Skip to content

Commit

Permalink
snmp
Browse files Browse the repository at this point in the history
  • Loading branch information
@jimmccarron
jimmccarron committed Nov 27, 2024
1 parent d3f5f5a commit ab61810
Show file tree
Hide file tree
Showing 8 changed files with 100 additions and 46 deletions.
2 changes: 2 additions & 0 deletions docs/bigiq_support_for_rseries.rst
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,8 @@ rSeries tenants can also be onboarded in BIG-IQ using Declarative Onboarding (DO
POST https://{{BigIQ_Mgmt}}/mgmt/shared/declarative-onboarding
In the body of the API call, enter the following JSON information.

.. code-block:: json
{
Expand Down
Binary file modified docs/images/monitoring_rseries/image2a.png
View file
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file modified docs/images/monitoring_rseries/image3a.png
View file
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
27 changes: 26 additions & 1 deletion docs/monitoring_rseries.rst
View file
Original file line number Diff line number Diff line change
Expand Up @@ -459,6 +459,8 @@ The overall appliance component status can be queried via the following API comm

GET https://{{rseries_appliance1_ip}}:8888/restconf/data/openconfig-platform:components

You should see output similar to the JSON output below.

.. code-block:: json

{
Expand Down Expand Up @@ -1024,6 +1026,8 @@ The appliance LCD panel status can be queried via the following API command:

GET https://{{rseries_appliance1_ip}}:8888/restconf/data/openconfig-platform:components/component=lcd

You should see output similar to the JSON output below.

.. code-block:: json

{
Expand Down Expand Up @@ -1052,6 +1056,8 @@ The rSeries appliance may have 1 or 2 power supplies installed. Each can be quer

GET https://{{rseries_appliance1_ip}}:8888/restconf/data/openconfig-platform:components/component=psu-1

You should see output similar to the JSON output below.

.. code-block:: json

{
Expand Down Expand Up @@ -1090,6 +1096,8 @@ You may query the status of the disks within the rSeries appliance:

GET https://{{rseries_appliance1_ip}}:8888/restconf/data/openconfig-platform:components/component=platform/storage

You should see output similar to the JSON output below.

.. code-block:: json

{
Expand Down Expand Up @@ -1135,7 +1143,7 @@ You can query the details about the CPUs within each rSeries device. Every CPU t

GET https://{{rseries_appliance1_ip}}:8888/restconf/data/openconfig-platform:components/component=platform/cpu

Below is the exmaple output for CPU's:
Below is the example output for CPU's:

.. code-block:: json

Expand Down Expand Up @@ -1437,6 +1445,8 @@ You can monitor the rSeries Appliance temperature. The output will display the

GET https://{{Appliance1_IP}}:8888/restconf/data/openconfig-platform:components/component=platform/state/f5-platform:temperature

You should see output similar to the JSON output below.

.. code-block:: json

{
Expand All @@ -1457,6 +1467,8 @@ The API call below shows the total system memory:

GET https://{{rseries_appliance1_ip}}:8888/restconf/data/openconfig-platform:components/component=platform/state/f5-platform:memory

You should see output similar to the JSON output below.

.. code-block:: json

{
Expand All @@ -1476,6 +1488,8 @@ rSeries supports the Trusted Protection Module (TPM) to validate certain softwar

GET https://{{rseries_appliance1_ip}}:8888/restconf/data/openconfig-platform:components/component=platform/state/f5-platform:tpm-integrity-status

You should see output similar to the JSON output below.

.. code-block:: json

{
Expand Down Expand Up @@ -1905,6 +1919,8 @@ This command will display the health of the underlying Kubernetes (K3S) cluster

GET https://{{rseries_appliance1_ip}}:8888/restconf/data/f5-cluster:cluster

The output will look similar to the JSON output below.

.. code-block:: json

{
Expand Down Expand Up @@ -2083,6 +2099,8 @@ This API call displays some of the software processes running within the F5OS pl

GET https://{{rseries_appliance1_ip}}:8888/restconf/data/f5-service-instances:service-instances

The output will look similar to the JSON output below.

.. code-block:: json

{
Expand Down Expand Up @@ -2201,6 +2219,7 @@ F5 Services Status

GET https://{{rseries_appliance1_ip}}:8888/restconf/data/f5-services:services

The output will look similar to the JSON output below.

.. code-block:: json

Expand Down Expand Up @@ -2240,6 +2259,8 @@ This API call displays the Forwarding Database:

GET https://{{rseries_appliance1_ip}}:8888/restconf/data/f5-l2fdb:fdb

The output will look similar to the JSON output below.

