Forum Discussion
Mark_Gallagher
Altocumulus
AltocumulusBig-IP LTM config Bash scripting question
Good day fellow devcentral people,
I am puzzling over a bash script which I am using to provide some documentation in response to questions about device config related to compliance.
The script lists a few per-VIP outputs including name, ssl profile, tls version count and associated irules.
The problem that I am having is this: when there is a single or no irule associated with the VIP all is well. When there are multiple irules, I my output formatting is broken. I wonder if anyone would know how to address this so that when multiple line feeds occur, I can add in a few pipe characters necessary for this report to look nice without a lot of time manually reformatting?
Here is some example output:
] tmp # ./cert_mapping.sh
| virtual | destination | profile | Certificate | SSLv1.0 Count | SSLv1.3 Count | iRules |
|-- |-- |-- |-- |-- |-- |-- |
| /Common/stg-vs-origin_10.1.1.1_443 | 10.1.1.1:443 | name.com-wildcard_client_20190312 | name.com-wildcard-v2.crt | 0 | 18602218 | stg-origin-stage1.name.com
devtest-cipher-logging |
| /Common/stg-vs-origin-stage2-name.com_10.1.1.2-443 | 10.1.1.2:443 | name.com-wildcard_client_20190312 | name.com-wildcard-v2.crt | 0 | 18602218 | stg-origin-stage2-name |
| /Common/tst-vs-functionservices-test_10.1.1.3_443 | 10.1.1.3:443 | clientssl | default.crt | 34 | 65993 | devqatst_cachectrl
devqatst_cookie-sec-httponly-flags
devqatst_httperr-4xx-5xx-static-cntnt
devqatst_strip-hdrinfo |
And this more of how I'd like to see it:
] tmp # ./cert_mapping.sh
| virtual | destination | profile | Certificate | SSLv1.0 Count | SSLv1.3 Count | iRules |
|-- |-- |-- |-- |-- |-- |-- |
| /Common/stg-vs-origin_10.1.1.1_443 | 10.1.1.1:443 | name.com-wildcard_client_20190312 | name.com-wildcard-v2.crt | 0 | 18602218 | stg-origin-stage1.name.com |
|-- |-- |-- |-- |-- |-- | devtest-cipher-logging |
| /Common/stg-vs-origin-stage2-name.com_10.1.1.2-443 | 10.1.1.2:443 | name.com-wildcard_client_20190312 | name.com-wildcard-v2.crt | 0 | 18602218 | stg-origin-stage2-name |
| /Common/tst-vs-functionservices-test_10.1.1.3_443 | 10.1.1.3:443 | clientssl | default.crt | 34 | 65993 | devqatst_cachectrl |
|-- |-- |-- |-- |-- |-- | devqatst_cookie-sec-httponly-flags |
|-- |-- |-- |-- |-- |-- | devqatst_httperr-4xx-5xx-static-cntnt |
|-- |-- |-- |-- |-- |-- | devqatst_strip-hdrinfo |
Any suggestions would be appreciated very much.
This is the script:
#!/bin/bash
LIST=`find /config -name bigip.conf | xargs awk '$2 == "virtual" {print $3}' 2> /dev/null | sort -u`
echo "| virtual | destination | profile | Certificate | SSLv1.0 Count | SSLv1.3 Count | iRules |"
echo "|-- |-- |-- |-- |-- |-- |-- |"
for VAL in ${LIST}
do
PROF=`tmsh show /ltm virtual ${VAL} profiles 2> /dev/null | grep -B 1 " Ltm::ClientSSL Profile:" | cut -d: -f4 | grep -i "[a-z]" | sed s'/ //'g| sort -u`
DEST=`tmsh show /ltm virtual ${VAL} 2> /dev/null | grep " Destination :" | awk '{print $3}'`
test -n "${PROF}" 2>&- &&
test -n "${DEST}" 2>&- &&
{
VIRTS=`expr $VIRTS + 1`
for PCRT in ${PROF}
do
CERT=`tmsh list /ltm profile client-ssl ${PCRT} | awk '$1 == "cert" {print $2}' 2> /dev/null | sort -u`
SSL1_0COUNT=`tmsh show /ltm profile client-ssl ${PCRT} raw | awk '$4 == "1.0" {print $5}' 2> /dev/null | sort -u`
SSL1_2COUNT=`tmsh show /ltm profile client-ssl ${PCRT} raw | awk '$4 == "1.2" {print $5}' 2> /dev/null | sort -u`
IRULE=`tmsh list ltm virtual ${VAL} rules | awk 'BEGIN {RS="\n}"} !/none/ {print}' | grep -v ' rules \|}' | grep -v ltm.virtual`
test -n "${CERT}" 2>&- &&
test -n "${SSL1_0COUNT}" 2>&- &&
test -n "${SSL1_2COUNT}" 2>&- &&
{
echo "| ${VAL} | ${DEST} | ${PCRT} | ${CERT} | ${SSL1_0COUNT} | ${SSL1_2COUNT} | ${IRULE} |"
}
done
}
done
echo "Virtual server count: ${VIRTS}"
Hi ,
I think I've already put these on the codeshare, feel free to test my script from below links, you can customize them to your requirement too.
https://devcentral.f5.com/s/articles/Export-Virtual-Server-Configuration-in-CSV-tmsh-cli-script
https://devcentral.f5.com/s/articles/Capture-Virtual-Server-Clientssl-Profile-Ciphers-Mapping-Bash
https://devcentral.f5.com/s/articles/Capture-SSL-Profile-Protocol-Stats-Bash
To answer your question, you have to use xargs command in your Irule capture statement. This will convert your multiline output to oneline with spaces inbetween. So it will look like below,
IRULE=`tmsh list ltm virtual ${VAL} rules | awk 'BEGIN {RS="\n}"} !/none/ {print}' | grep -v ' rules \|}' | grep -v ltm.virtual | xargs`Hope this helps.
jaikumar_f5MVP
Hi ,
I think I've already put these on the codeshare, feel free to test my script from below links, you can customize them to your requirement too.
https://devcentral.f5.com/s/articles/Export-Virtual-Server-Configuration-in-CSV-tmsh-cli-script
https://devcentral.f5.com/s/articles/Capture-Virtual-Server-Clientssl-Profile-Ciphers-Mapping-Bash
https://devcentral.f5.com/s/articles/Capture-SSL-Profile-Protocol-Stats-Bash
To answer your question, you have to use xargs command in your Irule capture statement. This will convert your multiline output to oneline with spaces inbetween. So it will look like below,
IRULE=`tmsh list ltm virtual ${VAL} rules | awk 'BEGIN {RS="\n}"} !/none/ {print}' | grep -v ' rules \|}' | grep -v ltm.virtual | xargs`Hope this helps.
- Mark_Gallagher
Hi Jaikumar, thanks so much! piping the output of the irule capture to xargs worked a treat!
