BIG-IQ example declarations

The following are example declarations for licensing with BIG-IQ. See Composing a declaration for licensing BIG-IP with a BIG-IQ for detailed information about composing declarations with BIG-IQ.

See the BIG-IQ documentation for more detailed information on License pool types. See K54909607 for information on BIG-IQ and Declarative Onboarding compatibility

Note

In DO 1.17, we updated the example declarations so the BIG-IP password in the License class matches the one set in the User class, as required by DO.

Licensing with BIG-IQ: Regkey Pool - Route to BIG-IP

The following is an example of using a BIG-IQ to license your BIG-IP systems, where the BIG-IQ has an existing route to the BIG-IP. In this example, our existing BIG-IQ license pool is a RegKey pool that contains BIG-IP VE RegKeys. Because the BIG-IP VE is reachable (has a route to the BIG-IQ), we also specify the BIG-IP user name and password.

Note

Currently, to use a RegKey pool the BIG-IP must be reachable from the BIG-IQ.

The entire License class is unique to using BIG-IQ for licensing, so the items specific to RegKey pools are highlighted.

{
    "schemaVersion": "1.0.0",
    "class": "Device",
    "async": true,
    "label": "License BIG-IP via BIG-IQ RegKey pool when BIG-IP is reachable from BIG-IQ (unreachable is not supported)",
    "Common": {
        "class": "Tenant",
        "hostname": "bigip.example.com",
        "myLicense": {
            "class": "License",
            "licenseType": "licensePool",
            "bigIqHost": "10.0.1.200",
            "bigIqUsername": "admin",
            "bigIqPassword": "foofoo",
            "licensePool": "myRegKeyPool",
            "bigIpUsername": "admin",
            "bigIpPassword": "asdfjkl"
        },
        "myDns": {
            "class": "DNS",
            "nameServers": [
                "8.8.8.8",
                "2001:4860:4860::8844"
            ],
            "search": [
                "f5.com"
            ]
        },
        "myNtp": {
            "class": "NTP",
            "servers": [
                "0.pool.ntp.org",
                "1.pool.ntp.org",
                "2.pool.ntp.org"
            ],
            "timezone": "UTC"
        },
        "root": {
            "class": "User",
            "userType": "root",
            "oldPassword": "foo",
            "newPassword": "bar"
        },
        "admin": {
            "class": "User",
            "userType": "regular",
            "password": "asdfjkl",
            "shell": "bash"
        },
        "anotherUser": {
            "class": "User",
            "userType": "regular",
            "password": "foobar",
            "partitionAccess": {
                "Common": {
                    "role": "guest"
                }
            }
        },
        "myProvisioning": {
            "class": "Provision",
            "ltm": "nominal"
        },
        "internal": {
            "class": "VLAN",
            "tag": 4093,
            "mtu": 1500,
            "interfaces": [
                {
                    "name": "1.2",
                    "tagged": true
                }
            ]
        },
        "internal-self": {
            "class": "SelfIp",
            "address": "10.10.0.100/24",
            "vlan": "internal",
            "allowService": "default",
            "trafficGroup": "traffic-group-local-only"
        },
        "external": {
            "class": "VLAN",
            "tag": 4094,
            "mtu": 1500,
            "interfaces": [
                {
                    "name": "1.1",
                    "tagged": true
                }
            ]
        },
        "external-self": {
            "class": "SelfIp",
            "address": "10.20.0.100/24",
            "vlan": "external",
            "allowService": "none",
            "trafficGroup": "traffic-group-local-only"
        },
        "default": {
            "class": "Route",
            "gw": "10.10.0.1",
            "network": "default",
            "mtu": 1500
        }
    }
}

Back to top


Licensing with BIG-IQ: Utility Pool - Route to BIG-IP

In this example, our BIG-IQ license pool is a utility (subscription) pool. Utility pools contain licenses for BIG-IP services you grant for a specific unit of measure (hourly, daily, monthly, or yearly).

Utility pools include a additional parameters: skuKeyword1 and skuKeyword2, and unitOfMeasure (see License class for details).

We’ve highlighted the lines that are specific to this utility and Route example (reachable=true).

New in DO 1.24
Declarative Onboarding 1.24 introduced the chargebackTag property to the License class. chargebackTag is an optional text string which can be used as a charge back tag, making it easier to track license costs.

Warning

If you attempt to use this example a Declarative Onboarding version prior to 1.24, it will fail. On previous versions, remove line 22.

