System Controller - Chassis Partition Lifecycle

Overview

A chassis partition runs its own unique software, has a unique set of users, and is accessed via its own GUI, CLI and API. The chassis partition can be further divided to support multiple BIG-IP tenants. A tenant operates in a similar manner to how vCMP guests operated within the VIPRION chassis. It is assigned dedicated vCPU and memory resources and is restricted to specific VLANs for network connectivity.

This page describes the chassis partition lifecycle.

Prerequisites

Before you can create a chassis partition, you will need to do the initial system controller setup which includes the following:

  • Network Interface Configuration
  • IP Address Assignment & Routing
  • System Settings (DNS, NTP)
  • License the System

For more information about configuring your system, see VELOS Systems: Getting Started and VELOS Systems: Administration and Configuration at support.f5.com.

Get Authentication Token

F5 disables basic authentication for HTTP/HTTPS requests to the VELOS API by default for security enhancement. You can make HTTP/HTTPS requests to the VELOS API while keeping basic authentication disabled by sending the requests to the system controller and by including a valid system controller authentication token in the X-Auth-Token header.

Whenever you perform an authenticated login to the system controller, and request a token using the Auth Token, you receive an access token. Use it to send HTTP/HTTPS requests to a system controller.

Request a new token from the system controller using an authenticated login. Using your username and password, log into the system controller.

GET: https://<chassis-system-controller-ip>:8888/restconf/data/openconfig-system:system/aaa

The value set in the X-Auth-Token in the response Headers is the access token value to use in subsequent requests header along with the application/yang-data+json Content-Type.

  • Content-Type: application/yang-data+json
  • X-Auth-Token: {{ X-Auth-Token }}

How to automate getting the auth token in Postman:

With Postman, you can add scripts to your request to use dynamic variables, pass data between requests, and write tests. Code added under the Tests tab will execute after your response is received. Tests are scripts written in JavaScript that are executed after a response is received.

You can use below JavaScript test code to save the token so it can be used in future API requests.

var headerValue = pm.response.headers.get("X-Auth-Token");
pm.environment.set("X-Auth-Token_chassis-system-controller", headerValue);

Load F5OS Chassis Partition Images

Before creating any new chassis partitions you should ensure you have the proper F5OS partition images loaded onto the system controller. You can query the system controller to see what images are currently available on the system:

GET: https://<chassis-system-controller-ip>:8888/restconf/data/f5-tenant-images:images

Import the desired image into the system controller floating IP address using the path /var/import/staging.

You will need to import form a remote HTTPS server. There is an insecure option if you don’t want to use certificate-based authentication to the remote HTTPS server.

POST: https://<chassis-system-controller-ip>:8888/api/data/f5-utils-file-transfer:file/import
{
    "input": [
        {
            "remote-host": "<remote-https-server-ip>",
            "remote-file": "F5OS-C-1.1.0-2391.PARTITION.iso",
            "local-file": "/var/import/staging/",
            "insecure": ""
        }
    ]
}

The following is the response JSON from the POST method:

{
    "f5-utils-file-transfer:output": {
        "result": "File transfer is initiated.(/var/import/staging/F5OS-C-1.1.0-2391.PARTITION.iso)"
    }
}

You may also check the transfer status via the API:

GET: https://<chassis-system-controller-ip>:8888/restconf/data/f5-utils-file-transfer:file/transfer-status

Remove Slots from Default Partition

The system ships with all slots configured in the default chassis partition.

Before you can create a new chassis partition you must remove any slots you want to add to it from the default partition.

