bash

50 Topics

Using bash and tmsh to make bulk updates
Learn how to use bash and tmsh to find any setting across your BIG-IP configuration and make changes quickly.
Carl_Brothers
Feb 06, 2025 Place Technical Articles
521Views
1like
0Comments
Five Ways to Automate F5OS with Ansible: A Practical Guide

Tony_Marfil
Feb 05, 2025 Place Technical Articles
683Views
0likes
0Comments
Removing AAM/WAM for a successful upgrade
If you are wanting to upgrade to version 16 or 17 of BIG-IP, one thing that can cause your config not to load, is any element of AAM/WAM/WOM. As I discovered via a customer of mine, even removing all AAM/WAM items from traffic objects is not enough. While I know how to identify things in the conf files and can see them in iHealth, that doesn't help Admins in the field assess if this is an issue for them, and if it is, how to document what needs to be changed for the necessary approvals. With some help, I wrote this knowledge article to meet these needs as well as provide a way to quickly make the changes - https://my.f5.com/manage/s/article/K000149084 I am sharing this in the forum to not only advertise this, but explain some of the commands and help the community understand how they might be used for other tasks. From spending time running a few BIG-IPs myself in a prior life and working with hundreds of customers, I knew that my solution needed to address partitions and even iApps. My coworker Fernando C provided me the syntax to crawl every partition and I quickly found ways to morph that into this document. Lets take a look at the syntax that can read the lan TCP profiles in the Common partition and then see the changes needed to read all partitions. In order to filter the results a bit better we run these from bash so that we have access to a number of tools like grep, awk, sed, etc. # Return all virtual server names in Common that use a TCP Profile from wam or wom (aka AAM) # grep to find the profile prefixes and then piping that to AWK to grab the third word in the output of each line tmsh list ltm virtual one-line | grep -E "(profiles.*(w(a|o)m-tcp-lan*))" | awk '{print $3}' This simply returns the virtual server name without the partition name. Now to read all partitions, the tmsh portion of the command has to change. Specifically, we pass the -c option to tmsh to tell it to run multiple commands. When you enter tmsh, by default you are in the Common partition, so we have to back out to the root. Because we are in the root directory, we need to add the recursive option to read all subfolders which in this case are the partitions. #Read all partitions and filter for virtual servers that use the wam/wom TCP profiles on the lan or server side tmsh -c 'cd /; list ltm virtual recursive one-line' | grep -E "(profiles.*(w(a|o)m-tcp-lan*))" | awk '{print $3}' Now the output is the partition name and virtual server name, or if iApps are involved, the appservice name as well. You can take the output from the first command and pass it to xarg to use your output as a variable in a command to execute. CAUTION, the following command will attempt to make changes to your config. #Read all partitions and filter for virtual servers that use the wam/wom TCP profiles on the lan or server side then insert new profiles and delete the original profile #This will cause an error tmsh -c 'cd /; list ltm virtual recursive one-line' | grep -E "(profiles.*(w(a|o)m-tcp-lan*))" | awk '{print $3}' | xargs -t -I vsName tmsh modify ltm virtual vsName profiles add { f5-tcp-lan { context serverside } } profiles delete { wam-tcp-lan-optimized } If you run this command, it will error out, because without the proper syntax, tmsh assumes you are referencing objects in the /Common partition and as a result it will help you by implicitly adding that to the beginning of every object in your xarg command. I added the -t option to xarg to output the command that it will execute. To correct the syntax error, in the awk command, you add a forward slash and now tmsh will treat your command as if you have explicitly declared the partition name for every object. Caution - This will make changes to your configuration, very fast... #Read all partitions and filter for virtual servers that use the wam/wom TCP profiles on the lan or server side then insert new profiles and delete the original profile #CAUTION - This will make changes to your system. tmsh -c 'cd /; list ltm virtual recursive one-line' | grep -E "(profiles.*(w(a|o)m-tcp-lan*))" | awk '{print "/" $3}' | xargs -t -I vsName tmsh modify ltm virtual vsName profiles add { f5-tcp-lan { context serverside } } profiles delete { wam-tcp-lan-optimized } When I first hit the wall with xarg beyond the /Common partition, I did not realize what the fix was. However my OCD wanted to see a slash in front of the partition name and I had modified the awk to add it, but had given up on the xarg to modify things outside of /Common. It wasn't until I went to show the error to a peer, Chad T., that I discovered I stumbled upon the proper syntax, and realized I could simplify the instructions quite a bit. Where I would love some help from the community would be on ways to crawl the iApps to quickly disable Strict Updates. The xarg commands to modify/delete objects associated with an iApp will fail if the default setting of "Strict Updates" is enabled. Hope this helps, Carl
Carl_Brothers
Feb 05, 2025 Place Technical Forum
133Views
3likes
3Comments
VIPRION external monitor
Problem this snippet solves: This VIPRION specific external monitor script is written in bash and utilizes TMSH to extend the built-in monitoring functionality of BIG-IP version 10.2.3. This write-up assumes the reader has working knowledge writing BIG-IP LTM external monitors. The following link is a great starting point LTM External Monitors: The Basics | DevCentral Logical network diagram: NOTE: The monitor is written to meet very specific environmental requirements. Therefore, your implementation may vary greatly. This post is inteded to show you some requirements for writing external monitors on the VIPRION platform while offering some creative ways to extend the functionality of external monitors using TMSH. The VIPRION acts as a hop in the default path of traffic destined for the Internet. Specific application flows are vectored to optimization servers and all other traffic is passed to the next hop router (Router C) toward the Internet. Router A and Router C are BGP neighbors through the VIPRION. Router B is a BGP neighbor with the VIPRION via ZebOS. A virtual address has route health injection enabled. The script monitors a user defined (agrument to the script) pool and transitions into the failed state when the available pool member count drops below a threshold value (argument to the script). In the failed state the following actions are performed once, effectively stopping client traffic flow through the VIPRION. Two virtual servers (arguments to the script) are disable to stop traffic through VIPRION. A virtual address (argument to the script) is disabled to disable route health injection of the address. All non Self-IP BGP connections are found in the connection table and deleted. NOTE: Manual intervention is required to enable virtual servers and virtual address when the monitor transitions from failed state to successful state before normal traffic flows will proceed. How to use this snippet: The monitor definition: monitor eavbgpv3 { defaults from external interval 20 timeout 61 args "poolhttp 32 vsforward1 vsforward2 10.10.10.1"v DEBUG "0"v run "rhi_v3.bsh" } This external monitor is configured to check for available members in the pool "poolhttp". When the available members falls below 32 the monitor transistions into the failed state and disables the virtual servers "vsforward1" and "vs_forward2" and disables the virtual address "10.10.10.1". When the available pool members increases above 32 neither the virtuals servers nor the virtual address is enabled. This will require manual intervention. The external monitor is assigned to a phantom pool with a single member "1.1.1.1:4353". No traffic is sent to the pool member. This pool and pool member are in place so the operator can see the current status of the external monitor. The Pool definition: pool bgpmonitor { monitor all eavbgp_v3 members 1.1.1.1:f5-iquery {} } You can download the script here: rhi_v3.bsh CODE: #!/bin/bash # (c) Copyright 1996-2007 F5 Networks, Inc. # # This software is confidential and may contain trade secrets that are the # property of F5 Networks, Inc. No part of the software may be disclosed # to other parties without the express written consent of F5 Networks, Inc. # It is against the law to copy the software. No part of the software may # be reproduced, transmitted, or distributed in any form or by any means, # electronic or mechanical, including photocopying, recording, or information # storage and retrieval systems, for any purpose without the express written # permission of F5 Networks, Inc. Our services are only available for legal # users of the program, for instance in the event that we extend our services # by offering the updating of files via the Internet. # # author: Paul DeHerrera pauld@f5.com # # these arguments supplied automatically for all external monitors: # $1 = IP (nnn.nnn.nnn.nnn notation or hostname) # $2 = port (decimal, host byte order) -- not used in this monitor, assumes default port 53 # # these arguments must be supplied in the monitor configuration: # $3 = name of pool to monitor # $4 = threshold value of the pool. If the available pool member count drops below this value the monitor will respond in 'failed' state # $5 = first Virtual server to disable # $6 = second Virtual server to disable # $7 = first Virtual address to disable # $8 = second Virtual address to disable ### Check for the 'DEBUG' variable, set it here if not present. # is the DEBUG variable passed as a variable? if [ -z "$DEBUG" ] then # If the monitor config didn't specify debug as a variable then enable/disable it here DEBUG=0 fi ### If Debug is on, output the script start time to /var/log/ltm # capture and log (when debug is on) a timestamp when this eav starts export ST=`date +%Y%m%d-%H:%M:%S` if [ $DEBUG -eq 1 ]; then echo "EAV `basename $0` ($$): started at $ST" | logger -p local0.debug; fi ### Do not execute this script within the first 300 seconds after BIG-IP boot. This is a customer specific requirement # this section is used to introduce a delay of 300 seconds after system boot before executing this eav for the first time BOOT_DATE=`who -b | grep -i 'system boot' | awk {'print $3 " " $4 " " $5'}` if [ $DEBUG -eq 1 ]; then echo "EAV `basename $0` ($$): boot_date: ($BOOT_DATE)" | logger -p local0.debug; fi EPOCH_DATE=`date -d "$BOOT_DATE" +%s` if [ $DEBUG -eq 1 ]; then echo "EAV `basename $0` ($$): epoch_date: ($EPOCH_DATE)" | logger -p local0.debug; fi EPOCH_DATE=$((${EPOCH_DATE}+300)) if [ $DEBUG -eq 1 ]; then echo "EAV `basename $0` ($$): epoch_date +300: ($EPOCH_DATE)" | logger -p local0.debug; fi CUR_DATE=`date +%s` if [ $DEBUG -eq 1 ]; then echo "EAV `basename $0` ($$): current_date: ($CUR_DATE)" | logger -p local0.debug; fi if [ $CUR_DATE -ge $EPOCH_DATE ] then ### Assign a value to variables. The VIPRION requires some commands to be executed on the Primary slot as you will see later in this script # export some variables if [ $DEBUG -eq 1 ]; then echo "EAV `basename $0` ($$): exporting variables..." | logger -p local0.debug; fi export REMOTEUSER="root" export HOME="/root" export IP=`echo $1 | sed 's/::ffff://'` export PORT=$2 export POOL=$3 export MEMBER_THRESHOLD=$4 export VIRTUAL_SERVER1=$5 export VIRTUAL_SERVER2=$6 export VIRTUAL_ADDRESS1=$7 export VIRTUAL_ADDRESS2=$8 export PIDFILE="/var/run/`basename $0`.