Miscellaneous Examples¶
The following are miscellaneous example declarations for BIG-IP.
Configuring HTTPD settings in a declaration¶
In this example, we show how you can configure HTTPD (HTTP daemon) settings in a BIG-IP Declarative Onboarding declaration. For usage and options, see HTTPD in the Schema Reference.
Note
If you use the BIG-IP Configuration utility, we recommend you exit the utility before changes are made to the system using the HTTPD component. Making changes to the system using this component causes a restart of the httpd daemon, and restarting the httpd daemon requires a restart of the Configuration utility.
In the following declaration, we show only the HTTPD class. You can use this class as a part of a larger BIG-IP Declarative Onboarding declaration.
{
"schemaVersion": "1.8.0",
"class": "Device",
"async": false,
"Common": {
"class": "Tenant",
"httpdSettings": {
"class": "HTTPD",
"allow": [
"10.10.0.0/24",
"10.11.1.2"
],
"authPamIdleTimeout": 86400,
"maxClients": 10,
"sslCiphersuite": [
"ECDHE-RSA-AES128-GCM-SHA256",
"ECDHE-RSA-AES256-GCM-SHA384",
"ECDHE-RSA-AES128-SHA",
"ECDHE-RSA-AES256-SHA",
"ECDHE-RSA-AES128-SHA256",
"ECDHE-RSA-AES256-SHA384",
"ECDHE-ECDSA-AES128-GCM-SHA256",
"ECDHE-ECDSA-AES256-GCM-SHA384",
"ECDHE-ECDSA-AES128-SHA",
"ECDHE-ECDSA-AES256-SHA",
"ECDHE-ECDSA-AES128-SHA256",
"ECDHE-ECDSA-AES256-SHA384",
"AES128-GCM-SHA256",
"AES256-GCM-SHA384",
"AES128-SHA",
"AES256-SHA",
"AES128-SHA256",
"!ADH",
"!MEDIUM",
"!EXPORT",
"!eNULL"
],
"sslProtocol": "all -SSLv2 -SSLv3 -TLSv1"
}
}
}
Configuring System settings in a declaration¶
In this example, we show how you can configure some System settings in a BIG-IP Declarative Onboarding declaration. This enables you to set auto-timeout values for serial console (CLI) and TMSH interactive mode sessions, as well as set a hostname, if you have not set one in the Common class.
Important
If you set a hostname in the Common class, you cannot use the hostname property in the System class; they are mutually exclusive.
For usage and options, see System in the Schema Reference.
BIG-IP DO 1.13 introduced the ability to disable the automatic update check feature. The autoCheck property controls whether the BIG-IP checks for and recommends software updates. See K15000 for more information.
BIG-IP DO 1.32 introduced the ability to modify the default security banner on the logon screen of the user interface using the guiSecurityBanner and guiSecurityBannerText properties. When guiSecurityBanner is set to true, you specify the text you want to display in the guiSecurityBannerText property. If you set guiSecurityBanner to false, the system presents an empty frame in the right portion of the login screen.
BIG-IP DO 1.40 introduced the ability to configure the username and password prompts (see the specific example) on this page.
In the following declaration, we show only the System class (including autoCheck introduced in 1.13, and the GUI security banner options in 1.32). You can use this class as a part of a larger BIG-IP Declarative Onboarding declaration.
Important: If you try to use this declaration with a BIG-IP DO version prior to 1.40, it will fail. Either upgrade BIG-IP DO to 1.40, or remove the lines (highlighted in yellow) and the comma at the end of the previous line.
{
"schemaVersion": "1.13.0",
"class": "Device",
"label": "Configuring System",
"async": true,
"Common": {
"class": "Tenant",
"mySystem": {
"class": "System",
"hostname": "my.bigip.com",
"cliInactivityTimeout": 1200,
"consoleInactivityTimeout": 1200,
"autoCheck": false,
"autoPhonehome": true,
"guiSecurityBanner": true,
"guiSecurityBannerText": "Authorized access only\n\nLogin on the left",
"usernamePrompt": "Your username:",
"passwordPrompt": "Your password:"
}
}
}
Using the userAgent Controls property¶
In this example, we show how you can use the userAgent property in the new Controls class. The userAgent property allows you to set a unique identifier in usage data.
