Example declarations

The following examples show you some Declarative Onboarding declarations.

Important

The following examples include passwords that may not be valid for BIG-IP v14.0 and later. See BIG-IP Secure Password Policy for specific requirements.

Example 1: Standalone declaration

The following is an example declaration that onboards a standalone BIG-IP system. See Composing a Declarative Onboarding declaration for a standalone BIG-IP for specific details on this example.

{
    "schemaVersion": "1.0.0",
    "class": "Device",
    "async": true,
    "label": "my BIG-IP declaration for declarative onboarding",
    "Common": {
        "class": "Tenant",
        "hostname": "bigip.example.com",
        "myLicense": {
            "class": "License",
            "licenseType": "regKey",
            "regKey": "AAAAA-BBBBB-CCCCC-DDDDD-EEEEEEE"
        },
        "myDns": {
            "class": "DNS",
            "nameServers": [
                "8.8.8.8",
                "2001:4860:4860::8844"
            ],
            "search": [
                "f5.com"
            ]
        },
        "myNtp": {
            "class": "NTP",
            "servers": [
                "0.pool.ntp.org",
                "1.pool.ntp.org",
                "2.pool.ntp.org"
            ],
            "timezone": "UTC"
        },
        "root": {
            "class": "User",
            "userType": "root",
            "oldPassword": "default",
            "newPassword": "myNewPass1word"
        },
        "admin": {
            "class": "User",
            "userType": "regular",
            "password": "asdfjkl",
            "shell": "bash"
        },
        "guestUser": {
            "class": "User",
            "userType": "regular",
            "password": "guestNewPass1",
            "partitionAccess": {
                "Common": {
                    "role": "guest"
                }
            }
        },
        "anotherUser": {
            "class": "User",
            "userType": "regular",
            "password": "myPass1word",
            "shell": "none",
            "partitionAccess": {
                "all-partitions": {
                    "role": "guest"
                }
            }
        },
        "myProvisioning": {
            "class": "Provision",
            "ltm": "nominal",
            "gtm": "minimum"
        },
        "internal": {
            "class": "VLAN",
            "tag": 4093,
            "mtu": 1500,
            "interfaces": [
                {
                    "name": "1.2",
                    "tagged": true
                }
            ]
        },
        "internal-self": {
            "class": "SelfIp",
            "address": "10.10.0.100/24",
            "vlan": "internal",
            "allowService": "default",
            "trafficGroup": "traffic-group-local-only"
        },
        "external": {
            "class": "VLAN",
            "tag": 4094,
            "mtu": 1500,
            "interfaces": [
                {
                    "name": "1.1",
                    "tagged": true
                }
            ]
        },
        "external-self": {
            "class": "SelfIp",
            "address": "10.20.0.100/24",
            "vlan": "external",
            "allowService": "none",
            "trafficGroup": "traffic-group-local-only"
        },
        "default": {
            "class": "Route",
            "gw": "10.10.0.1",
            "network": "default",
            "mtu": 1500
        },
        "dbvars": {
        	"class": "DbVariables",
        	"ui.advisory.enabled": true,
        	"ui.advisory.color": "green",
        	"ui.advisory.text": "/Common/hostname"
        }
    }
}

Back to top


Example 2: Clustered declaration

The following is an example declaration that onboards a clustered BIG-IP system. See Composing a Declarative Onboarding declaration for a cluster of BIG-IPs for specific details on this example.