$IP.$PORT.pid" export TRACKING_FILENAME=/var/tmp/rhi_bsh_monitor_status export PRIMARY_SLOT=`tmsh list sys db cluster.primary.slot | grep -i 'value' | sed -e 's/\"//g' | awk {'print $NF'}` ### Output the Primary slot to /var/log/ltm if [ $DEBUG -eq 1 ]; then echo "EAV `basename $0` ($$): the primary blade is in slot number: ($PRIMARY_SLOT)..." | logger -p local0.debug; fi ### This section is for debugging only. Check to see if this script is executing on the Primary blade and output to /var/log/ltm if [ $DEBUG -eq 1 ]; then export PRIMARY_BLADE=`tmsh list sys db cluster.primary | grep -i "value" | sed -e 's/\"//g' | awk {'print $NF'}`; fi if [ $DEBUG -eq 1 ]; then echo "EAV `basename $0` ($$): is this monitor executing on the primary blade: ($PRIMARY_BLADE)" | logger -p local0.debug; fi ### Standard EAV check to see if an instance of this script is already running for the memeber. If so, kill the previous instance and output to /var/log/ltm # is there already an instance of this EAV running for this member? if [ -f $PIDFILE ] then if [ $DEBUG -eq 1 ]; then echo "EAV `basename $0` ($$): pid file is present, killing process..." | logger -p local0.debug; fi kill -9 `cat $PIDFILE` > /dev/null 2>&1 echo "EAV `basename $0` ($$): exceeded monitor interval, needed to kill ${IP}:${PORT} with PID `cat $PIDFILE`" | logger -p local0.error fi ### Create a new pid file to track this instance of the monitor for the current member # create a pidfile if [ $DEBUG -eq 1 ]; then echo "EAV `basename $0` ($$): creating new pid file..." | logger -p local0.debug; fi echo "$$" > $PIDFILE ### Export variables for available pool members and total pool members # export more variables (these require tmsh) export AVAILABLE=`tmsh show /ltm pool $POOL members all-properties | grep -i "Availability" | awk {'print $NF'} | grep -ic "available"` export TOTAL_POOL_MEMBERS=`tmsh show /ltm pool $POOL members all-properties | grep -c "Pool Member"` let "AVAILABLE-=1" ### If Debug is on, output some variables to /var/log/ltm - helps with troubleshooting if [ $DEBUG -eq 1 ]; then echo "EAV `basename $0` ($$): Pool ($POOL) has ($AVAILABLE) available of ($TOTAL_POOL_MEMBERS) total members." | logger -p local0.debug; fi if [ $DEBUG -eq 1 ]; then echo "EAV `basename $0` ($$): Pool ($POOL) threshold = ($MEMBER_THRESHOLD) members. Virtual server1 ($VIRTUAL_SERVER1) and Virtual server2 ($VIRTUAL_SERVER2)" | logger -p local0.debug; fi if [ $DEBUG -eq 1 ]; then echo "EAV `basename $0` ($$): Member Threshold ($MEMBER_THRESHOLD)" | logger -p local0.debug; fi ### If the available members is less than the threshold then we are in a 'failed' state. # main monitor logic if [ "$AVAILABLE" -lt "$MEMBER_THRESHOLD" ] then ### If Debug is on, output status to /var/log/ltm ### notify log - below threshold and disabling virtual server1 if [ $DEBUG -eq 1 ]; then echo "EAV `basename $0` ($$): AVAILABLE < MEMBER_THRESHOLD, disabling the virtual server..." | logger -p local0.debug; fi if [ $DEBUG -eq 1 ]; then echo "EAV `basename $0` ($$): disabling Virtual Server 1 ($VIRTUAL_SERVER1)" | logger -p local0.debug; fi ### Disable the first virtual server, which may exist in an administrative partition. For version 10.2.3 (possibly others) the script is required to change the 'update-partition' before disabling the virtual server. To accomplish this we first determine the administrative partition name where the virtual is configured then we build a list construct to execute both commands consecutively. ### disable virtual server 1 ### obtain the administrative partition for the virtual. if no administrative partition is found, assume common export VS1_PART=`tmsh list ltm virtual $VIRTUAL_SERVER1 | grep 'partition' | awk {'print $NF'}` if [ -z ${VS1_PART} ]; then ### no administrative partition was found so execute a list construct to change the update-partition to Common and disable the virtual server consecutively export DISABLE1=`ssh -o StrictHostKeyChecking=no root\@slot$PRIMARY_SLOT "tmsh modify cli admin-partitions update-partition Common && tmsh modify /ltm virtual $VIRTUAL_SERVER1 disabled"` ### If Debug is on, output the command to /var/log/ltm if [ $DEBUG -eq 1 ]; then echo "EAV `basename $0` ($$): disable cmd1: ssh -o StrictHostKeyChecking=no root\@slot$PRIMARY_SLOT 'tmsh modify cli admin-partitions update-partition Common && tmsh modify /ltm virtual $VIRTUAL_SERVER1 disabled'" | logger -p local0.debug; fi else ### the administrative partition was found so execute a list construct to change the update-partition and disable the virtual server consecutively. The command is sent to the primary slot via SSH export DISABLE1=`ssh -o StrictHostKeyChecking=no root\@slot$PRIMARY_SLOT "tmsh modify cli admin-partitions update-partition $VS1_PART && tmsh modify /ltm virtual $VIRTUAL_SERVER1 disabled"` ### If Debug is on, output the command to /var/log/ltm if [ $DEBUG -eq 1 ]; then echo "EAV `basename $0` ($$): disable cmd1: ssh -o StrictHostKeyChecking=no root\@slot$PRIMARY_SLOT 'tmsh modify cli admin-partitions update-partition $VS1_PART && tmsh modify /ltm virtual $VIRTUAL_SERVER1 disabled'" | logger -p local0.debug; fi fi ### If Debug is on, output status to /var/log/ltm if [ $DEBUG -eq 1 ]; then echo "EAV `basename $0` ($$): disabling Virtual Server 2 ($VIRTUAL_SERVER2)" | logger -p local0.debug; fi ### Disable the second virtual server. This section is the same as above, so I will skip the detailed comments here. ### disable virtual server 2 export VS2_PART=`tmsh list ltm virtual $VIRTUAL_SERVER2 | grep 'partition' | awk {'print $NF'}` if [ -z ${VS2_PART} ]; then export DISABLE2=`ssh -o StrictHostKeyChecking=no root\@slot$PRIMARY_SLOT "tmsh modify cli admin-partitions update-partition Common && tmsh modify /ltm virtual $VIRTUAL_SERVER2 disabled"` if [ $DEBUG -eq 1 ]; then echo "EAV `basename $0` ($$): disable cmd2: ssh -o StrictHostKeyChecking=no root\@slot$PRIMARY_SLOT 'tmsh modify cli admin-partitions update-partition Common && tmsh modify /ltm virtual $VIRTUAL_SERVER2 disabled'" | logger -p local0.debug; fi else export DISABLE2=`ssh -o StrictHostKeyChecking=no root\@slot$PRIMARY_SLOT "tmsh modify cli admin-partitions update-partition $VS2_PART && tmsh modify /ltm virtual $VIRTUAL_SERVER2 disabled"` if [ $DEBUG -eq 1 ]; then echo "EAV `basename $0` ($$): disable cmd2: ssh -o StrictHostKeyChecking=no root\@slot$PRIMARY_SLOT 'tmsh modify cli admin-partitions update-partition $VS2_PART && tmsh modify ltm virtual $VIRTUAL_SERVER2 disabled'" | logger -p local0.debug; fi fi ### notify log - disconnecting all BGP connection if [ $DEBUG -eq 1 ]; then echo "EAV `basename $0` ($$): Pool ($POOL) disconnecting all BGP connections..." | logger -p local0.debug; fi ### acquire a list of self IPs SELF_IPS=(`tmsh list net self | grep 'net self' | sed -e 's/\//\ /g' | awk {'print $3'}`) ### start to build our TMSH command excluding self IPs BGP_CONNS="tmsh show sys conn cs-server-port 179 | sed -e 's/\:/\ /g' | egrep -v '" COUNT=1 if [ $DEBUG -eq 1 ]; then echo "EAV `basename $0` ($$): BGP Step 1 - ${BGP_CONNS}" | logger -p local0.debug; fi ### loop through the self IPs for ip in "${SELF_IPS[@]}" do if [ $DEBUG -eq 1 ]; then echo "EAV `basename $0` ($$): BGP Step 2 - ${ip}" | logger -p local0.debug; fi ### continue to build our TMSH command - append self IPs to ignore if [ ${COUNT} -gt 1 ] then BGP_CONNS=${BGP_CONNS}"|${ip}" else BGP_CONNS=${BGP_CONNS}"${ip}" fi (( COUNT++ )) done ### if debug is on log a message with the TMSH command up until this point if [ $DEBUG -eq 1 ]; then echo "EAV `basename $0` ($$): BGP Step 3 - ${BGP_CONNS}" | logger -p local0.debug; fi ### finish the TMSH command to show BGP connections not including self IPs BGP_CONNS=${BGP_CONNS}"' | egrep -v 'Sys|Total' | awk {'print \$1'}" if [ $DEBUG -eq 1 ]; then echo "EAV `basename $0` ($$): BGP Step 4 - ${BGP_CONNS}" | logger -p local0.debug; fi ### gather all BGP connection not including those to self IPs DISCONNS=(`eval $BGP_CONNS`) DISCMD='' NEWCOUNT=1 if [ $DEBUG -eq 1 ]; then echo "EAV `basename $0` ($$): BGP Step 5 - ${DISCONNS}" | logger -p local0.debug; fi ### loop through the resulting BGP connections and build another TMSH command to delete these connections from the connection table for newip in "${DISCONNS[@]}" do if [ $DEBUG -eq 1 ]; then echo "EAV `basename $0` ($$): BGP Step 6" | logger -p local0.debug; fi if [ ${NEWCOUNT} -gt 1 ] then DISCMD=${DISCMD}" && tmsh delete sys connection cs-client-addr ${newip} cs-server-port 179" else DISCMD=${DISCMD}"tmsh delete sys connection cs-client-addr ${newip} cs-server-port 179" fi (( NEWCOUNT++ )) done ### if debug is on log the command we just assembled if [ $DEBUG -eq 1 ]; then echo "EAV `basename $0` ($$): BGP Step 7 - ${DISCMD}" | logger -p local0.debug; fi ### One the primary slot execute the command to delete the non self IP BGP connections. export CONNECTIONS=`ssh -o StrictHostKeyChecking=no root\@slot$PRIMARY_SLOT "${DISCMD}"` if [ $DEBUG -eq 1 ]; then echo "EAV `basename $0` ($$): BGP Step 8 - $CONNECTIONS" | logger -p local0.debug; fi ### disable virtual address 1 if [ $DEBUG -eq 1 ]; then echo "EAV `basename $0` ($$): VA1 ($VIRTUAL_ADDRESS1)" | logger -p local0.debug; fi if [ ! -z "$VIRTUAL_ADDRESS1" ]; then if [ $DEBUG -eq 1 ]; then echo "EAV `basename $0` ($$): disabling Virtual Address 1 ($VIRTUAL_ADDRESS1)" | logger -p local0.debug; fi export VA1_PART=`tmsh list ltm virtual-address $VIRTUAL_ADDRESS1 | grep 'partition' | awk {'print $NF'}` if [ $DEBUG -eq 1 ]; then echo "EAV `basename $0` ($$): cmd: ssh -o StrictHostKeyChecking=no root\@slot$PRIMARY_SLOT tmsh modify cli admin-partitions update-partition $VA1_PART && tmsh modify /ltm virtual-address $VIRTUAL_ADDRESS1 enabled no " | logger -p local0.debug; fi export VA2_UPCMD=`ssh -o StrictHostKeyChecking=no root\@slot$PRIMARY_SLOT "tmsh modify cli admin-partitions update-partition $VA1_PART && tmsh modify /ltm virtual-address $VIRTUAL_ADDRESS1 enabled no"` if [ $DEBUG -eq 1 ]; then echo "EAV `basename $0` ($$): virtual address 1 disabled?" | logger -p local0.debug; fi fi ### disable virtual address 2 if [ ! -z "$VIRTUAL_ADDRESS2" ]; then if [ $DEBUG -eq 1 ]; then echo "EAV `basename $0` ($$): disabling Virtual Address 2 ($VIRTUAL_ADDRESS2)" | logger -p local0.debug; fi export VA2_PART=`tmsh list ltm virtual-address $VIRTUAL_ADDRESS2 | grep 'partition' | awk {'print $NF'}` if [ $DEBUG -eq 1 ]; then echo "EAV `basename $0` ($$): update-partition - $VA2_PART" | logger -p local0.debug; fi export VA2_UPCMD=`ssh -o StrictHostKeyChecking=no root\@slot$PRIMARY_SLOT "tmsh modify cli admin-partitions update-partition $VA2_PART && tmsh modify /ltm virtual-address $VIRTUAL_ADDRESS2 enabled no"` if [ $DEBUG -eq 1 ]; then echo "EAV `basename $0` ($$): cmd: virtual address 2 disabled?" | logger -p local0.debug; fi fi ### track number of times this monitor has failed if [ -e "$TRACKING_FILENAME" ] then export COUNT=`cat $TRACKING_FILENAME` export NEW_COUNT=$((${COUNT}+1)) echo $NEW_COUNT > $TRACKING_FILENAME else echo 1 > $TRACKING_FILENAME export NEW_COUNT=1 fi ### notify log - failure count echo "EAV `basename $0` ($$): Pool $POOL only has $AVAILABLE available of $TOTAL_POOL_MEMBERS total members, failing site. Virtual servers ($VIRTUAL_SERVER1 and $VIRTUAL_SERVER2) will be disabled and all connections with destination port 179 will be terminated. Virtual servers must be manually enabled after pool $MEMBER_THRESHOLD or more pool members are available. This monitor has failed $NEW_COUNT times." | logger -p local0.debug # remove the pidfile if [ $DEBUG -eq 1 ]; then echo "EAV `basename $0` ($$): removing the pidfile..." | logger -p local0.debug; fi export PIDBGONE=`rm -f $PIDFILE` if [ $DEBUG -eq 1 ]; then echo "EAV `basename $0` ($$): pidfile has been removed ($PIDBGONE)" | logger -p local0.debug; fi export END=`date +%Y%m%d-%H:%M:%S` if [ $DEBUG -eq 1 ]; then echo "EAV `basename $0` ($$): stopped at $END" | logger -p local0.debug; fi else if [ -e "$TRACKING_FILENAME" ] then ### log the status echo "EAV `basename $0` ($$): Pool $POOL has $AVAILABLE members of $TOTAL_POOL_MEMBERS total members. No change to virtual servers ($VIRTUAL_SERVER1 and $VIRTUAL_SERVER2). No change to port 179 connections. Virtual servers must be manually enabled to pass traffic if they are disabled." | logger -p local0.debug rm -f $TRACKING_FILENAME fi ### remove the pidfile if [ $DEBUG -eq 1 ]; then echo "EAV `basename $0` ($$): removing the pidfile..." | logger -p local0.debug; fi export PIDBGONE=`rm -f $PIDFILE` if [ $DEBUG -eq 1 ]; then echo "EAV `basename $0` ($$): pidfile has been removed ($PIDBGONE)" | logger -p local0.debug; fi export END=`date +%Y%m%d-%H:%M:%S` if [ $DEBUG -eq 1 ]; then echo "EAV `basename $0` ($$): stopped at $END" | logger -p local0.debug; fi echo "UP" fi fi
pauld_104632
Jan 27, 2025 Place CodeShare
307Views
0likes
0Comments
Let's Encrypt with Cloudflare DNS and F5 REST API
Hi all This is a followup on the now very old Let's Encrypt on a Big-IP article. It has served me, and others, well but is kind of locked to a specific environment and doesn't scale well. I have been going around it for some time but couldn't find the courage (aka time) to get started. However, due to some changes to my DNS provider (they were aquired and shut down) I finally took the plunges and moved my domains to a provider with an API and that gave me the opportunity to make a more nimble solution. To make things simple I chose Cloudflare as the community proliferation is enormous and it is easy to find examples and tools. I though think that choosing another provide with an open API isn't such a big deal. After playing around with different tools I realized that I didn't need them as it ended up being much easier to just use curl. So, if the other providers have just a somewhat close resemblance it shouldn't be such a big task converting the scripts to fit. There might be finer and more advanced solutions out there, but my goal was that I needed a solution that had as few dependencies as possible and if I could make that only Bash and Curl it would be perfect. And that is what I ended up with 😎 Just put 5 files in the same directory, adjust the config to your environment, and BAM you're good to go!!😻 And if you need to run it somewhere else just copy the directory over and continue like nothing was changed. That is what I call portability 😁 Find all the details here: Let's Encrypt with Cloudflare DNS and F5 REST API Please just drop me a line if you have any questions or feedback or find any bugs.
lnxgeek
Dec 02, 2024 Place Technical Forum
2.4KViews
1like
8Comments
BigIP UCS Backup script; looking for some guidance on design
Greetings, I've began to work on a bash script, intended to be ran locally on each F5 appliance via a cron task. The criteria for this script has been, Saves the UCS /w encryption using {Hostname}-YYYY-MM-DD.ucs naming format. Uploads the generated UCS file to a SFTP server SFTP native commands are a MUST, SCP will not work due to it's reliance on command shell/login. Rollover after X # of saved files in order to prevent storage exhaustion on the target SFTP Server I strongly doubt any form of deduplication will work with a encrypted UCS Sends an email notification if the backup failed I've so far written a script that addresses the first 3 criteria and have been waiting for those to go through their paces in testing before adding in notification logic. The commands and logic being used have gotten more complex, the further I've gotten into the script's development. This has lead to some concerns about whether this is the best approach given the nature of the F5 BigIP systems being a vendor appliance and worry that there's a large possibility commands may stop working correctly after a major x. version update, requiring an overhaul of a fairly complex script. I'm almost wondering if setting up an AWX/Tower host in our environment and then using the f5networks Ansible Module for the majority of the heavy lifting followed by some basic logic for file rotation, would be a better long term approach. Ansible would also be a bit more flexible in that I wouldn't have to hardcore values that diverge between individual hosts into the script itself. It's however not clear if the F5networks ansible module supports SFTP as I only see SCP referenced. https://my.f5.com/manage/s/article/K35454259 Advice and insight is much appreciated! #!/bin/bash # F5 backup script based on https://my.f5.com/manage/s/article/K000138297 # User-configurable Variables UCS_DIR="/var/ucs" REMOTE_USER="svc_f5backup" REMOTE_HOST="myhost.contoso.local" REMOTE_DIR="/data/f5/dev" SSH_KEY="/shared/scripts/f5-backup/mykeys/f5user" ENCRYPTION_PASSPHRASE='' # Blank out the value to not encrypt the UCS backup. LOG_FILE="/var/log/backupscript.log" MAX_FILES=45 # Maximum number of backup files to keep # Dynamic Variables (do not edit) HOSTNAME=$(/bin/hostname) DATE=$(date +%Y-%m-%d) UCS_FILE="${UCS_DIR}/${HOSTNAME}-${DATE}.ucs" # Start logging echo "$(date +'%Y-%m-%d %H:%M:%S') - Starting backup script." >> ${LOG_FILE} # Save the UCS backup file if [ -n "${ENCRYPTION_PASSPHRASE}" ]; then echo "Running the UCS save operation (encrypted)." >> ${LOG_FILE} tmsh save /sys ucs ${UCS_FILE} passphrase "${ENCRYPTION_PASSPHRASE}" >> ${LOG_FILE} 2>&1 else echo "Running the UCS save operation (not encrypted)." >> ${LOG_FILE} tmsh save /sys ucs ${UCS_FILE} >> ${LOG_FILE} 2>&1 fi # Create a temporary batch file for SFTP commands BATCH_FILE=$(mktemp) echo "cd ${REMOTE_DIR}" > $BATCH_FILE echo "put ${UCS_FILE}" >> $BATCH_FILE echo "bye" >> $BATCH_FILE # Log that the transfer is starting echo "Starting SFTP transfer." >> ${LOG_FILE} # Execute SFTP command and capture the output transfer_command_output=$(sftp -b "$BATCH_FILE" -i "${SSH_KEY}" -oBatchMode=no "${REMOTE_USER}@${REMOTE_HOST}" 2>&1) transfer_status=$? # Extract the "Transferred:" line transfer_summary=$(echo "$transfer_command_output" | grep "^Transferred: sent") if [ $transfer_status -eq 0 ]; then if [ -n "$transfer_summary" ]; then echo "UCS file copied to the SFTP server successfully (remote:${REMOTE_HOST}:${REMOTE_DIR}/${UCS_FILE}). $transfer_summary" >> ${LOG_FILE} else echo "UCS file copied to the SFTP server successfully (remote:${REMOTE_HOST}:${REMOTE_DIR}/${UCS_FILE}). Please check the log for details." >> ${LOG_FILE} fi else echo "$transfer_command_output" >> ${LOG_FILE} echo "UCS SFTP copy operation failed. Please read the log for details." >> ${LOG_FILE} rm -f $BATCH_FILE exit 1 fi # Clean up the temporary batch file rm -f $BATCH_FILE # Rollover backup files if the number exceeds MAX_FILES echo "Checking and maintaining the maximum number of backup files." >> ${LOG_FILE} # Create a list of files to delete sftp -i "${SSH_KEY}" -oBatchMode=no "${REMOTE_USER}@${REMOTE_HOST}" <<EOF > file_list.txt cd ${REMOTE_DIR} ls -1 ${HOSTNAME}-*.ucs bye EOF # Filter out unwanted lines and sort the files alphanumerically grep -v 'sftp>' file_list.txt | grep -v '^cd ' | sort > filtered_file_list.txt # Determine files to delete files_to_delete=$(head -n -${MAX_FILES} filtered_file_list.txt) if [ -n "$files_to_delete" ]; then # Create a temporary batch file for SFTP cleanup commands CLEANUP_BATCH_FILE=$(mktemp) echo "cd ${REMOTE_DIR}" > $CLEANUP_BATCH_FILE for file in $files_to_delete; do echo "Deleting $file" >> ${LOG_FILE} echo "rm $file" >> $CLEANUP_BATCH_FILE done echo "bye" >> $CLEANUP_BATCH_FILE # Execute SFTP cleanup command and log the output cleanup_command_output=$(sftp -b "$CLEANUP_BATCH_FILE" -i "${SSH_KEY}" -oBatchMode=no "${REMOTE_USER}@${REMOTE_HOST}" 2>&1) echo "$cleanup_command_output" >> ${LOG_FILE} # Clean up the temporary batch file rm -f $CLEANUP_BATCH_FILE else echo "No files to delete. Total files within limit." >> ${LOG_FILE} fi # Clean up the file lists rm -f file_list.txt filtered_file_list.txt # Delete the local copy of the UCS archive tmsh delete /sys ucs ${UCS_FILE} >> ${LOG_FILE} 2>&1 echo "$(date +'%Y-%m-%d %H:%M:%S') - Backup script completed." >> ${LOG_FILE}
williammyer1
May 30, 2024 Place Technical Forum
276Views
0likes
2Comments
List BIG-IP Next Instance Backups on Central Manager
In the Central Manager GUI, you can create/schedule BIG-IP Next Instance backups, but outside of the listing shown there, you can't download the files from that view if you want to archive them for off-box requirements. Finding them in the Central Manager command line to download them via secure copy (scp) requires some kubernetes-fu knowhow, mainly, interrogating the persistent volume claims and persistent volumes: kubectl get pvc mbiq-local-storage-pv-claim -o yaml | grep volumeName kubectl get pv <volumename result> -o yaml | grep "path: " This script takes the guesswork out of all that and let's you focus on more important things. Example output: admin@cm1:~$ ./lbu.sh Backup path: /var/lib/rancher/k3s/storage/pvc-ae75faee-101e-49eb-89f7-b66542da1281_default_mbiq-local-storage-pv-claim/backup total 3860 4 drwxrwxrwx 2 root root 4096 Mar 7 19:33 . 4 drwxrwxrwx 7 root root 4096 Feb 2 00:01 .. 1780 -rw-r--r-- 1 ubuntu lxd 1821728 Feb 28 18:40 3b9ef4d8-0f0b-453d-b350-c8720a30db16.2024-02-28.18-39-59.backup.tar.gz 288 -rw-r--r-- 1 ubuntu lxd 292464 Feb 28 18:39 7bf4e3ac-e8a2-44a3-bead-08be6c590071.2024-02-28.18-39-15.backup.tar.gz 1784 -rw-r--r-- 1 ubuntu lxd 1825088 Mar 7 19:33 7bf4e3ac-e8a2-44a3-bead-08be6c590071.2024-03-07.19-32-56.backup.tar.gz Script Source
JRahm
Mar 08, 2024 Place CodeShare
133Views
1like
0Comments
Issue with a simple Bash Script for adding an iRule to a list of Virtual Servers.