To view the current assignment of slots to partitions use the following API command:

GET: https://<chassis-system-controller-ip>:8888/restconf/data/f5-system-slot:slots

The following is the response JSON from the GET method:

{
    "f5-system-slot:slots": {
        "slot": [
            {
                "slot-num": 1,
                "enabled": true,
                "partition": "default"
            },
            {
                "slot-num": 2,
                "enabled": true,
                "partition": "default"
            },
            {
                "slot-num": 3,
                "enabled": true,
                "partition": "default"
            },
            {
                "slot-num": 4,
                "enabled": true,
                "partition": "default"
            },
            {
                "slot-num": 5,
                "enabled": true,
                "partition": "default"
            },
            {
                "slot-num": 6,
                "enabled": true,
                "partition": "default"
            },
            {
                "slot-num": 7,
                "enabled": true,
                "partition": "default"
            },
            {
                "slot-num": 8,
                "enabled": true,
                "partition": "default"
            }
        ]
    }
}

Next remove the default partition from the slots you’d like to assign to any new chassis partitions. In this case we’ll assign the partition none to slots 1, 2, 3. Once the slots are unassigned (in the none partition), they can be added to a new chassis partition.

PATCH: https://<chassis-system-controller-ip>:8888/restconf/data
{
    "f5-system-slot:slots": {
        "slot": [
            {
                "slot-num": 1,
                "enabled": true,
                "partition": "none"
            },
            {
                "slot-num": 2,
                "enabled": true,
                "partition": "none"
            },
            {
                "slot-num": 3,
                "enabled": true,
                "partition": "none"
            }
        ]
    }
}

Create Chassis Partition

A chassis partition called partitionA will be created. It will be assigned an out-of-band management IP address, mask and gateway, along with an F5OS ISO version that must be loaded before the partition can be created.

POST: https://<chassis-system-controller-ip>:8888/restconf/data/f5-system-partition:partitions
{
    "partition": {
        "name": "partitionA",
        "config": {
            "enabled": false,
                "iso-version": "1.1.0-3198",
                "mgmt-ip": {
                    "ipv4": {
                        "address": "<chassis-partition-ip>",
                        "prefix-length": 24,
                        "gateway": "10.1.1.1"
                    }
                }
            }
        }
}

Assign Slots to the Chassis Partition

Next slots 1 & 2 will be assigned to the chassis partition called partitionA:

PATCH: https://<chassis-system-controller-ip>:8888/restconf/data
{
    "f5-system-slot:slots": {
        "slot": [
            {
                "slot-num": 1,
                "enabled": true,
                "partition": "partitionA"
            },
            {
                "slot-num": 2,
                "enabled": true,
                "partition": "partitionA"
            }
        ]
    }
}

Enable Chassis Partition

Finally, the partitionA containing slots 1 & 2 will be enabled:

PATCH: https://<chassis-system-controller-ip>:8888/restconf/data/f5-system-partition:partitions/partition=partitionA/config/enabled
{
    "enabled": true
}

Change default passwords on Chassis Partition

The chassis partition will have a default username/password of admin/admin. When using the GUI you would be prompted on first login to change the password. To do this via the API use the following API call:

POST: https://<chassis-system-controller-ip>:8888/restconf/operations/openconfig-system:system/aaa/authentication/users/user=admin/config/change-password
{
    "input": [
        {
            "old-password": "admin",
            "new-password": "NewPa$$word",
            "confirm-password": "NewPa$$word"
        }
    ]
}

Display Chassis Partition

This will display the chassis partition available on the system:

GET: https://<chassis-system-controller-ip>:8888/restconf/data/f5-system-partition:partitions

The following is the response JSON from the GET method:

{
    "f5-system-partition:partitions": {
        "partition": [
            {
                "name": "partitionA",
                "config": {
                    "enabled": true,
                    "iso-version": "1.1.0-3198",
                    "mgmt-ip": {
                        "ipv4": {
                            "address": "10.1.1.10",
                            "prefix-length": 24,
                            "gateway": "10.1.1.1"
                        }
                    }
                },
                "state": {
                    "controllers": {
                        "controller": [
                            {
                                "controller": 1,
                                "partition-id": 2,
                                "partition-status": "running-active"
                            },
                            {
                                "controller": 2,
                                "partition-id": 2,
                                "partition-status": "running-standby"
                            }
                        ]
                    }
                }
            }
        ]
    }
}

Delete Chassis Partition

In case you need to delete a chassis partition, here is an example:

DELETE: https://<chassis-system-controller-ip>:8888/restconf/data/f5-system-partition:partitions/partition=partitionA