Miscellaneous Examples

The following are miscellaneous example declarations for BIG-IP.

Configuring HTTPD settings in a declaration

In this example, we show how you can configure HTTPD (HTTP daemon) settings in a Declarative Onboarding declaration. For usage and options, see HTTPD in the Schema Reference.

Note

If you use the BIG-IP Configuration utility, we recommend you exit the utility before changes are made to the system using the HTTPD component. Making changes to the system using this component causes a restart of the httpd daemon, and restarting the httpd daemon requires a restart of the Configuration utility.

In the following declaration, we show only the HTTPD class. You can use this class as a part of a larger Declarative Onboarding declaration.

{
    "schemaVersion": "1.8.0",
    "class": "Device",
    "async": false,
    "Common": {
        "class": "Tenant",
        "httpdSettings": {
            "class": "HTTPD",
            "allow": [
                "10.10.0.0/24",
                "10.11.1.2"
            ],
            "authPamIdleTimeout": 86400,
            "maxClients": 10,
            "sslCiphersuite": [
                "ECDHE-RSA-AES128-GCM-SHA256",
                "ECDHE-RSA-AES256-GCM-SHA384",
                "ECDHE-RSA-AES128-SHA",
                "ECDHE-RSA-AES256-SHA",
                "ECDHE-RSA-AES128-SHA256",
                "ECDHE-RSA-AES256-SHA384",
                "ECDHE-ECDSA-AES128-GCM-SHA256",
                "ECDHE-ECDSA-AES256-GCM-SHA384",
                "ECDHE-ECDSA-AES128-SHA",
                "ECDHE-ECDSA-AES256-SHA",
                "ECDHE-ECDSA-AES128-SHA256",
                "ECDHE-ECDSA-AES256-SHA384",
                "AES128-GCM-SHA256",
                "AES256-GCM-SHA384",
                "AES128-SHA",
                "AES256-SHA",
                "AES128-SHA256"
            ],
            "sslProtocol": "all -SSLv2 -SSLv3 -TLSv1"
        }
    }
}

Back to top


Configuring System settings in a declaration

In this example, we show how you can configure some System settings in a Declarative Onboarding declaration. This enables you to set auto-timeout values for serial console (CLI) and TMSH interactive mode sessions, as well as set a hostname, if you have not set one in the Common class.

Important

If you set a hostname in the Common class, you cannot use the hostname property in the System class; they are mutually exclusive.

For usage and options, see System in the Schema Reference.

DO 1.13 introduced the ability to disable the automatic update check feature. The autoCheck property controls whether the BIG-IP checks for and recommends software updates. See K15000 for more information.

In the following declaration, we show only the System class (including autoCheck introduced in 1.13). You can use this class as a part of a larger Declarative Onboarding declaration.

Important: If you try to use this declaration with a DO version prior to 1.13, it will fail. Either upgrade to 1.13, or remove the autoCheck line.

{
    "schemaVersion": "1.13.0",
    "class": "Device",
    "label": "Configuring System",
    "async": true,
    "Common": {
        "class": "Tenant",
        "mySystem": {
            "class": "System",
            "hostname": "my.bigip.com",
            "cliInactivityTimeout": 1200,
            "consoleInactivityTimeout": 1200,
            "autoCheck": false,
            "autoPhonehome": true
        }
    }
}

Back to top


Using the userAgent Controls property

In this example, we show how you can use the userAgent property in the new Controls class. The userAgent property allows you to set a unique identifier in usage data.

This declaration includes the Controls class with userAgent set to BIG-IQ/7.1 Configured by API.

See Device_Controls in the Schema Reference for more information.

{
    "schemaVersion": "1.12.0",
    "class": "Device",
    "label": "Configuring System",
    "async": true,
    "controls": {
        "class": "Controls",
        "userAgent": "BIG-IQ/7.1 Configured by API"
    },
    "Common": {
        "class": "Tenant",
        "mySystem": {
            "class": "System",
            "hostname": "my.bigip.com",
            "cliInactivityTimeout": 1200,
            "consoleInactivityTimeout": 1200,
            "autoPhonehome": true
        }
    }
}

Back to top


Enabling traces in DO responses

In this example, we show how you can use the trace and traceResponse properties to enable more visibility into what DO is configuring. These properties are included in the Device_Controls class.