{
    "schemaVersion": "1.0.0",
    "class": "Device",
    "async": true,
    "label": "Onboard BIG-IP into an HA Pair",
    "Common": {
        "class": "Tenant",
        "hostname": "bigip1.example.com",
        "myLicense": {
            "class": "License",
            "licenseType": "regKey",
            "regKey": "AAAAA-BBBBB-CCCCC-DDDDD-EEEEEEE"
        },
        "myDns": {
            "class": "DNS",
            "nameServers": [
                "8.8.8.8",
                "2001:4860:4860::8844"
            ],
            "search": [
                "f5.com"
            ]
        },
        "myNtp": {
            "class": "NTP",
            "servers": [
                "0.pool.ntp.org",
                "1.pool.ntp.org",
                "2.pool.ntp.org"
            ],
            "timezone": "UTC"
        },
        "root": {
            "class": "User",
            "userType": "root",
            "oldPassword": "foo",
            "newPassword": "bar"
        },
        "admin": {
            "class": "User",
            "userType": "regular",
            "password": "asdfjkl",
            "shell": "bash"
        },
        "anotherUser": {
            "class": "User",
            "userType": "regular",
            "password": "foobar",
            "partitionAccess": {
                "Common": {
                    "role": "guest"
                }
            }
        },
        "myProvisioning": {
            "class": "Provision",
            "ltm": "nominal"
        },
        "internal": {
            "class": "VLAN",
            "tag": 4093,
            "mtu": 1500,
            "interfaces": [
                {
                    "name": "1.2",
                    "tagged": false
                }
            ]
        },
        "internal-self": {
            "class": "SelfIp",
            "address": "10.10.0.100/24",
            "vlan": "internal",
            "allowService": "default",
            "trafficGroup": "traffic-group-local-only"
        },
        "external": {
            "class": "VLAN",
            "tag": 4094,
            "mtu": 1500,
            "interfaces": [
                {
                    "name": "1.1",
                    "tagged": false
                }
            ]
        },
        "external-localself": {
            "class": "SelfIp",
            "address": "10.20.0.100/24",
            "vlan": "external",
            "allowService": "none",
            "trafficGroup": "traffic-group-local-only"
        },
        "external-self": {
            "class": "SelfIp",
            "address": "10.20.0.200/24",
            "vlan": "external",
            "allowService": "none",
            "trafficGroup": "traffic-group-1"
        },
        "default": {
            "class": "Route",
            "gw": "10.10.0.1",
            "network": "default",
            "mtu": 1500
        },
        "configsync": {
            "class": "ConfigSync",
            "configsyncIp": "/Common/internal-self/address"
        },
        "failoverAddress": {
            "class": "FailoverUnicast",
            "address": "/Common/internal-self/address"
        },
        "failoverGroup": {
            "class": "DeviceGroup",
            "type": "sync-failover",
            "members": ["bigip1.example.com", "bigip2.example.com"],
            "owner": "/Common/failoverGroup/members/0",
            "autoSync": true,
            "saveOnAutoSync": false,
            "networkFailover": true,
            "fullLoadOnSync": false,
            "asmSync": false
        },
        "trust": {
            "class": "DeviceTrust",
            "localUsername": "admin",
            "localPassword": "pass1word",
            "remoteHost": "/Common/failoverGroup/members/0",
            "remoteUsername": "admin",
            "remotePassword": "pass2word"
        }
    }
}

Back to top


Example 3: Licensing with BIG-IQ: Route to BIG-IP

The following is an example of using a BIG-IQ to license your BIG-IP systems, where the BIG-IQ has an existing route to the BIG-IP. In this example, our BIG-IQ license pool is a subscription pool, so we include skuKeyword1 and 2, and unitOfMeasure. In this example, the entire License class is unique to using BIG-IQ for licensing, and we’ve highlighted the lines that are specific to this Route example (reachable=true) and to a subscription pools. See Composing a declaration for licensing BIG-IP with a BIG-IQ for specific details on this example.

{
    "schemaVersion": "1.0.0",
    "class": "Device",
    "label": "Re-license BIG-IP from a different pool when BIG-IP is reachable from BIG-IQ",
    "Common": {
        "class": "Tenant",
        "hostname": "bigip.example.com",
        "myLicense": {
            "class": "License",
            "licenseType": "licensePool",
            "bigIqHost": "10.0.1.200",
            "bigIqUsername": "admin",
            "bigIqPassword": "foofoo",
            "licensePool": "myOtherPool",
            "revokeFrom": "myPool",
            "skuKeyword1": "key1",
            "skuKeyword2": "key2",
            "unitOfMeasure": "hourly",
            "reachable": true,
            "bigIpUsername": "admin",
            "bigIpPassword": "barbar"
        },
        "myDns": {
            "class": "DNS",
            "nameServers": [
                "8.8.8.8",
                "2001:4860:4860::8844"
            ],
            "search": [
                "f5.com"
            ]
        },
        "myNtp": {
            "class": "NTP",
            "servers": [
                "0.pool.ntp.org",
                "1.pool.ntp.org",
                "2.pool.ntp.org"
            ],
            "timezone": "UTC"
        },
        "root": {
            "class": "User",
            "userType": "root",
            "oldPassword": "foo",
            "newPassword": "bar"
        },
        "admin": {
            "class": "User",
            "userType": "regular",
            "password": "asdfjkl",
            "shell": "bash"
        },
        "anotherUser": {
            "class": "User",
            "userType": "regular",
            "password": "foobar",
            "partitionAccess": {
                "Common": {
                    "role": "guest"
                }
            }
        },
        "myProvisioning": {
            "class": "Provision",
            "ltm": "nominal"
        },
        "internal": {
            "class": "VLAN",
            "tag": 4093,
            "mtu": 1500,
            "interfaces": [
                {
                    "name": "1.2",
                    "tagged": true
                }
            ]
        },
        "internal-self": {
            "class": "SelfIp",
            "address": "10.10.0.100/24",
            "vlan": "internal",
            "allowService": "default",
            "trafficGroup": "traffic-group-local-only"
        },
        "external": {
            "class": "VLAN",
            "tag": 4094,
            "mtu": 1500,
            "interfaces": [
                {
                    "name": "1.1",
                    "tagged": true
                }
            ]
        },
        "external-self": {
            "class": "SelfIp",
            "address": "10.20.0.100/24",
            "vlan": "external",
            "allowService": "none",
            "trafficGroup": "traffic-group-local-only"
        },
        "default": {
            "class": "Route",
            "gw": "10.10.0.1",
            "network": "default",
            "mtu": 1500
        }
    }
}

