Basic examples¶
This section contains general BIG-IP Declarative Onboarding example declarations.
Standalone declaration¶
The following is an example declaration that onboards a standalone BIG-IP system. See Composing a Declaration for specific details on this example.
{
"schemaVersion": "1.0.0",
"class": "Device",
"async": true,
"webhook": "https://example.com/myHook",
"label": "my BIG-IP declaration for declarative onboarding",
"Common": {
"class": "Tenant",
"mySystem": {
"class": "System",
"hostname": "bigip.example.com",
"cliInactivityTimeout": 1200,
"consoleInactivityTimeout": 1200,
"autoPhonehome": false
},
"myLicense": {
"class": "License",
"licenseType": "regKey",
"regKey": "AAAAA-BBBBB-CCCCC-DDDDD-EEEEEEE"
},
"myDns": {
"class": "DNS",
"nameServers": [
"8.8.8.8",
"2001:4860:4860::8844"
],
"search": [
"f5.com"
]
},
"myNtp": {
"class": "NTP",
"servers": [
"0.pool.ntp.org",
"1.pool.ntp.org",
"2.pool.ntp.org"
],
"timezone": "UTC"
},
"root": {
"class": "User",
"userType": "root",
"oldPassword": "default",
"newPassword": "myNewPass1word"
},
"admin": {
"class": "User",
"userType": "regular",
"password": "asdfjkl",
"shell": "bash"
},
"guestUser": {
"class": "User",
"userType": "regular",
"password": "guestNewPass1",
"partitionAccess": {
"Common": {
"role": "guest"
}
}
},
"anotherUser": {
"class": "User",
"userType": "regular",
"password": "myPass1word",
"shell": "none",
"partitionAccess": {
"all-partitions": {
"role": "guest"
}
}
},
"myProvisioning": {
"class": "Provision",
"ltm": "nominal",
"gtm": "minimum"
},
"internal": {
"class": "VLAN",
"tag": 4093,
"mtu": 1500,
"interfaces": [
{
"name": "1.2",
"tagged": true
}
],
"cmpHash": "dst-ip"
},
"internal-self": {
"class": "SelfIp",
"address": "10.10.0.100/24",
"vlan": "internal",
"allowService": "default",
"trafficGroup": "traffic-group-local-only"
},
"external": {
"class": "VLAN",
"tag": 4094,
"mtu": 1500,
"interfaces": [
{
"name": "1.1",
"tagged": true
}
],
"cmpHash": "src-ip"
},
"external-self": {
"class": "SelfIp",
"address": "10.20.0.100/24",
"vlan": "external",
"allowService": "none",
"trafficGroup": "traffic-group-local-only"
},
"default": {
"class": "Route",
"gw": "10.10.0.1",
"network": "default",
"mtu": 1500
},
"managementRoute": {
"class": "ManagementRoute",
"gw": "192.0.2.4",
"network": "192.0.2.1",
"mtu": 1500
},
"myRouteDomain": {
"class": "RouteDomain",
"id": 100,
"bandWidthControllerPolicy": "bwcPol",
"connectionLimit": 5432991,
"flowEvictionPolicy": "default-eviction-policy",
"ipIntelligencePolicy": "ip-intelligence",
"enforcedFirewallPolicy": "enforcedPolicy",
"stagedFirewallPolicy": "stagedPolicy",
"securityNatPolicy": "securityPolicy",
"servicePolicy": "servicePolicy",
"strict": false,
"routingProtocols": [
"RIP"
],
"vlans": [
"external"
]
},
"dbvars": {
"class": "DbVariables",
"ui.advisory.enabled": true,
"ui.advisory.color": "green",
"ui.advisory.text": "/Common/hostname"
}
}
}
Clustered declaration¶
The following is an example declaration that onboards a clustered BIG-IP system. See Clustering for specific details on this example.