{
    "schemaVersion": "1.0.0",
    "class": "Device",
    "async": true,
    "label": "License BIG-IP via BIG-IQ utility license when BIG-IP is reachable from BIG-IQ",
    "Common": {
        "class": "Tenant",
        "hostname": "bigip.example.com",
        "myLicense": {
            "class": "License",
            "licenseType": "licensePool",
            "bigIqHost": "10.0.1.200",
            "bigIqUsername": "admin",
            "bigIqPassword": "myPassword1",
            "licensePool": "myUtilityLicense",
            "skuKeyword1": "key1",
            "skuKeyword2": "key2",
            "unitOfMeasure": "hourly",
            "reachable": true,
            "bigIpUsername": "admin",
            "bigIpPassword": "asdfjkl",
            "chargebackTag": "foo-bar"
        },
        "myDns": {
            "class": "DNS",
            "nameServers": [
                "8.8.8.8",
                "2001:4860:4860::8844"
            ],
            "search": [
                "f5.com"
            ]
        },
        "myNtp": {
            "class": "NTP",
            "servers": [
                "0.pool.ntp.org",
                "1.pool.ntp.org",
                "2.pool.ntp.org"
            ],
            "timezone": "UTC"
        },
        "root": {
            "class": "User",
            "userType": "root",
            "oldPassword": "foo",
            "newPassword": "bar"
        },
        "admin": {
            "class": "User",
            "userType": "regular",
            "password": "asdfjkl",
            "shell": "bash"
        },
        "anotherUser": {
            "class": "User",
            "userType": "regular",
            "password": "foobar",
            "partitionAccess": {
                "Common": {
                    "role": "guest"
                }
            }
        },
        "myProvisioning": {
            "class": "Provision",
            "ltm": "nominal"
        },
        "internal": {
            "class": "VLAN",
            "tag": 4093,
            "mtu": 1500,
            "interfaces": [
                {
                    "name": "1.2",
                    "tagged": true
                }
            ]
        },
        "internal-self": {
            "class": "SelfIp",
            "address": "10.10.0.100/24",
            "vlan": "internal",
            "allowService": "default",
            "trafficGroup": "traffic-group-local-only"
        },
        "external": {
            "class": "VLAN",
            "tag": 4094,
            "mtu": 1500,
            "interfaces": [
                {
                    "name": "1.1",
                    "tagged": true
                }
            ]
        },
        "external-self": {
            "class": "SelfIp",
            "address": "10.20.0.100/24",
            "vlan": "external",
            "allowService": "none",
            "trafficGroup": "traffic-group-local-only"
        },
        "default": {
            "class": "Route",
            "gw": "10.10.0.1",
            "network": "default",
            "mtu": 1500
        }
    }
}

Back to top


Licensing with BIG-IQ: Utility Pool - No Route to BIG-IP

The following is another example of using a BIG-IQ to license your BIG-IP systems with a utility pool. However, in this case the BIG-IQ does not have an existing route to the BIG-IP.

For unreachable devices (with no route to BIG-IP), BIG-IP credentials are not required. Instead, you must explicitly indicate the platform on which the device runs (the hypervisor field) as Declarative Onboarding cannot automatically detect the value at this time. This is required for the BIG-IQ license activation API request (see License class for hypervisor options).

New in DO 1.24
Declarative Onboarding 1.24 introduced the chargebackTag property. chargebackTag is an optional text string which can be used as a charge back tag, making it easier to track license costs.

Warning

If you attempt to use this example a Declarative Onboarding version prior to 1.24, it will fail. On previous versions, remove line 22.

In this example, we’ve highlighted the lines that are specific to this utility and No Route example (reachable=false). See Composing a declaration for licensing BIG-IP with a BIG-IQ for specific details on this example.