Back to top


Example 4: Licensing with BIG-IQ: No Route to BIG-IP

The following is another example of using a BIG-IQ to license your BIG-IP systems. However, in this case the BIG-IQ does not have an existing route to the BIG-IP. In this example, the entire License class is unique to using BIG-IQ for licensing, and we’ve highlighted the lines that are specific to this No Route example (reachable=false). See Composing a declaration for licensing BIG-IP with a BIG-IQ for specific details on this example.

{
    "schemaVersion": "1.0.0",
    "class": "Device",
    "async": true,
    "label": "License BIG-IP via BIG-IQ when BIG-IP is not reachable from BIG-IQ",
    "Common": {
        "class": "Tenant",
        "hostname": "bigip.example.com",
        "myLicense": {
            "class": "License",
            "licenseType": "licensePool",
            "bigIqHost": "10.0.1.200",
            "bigIqUsername": "admin",
            "bigIqPassword": "myPassword1",
            "licensePool": "myPool",
            "skuKeyword1": "key1",
            "skuKeyword2": "key2",
            "unitOfMeasure": "hourly",
            "reachable": false,
            "hypervisor": "vmware"
        },
        "myDns": {
            "class": "DNS",
            "nameServers": [
                "8.8.8.8",
                "2001:4860:4860::8844"
            ],
            "search": [
                "f5.com"
            ]
        },
        "myNtp": {
            "class": "NTP",
            "servers": [
                "0.pool.ntp.org",
                "1.pool.ntp.org",
                "2.pool.ntp.org"
            ],
            "timezone": "UTC"
        },
        "root": {
            "class": "User",
            "userType": "root",
            "oldPassword": "foo",
            "newPassword": "bar"
        },
        "admin": {
            "class": "User",
            "userType": "regular",
            "password": "asdfjkl",
            "shell": "bash"
        },
        "anotherUser": {
            "class": "User",
            "userType": "regular",
            "password": "foobar",
            "partitionAccess": {
                "Common": {
                    "role": "guest"
                }
            }
        },
        "myProvisioning": {
            "class": "Provision",
            "ltm": "nominal"
        },
        "internal": {
            "class": "VLAN",
            "tag": 4093,
            "mtu": 1500,
            "interfaces": [
                {
                    "name": "1.2",
                    "tagged": true
                }
            ]
        },
        "internal-self": {
            "class": "SelfIp",
            "address": "10.10.0.100/24",
            "vlan": "internal",
            "allowService": "default",
            "trafficGroup": "traffic-group-local-only"
        },
        "external": {
            "class": "VLAN",
            "tag": 4094,
            "mtu": 1500,
            "interfaces": [
                {
                    "name": "1.1",
                    "tagged": true
                }
            ]
        },
        "external-self": {
            "class": "SelfIp",
            "address": "10.20.0.100/24",
            "vlan": "external",
            "allowService": "none",
            "trafficGroup": "traffic-group-local-only"
        },
        "default": {
            "class": "Route",
            "gw": "10.10.0.1",
            "network": "default",
            "mtu": 1500
        }
    }
}

Back to top


Example 5: Using Declarative Onboarding in a container

The following is an example of a declaration for use in a container. It contains the DO class, which contains information about the target BIG-IP device. See Using Declarative Onboarding in a Docker Container for information about the container and the DO class.

The items specific to the DO class are highlighted.