Warning

Trace files may contain sensitive configuration data.

When trace is set to true (the default is false), DO creates a detailed trace of the configuration process for subsequent analysis. This information is written to files in the /tmp directory where DO is running.
The files are:

  • /tmp/DO_current.json
  • /tmp/DO_desired.json
  • /tmp/DO_diff.json

When traceResponse is set to true (the default is false), the response (or response to a subsequent GET request in the case of asynchronous requests) contains the same information that would be found in the trace files.

This example shows both the declaration and the response from DO.

{
    "schemaVersion": "1.15.0",
    "class": "Device",
    "async": true,
    "webhook": "https://example.com/myHook",
    "label": "my BIG-IP declaration for declarative onboarding",
    "controls": {
        "trace": true,
        "traceResponse": true
    },
    "Common": {
        "class": "Tenant",
        "mySystem": {
            "class": "System",
            "hostname": "bigip.example.com",
            "cliInactivityTimeout": 1200,
            "consoleInactivityTimeout": 1200,
            "autoPhonehome": false
        }
    }
}

Example Response
Here is the response returned by DO from the declaration, showing the trace for the tenant (your output will vary based on the configuration of your device).

{
    "id": "e34cd96e-a1dc-4432-9efa-ff687e09117f",
    "selfLink": "https://localhost/mgmt/shared/declarative-onboarding/task/e34cd96e-a1dc-4432-9efa-ff687e09117f",
    "result": {
       "class": "Result",
       "code": 200,
       "status": "OK",
       "message": "success"
    },
    "declaration": {
       "schemaVersion": "1.15.0",
       "class": "Device",
       "async": true,
       "webhook": "https://example.com/myHook",
       "label": "my BIG-IP declaration for declarative onboarding",
       "controls": {
             "trace": true,
             "traceResponse": true
       },
       "Common": {
             "class": "Tenant",
             "mySystem": {
                "class": "System",
                "hostname": "bigip.example.com",
                "cliInactivityTimeout": 1200,
                "consoleInactivityTimeout": 1200,
                "autoPhonehome": false
             }
       }
    },
    "traces": {
       "desired": {
             "Common": {
                "System": {
                   "hostname": "bigip.example.com",
                   "cliInactivityTimeout": 1200,
                   "consoleInactivityTimeout": 1200,
                   "autoPhonehome": false
                },
                "DNS": {
                   "nameServers": [
                         "172.27.1.1"
                   ],
                   "search": [
                         "localhost"
                   ]
                },
                "NTP": {
                   "timezone": "America/Los_Angeles"
                },
                "Provision": {
                   "afm": "none",
                   "am": "none",
                   "apm": "none",
                   "asm": "none",
                   "avr": "none",
                   "cgnat": "none",
                   "dos": "none",
                   "fps": "none",
                   "gtm": "none",
                   "ilx": "none",
                   "lc": "none",
                   "ltm": "nominal",
                   "pem": "none",
                   "sslo": "none",
                   "swg": "none",
                   "urldb": "none"
                },
                "VLAN": {},
                "DNS_Resolver": {
                   "f5-aws-dns": {
                         "name": "f5-aws-dns",
                         "answerDefaultZones": false,
                         "cacheSize": 5767168,
                         "randomizeQueryNameCase": true,
                         "routeDomain": "0",
                         "useIpv4": true,
                         "useIpv6": true,
                         "useTcp": true,
                         "useUdp": true,
                         "forwardZones": [
                            {
                               "name": "amazonaws.com",
                               "nameservers": [
                                     {
                                        "name": "8.8.8.8:53"
                                     }
                               ]
                            },
                            {
                               "name": "idservice.net",
                               "nameservers": [
                                     {
                                        "name": "8.8.8.8:53"
                                     }
                               ]
                            }
                         ]
                   }
                },
                "Trunk": {},
                "SelfIp": {},
                "Route": {},
                "ConfigSync": {
                   "configsyncIp": "none"
                },
                "FailoverUnicast": {
                   "unicastAddress": "none"
                },
                "ManagementRoute": {
                   "default": {
                         "name": "default",
