherwise!)
 fapi vserver myvserver.example.com:80 set vlan VLANNAME
 fapi vserver myvserver.example.com:443 set vlan VLANNAME

 # Put the VirtualAddress of the vserver into a specific traffic group
 fapi vip myserver.example.com set tgroup some-traffic-group

 And everything can be deleted as folows:

 # You can also specify the full object name (including the partition)
 fapi vserver /Common/myvserver.example.com_80 delete

 # Or just the way the service was created from command line
 fapi vserver myvserver.example.com:443 delete

 fapi pool foopool delete
 fapi node fooserver1.example.com delete
 fapi node fooserver2.example.com delete

 Setting up simple HTTP NAT Services
 A simple HTTP NATed service can be created as follows.

 fapi vserver myvserver.example.com:80 create PROTOCOL_TCP http
 fapi vserver myvserver.example.com:80 set vlan VLANNAME
 fapi vserver myvserver.example.com:80 set pool foopool

 In order to make this work your application servers need to have setup a
 default route to the loadbalancers floating self IP.

 Setting up simple SNAT Services
 Same as setting up a NATed services, but you don't need to configure
 default routes from your application servers to the loadbalancers
 floating self IP.

 You need also to set the SNAT flag as follows:

 fapi vserver myvserver.example.com:80 set snat automap

 Settung up simple SNAT Services with SSL offloading enabled
 Just like SNAT service (use port 443) but with these additional steps

 First Upload the SSL certificate to the F5 BIG IP (e.g. System -> File
 Management -> SSL Certificate List on BIG IP V11.4).

 # Afterwards create a new SSL profile to use the new certificate:
 # (Will automatically use key/crt myserver.example.com.{key,crt})
 fapi profileclientssl myserver.example.com create

 # Then attach that profile to the vserver (default context is 
 # PROFILE_TYPE_CLIENT_SSL, which means SSL between F5 and Clients)
 fapi vserver myvserver.example.com:443 profile add myserver.example.com

 About the NAME argument
 In most cases NAME can be a hostname, FQDN or an IP address. Optionally
 folled by a port:

 NAME := fqdn|hostname|ip[:ip2[:port]]

 Examples:

 # Auto resolving of the virtual address (IP) and auto port 80. The vserver
 # name will have added an automatic _PORT suffix to it's name.
 fapi vserver fqdn.example.com create

 # Or just ignore the auto port, will not add any _PORT suffix to the 
 # vserver name.
 fapi -a ....

 # Example:
 fapi -a vserver fqdn.example.com_ssl create

 # Auto resolving of the virtual address (IP)
 fapi vserver fqdn.example.com:443 create

 # Auto resolving of the FQDN (vserver name) and the virtual address (IP) 
 # and auto port 80
 fapi vserver hostname create

 # Auto resolving of the FQDN (vserver name) and the virtual address (IP) 
 fapi vserver hostname:443 create

 # vserver name and its virtual address will be 1.2.3.4 and auto port 80
 fapi vserver 1.2.3.4 create

 # vserver name and its virtual address will be 1.2.3.4 
 fapi vserver 1.2.3.4:443 create

 # vserver name is foo, its virtual address 1.2.3.4 and port is 80
 fapi vserver foo:1.2.3.4:80 create

 # vserver name is 1.2.3.5, its virtual address 1.2.3.4 and port is 80
 fapi vserver 1.2.3.5:1.2.3.4:80 create

 Similar may apply to other object types such as nodes and vips.

AUTHOR
 Paul C. Buetow - <paul@buetow.org>

 Also see <http://fapi.buetow.org>