{
	"class": "DO",
	"targetHost": "1.2.3.4",
	"targetUsername": "admin",
	"targetPassphrase": "myAdminPassword",
	"declaration": {
        "schemaVersion": "1.0.0",
        "class": "Device",
        "label": "Use App Services Gateway to onboard a BIG-IP",
        "Common": {
            "class": "Tenant",
            "hostname": "bigip.example.com",
            "dbvars": {
                "class": "DbVariables",
                "ui.advisory.enabled": true,
                "ui.advisory.color": "green",
                "ui.advisory.text": "/Common/hostname"
            },
            "myLicense": {
                "class": "License",
                "licenseType": "regKey",
                "regKey": "MMKGX-UPVPI-YIEMK-OAZIS-KQHSNAZ"
            },
            "myDns": {
                "class": "DNS",
                "nameServers": [
                    "8.8.8.8",
                    "2001:4860:4860::8844"
                ],
                "search": [
                    "f5.com"
                ]
            },
            "myNtp": {
                "class": "NTP",
                "servers": [
                    "0.pool.ntp.org",
                    "1.pool.ntp.org",
                    "2.pool.ntp.org"
                ],
                "timezone": "UTC"
            },
            "root": {
                "class": "User",
                "userType": "root",
                "oldPassword": "foo",
                "newPassword": "bar"
            },
            "admin": {
                "class": "User",
                "userType": "regular",
                "password": "asdfjkl",
                "shell": "bash"
            },
            "guestUser": {
                "class": "User",
                "userType": "regular",
                "password": "foobar",
                "partitionAccess": {
                    "Common": {
                        "role": "guest"
                    }
                }
            },
            "anotherUser": {
                "class": "User",
                "userType": "regular",
                "password": "foobar",
                "shell": "none",
                "partitionAccess": {
                    "all-partitions": {
                        "role": "guest"
                    }
                }
            },
            "myProvisioning": {
                "class": "Provision",
                "ltm": "nominal"
            },
            "internal": {
                "class": "VLAN",
                "tag": 4093,
                "mtu": 1500,
                "interfaces": [
                    {
                        "name": "1.2",
                        "tagged": true
                    }
                ]
            },
            "internal-self": {
                "class": "SelfIp",
                "address": "10.10.0.100/24",
                "vlan": "internal",
                "allowService": "default",
                "trafficGroup": "traffic-group-local-only"
            },
            "external": {
                "class": "VLAN",
                "tag": 4094,
                "mtu": 1500,
                "interfaces": [
                    {
                        "name": "1.1",
                        "tagged": true
                    }
                ]
            },
            "external-self": {
                "class": "SelfIp",
                "address": "10.20.0.100/24",
                "vlan": "external",
                "allowService": "none",
                "trafficGroup": "traffic-group-local-only"
            },
            "default": {
                "class": "Route",
                "gw": "10.10.0.1",
                "network": "default",
                "mtu": 1500
            }
        }
    }
}

Back to top


Example 6: Using JSON Pointers

The following is another example using a declaration for use in a container, but in this case, it also contains a number of examples of using JSON pointers in a declaration. For more information on JSON pointers, see JSON Pointers.

{
    "class": "DO",
    "targetHost": "1.2.3.4",
    "targetUsername": "/declaration/Credentials/1/username",
    "targetPassphrase": "/declaration/Credentials/1/password",
    "declaration": {
        "schemaVersion": "1.0.0",
        "class": "Device",
        "label": "Use App Services Gateway to license BIG-IP via BIG-IQ when BIG-IP is reachable from BIG-IQ",
        "Credentials": [
            {
                "username": "bigIqAdmin",
                "password": "foofoo"
            },
            {
                "username": "admin",
                "password": "barbar"
            }
        ],
        "Common": {
            "class": "Tenant",
            "hostname": "bigip.example.com",
            "myLicense": {
                "class": "License",
                "licenseType": "licensePool",
                "bigIqHost": "10.0.1.200",
                "bigIqUsername": "/Credentials/0/username",
                "bigIqPassword": "/Credentials/0/password",
                "licensePool": "myPool",
                "skuKeyword1": "key1",
                "skuKeyword2": "key2",
                "unitOfMeasure": "hourly",
                "reachable": true,
                "bigIpUsername": "/Credentials/1/username",
                "bigIpPassword": "/Credentials/1/password"
            },
            "myDns": {
                "class": "DNS",
                "nameServers": [
                    "8.8.8.8",
                    "2001:4860:4860::8844"
                ],
                "search": [
                    "f5.com"
                ]
            },
            "myNtp": {
                "class": "NTP",
                "servers": [
                    "0.pool.ntp.org",
                    "1.pool.ntp.org",
                    "2.pool.ntp.org"
                ],
                "timezone": "UTC"
            },
            "root": {
                "class": "User",
                "userType": "root",
                "oldPassword": "foo",
                "newPassword": "bar"
            },
            "admin": {
                "class": "User",
                "userType": "regular",
                "password": "asdfjkl",
                "shell": "bash"
            },
            "anotherUser": {
                "class": "User",
                "userType": "regular",
                "password": "foobar",
                "partitionAccess": {
                    "Common": {
                        "role": "guest"
                    }
                }
            },
            "myProvisioning": {
                "class": "Provision",
                "ltm": "nominal"
            },
            "internal": {
                "class": "VLAN",
                "tag": 4093,
                "mtu": 1500,
                "interfaces": [
                    {
                        "name": "1.2",
                        "tagged": true
                    }
                ]
            },
            "internal-self": {
                "class": "SelfIp",
                "address": "10.10.0.100/24",
                "vlan": "internal",
                "allowService": "default",
                "trafficGroup": "traffic-group-local-only"
            },
            "external": {
                "class": "VLAN",
                "tag": 4094,
                "mtu": 1500,
                "interfaces": [
                    {
                        "name": "1.1",
                        "tagged": true
                    }
                ]
            },
            "external-self": {
                "class": "SelfIp",
                "address": "10.20.0.100/24",
                "vlan": "external",
                "allowService": "none",
                "trafficGroup": "traffic-group-local-only"
            },
            "default": {
                "class": "Route",
                "gw": "10.10.0.1",
                "network": "default",
                "mtu": 1500
            }
        }
    }
}

