Forum Discussion

hezz_370754's avatar
hezz_370754
Icon for Nimbostratus rankNimbostratus
Aug 29, 2018

Export VIP, Cert CN and Cert expiration date

Hi all,

Client has requested the following information; VIP NAME, VIP IP, Cert CN + Cert Duration.

I have a script that exports VIP and Pool, was hoping to collate all the information into this if possible.

virtuallist=$(tmsh list ltm virtual | grep virtual | cut -d' ' -f3 | tr "\n" " " );
for v in $virtuallist ;
do
DEST=""; POOL=""; MEMB=""; DEST=$(tmsh list ltm virtual $v | grep destination | cut -d' ' -f6)
POOL=$(tmsh list ltm virtual $v | grep pool | cut -d' ' -f6)
MEMB=$(tmsh list ltm pool $POOL | egrep 'address '| sed '$!N;s/\n/ /')

    if [ "$POOL" != "" ];
    then
     echo ""; echo " Virtual: $v - $DEST"; echo " Pool: $POOL"; echo "$MEMB";
     else
        echo ""; echo "!! Virtual $v $DEST has no pool assigned";  echo "";

fi

done
:wq

Cert expiry can be listed from -

tmsh list sys file ssl-cert expiration-string

Have noticed CN can be pulled using regex - 

regexp {CN=([^,]+)} [mcget {session.ssl.cert.subject} ] CNFull CNValue;
return $CNValue

Would there be a way to compilate this all into one script? I am very new to F5 and scripting, any help would be appreciated.

application delivery
BIG-IP Access Policy Manager (APM)
certificate
cn
devops
export
ip
TMSH
vip
  • Kevin_Stewart's avatar
    Kevin_Stewart
    Icon for Employee rankEmployee
    Aug 29, 2018

    This could be significantly optimized, but here's a rough try:

    !/bin/bash

for v in $virtuallist ;
do
   DEST="";
   POOL="";
   MEMB="";

   echo "NAME = $v"

   DEST=$(tmsh list ltm virtual $v | grep destination | cut -d' ' -f6)
   echo "DEST = $DEST"

   CSSL=$(tmsh list ltm virtual test-vip profiles |grep -vE 'profiles|ltm virtual' |grep -B1 "context clientside" |grep -v "context clientside" |sed 's/ //g;s/{//')
   echo "CSSL = $CSSL"

   CERT=$(tmsh list ltm profile client-ssl web1.codestew.net cert |grep -vE "ltm profile|\}" |sed 's/    cert //g')
   CEXP=$(tmsh list sys file ssl-cert web1.codestew.net.crt expiration-string |grep -vE "sys file|\}" |sed 's/    expiration-string "//;s/"//')
   echo "CEXP = $CEXP"

   POOL=$(tmsh list ltm virtual $v | grep pool | cut -d' ' -f6)

   if [ "$POOL" != "" ]
   then
      echo "POOL = $POOL"
      MEMB=$(tmsh list ltm pool $POOL | egrep 'address '| sed '$!N;s/\n/,/;s/            address//g')
      echo "MEMB = $MEMB"
   fi
   echo "--------"
done

    Sample output:

    NAME = test1-vip
DEST = 192.168.1.26:https
CSSL = web1.f5demolabs.net
CEXP = Jul 26 19:10:16 2019 GMT
POOL = pool1
MEMB =  192.168.1.10, 192.168.1.11
--------
NAME = test2-vip
DEST = 192.168.1.27:https
CSSL = web2.f5demolabs.net
CEXP = Jul 26 19:10:16 2019 GMT
POOL = pool2
MEMB =  192.168.1.20, 192.168.1.21
--------