This declaration includes the Controls class with userAgent set to BIG-IQ/7.1 Configured by API.
See Device_Controls in the Schema Reference for more information.
{
"schemaVersion": "1.12.0",
"class": "Device",
"label": "Configuring System",
"async": true,
"controls": {
"class": "Controls",
"userAgent": "BIG-IQ/7.1 Configured by API"
},
"Common": {
"class": "Tenant",
"mySystem": {
"class": "System",
"hostname": "my.bigip.com",
"cliInactivityTimeout": 1200,
"consoleInactivityTimeout": 1200,
"autoPhonehome": true
}
}
}
Enabling traces in BIG-IP DO responses¶
In this example, we show how you can use the trace and traceResponse properties to enable more visibility into what BIG-IP DO is configuring. These properties are included in the Device_Controls class.
Warning
Trace files may contain sensitive configuration data.
When trace is set to true (the default is false), BIG-IP DO creates a detailed trace of the configuration process for subsequent analysis. This information is written to files in the /tmp directory where BIG-IP DO is running.
The files are:
- /tmp/DO_current.json
- /tmp/DO_desired.json
- /tmp/DO_diff.json
When traceResponse is set to true (the default is false), the response (or response to a subsequent GET request in the case of asynchronous requests) contains the same information that would be found in the trace files.
This example shows both the declaration and the response from BIG-IP DO.
{
"schemaVersion": "1.15.0",
"class": "Device",
"async": true,
"webhook": "https://example.com/myHook",
"label": "my BIG-IP declaration for declarative onboarding",
"controls": {
"trace": true,
"traceResponse": true
},
"Common": {
"class": "Tenant",
"mySystem": {
"class": "System",
"hostname": "bigip.example.com",
"cliInactivityTimeout": 1200,
"consoleInactivityTimeout": 1200,
"autoPhonehome": false
}
}
}
Example Response
Here is the response returned by BIG-IP DO from the declaration, showing the trace for the tenant (your output will vary based on the configuration of your device).
{
"id": "e34cd96e-a1dc-4432-9efa-ff687e09117f",
"selfLink": "https://localhost/mgmt/shared/declarative-onboarding/task/e34cd96e-a1dc-4432-9efa-ff687e09117f",
"result": {
"class": "Result",
"code": 200,
"status": "OK",
"message": "success"
},
"declaration": {
"schemaVersion": "1.15.0",
"class": "Device",
"async": true,
"webhook": "https://example.com/myHook",
"label": "my BIG-IP declaration for declarative onboarding",
"controls": {
"trace": true,
"traceResponse": true
},
"Common": {
"class": "Tenant",
"mySystem": {
"class": "System",
"hostname": "bigip.example.com",
"cliInactivityTimeout": 1200,
"consoleInactivityTimeout": 1200,
"autoPhonehome": false
}
}
},
"traces": {
"desired": {
"Common": {
"System": {
"hostname": "bigip.example.com",
"cliInactivityTimeout": 1200,
"consoleInactivityTimeout": 1200,
"autoPhonehome": false
},
"DNS": {
"nameServers": [
"172.27.1.1"
],
"search": [
"localhost"
]
},
"NTP": {
"timezone": "America/Los_Angeles"
},
"Provision": {
"afm": "none",
"am": "none",
"apm": "none",
"asm": "none",
"avr": "none",
"cgnat": "none",
"dos": "none",
"fps": "none",
"gtm": "none",
"ilx": "none",
"lc": "none",