Back to top


Example 7: Revoking a BIG-IP license from BIG-IQ without relicensing

The following is an example of using BIG-IQ to revoke a license from an unreachable BIG-IP VE using revokeFrom and specifying the license pool. In this example, we are only revoking the license, and not relicensing the BIG-IP VE. See See Revoking a license using BIG-IQ for specific details on this example.

{
    "schemaVersion": "1.0.0",
    "class": "Device",
    "label": "Revoke BIG-IP license via BIG-IQ when BIG-IP is not reachable from BIG-IQ",
    "Common": {
        "class": "Tenant",
        "hostname": "bigip.example.com",
        "myLicense": {
            "class": "License",
            "licenseType": "licensePool",
            "bigIqHost": "10.0.1.200",
            "bigIqUsername": "admin",
            "bigIqPassword": "foofoo",
            "revokeFrom": "myPool",
            "reachable": false
        },
        "myDns": {
            "class": "DNS",
            "nameServers": [
                "8.8.8.8",
                "2001:4860:4860::8844"
            ],
            "search": [
                "f5.com"
            ]
        },
        "myNtp": {
            "class": "NTP",
            "servers": [
                "0.pool.ntp.org",
                "1.pool.ntp.org",
                "2.pool.ntp.org"
            ],
            "timezone": "UTC"
        },
        "root": {
            "class": "User",
            "userType": "root",
            "oldPassword": "foo",
            "newPassword": "bar"
        },
        "admin": {
            "class": "User",
            "userType": "regular",
            "password": "asdfjkl",
            "shell": "bash"
        },
        "anotherUser": {
            "class": "User",
            "userType": "regular",
            "password": "foobar",
            "partitionAccess": {
                "Common": {
                    "role": "guest"
                }
            }
        },
        "myProvisioning": {
            "class": "Provision",
            "ltm": "nominal"
        },
        "internal": {
            "class": "VLAN",
            "tag": 4093,
            "mtu": 1500,
            "interfaces": [
                {
                    "name": "1.2",
                    "tagged": true
                }
            ]
        },
        "internal-self": {
            "class": "SelfIp",
            "address": "10.10.0.100/24",
            "vlan": "internal",
            "allowService": "default",
            "trafficGroup": "traffic-group-local-only"
        },
        "external": {
            "class": "VLAN",
            "tag": 4094,
            "mtu": 1500,
            "interfaces": [
                {
                    "name": "1.1",
                    "tagged": true
                }
            ]
        },
        "external-self": {
            "class": "SelfIp",
            "address": "10.20.0.100/24",
            "vlan": "external",
            "allowService": "none",
            "trafficGroup": "traffic-group-local-only"
        },
        "default": {
            "class": "Route",
            "gw": "10.10.0.1",
            "network": "default",
            "mtu": 1500
        }
    }
}

Back to top


Example 8: Revoking and relicensing a BIG-IP (with route) from BIG-IQ

The following is an example of using BIG-IQ to revoke a license and then relicense a reachable BIG-IP VE. In this example, we are both revoking the initial license and relicensing the BIG-IP VE from a different license pool on the BIG-IQ. The line with the new licensing pool and the revoke line are highlighted. See See Revoking a license using BIG-IQ for specific details on this example.

