For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

NetSnoopy's avatar
NetSnoopy
Icon for Cirrus rankCirrus
Apr 04, 2019

(usefull) config export to csv for partitions

Hello, I wrote a shell script to export the most important config to a csv file. This was inspired from some other posts. The script runs on bash from a LB. For the CSV import to excel, you need to change the column B(named as VIP) to TEXT and enable word-wrap to the hole chart. The script collects field by field from running system. If you have a lot of configuration it can be need some time to finish. You can start with SCRIPTNAME PARTITION > EXPORTcsv direct from bash not tmsh. I hope it helps somebody, Cheers NetSnoopy

 

bash script
BIG-IP
config
csv
devops
export in csv
Super-NetOps
TMSH

4 Replies

  • NetSnoopy's avatar
    NetSnoopy
    Icon for Cirrus rankCirrus
    Apr 04, 2019
    ! /bin/bash
PARTITION=$1
 check if partition parameter set
if [ -z "$PARTITION" ]
then
    echo "Argument not present."
    echo "Useage $0 [PartitionName]"
    echo "to write a csv file append > FILENAME.csv"
    exit 99
fi
 generate csv head line
echo \"VS Name\"\;\"VIP\"\;\"Port\"\;\"Client SSL\"\;\"Server SSL\"\;\"Persistence\"\;\"Pool Name\"\;\"Balancing\"\;\"Pool Members Name\"\;\"Pool Members IP\"\;\"Members Port\"\;\"Monitor\"\;\"iRules\"
 collect vs names 
VIRTUALS=$(tmsh list /ltm virtual /$PARTITION/* | grep "ltm virtual" | cut -d" " -f3)
for VS in $VIRTUALS; 
 collect config parameter for each vs
do
  VSNAME=$(echo $VS| cut -d "/" -f3) 
  echo -n \"$VSNAME\"\;
  DEST=$(tmsh list /ltm virtual $VS | grep destination | cut -d" " -f6 |cut -d "/" -f3 |cut -d"%" -f1 | cut -d":" -f1 )
  echo -n \"$DEST\"\;
  PORT=$(tmsh list /ltm virtual $VS | grep destination | cut -d" " -f6 |cut -d "/" -f3 | cut -d":" -f2 )
  echo -n \"$PORT\"\;
  collect SAN from all used Certs in clientssl profile
  SSLPROFILE=$(tmsh list /ltm virtual $VS | grep -B 1 clientside | grep -v clientside|cut -d "/" -f3|cut -d " " -f1 | grep -v "\-\-")
  echo -n \"
  if [ -n "$SSLPROFILE" ]
  then
    SSLCOUNT=$(tmsh list /ltm virtual $VS | grep -B 1 clientside | grep -v clientside|cut -d "/" -f3|cut -d " " -f1 | grep -v "\-\-" | wc -l )
    i=1
    for CLIENTSSL in $SSLPROFILE;
      do
        CERTNAME=$(tmsh list /ltm profile client-ssl /$PARTITION/$CLIENTSSL | grep -m 1 cert | sed  's/ cert //' | cut -d"/" -f2- | tr -d " " )
        if [[ "$CERTNAME" == "$PARTITION"* ]]
        then
          DOMAINS=$(tmsh list /sys file ssl-cert /$CERTNAME |grep "subject-alternative-name"| tr -d "\""|tr -s " "| cut -d" " -f3- | tr "DNS:" " "|tr "," "\n" |tr -d " " )
          echo -n "$DOMAINS"
        else
          DOMAINS=$(tmsh list /sys file ssl-cert /Common/$CERTNAME |grep "subject-alternative-name"| tr -d "\""|tr -s " "| cut -d" " -f3- | tr "DNS:" " "|tr "," "\n" |tr -d " " )
          echo -n "$DOMAINS"
        fi
        if [ "$i" -lt "$SSLCOUNT" ]
          then
          echo
        fi
        let "i++"
    done
  fi
  echo -n \"\;\"
  SERVERSSL=$(tmsh list /ltm virtual $VS | grep -B 1 serverside)
  check if backend ssl enabled
  if [[ "$SERVERSSL" == *serverssl* ]]
  then
    echo -n ReEncrypt
  fi
  echo -n \"\;
  Persistens
  PERSISTENCE=$(tmsh list /ltm virtual $VS | grep -A1 persist )
  echo -n \"
  if [ -n "$PERSISTENCE" ]
  then
    if [[ "$PERSISTENCE" == *"$PARTITION"* ]]
    then
      PERSISTENCE=$(tmsh list /ltm virtual $VS | grep -v "fallback-persistence" | grep -A1 persist | grep -v persist | cut -d"/" -f3 | cut -d" " -f1 )
      echo -n $PERSISTENCE
    else
      PERSISTENCE=$(tmsh list /ltm virtual $VS | grep -v "fallback-persistence" | grep -A1 persist | grep -v persist | tr -d " " | cut -d "{" -f1 )
      echo -n $PERSISTENCE
    fi
     get fallback-persistence
    fbPERSISTENCE=$(tmsh list /ltm virtual $VS | grep "fallback-persistence" | grep -v "type" | awk '{print $2}' )