"ltm": "nominal",
"pem": "none",
"sslo": "none",
"swg": "none",
"urldb": "none"
},
"VLAN": {},
"DNS_Resolver": {
"f5-aws-dns": {
"name": "f5-aws-dns",
"answerDefaultZones": false,
"cacheSize": 5767168,
"randomizeQueryNameCase": true,
"routeDomain": "0",
"useIpv4": true,
"useIpv6": true,
"useTcp": true,
"useUdp": true,
"forwardZones": [
{
"name": "amazonaws.com",
"nameservers": [
{
"name": "8.8.8.8:53"
}
]
},
{
"name": "idservice.net",
"nameservers": [
{
"name": "8.8.8.8:53"
}
]
}
]
}
},
"Trunk": {},
"SelfIp": {},
"Route": {},
"ConfigSync": {
"configsyncIp": "none"
},
"FailoverUnicast": {
"unicastAddress": "none"
},
"ManagementRoute": {
"default": {
"name": "default",
"mtu": 0,
"network": "default",
"gw": "10.145.127.254"
}
},
"RouteDomain": {
"0": {
"name": "0",
"connectionLimit": 0,
"id": 0,
"strict": true,
"vlans": [
"/Common/http-tunnel",
"/Common/socks-tunnel",
"/Common/external",
"/Common/internal"
]
}
},
"Authentication": {
"fallback": false,
"enabledSourceType": "local",
"remoteUsersDefaults": {
"role": "no-access",
"partitionAccess": "all",
"terminalAccess": "disabled"
}
},
"RemoteAuthRole": {},
"SnmpAgent": {
"contact": "Customer Name <admin@customer.com>",
"location": "Network Closet 1",
"allowList": [
"192.0.2.0/8"
]
},
"SnmpTrapEvents": {
"device": true,
"authentication": false,
"agentStartStop": true
},
"SnmpUser": {},
"SnmpCommunity": {
"comm-public": {
"name": "public",
"access": "ro",
"ipv6": false,
"source": "default"
}
},
"SnmpTrapDestination": {},
"DagGlobals": {
"icmpHash": "icmp",
"roundRobinMode": "global",
"ipv6PrefixLength": 128
},
"TrafficControl": {
"acceptIpOptions": false,
"acceptIpSourceRoute": false,
"allowIpSourceRoute": false,
"continueMatching": false,
"maxIcmpRate": 100,
"maxRejectRate": 250,
"maxRejectRateTimeout": 30,
"minPathMtu": 296,
"pathMtuDiscovery": true,
"portFindThresholdTimeout": 30,
"portFindThresholdTrigger": 8,
"portFindThresholdWarning": true,
"rejectUnmatched": true,
"maxPortFindLinear": 16,
"maxPortFindRandom": 16
},
"HTTPD": {
"allow": [
"All"
],
"authPamIdleTimeout": 1200,
"maxClients": 10,
"sslCiphersuite": [
"ECDHE-RSA-AES128-GCM-SHA256",
"ECDHE-RSA-AES256-GCM-SHA384",
"ECDHE-RSA-AES128-SHA",
"ECDHE-RSA-AES256-SHA",
"ECDHE-RSA-AES128-SHA256",
"ECDHE-RSA-AES256-SHA384",
"ECDHE-ECDSA-AES128-GCM-SHA256",
"ECDHE-ECDSA-AES256-GCM-SHA384",
"ECDHE-ECDSA-AES128-SHA",
"ECDHE-ECDSA-AES256-SHA",
"ECDHE-ECDSA-AES128-SHA256",
"ECDHE-ECDSA-AES256-SHA384",
"AES128-GCM-SHA256",
"AES256-GCM-SHA384",
"AES128-SHA",
"AES256-SHA",
"AES128-SHA256",
"AES256-SHA256"
],
"sslProtocol": "all -SSLv2 -SSLv3 -TLSv1"
},
"SSHD": {
"inactivityTimeout": 0
},
"Tunnel": {
"http-tunnel": {
"name": "http-tunnel",
"mtu": 0,
"usePmtu": true,
"autoLastHop": "default",
"tunnelType": "tcp-forward",
"typeOfService": "preserve"
},
"socks-tunnel": {
"name": "socks-tunnel",
"mtu": 0,
"usePmtu": true,
"autoLastHop": "default",
"tunnelType": "tcp-forward",
"typeOfService": "preserve"
}
},
"TrafficGroup": {
"traffic-group-1": {
"name": "traffic-group-1",
"autoFailbackEnabled": "false",
"autoFailbackTime": 60,
"failoverMethod": "ha-order",
"haLoadFactor": 1
},
"traffic-group-local-only": {
