Big-IP LTM config Bash scripting question

Mark_Gallagher · ‎14-Dec-2020

Good day fellow devcentral people,

I am puzzling over a bash script which I am using to provide some documentation in response to questions about device config related to compliance.

The script lists a few per-VIP outputs including name, ssl profile, tls version count and associated irules.

The problem that I am having is this: when there is a single or no irule associated with the VIP all is well. When there are multiple irules, I my output formatting is broken. I wonder if anyone would know how to address this so that when multiple line feeds occur, I can add in a few pipe characters necessary for this report to look nice without a lot of time manually reformatting?

Here is some example output:

] tmp # ./cert_mapping.sh

|-- |-- |-- |-- |-- |-- |-- |

| /Common/stg-vs-origin_10.1.1.1_443 | 10.1.1.1:443 | name.com-wildcard_client_20190312 | name.com-wildcard-v2.crt | 0 | 18602218 | stg-origin-stage1.name.com

devtest-cipher-logging |

| /Common/stg-vs-origin-stage2-name.com_10.1.1.2-443 | 10.1.1.2:443 | name.com-wildcard_client_20190312 | name.com-wildcard-v2.crt | 0 | 18602218 | stg-origin-stage2-name |

| /Common/tst-vs-functionservices-test_10.1.1.3_443 | 10.1.1.3:443 | clientssl | default.crt | 34 | 65993 | devqatst_cachectrl

devqatst_cookie-sec-httponly-flags

devqatst_httperr-4xx-5xx-static-cntnt

devqatst_strip-hdrinfo |

And this more of how I'd like to see it:

] tmp # ./cert_mapping.sh

|-- |-- |-- |-- |-- |-- |-- |

| /Common/stg-vs-origin_10.1.1.1_443 | 10.1.1.1:443 | name.com-wildcard_client_20190312 | name.com-wildcard-v2.crt | 0 | 18602218 | stg-origin-stage1.name.com |

|-- |-- |-- |-- |-- |-- | devtest-cipher-logging |

| /Common/stg-vs-origin-stage2-name.com_10.1.1.2-443 | 10.1.1.2:443 | name.com-wildcard_client_20190312 | name.com-wildcard-v2.crt | 0 | 18602218 | stg-origin-stage2-name |

| /Common/tst-vs-functionservices-test_10.1.1.3_443 | 10.1.1.3:443 | clientssl | default.crt | 34 | 65993 | devqatst_cachectrl |

|-- |-- |-- |-- |-- |-- | devqatst_cookie-sec-httponly-flags |

|-- |-- |-- |-- |-- |-- | devqatst_httperr-4xx-5xx-static-cntnt |

|-- |-- |-- |-- |-- |-- | devqatst_strip-hdrinfo |

Any suggestions would be appreciated very much.

This is the script:

#!/bin/bash
LIST=`find /config -name bigip.conf |  xargs  awk '$2 == "virtual" {print $3}' 2> /dev/null | sort -u`
echo "| virtual     | destination       | profile   | Certificate   | SSLv1.0 Count     | SSLv1.3 Count     | iRules        |"
echo "|--           |--                 |--         |--             |--                 |--                 |--             |"
for VAL in ${LIST}
do
PROF=`tmsh show /ltm virtual ${VAL} profiles    2> /dev/null    | grep -B 1 " Ltm::ClientSSL Profile:"  | cut -d: -f4 | grep -i "[a-z]" | sed s'/ //'g| sort -u`
DEST=`tmsh show /ltm virtual ${VAL}             2> /dev/null    | grep " Destination      :"            | awk '{print $3}'`
test -n "${PROF}"               2>&- &&  
test -n "${DEST}"               2>&- &&  
                                {
        VIRTS=`expr $VIRTS + 1`
        for PCRT in ${PROF}
        do
        CERT=`tmsh list /ltm profile client-ssl ${PCRT}         | awk '$1 == "cert"     {print $2}' 2> /dev/null | sort -u`
 SSL1_0COUNT=`tmsh show /ltm profile client-ssl ${PCRT} raw     | awk '$4 == "1.0"      {print $5}' 2> /dev/null | sort -u`
 SSL1_2COUNT=`tmsh show /ltm profile client-ssl ${PCRT} raw     | awk '$4 == "1.2"      {print $5}' 2> /dev/null | sort -u`
       IRULE=`tmsh list ltm virtual ${VAL} rules                | awk 'BEGIN {RS="\n}"} !/none/ {print}' | grep -v ' rules \|}' | grep -v ltm.virtual`
        test -n "${CERT}"                       2>&- && 
        test -n "${SSL1_0COUNT}"                2>&- && 
        test -n "${SSL1_2COUNT}"                2>&- && 
                                                           {
                                    echo "| ${VAL} | ${DEST} | ${PCRT} | ${CERT} | ${SSL1_0COUNT} | ${SSL1_2COUNT} | ${IRULE} |"
                                    }
                                    done
       }
       done
echo "Virtual server count: ${VIRTS}"

jaikumar_f5 · ‎15-Dec-2020

Hi ,

I think I've already put these on the codeshare, feel free to test my script from below links, you can customize them to your requirement too.

https://devcentral.f5.com/s/articles/Export-Virtual-Server-Configuration-in-CSV-tmsh-cli-script

https://devcentral.f5.com/s/articles/Capture-Virtual-Server-Clientssl-Profile-Ciphers-Mapping-Bash

https://devcentral.f5.com/s/articles/Capture-SSL-Profile-Protocol-Stats-Bash

To answer your question, you have to use xargs command in your Irule capture statement. This will convert your multiline output to oneline with spaces inbetween. So it will look like below,

IRULE=`tmsh list ltm virtual ${VAL} rules                | awk 'BEGIN {RS="\n}"} !/none/ {print}' | grep -v ' rules \|}' | grep -v ltm.virtual | xargs`

Hope this helps.

View solution in original post

jaikumar_f5 · ‎15-Dec-2020