search

F5Networks / terraform-provider-bigip

Terraform resources that can configure F5 BIG-IP products
https://registry.terraform.io/providers/F5Networks/bigip/latest/docs
Mozilla Public License 2.0
103 stars 119 forks source link

Add 'Save Sys Config' to F5 Terraform #289

Closed johnnywilkes closed 4 years ago

johnnywilkes commented 4 years ago

F5 config changes via TMSH or API don't automatically save to the "saved" (startup) configuration file. There is a command that needs to be run to do so: "tmsh save sys config." If this isn't run, then the startup and saved configuration will vary and on a reboot the changes to the running configuration will be lost.

Would it be possible to add a feature to do the API equivalent of a "tmsh save sys config" after a Terraform apply or deny, please? I have manually added an external python script to do so, but that isn't super efficient. I think there are many people out there running Terraform and not realizing their changes aren't made the "saved" (startup) configuration as well.

papineni87 commented 4 years ago

there is terraform resource "bigip_command" to run any tmsh commands. we can include this resource in terraform configuration file to run the command at the end of configuration.

resource "bigip_command" "test-command" { commands = ["show sys version"] }

create ltm node

resource "bigip_command" "test-command" { commands = ["create ltm node 10.10.10.70"] }

Destroy ltm node

resource "bigip_command" "test-command" { when ="destroy" commands = ["delete ltm node 10.10.10.70"] }

johnnywilkes commented 4 years ago

@papineni87 , thank you for your feedback. Is there any easy way to make sure that is only once when all objects are created/destroyed? Also, with the bigip_command is there a way to interpolate the partition?

papineni87 commented 4 years ago

I think there is Automation toolchain (AS3, DO) resources which are declaratively way of configuring bigip and will also trigger config save at the end.

Also below tmsh command will save config to particular partition which can be included in the bigip_command resource

tmsh save sys config partitions {} “tmsh save sys config” does all parititions by default

johnnywilkes commented 4 years ago

bigip_command will also require an account that allows tmsh access, right?

papineni87 commented 4 years ago

This resource will do icontrol rest call to execute tmsh command on bigip. By default bigip will have root/admin accounts that allows tmsh access.

johnnywilkes commented 4 years ago

but can we still run bigip_command using an account that is manager access with terminal access disabled?

papineni87 commented 4 years ago

Yes, i guess bcoz it uses rest call

init4 commented 4 years ago

No need for bigip_command. There is an API call to save the running config. The provider should be calling it after each API run. Eg:

curl -H 'Content-Type: application/json' -sk -u admin:password https://bigip/mgmt/tm/sys/config/ -d "{ \"command\": \"save\" }" {"kind":"tm:sys:config:savestate","command":"save”}

focrensh commented 4 years ago

Closing as there are supported mechanisms using the command resource.