"name": "traffic-group-local-only",
"autoFailbackEnabled": "false",
"autoFailbackTime": 60,
"failoverMethod": "ha-order",
"haLoadFactor": 1
}
}
},
"parsed": true
},
"current": {
"parsed": true,
"Common": {
"System": {
"consoleInactivityTimeout": 1200,
"hostname": "bigip.example.com",
"guiAuditLog": false,
"cliInactivityTimeout": 1200,
"tmshAuditLog": true,
"autoCheck": true,
"autoPhonehome": false
},
"Provision": {
"afm": "none",
"am": "none",
"apm": "none",
"asm": "none",
"avr": "none",
"cgnat": "none",
"dos": "none",
"fps": "none",
"gtm": "none",
"ilx": "none",
"lc": "none",
"ltm": "nominal",
"pem": "none",
"sslo": "none",
"swg": "none",
"urldb": "none"
},
"NTP": {
"timezone": "America/Los_Angeles"
},
"DNS": {
"nameServers": [
"172.27.1.1"
],
"search": [
"localhost"
]
},
"DNS_Resolver": {
"f5-aws-dns": {
"name": "f5-aws-dns",
"answerDefaultZones": false,
"cacheSize": 5767168,
"randomizeQueryNameCase": true,
"routeDomain": "0",
"useIpv4": true,
"useIpv6": true,
"useTcp": true,
"useUdp": true,
"forwardZones": [
{
"name": "amazonaws.com",
"nameservers": [
{
"name": "8.8.8.8:53"
}
]
},
{
"name": "idservice.net",
"nameservers": [
{
"name": "8.8.8.8:53"
}
]
}
]
}
},
"Trunk": {},
"VLAN": {
"external": {
"name": "external",
"cmpHash": "default",
"failsafeAction": "failover-restart-tm",
"failsafeTimeout": 90,
"mtu": 1500,
"tag": 4094,
"failsafeEnabled": false,
"interfaces": [
{
"name": "1.1",
"tagged": false
}
]
},
"internal": {
"name": "internal",
"cmpHash": "default",
"failsafeAction": "failover-restart-tm",
"failsafeTimeout": 90,
"mtu": 1500,
"tag": 4093,
"failsafeEnabled": false,
"interfaces": [
{
"name": "1.2",
"tagged": false
}
]
}
},
"SelfIp": {
"external-self": {
"name": "external-self",
"address": "10.20.0.100/24",
"trafficGroup": "traffic-group-local-only",
"vlan": "external",
"allowService": "none"
},
"internal-self": {
"name": "internal-self",
"address": "10.10.0.100/24",
"trafficGroup": "traffic-group-local-only",
"vlan": "internal",
"allowService": "default"
}
},
"Route": {},
"ConfigSync": {
"configsyncIp": "none"
},
"FailoverUnicast": {
"addressPorts": "none"
},
"TrafficGroup": {
"traffic-group-1": {
"name": "traffic-group-1",
"autoFailbackEnabled": "false",
"autoFailbackTime": 60,
"failoverMethod": "ha-order",
"haLoadFactor": 1
},
"traffic-group-local-only": {
"name": "traffic-group-local-only",
"autoFailbackEnabled": "false",
"autoFailbackTime": 60,
"failoverMethod": "ha-order",
"haLoadFactor": 1
}
},
"MAC_Masquerade": {
"traffic-group-1": {
"mac": "none",
"trafficGroup": "traffic-group-1"
},
"traffic-group-local-only": {
"mac": "none",
"trafficGroup": "traffic-group-local-only"
}
},
"ManagementRoute": {
"default": {
"name": "default",
"mtu": 0,
"network": "default",
"gw": "10.145.127.254"
}
},
"SyslogRemoteServer": {},
"Authentication": {
"fallback": false,
"enabledSourceType": "local",
"remoteUsersDefaults": {
"role": "no-access",
"partitionAccess": "all",
"terminalAccess": "disabled"
}
},
"RouteDomain": {
"0": {
"name": "0",
"connectionLimit": 0,
"id": 0,
"strict": true,
"vlans": [
"/Common/http-tunnel",
"/Common/socks-tunnel",
"/Common/external",
"/Common/internal"
]
}
},