{
    "schemaVersion": "1.0.0",
    "class": "Device",
    "label": "Re-license BIG-IP from a different pool when BIG-IP is reachable from BIG-IQ",
    "Common": {
        "class": "Tenant",
        "hostname": "bigip.example.com",
        "myLicense": {
            "class": "License",
            "licenseType": "licensePool",
            "bigIqHost": "10.0.1.200",
            "bigIqUsername": "admin",
            "bigIqPassword": "foofoo",
            "licensePool": "myOtherPool",
            "revokeFrom": "myPool",
            "skuKeyword1": "key1",
            "skuKeyword2": "key2",
            "unitOfMeasure": "hourly",
            "reachable": true,
            "bigIpUsername": "admin",
            "bigIpPassword": "barbar"
        },
        "myDns": {
            "class": "DNS",
            "nameServers": [
                "8.8.8.8",
                "2001:4860:4860::8844"
            ],
            "search": [
                "f5.com"
            ]
        },
        "myNtp": {
            "class": "NTP",
            "servers": [
                "0.pool.ntp.org",
                "1.pool.ntp.org",
                "2.pool.ntp.org"
            ],
            "timezone": "UTC"
        },
        "root": {
            "class": "User",
            "userType": "root",
            "oldPassword": "foo",
            "newPassword": "bar"
        },
        "admin": {
            "class": "User",
            "userType": "regular",
            "password": "asdfjkl",
            "shell": "bash"
        },
        "anotherUser": {
            "class": "User",
            "userType": "regular",
            "password": "foobar",
            "partitionAccess": {
                "Common": {
                    "role": "guest"
                }
            }
        },
        "myProvisioning": {
            "class": "Provision",
            "ltm": "nominal"
        },
        "internal": {
            "class": "VLAN",
            "tag": 4093,
            "mtu": 1500,
            "interfaces": [
                {
                    "name": "1.2",
                    "tagged": true
                }
            ]
        },
        "internal-self": {
            "class": "SelfIp",
            "address": "10.10.0.100/24",
            "vlan": "internal",
            "allowService": "default",
            "trafficGroup": "traffic-group-local-only"
        },
        "external": {
            "class": "VLAN",
            "tag": 4094,
            "mtu": 1500,
            "interfaces": [
                {
                    "name": "1.1",
                    "tagged": true
                }
            ]
        },
        "external-self": {
            "class": "SelfIp",
            "address": "10.20.0.100/24",
            "vlan": "external",
            "allowService": "none",
            "trafficGroup": "traffic-group-local-only"
        },
        "default": {
            "class": "Route",
            "gw": "10.10.0.1",
            "network": "default",
            "mtu": 1500
        }
    }
}

Back to top


Example 9: Revoking and relicensing a BIG-IP (no route) from BIG-IQ

The following is an example of using BIG-IQ to revoke a license and then relicense an unreachable BIG-IP VE. In this example, we are both revoking the initial license and relicensing the BIG-IP VE from a different license pool on the BIG-IQ. Additionally, because the BIG-IP device does not have a route to the BIG-IQ (unreachable), you must use overwrite = true to let the BIG-IP VE know the system is overwriting the license. The line with the new licensing pool, the revoke line, and the overwrite line are highlighted. See See Revoking a license using BIG-IQ for specific details on this example.