Hello Community, I am having an issue with a bash script for an F5 BIG-IP Load Balancer, intended to read and iterate over a .txt list of Virtual Server names, look up the partition for a given VS, and add an iRule to it. When running the script I am only hitting the outermost 'else' statement for being unable to find the partition and VS name. My script logic is based on F5 Support solution K41961653: <p> #!/bin/bash # Prompt the user for the iRule name and read it into the 'new' variable echo "Please enter the iRule name:" read new noneRules='rules none' while IFS= read -r vs_name; do # Retrieve the partition and virtual server name full_vs_info=$(tmsh -c "cd /; list ltm virtual recursive" | grep "$vs_name" | grep -m1 "^ltm virtual") echo "Full VS Info Debug: $full_vs_info" # Extract the partition and virtual server name from the retrieved information if [[ $full_vs_info =~ ltm\ virtual\ (.+)/(.+) ]]; then partition="${BASH_REMATCH[1]}" vs_name="${BASH_REMATCH[2]}" # Format the tmsh command to include the partition rule=$(tmsh list ltm virtual /$partition/$vs_name rules | egrep -v "\{|\}" | xargs) if [[ "$rule" == "$noneRules" ]]; then tmsh modify ltm virtual /$partition/$vs_name rules { $new } echo "iRule $new was added to $vs_name in partition $partition" else# tmsh modify ltm virtual /$partition/$vs_name rules { $rule $new } echo "iRules $rule were conserved and added $new to $vs_name in partition $partition" fi else echo "Could not find partition and virtual server name for $vs_name" fi done < /shared/tmp/test_list.txt tmsh save sys config </p> As far as I was able to troubleshoot, the problem I am encountering appears to be with line 11 of my script where I attempt to assign the string "ltm virtual SomePartition/VS_Example.com {" to the "full_vs_info" variable using: full_vs_info=$(tmsh -c "cd /; list ltm virtual recursive" | grep "$vs_name" | grep -m1 "^ltm virtual") When I run the tmsh command [tmsh -c "cd /; list ltm virtual recursive" | grep "VS_Example.com" | grep -m1 "^ltm virtual"] on its own, from the F5's Bash shell, I am getting the output I expect: "ltm virtual SomePartition/VS_Example.com {" However, when I run the script with the debug echo , it only outputs "Full VS Info Debug:", and ends the script with "Could not find partition and virtual server name for $vs_name" and a sys config save. I am attempting to run this on a BIG-IP, version 15.1.10.2, build 0.44.2. I am quite new to both Bash scripting and F5 LBs. All feedback and criticism is highly appreciated! Thanks in advance!
touriel
Feb 07, 2024 Place Technical Forum
119Views
0likes
2Comments
F5 Automation - TCL & Bash
Problem this snippet solves: This is a really simple way to automate CLI command execution on multiple F5 devices using Bash & TCL scripting. How to use this snippet: On a linux machine that is utilized to connect to the F5 device: Create a directory mkdir F5_Check Within the "F5_Check" directory, create the following 3 files: F5_Host.txt (This file contains F5's IP address) F5_Bash_v1 (This is the bash script used to collect username/password for F5) F5_Out_v1.exp (This is the TCL script executes the relevant commands on F5) Explanation of the 3 files: File Content: F5_Out_v1.exp is provided as code share. This is the main TCL script that is utiliezd to execute CLI commands on multiple F5 devices. File Content: F5_Bash_v1 #!/bin/bash # Collect the username and password for F5 access echo -n "Enter the username " read -s -e user echo -ne '\n' echo -n "Enter the password " read -s -e password echo -ne '\n' # Feed the expect script a device list & the collected username & passwords for device in `cat ~/F5_Check/F5_Host.txt`; do ./F5_Out_v1.exp $device $password $user ; done File Contents: F5_Host.txt This contains the management IP of the F5 devices. Example: cat F5_Host.txt 10.12.12.200 10.12.12.201 10.12.12.202 10.12.12.203 Code : #!/usr/bin/expect -f # Set variables set hostname [lindex $argv 0] set password [lindex $argv 1] set username [lindex $argv 2] # Log results log_file -a ~/F5_Check/F5LOG.log # Announce which device we are working on and the time send_user "\n" send_user ">>>>> Working on $hostname @ [exec date] <<<<<\n" send_user "\n" # SSH access to device spawn ssh $username@$hostname expect { "no)? " { send "yes\n" expect "*assword: " sleep 1 send "$password\r" } "*assword: " { sleep 1 send "$password\r" } } expect "(tmos)#" send "sys\n" expect "(tmos.sys)#" send "show software\n" expect "#" send "exit\n" expect "#" send "quit\n" expect ":~\$" exit Tested this on version: 11.5
Vijay_E
Jun 06, 2023 Place CodeShare
2KViews
0likes
2Comments
Use F5 LTM as HTTP Proxy
Problem this snippet solves: LTM product can be used as a HTTP Proxy for servers and PC. This code explains minimum requirements to configure proxy feature without SWG module (configurations from Explicit Forward Proxy documentation without documentation ) and without explicit proxy iApp. How to use this snippet: All these commands must be run in bash shell. Create HTTP PROXY VIRTUAL SERVER Configure variables used in next commands Variable HTTPBaseName is used to create : Resolver object : RESOLVER_${HTTPBaseName} HTTP profile : http_${HTTPBaseName} virtual server : VS_${HTTPBaseName} HTTPBaseName="HTTP_FORWARD_PROXY" VS_IP="192.168.2.80" VS_PORT="8080" create DNS resolver with your DNS server (1.1.1.1 is for demo using cloudflare) tmsh create net dns-resolver RESOLVER_${HTTPBaseName} { forward-zones replace-all-with { . { nameservers replace-all-with { 1.1.1.1:domain { } } } } route-domain 0 } create HTTP profile type explicit, using DNS resolver. The parameter default-connect-handling allow enables HTTPS connections without SSL inspection tmsh create ltm profile http http_${HTTPBaseName} { defaults-from http-explicit explicit-proxy { default-connect-handling allow dns-resolver RESOLVER_${HTTPBaseName} } proxy-type explicit } create HTTP proxy Virtual server tmsh create ltm virtual VS_${HTTPBaseName} { destination ${VS_IP}:${VS_PORT} ip-protocol tcp mask 255.255.255.255 profiles replace-all-with { http_${HTTPBaseName} { } tcp } source 0.0.0.0/0 source-address-translation { type automap } translate-address enabled translate-port enabled} ENABLE SSL FORWARD PROXY This section is not required to forward HTTPS requests but only to enable SSL inspection on HTTPS requests. Note : Following configuration requires SSL, Forward Proxy License. Configure variables used in next commands Variable SSLBaseName is used to create : certificate / key pair : ${SSLBaseName} Client SSL profile : clientssl_${SSLBaseName} Server SSL profile : serverssl_${SSLBaseName} virtual server : VS_${SSLBaseName} SSLBaseName="SSL_FORWARD_PROXY" dirname="/var/tmp" CASubject="/C=FR/O=DEMO\ COMPANY/CN=SSL\ FORWARD\ PROXY\ CA" Create self-signed certificate for CA purpose (not available in WebUI) Self-signed certificates created in WebUI doesn't have CA capability required for SSL FORWARD PROXY. openssl genrsa -out ${dirname}/${SSLBaseName}.key 4094 openssl req -sha512 -new -x509 -days 3650 -key ${dirname}/${SSLBaseName}.key -out ${dirname}/${SSLBaseName}.crt -subj "${CASubject}" Import certificates in TMOS tmsh install sys crypto key ${SSLBaseName}.key from-local-file ${dirname}/${SSLBaseName}.key; tmsh install sys crypto cert ${SSLBaseName}.crt from-local-file ${dirname}/${SSLBaseName}.crt; After CA Certificate is imported, browse in WebUI, retrieve it and import it in client browsers trusted CA Create SSL profiles for SSL FORWARD PROXY tmsh create ltm profile client-ssl clientssl_${SSLBaseName} { cert-lookup-by-ipaddr-port disabled defaults-from clientssl mode enabled proxy-ca-cert ${SSLBaseName}.crt proxy-ca-key ${SSLBaseName}.key ssl-forward-proxy enabled } tmsh create ltm profile server-ssl serverssl_${SSLBaseName} { defaults-from serverssl ssl-forward-proxy enabled } create SSL FORWARD PROXY Virtual server tmsh create ltm virtual VS_${SSLBaseName} { destination 0.0.0.0:https ip-protocol tcp profiles replace-all-with { clientssl_${SSLBaseName} { context clientside } serverssl_${SSLBaseName} { context serverside } http { } tcp { } } source 0.0.0.0/0 translate-address disabled translate-port disabled vlans replace-all-with { http-tunnel } vlans-enabled } Change HTTP EXPLICIT PROXY Default Connect Handling to Deny tmsh modify ltm profile http http_${HTTPBaseName} explicit-proxy { default-connect-handling deny } Note : These commands were tested in both 12.1 and 13.1 versions. Code : No Code
Stanislas_Piro2
Jun 06, 2023 Place CodeShare
11KViews
1like
24Comments

"}},"componentScriptGroups({\"componentId\":\"custom.widget.Beta_MetaNav\"})":{"__typename":"ComponentScriptGroups","scriptGroups":{"__typename":"ComponentScriptGroupsDefinition","afterInteractive":{"__typename":"PageScriptGroupDefinition","group":"AFTER_INTERACTIVE","scriptIds":[]},"lazyOnLoad":{"__typename":"PageScriptGroupDefinition","group":"LAZY_ON_LOAD","scriptIds":[]}},"componentScripts":[]},"component({\"componentId\":\"custom.widget.Beta_Footer\"})":{"__typename":"Component","render({\"context\":{\"component\":{\"entities\":[],\"props\":{}},\"page\":{\"entities\":[],\"name\":\"TagPage\",\"props\":{},\"url\":\"https://community.f5.com/tag/bash\"}}})":{"__typename":"ComponentRenderResult","html":"

Trademarks Policies Privacy California Privacy Do Not Sell My Personal Information

"}},"componentScriptGroups({\"componentId\":\"custom.widget.Beta_Footer\"})":{"__typename":"ComponentScriptGroups","scriptGroups":{"__typename":"ComponentScriptGroupsDefinition","afterInteractive":{"__typename":"PageScriptGroupDefinition","group":"AFTER_INTERACTIVE","scriptIds":[]},"lazyOnLoad":{"__typename":"PageScriptGroupDefinition","group":"LAZY_ON_LOAD","scriptIds":[]}},"componentScripts":[]},"component({\"componentId\":\"custom.widget.Tag_Manager_Helper\"})":{"__typename":"Component","render({\"context\":{\"component\":{\"entities\":[],\"props\":{}},\"page\":{\"entities\":[],\"name\":\"TagPage\",\"props\":{},\"url\":\"https://community.f5.com/tag/bash\"}}})":{"__typename":"ComponentRenderResult","html":" "}},"componentScriptGroups({\"componentId\":\"custom.widget.Tag_Manager_Helper\"})":{"__typename":"ComponentScriptGroups","scriptGroups":{"__typename":"ComponentScriptGroupsDefinition","afterInteractive":{"__typename":"PageScriptGroupDefinition","group":"AFTER_INTERACTIVE","scriptIds":[]},"lazyOnLoad":{"__typename":"PageScriptGroupDefinition","group":"LAZY_ON_LOAD","scriptIds":[]}},"componentScripts":[]},"component({\"componentId\":\"custom.widget.Consent_Blackbar\"})":{"__typename":"Component","render({\"context\":{\"component\":{\"entities\":[],\"props\":{}},\"page\":{\"entities\":[],\"name\":\"TagPage\",\"props\":{},\"url\":\"https://community.f5.com/tag/bash\"}}})":{"__typename":"ComponentRenderResult","html":"