"RemoteAuthRole": {},
"SnmpTrapEvents": {
"device": true,
"authentication": false,
"agentStartStop": true
},
"SnmpTrapDestination": {},
"SnmpAgent": {
"contact": "Customer Name <admin@customer.com>",
"location": "Network Closet 1",
"allowList": [
"192.0.2.1/8"
]
},
"SnmpUser": {},
"SnmpCommunity": {
"comm-public": {
"name": "public",
"access": "ro",
"ipv6": false,
"source": "default"
}
},
"DagGlobals": {
"icmpHash": "icmp",
"roundRobinMode": "global",
"ipv6PrefixLength": 128
},
"HTTPD": {
"allow": [
"All"
],
"authPamIdleTimeout": 1200,
"maxClients": 10,
"sslCiphersuite": [
"ECDHE-RSA-AES128-GCM-SHA256",
"ECDHE-RSA-AES256-GCM-SHA384",
"ECDHE-RSA-AES128-SHA",
"ECDHE-RSA-AES256-SHA",
"ECDHE-RSA-AES128-SHA256",
"ECDHE-RSA-AES256-SHA384",
"ECDHE-ECDSA-AES128-GCM-SHA256",
"ECDHE-ECDSA-AES256-GCM-SHA384",
"ECDHE-ECDSA-AES128-SHA",
"ECDHE-ECDSA-AES256-SHA",
"ECDHE-ECDSA-AES128-SHA256",
"ECDHE-ECDSA-AES256-SHA384",
"AES128-GCM-SHA256",
"AES256-GCM-SHA384",
"AES128-SHA",
"AES256-SHA",
"AES128-SHA256",
"AES256-SHA256"
],
"sslProtocol": "all -SSLv2 -SSLv3 -TLSv1"
},
"TrafficControl": {
"acceptIpOptions": false,
"acceptIpSourceRoute": false,
"allowIpSourceRoute": false,
"continueMatching": false,
"maxIcmpRate": 100,
"maxRejectRate": 250,
"maxRejectRateTimeout": 30,
"minPathMtu": 296,
"pathMtuDiscovery": true,
"portFindThresholdTimeout": 30,
"portFindThresholdTrigger": 8,
"portFindThresholdWarning": true,
"rejectUnmatched": true,
"maxPortFindLinear": 16,
"maxPortFindRandom": 16
},
"SSHD": {
"allow": [
"ALL"
],
"inactivityTimeout": 0
},
"Tunnel": {
"http-tunnel": {
"name": "http-tunnel",
"mtu": 0,
"usePmtu": true,
"autoLastHop": "default",
"tunnelType": "tcp-forward",
"typeOfService": "preserve"
},
"socks-tunnel": {
"name": "socks-tunnel",
"mtu": 0,
"usePmtu": true,
"autoLastHop": "default",
"tunnelType": "tcp-forward",
"typeOfService": "preserve"
}
},
"Disk": {
"applicationData": 26128384
}
}
},
"diff": [
{
"kind": "D",
"path": [
"Common",
"System",
"guiAuditLog"
],
"lhs": false
},
{
"kind": "D",
"path": [
"Common",
"System",
"tmshAuditLog"
],
"lhs": true
},
{
"kind": "D",
"path": [
"Common",
"System",
"autoCheck"
],
"lhs": true
},
{
"kind": "D",
"path": [
"Common",
"VLAN",
"external"
],
"lhs": {
"name": "external",
"cmpHash": "default",
"failsafeAction": "failover-restart-tm",
"failsafeTimeout": 90,
"mtu": 1500,
"tag": 4094,
"failsafeEnabled": false,
"interfaces": [
{
"name": "1.1",
"tagged": false
}
]
}
},
{
"kind": "D",
"path": [
"Common",
"VLAN",
"internal"
],
"lhs": {
"name": "internal",
"cmpHash": "default",
"failsafeAction": "failover-restart-tm",
"failsafeTimeout": 90,
"mtu": 1500,
"tag": 4093,
"failsafeEnabled": false,
"interfaces": [
{
"name": "1.2",
"tagged": false
}
]
}
},
{
"kind": "D",
"path": [
"Common",
"SelfIp",
"external-self"
],
"lhs": {
"name": "external-self",
"address": "10.20.0.100/24",
"trafficGroup": "traffic-group-local-only",
"vlan": "external",
"allowService": "none"
}
},
{
"kind": "D",
"path": [
"Common",
"SelfIp",
"internal-self"
],
"lhs": {
"name": "internal-self",
"address": "10.10.0.100/24",
"trafficGroup": "traffic-group-local-only",
"vlan": "internal",
"allowService": "default"
}
},
