Forum Discussion

Mark_Gallagher's avatar
Mark_Gallagher
Icon for Altocumulus rankAltocumulus
Dec 14, 2020
Solved

Big-IP LTM config Bash scripting question

Good day fellow devcentral people,

I am puzzling over a bash script which I am using to provide some documentation in response to questions about device config related to compliance.

The script lists a few per-VIP outputs including name, ssl profile, tls version count and associated irules.

The problem that I am having is this: when there is a single or no irule associated with the VIP all is well. When there are multiple irules, I my output formatting is broken. I wonder if anyone would know how to address this so that when multiple line feeds occur, I can add in a few pipe characters necessary for this report to look nice without a lot of time manually reformatting?

Here is some example output:

] tmp # ./cert_mapping.sh 

| virtual   | destination    | profile  | Certificate  | SSLv1.0 Count   | SSLv1.3 Count   | iRules    |

|--      |--         |--     |--       |--         |--         |--       |

| /Common/stg-vs-origin_10.1.1.1_443 | 10.1.1.1:443 | name.com-wildcard_client_20190312 | name.com-wildcard-v2.crt | 0 | 18602218 | stg-origin-stage1.name.com

    devtest-cipher-logging |

| /Common/stg-vs-origin-stage2-name.com_10.1.1.2-443 | 10.1.1.2:443 | name.com-wildcard_client_20190312 | name.com-wildcard-v2.crt | 0 | 18602218 | stg-origin-stage2-name |

| /Common/tst-vs-functionservices-test_10.1.1.3_443 | 10.1.1.3:443 | clientssl | default.crt | 34 | 65993 | devqatst_cachectrl

    devqatst_cookie-sec-httponly-flags

    devqatst_httperr-4xx-5xx-static-cntnt

    devqatst_strip-hdrinfo |

And this more of how I'd like to see it: 

 ] tmp # ./cert_mapping.sh 

| virtual   | destination    | profile  | Certificate  | SSLv1.0 Count   | SSLv1.3 Count   | iRules    |

|--      |--         |--     |--       |--         |--         |--       |

| /Common/stg-vs-origin_10.1.1.1_443 | 10.1.1.1:443 | name.com-wildcard_client_20190312 | name.com-wildcard-v2.crt | 0 | 18602218 | stg-origin-stage1.name.com |

|--      |--         |--     |--       |--         |-- | devtest-cipher-logging |

| /Common/stg-vs-origin-stage2-name.com_10.1.1.2-443 | 10.1.1.2:443 | name.com-wildcard_client_20190312 | name.com-wildcard-v2.crt | 0 | 18602218 | stg-origin-stage2-name |

| /Common/tst-vs-functionservices-test_10.1.1.3_443 | 10.1.1.3:443 | clientssl | default.crt | 34 | 65993 | devqatst_cachectrl |

|--      |--         |--     |--       |--         |-- | devqatst_cookie-sec-httponly-flags |

|--      |--         |--     |--       |--         |-- | devqatst_httperr-4xx-5xx-static-cntnt |

|--      |--         |--     |--       |--         |-- | devqatst_strip-hdrinfo |

Any suggestions would be appreciated very much.

This is the script:

#!/bin/bash
LIST=`find /config -name bigip.conf |  xargs  awk '$2 == "virtual" {print $3}' 2> /dev/null | sort -u`
echo "| virtual     | destination       | profile   | Certificate   | SSLv1.0 Count     | SSLv1.3 Count     | iRules        |"
echo "|--           |--                 |--         |--             |--                 |--                 |--             |"
for VAL in ${LIST}
do
PROF=`tmsh show /ltm virtual ${VAL} profiles    2> /dev/null    | grep -B 1 " Ltm::ClientSSL Profile:"  | cut -d: -f4 | grep -i "[a-z]" | sed s'/ //'g| sort -u`
DEST=`tmsh show /ltm virtual ${VAL}             2> /dev/null    | grep " Destination      :"            | awk '{print $3}'`
test -n "${PROF}"               2>&- &&  
test -n "${DEST}"               2>&- &&  
                                {
        VIRTS=`expr $VIRTS + 1`
        for PCRT in ${PROF}
        do
        CERT=`tmsh list /ltm profile client-ssl ${PCRT}         | awk '$1 == "cert"     {print $2}' 2> /dev/null | sort -u`
 SSL1_0COUNT=`tmsh show /ltm profile client-ssl ${PCRT} raw     | awk '$4 == "1.0"      {print $5}' 2> /dev/null | sort -u`
 SSL1_2COUNT=`tmsh show /ltm profile client-ssl ${PCRT} raw     | awk '$4 == "1.2"      {print $5}' 2> /dev/null | sort -u`
       IRULE=`tmsh list ltm virtual ${VAL} rules                | awk 'BEGIN {RS="\n}"} !/none/ {print}' | grep -v ' rules \|}' | grep -v ltm.virtual`
        test -n "${CERT}"                       2>&- && 
        test -n "${SSL1_0COUNT}"                2>&- && 
        test -n "${SSL1_2COUNT}"                2>&- && 
                                                           {
                                    echo "| ${VAL} | ${DEST} | ${PCRT} | ${CERT} | ${SSL1_0COUNT} | ${SSL1_2COUNT} | ${IRULE} |"
                                    }
                                    done
       }
       done
echo "Virtual server count: ${VIRTS}"

2 Replies