"}},"componentScriptGroups({\"componentId\":\"custom.widget.Consent_Blackbar\"})":{"__typename":"ComponentScriptGroups","scriptGroups":{"__typename":"ComponentScriptGroupsDefinition","afterInteractive":{"__typename":"PageScriptGroupDefinition","group":"AFTER_INTERACTIVE","scriptIds":[]},"lazyOnLoad":{"__typename":"PageScriptGroupDefinition","group":"LAZY_ON_LOAD","scriptIds":[]}},"componentScripts":[]},"cachedText({\"lastModified\":\"1745262169148\",\"locale\":\"en-US\",\"namespaces\":[\"components/community/NavbarDropdownToggle\"]})":[{"__ref":"CachedAsset:text:en_US-components/community/NavbarDropdownToggle-1745262169148"}],"cachedText({\"lastModified\":\"1745262169148\",\"locale\":\"en-US\",\"namespaces\":[\"components/messages/MessageListTabs\"]})":[{"__ref":"CachedAsset:text:en_US-components/messages/MessageListTabs-1745262169148"}],"cachedText({\"lastModified\":\"1745262169148\",\"locale\":\"en-US\",\"namespaces\":[\"components/messages/MessageView/MessageViewInline\"]})":[{"__ref":"CachedAsset:text:en_US-components/messages/MessageView/MessageViewInline-1745262169148"}],"cachedText({\"lastModified\":\"1745262169148\",\"locale\":\"en-US\",\"namespaces\":[\"shared/client/components/common/Pager/PagerLoadMore\"]})":[{"__ref":"CachedAsset:text:en_US-shared/client/components/common/Pager/PagerLoadMore-1745262169148"}],"cachedText({\"lastModified\":\"1745262169148\",\"locale\":\"en-US\",\"namespaces\":[\"components/customComponent/CustomComponent\"]})":[{"__ref":"CachedAsset:text:en_US-components/customComponent/CustomComponent-1745262169148"}],"cachedText({\"lastModified\":\"1745262169148\",\"locale\":\"en-US\",\"namespaces\":[\"shared/client/components/common/OverflowNav\"]})":[{"__ref":"CachedAsset:text:en_US-shared/client/components/common/OverflowNav-1745262169148"}],"cachedText({\"lastModified\":\"1745262169148\",\"locale\":\"en-US\",\"namespaces\":[\"components/users/UserLink\"]})":[{"__ref":"CachedAsset:text:en_US-components/users/UserLink-1745262169148"}],"cachedText({\"lastModified\":\"1745262169148\",\"locale\":\"en-US\",\"namespaces\":[\"components/messages/MessageSubject\"]})":[{"__ref":"CachedAsset:text:en_US-components/messages/MessageSubject-1745262169148"}],"cachedText({\"lastModified\":\"1745262169148\",\"locale\":\"en-US\",\"namespaces\":[\"components/messages/MessageTime\"]})":[{"__ref":"CachedAsset:text:en_US-components/messages/MessageTime-1745262169148"}],"cachedText({\"lastModified\":\"1745262169148\",\"locale\":\"en-US\",\"namespaces\":[\"shared/client/components/nodes/NodeIcon\"]})":[{"__ref":"CachedAsset:text:en_US-shared/client/components/nodes/NodeIcon-1745262169148"}],"cachedText({\"lastModified\":\"1745262169148\",\"locale\":\"en-US\",\"namespaces\":[\"components/messages/MessageUnreadCount\"]})":[{"__ref":"CachedAsset:text:en_US-components/messages/MessageUnreadCount-1745262169148"}],"cachedText({\"lastModified\":\"1745262169148\",\"locale\":\"en-US\",\"namespaces\":[\"components/messages/MessageViewCount\"]})":[{"__ref":"CachedAsset:text:en_US-components/messages/MessageViewCount-1745262169148"}],"cachedText({\"lastModified\":\"1745262169148\",\"locale\":\"en-US\",\"namespaces\":[\"components/kudos/KudosCount\"]})":[{"__ref":"CachedAsset:text:en_US-components/kudos/KudosCount-1745262169148"}],"cachedText({\"lastModified\":\"1745262169148\",\"locale\":\"en-US\",\"namespaces\":[\"components/messages/MessageRepliesCount\"]})":[{"__ref":"CachedAsset:text:en_US-components/messages/MessageRepliesCount-1745262169148"}],"cachedText({\"lastModified\":\"1745262169148\",\"locale\":\"en-US\",\"namespaces\":[\"components/messages/MessageBody\"]})":[{"__ref":"CachedAsset:text:en_US-components/messages/MessageBody-1745262169148"}],"cachedText({\"lastModified\":\"1745262169148\",\"locale\":\"en-US\",\"namespaces\":[\"shared/client/components/users/UserAvatar\"]})":[{"__ref":"CachedAsset:text:en_US-shared/client/components/users/UserAvatar-1745262169148"}]},"Theme:customTheme1":{"__typename":"Theme","id":"customTheme1"},"User:user:-1":{"__typename":"User","id":"user:-1","uid":-1,"login":"Former Member","email":"","avatar":null,"rank":null,"kudosWeight":1,"registrationData":{"__typename":"RegistrationData","status":"ANONYMOUS","registrationTime":null,"confirmEmailStatus":false,"registrationAccessLevel":"VIEW","ssoRegistrationFields":[]},"ssoId":null,"profileSettings":{"__typename":"ProfileSettings","dateDisplayStyle":{"__typename":"InheritableStringSettingWithPossibleValues","key":"layout.friendly_dates_enabled","value":"false","localValue":"true","possibleValues":["true","false"]},"dateDisplayFormat":{"__typename":"InheritableStringSetting","key":"layout.format_pattern_date","value":"dd-MMM-yyyy","localValue":"MM-dd-yyyy"},"language":{"__typename":"InheritableStringSettingWithPossibleValues","key":"profile.language","value":"en-US","localValue":null,"possibleValues":["en-US","es-ES"]},"repliesSortOrder":{"__typename":"InheritableStringSettingWithPossibleValues","key":"config.user_replies_sort_order","value":"DEFAULT","localValue":"DEFAULT","possibleValues":["DEFAULT","LIKES","PUBLISH_TIME","REVERSE_PUBLISH_TIME"]}},"deleted":false},"CachedAsset:pages-1745262162659":{"__typename":"CachedAsset","id":"pages-1745262162659","value":[{"lastUpdatedTime":1745262162659,"localOverride":null,"page":{"id":"BlogViewAllPostsPage","type":"BLOG","urlPath":"/category/:categoryId/blog/:boardId/all-posts/(/:after|/:before)?","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1745262162659,"localOverride":null,"page":{"id":"CasePortalPage","type":"CASE_PORTAL","urlPath":"/caseportal","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1745262162659,"localOverride":null,"page":{"id":"CreateGroupHubPage","type":"GROUP_HUB","urlPath":"/groups/create","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1745262162659,"localOverride":null,"page":{"id":"CaseViewPage","type":"CASE_DETAILS","urlPath":"/case/:caseId/:caseNumber","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1745262162659,"localOverride":null,"page":{"id":"InboxPage","type":"COMMUNITY","urlPath":"/inbox","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1745262162659,"localOverride":null,"page":{"id":"HelpFAQPage","type":"COMMUNITY","urlPath":"/help","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1745262162659,"localOverride":null,"page":{"id":"IdeaMessagePage","type":"IDEA_POST","urlPath":"/idea/:boardId/:messageSubject/:messageId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1745262162659,"localOverride":null,"page":{"id":"IdeaViewAllIdeasPage","type":"IDEA","urlPath":"/category/:categoryId/ideas/:boardId/all-ideas/(/:after|/:before)?","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1745262162659,"localOverride":null,"page":{"id":"LoginPage","type":"USER","urlPath":"/signin","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1745262162659,"localOverride":null,"page":{"id":"BlogPostPage","type":"BLOG","urlPath":"/category/:categoryId/blogs/:boardId/create","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1739501733000,"localOverride":null,"page":{"id":"Test","type":"CUSTOM","urlPath":"/custom-test-2","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1745262162659,"localOverride":null,"page":{"id":"ThemeEditorPage","type":"COMMUNITY","urlPath":"/designer/themes","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1745262162659,"localOverride":null,"page":{"id":"TkbViewAllArticlesPage","type":"TKB","urlPath":"/category/:categoryId/kb/:boardId/all-articles/(/:after|/:before)?","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1745262162659,"localOverride":null,"page":{"id":"OccasionEditPage","type":"EVENT","urlPath":"/event/:boardId/:messageSubject/:messageId/edit","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1745262162659,"localOverride":null,"page":{"id":"OAuthAuthorizationAllowPage","type":"USER","urlPath":"/auth/authorize/allow","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1745262162659,"localOverride":null,"page":{"id":"PageEditorPage","type":"COMMUNITY","urlPath":"/designer/pages","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1745262162659,"localOverride":null,"page":{"id":"PostPage","type":"COMMUNITY","urlPath":"/category/:categoryId/:boardId/create","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1745262162659,"localOverride":null,"page":{"id":"ForumBoardPage","type":"FORUM","urlPath":"/category/:categoryId/discussions/:boardId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1745262162659,"localOverride":null,"page":{"id":"TkbBoardPage","type":"TKB","urlPath":"/category/:categoryId/kb/:boardId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1745262162659,"localOverride":null,"page":{"id":"EventPostPage","type":"EVENT","urlPath":"/category/:categoryId/events/:boardId/create","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1745262162659,"localOverride":null,"page":{"id":"UserBadgesPage","type":"COMMUNITY","urlPath":"/users/:login/:userId/badges","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1745262162659,"localOverride":null,"page":{"id":"GroupHubMembershipAction","type":"GROUP_HUB","urlPath":"/membership/join/:nodeId/:membershipType","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1745262162659,"localOverride":null,"page":{"id":"MaintenancePage","type":"COMMUNITY","urlPath":"/maintenance","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1745262162659,"localOverride":null,"page":{"id":"IdeaReplyPage","type":"IDEA_REPLY","urlPath":"/idea/:boardId/:messageSubject/:messageId/comments/:replyId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1745262162659,"localOverride":null,"page":{"id":"UserSettingsPage","type":"USER","urlPath":"/mysettings/:userSettingsTab","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1745262162659,"localOverride":null,"page":{"id":"GroupHubsPage","type":"GROUP_HUB","urlPath":"/groups","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1745262162659,"localOverride":null,"page":{"id":"ForumPostPage","type":"FORUM","urlPath":"/category/:categoryId/discussions/:boardId/create","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1745262162659,"localOverride":null,"page":{"id":"OccasionRsvpActionPage","type":"OCCASION","urlPath":"/event/:boardId/:messageSubject/:messageId/rsvp/:responseType","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1745262162659,"localOverride":null,"page":{"id":"VerifyUserEmailPage","type":"USER","urlPath":"/verifyemail/:userId/:verifyEmailToken","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1745262162659,"localOverride":null,"page":{"id":"AllOccasionsPage","type":"OCCASION","urlPath":"/category/:categoryId/events/:boardId/all-events/(/:after|/:before)?","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1745262162659,"localOverride":null,"page":{"id":"EventBoardPage","type":"EVENT","urlPath":"/category/:categoryId/events/:boardId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1745262162659,"localOverride":null,"page":{"id":"TkbReplyPage","type":"TKB_REPLY","urlPath":"/kb/:boardId/:messageSubject/:messageId/comments/:replyId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1745262162659,"localOverride":null,"page":{"id":"IdeaBoardPage","type":"IDEA","urlPath":"/category/:categoryId/ideas/:boardId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1745262162659,"localOverride":null,"page":{"id":"CommunityGuideLinesPage","type":"COMMUNITY","urlPath":"/communityguidelines","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1745262162659,"localOverride":null,"page":{"id":"CaseCreatePage","type":"SALESFORCE_CASE_CREATION","urlPath":"/caseportal/create","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1745262162659,"localOverride":null,"page":{"id":"TkbEditPage","type":"TKB","urlPath":"/kb/:boardId/:messageSubject/:messageId/edit","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1745262162659,"localOverride":null,"page":{"id":"ForgotPasswordPage","type":"USER","urlPath":"/forgotpassword","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1745262162659,"localOverride":null,"page":{"id":"IdeaEditPage","type":"IDEA","urlPath":"/idea/:boardId/:messageSubject/:messageId/edit","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1745262162659,"localOverride":null,"page":{"id":"TagPage","type":"COMMUNITY","urlPath":"/tag/:tagName","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1745262162659,"localOverride":null,"page":{"id":"BlogBoardPage","type":"BLOG","urlPath":"/category/:categoryId/blog/:boardId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1745262162659,"localOverride":null,"page":{"id":"OccasionMessagePage","type":"OCCASION_TOPIC","urlPath":"/event/:boardId/:messageSubject/:messageId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1745262162659,"localOverride":null,"page":{"id":"ManageContentPage","type":"COMMUNITY","urlPath":"/managecontent","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1745262162659,"localOverride":null,"page":{"id":"ClosedMembershipNodeNonMembersPage","type":"GROUP_HUB","urlPath":"/closedgroup/:groupHubId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1745262162659,"localOverride":null,"page":{"id":"CommunityPage","type":"COMMUNITY","urlPath":"/","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1745262162659,"localOverride":null,"page":{"id":"ForumMessagePage","type":"FORUM_TOPIC","urlPath":"/discussions/:boardId/:messageSubject/:messageId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1745262162659,"localOverride":null,"page":{"id":"IdeaPostPage","type":"IDEA","urlPath":"/category/:categoryId/ideas/:boardId/create","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1745262162659,"localOverride":null,"page":{"id":"BlogMessagePage","type":"BLOG_ARTICLE","urlPath":"/blog/:boardId/:messageSubject/:messageId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1745262162659,"localOverride":null,"page":{"id":"RegistrationPage","type":"USER","urlPath":"/register","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1745262162659,"localOverride":null,"page":{"id":"EditGroupHubPage","type":"GROUP_HUB","urlPath":"/group/:groupHubId/edit","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1745262162659,"localOverride":null,"page":{"id":"ForumEditPage","type":"FORUM","urlPath":"/discussions/:boardId/:messageSubject/:messageId/edit","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1745262162659,"localOverride":null,"page":{"id":"ResetPasswordPage","type":"USER","urlPath":"/resetpassword/:userId/:resetPasswordToken","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1745262162659,"localOverride":null,"page":{"id":"TkbMessagePage","type":"TKB_ARTICLE","urlPath":"/kb/:boardId/:messageSubject/:messageId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1745262162659,"localOverride":null,"page":{"id":"BlogEditPage","type":"BLOG","urlPath":"/blog/:boardId/:messageSubject/:messageId/edit","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1745262162659,"localOverride":null,"page":{"id":"ManageUsersPage","type":"USER","urlPath":"/users/manage/:tab?/:manageUsersTab?","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1745262162659,"localOverride":null,"page":{"id":"ForumReplyPage","type":"FORUM_REPLY","urlPath":"/discussions/:boardId/:messageSubject/:messageId/replies/:replyId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1745262162659,"localOverride":null,"page":{"id":"PrivacyPolicyPage","type":"COMMUNITY","urlPath":"/privacypolicy","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1745262162659,"localOverride":null,"page":{"id":"NotificationPage","type":"COMMUNITY","urlPath":"/notifications","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1745262162659,"localOverride":null,"page":{"id":"UserPage","type":"USER","urlPath":"/users/:login/:userId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1745262162659,"localOverride":null,"page":{"id":"HealthCheckPage","type":"COMMUNITY","urlPath":"/health","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1745262162659,"localOverride":null,"page":{"id":"OccasionReplyPage","type":"OCCASION_REPLY","urlPath":"/event/:boardId/:messageSubject/:messageId/comments/:replyId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1745262162659,"localOverride":null,"page":{"id":"ManageMembersPage","type":"GROUP_HUB","urlPath":"/group/:groupHubId/manage/:tab?","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1745262162659,"localOverride":null,"page":{"id":"SearchResultsPage","type":"COMMUNITY","urlPath":"/search","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1745262162659,"localOverride":null,"page":{"id":"BlogReplyPage","type":"BLOG_REPLY","urlPath":"/blog/:boardId/:messageSubject/:messageId/replies/:replyId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1745262162659,"localOverride":null,"page":{"id":"GroupHubPage","type":"GROUP_HUB","urlPath":"/group/:groupHubId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1745262162659,"localOverride":null,"page":{"id":"TermsOfServicePage","type":"COMMUNITY","urlPath":"/termsofservice","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1745262162659,"localOverride":null,"page":{"id":"CategoryPage","type":"CATEGORY","urlPath":"/category/:categoryId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1745262162659,"localOverride":null,"page":{"id":"ForumViewAllTopicsPage","type":"FORUM","urlPath":"/category/:categoryId/discussions/:boardId/all-topics/(/:after|/:before)?","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1745262162659,"localOverride":null,"page":{"id":"TkbPostPage","type":"TKB","urlPath":"/category/:categoryId/kbs/:boardId/create","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1745262162659,"localOverride":null,"page":{"id":"GroupHubPostPage","type":"GROUP_HUB","urlPath":"/group/:groupHubId/:boardId/create","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1745262162659,"localOverride":null,"page":{"id":"HowDoI","type":"COMMUNITY","urlPath":"/c/how-do-i","__typename":"PageDescriptor"},"__typename":"PageResource"}],"localOverride":false},"CachedAsset:text:en_US-components/context/AppContext/AppContextProvider-0":{"__typename":"CachedAsset","id":"text:en_US-components/context/AppContext/AppContextProvider-0","value":{"noCommunity":"Cannot find community","noUser":"Cannot find current user","noNode":"Cannot find node with id {nodeId}","noMessage":"Cannot find message with id {messageId}","userBanned":"We're sorry, but you have been banned from using this site.","userBannedReason":"You have been banned for the following reason: {reason}"},"localOverride":false},"CachedAsset:text:en_US-shared/client/components/common/Loading/LoadingDot-0":{"__typename":"CachedAsset","id":"text:en_US-shared/client/components/common/Loading/LoadingDot-0","value":{"title":"Loading..."