                         "mtu": 0,
                         "network": "default",
                         "gw": "10.145.127.254"
                   }
                },
                "RouteDomain": {
                   "0": {
                         "name": "0",
                         "connectionLimit": 0,
                         "id": 0,
                         "strict": true,
                         "vlans": [
                            "/Common/http-tunnel",
                            "/Common/socks-tunnel",
                            "/Common/external",
                            "/Common/internal"
                         ]
                   }
                },
                "Authentication": {
                   "fallback": false,
                   "enabledSourceType": "local",
                   "remoteUsersDefaults": {
                         "role": "no-access",
                         "partitionAccess": "all",
                         "terminalAccess": "disabled"
                   }
                },
                "RemoteAuthRole": {},
                "SnmpAgent": {
                   "contact": "Customer Name <admin@customer.com>",
                   "location": "Network Closet 1",
                   "allowList": [
                         "127.0.0.0/8"
                   ]
                },
                "SnmpTrapEvents": {
                   "device": true,
                   "authentication": false,
                   "agentStartStop": true
                },
                "SnmpUser": {},
                "SnmpCommunity": {
                   "comm-public": {
                         "name": "public",
                         "access": "ro",
                         "ipv6": false,
                         "source": "default"
                   }
                },
                "SnmpTrapDestination": {},
                "DagGlobals": {
                   "icmpHash": "icmp",
                   "roundRobinMode": "global",
                   "ipv6PrefixLength": 128
                },
                "TrafficControl": {
                   "acceptIpOptions": false,
                   "acceptIpSourceRoute": false,
                   "allowIpSourceRoute": false,
                   "continueMatching": false,
                   "maxIcmpRate": 100,
                   "maxRejectRate": 250,
                   "maxRejectRateTimeout": 30,
                   "minPathMtu": 296,
                   "pathMtuDiscovery": true,
                   "portFindThresholdTimeout": 30,
                   "portFindThresholdTrigger": 8,
                   "portFindThresholdWarning": true,
                   "rejectUnmatched": true,
                   "maxPortFindLinear": 16,
                   "maxPortFindRandom": 16
                },
                "HTTPD": {
                   "allow": [
                         "All"
                   ],
                   "authPamIdleTimeout": 1200,
                   "maxClients": 10,
                   "sslCiphersuite": [
                         "ECDHE-RSA-AES128-GCM-SHA256",
                         "ECDHE-RSA-AES256-GCM-SHA384",
                         "ECDHE-RSA-AES128-SHA",
                         "ECDHE-RSA-AES256-SHA",
                         "ECDHE-RSA-AES128-SHA256",
                         "ECDHE-RSA-AES256-SHA384",
                         "ECDHE-ECDSA-AES128-GCM-SHA256",
                         "ECDHE-ECDSA-AES256-GCM-SHA384",
                         "ECDHE-ECDSA-AES128-SHA",
                         "ECDHE-ECDSA-AES256-SHA",
                         "ECDHE-ECDSA-AES128-SHA256",
                         "ECDHE-ECDSA-AES256-SHA384",
                         "AES128-GCM-SHA256",
                         "AES256-GCM-SHA384",
                         "AES128-SHA",
                         "AES256-SHA",
                         "AES128-SHA256",
                         "AES256-SHA256"
                   ],
                   "sslProtocol": "all -SSLv2 -SSLv3 -TLSv1"
                },
                "SSHD": {
                   "inactivityTimeout": 0
                },
                "Tunnel": {
                   "http-tunnel": {
                         "name": "http-tunnel",
                         "mtu": 0,
                         "usePmtu": true,
                         "autoLastHop": "default",
                         "tunnelType": "tcp-forward",
                         "typeOfService": "preserve"
                   },
                   "socks-tunnel": {
                         "name": "socks-tunnel",
                         "mtu": 0,
                         "usePmtu": true,
                         "autoLastHop": "default",
                         "tunnelType": "tcp-forward",
                         "typeOfService": "preserve"
                   }
                },
                "TrafficGroup": {
                   "traffic-group-1": {
                         "name": "traffic-group-1",
                         "autoFailbackEnabled": "false",
                         "autoFailbackTime": 60,
                         "failoverMethod": "ha-order",
                         "haLoadFactor": 1
                   },
