Upgrade Verification - CLI tips and tricks
I mentioned recently in a conversation that I use to use the CLI to generate a snapshot of the bigip run state for pre/post comparison after an upgrade. By accident, I ran across these scripts today so here they are for your enjoyment. They are circa big-ip v12 so update as needed, feel free to post updated versions in the reply and i will tick them as the answer even. Pre-Change (Now supports partitions) # tmsh -c "cd /; show ltm virtual recursive" | awk '/Ltm::Virtual/ { printf $NF } /(Availability|State)/ { printf ":"$NF } /Reason/ { print ":"$NF} ' > bigip-virtual-state.pre # tmsh -c "cd /; show ltm pool recursive" | awk '/Ltm::Pool/ { printf $NF } /(Availability|State)/ { printf ":"$NF } /Reason/ { print ":"$NF} ' > bigip-pool-state.pre Post Change # tmsh -c "cd /; show ltm virtual recursive" | awk '/Ltm::Virtual/ { printf $NF } /(Availability|State)/ { printf ":"$NF } /Reason/ { print ":"$NF} ' > bigip-virtual-state.post # tmsh -c "cd /; show ltm pool recursive" | awk '/Ltm::Pool/ { printf $NF } /(Availability|State)/ { printf ":"$NF } /Reason/ { print ":"$NF} ' > bigip-pool-state.post Comparison # diff bigip-virtual-state.pre bigip-virtual-state.post # diff bigip-pool-state.pre bigip-pool-state.post580Views2likes1CommentBig-IQ use TMSH to manage BIG-IP configuration in Silo
Hi experts, Is it possible to use the TMSH in Big-IQ to manage configurations for the Big-IP that is in a Silo? Sometimes it is easier to use the TMSH to duplicate configuration, such as an SSL-client profile in the command line than clicking for each setting in the GUI. We used to do that on the Big-IP but now since they are all centrally managed by the Big-IQ, we can't do that anymore. Where is Silo stored on the Big-IQ? Is it in a specific directory? Thanks! DifanSolved1.6KViews2likes4Comments(usefull) config export to csv for partitions
Hello, I wrote a shell script to export the most important config to a csv file. This was inspired from some other posts. The script runs on bash from a LB. For the CSV import to excel, you need to change the column B(named as VIP) to TEXT and enable word-wrap to the hole chart. The script collects field by field from running system. If you have a lot of configuration it can be need some time to finish. You can start with SCRIPTNAME PARTITION > EXPORTcsv direct from bash not tmsh. I hope it helps somebody, Cheers NetSnoopy1.1KViews2likes4CommentsRun mkdir over iControl REST for disappearing /var/config/rest/downloads/tmp
Hello, I am currently writing the code for automating our ssl cert deployment among other things. I upload files to the Bigip device to shared/file-transfer/uploads/ This only works when the directory /var/config/rest/downloads/tmp exists. I noticed this periodically is removed again. Is there a way I can run an mkdir over REST to fix this? Regards181Views1like1CommentAdd irule via tmsh without deleting existing irules, and how to re-order
In v11.5 - need assistance in adding irules via tmsh, without deleting existing irules. tmsh modify /ltm virtual rules { irulename } this removes all the applied irules and only adds the new irule inside the curly braces. I also would like to re-order rules via tmsh, once the irules are applied. Regards,1.5KViews1like15CommentsBIG-IP LTM - Usefull CLI health check commands
Hello Devs! I'm trying to come up with a good list of CLI commands to do a health check on a BIG-IP LTM. The idea is to run all the commands on a BIG-IP to see if it's OK before/after a manual failover. Here is what I came up with so far. I would love to hear what you guys think. <> Check system CPU usage tmsh show sys cpu <> Check traffic-group active/standby mapping tmsh show cm traffic-group <> Check connection mirror process tmsh show sys ha-mirror <> Check sync status tmsh show cm sync-status <> Check how many current connections are up in every VS in all partitions tmsh show ltm virtual /*/* | grep "Ltm::Virtual\|Availability\|Current Connections" Any suggestions? Thanks! Rafael4.5KViews1like3CommentsFinding all virtual servers with "log all traffic" policy applied via API
Hello, I am trying to locate virtual server configs in my F5 environment that are configured to log all traffic requests. Obviously, this has a detrimental impact to F5 logging performance. Is there a way to use the TMSH shell or REST API to interrogate the F5 appliance via a script and get a listing of all virtuals that use a "log all traffic" policy so I can change the policy and give our logging servers a bit of respite? Thank you, Kyle497Views1like3Commentsltm profile client-ssl: Show all custom profiles in all partitions
