Auto updates GeoIP database on Big IP.

Awesome script! Great job!

Thanks for this! In my testing I ran into 2 issues getting this setup on xUbuntu 16.04. When running this command

sudo apt-get -y install php7.0 php7.0-common php7.0-cli php7.0-curl php7.0-mcrypt php7.0-ssh2

E: Unable to locate package php7.0-ssh

E: Couldn't find any package by glob 'php7.0-ssh

E: Couldn't find any package by regex 'php7.0-ssh

That happened after adding the repository. Running the command

sudo apt-get -y install php-ssh2

The 2nd error I ran into was after the 1st time I ran the sript, I received this error:

Fatal error: Uncaught Error: "Class 'ZipArchive' not found in /home/xxxx/geoip_updater.php:112

Stack trace:

0 {main}

thrown in /home/xxxx/geoip_updater.php on line 112

I was able to resolve this by running this command

sudo apt-get install php-zip

The security conscious side of me doesn't particularly like having the root password stored in the script. If that could be made a variable that needs to be entered at the very beginning, that would be better in my own opinion.

The other thing I would suggest, is to see if the files you are about to download are already downloaded. Because of the ziparchive error I received, I ended up downloading the files a 2nd time even though they were already there. As I am typing, it just occurs to me that me that being able to specify a local file might also be nice.

Oh, and the GTM I was testing against was 11.5.3.

Thanks Joe for the feedback. I can certainly update the code to allow for a local director copy of the download. My thought was to delete the local copy if its present, as it might not be complete / or corrupted. And i didn't want to force the MD5 url requirement. Also I will update the documentation to include php-zip. Sorry for the inconvenience, but thanks for the determination of trying to get it working! You rock!

I'm thinking i could make the 3rd cli param be a check if its a url or the remote password. If its a url, then its the path to the MD5 checksum, if not, then use it as a password for the remote boxes. Would that work for you?

Also, did it work for you once you got the require files installed? Any and all feedback is greatly appreciated. Thanks alot! I'm always looking to make things better.

Yes, it did work! However, it did give me some notices.

PHP Notice:  Undefined offset: 0 in /home/xxxx/geoip_updater.php on line 135

Notice: Undefined offset: 0 in /home/xxxx/geoip_updater.php on line 135

PHP Notice:  Undefined offset: 0 in /home/xxxx/geoip_updater.php on line 169

Notice: Undefined offset: 0 in /home/xxxx/geoip_updater.php on line 169

I think that was because I used IP only and not an FQDN. So, no big deal. That's a good point about the file being corrupt or incomplete. But I would think that would be a point towards forcing the md5 check. Which I personally would be OK with. Since the 2 URLs are almost identical, except the 2nd one has ".md5" at the end, you could just infer the 2nd URL from the 1st URL. Then you wouldn't need the MD5 URL parameter. I don't really do any coding and about the most I do is some bash scripting or simple iRules so, I am not exactly sure what would be a good way to do the password or local files. But yeah, just adding another parameter to the command seems good to me.

Actually.. the ip-geolocation db file and md5 file have different url's, So I can't infer the md5 from the original download URL. (If you copy and paste both url's in a text program, you will see a different url for both). I wish i could, but I will make those other changes and update the github and devcentral asap.

Yeah, you're right. Last week I compared them and I could have swore they were the same. But when I did it today, they are definitely different.

Made some changes, opened a pull request on github. Tested on Ubuntu 18.04 against test boxes running 11.6.0 (v1) and 13.1.0.8 (v2).

geoip_updater.php

• version 0.0.8
• use PHP_EOL for line endings
• convert to ssh2_auth_agent, default to root user (no password in script)

• pick f5s from F5S environment variable ie:

  F5S=a.example.com,b.example.com php geoip_updater.php  

• avoid system() and printf()

• recommend native php debs, avoid ppa

• default to UTC
• tabs, whitespace, etc
• one ssh connection per f5

Does anyone know if this script also works on PHP 5.4?

It should work. same with 7.1 - 7.4, but hasn't been tested.

I removed the hardcoded methods to allow any method and my version now works against BIG-IP 15.x

 I merged your other changes to the repo and updated my pull request on github.

Note: as comment above, this moves the list of F5s to the environment variable F5S

I also check for the downloaded files and do not redownload them if they exist. Delete temp files to retry.

I'm running with php 7.2 on Ubuntu 18.04 under WSL at the moment. WIll be upgrading to 20.04 sometime soon.

https://github.com/timriker/Vendor_code/raw/master/F5/geoip_updater.php