{
    "schemaVersion": "1.0.0",
    "class": "Device",
    "async": true,
    "label": "License BIG-IP via BIG-IQ utility license when BIG-IP is not reachable from BIG-IQ",
    "Common": {
        "class": "Tenant",
        "hostname": "bigip.example.com",
        "myLicense": {
            "class": "License",
            "licenseType": "licensePool",
            "bigIqHost": "10.0.1.200",
            "bigIqUsername": "admin",
            "bigIqPassword": "myPassword1",
            "licensePool": "myUtilityLicense",
            "skuKeyword1": "key1",
            "skuKeyword2": "key2",
            "unitOfMeasure": "hourly",
            "reachable": false,
            "hypervisor": "vmware",
            "tenant": "Optional custom descriptor",
            "chargebackTag": "foo-bar"
        },
        "myDns": {
            "class": "DNS",
            "nameServers": [
                "8.8.8.8",
                "2001:4860:4860::8844"
            ],
            "search": [
                "f5.com"
            ]
        },
        "myNtp": {
            "class": "NTP",
            "servers": [
                "0.pool.ntp.org",
                "1.pool.ntp.org",
                "2.pool.ntp.org"
            ],
            "timezone": "UTC"
        },
        "root": {
            "class": "User",
            "userType": "root",
            "oldPassword": "foo",
            "newPassword": "bar"
        },
        "admin": {
            "class": "User",
            "userType": "regular",
            "password": "asdfjkl",
            "shell": "bash"
        },
        "anotherUser": {
            "class": "User",
            "userType": "regular",
            "password": "foobar",
            "partitionAccess": {
                "Common": {
                    "role": "guest"
                }
            }
        },
        "myProvisioning": {
            "class": "Provision",
            "ltm": "nominal"
        },
        "internal": {
            "class": "VLAN",
            "tag": 4093,
            "mtu": 1500,
            "interfaces": [
                {
                    "name": "1.2",
                    "tagged": true
                }
            ]
        },
        "internal-self": {
            "class": "SelfIp",
            "address": "10.10.0.100/24",
            "vlan": "internal",
            "allowService": "default",
            "trafficGroup": "traffic-group-local-only"
        },
        "external": {
            "class": "VLAN",
            "tag": 4094,
            "mtu": 1500,
            "interfaces": [
                {
                    "name": "1.1",
                    "tagged": true
                }
            ]
        },
        "external-self": {
            "class": "SelfIp",
            "address": "10.20.0.100/24",
            "vlan": "external",
            "allowService": "none",
            "trafficGroup": "traffic-group-local-only"
        },
        "default": {
            "class": "Route",
            "gw": "10.10.0.1",
            "network": "default",
            "mtu": 1500
        }
    }
}

Back to top


Licensing with BIG-IQ: Purchased Pool - Route to BIG-IP

In this example, our BIG-IQ license pool is a Purchased pool. A Purchased pool is a prepaid pool of a specific number of concurrent license grants for a single BIG-IP service, such as LTM.

Because the BIG-IP VE is reachable (has a route to the BIG-IQ), we also specify the BIG-IP user name and password.

{
    "schemaVersion": "1.0.0",
    "class": "Device",
    "async": true,
    "label": "License BIG-IP via BIG-IQ purchased pool license when BIG-IP is reachable from BIG-IQ",
    "Common": {
        "class": "Tenant",
        "hostname": "bigip.example.com",
        "myLicense": {
            "class": "License",
            "licenseType": "licensePool",
            "bigIqHost": "10.0.1.200",
            "bigIqUsername": "admin",
            "bigIqPassword": "myPassword1",
            "licensePool": "myPurchasedPool",
            "reachable": true,
            "bigIpUsername": "admin",
            "bigIpPassword": "asdfjkl"
        },
        "myDns": {
            "class": "DNS",
            "nameServers": [
                "8.8.8.8",
                "2001:4860:4860::8844"
            ],
            "search": [
                "f5.com"
            ]
        },
        "myNtp": {
            "class": "NTP",
            "servers": [
                "0.pool.ntp.org",
                "1.pool.ntp.org",
                "2.pool.ntp.org"
            ],
            "timezone": "UTC"
        },
        "root": {
            "class": "User",
            "userType": "root",
            "oldPassword": "foo",
            "newPassword": "bar"
        },
        "admin": {
            "class": "User",
            "userType": "regular",
            "password": "asdfjkl",
            "shell": "bash"
        },
        "anotherUser": {
            "class": "User",
            "userType": "regular",
            "password": "foobar",
            "partitionAccess": {
                "Common": {
                    "role": "guest"
                }
            }
        },
        "myProvisioning": {
            "class": "Provision",
            "ltm": "nominal"
        },
        "internal": {
            "class": "VLAN",
            "tag": 4093,
            "mtu": 1500,
            "interfaces": [
                {
                    "name": "1.2",
                    "tagged": true
                }
            ]
        },
        "internal-self": {
            "class": "SelfIp",
            "address": "10.10.0.100/24",
            "vlan": "internal",
            "allowService": "default",
            "trafficGroup": "traffic-group-local-only"
        },
        "external": {
            "class": "VLAN",
            "tag": 4094,
            "mtu": 1500,
            "interfaces": [
                {
                    "name": "1.1",
                    "tagged": true
                }
            ]
        },
        "external-self": {
            "class": "SelfIp",
            "address": "10.20.0.100/24",
            "vlan": "external",
            "allowService": "none",
            "trafficGroup": "traffic-group-local-only"
        },
        "default": {
            "class": "Route",
            "gw": "10.10.0.1",
            "network": "default",
            "mtu": 1500
        }
    }
}

Back to top


Licensing with BIG-IQ: Purchased Pool - No Route to BIG-IP

This example also uses a Purchased pool, but without a route to the BIG-IP.

