f5devcentral
diff --git a/‎.env.device-secrets-example‎
Lines changed: 1 addition & 1 deletion b/‎.env.device-secrets-example‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎.github/workflows/build-pages.yml‎
Lines changed: 2 additions & 0 deletions b/‎.github/workflows/build-pages.yml‎
Lines changed: 2 additions & 0 deletions
diff --git a/‎.github/workflows/check-branch.yml‎
Lines changed: 2 additions & 0 deletions b/‎.github/workflows/check-branch.yml‎
Lines changed: 2 additions & 0 deletions
diff --git a/‎.github/workflows/push-image.yml‎
Lines changed: 4 additions & 1 deletion b/‎.github/workflows/push-image.yml‎
Lines changed: 4 additions & 1 deletion
diff --git a/‎COLLECTOR_VERSION‎
Lines changed: 1 addition & 0 deletions b/‎COLLECTOR_VERSION‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎README.md‎
Lines changed: 58 additions & 18 deletions b/‎README.md‎
Lines changed: 58 additions & 18 deletions
diff --git a/‎VERSION‎
Lines changed: 0 additions & 1 deletion b/‎VERSION‎
Lines changed: 0 additions & 1 deletion
diff --git a/‎config/README.md‎
Lines changed: 0 additions & 1 deletion b/‎config/README.md‎
Lines changed: 0 additions & 1 deletion
diff --git a/‎config/ast_defaults.yaml‎
Lines changed: 29 additions & 5 deletions b/‎config/ast_defaults.yaml‎
Lines changed: 29 additions & 5 deletions
diff --git a/‎config/bigip_receivers.yaml‎
Lines changed: 25 additions & 5 deletions b/‎config/bigip_receivers.yaml‎
Lines changed: 25 additions & 5 deletions
@@ -1,4 +1,4 @@
-# Names here are arbitrary, but must match values in big-ips.json.
+# Names here are arbitrary, but must match values in bigip_receivers.yaml.
 # Passwords can be referenced by many devices (you do not need a unique variable for each device).
 BIGIP_PASSWORD_1=A_SECRET_PASSWORD
 BIGIP_PASSWORD_2=ANOTHER_SECRET_PASSWORD
@@ -11,6 +11,8 @@ name: Pages-CI
 jobs:
   validate:
     name: Validate HTML
+    permissions:
+      contents: read
     strategy:
       fail-fast: false
     runs-on: ubuntu-latest
 
@@ -7,6 +7,8 @@ on:
 
 jobs:
   check-branch:
+    permissions:
+      contents: read
     runs-on: ubuntu-latest
     steps:
       - name: Check branch
 
@@ -6,6 +6,9 @@ on:
       - 'v[0-9]+.[0-9]+.[0-9]+'
 jobs:
   Pull-From_Gitlab:
+    permissions:
+      contents: read
+      packages: write
     runs-on: ubuntu-latest
     steps:
       - name: "Checkout source code"
@@ -18,7 +21,7 @@ jobs:
           password: ${{ secrets.GITLAB_PASSWORD }}
       - name: Set variables
         run: |
-          VER=$(cat VERSION)
+          VER=$(cat COLLECTOR_VERSION)
           echo "VERSION=$VER" >> $GITHUB_ENV
       - name: Pull Gitlab Image
         run: docker pull registry.gitlab.com/f5/greenhouse/apps/seven-layer-cake-collector/otel_custom_collector:${{ env.VERSION }}
 
@@ -0,0 +1 @@
+v0.9.4
@@ -1,17 +1,15 @@
 # Application Study Tool
 
-> 🚨🚨**Notice**🚨🚨
-> 
-> Configuration for the Application Study Tool has changed significantly in the v0.6.0 release. To
-update a legacy configuration, see [Config Migration for Pre v0.6.0 Deployments](https://f5devcentral.github.io/application-study-tool/config/config_migration.html).
->
-> Before you start, make sure to backup the /config/big-ips.json file!
-
-
 ## Overview
 
-> See the [AST Docsite](https://f5devcentral.github.io/application-study-tool/) for detailed
-configuration, troubleshooting info, etc.
+> Prior to installation, please see the [AST Docsite](https://f5devcentral.github.io/application-study-tool/) for detailed
+configuration, troubleshooting (REST changes, HIGH CPU on control plane) info, etc.
+
+> See the [F5 Application Study Tool Labs](https://clouddocs.f5.com/training/community/ast/html/) for an educational guided lab experience.
+> 
+> For enabling HTTPS within Grafana, see the [Make Grafana Listen on HTTPS guide](https://community.f5.com/kb/technicalarticles/application-study-tool-make-grafana-listen-on-https/341728) for guidance.
+>
+> To review ideas on integrating your secrets with a vault, see the [Integrating your secrets with Hashi vault](https://community.f5.com/kb/TechnicalArticles/f5-app-study-tool-with-passwords-stored-in-vault/341155) for further information.
 
