DCC Forum
A by-request forum where viewers may engage with show hosts - before, during, and after LiveStreams.
cancel
Showing results for 
Search instead for 
Did you mean: 

how to run the below bash file on f5

ralph_ralf
Altostratus
Altostratus

Hello,

I would like to extract a list of all virtual servers , profiles and certificates on my F5 ; I found the below script but I dont know how to run it on f5.Where should I place the cert-mapping file ? In which folder on f5 ?

  • Log on to the BIG-IP command line.

    Note: Command line access defaults to the bash shell.

  • Using a text editor, create the cert-mapping file.
  • Place the following bash script contents in the cert-mapping file:

    #!/bin/bash
    # Search /config and sub directories (partitions) for bigip.conf files
    LIST=`find /config -name bigip.conf |  xargs  awk '$2 == "virtual" {print $3}' 2> /dev/null | sort -u`
    echo "Virtual:          Profile:        Certificate:          Ciphers:"
    echo "__________________________________________________________"
    for VAL in ${LIST}
    do
    PROF=`tmsh show /ltm virtual ${VAL} profiles 2> /dev/null | grep -B 1 " Ltm::ClientSSL Profile:" | cut -d: -f4 | grep -i "[a-z]" | sed s'/ //'g| sort -u`
    test -n "${PROF}" 2>&- && {
    VIRTS=`expr $VIRTS + 1`
    for PCRT in ${PROF}
    do
    CERT=`tmsh list /ltm profile client-ssl ${PCRT} |  awk '$1 == "cert" {print $2}' 2> /dev/null | sort -u`
    test -n "${CERT}" 2>&- && {
    CIPHERS=`tmsh list /ltm profile client-ssl ${PCRT} ciphers | grep ciphers | awk '{print $2}'`
    echo "${VAL} ${PCRT} ${CERT} ${CIPHERS}"
    }
    done
    }
    done
    echo "Virtual server count: ${VIRTS}"

    Note: To alter this script to search for server-ssl profile certificates, replace client-ssl with server-ssl and Ltm::ClientSSL Profile: with Ltm::ServerSSL Profile:.

  • Close the text editor saving the file cert-mapping that contains the bash script.
  • To execute the script type the following command:

    bash ./cert-mapping

Thansk in advance.

 

Best Regards,

 

 

1 ACCEPTED SOLUTION

Notepad isn't your best option. Are you able to save the file locally with notepad++

Also, can you post a cat from the file?

Command on the cli is cat /temp/cert-mapping

View solution in original post

5 REPLIES 5

Hi Ralph,

If you only need it to run once you can place it in /tmp/.
/shared/scripts would be a nice location of you are going to run it multiple times during the life of your BIG-IP.

Do not forget to make it executable. (chmod u+x cert-mapping)

Cheers,
Kees

Thanks for your reply :

Ive created the notepad file and transfered it to /tmp folder using filezilla.Then Ive changed the file to be an executable as advised.However after running it I got an error.

Can you have a look on the below output and revert back.Thanks in advance

 

[root@f5-IB-2:Standby:In Sync] tmp # chmod u+x cert-mapping
[root@f5-IB-2:Standby:In Sync] tmp #
[root@f5-IB-2:Standby:In Sync] tmp #
[root@f5-IB-2:Standby:In Sync] tmp # ls -l
total 580
-r--r--r--. 1 root root 261660 2021-05-08 07:24 BigDB.dat.orig
-rwxr--r--. 1 root root 914 2023-07-15 22:54 cert-mapping
-r--r--r--. 1 root root 131 2022-08-20 22:57 dhclient.sh
drwxr-xr-x. 2 root root 1024 2023-07-15 06:38 epsec
-r--r--r--. 1 root root 206 2022-08-20 22:57 hosts_script
drwxr-xr-x. 2 root root 1024 2022-08-27 03:33 hsperfdata_root
drwxr-xr-x. 2 tomcat tomcat 1024 2022-08-20 22:58 hsperfdata_tomcat
-rw-r--r--. 1 root webusers 304730 2023-07-15 22:49 running-config
-rw-------. 1 apache apache 451 2023-07-15 15:08 sess_blttcb605qqnb26s65sg5v1jv2
-rw-------. 1 apache apache 451 2023-07-15 15:08 sess_ec2mp7g390lvpeg07hcth2ap02
-rw-------. 1 apache apache 451 2023-07-15 15:08 sess_n781lbebpi5ndb6ae7fa18m1q7
-r--r--r--. 1 root root 355 2022-08-20 22:57 sshd_login.sh
[root@f5-IB-2:Standby:In Sync] tmp #
[root@f5-IB-2:Standby:In Sync] tmp #
[root@f5-IB-2:Standby:In Sync] tmp # bash ./cert-mapping
Virtual: Profile: Certificate: Ciphers:
__________________________________________________________
'/cert-mapping: line 7: syntax error near unexpected token `do
'/cert-mapping: line 7: `do
[root@f5-IB-2:Standby:In Sync] tmp #

Notepad isn't your best option. Are you able to save the file locally with notepad++

Also, can you post a cat from the file?

Command on the cli is cat /temp/cert-mapping

Dear KeesvandenBos,

I 've edited the same script into notepad ++ as recommended and the file now is compatible with unix bash.

I was also able to cat /tmp/cert-mapping.bash (below):

The question now how can I run it ? tmsh ? bash ./cert-mapping is not working ?

 

[root@f5-IB-2:Standby:In Sync] config #
^[[A[root@f5-IB-2:Standby:In Sync] config # cat /tmp/cert-mapping.bash
#!/bin/bash
# Search /config and sub directories (partitions) for bigip.conf files
LIST=`find /config -name bigip.conf | xargs awk '$2 == "virtual" {print $3}' 2> /dev/null | sort -u`
echo "Virtual: Profile: Certificate: Ciphers:"
echo "__________________________________________________________"
for VAL in ${LIST}
do
PROF=`tmsh show /ltm virtual ${VAL} profiles 2> /dev/null | grep -B 1 " Ltm::ClientSSL Profile:" | cut -d: -f4 | grep -i "[a-z]" | sed s'/ //'g| sort -u`
test -n "${PROF}" 2>&- && {
VIRTS=`expr $VIRTS + 1`
for PCRT in ${PROF}
do
CERT=`tmsh list /ltm profile client-ssl ${PCRT} | awk '$1 == "cert" {print $2}' 2> /dev/null | sort -u`
test -n "${CERT}" 2>&- && {
CIPHERS=`tmsh list /ltm profile client-ssl ${PCRT} ciphers | grep ciphers | awk '{print $2}'`
echo "${VAL} ${PCRT} ${CERT} ${CIPHERS}"
}
done
}
done
echo "Virtual server count: ${VIRTS}"[root@f5-IB-2:Standby:In Sync] config #
[root@f5-IB-2:Standby:In Sync] config #
[root@f5-IB-2:Standby:In Sync] config #

 

 

 

 

[root@f5-IB-2:Standby:In Sync] config #cd /tmp
[root@f5-IB-2:Standby:In Sync] tmp #./cert-mapping