I need to update the intermediate CA cert on many custom (non-system default) client SSL profiles across many partitions. Each partition has many client SSL profiles (in addition to the default system profile). I need to get a list of all of them so that I can modify the name of the intermediate cert, then using the CLI, enter that updated config back into the BIG-IP LTM. Is there a way to show the config for all of the custom built client SSL profiles in all partitions, or at least in a given partition, like the output format shown below for the system profile? # show running-config ltm profile client-ssl all ltm profile client-ssl crypto-server-default-clientssl { app-service none cache-size 0 cert default.crt cert-key-chain { default { cert default.crt key default.key } } chain none cipher-group none ciphers DHE-RSA-AES256-GCM-SHA384 } } chain none cipher-group none ciphers DHE-RSA-AES256-GCM-SHA384 defaults-from clientssl inherit-ca-certkeychain false inherit-certkeychain true key default.key passphrase none renegotiate-period 21600 }709Views1like1CommentOneConnect Statistics
While I'm testing OneConnect profile in my lab and I found that the statistics seems to be incorrect but I don't know why, below is the configuration I have done on the BIGIP: V-server, http profile, one connect profile ltm profile one-connect test-onceconnect { app-service none defaults-from /Common/oneconnect idle-timeout-override disabled limit-type none max-age 200 max-reuse 4 max-size 5 source-mask any } The connection is working fine but the output of (show ltm profile one-connect test-onceconnect) seems to be incorrect for me based on number of connections I have been initiated ----------------------------------------- Ltm::OneConnect Profile: test-onceconnect ----------------------------------------- Virtual Server NameN/A Connections Current Idle0 Maximum5 Total Reuses2 New9 when I checked the KB https://support.f5.com/csp/article/K8688 , I can see the below: Currently Idle: The number of currently idle connections in the connection pool. These are connections that are available for reuse. Maximum: The maximum number of idle connections in the connection pool. Total Reuses: The total number of times server-side connections have been reused. Typically, connections will be reused more than once, and each connection reuse will count separately toward the total. New: The total number of times new server-side connections have been created. so can someone help me to clarify more the difference between current Idle and Maximum, also what is the meaning of New. Also take in consideration that I did all the connections from the same machine and I set the mask to any so I should have number of Reuses much more than what I see above. one last question what will be the affect if I use OneConnect with profile that only use TCP profile (no HTTP exist).497Views1like0CommentsWhat Is LTM (node, virtual, pool) Stats Counter MAX Value
Hi all, I have one question. what is max value or value type ? (Bits In, Bits Out, Packets In, Packets Out, Current Connections, Maximum Connections, Total Requests, Current Sessions etc...) Where can I find an explanation about this? tmsh show ltm ( node, virtual, pool) tmsh show ltm node stats Status Availability: unknown State: enabled Reason: Node address does not have service checking enabled Monitor: none Monitor Status : unchecked Session Status : enabled TrafficServerSideGeneral Bits In134.4K- Bits Out130.7K- Packets In234- Packets Out195- Current Connections0- Maximum Connections1- Total Connections39- Total Requests-39 Current Sessions-0 tmsh show ltm pool name ------------------------------------------------------------------------------------------------------------------------- Ltm::Pool: / ------------------------------------------------------------------------------------------------------------------------- Status Availability : available State: enabled Reason: The pool is available Monitor: http Minimum Active Members : 1 Current Active Members : 1 Available Members : 1 Total Members : 1 Total Requests : 39 Current Sessions : 0 TrafficServerSide Bits In134.4K Bits Out130.7K Packets In234 Packets Out195 Current Connections0 Maximum Connections1 Total Connections39 Connection QueuePoolPool and members Number of connections queued now00 Number of connections serviced00 Queue head entry age (ms)00 Maximum queue entry age ever (ms)00 Maximum queue entry age recently (ms)00 Average queue entry age (ms)00 tmsh show ltm virtual name ------------------------------------------------------------------------------------------------------------------------- Ltm::Virtual Server: ------------------------------------------------------------------------------------------------------------------------- Status Availability: available State: enabled Reason: The virtual server is available CMP: enabled CMP Mode: all-cpus Destination: TrafficClientSideEphemeralGeneral Bits In125.1K0- Bits Out131.9K0- Packets In2340- Packets Out1950- Current Connections00- Maximum Connections110- Total Connections390- Evicted Connections00- Slow Connections Killed00- Min Conn Duration/msec--2.0K Max Conn Duration/msec--2.0K Mean Conn Duration/msec--2.0K Total Requests--39623Views1like0Comments