},"localOverride":false},"CachedAsset:theme:customTheme1-1745262151684":{"__typename":"CachedAsset","id":"theme:customTheme1-1745262151684","value":{"id":"customTheme1","animation":{"fast":"150ms","normal":"250ms","slow":"500ms","slowest":"750ms","function":"cubic-bezier(0.07, 0.91, 0.51, 1)","__typename":"AnimationThemeSettings"},"avatar":{"borderRadius":"50%","collections":["custom"],"__typename":"AvatarThemeSettings"},"basics":{"browserIcon":{"imageAssetName":"JimmyPackets-512-1702592938213.png","imageLastModified":"1702592945815","__typename":"ThemeAsset"},"customerLogo":{"imageAssetName":"f5_logo_fix-1704824537976.svg","imageLastModified":"1704824540697","__typename":"ThemeAsset"},"maximumWidthOfPageContent":"1600px","oneColumnNarrowWidth":"800px","gridGutterWidthMd":"30px","gridGutterWidthXs":"10px","pageWidthStyle":"WIDTH_OF_PAGE_CONTENT","__typename":"BasicsThemeSettings"},"buttons":{"borderRadiusSm":"5px","borderRadius":"5px","borderRadiusLg":"5px","paddingY":"5px","paddingYLg":"7px","paddingYHero":"var(--lia-bs-btn-padding-y-lg)","paddingX":"12px","paddingXLg":"14px","paddingXHero":"42px","fontStyle":"NORMAL","fontWeight":"400","textTransform":"NONE","disabledOpacity":0.5,"primaryTextColor":"var(--lia-bs-white)","primaryTextHoverColor":"var(--lia-bs-white)","primaryTextActiveColor":"var(--lia-bs-white)","primaryBgColor":"var(--lia-bs-primary)","primaryBgHoverColor":"hsl(var(--lia-bs-primary-h), var(--lia-bs-primary-s), calc(var(--lia-bs-primary-l) * 0.85))","primaryBgActiveColor":"hsl(var(--lia-bs-primary-h), var(--lia-bs-primary-s), calc(var(--lia-bs-primary-l) * 0.7))","primaryBorder":"1px solid transparent","primaryBorderHover":"1px solid transparent","primaryBorderActive":"1px solid transparent","primaryBorderFocus":"1px solid var(--lia-bs-white)","primaryBoxShadowFocus":"0 0 0 1px var(--lia-bs-primary), 0 0 0 4px hsla(var(--lia-bs-primary-h), var(--lia-bs-primary-s), var(--lia-bs-primary-l), 0.2)","secondaryTextColor":"var(--lia-bs-gray-900)","secondaryTextHoverColor":"hsl(var(--lia-bs-gray-900-h), var(--lia-bs-gray-900-s), calc(var(--lia-bs-gray-900-l) * 0.95))","secondaryTextActiveColor":"hsl(var(--lia-bs-gray-900-h), var(--lia-bs-gray-900-s), calc(var(--lia-bs-gray-900-l) * 0.9))","secondaryBgColor":"var(--lia-bs-gray-400)","secondaryBgHoverColor":"hsl(var(--lia-bs-gray-400-h), var(--lia-bs-gray-400-s), calc(var(--lia-bs-gray-400-l) * 0.96))","secondaryBgActiveColor":"hsl(var(--lia-bs-gray-400-h), var(--lia-bs-gray-400-s), calc(var(--lia-bs-gray-400-l) * 0.92))","secondaryBorder":"1px solid transparent","secondaryBorderHover":"1px solid transparent","secondaryBorderActive":"1px solid transparent","secondaryBorderFocus":"1px solid transparent","secondaryBoxShadowFocus":"0 0 0 1px var(--lia-bs-primary), 0 0 0 4px hsla(var(--lia-bs-primary-h), var(--lia-bs-primary-s), var(--lia-bs-primary-l), 0.2)","tertiaryTextColor":"var(--lia-bs-gray-900)","tertiaryTextHoverColor":"hsl(var(--lia-bs-gray-900-h), var(--lia-bs-gray-900-s), calc(var(--lia-bs-gray-900-l) * 0.95))","tertiaryTextActiveColor":"hsl(var(--lia-bs-gray-900-h), var(--lia-bs-gray-900-s), calc(var(--lia-bs-gray-900-l) * 0.9))","tertiaryBgColor":"transparent","tertiaryBgHoverColor":"transparent","tertiaryBgActiveColor":"hsla(var(--lia-bs-black-h), var(--lia-bs-black-s), var(--lia-bs-black-l), 0.04)","tertiaryBorder":"1px solid transparent","tertiaryBorderHover":"1px solid hsla(var(--lia-bs-black-h), var(--lia-bs-black-s), var(--lia-bs-black-l), 0.08)","tertiaryBorderActive":"1px solid transparent","tertiaryBorderFocus":"1px solid transparent","tertiaryBoxShadowFocus":"0 0 0 1px var(--lia-bs-primary), 0 0 0 4px hsla(var(--lia-bs-primary-h), var(--lia-bs-primary-s), var(--lia-bs-primary-l), 0.2)","destructiveTextColor":"var(--lia-bs-danger)","destructiveTextHoverColor":"hsl(var(--lia-bs-danger-h), var(--lia-bs-danger-s), calc(var(--lia-bs-danger-l) * 0.95))","destructiveTextActiveColor":"hsl(var(--lia-bs-danger-h), var(--lia-bs-danger-s), calc(var(--lia-bs-danger-l) * 0.9))","destructiveBgColor":"var(--lia-bs-gray-300)","destructiveBgHoverColor":"hsl(var(--lia-bs-gray-300-h), var(--lia-bs-gray-300-s), calc(var(--lia-bs-gray-300-l) * 0.96))","destructiveBgActiveColor":"hsl(var(--lia-bs-gray-300-h), var(--lia-bs-gray-300-s), calc(var(--lia-bs-gray-300-l) * 0.92))","destructiveBorder":"1px solid transparent","destructiveBorderHover":"1px solid transparent","destructiveBorderActive":"1px solid transparent","destructiveBorderFocus":"1px solid transparent","destructiveBoxShadowFocus":"0 0 0 1px var(--lia-bs-primary), 0 0 0 4px hsla(var(--lia-bs-primary-h), var(--lia-bs-primary-s), var(--lia-bs-primary-l), 0.2)","__typename":"ButtonsThemeSettings"},"border":{"color":"hsla(var(--lia-bs-black-h), var(--lia-bs-black-s), var(--lia-bs-black-l), 0.08)","mainContent":"NONE","sideContent":"NONE","radiusSm":"3px","radius":"5px","radiusLg":"9px","radius50":"100vw","__typename":"BorderThemeSettings"},"boxShadow":{"xs":"0 0 0 1px hsla(var(--lia-bs-gray-900-h), var(--lia-bs-gray-900-s), var(--lia-bs-gray-900-l), 0.08), 0 3px 0 -1px hsla(var(--lia-bs-gray-900-h), var(--lia-bs-gray-900-s), var(--lia-bs-gray-900-l), 0.08)","sm":"0 2px 4px hsla(var(--lia-bs-gray-900-h), var(--lia-bs-gray-900-s), var(--lia-bs-gray-900-l), 0.06)","md":"0 5px 15px hsla(var(--lia-bs-gray-900-h), var(--lia-bs-gray-900-s), var(--lia-bs-gray-900-l), 0.15)","lg":"0 10px 30px hsla(var(--lia-bs-gray-900-h), var(--lia-bs-gray-900-s), var(--lia-bs-gray-900-l), 0.15)","__typename":"BoxShadowThemeSettings"},"cards":{"bgColor":"var(--lia-panel-bg-color)","borderRadius":"var(--lia-panel-border-radius)","boxShadow":"var(--lia-box-shadow-xs)","__typename":"CardsThemeSettings"},"chip":{"maxWidth":"300px","height":"30px","__typename":"ChipThemeSettings"},"coreTypes":{"defaultMessageLinkColor":"var(--lia-bs-primary)","defaultMessageLinkDecoration":"none","defaultMessageLinkFontStyle":"NORMAL","defaultMessageLinkFontWeight":"400","defaultMessageFontStyle":"NORMAL","defaultMessageFontWeight":"400","defaultMessageFontFamily":"var(--lia-bs-font-family-base)","forumColor":"#0C5C8D","forumFontFamily":"var(--lia-bs-font-family-base)","forumFontWeight":"var(--lia-default-message-font-weight)","forumLineHeight":"var(--lia-bs-line-height-base)","forumFontStyle":"var(--lia-default-message-font-style)","forumMessageLinkColor":"var(--lia-default-message-link-color)","forumMessageLinkDecoration":"var(--lia-default-message-link-decoration)","forumMessageLinkFontStyle":"var(--lia-default-message-link-font-style)","forumMessageLinkFontWeight":"var(--lia-default-message-link-font-weight)","forumSolvedColor":"#62C026","blogColor":"#730015","blogFontFamily":"var(--lia-bs-font-family-base)","blogFontWeight":"var(--lia-default-message-font-weight)","blogLineHeight":"1.75","blogFontStyle":"var(--lia-default-message-font-style)","blogMessageLinkColor":"var(--lia-default-message-link-color)","blogMessageLinkDecoration":"var(--lia-default-message-link-decoration)","blogMessageLinkFontStyle":"var(--lia-default-message-link-font-style)","blogMessageLinkFontWeight":"var(--lia-default-message-link-font-weight)","tkbColor":"#C20025","tkbFontFamily":"var(--lia-bs-font-family-base)","tkbFontWeight":"var(--lia-default-message-font-weight)","tkbLineHeight":"1.75","tkbFontStyle":"var(--lia-default-message-font-style)","tkbMessageLinkColor":"var(--lia-default-message-link-color)","tkbMessageLinkDecoration":"var(--lia-default-message-link-decoration)","tkbMessageLinkFontStyle":"var(--lia-default-message-link-font-style)","tkbMessageLinkFontWeight":"var(--lia-default-message-link-font-weight)","qandaColor":"#4099E2","qandaFontFamily":"var(--lia-bs-font-family-base)","qandaFontWeight":"var(--lia-default-message-font-weight)","qandaLineHeight":"var(--lia-bs-line-height-base)","qandaFontStyle":"var(--lia-default-message-link-font-style)","qandaMessageLinkColor":"var(--lia-default-message-link-color)","qandaMessageLinkDecoration":"var(--lia-default-message-link-decoration)","qandaMessageLinkFontStyle":"var(--lia-default-message-link-font-style)","qandaMessageLinkFontWeight":"var(--lia-default-message-link-font-weight)","qandaSolvedColor":"#3FA023","ideaColor":"#F3704B","ideaFontFamily":"var(--lia-bs-font-family-base)","ideaFontWeight":"var(--lia-default-message-font-weight)","ideaLineHeight":"var(--lia-bs-line-height-base)","ideaFontStyle":"var(--lia-default-message-font-style)","ideaMessageLinkColor":"var(--lia-default-message-link-color)","ideaMessageLinkDecoration":"var(--lia-default-message-link-decoration)","ideaMessageLinkFontStyle":"var(--lia-default-message-link-font-style)","ideaMessageLinkFontWeight":"var(--lia-default-message-link-font-weight)","contestColor":"#FCC845","contestFontFamily":"var(--lia-bs-font-family-base)","contestFontWeight":"var(--lia-default-message-font-weight)","contestLineHeight":"var(--lia-bs-line-height-base)","contestFontStyle":"var(--lia-default-message-link-font-style)","contestMessageLinkColor":"var(--lia-default-message-link-color)","contestMessageLinkDecoration":"var(--lia-default-message-link-decoration)","contestMessageLinkFontStyle":"ITALIC","contestMessageLinkFontWeight":"var(--lia-default-message-link-font-weight)","occasionColor":"#EE4B5B","occasionFontFamily":"var(--lia-bs-font-family-base)","occasionFontWeight":"var(--lia-default-message-font-weight)","occasionLineHeight":"var(--lia-bs-line-height-base)","occasionFontStyle":"var(--lia-default-message-font-style)","occasionMessageLinkColor":"var(--lia-default-message-link-color)","occasionMessageLinkDecoration":"var(--lia-default-message-link-decoration)","occasionMessageLinkFontStyle":"var(--lia-default-message-link-font-style)","occasionMessageLinkFontWeight":"var(--lia-default-message-link-font-weight)","grouphubColor":"#491B62","categoryColor":"#949494","communityColor":"#FFFFFF","productColor":"#949494","__typename":"CoreTypesThemeSettings"},"colors":{"black":"#000000","white":"#FFFFFF","gray100":"#F7F7F7","gray200":"#F7F7F7","gray300":"#E8E8E8","gray400":"#D9D9D9","gray500":"#CCCCCC","gray600":"#949494","gray700":"#707070","gray800":"#545454","gray900":"#333333","dark":"#545454","light":"#F7F7F7","primary":"#0C5C8D","secondary":"#333333","bodyText":"#222222","bodyBg":"#F5F5F5","info":"#1D9CD3","success":"#62C026","warning":"#FFD651","danger":"#C20025","alertSystem":"#FF6600","textMuted":"#707070","highlight":"#FFFCAD","outline":"var(--lia-bs-primary)","custom":["#C20025","#081B85","#009639","#B3C6D7","#7CC0EB","#F29A36"],"__typename":"ColorsThemeSettings"},"divider":{"size":"3px","marginLeft":"4px","marginRight":"4px","borderRadius":"50%","bgColor":"var(--lia-bs-gray-600)","bgColorActive":"var(--lia-bs-gray-600)","__typename":"DividerThemeSettings"},"dropdown":{"fontSize":"var(--lia-bs-font-size-sm)","borderColor":"var(--lia-bs-border-color)","borderRadius":"var(--lia-bs-border-radius-sm)","dividerBg":"var(--lia-bs-gray-300)","itemPaddingY":"5px","itemPaddingX":"20px","headerColor":"var(--lia-bs-gray-700)","__typename":"DropdownThemeSettings"},"email":{"link":{"color":"#0069D4","hoverColor":"#0061c2","decoration":"none","hoverDecoration":"underline","__typename":"EmailLinkSettings"},"border":{"color":"#e4e4e4","__typename":"EmailBorderSettings"},"buttons":{"borderRadiusLg":"5px","paddingXLg":"16px","paddingYLg":"7px","fontWeight":"700","primaryTextColor":"#ffffff","primaryTextHoverColor":"#ffffff","primaryBgColor":"#0069D4","primaryBgHoverColor":"#005cb8","primaryBorder":"1px