Creating device trust / trust-domain through iControl REST Call(s)
Hey there
Currently I try to implement basic configuration through iControl REST calls. A personal deadend is building a device trust.
The API tells me how to do that: https://clouddocs.f5.com/api/icontrol-rest/APIRef_tm_cm_trust-domain.html. But it doens'nt work out. The same question has been asked here: https://community.f5.com/t5/technical-forum/rest-api-trust-domain-peer/td-p/164274. A solution is to send a POST with a tmsh command. Fair enough. But there hast to be a way to configure it the "right way" through proper REST calls. Any hints?
The URL I am calling:
- https://{{baseurl}}/mgmt/tm/cm/trust-domain/add-device
Here is my JSON body
{
"ca-device": "{{f5ClusterPeer2}}",
"device-ip": "{{f5MgmtIpPeer}}",
"device-name": "{{f5ClusterPeer2}}",
"device-port": "443",
"device-username": "{{f5DeviceTrustUser}}",
"device-password": "{{f5DeviceTrustPassword}}"
}
Note: I use Postman.
The response I get is this:
{
"code": 409,
"message": "01020066:3: The requested trust domain () already exists in partition Common.",
"errorStack": [],
"apiError": 3
}
Calling the "Root" resource in the URL responds this:
{
"code": 403,
"message": "Operation is not allowed on property group /cm/trust-domain/Root/add-device.",
"errorStack": [],
"apiError": 1
}
Edit:
I found this in the API doc: https://clouddocs.f5.com/api/icontrol-rest/APIRef_tm_cm_add-to-trust.html. But still doesn't work out wit this JSON body:
{
"ca-Device": "true",
"device": "{{f5ClusterPeer2}}",
"deviceName": "{{f5ClusterPeer2}}",
"port": "443",
"username": "{{f5DeviceTrustUser}}",
"password": "{{f5DeviceTrustPassword}}"
}
Hi,
I don't use Postman (I use cURL instead).
You just need to send a REST API call to BIG-IP 1 to add the peer unit (BIGIP-2) to the existing root trust domain:
curl -sk -u <ADMIN USERNAME>:<ADMIN PASSWORD> -H "Content-Type: application/json" -X PATCH -d \ '{"addDevice":{"deviceIp":"<BIGIP-2 MGMT IP ADDRESS>","deviceName":"<BIGIP-2 HOSTNAME>","username":"<ADMIN USERNAME>","password":"<ADMIN PASSWORD>"}}' \ https://<BIGIP-1 MGMT IP>/mgmt/tm/cm/trust-domain/Root