For unreachable devices (with no route to BIG-IP), BIG-IP credentials are not required. Instead, you must explicitly indicate the platform on which the device runs (the hypervisor field) as Declarative Onboarding cannot automatically detect the value at this time. This is required for the BIG-IQ license activation API request (see License class for hypervisor options).

New in DO 1.15
DO 1.15 adds the tenant property to the License class. This property allows you to specify an optional description for the license. This feature is useful in autoscale solutions managed by a BIG-IQ. The DO tenant property is prepended to the BIG-IQ tenant property. The BIG-IQ tenant property is management address,hostname by default, so when using the DO property, it becomes DO-tenant-property,management-address,hostname. This feature is only supported when reachable is false.

Important

The following declaration has been updated to include the new Tenant property introduced in DO 1.15. If you attempt to use it on a version prior to 1.15, it will fail. To use the example on a previous version, delete the tenant property at the bottom of the License class.

{
    "schemaVersion": "1.0.0",
    "class": "Device",
    "async": true,
    "label": "License BIG-IP via BIG-IQ purchased pool license when BIG-IP is not reachable from BIG-IQ",
    "Common": {
        "class": "Tenant",
        "hostname": "bigip.example.com",
        "myLicense": {
            "class": "License",
            "licenseType": "licensePool",
            "bigIqHost": "10.0.1.200",
            "bigIqUsername": "admin",
            "bigIqPassword": "myPassword1",
            "licensePool": "myPurchasedPool",
            "reachable": false,
            "hypervisor": "vmware",
            "tenant": "Optional custom descriptor"
        },
        "myDns": {
            "class": "DNS",
            "nameServers": [
                "8.8.8.8",
                "2001:4860:4860::8844"
            ],
            "search": [
                "f5.com"
            ]
        },
        "myNtp": {
            "class": "NTP",
            "servers": [
                "0.pool.ntp.org",
                "1.pool.ntp.org",
                "2.pool.ntp.org"
            ],
            "timezone": "UTC"
        },
        "root": {
            "class": "User",
            "userType": "root",
            "oldPassword": "foo",
            "newPassword": "bar"
        },
        "admin": {
            "class": "User",
            "userType": "regular",
            "password": "asdfjkl",
            "shell": "bash"
        },
        "anotherUser": {
            "class": "User",
            "userType": "regular",
            "password": "foobar",
            "partitionAccess": {
                "Common": {
                    "role": "guest"
                }
            }
        },
        "myProvisioning": {
            "class": "Provision",
            "ltm": "nominal"
        },
        "internal": {
            "class": "VLAN",
            "tag": 4093,
            "mtu": 1500,
            "interfaces": [
                {
                    "name": "1.2",
                    "tagged": true
                }
            ]
        },
        "internal-self": {
            "class": "SelfIp",
            "address": "10.10.0.100/24",
            "vlan": "internal",
            "allowService": "default",
            "trafficGroup": "traffic-group-local-only"
        },
        "external": {
            "class": "VLAN",
            "tag": 4094,
            "mtu": 1500,
            "interfaces": [
                {
                    "name": "1.1",
                    "tagged": true
                }
            ]
        },
        "external-self": {
            "class": "SelfIp",
            "address": "10.20.0.100/24",
            "vlan": "external",
            "allowService": "none",
            "trafficGroup": "traffic-group-local-only"
        },
        "default": {
            "class": "Route",
            "gw": "10.10.0.1",
            "network": "default",
            "mtu": 1500
        }
    }
}

Back to top


Revoking a BIG-IP license from BIG-IQ without relicensing

The following is an example of using BIG-IQ to revoke a license from an unreachable BIG-IP VE using revokeFrom and specifying the license pool. In this example, we are only revoking the license, and not relicensing the BIG-IP VE. See See Revoking a license using BIG-IQ for specific details on this example.