{
"kind": "D",
"path": [
"Common",
"FailoverUnicast",
"addressPorts"
],
"lhs": "none"
},
{
"kind": "N",
"path": [
"Common",
"FailoverUnicast",
"unicastAddress"
],
"rhs": "none"
},
{
"kind": "D",
"path": [
"Common",
"SSHD",
"allow"
],
"lhs": [
"ALL"
]
},
{
"kind": "D",
"path": [
"Common",
"Disk"
],
"lhs": {
"applicationData": 26128384
}
}
]
},
"lastUpdate": "2020-08-24T16:44:41.140Z"
}
Creating Routes in the LOCAL_ONLY partition¶
This example shows how to create a route in a special LOCAL_ONLY partition/tenant using the new localOnly property in the Route class. When using this feature, if this partition doesn’t exist, BIG-IP Declarative Onboarding creates it.
This partition is required to configure an Amazon Web Services (AWS) Across Network cluster.
See Route in the Schema Reference for BIG-IP DO usage and options.
- Important notes:
- While BIG-IP DO can create the LOCAL_ONLY partition if it does not exist, it cannot currently delete it, and the partition will remain even if you delete the BIG-IP DO configuration.
- A Route cannot be directly swapped from one partition to another. If you attempt to swap value of localOnly, the declaration will fail. As a workaround, change the network of the Route to another IP and set localOnly to what you want it to be. Submit that using BIG-IP DO. Once that is complete, you can change the network to the desired value.
{
"schemaVersion": "1.15.0",
"class": "Device",
"async": true,
"Common": {
"class": "Tenant",
"hostname": "bigip.example.com",
"newVlan": {
"class": "VLAN",
"tag": 100,
"interfaces": [
{
"name": "1.1",
"tagged": true
}
]
},
"localRoute": {
"class": "Route",
"target": "newVlan",
"network": "10.1.0.244/32",
"localOnly": true
},
"newSelfIp": {
"class": "SelfIp",
"address": "10.1.0.20/32",
"vlan": "newVlan"
}
}
}
Warning users the BIG-IP is under AS3 automation¶
This example shows how you can use BIG-IP Declarative Onboarding to discourage unintended configuration changes to a device that is managed by AS3. This example configures an advisory banner using the DbVariables class.
{
"class": "DO",
"declaration": {
"schemaVersion": "1.11.0",
"class": "Device",
"async": true,
"Common": {
"class": "Tenant",
"myDbVariables": {
"class": "DbVariables",
"ui.advisory.enabled": "true",
"ui.advisory.color": "red",
"ui.advisory.text": "Configuration deployed with AS3. Do not make any change directly on the BIG-IP or those changes may be lost."
}
}
}
}
Increasing the memory allocated to the restjavad daemon¶
This example shows how you can use BIG-IP Declarative Onboarding to increase the amount of memory allocated to restjavad, using the DbVariables class.
See (see Why is my BIG-IP experiencing occasional high CPU usage and slower performance?) for reasons you may want to increase this memory allocation.
{
"schemaVersion": "1.0.0",
"class": "Device",
"async": "true",
"Common": {
"class": "Tenant",
"dbvars": {
"class": "DbVariables",
"provision.extramb": 1000,
"restjavad.useextramb": true
}
}
}
Using the dryRun Controls property to test the declaration without deploying it¶
In this example, we show how you can use the dryRun property in the Device_Controls class.
