Upgrade Verification - CLI tips and tricks
I mentioned recently in a conversation that I use to use the CLI to generate a snapshot of the bigip run state for pre/post comparison after an upgrade. By accident, I ran across these scripts today so here they are for your enjoyment. They are circa big-ip v12 so update as needed, feel free to post updated versions in the reply and i will tick them as the answer even. Pre-Change (Now supports partitions) # tmsh -c "cd /; show ltm virtual recursive" | awk '/Ltm::Virtual/ { printf $NF } /(Availability|State)/ { printf ":"$NF } /Reason/ { print ":"$NF} ' > bigip-virtual-state.pre # tmsh -c "cd /; show ltm pool recursive" | awk '/Ltm::Pool/ { printf $NF } /(Availability|State)/ { printf ":"$NF } /Reason/ { print ":"$NF} ' > bigip-pool-state.pre Post Change # tmsh -c "cd /; show ltm virtual recursive" | awk '/Ltm::Virtual/ { printf $NF } /(Availability|State)/ { printf ":"$NF } /Reason/ { print ":"$NF} ' > bigip-virtual-state.post # tmsh -c "cd /; show ltm pool recursive" | awk '/Ltm::Pool/ { printf $NF } /(Availability|State)/ { printf ":"$NF } /Reason/ { print ":"$NF} ' > bigip-pool-state.post Comparison # diff bigip-virtual-state.pre bigip-virtual-state.post # diff bigip-pool-state.pre bigip-pool-state.post
(usefull) config export to csv for partitions
Hello, I wrote a shell script to export the most important config to a csv file. This was inspired from some other posts. The script runs on bash from a LB. For the CSV import to excel, you need to change the column B(named as VIP) to TEXT and enable word-wrap to the hole chart. The script collects field by field from running system. If you have a lot of configuration it can be need some time to finish. You can start with SCRIPTNAME PARTITION > EXPORTcsv direct from bash not tmsh. I hope it helps somebody, Cheers NetSnoopyHow to modify client-ssl on multiple VS using TMSH
Hi, I was able to get the list of virtual servers using cert1 for example by list and grep. Now, I want to use TMSH to use the CLI in replacing client-ssl cert1 to cert2. If I have like 50 VS, how to do that using modify on TMSH? If I do modify /ltm virtual VSname profile add SSLname context clientside, im getting this error: "vs has more than one clientssl/serverssl profile with same server name" If I do delete, im getting this error: "Syntax Error: "context" is a read-only property" If I do replace-all-with, cert2 is configured but wipes all other profiles and i don't want to put alot of config to reconfigure all profiles in a VS. Is there a 1 line command I can do? TIA
Run mkdir over iControl REST for disappearing /var/config/rest/downloads/tmp
Hello, I am currently writing the code for automating our ssl cert deployment among other things. I upload files to the Bigip device to shared/file-transfer/uploads/ This only works when the directory /var/config/rest/downloads/tmp exists. I noticed this periodically is removed again. Is there a way I can run an mkdir over REST to fix this? Regards
Add irule via tmsh without deleting existing irules, and how to re-order
In v11.5 - need assistance in adding irules via tmsh, without deleting existing irules. tmsh modify /ltm virtual rules { irulename } this removes all the applied irules and only adds the new irule inside the curly braces. I also would like to re-order rules via tmsh, once the irules are applied. Regards,
BIG-IP LTM - Usefull CLI health check commands
Hello Devs! I'm trying to come up with a good list of CLI commands to do a health check on a BIG-IP LTM. The idea is to run all the commands on a BIG-IP to see if it's OK before/after a manual failover. Here is what I came up with so far. I would love to hear what you guys think. <> Check system CPU usage tmsh show sys cpu <> Check traffic-group active/standby mapping tmsh show cm traffic-group <> Check connection mirror process tmsh show sys ha-mirror <> Check sync status tmsh show cm sync-status <> Check how many current connections are up in every VS in all partitions tmsh show ltm virtual /*/* | grep "Ltm::Virtual\|Availability\|Current Connections" Any suggestions? Thanks! Rafael
Finding all virtual servers with "log all traffic" policy applied via API
Hello, I am trying to locate virtual server configs in my F5 environment that are configured to log all traffic requests. Obviously, this has a detrimental impact to F5 logging performance. Is there a way to use the TMSH shell or REST API to interrogate the F5 appliance via a script and get a listing of all virtuals that use a "log all traffic" policy so I can change the policy and give our logging servers a bit of respite? Thank you, KyleIdentify which virtual servers are using a specific SSL certificate
We use a wildcard SSL certificate for our QA sites. There are many of them. I am renewing the SSL cert but have no idea which Virtuals are using it. Is there an easy way to determine this other than checking each and every virtual, listing the Client-ssl profile and then looking up the profile to see what certificate is being used?ltm profile client-ssl: Show all custom profiles in all partitions
I need to update the intermediate CA cert on many custom (non-system default) client SSL profiles across many partitions. Each partition has many client SSL profiles (in addition to the default system profile). I need to get a list of all of them so that I can modify the name of the intermediate cert, then using the CLI, enter that updated config back into the BIG-IP LTM. Is there a way to show the config for all of the custom built client SSL profiles in all partitions, or at least in a given partition, like the output format shown below for the system profile? # show running-config ltm profile client-ssl all ltm profile client-ssl crypto-server-default-clientssl { app-service none cache-size 0 cert default.crt cert-key-chain { default { cert default.crt key default.key } } chain none cipher-group none ciphers DHE-RSA-AES256-GCM-SHA384 } } chain none cipher-group none ciphers DHE-RSA-AES256-GCM-SHA384 defaults-from clientssl inherit-ca-certkeychain false inherit-certkeychain true key default.key passphrase none renegotiate-period 21600 }