.. code-block:: json

{
Expand Down Expand Up @@ -2355,6 +2376,8 @@ The following API call displays the service-pods running inside the F5OS layer:

GET https://{{Appliance1_IP}}:8888/restconf/data/f5-service-pod:service-pods

The output will look similar to the JSON output below.

.. code-block:: json

{
Expand Down Expand Up @@ -2517,6 +2540,8 @@ The following API call displays the details used to feed the overall system heal

GET https://{{rseries_appliance1_ip}}:8888/restconf/data/openconfig-system:system/f5-system-health:health

The output will look similar to the JSON output below.

.. code-block:: json

{
Expand Down
3 changes: 3 additions & 0 deletions docs/rseries_f5os_configuration_backup_and_restore.rst
View file
Original file line number Diff line number Diff line change
Expand Up @@ -233,6 +233,8 @@ To copy a configuration backup file from the appliance to a remote https server
POST https://{{rseries_appliance1_ip}}:8888/restconf/data/f5-utils-file-transfer:file/export
In the body of the API request enter the information as seen below.

.. code-block:: json
{
Expand All @@ -251,6 +253,7 @@ You can then check on the status of the export via the following API call:
POST https://{{rseries_appliance1_ip}}:8888/api/data/f5-utils-file-transfer:file/transfer-status
You should see an API response as seen below.

.. code-block:: json
Expand Down
100 changes: 58 additions & 42 deletions docs/rseries_monitoring_snmp.rst
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2447,75 +2447,91 @@ To enable SNMP traps via the API, send the following API call.

.. code-block:: bash
PATCH https://{{rseries_appliance1_ip}}:8888/restconf/data/SNMP-NOTIFICATION-MIB:SNMP-NOTIFICATION-MIB
PATCH https://{{rseries_appliance1_ip}}:8888/restconf/data/openconfig-system:system/f5-system-snmp:snmp
In the body of the API call include the following:

.. code-block:: json
{
"SNMP-NOTIFICATION-MIB:SNMP-NOTIFICATION-MIB": {
"snmpNotifyTable": {
"snmpNotifyEntry": [
{
"snmpNotifyName": "v2_trap",
"snmpNotifyTag": "v2_trap",
"snmpNotifyType": "trap",
"snmpNotifyStorageType": "nonVolatile"
"f5-system-snmp:snmp": {
"targets": {
"target": {
"name": "snmp-trap-receiver4",
"config": {
"name": "snmp-trap-receiver4",
"user": "snmpv3-user",
"ipv4": {
"address": "10.255.0.144",
"port": 162
}
}
]
}
}
}
}
To view the current SNMP trap configuration.

.. code-block:: bash
PATCH https://{{rseries_appliance1_ip}}:8888/restconf/data/SNMP-TARGET-MIB:SNMP-TARGET-MIB
GET https://{{rseries_appliance1_ip}}:8888/restconf/data/openconfig-system:system/f5-system-snmp:snmp/targets
You should see JSON output similar to what is seen below.

.. code-block:: json
{
"SNMP-TARGET-MIB:SNMP-TARGET-MIB": {
"snmpTargetAddrTable": {
"snmpTargetAddrEntry": [
{
"snmpTargetAddrName": "group2",
"snmpTargetAddrTDomain": "1.3.6.1.6.1.1",
"snmpTargetAddrTAddress": "10.255.0.144.0.161",
"snmpTargetAddrTimeout": 1500,
"snmpTargetAddrRetryCount": 3,
"snmpTargetAddrTagList": "v2_trap",
"snmpTargetAddrParams": "group2",
"snmpTargetAddrStorageType": "nonVolatile",
"snmpTargetAddrEngineID": "",
"snmpTargetAddrTMask": "",
"snmpTargetAddrMMS": 2048,
"enabled": true
"f5-system-snmp:targets": {
"target": [
{
"name": "snmp-trap-receiver4",
"config": {
"name": "snmp-trap-receiver4",
"user": "snmpv3-user",
"ipv4": {
"address": "10.255.0.144",
"port": 162
}
},
"state": {
"name": "snmp-trap-receiver4",
"user": "snmpv3-user",
"ipv4": {
"address": "10.255.0.144",
"port": 162
}
}
]
},
"snmpTargetParamsTable": {
"snmpTargetParamsEntry": [
{
"snmpTargetParamsName": "group2",
"snmpTargetParamsMPModel": 1,
"snmpTargetParamsSecurityModel": 2,
"snmpTargetParamsSecurityName": "public",
"snmpTargetParamsSecurityLevel": "noAuthNoPriv",
"snmpTargetParamsStorageType": "nonVolatile"
},
{
"name": "ubuntu-snmp",
"config": {
"name": "ubuntu-snmp",
"community": "public",
"security-model": "v2c",
"ipv4": {
"address": "172.22.50.57",
"port": 162
}
},
"state": {
"name": "ubuntu-snmp",
"community": "public",
"security-model": "v2c",
"ipv4": {
"address": "172.22.50.57",
"port": 162
}
}
]
}
}
]
}
}
Polling SNMP Endpoints
=====================