When dryRun is set to true (the default is false) BIG-IP Declarative Onboarding sends the declaration through all validation checks but does not attempt to deploy the configuration on the target device. The response contains information on what would have been deployed (a diff between the existing configuration and what the declaration would deploy). This can be useful for testing and debugging declarations.
Note
BIG-IP Declarative Onboarding does not report information (diffs) on items such as licensing, users, or device trust.
See Device_Controls in the Schema Reference for more information.
{
"schemaVersion": "1.23.0",
"class": "Device",
"async": true,
"label": "my BIG-IP declaration for declarative onboarding",
"controls": {
"trace": true,
"traceResponse": true,
"dryRun": true
},
"Common": {
"class": "Tenant",
"mySystem": {
"class": "System",
"hostname": "bigip.example.com",
"cliInactivityTimeout": 1200,
"consoleInactivityTimeout": 1200,
"autoPhonehome": false
}
}
}
Relicense a BIG-IP while revoking the current license¶
In this example, we show how you can use DO to relicense a BIG-IP while at the same time revoke the existing license.
This declaration uses the revokeCurrent property in the License Class introduced in DO 1.38. This property determines whether or not to revoke the current license if the device is already licensed.
Note
Revoking the existing license is skipped if you are relicensing with the same registration key, no matter what value is used in the revokeCurrent property.
See License Class in the Schema Reference and the Composing a Declaration page for more information.
{
"schemaVersion": "1.38.0",
"class": "Device",
"async": true,
"label": "Re-license BIG-IP while revoking the current license",
"Common": {
"class": "Tenant",
"hostname": "bigip.example.com",
"myLicense": {
"class": "License",
"licenseType": "regKey",
"regKey": "ABCDE-FGHIJ-KLMNO-PQRST-UVWXYZZ",
"revokeCurrent": true
}
}
}
Configuring BIG-IP ASM options¶
In this example, we show how you can use BIG-IP DO to configure BIG-IP Application Security Manager (ASM) options in a declaration using DO 1.40 and later. This includes settings like anti-virus protection and advanced configuration such as setting system variables. For general information on F5 application security, see https://www.f5.com/solutions/web-app-and-api-protection.
See SecurityWaf in the Schema Reference for more information and DO usage.
{
"async": true,
"schemaVersion": "1.40.0",
"class": "Device",
"Common": {
"class": "Tenant",
"securityWaf": {
"class": "SecurityWaf",
"antiVirusProtection": {
"guaranteeEnforcementEnabled": true,
"hostname": "test.hostname",
"port": 123
},
"advancedSettings": [
{
"name": "max_json_policy_size",
"value": 5000
},
{
"name": "send_content_events",
"value": 1
},
{
"name": "WhiteHatIP1",
"value": "192.0.2.10/8"
}
]
}
}
}
Configuring username and password prompts¶
In this example, we show how BIG-IP DO can configure unique values for the BIG-IP username and password prompts. This means you can specify the text to present above the user name and password fields on the BIG-IP system login screen.
You set these values as a part of the System class using the new properties usernamePrompt and passwordPrompt.
See System in the Schema Reference for more information and DO usage.
Important
If you attempt to use the following declaration on a version prior to 1.40, it will fail. You can either upgrade BIG-IP DO, or remove lines 17 and 18 (and the comma at the end of line 16).
{
"schemaVersion": "1.13.0",
"class": "Device",
"label": "Configuring System",
"async": true,
"Common": {
"class": "Tenant",
"mySystem": {
"class": "System",
"hostname": "my.bigip.com",
"cliInactivityTimeout": 1200,
"consoleInactivityTimeout": 1200,
"autoCheck": false,
"autoPhonehome": true,
"guiSecurityBanner": true,
"guiSecurityBannerText": "Authorized access only\n\nLogin on the left",
"usernamePrompt": "Your username:",
"passwordPrompt": "Your password:"
}
}
}