 The Application Study Tool is intended to provide enhanced insights into (classic) BIG-IP products, leveraging best in class
 open source telemetry tools. The full installation includes:
@@ -61,8 +59,8 @@ vi ./config/ast_defaults.yaml
 vi ./config/bigip_receivers.yaml
 # Run the configuration generator
 docker run --rm -it -w /app -v ${PWD}:/app --entrypoint /app/src/bin/init_entrypoint.sh python:3.12.6-slim-bookworm --generate-config
-# Start the tool
-docker-compose up
+# Start the tool (use `docker compose up -d` to start in background mode)
+docker compose up
 ```
 
 ## Configuration
@@ -78,8 +76,6 @@ Application Study Tool config management relies on default configs in
 
 Settings in the bigip_receivers.yaml override those in ast_defaults.yaml.
 
-To update a legacy (pre v0.6.0) configuration, to the new scheme see
-[Config Migration for Pre v0.6.0 Deployments](https://f5devcentral.github.io/application-study-tool/config/config_migration.html)
 
 ## Configure Default Device Settings
 
@@ -97,14 +93,34 @@ bigip_receiver_defaults:
   # BIGIP_PASSWORD_1
   password: "${env:BIGIP_PASSWORD_1}"
   # The data_types that should be enabled or disabled.
-  # DNS and GTM are disabled by default and users can enable those modules
+  # These are disabled by default and users can enable those modules
   # on all devices by setting the below to true.
-  # A full list of data_types is in pages/receiver_readme.md.
+  # A full list of data_types is at https://f5devcentral.github.io/application-study-tool/components/otel_collector/receiver_readme.html.
   data_types:
+    f5.apm:
+      enabled: false
+    f5.cgnat:
+      enabled: false
     f5.dns:
       enabled: false
+    f5.dos:
+      enabled: false
+    f5.firewall:
+      enabled: false
     f5.gtm:
       enabled: false
+    f5.policy.api_protection:
+      enabled: false
+    f5.policy.asm:
+      enabled: false
+    f5.policy.firewall:
+      enabled: false
+    f5.policy.ip_intelligence:
+      enabled: false
+    f5.policy.nat:
+      enabled: false
+    f5.profile.dos:
+      enabled: false
   # The TLS settings to use. Either a CA file must be specified or
   # insecure_skip_verify set to true (not recommended).
   tls:
@@ -270,11 +286,28 @@ f5_policy_ip_intelligence_feed_list_count{}
 f5_policy_ip_intelligence_info{}
 f5_virtual_server_profile_client_ssl_secure_handshakes_total{}
 f5_policy_ip_intelligence_generation{}
+f5_pool_member_bytes_in_total{}
+f5_pool_member_bytes_out_total{}
+f5_pool_member_connection_count{}
+f5_pool_member_connections_total{}
+f5_pool_member_requests_total{}
+f5_pool_member_session_count{}
+f5_pool_member_packets_in_total{}
+f5_pool_member_packets_out_total{}
 f5_plane_cpu_utilization_5s{}
 ```
 
 This will impact data output in several dashboards/panels (denoted with description fields indicating as such).
 
+You can disable attempts to collect bash information with `enable_bash_collection: false` at the appropriate level (global or device).
+
+```yaml
+bigip/1:
+  endpoint: https://10.0.0.1
+  enable_bash_collection: false
+  #...
+```
+
 ### Configure CA File
 AST expects a valid TLS cert bundle unless `tls.insecure_skip_verify` is
 set to true for each device. In order to mount and use your CA file, you must
@@ -321,7 +354,8 @@ cp .env-example .env
 ### Run Application Study Tool
 Once the above configurations have been made, the tool can be started with:
 