    if [ -n "$fbPERSISTENCE" ]
    then
      echo 
      echo -n $fbPERSISTENCE
    fi
  fi
  echo -n \"\;
  pool informations 
  POOLNAME=$(tmsh list /ltm virtual $VS | grep pool | cut -d" " -f6 | cut -d "/" -f3)
  echo -n \"$POOLNAME\"\; 
   check if pool present
  if [ -n "$POOLNAME" ]
  then
     collect balancing type
    BLANCING=$(tmsh list /ltm pool /$PARTITION/$POOLNAME load-balancing-mode | grep "load-balancing-mode" | awk '{print $2}' )
    echo -n \"$BLANCING\"\;
     get pool members IP address 
    POOLMEMEBERS=$(tmsh list /ltm pool /$PARTITION/$POOLNAME | grep address | cut -d" " -f14|cut -d"%" -f1)
     how many poolmembers
    PMCOUNT=$(echo "$POOLMEMEBERS" | wc -l )
    poolmemeber name
    POOLMEMEBERSNAME=$(tmsh list /ltm pool /$PARTITION/$POOLNAME | grep  ":" | cut -d":" -f1)
    echo -n \"
    i=1
    for PMN in $POOLMEMEBERSNAME;
      do
        if [[ "$PMN" == *"$PARTITION"* ]]
        then
          PMNAME=$(echo "$PMN" | cut -d"/" -f3 )
          echo -n "$PMNAME"
        else
          echo -n "$PMN"
        fi
        if [ "$i" -lt "$PMCOUNT" ]
          then
          echo 
        fi
        let "i++"
    done
    echo -n \"\;\"
    i=1
    for PM in $POOLMEMEBERS;
      do 
        echo -n $PM
        if [ "$i" -lt "$PMCOUNT" ]
          then
          echo 
        fi
        let "i++"
    done
    echo -n \"\;
    collect Member Port
    MEMEBERSPORT=$(tmsh list /ltm pool /$PARTITION/$POOLNAME | cut -d ":" -f2 |grep -A 1 members  |grep '^[0-9a-z]'| cut -d" " -f1)
    echo -n \"$MEMEBERSPORT\"\; 
    collect Monitor
    MONITOR=$(tmsh list /ltm pool /$PARTITION/$POOLNAME  monitor | grep monitor | tr " " "\n" | grep -v "monitor\|{\|}" | grep -v '^[[:blank:]]*$' )
    echo -n \"
    MONITORCOUNT=$(echo "$MONITOR" | wc -l)
    i=1
    for MO in $MONITOR;
      do
        if [[ "$MO" == *"$PARTITION"* ]]
        then
          MONI=$(echo "$MO" | cut -d"/" -f3 )
          echo -n $MONI
        else
          echo -n $MO
        fi
        if [ "$i" -lt "$MONITORCOUNT" ]
          then
          echo 
        fi
        let "i++"
    done
    echo -n \"\;
  else
    echo -n \"\"\;\"\"\;\"\"\;\"\"\;\"\"\;
  fi
  collect irules
  IRULE=$(tmsh list /ltm virtual $VS rules |  grep -v "{\|}" | grep -v "rules none" )
  echo -n \"
  IRULECOUNT=$(echo "$IRULE" | wc -l)
  i=1
  for IR in $IRULE;
    do
      if [[ "$IR" == *"$PARTITION"* ]]
      then
        IRU=$(echo "$IRU" | cut -d"/" -f3 )
        echo -n $IRU
      else
        echo -n $IR
      fi
      if [ "$i" -lt "$IRULECOUNT" ]
        then
        echo 
      fi
      let "i++"
  done
  echo -n \"\;
  end line in csv
  echo
done
  • Najim's avatar
    Najim
    Icon for Nimbostratus rankNimbostratus
    Sep 18, 2019

    Hi,

    Thanks for sharing. I wondered if you have any scripts similar like this to export things like: SSL, redirects, hosts, headers, health checks, WAF rules, NAT per partition.

     

    Kind regards,

     

    Najim

  • NetSnoopy's avatar
    NetSnoopy
    Icon for Cirrus rankCirrus
    Oct 08, 2019

    Hello Najim,

    ssl, redirects(iRule) hosts and health checks are included. But not WAF. If you have a closer view you can easily found the components and modify to what you want. It would be nice if you share your code. 

    Cheers NetSnoopy

  • LiefZimmerman's avatar
    LiefZimmerman
    Icon for Admin rankAdmin
    Jan 11, 2021

     - in another thread  mentioned that this codeblock had some missing comment hashtags. I also don't see hashtags at the beginning of comment sections. Based on the age of this snippet - it could have been an error in our ETL efforts during the platform migration.

     

    Can you review this code-block and let me know if you think it was right before we migrated? (So I might look for that pattern in other code-blocks and fix systemically)

    Thanks!

    Lief