{
    "schemaVersion": "1.0.0",
    "class": "Device",
    "label": "Re-license BIG-IP from a different pool when BIG-IP is not reachable from BIG-IQ",
    "Common": {
        "class": "Tenant",
        "hostname": "bigip.example.com",
        "myLicense": {
            "class": "License",
            "licenseType": "licensePool",
            "bigIqHost": "10.0.1.200",
            "bigIqUsername": "admin",
            "bigIqPassword": "foofoo",
            "licensePool": "myOtherPool",
            "revokeFrom": "myPool",
            "skuKeyword1": "key1",
            "skuKeyword2": "key2",
            "unitOfMeasure": "hourly",
            "reachable": false,
            "hypervisor": "vmware",
            "overwrite": true
        },
        "myDns": {
            "class": "DNS",
            "nameServers": [
                "8.8.8.8",
                "2001:4860:4860::8844"
            ],
            "search": [
                "f5.com"
            ]
        },
        "myNtp": {
            "class": "NTP",
            "servers": [
                "0.pool.ntp.org",
                "1.pool.ntp.org",
                "2.pool.ntp.org"
            ],
            "timezone": "UTC"
        },
        "root": {
            "class": "User",
            "userType": "root",
            "oldPassword": "foo",
            "newPassword": "bar"
        },
        "admin": {
            "class": "User",
            "userType": "regular",
            "password": "asdfjkl",
            "shell": "bash"
        },
        "anotherUser": {
            "class": "User",
            "userType": "regular",
            "password": "foobar",
            "partitionAccess": {
                "Common": {
                    "role": "guest"
                }
            }
        },
        "myProvisioning": {
            "class": "Provision",
            "ltm": "nominal"
        },
        "internal": {
            "class": "VLAN",
            "tag": 4093,
            "mtu": 1500,
            "interfaces": [
                {
                    "name": "1.2",
                    "tagged": true
                }
            ]
        },
        "internal-self": {
            "class": "SelfIp",
            "address": "10.10.0.100/24",
            "vlan": "internal",
            "allowService": "default",
            "trafficGroup": "traffic-group-local-only"
        },
        "external": {
            "class": "VLAN",
            "tag": 4094,
            "mtu": 1500,
            "interfaces": [
                {
                    "name": "1.1",
                    "tagged": true
                }
            ]
        },
        "external-self": {
            "class": "SelfIp",
            "address": "10.20.0.100/24",
            "vlan": "external",
            "allowService": "none",
            "trafficGroup": "traffic-group-local-only"
        },
        "default": {
            "class": "Route",
            "gw": "10.10.0.1",
            "network": "default",
            "mtu": 1500
        }
    }
}

Back to top


Example 10: Revoking and relicensing a BIG-IP (no route) from a different BIG-IQ

This example is similar to example 9, however in this case, we are using a different BIG-IQ device to revoke and relicense the BIG-IP VE from an unreachable BIG-IP VE. In this case, we specify additional information in the revokeFrom property to reference the BIG-IQ that initially licensed the BIG-IP VE. See See Revoking a license using BIG-IQ for specific details on this example.

{
    "schemaVersion": "1.0.0",
    "class": "Device",
    "label": "Re-license BIG-IP from a different BIG-IQ when BIG-IP is not reachable from BIG-IQ",
    "Common": {
        "class": "Tenant",
        "hostname": "bigip.example.com",
        "myLicense": {
            "class": "License",
            "licenseType": "licensePool",
            "bigIqHost": "10.0.1.200",
            "bigIqUsername": "admin",
            "bigIqPassword": "foofoo",
            "licensePool": "myPool",
            "revokeFrom": {
                "bigIqHost": "10.0.2.200",
                "bigIqUsername": "admin",
                "bigIqPassword": "barbar",
                "licensePool": "myPool",
                "reachable": false
            },
            "skuKeyword1": "key1",
            "skuKeyword2": "key2",
            "unitOfMeasure": "hourly",
            "reachable": false,
            "hypervisor": "vmware",
            "overwrite": true
        },
        "myDns": {
            "class": "DNS",
            "nameServers": [
                "8.8.8.8",
                "2001:4860:4860::8844"
            ],
            "search": [
                "f5.com"
            ]
        },
        "myNtp": {
            "class": "NTP",
            "servers": [
                "0.pool.ntp.org",
                "1.pool.ntp.org",
                "2.pool.ntp.org"
            ],
            "timezone": "UTC"
        },
        "root": {
            "class": "User",
            "userType": "root",
            "oldPassword": "foo",
            "newPassword": "bar"
        },
        "admin": {
            "class": "User",
            "userType": "regular",
            "password": "asdfjkl",
            "shell": "bash"
        },
        "anotherUser": {
            "class": "User",
            "userType": "regular",
            "password": "foobar",
            "partitionAccess": {
                "Common": {
                    "role": "guest"
                }
            }
        },
        "myProvisioning": {
            "class": "Provision",
            "ltm": "nominal"
        },
        "internal": {
            "class": "VLAN",
            "tag": 4093,
            "mtu": 1500,
            "interfaces": [
                {
                    "name": "1.2",
                    "tagged": true
                }
            ]
        },
        "internal-self": {
            "class": "SelfIp",
            "address": "10.10.0.100/24",
            "vlan": "internal",
            "allowService": "default",
            "trafficGroup": "traffic-group-local-only"
        },
        "external": {
            "class": "VLAN",
            "tag": 4094,
            "mtu": 1500,
            "interfaces": [
                {
                    "name": "1.1",
                    "tagged": true
                }
            ]
        },
        "external-self": {
            "class": "SelfIp",
            "address": "10.20.0.100/24",
            "vlan": "external",
            "allowService": "none",
            "trafficGroup": "traffic-group-local-only"
        },
        "default": {
            "class": "Route",
            "gw": "10.10.0.1",
            "network": "default",
            "mtu": 1500
        }
    }
}

Back to top

Example 11: Creating an Analytics profile to enable AVR data streaming

In this example, we are licensing a new BIG-IP, provisioning AVR, and creating an Analytics profile (you must have AVR provisioned to create an Analytics profile). This allows you to stream AVR data for consumption by F5 Telemetry Steaming or similar applications.