                   "traffic-group-local-only": {
                         "name": "traffic-group-local-only",
                         "autoFailbackEnabled": "false",
                         "autoFailbackTime": 60,
                         "failoverMethod": "ha-order",
                         "haLoadFactor": 1
                   }
                }
             },
             "parsed": true
       },
       "current": {
             "parsed": true,
             "Common": {
                "System": {
                   "consoleInactivityTimeout": 1200,
                   "hostname": "bigip.example.com",
                   "guiAuditLog": false,
                   "cliInactivityTimeout": 1200,
                   "tmshAuditLog": true,
                   "autoCheck": true,
                   "autoPhonehome": false
                },
                "Provision": {
                   "afm": "none",
                   "am": "none",
                   "apm": "none",
                   "asm": "none",
                   "avr": "none",
                   "cgnat": "none",
                   "dos": "none",
                   "fps": "none",
                   "gtm": "none",
                   "ilx": "none",
                   "lc": "none",
                   "ltm": "nominal",
                   "pem": "none",
                   "sslo": "none",
                   "swg": "none",
                   "urldb": "none"
                },
                "NTP": {
                   "timezone": "America/Los_Angeles"
                },
                "DNS": {
                   "nameServers": [
                         "172.27.1.1"
                   ],
                   "search": [
                         "localhost"
                   ]
                },
                "DNS_Resolver": {
                   "f5-aws-dns": {
                         "name": "f5-aws-dns",
                         "answerDefaultZones": false,
                         "cacheSize": 5767168,
                         "randomizeQueryNameCase": true,
                         "routeDomain": "0",
                         "useIpv4": true,
                         "useIpv6": true,
                         "useTcp": true,
                         "useUdp": true,
                         "forwardZones": [
                            {
                               "name": "amazonaws.com",
                               "nameservers": [
                                     {
                                        "name": "8.8.8.8:53"
                                     }
                               ]
                            },
                            {
                               "name": "idservice.net",
                               "nameservers": [
                                     {
                                        "name": "8.8.8.8:53"
                                     }
                               ]
                            }
                         ]
                   }
                },
                "Trunk": {},
                "VLAN": {
                   "external": {
                         "name": "external",
                         "cmpHash": "default",
                         "failsafeAction": "failover-restart-tm",
                         "failsafeTimeout": 90,
                         "mtu": 1500,
                         "tag": 4094,
                         "failsafeEnabled": false,
                         "interfaces": [
                            {
                               "name": "1.1",
                               "tagged": false
                            }
                         ]
                   },
                   "internal": {
                         "name": "internal",
                         "cmpHash": "default",
                         "failsafeAction": "failover-restart-tm",
                         "failsafeTimeout": 90,
                         "mtu": 1500,
                         "tag": 4093,
                         "failsafeEnabled": false,
                         "interfaces": [
                            {
                               "name": "1.2",
                               "tagged": false
                            }
                         ]
                   }
                },
                "SelfIp": {
                   "external-self": {
                         "name": "external-self",
                         "address": "10.20.0.100/24",
                         "trafficGroup": "traffic-group-local-only",
                         "vlan": "external",
                         "allowService": "none"
                   },
                   "internal-self": {
                         "name": "internal-self",
                         "address": "10.10.0.100/24",
                         "trafficGroup": "traffic-group-local-only",
                         "vlan": "internal",
                         "allowService": "default"
                   }
                },
                "Route": {},
                "ConfigSync": {
                   "configsyncIp": "none"
                },
                "FailoverUnicast": {
                   "addressPorts": "none"
                },