{
    "schemaVersion": "1.0.0",
    "class": "Device",
    "label": "Revoke BIG-IP license via BIG-IQ when BIG-IP is not reachable from BIG-IQ",
    "Common": {
        "class": "Tenant",
        "hostname": "bigip.example.com",
        "myLicense": {
            "class": "License",
            "licenseType": "licensePool",
            "bigIqHost": "10.0.1.200",
            "bigIqUsername": "admin",
            "bigIqPassword": "foofoo",
            "revokeFrom": "myPool",
            "reachable": false
        },
        "myDns": {
            "class": "DNS",
            "nameServers": [
                "8.8.8.8",
                "2001:4860:4860::8844"
            ],
            "search": [
                "f5.com"
            ]
        },
        "myNtp": {
            "class": "NTP",
            "servers": [
                "0.pool.ntp.org",
                "1.pool.ntp.org",
                "2.pool.ntp.org"
            ],
            "timezone": "UTC"
        },
        "root": {
            "class": "User",
            "userType": "root",
            "oldPassword": "foo",
            "newPassword": "bar"
        },
        "admin": {
            "class": "User",
            "userType": "regular",
            "password": "asdfjkl",
            "shell": "bash"
        },
        "anotherUser": {
            "class": "User",
            "userType": "regular",
            "password": "foobar",
            "partitionAccess": {
                "Common": {
                    "role": "guest"
                }
            }
        },
        "myProvisioning": {
            "class": "Provision",
            "ltm": "nominal"
        },
        "internal": {
            "class": "VLAN",
            "tag": 4093,
            "mtu": 1500,
            "interfaces": [
                {
                    "name": "1.2",
                    "tagged": true
                }
            ]
        },
        "internal-self": {
            "class": "SelfIp",
            "address": "10.10.0.100/24",
            "vlan": "internal",
            "allowService": "default",
            "trafficGroup": "traffic-group-local-only"
        },
        "external": {
            "class": "VLAN",
            "tag": 4094,
            "mtu": 1500,
            "interfaces": [
                {
                    "name": "1.1",
                    "tagged": true
                }
            ]
        },
        "external-self": {
            "class": "SelfIp",
            "address": "10.20.0.100/24",
            "vlan": "external",
            "allowService": "none",
            "trafficGroup": "traffic-group-local-only"
        },
        "default": {
            "class": "Route",
            "gw": "10.10.0.1",
            "network": "default",
            "mtu": 1500
        }
    }
}

Back to top


Revoking and relicensing a BIG-IP (with route) from BIG-IQ

The following is an example of using BIG-IQ to revoke a license and then relicense a reachable BIG-IP VE. In this example, we are both revoking the initial license and relicensing the BIG-IP VE from a different license pool on the BIG-IQ. The line with the new licensing pool and the revoke line are highlighted. See See Revoking a license using BIG-IQ for specific details on this example.

{
    "schemaVersion": "1.0.0",
    "class": "Device",
    "label": "Re-license BIG-IP from a different pool when BIG-IP is reachable from BIG-IQ",
    "Common": {
        "class": "Tenant",
        "hostname": "bigip.example.com",
        "myLicense": {
            "class": "License",
            "licenseType": "licensePool",
            "bigIqHost": "10.0.1.200",
            "bigIqUsername": "admin",
            "bigIqPassword": "foofoo",
            "licensePool": "myOtherPool",
            "revokeFrom": "myPool",
            "skuKeyword1": "key1",
            "skuKeyword2": "key2",
            "unitOfMeasure": "hourly",
            "reachable": true,
            "bigIpUsername": "admin",
            "bigIpPassword": "asdfjkl"
        },
        "myDns": {
            "class": "DNS",
            "nameServers": [
                "8.8.8.8",
                "2001:4860:4860::8844"
            ],
            "search": [
                "f5.com"
            ]
        },
        "myNtp": {
            "class": "NTP",
            "servers": [
                "0.pool.ntp.org",
                "1.pool.ntp.org",
                "2.pool.ntp.org"
            ],
            "timezone": "UTC"
        },
        "root": {
            "class": "User",
            "userType": "root",
            "oldPassword": "foo",
            "newPassword": "bar"
        },
        "admin": {
            "class": "User",
            "userType": "regular",
            "password": "asdfjkl",
            "shell": "bash"
        },
        "anotherUser": {
            "class": "User",
            "userType": "regular",
            "password": "foobar",
            "partitionAccess": {
                "Common": {
                    "role": "guest"
                }
            }
        },
        "myProvisioning": {
            "class": "Provision",
            "ltm": "nominal"
        },
        "internal": {
            "class": "VLAN",
            "tag": 4093,
            "mtu": 1500,
            "interfaces": [
                {
                    "name": "1.2",
                    "tagged": true
                }
            ]
        },
        "internal-self": {
            "class": "SelfIp",
            "address": "10.10.0.100/24",
            "vlan": "internal",
            "allowService": "default",
            "trafficGroup": "traffic-group-local-only"
        },
        "external": {
            "class": "VLAN",
            "tag": 4094,
            "mtu": 1500,
            "interfaces": [
                {
                    "name": "1.1",
                    "tagged": true
                }
            ]
        },
        "external-self": {
            "class": "SelfIp",
            "address": "10.20.0.100/24",
            "vlan": "external",
            "allowService": "none",
            "trafficGroup": "traffic-group-local-only"
        },
        "default": {
            "class": "Route",
            "gw": "10.10.0.1",
            "network": "default",
            "mtu": 1500
        }
    }
}