{
    "schemaVersion": "1.5.0",
    "class": "Device",
    "label": "Adding support for AVR streaming",
    "async": true,
    "Common": {
        "class": "Tenant",
        "hostname": "avr.example.com",
        "myLicense": {
            "class": "License",
            "licenseType": "regKey",
            "regKey": "AAAAA-BBBBB-CCCCC-DDDDD-EEEEEEE"
        },  
        "myProvisioning": {
            "class": "Provision",
            "ltm": "nominal",
            "avr": "nominal"
        },
        "analytics": {
            "class": "Analytics",
            "debugEnabled": true,
            "interval": 60,
            "offboxProtocol": "tcp",
            "offboxTcpAddresses": [
                "192.0.2.1"
            ],
            "offboxTcpPort": 80,
            "offboxEnabled": true
        }
    }
}

Back to top

Example 12: Adding public SSH keys to a declaration

In this example, we are adding public SSH keys to the root user and a guestUser. This can provide a higher level of security and easier automation.

Important notes about using the keys property

  • Only the root user’s master key (noted by the Host Processor Superuser), in authorized_keys will be preserved. All other keys configured prior to running this declaration, WILL BE DELETED.
  • If the keys field is left empty it will default to an empty array. This means leaving it empty will clear the authorized_keys file, except for the root’s master key.
  • For non-root users, the path to the authorized_keys is /home/{username}/.ssh/authorized_keys.
  • For root, the path is /root/.ssh/authorized_keys.
  • DO will set the non-root user’s .ssh directory permissions to 700, with the authorized_keys permissions set to 600.
{
    "schemaVersion": "1.0.0",
    "class": "Device",
    "async": true,
    "Common": {
        "class": "Tenant",
        "hostname": "bigip.example.com",
        "root": {
            "class": "User",
            "userType": "root",
            "oldPassword": "examplePass",
            "newPassword": "examplePass",
            "keys": [
            	"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCwHJLJY+/U/ioAAAADAQABAAACAQCwHJLJY+z0Rb85in7Ean6JS2J9dzo1nSssm7ZyQvGgc1e7EVtztbVpHThsvw92+1hx9wlSogXN6Co5zrtqlN8/mvlQkRRQ+sp2To8PcSMeEVI+TqBOg6BWbwwNQLz9/eUJq2o4vBfSpsn7GSDIf6C3F9EahRPGCR/z0kw5GZob3Q== test2",
            	"ssh-rsa AAAAB3NzaC1yc2EAu2Gr14xRiVLnG8KxNp2fO1/U/ioAz0Rb85in7Ean6JS2J9dzo1nSssm7ZyQvGgc1e7EVtztbVpHThsvw92+/mvlQkRRQ+sp2To8PcSMeEVI+TqBOg6BWbwwNQLzu2Gr14xRiVLnG8KxNp2fO19/eUJq2o4vBfSpsn7GSDIf6C3F9EahRPGCR/z0kw5GZob3Q== test"
            ]
        },
        "guestUser": {
            "class": "User",
            "userType": "regular",
            "password": "guestNewPass1",
            "partitionAccess": {
                "Common": {
                    "role": "guest"
                }
            },
            "keys": [
            	"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCwHJLJY+/U/ioAAAADAQABAAACAQCwHJLJY+z0Rb85in7Ean6JS2J9dzo1nSssm7ZyQvGgc1e7EVtztbVpHThsvw92+1hx9wlSogXN6Co5zrtqlN8/mvlQkRRQ+sp2To8PcSMeEVI+TqBOg6BWbwwNQLz9/eUJq2o4vBfSpsn7GSDIf6C3F9EahRPGCR/z0kw5GZob3Q== test2",
            	"ssh-rsa AAAAB3NzaC1yc2EAu2Gr14xRiVLnG8KxNp2fO1/U/ioAz0Rb85in7Ean6JS2J9dzo1nSssm7ZyQvGgc1e7EVtztbVpHThsvw92+/mvlQkRRQ+sp2To8PcSMeEVI+TqBOg6BWbwwNQLzu2Gr14xRiVLnG8KxNp2fO19/eUJq2o4vBfSpsn7GSDIf6C3F9EahRPGCR/z0kw5GZob3Q== test"
            ]
        }
    }
}

Back to top