{
"schemaVersion": "1.0.0",
"class": "Device",
"async": true,
"label": "Onboard BIG-IP into an HA Pair",
"Common": {
"class": "Tenant",
"hostname": "bigip1.example.com",
"myLicense": {
"class": "License",
"licenseType": "regKey",
"regKey": "AAAAA-BBBBB-CCCCC-DDDDD-EEEEEEE"
},
"myDns": {
"class": "DNS",
"nameServers": [
"8.8.8.8",
"2001:4860:4860::8844"
],
"search": [
"f5.com"
]
},
"myNtp": {
"class": "NTP",
"servers": [
"0.pool.ntp.org",
"1.pool.ntp.org",
"2.pool.ntp.org"
],
"timezone": "UTC"
},
"root": {
"class": "User",
"userType": "root",
"oldPassword": "foo",
"newPassword": "bar"
},
"admin": {
"class": "User",
"userType": "regular",
"password": "asdfjkl",
"shell": "bash"
},
"anotherUser": {
"class": "User",
"userType": "regular",
"password": "foobar",
"partitionAccess": {
"Common": {
"role": "guest"
}
}
},
"myProvisioning": {
"class": "Provision",
"ltm": "nominal"
},
"internal": {
"class": "VLAN",
"tag": 4093,
"mtu": 1500,
"interfaces": [
{
"name": "1.2",
"tagged": false
}
]
},
"internal-self": {
"class": "SelfIp",
"address": "10.10.0.100/24",
"vlan": "internal",
"allowService": "default",
"trafficGroup": "traffic-group-local-only"
},
"external": {
"class": "VLAN",
"tag": 4094,
"mtu": 1500,
"interfaces": [
{
"name": "1.1",
"tagged": false
}
]
},
"external-localself": {
"class": "SelfIp",
"address": "10.20.0.100/24",
"vlan": "external",
"allowService": "none",
"trafficGroup": "traffic-group-local-only"
},
"external-self": {
"class": "SelfIp",
"address": "10.20.0.200/24",
"vlan": "external",
"allowService": "none",
"trafficGroup": "traffic-group-1"
},
"default": {
"class": "Route",
"gw": "10.10.0.1",
"network": "default",
"mtu": 1500
},
"configsync": {
"class": "ConfigSync",
"configsyncIp": "/Common/internal-self/address"
},
"failoverAddress": {
"class": "FailoverUnicast",
"address": "/Common/internal-self/address"
},
"failoverGroup": {
"class": "DeviceGroup",
"type": "sync-failover",
"members": [
"bigip1.example.com",
"bigip2.example.com"
],
"owner": "/Common/failoverGroup/members/0",
"autoSync": true,
"saveOnAutoSync": false,
"networkFailover": true,
"fullLoadOnSync": false,
"asmSync": false
},
"trust": {
"class": "DeviceTrust",
"localUsername": "admin",
"localPassword": "pass1word",
"remoteHost": "/Common/failoverGroup/members/0",
"remoteUsername": "admin",
"remotePassword": "pass2word"
}
}
}
Using JSON Pointers¶
The following is another example using a declaration for use in a container, but in this case, it also contains a number of examples of using JSON pointers in a declaration. For more information on JSON pointers, see JSON Pointers.