Back to top


Revoking and relicensing a BIG-IP (no route) from BIG-IQ

The following is an example of using BIG-IQ to revoke a license and then relicense an unreachable BIG-IP VE. In this example, we are both revoking the initial license and relicensing the BIG-IP VE from a different license pool on the BIG-IQ. Additionally, because the BIG-IP device does not have a route to the BIG-IQ (unreachable), you must use overwrite = true to let the BIG-IP VE know the system is overwriting the license.

For unreachable devices (with no route to BIG-IP), BIG-IP credentials are not required. Instead, you must explicitly indicate the platform on which the device runs (the hypervisor field) as Declarative Onboarding cannot automatically detect the value at this time. This is required for the BIG-IQ license activation API request (see License class for hypervisor options).

New in DO 1.15
DO 1.15 adds the tenant property to the License class. This property allows you to specify an optional description for the license. This feature is useful in autoscale solutions managed by a BIG-IQ. The DO tenant property is prepended to the BIG-IQ tenant property. The BIG-IQ tenant property is management address,hostname by default, so when using the DO property, it becomes DO-tenant-property,management-address,hostname. This feature is only supported when reachable is false.

Important

The following declaration has been updated to include the new Tenant property introduced in DO 1.15. If you attempt to use it on a version prior to 1.15, it will fail. To use the example on a previous version, delete the tenant property at the bottom of the License class.

We have highlighted the new licensing pool, the revoke line, the hypervisor, and the overwrite line. See Revoking a license using BIG-IQ for specific details on this example.

{
    "schemaVersion": "1.0.0",
    "class": "Device",
    "label": "Re-license BIG-IP from a different pool when BIG-IP is not reachable from BIG-IQ",
    "Common": {
        "class": "Tenant",
        "hostname": "bigip.example.com",
        "myLicense": {
            "class": "License",
            "licenseType": "licensePool",
            "bigIqHost": "10.0.1.200",
            "bigIqUsername": "admin",
            "bigIqPassword": "foofoo",
            "licensePool": "myOtherPool",
            "revokeFrom": "myPool",
            "skuKeyword1": "key1",
            "skuKeyword2": "key2",
            "unitOfMeasure": "hourly",
            "reachable": false,
            "hypervisor": "vmware",
            "overwrite": true,
            "tenant": "Optional custom descriptor"
        },
        "myDns": {
            "class": "DNS",
            "nameServers": [
                "8.8.8.8",
                "2001:4860:4860::8844"
            ],
            "search": [
                "f5.com"
            ]
        },
        "myNtp": {
            "class": "NTP",
            "servers": [
                "0.pool.ntp.org",
                "1.pool.ntp.org",
                "2.pool.ntp.org"
            ],
            "timezone": "UTC"
        },
        "root": {
            "class": "User",
            "userType": "root",
            "oldPassword": "foo",
            "newPassword": "bar"
        },
        "admin": {
            "class": "User",
            "userType": "regular",
            "password": "asdfjkl",
            "shell": "bash"
        },
        "anotherUser": {
            "class": "User",
            "userType": "regular",
            "password": "foobar",
            "partitionAccess": {
                "Common": {
                    "role": "guest"
                }
            }
        },
        "myProvisioning": {
            "class": "Provision",
            "ltm": "nominal"
        },
        "internal": {
            "class": "VLAN",
            "tag": 4093,
            "mtu": 1500,
            "interfaces": [
                {
                    "name": "1.2",
                    "tagged": true
                }
            ]
        },
        "internal-self": {
            "class": "SelfIp",
            "address": "10.10.0.100/24",
            "vlan": "internal",
            "allowService": "default",
            "trafficGroup": "traffic-group-local-only"
        },
        "external": {
            "class": "VLAN",
            "tag": 4094,
            "mtu": 1500,
            "interfaces": [
                {
                    "name": "1.1",
                    "tagged": true
                }
            ]
        },
        "external-self": {
            "class": "SelfIp",
            "address": "10.20.0.100/24",
            "vlan": "external",
            "allowService": "none",
            "trafficGroup": "traffic-group-local-only"
        },
        "default": {
            "class": "Route",
            "gw": "10.10.0.1",
            "network": "default",
            "mtu": 1500
        }
    }
}

