Forum Discussion

Vikneswaran_709's avatar
Vikneswaran_709
Icon for Nimbostratus rankNimbostratus
Nov 29, 2017

Reporting : Virtual Server - SSL Certificate Mapping

I have a requirement to capture the virtual server along with cleint & Server SSL profile details in excel sheet. Please let me know the options to get it in excell-Number of Virtual server configured in LTM is 225.

 

Report should be like in the below format:

 

S.No - Virtual Server - Client SSL Profile - Server SSL Profile

 

5 Replies

  • So pulled together a quick python 2.x script you can run directly on your F5 from Bash.

    It will output commented list of Virtual Server Name, Client SSL Profiles, Server SSL Profiles (SSL Profiles will be a spaced list)

    Save the following script to a file on your F5 e.g. name the file ssl_profile.py, then run with the following:

    python ssl_profile.py > output.csv
    

    The outputted file output.csv will be a basic file containing the info you need.

    HUGE NOTE: this is doing a very basic string compare so expect faults positives if you have overlapping profile names. I got the default profiles clientssl and serverssl listed in almost every virtual server as all the SSL Profiles contain one of these in their name.

    Script is as follows, hope it helps. If it does help please up vote my answer 😄

    !/usr/bin/python
    import subprocess
    import re
    
    def get_partitions(output):
        return [line for line in
                [re.sub(r'auth partition | {0,}\{| {0,}\}|descri.*', '', line.strip()) for line in output.splitlines()]
                if line]
        
    def run_command(cmd):
        process = subprocess.Popen(cmd.split(), stdout=subprocess.PIPE)
        output, error = process.communicate()
        if not error:
            return output
        
    def get_client_ssl_profiles(partition):
        for line in run_command('tmsh list ltm profile client-ssl /'+partition+'/* one-line').splitlines():
            reClientSslProfile = re.search(r'^ltm profile client-ssl (.*?) ', line)
            if reClientSslProfile:
                yield reClientSslProfile.group(1)
    
    def get_server_ssl_profiles(partition): 
        for line in run_command('tmsh list ltm profile server-ssl /'+partition+'/* one-line').splitlines():
            reServerSslProfile = re.search(r'^ltm profile server-ssl (.*?) ', line)
            if reServerSslProfile:
                yield reServerSslProfile.group(1)
                
    def get_virutalservers(partition): 
        for line in run_command('tmsh list ltm virtual /'+partition+'/* one-line').splitlines():
            reVS = re.search(r'^ltm virtual (.*?) ', line)
            if reVS:
                yield reVS.group(1)
                
    def ssl_profile_used_by_vs(vs, sslProfile):
        return sslProfile in run_command('tmsh list ltm virtual '+vs+' one-line')
    
    def printCSV(vsDist):
        print('Virtual Server, Client SSL, Server SSL')
        for k, v in vsDist.items():
            print k + ', ',
            print ' '.join(v['clientssl'])+', ',
            print ' '.join(v['serverssl'])+', '
    
    if __name__ == "__main__":
        clientSslProfiles = []
        serverSslProfiles = []
        virtualServers = {}
        partitions = get_partitions(run_command('tmsh list auth partition'))
        for partition in partitions:
            for profile in get_client_ssl_profiles(partition):
                clientSslProfiles.append(profile)
            for profile in get_server_ssl_profiles(partition):
                serverSslProfiles.append(profile)
            for vs in get_virutalservers(partition):
                virtualServers[vs] = {'clientssl': [], 'serverssl': []}
                
        for vs in virtualServers.keys():
            vsCmd = run_command('tmsh list ltm virtual '+vs+' one-line')
            virtualServers[vs]['clientssl'] = [profile for profile in clientSslProfiles if profile in vsCmd]
            virtualServers[vs]['serverssl'] = [profile for profile in serverSslProfiles if profile in vsCmd]
        
        printCSV(virtualServers)
    
  • The difficultly here is the SSL profiles as under the Virtual configuration they are simple listed as their profile name, so you could have a profile named 'clientsidestuff' but you have no idea what that is until you look at it.

    If all your SSL profile names have something common in them like 'serverssl' and 'clientssl' in them then can use that to help identify them in the Virtual configuration, so you can run the following from Bash:

    tmsh list ltm virtual /partition/* | egrep 'ltm|clientssl|serverssl' | sed 's/ {//; s/ltm virtual //'
    

    If you have multiple partitions then likely need to run per partitions or wildcard the partition name, e.g.:

    tmsh list ltm virtual /prod*/* | egrep 'ltm|clientssl|serverssl' | sed 's/ {//; s/ltm virtual //'
    

    This will give you an output of similar to the following:

    /prod_web/north_en01.web.intranet_vs_443
            /prod_web/clientssl_prod_web_en01
            /prod_web/serverssl_prod_web_en01
    /prod_web/north_en02.web.intranet_vs_80_redir
    /prod_web/north_en03.web.intranet_vs_443
            /prod_web/north_en01.web_clientssl
            /prod_web/north_en01.web_serverssl
    

    Should be able to arrange this into a spreadsheet. Recommend putting the output into something like Notepad++ you can do to search and replace with regex (search '\n ' replace with '\t') then should be able to cut and paste into excel.

    I also do have an old python script to do a similar thing but I will need to find it in my archives and see if it works.

  • Kevin_K_51432's avatar
    Kevin_K_51432
    Historic F5 Account

    Greetings,

    You might try the one-line option and filter the configuration (by row) using awk. For example, virtual server ssl_one is using profile_one on the clientside and profile_two on the serverside:
    tmsh list ltm virtual one-line | awk '{print $3, $15, $20}'
    
    ssl_one profile_one profile_two
    

    Viewed in the typical manner:

    tmsh list ltm virtual ssl_one
    ltm virtual ssl_one {
        destination 10.12.23.123:https
        ip-protocol tcp
        mask 255.255.255.255
        pool quick_pool
        profiles {
            profile_one {
                context clientside
            }
            profile_two {
                context serverside
            }
            tcp { }
        }
    

    Hope this is somewhat helpful!

    Kevin
    • Samir_Jha_52506's avatar
      Samir_Jha_52506
      Icon for Noctilucent rankNoctilucent

      @Kevin, if position is fix then easily grep profile with help of

      awk
      command. Else manual work require to gether information.

  • While running this script it giving an error.

     

     File "ssl_profile.py", line 1

      !/usr/bin/python

      ^

    SyntaxError: invalid syntax

     

    Since I am very bad in scripting, I cannot find what is issue.