Service Mapping F5 load balancer issue
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎08-23-2017 03:29 PM
Horizontal discovery is working fine.But when I run the Service mapping discovery by providing the management IP it is giving the following error:
Permission issues: SSH authentication failed. Verify that credentials have been correctly define for host 1X.XXX.XXX.XX. SSH authentication failed on host 1X.XXX.XXX.XXX. Failed to initialize SSH connection to host. Verify that the host can be access through SSH.
Why do we need SSH credentials for for load balancers ?
Why It is not able to discover even though SNMP port 161 is open ?
- Labels:
-
Service Mapping
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎08-24-2017 01:55 PM
Hi Nash,
ServiceMapping requires ssh access to F5s only these have iRules.
Thanks,
Berny
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎08-24-2017 02:25 PM
Here goes what the documentation states regarding the access required for F5:
CI | Rights and permissions |
---|---|
BIG-IP Local Traffic Manager (LTM ) F5 (on F5 BIG-IP) and BIG-IP Global Traffic Manager (GTM) F5 | Provide a user with either Administrator or Resource Administrator user role necessary to run:
|
source: Rights and permissions required for Service Mapping
Thanks,
Berny
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎08-27-2017 05:47 PM
Hi nashv, do you have any further questions?
Would you mind marking the responses as helpful/correct so that we can close this thread?
Thanks,
Berny

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎08-28-2017 12:25 AM
Hi Nash, SSH is required to run tmsh scripts. The MID server uses SNMP and SSH credentials to gather information from the F5 devices. In the F5 LTM/GTM you have the web interface account and the OS account (admin and root by default respectively), the SSH credential is for the OS account (F5 custom OS version). In this case if the customer wants to restrict the OS account they can either create a sudo account or use external credential storage. In the BIG IP screen below you see the SSH credential we need in the MID Server credential:
There are some extra flexibility I listed below if you want to restrict SSH credentials:
Below is the F5 doc explaining how to create a sudo account:
https://support.f5.com/csp/article/K519
Below is the external credential storage guide:
Finally, one other option is to use F5 REST API (iControl if I'm right), but that would require you to configure new sensors and probes.