Back to top


Revoking and relicensing a BIG-IP (no route) from a different BIG-IQ

This example is similar to example 9, however in this case, we are using a different BIG-IQ device to revoke and relicense the BIG-IP VE from an unreachable BIG-IP VE. In this case, we specify additional information in the revokeFrom property to reference the BIG-IQ that initially licensed the BIG-IP VE. Again, specifying the appropriate hypervisor is required. See Revoking a license using BIG-IQ for specific details on this example.

New in DO 1.15
DO 1.15 adds the tenant property to the License class. This property allows you to specify an optional description for the license. This feature is useful in autoscale solutions managed by a BIG-IQ. The DO tenant property is prepended to the BIG-IQ tenant property. The BIG-IQ tenant property is management address,hostname by default, so when using the DO property, it becomes DO-tenant-property,management-address,hostname. This feature is only supported when reachable is false.

Important

The following declaration has been updated to include the new Tenant property introduced in DO 1.15. If you attempt to use it on a version prior to 1.15, it will fail. To use the example on a previous version, delete the tenant property at the bottom of the License class.

{
    "schemaVersion": "1.0.0",
    "class": "Device",
    "label": "Re-license BIG-IP from a different BIG-IQ when BIG-IP is not reachable from BIG-IQ",
    "Common": {
        "class": "Tenant",
        "hostname": "bigip.example.com",
        "myLicense": {
            "class": "License",
            "licenseType": "licensePool",
            "bigIqHost": "10.0.1.200",
            "bigIqUsername": "admin",
            "bigIqPassword": "foofoo",
            "licensePool": "myPool",
            "revokeFrom": {
                "bigIqHost": "10.0.2.200",
                "bigIqUsername": "admin",
                "bigIqPassword": "barbar",
                "licensePool": "myPool",
                "reachable": false
            },
            "skuKeyword1": "key1",
            "skuKeyword2": "key2",
            "unitOfMeasure": "hourly",
            "reachable": false,
            "hypervisor": "vmware",
            "overwrite": true,
            "tenant": "Optional custom descriptor"
        },
        "myDns": {
            "class": "DNS",
            "nameServers": [
                "8.8.8.8",
                "2001:4860:4860::8844"
            ],
            "search": [
                "f5.com"
            ]
        },
        "myNtp": {
            "class": "NTP",
            "servers": [
                "0.pool.ntp.org",
                "1.pool.ntp.org",
                "2.pool.ntp.org"
            ],
            "timezone": "UTC"
        },
        "root": {
            "class": "User",
            "userType": "root",
            "oldPassword": "foo",
            "newPassword": "bar"
        },
        "admin": {
            "class": "User",
            "userType": "regular",
            "password": "asdfjkl",
            "shell": "bash"
        },
        "anotherUser": {
            "class": "User",
            "userType": "regular",
            "password": "foobar",
            "partitionAccess": {
                "Common": {
                    "role": "guest"
                }
            }
        },
        "myProvisioning": {
            "class": "Provision",
            "ltm": "nominal"
        },
        "internal": {
            "class": "VLAN",
            "tag": 4093,
            "mtu": 1500,
            "interfaces": [
                {
                    "name": "1.2",
                    "tagged": true
                }
            ]
        },
        "internal-self": {
            "class": "SelfIp",
            "address": "10.10.0.100/24",
            "vlan": "internal",
            "allowService": "default",
            "trafficGroup": "traffic-group-local-only"
        },
        "external": {
            "class": "VLAN",
            "tag": 4094,
            "mtu": 1500,
            "interfaces": [
                {
                    "name": "1.1",
                    "tagged": true
                }
            ]
        },
        "external-self": {
            "class": "SelfIp",
            "address": "10.20.0.100/24",
            "vlan": "external",
            "allowService": "none",
            "trafficGroup": "traffic-group-local-only"
        },
        "default": {
            "class": "Route",
            "gw": "10.10.0.1",
            "network": "default",
            "mtu": 1500
        }
    }
}

Back to top


Onboarding a BIG-IP in AWS via BIG-IQ

In this example, we onboard a BIG-IP VE in AWS using the DO endpoint on the BIG-IQ device. This example uses both targetHost to specify the BIG-IP information, and bigIqSettings.