{
"class": "DO",
"targetHost": "192.0.2.4",
"targetUsername": "/declaration/Credentials/1/bigiqUsername",
"targetPassphrase": "/declaration/Credentials/1/password",
"declaration": {
"schemaVersion": "1.0.0",
"class": "Device",
"label": "Use App Services Gateway to license BIG-IP via BIG-IQ when BIG-IP is reachable from BIG-IQ",
"Credentials": [
{
"username": "bigIqAdmin",
"password": "foofoo"
},
{
"username": "admin",
"password": "asdfjkl"
}
],
"Common": {
"class": "Tenant",
"hostname": "bigip.example.com",
"myLicense": {
"class": "License",
"licenseType": "licensePool",
"bigIqHost": "192.0.2.200",
"bigIqUsername": "/Credentials/0/bigiqUsername",
"bigIqPassword": "/Credentials/0/password",
"licensePool": "myUtilityLicense",
"skuKeyword1": "key1",
"skuKeyword2": "key2",
"unitOfMeasure": "hourly",
"reachable": true,
"bigIpUsername": "/Credentials/1/bigipUsername",
"bigIpPassword": "/Credentials/1/password"
},
"myDns": {
"class": "DNS",
"nameServers": [
"8.8.8.8",
"2001:4860:4860::8844"
],
"search": [
"f5.com"
]
},
"myNtp": {
"class": "NTP",
"servers": [
"0.pool.ntp.org",
"1.pool.ntp.org",
"2.pool.ntp.org"
],
"timezone": "UTC"
},
"root": {
"class": "User",
"userType": "root",
"oldPassword": "foo",
"newPassword": "bar"
},
"admin": {
"class": "User",
"userType": "regular",
"password": "asdfjkl",
"shell": "bash"
},
"anotherUser": {
"class": "User",
"userType": "regular",
"password": "foobar",
"partitionAccess": {
"Common": {
"role": "guest"
}
}
},
"myProvisioning": {
"class": "Provision",
"ltm": "nominal"
},
"internal": {
"class": "VLAN",
"tag": 4093,
"mtu": 1500,
"interfaces": [
{
"name": "1.2",
"tagged": true
}
]
},
"internal-self": {
"class": "SelfIp",
"address": "10.10.0.100/24",
"vlan": "internal",
"allowService": "default",
"trafficGroup": "traffic-group-local-only"
},
"external": {
"class": "VLAN",
"tag": 4094,
"mtu": 1500,
"interfaces": [
{
"name": "1.1",
"tagged": true
}
]
},
"external-self": {
"class": "SelfIp",
"address": "10.20.0.100/24",
"vlan": "external",
"allowService": "none",
"trafficGroup": "traffic-group-local-only"
},
"default": {
"class": "Route",
"gw": "10.10.0.1",
"network": "default",
"mtu": 1500
}
}
}
}
User class¶
The following is an example of the User Class. The User class creates (or modifies) the users and their associated roles and access control. For more information, see User class in the Schema Reference.
New in BIG-IP DO 1.35 |br| BIG-IP DO introduced the forceInitialPasswordChange property for the User class. This property allows you to determine whether a password change is required on the first user login. In previous DO versions, DO followed the BIG-IP default behavior of forcing the password change on first user login. The DO default value for forceInitialPasswordChange is true meaning DO still enforces the password change. If you do not want to force a password change on first login, set this property to false.
In the following declaration, we show only the User class. You can use this class as a part of a larger BIG-IP Declarative Onboarding declaration.
Important
The following declaration snippet has been updated to include the new forceInitialPasswordChange property introduced in BIG-IP DO 1.35. If you attempt to use it on a version prior to 1.35, it will fail. To use the example on a previous version, delete the forceInitialPasswordChange property at the bottom (and the comma from the previous line).
{
"schemaVersion": "1.0.0",
"class": "Device",
"async": true,
"webhook": "https://example.com/myHook",
"label": "user class",
"Common": {
"class": "Tenant",
"root": {
"class": "User",
"userType": "root",
"oldPassword": "foo",
"newPassword": "bar"
},
"admin": {
"class": "User",
"userType": "regular",
"password": "asdfjkl",
"shell": "bash"
},
"guestUser": {
"class": "User",
"userType": "regular",
"password": "foobar",
"partitionAccess": {
"Common": {
"role": "guest"
}
}
},
"anotherUser": {
"class": "User",
"userType": "regular",
"password": "foobar",
"shell": "none",
"partitionAccess": {
"all-partitions": {
"role": "guest"
}
},
"forceInitialPasswordChange": false
}
}
}