-```
+```shell
+# `docker compose up -d` to start in background mode
 docker compose up
 ```
 
@@ -339,9 +373,15 @@ special instructions / breaking changes.
 3. Stash changes, update the repo state, and unstash changes as follows:
 ```shell
 git stash
+git fetch --tags
 git pull origin main
-git checkout tags/RELEASE_VERSION #(e.g. tags/v0.7.0)
+git checkout tags/RELEASE_VERSION #(e.g. tags/v0.9.4)
 git stash pop
+# <merge any conflicts with your local changes>
+# <re-run config scripts>
+docker compose down
+# `docker compose up -d` to start in background mode
+docker compose up
 ```
 
 ## Support
 
@@ -5,4 +5,3 @@ Files in this directory can be used to configure aspects of the Application Stud
 For additional detail, see:
 
 * [Configuration Management](pages/config_management.md) (new users start here)
-* [Pre v0.6.0 Config Migration](pages/config_migration.md)
@@ -8,18 +8,42 @@ bigip_receiver_defaults:
   # The password (not recommended) or a reference to an env variable (recommended, shown)
   # Below tells the collector to look for an environment variable named BIGIP_PASSWORD_1
   password: "${env:BIGIP_PASSWORD_1}"
-  # The timeout field can be used to adjust the amount of time the collector will wait for a response
+  # The timeout field can be used to adjust the maximum amount of time the collector will wait for a response
   # to BigIP iControl Rest requests. Larger boxes with more complex config may require setting this value
-  # higher. Set for individual devices in bigip_receivers.yaml
-  timeout: 10s
-  # The data_types that should be enabled or disabled. DNS and GTM users can enable those modules
+  # higher.
+  # This value should be less than or equal to the collection_interval. Any requests that haven't completed
+  # before this timer expires (starting at the beginning of the collection interval) will be cancelled.
+  # You can set this for individual devices in bigip_receivers.yaml.
+  timeout: 60s
+  # The data_types that should be enabled or disabled. Default-disabled module users can enable those modules
   # by setting the below to true. These will apply to all devices and may be better specified on the
-  # per-reciever settings file below.
+  # per-reciever settings file.
+  # The full list of available data types is [here](https://f5devcentral.github.io/application-study-tool/components/otel_collector/receiver_readme.html#available-data_types).
   data_types:
+    f5.apm:
+      enabled: false
+    f5.cgnat:
+      enabled: false
     f5.dns:
       enabled: false
+    f5.dos:
+      enabled: false
+    f5.firewall:
+      enabled: false
     f5.gtm:
       enabled: false
+    f5.policy.api_protection:
+      enabled: false
+    f5.policy.asm:
+      enabled: false
+    f5.policy.firewall:
+      enabled: false
+    f5.policy.ip_intelligence:
+      enabled: false
+    f5.policy.nat:
+      enabled: false
+    f5.profile.dos:
+      enabled: false
   # The TLS settings to use. Either a CA file must be specified or insecure_skip_verify
   # set to true (not recommended)
   tls:
 
@@ -6,7 +6,7 @@
 bigip/1:
   # Endpoint must be specified for each device
   # Set this to the management IP for the device. This must be
-  # reachable from the Application Study Tool host.
+  # reachable from the Application Study Tool host (port 443).
   endpoint: https://10.0.0.1
   ## Uncommenting any of the following lines will override the defaults in
   ## ast_defaults.yaml bigip_receiver_defaults section.
@@ -15,10 +15,30 @@ bigip/1:
   # collection_interval: 30s
   # timeout: 20s
   # data_types:
-  #   f5.dns:
-  #     enabled: false
-  #   f5.gtm:
-  #     enabled: false
+    # f5.apm:
+    #   enabled: false
+    # f5.cgnat:
+    #   enabled: false
+    # f5.dns:
+    #   enabled: false
+    # f5.dos:
+    #   enabled: false
+    # f5.firewall:
+    #   enabled: false
+    # f5.gtm:
+    #   enabled: false
+    # f5.policy.api_protection:
+    #   enabled: false
+    # f5.policy.asm:
+    #   enabled: false
+    # f5.policy.firewall:
+    #   enabled: false
+    # f5.policy.ip_intelligence:
+    #   enabled: false
+    # f5.policy.nat:
+    #   enabled: false
+    # f5.profile.dos:
+    #   enabled: false
   # tls:
   #   insecure_skip_verify: true
   #   ca_file:
Original file line number	Diff line number	Diff line change
`@@ -5,4 +5,3 @@ Files in this directory can be used to configure aspects of the Application Stud`
`5`	`5`	`For additional detail, see:`
`6`	`6`
`7`	`7`	`* [Configuration Management](pages/config_management.md) (new users start here)`
`8`		`-* [Pre v0.6.0 Config Migration](pages/config_migration.md)`