See Sending a DO declaration to BIG-IQ for information on the bigIqSettings parameters. These parameters are highlighted in the following declaration.

See the BIG-IQ API documentation for similar examples for Microsoft Azure and VMware Cloud.

{
    "class": "DO",
    "declaration": {
        "schemaVersion": "1.5.0",
        "class": "Device",
        "async": true,
        "Common": {
            "class": "Tenant",
            "myLicense": {
                "class": "License",
                "licenseType": "regKey",
                "regKey": "AAAAA-BBBBB-CCCCC-DDDDD-EEEEEEE"
            },
            "myProvision": {
                "class": "Provision",
                "ltm": "nominal"
            },
            "myNtp": {
                "class": "NTP",
                "servers": [
                    "time.nist.gov"
                ],
                "timezone": "UTC"
            },
            "admin": {
                "class": "User",
                "userType": "regular",
                "partitionAccess": {
                    "all-partitions": {
                        "role": "admin"
                    }
                },
                "shell": "tmsh",
                "password": "adminpassword"
            },
            "root": {
                "class": "User",
                "userType": "root",
                "newPassword": "rootpassword",
                "oldPassword": "adminpassword"
            }
        }
    },
    "targetHost": "54.10.10.10",
    "targetUsername": "admin",
    "targetSshKey": {
        "path": "/var/ssh/restnoded/privatessh.key"
    },
    "bigIqSettings": {
        "failImportOnConflict": false,
        "conflictPolicy": "USE_BIGIQ",
        "deviceConflictPolicy": "USE_BIGIP",
        "versionedConflictPolicy": "KEEP_VERSION",
        "statsConfig": {
            "enabled": true,
            "zone": "default"
        },
        "snapshotWorkingConfig": false
    }
}

Back to top


Using an external authentication provider for BIG-IQ licensing

In this example, we show how you can reference an external auth provider for BIG-IQ license calls using the bigiqAuthProvider property introduced in DO 1.18. The default is to use TMOS as the authentication provider. For more information on BIG-IQ authentication tokens, see Auth Token by Login in the BIG-IQ API reference.

To use this property in your declaration, you must have an existing authentication provider defined on your BIG-IQ. For information on configuring authentication providers, see the BIG-IQ documentation (for example, the LDAP User Authentication chapter gives information on configuring an LDAP authentication provider in BIG-IQ 7.0).

{
    "schemaVersion": "1.18.0",
    "class": "Device",
    "async": true,
    "label": "License BIG-IP via BIG-IQ using an external auth provider",
    "Common": {
        "class": "Tenant",
        "hostname": "bigip.example.com",
        "myLicense": {
            "class": "License",
            "licenseType": "licensePool",
            "bigIqHost": "10.0.1.200",
            "bigIqUsername": "myLdapUser",
            "bigIqPassword": "myLdapPassword",
            "bigIqAuthProvider": "myLdapAuthProvider",
            "licensePool": "myUtilityLicense",
            "skuKeyword1": "key1",
            "skuKeyword2": "key2",
            "unitOfMeasure": "hourly",
            "reachable": true,
            "bigIpUsername": "admin",
            "bigIpPassword": "asdfjkl"
        }
    }
}

Back to top


Onboarding a BIG-IP in Alibaba via BIG-IQ

In this example, we show how to specify the Alibaba hypervisor in a Declarative Onboarding declaration via BIG-IQ (no route). BIG-IQ itself uses the hex value 0x01000013 for Alibaba to work around a known issue. DO v1.21 adds the ability to specify this hex value in the hypervisor property when licensing using a BIG-IQ pool.

{
    "schemaVersion": "1.22.0",
    "class": "Device",
    "async": true,
    "label": "License BIG-IP via BIG-IQ purchased pool license when BIG-IP is not reachable from BIG-IQ",
    "Common": {
        "class": "Tenant",
        "hostname": "bigip.example.com",
        "myLicense": {
            "class": "License",
            "licenseType": "licensePool",
            "bigIqHost": "10.0.1.200",
            "bigIqUsername": "admin",
            "bigIqPassword": "myPassword1",
            "licensePool": "myPurchasedPool",
            "regKey": "ABCDE-FGHIJ-KLMNO-PQRST-UVWXYZZ",
            "reachable": false,
            "hypervisor": "0x01000013",
            "tenant": "Optional custom descriptor"
        }
    }
}

Back to top