                "TrafficGroup": {
                   "traffic-group-1": {
                         "name": "traffic-group-1",
                         "autoFailbackEnabled": "false",
                         "autoFailbackTime": 60,
                         "failoverMethod": "ha-order",
                         "haLoadFactor": 1
                   },
                   "traffic-group-local-only": {
                         "name": "traffic-group-local-only",
                         "autoFailbackEnabled": "false",
                         "autoFailbackTime": 60,
                         "failoverMethod": "ha-order",
                         "haLoadFactor": 1
                   }
                },
                "MAC_Masquerade": {
                   "traffic-group-1": {
                         "mac": "none",
                         "trafficGroup": "traffic-group-1"
                   },
                   "traffic-group-local-only": {
                         "mac": "none",
                         "trafficGroup": "traffic-group-local-only"
                   }
                },
                "ManagementRoute": {
                   "default": {
                         "name": "default",
                         "mtu": 0,
                         "network": "default",
                         "gw": "10.145.127.254"
                   }
                },
                "SyslogRemoteServer": {},
                "Authentication": {
                   "fallback": false,
                   "enabledSourceType": "local",
                   "remoteUsersDefaults": {
                         "role": "no-access",
                         "partitionAccess": "all",
                         "terminalAccess": "disabled"
                   }
                },
                "RouteDomain": {
                   "0": {
                         "name": "0",
                         "connectionLimit": 0,
                         "id": 0,
                         "strict": true,
                         "vlans": [
                            "/Common/http-tunnel",
                            "/Common/socks-tunnel",
                            "/Common/external",
                            "/Common/internal"
                         ]
                   }
                },
                "RemoteAuthRole": {},
                "SnmpTrapEvents": {
                   "device": true,
                   "authentication": false,
                   "agentStartStop": true
                },
                "SnmpTrapDestination": {},
                "SnmpAgent": {
                   "contact": "Customer Name <admin@customer.com>",
                   "location": "Network Closet 1",
                   "allowList": [
                         "127.0.0.0/8"
                   ]
                },
                "SnmpUser": {},
                "SnmpCommunity": {
                   "comm-public": {
                         "name": "public",
                         "access": "ro",
                         "ipv6": false,
                         "source": "default"
                   }
                },
                "DagGlobals": {
                   "icmpHash": "icmp",
                   "roundRobinMode": "global",
                   "ipv6PrefixLength": 128
                },
                "HTTPD": {
                   "allow": [
                         "All"
                   ],
                   "authPamIdleTimeout": 1200,
                   "maxClients": 10,
                   "sslCiphersuite": [
                         "ECDHE-RSA-AES128-GCM-SHA256",
                         "ECDHE-RSA-AES256-GCM-SHA384",
                         "ECDHE-RSA-AES128-SHA",
                         "ECDHE-RSA-AES256-SHA",
                         "ECDHE-RSA-AES128-SHA256",
                         "ECDHE-RSA-AES256-SHA384",
                         "ECDHE-ECDSA-AES128-GCM-SHA256",
                         "ECDHE-ECDSA-AES256-GCM-SHA384",
                         "ECDHE-ECDSA-AES128-SHA",
                         "ECDHE-ECDSA-AES256-SHA",
                         "ECDHE-ECDSA-AES128-SHA256",
                         "ECDHE-ECDSA-AES256-SHA384",
                         "AES128-GCM-SHA256",
                         "AES256-GCM-SHA384",
                         "AES128-SHA",
                         "AES256-SHA",
                         "AES128-SHA256",
                         "AES256-SHA256"
                   ],
                   "sslProtocol": "all -SSLv2 -SSLv3 -TLSv1"
                },
                "TrafficControl": {
                   "acceptIpOptions": false,
                   "acceptIpSourceRoute": false,
                   "allowIpSourceRoute": false,
                   "continueMatching": false,
                   "maxIcmpRate": 100,
                   "maxRejectRate": 250,
                   "maxRejectRateTimeout": 30,
                   "minPathMtu": 296,
                   "pathMtuDiscovery": true,
                   "portFindThresholdTimeout": 30,
                   "portFindThresholdTrigger": 8,
                   "portFindThresholdWarning": true,
                   "rejectUnmatched": true,
                   "maxPortFindLinear": 16,
