Search code examples
powershellf5icontrol

Check if there are pending changes in F5 LTM through iControl PowerShell Snap-in

We're automating changes to our standby F5 LTM host through the PowerShell iControl snap-in.

We want to programmatically check if there are changes pending between our standby and live F5 hosts before our automation makes any changes.

Is there a way to check for pending changes through the iControl snap-in or API?

Solution

  • I found the answer in the in the iControl wiki. The get_sync_status_overview() method "gets the status of the current device's presence in all device groups in which it is a member"

    Wiki reference: https://devcentral.f5.com/wiki/iControl.Management__DeviceGroup__SyncStatus.ashx

    I've written the following function in PowerShell that others may find useful when attempting the same kind of operation. It will return true if the device is standalone or in sync with devices in it's group, it will return false if there are changes on the F5 host that need to be synced to the group and throw an error in all other cases:

    function Is-DeviceInSync
{
    <#
    .SYNOPSIS
    Gets the sync status of F5 devices within the device group
    #>

    $syncStatus = (Get-F5.iControl).ManagementDeviceGroup.get_sync_status_overview()

    if ($syncStatus.member_state -eq "MEMBER_STATE_STANDALONE")
    {
        write-host "This F5 device is standalone, no sync is required"
        return $true
    }
    elseif ($syncStatus.member_state -eq "MEMBER_STATE_IN_SYNC")
    {
        write-host "This F5 device is in sync with members of its device group, no sync is required"
        return $true
    }
    elseif ($syncStatus.member_state -eq "MEMBER_STATE_NEED_MANUAL_SYNC")
    {
        write-host "This F5 device is not standalone and changes have been made to this device that have not been synced to the device group"
        return $false
    }
    elseif ($syncStatus.member_state -eq "MEMBER_STATE_SYNCING")
    {
        write-host "This F5 device is currently synching with devices in it's group, waiting 10 seconds before checking again..."
        Start-Sleep -Seconds 10
        Is-DeviceInSync
    }
    else
    {
        throw "This F5 device is not in a stable sync state with devices in it's group, please manually verify the sync state of this device before running this script again"
    }
}

    NOTE: This function assumes the Initialize-F5.iControl function has run and the user is already authenticated to an F5 host