cancel
Showing results for 
Search instead for 
Did you mean: 
Login & Join the DevCentral Connects Group to watch the Recorded LiveStream (May 12) on Basic iControl Security - show notes included.

Big-IP LTM config Bash scripting question

Mark_Gallagher
Altocumulus
Altocumulus

Good day fellow devcentral people,

 

I am puzzling over a bash script which I am using to provide some documentation in response to questions about device config related to compliance.

 

The script lists a few per-VIP outputs including name, ssl profile, tls version count and associated irules.

 

The problem that I am having is this: when there is a single or no irule associated with the VIP all is well. When there are multiple irules, I my output formatting is broken. I wonder if anyone would know how to address this so that when multiple line feeds occur, I can add in a few pipe characters necessary for this report to look nice without a lot of time manually reformatting?

 

Here is some example output:

 

] tmp # ./cert_mapping.sh 

| virtual   | destination    | profile  | Certificate  | SSLv1.0 Count   | SSLv1.3 Count   | iRules    |

|--      |--         |--     |--       |--         |--         |--       |

| /Common/stg-vs-origin_10.1.1.1_443 | 10.1.1.1:443 | name.com-wildcard_client_20190312 | name.com-wildcard-v2.crt | 0 | 18602218 | stg-origin-stage1.name.com

    devtest-cipher-logging |

| /Common/stg-vs-origin-stage2-name.com_10.1.1.2-443 | 10.1.1.2:443 | name.com-wildcard_client_20190312 | name.com-wildcard-v2.crt | 0 | 18602218 | stg-origin-stage2-name |

| /Common/tst-vs-functionservices-test_10.1.1.3_443 | 10.1.1.3:443 | clientssl | default.crt | 34 | 65993 | devqatst_cachectrl

    devqatst_cookie-sec-httponly-flags

    devqatst_httperr-4xx-5xx-static-cntnt

    devqatst_strip-hdrinfo |

 

And this more of how I'd like to see it: 

 

 ] tmp # ./cert_mapping.sh 

| virtual   | destination    | profile  | Certificate  | SSLv1.0 Count   | SSLv1.3 Count   | iRules    |

|--      |--         |--     |--       |--         |--         |--       |

| /Common/stg-vs-origin_10.1.1.1_443 | 10.1.1.1:443 | name.com-wildcard_client_20190312 | name.com-wildcard-v2.crt | 0 | 18602218 | stg-origin-stage1.name.com |

|--      |--         |--     |--       |--         |-- | devtest-cipher-logging |

| /Common/stg-vs-origin-stage2-name.com_10.1.1.2-443 | 10.1.1.2:443 | name.com-wildcard_client_20190312 | name.com-wildcard-v2.crt | 0 | 18602218 | stg-origin-stage2-name |

| /Common/tst-vs-functionservices-test_10.1.1.3_443 | 10.1.1.3:443 | clientssl | default.crt | 34 | 65993 | devqatst_cachectrl |

|--      |--         |--     |--       |--         |-- | devqatst_cookie-sec-httponly-flags |

|--      |--         |--     |--       |--         |-- | devqatst_httperr-4xx-5xx-static-cntnt |

|--      |--         |--     |--       |--         |-- | devqatst_strip-hdrinfo |

 

Any suggestions would be appreciated very much.

 

This is the script:

 

#!/bin/bash LIST=`find /config -name bigip.conf |  xargs  awk '$2 == "virtual" {print $3}' 2> /dev/null | sort -u` echo "| virtual     | destination       | profile   | Certificate   | SSLv1.0 Count     | SSLv1.3 Count     | iRules        |" echo "|--           |--                 |--         |--             |--                 |--                 |--             |" for VAL in ${LIST} do PROF=`tmsh show /ltm virtual ${VAL} profiles    2> /dev/null    | grep -B 1 " Ltm::ClientSSL Profile:"  | cut -d: -f4 | grep -i "[a-z]" | sed s'/ //'g| sort -u` DEST=`tmsh show /ltm virtual ${VAL}             2> /dev/null    | grep " Destination      :"            | awk '{print $3}'` test -n "${PROF}"               2>&- &&   test -n "${DEST}"               2>&- &&                                   {         VIRTS=`expr $VIRTS + 1`         for PCRT in ${PROF}         do         CERT=`tmsh list /ltm profile client-ssl ${PCRT}         | awk '$1 == "cert"     {print $2}' 2> /dev/null | sort -u`  SSL1_0COUNT=`tmsh show /ltm profile client-ssl ${PCRT} raw     | awk '$4 == "1.0"      {print $5}' 2> /dev/null | sort -u`  SSL1_2COUNT=`tmsh show /ltm profile client-ssl ${PCRT} raw     | awk '$4 == "1.2"      {print $5}' 2> /dev/null | sort -u`        IRULE=`tmsh list ltm virtual ${VAL} rules                | awk 'BEGIN {RS="\n}"} !/none/ {print}' | grep -v ' rules \|}' | grep -v ltm.virtual`         test -n "${CERT}"                       2>&- &&          test -n "${SSL1_0COUNT}"                2>&- &&          test -n "${SSL1_2COUNT}"                2>&- &&                                                             {                                     echo "| ${VAL} | ${DEST} | ${PCRT} | ${CERT} | ${SSL1_0COUNT} | ${SSL1_2COUNT} | ${IRULE} |"                                     }                                     done        }        done echo "Virtual server count: ${VIRTS}"
1 ACCEPTED SOLUTION

Hi  ,

 

I think I've already put these on the codeshare, feel free to test my script from below links, you can customize them to your requirement too.

 

https://devcentral.f5.com/s/articles/Export-Virtual-Server-Configuration-in-CSV-tmsh-cli-script

https://devcentral.f5.com/s/articles/Capture-Virtual-Server-Clientssl-Profile-Ciphers-Mapping-Bash

https://devcentral.f5.com/s/articles/Capture-SSL-Profile-Protocol-Stats-Bash

 

To answer your question, you have to use xargs command in your Irule capture statement. This will convert your multiline output to oneline with spaces inbetween. So it will look like below,

IRULE=`tmsh list ltm virtual ${VAL} rules | awk 'BEGIN {RS="\n}"} !/none/ {print}' | grep -v ' rules \|}' | grep -v ltm.virtual | xargs`

Hope this helps.

View solution in original post

2 REPLIES 2

Hi  ,

 

I think I've already put these on the codeshare, feel free to test my script from below links, you can customize them to your requirement too.

 

https://devcentral.f5.com/s/articles/Export-Virtual-Server-Configuration-in-CSV-tmsh-cli-script

https://devcentral.f5.com/s/articles/Capture-Virtual-Server-Clientssl-Profile-Ciphers-Mapping-Bash

https://devcentral.f5.com/s/articles/Capture-SSL-Profile-Protocol-Stats-Bash

 

To answer your question, you have to use xargs command in your Irule capture statement. This will convert your multiline output to oneline with spaces inbetween. So it will look like below,

IRULE=`tmsh list ltm virtual ${VAL} rules | awk 'BEGIN {RS="\n}"} !/none/ {print}' | grep -v ' rules \|}' | grep -v ltm.virtual | xargs`

Hope this helps.

Hi Jaikumar, thanks so much! piping the output of the irule capture to xargs worked a treat!