Expand Down
6 changes: 3 additions & 3 deletions docs/rseries_security.rst
View file
Original file line number Diff line number Diff line change
Expand Up @@ -213,7 +213,7 @@ Certificates for Device Management

F5OS supports TLS device certificates and keys to secure connections to the management interface. You can either create a self-signed certificate or load your own certificates and keys into the system. In F5OS-A 1.4.0 an admin can now optionally enter a passphrase with the encrypted private key. More details can be found in the link below.

`rSeries Certificate Management Overview <https://techdocs.f5.com/en-us/f5os-a-1-3-0/f5-rseries-systems-administration-configuration/title-system-settings.html#cert-mgmt-overview>`_
`Transport Layer Security (TLS) configuration overview <https://techdocs.f5.com/en-us/f5os-a-1-8-0/f5-rseries-systems-administration-configuration/title-auth-access.html#cert-mgmt-overview>`_


Managing Device Certificates, Keys, CSRs, and CAs via CLI
Expand Down Expand Up @@ -2026,15 +2026,15 @@ If F5-F5OS-UID is not set, it defaults to 1001. F5-F5OS-GID is required; if not
More specific configuration details can be found in the **User Management** section of the **rSeries System Administration Guide**.
`F5OS User Management <https://techdocs.f5.com/en-us/f5os-a-1-4-0/f5-rseries-systems-administration-configuration/title-user-mgmt.html#user-management>`_
`F5OS User Roles Overview <https://techdocs.f5.com/en-us/f5os-a-1-8-0/f5-rseries-systems-administration-configuration/title-auth-access.html#user-roles-overview>`_
The **gidNumber** attribute needs to either be on the user or on a group the user is a member of. The **gidNumber** must be one of those listed (9000, 9001, 9100). [The root role is not externally accessible via remote authentication.]
Currently the role numbers (9000, 9001, 9003, 9100) are fixed and hard-coded. The current implementation relies on AD “unix attributes” being installed into the directory. AD groups are not currently queried. The role IDs are fixed. As noted above, the IDs are configurable in F5OS-A 1.4.0, but this is still based on numeric GIDs not group names.
Roles are mutually exclusive. While it is theoretically possible to assign a user to multiple role groups, It is up to the underlying Confd to resolve how the roles present to it are assigned, and it doesn’t always choose the most logical answer. For that reason, you should consider them mutually exclusive and put the user in the role with the least access necessary to do their work. More details, on configuration of F5OS-A 1.4.0 can be found below.
`LDAP/AD configuration overview <https://techdocs.f5.com/en-us/f5os-a-1-4-0/f5-rseries-systems-administration-configuration/title-user-mgmt.html#ldap-config-overview>`_
`LDAP/AD configuration overview <https://techdocs.f5.com/en-us/f5os-a-1-8-0/f5-rseries-systems-administration-configuration/title-auth-access.html#ldap-config-overview>`_
Changing Group ID Mapping via CLI (F5OS-A 1.4.0 and Later)
---------------------------------------------------------
Expand Down
8 changes: 8 additions & 0 deletions docs/rseries_software_upgrades.rst
View file
Original file line number Diff line number Diff line change
Expand Up @@ -190,6 +190,8 @@ To import an F5OS-A image from a remote HTTPS server, use the following API exam
POST https://{{rseries_appliance1_ip}}:8888/api/data/f5-utils-file-transfer:file/import
In the body of the API request enter the information as seen below.
.. code-block:: json
{
Expand Down Expand Up @@ -229,6 +231,8 @@ After transferring the file, you can view the contents of the images/staging dir
POST https://{{rseries_appliance1_ip}}:8888/restconf/data/f5-utils-file-transfer:file/list
In the body of the API request enter the information as seen below.
.. code-block:: json
{
Expand All @@ -255,6 +259,8 @@ You can then monitor the images/import/iso directory to see when the file is rea
POST https://{{rseries_appliance1_ip}}:8888/restconf/data/f5-utils-file-transfer:file/list
In the body of the API request enter the information as seen below.
.. code-block:: json
{
Expand Down Expand Up @@ -493,6 +499,8 @@ This is the Set Version API call that will initiate the upgrade:
POST https://{{rseries_appliance1_ip}}:8888/restconf/data/openconfig-system:system/f5-system-image:image/set-version
In the body of the API request enter the information as seen below.
.. code-block:: json
{
Expand Down

0 comments on commit ab61810

Please sign in to comment.