                   "maxPortFindRandom": 16
                },
                "SSHD": {
                   "allow": [
                         "ALL"
                   ],
                   "inactivityTimeout": 0
                },
                "Tunnel": {
                   "http-tunnel": {
                         "name": "http-tunnel",
                         "mtu": 0,
                         "usePmtu": true,
                         "autoLastHop": "default",
                         "tunnelType": "tcp-forward",
                         "typeOfService": "preserve"
                   },
                   "socks-tunnel": {
                         "name": "socks-tunnel",
                         "mtu": 0,
                         "usePmtu": true,
                         "autoLastHop": "default",
                         "tunnelType": "tcp-forward",
                         "typeOfService": "preserve"
                   }
                },
                "Disk": {
                   "applicationData": 26128384
                }
             }
       },
       "diff": [
             {
                "kind": "D",
                "path": [
                   "Common",
                   "System",
                   "guiAuditLog"
                ],
                "lhs": false
             },
             {
                "kind": "D",
                "path": [
                   "Common",
                   "System",
                   "tmshAuditLog"
                ],
                "lhs": true
             },
             {
                "kind": "D",
                "path": [
                   "Common",
                   "System",
                   "autoCheck"
                ],
                "lhs": true
             },
             {
                "kind": "D",
                "path": [
                   "Common",
                   "VLAN",
                   "external"
                ],
                "lhs": {
                   "name": "external",
                   "cmpHash": "default",
                   "failsafeAction": "failover-restart-tm",
                   "failsafeTimeout": 90,
                   "mtu": 1500,
                   "tag": 4094,
                   "failsafeEnabled": false,
                   "interfaces": [
                         {
                            "name": "1.1",
                            "tagged": false
                         }
                   ]
                }
             },
             {
                "kind": "D",
                "path": [
                   "Common",
                   "VLAN",
                   "internal"
                ],
                "lhs": {
                   "name": "internal",
                   "cmpHash": "default",
                   "failsafeAction": "failover-restart-tm",
                   "failsafeTimeout": 90,
                   "mtu": 1500,
                   "tag": 4093,
                   "failsafeEnabled": false,
                   "interfaces": [
                         {
                            "name": "1.2",
                            "tagged": false
                         }
                   ]
                }
             },
             {
                "kind": "D",
                "path": [
                   "Common",
                   "SelfIp",
                   "external-self"
                ],
                "lhs": {
                   "name": "external-self",
                   "address": "10.20.0.100/24",
                   "trafficGroup": "traffic-group-local-only",
                   "vlan": "external",
                   "allowService": "none"
                }
             },
             {
                "kind": "D",
                "path": [
                   "Common",
                   "SelfIp",
                   "internal-self"
                ],
                "lhs": {
                   "name": "internal-self",
                   "address": "10.10.0.100/24",
                   "trafficGroup": "traffic-group-local-only",
                   "vlan": "internal",
                   "allowService": "default"
                }
             },
             {
                "kind": "D",
                "path": [
                   "Common",
                   "FailoverUnicast",
                   "addressPorts"
                ],
                "lhs": "none"
             },
             {
                "kind": "N",
                "path": [
                   "Common",
                   "FailoverUnicast",
                   "unicastAddress"
                ],
                "rhs": "none"
             },
             {
                "kind": "D",
                "path": [
                   "Common",
                   "SSHD",
                   "allow"
                ],
                "lhs": [
                   "ALL"
                ]
             },
             {
                "kind": "D",
                "path": [
                   "Common",
                   "Disk"
                ],
                "lhs": {
                   "applicationData": 26128384
                }
             }
       ]
    },
    "lastUpdate": "2020-08-24T16:44:41.140Z"
 }

Creating Routes in the LOCAL_ONLY partition

This example shows how to create a route in a special LOCAL_ONLY partition/tenant using the new localOnly property in the Route class. When using this feature, if this partition doesn’t exist, Declarative Onboarding creates it.

This partition is required to configure an Amazon Web Services (AWS) Across Network cluster.

See Route in the Schema Reference for DO usage and options.

Important notes:
  • While DO can create the LOCAL_ONLY partition if it does not exist, it cannot currently delete it, and the partition will remain even if you delete the DO configuration.
  • A Route cannot be directly swapped from one partition to another. If you attempt to swap value of localOnly, the declaration will fail. As a workaround, change the network of the Route to another IP and set localOnly to what you want it to be. Submit that using DO. Once that is complete, you can change the network to the desired value.
{
    "schemaVersion": "1.15.0",
    "class": "Device",
    "async": true,
    "Common": {
        "class": "Tenant",
        "hostname": "bigip.example.com",
        "newVlan": {
            "class": "VLAN",
            "tag": 100,
            "interfaces": [
                {
                    "name": "1.1",
                    "tagged": true
                }
            ]
        },
        "localRoute": {
            "class": "Route",
            "target": "newVlan",
            "network": "10.1.0.244/32",
            "localOnly": true
        },
        "newSelfIp": {
            "class": "SelfIp",
            "address": "10.1.0.20/32",
            "vlan": "newVlan"
        }
    }
}

Back to top


Warning users the BIG-IP is under AS3 automation

This example shows how you can use Declarative Onboarding to discourage unintended configuration changes to a device that is managed by AS3. This example configures an advisory banner using the DbVariables class.

{
    "class": "DO",
    "declaration": {
        "schemaVersion": "1.11.0",
        "class": "Device",
        "async": true,
        "Common": {
            "class": "Tenant",
            "myDbVariables": {
                "class": "DbVariables",
                "ui.advisory.enabled": "true",
                "ui.advisory.color": "red",
                "ui.advisory.text": "Configuration deployed with AS3. Do not make any change directly on the BIG-IP or those changes may be lost."
            }
        }
    }
}

Back to top


Increasing the memory allocated to the restjavad daemon

This example shows how you can use Declarative Onboarding to increase the amount of memory allocated to restjavad, using the DbVariables class.

See (see Why is my BIG-IP experiencing occasional high CPU usage and slower performance?) for reasons you may want to increase this memory allocation.

{
    "schemaVersion": "1.0.0",
    "class": "Device",
    "async": "true",
    "Common": {
        "class": "Tenant",
        "dbvars": {
            "class": "DbVariables",
            "provision.extramb": 1000,
            "restjavad.useextramb": true
        }
    }
}

Back to top


Using the dryRun Controls property to test the declaration without deploying it

In this example, we show how you can use the dryRun property in the Device_Controls class.

When dryRun is set to true (the default is false) Declarative Onboarding sends the declaration through all validation checks but does not attempt to deploy the configuration on the target device. The response contains information on what would have been deployed (a diff between the existing configuration and what the declaration would deploy). This can be useful for testing and debugging declarations.

Note

Declarative Onboarding does not report information (diffs) on items such as licensing, users, or device trust.

See Device_Controls in the Schema Reference for more information.

{
    "schemaVersion": "1.23.0",
    "class": "Device",
    "async": true,
    "label": "my BIG-IP declaration for declarative onboarding",
    "controls": {
        "trace": true,
        "traceResponse": true,
        "dryRun": true
    },
    "Common": {
        "class": "Tenant",
        "mySystem": {
            "class": "System",
            "hostname": "bigip.example.com",
            "cliInactivityTimeout": 1200,
            "consoleInactivityTimeout": 1200,
            "autoPhonehome": false
        }
    }
}

Back to top