solid transparent","primaryBorderHover":"1px solid transparent","__typename":"EmailButtonsSettings"},"panel":{"borderRadius":"5px","borderColor":"#e4e4e4","__typename":"EmailPanelSettings"},"__typename":"EmailThemeSettings"},"emoji":{"skinToneDefault":"#ffcd43","skinToneLight":"#fae3c5","skinToneMediumLight":"#e2cfa5","skinToneMedium":"#daa478","skinToneMediumDark":"#a78058","skinToneDark":"#5e4d43","__typename":"EmojiThemeSettings"},"heading":{"color":"var(--lia-bs-body-color)","fontFamily":"Inter","fontStyle":"NORMAL","fontWeight":"600","h1FontSize":"30px","h2FontSize":"25px","h3FontSize":"20px","h4FontSize":"18px","h5FontSize":"16px","h6FontSize":"16px","lineHeight":"1.2","subHeaderFontSize":"11px","subHeaderFontWeight":"500","h1LetterSpacing":"normal","h2LetterSpacing":"normal","h3LetterSpacing":"normal","h4LetterSpacing":"normal","h5LetterSpacing":"normal","h6LetterSpacing":"normal","subHeaderLetterSpacing":"2px","h1FontWeight":"var(--lia-bs-headings-font-weight)","h2FontWeight":"var(--lia-bs-headings-font-weight)","h3FontWeight":"var(--lia-bs-headings-font-weight)","h4FontWeight":"var(--lia-bs-headings-font-weight)","h5FontWeight":"var(--lia-bs-headings-font-weight)","h6FontWeight":"var(--lia-bs-headings-font-weight)","__typename":"HeadingThemeSettings"},"icons":{"size10":"10px","size12":"12px","size14":"14px","size16":"16px","size20":"20px","size24":"24px","size30":"30px","size40":"40px","size50":"50px","size60":"60px","size80":"80px","size120":"120px","size160":"160px","__typename":"IconsThemeSettings"},"imagePreview":{"bgColor":"var(--lia-bs-gray-900)","titleColor":"var(--lia-bs-white)","controlColor":"var(--lia-bs-white)","controlBgColor":"var(--lia-bs-gray-800)","__typename":"ImagePreviewThemeSettings"},"input":{"borderColor":"var(--lia-bs-gray-600)","disabledColor":"var(--lia-bs-gray-600)","focusBorderColor":"var(--lia-bs-primary)","labelMarginBottom":"10px","btnFontSize":"var(--lia-bs-font-size-sm)","focusBoxShadow":"0 0 0 3px hsla(var(--lia-bs-primary-h), var(--lia-bs-primary-s), var(--lia-bs-primary-l), 0.2)","checkLabelMarginBottom":"2px","checkboxBorderRadius":"3px","borderRadiusSm":"var(--lia-bs-border-radius-sm)","borderRadius":"var(--lia-bs-border-radius)","borderRadiusLg":"var(--lia-bs-border-radius-lg)","formTextMarginTop":"4px","textAreaBorderRadius":"var(--lia-bs-border-radius)","activeFillColor":"var(--lia-bs-primary)","__typename":"InputThemeSettings"},"loading":{"dotDarkColor":"hsla(var(--lia-bs-black-h), var(--lia-bs-black-s), var(--lia-bs-black-l), 0.2)","dotLightColor":"hsla(var(--lia-bs-white-h), var(--lia-bs-white-s), var(--lia-bs-white-l), 0.5)","barDarkColor":"hsla(var(--lia-bs-black-h), var(--lia-bs-black-s), var(--lia-bs-black-l), 0.06)","barLightColor":"hsla(var(--lia-bs-white-h), var(--lia-bs-white-s), var(--lia-bs-white-l), 0.4)","__typename":"LoadingThemeSettings"},"link":{"color":"var(--lia-bs-primary)","hoverColor":"hsl(var(--lia-bs-primary-h), var(--lia-bs-primary-s), calc(var(--lia-bs-primary-l) - 10%))","decoration":"none","hoverDecoration":"underline","__typename":"LinkThemeSettings"},"listGroup":{"itemPaddingY":"15px","itemPaddingX":"15px","borderColor":"var(--lia-bs-gray-300)","__typename":"ListGroupThemeSettings"},"modal":{"contentTextColor":"var(--lia-bs-body-color)","contentBg":"var(--lia-bs-white)","backgroundBg":"var(--lia-bs-black)","smSize":"440px","mdSize":"760px","lgSize":"1080px","backdropOpacity":0.3,"contentBoxShadowXs":"var(--lia-bs-box-shadow-sm)","contentBoxShadow":"var(--lia-bs-box-shadow)","headerFontWeight":"700","__typename":"ModalThemeSettings"},"navbar":{"position":"FIXED","background":{"attachment":null,"clip":null,"color":"var(--lia-bs-white)","imageAssetName":null,"imageLastModified":"0","origin":null,"position":"CENTER_CENTER","repeat":"NO_REPEAT","size":"COVER","__typename":"BackgroundProps"},"backgroundOpacity":0.8,"paddingTop":"15px","paddingBottom":"15px","borderBottom":"1px solid var(--lia-bs-border-color)","boxShadow":"var(--lia-bs-box-shadow-sm)","brandMarginRight":"30px","brandMarginRightSm":"10px","brandLogoHeight":"30px","linkGap":"10px","linkJustifyContent":"flex-start","linkPaddingY":"5px","linkPaddingX":"10px","linkDropdownPaddingY":"9px","linkDropdownPaddingX":"var(--lia-nav-link-px)","linkColor":"var(--lia-bs-body-color)","linkHoverColor":"var(--lia-bs-primary)","linkFontSize":"var(--lia-bs-font-size-sm)","linkFontStyle":"NORMAL","linkFontWeight":"400","linkTextTransform":"NONE","linkLetterSpacing":"normal","linkBorderRadius":"var(--lia-bs-border-radius-sm)","linkBgColor":"transparent","linkBgHoverColor":"transparent","linkBorder":"none","linkBorderHover":"none","linkBoxShadow":"none","linkBoxShadowHover":"none","linkTextBorderBottom":"none","linkTextBorderBottomHover":"none","dropdownPaddingTop":"10px","dropdownPaddingBottom":"15px","dropdownPaddingX":"10px","dropdownMenuOffset":"2px","dropdownDividerMarginTop":"10px","dropdownDividerMarginBottom":"10px","dropdownBorderColor":"hsla(var(--lia-bs-black-h), var(--lia-bs-black-s), var(--lia-bs-black-l), 0.08)","controllerBgHoverColor":"hsla(var(--lia-bs-black-h), var(--lia-bs-black-s), var(--lia-bs-black-l), 0.1)","controllerIconColor":"var(--lia-bs-body-color)","controllerIconHoverColor":"var(--lia-bs-body-color)","controllerTextColor":"var(--lia-nav-controller-icon-color)","controllerTextHoverColor":"var(--lia-nav-controller-icon-hover-color)","controllerHighlightColor":"hsla(30, 100%, 50%)","controllerHighlightTextColor":"var(--lia-yiq-light)","controllerBorderRadius":"var(--lia-border-radius-50)","hamburgerColor":"var(--lia-nav-controller-icon-color)","hamburgerHoverColor":"var(--lia-nav-controller-icon-color)","hamburgerBgColor":"transparent","hamburgerBgHoverColor":"transparent","hamburgerBorder":"none","hamburgerBorderHover":"none","collapseMenuMarginLeft":"20px","collapseMenuDividerBg":"var(--lia-nav-link-color)","collapseMenuDividerOpacity":0.16,"__typename":"NavbarThemeSettings"},"pager":{"textColor":"var(--lia-bs-link-color)","textFontWeight":"var(--lia-font-weight-md)","textFontSize":"var(--lia-bs-font-size-sm)","__typename":"PagerThemeSettings"},"panel":{"bgColor":"var(--lia-bs-white)","borderRadius":"var(--lia-bs-border-radius)","borderColor":"var(--lia-bs-border-color)","boxShadow":"none","__typename":"PanelThemeSettings"},"popover":{"arrowHeight":"8px","arrowWidth":"16px","maxWidth":"300px","minWidth":"100px","headerBg":"var(--lia-bs-white)","borderColor":"var(--lia-bs-border-color)","borderRadius":"var(--lia-bs-border-radius)","boxShadow":"0 0.5rem 1rem hsla(var(--lia-bs-black-h), var(--lia-bs-black-s), var(--lia-bs-black-l), 0.15)","__typename":"PopoverThemeSettings"},"prism":{"color":"#000000","bgColor":"#f5f2f0","fontFamily":"var(--font-family-monospace)","fontSize":"var(--lia-bs-font-size-base)","fontWeightBold":"var(--lia-bs-font-weight-bold)","fontStyleItalic":"italic","tabSize":2,"highlightColor":"#b3d4fc","commentColor":"#62707e","punctuationColor":"#6f6f6f","namespaceOpacity":"0.7","propColor":"#990055","selectorColor":"#517a00","operatorColor":"#906736","operatorBgColor":"hsla(0, 0%, 100%, 0.5)","keywordColor":"#0076a9","functionColor":"#d3284b","variableColor":"#c14700","__typename":"PrismThemeSettings"},"rte":{"bgColor":"var(--lia-bs-white)","borderRadius":"var(--lia-panel-border-radius)","boxShadow":" var(--lia-panel-box-shadow)","customColor1":"#bfedd2","customColor2":"#fbeeb8","customColor3":"#f8cac6","customColor4":"#eccafa","customColor5":"#c2e0f4","customColor6":"#2dc26b","customColor7":"#f1c40f","customColor8":"#e03e2d","customColor9":"#b96ad9","customColor10":"#3598db","customColor11":"#169179","customColor12":"#e67e23","customColor13":"#ba372a","customColor14":"#843fa1","customColor15":"#236fa1","customColor16":"#ecf0f1","customColor17":"#ced4d9","customColor18":"#95a5a6","customColor19":"#7e8c8d","customColor20":"#34495e","customColor21":"#000000","customColor22":"#ffffff","defaultMessageHeaderMarginTop":"14px","defaultMessageHeaderMarginBottom":"10px","defaultMessageItemMarginTop":"0","defaultMessageItemMarginBottom":"10px","diffAddedColor":"hsla(170, 53%, 51%, 0.4)","diffChangedColor":"hsla(43, 97%, 63%, 0.4)","diffNoneColor":"hsla(0, 0%, 80%, 0.4)","diffRemovedColor":"hsla(9, 74%, 47%, 0.4)","specialMessageHeaderMarginTop":"14px","specialMessageHeaderMarginBottom":"10px","specialMessageItemMarginTop":"0","specialMessageItemMarginBottom":"10px","__typename":"RteThemeSettings"},"tags":{"bgColor":"var(--lia-bs-gray-200)","bgHoverColor":"var(--lia-bs-gray-400)","borderRadius":"var(--lia-bs-border-radius-sm)","color":"var(--lia-bs-body-color)","hoverColor":"var(--lia-bs-body-color)","fontWeight":"var(--lia-font-weight-md)","fontSize":"var(--lia-font-size-xxs)","textTransform":"UPPERCASE","letterSpacing":"0.5px","__typename":"TagsThemeSettings"},"toasts":{"borderRadius":"var(--lia-bs-border-radius)","paddingX":"12px","__typename":"ToastsThemeSettings"},"typography":{"fontFamilyBase":"Atkinson Hyperlegible","fontStyleBase":"NORMAL","fontWeightBase":"400","fontWeightLight":"300","fontWeightNormal":"400","fontWeightMd":"500","fontWeightBold":"700","letterSpacingSm":"normal","letterSpacingXs":"normal","lineHeightBase":"1.3","fontSizeBase":"15px","fontSizeXxs":"11px","fontSizeXs":"12px","fontSizeSm":"13px","fontSizeLg":"20px","fontSizeXl":"24px","smallFontSize":"14px","customFonts":[],"__typename":"TypographyThemeSettings"},"unstyledListItem":{"marginBottomSm":"5px","marginBottomMd":"10px","marginBottomLg":"15px","marginBottomXl":"20px","marginBottomXxl":"25px","__typename":"UnstyledListItemThemeSettings"},"yiq":{"light":"#ffffff","dark":"#000000","__typename":"YiqThemeSettings"},"colorLightness":{"primaryDark":0.36,"primaryLight":0.74,"primaryLighter":0.89,"primaryLightest":0.95,"infoDark":0.39,"infoLight":0.72,"infoLighter":0.85,"infoLightest":0.93,"successDark":0.24,"successLight":0.62,"successLighter":0.8,"successLightest":0.91,"warningDark":0.39,"warningLight":0.68,"warningLighter":0.84,"warningLightest":0.93,"dangerDark":0.41,"dangerLight":0.72,"dangerLighter":0.89,"dangerLightest":0.95,"__typename":"ColorLightnessThemeSettings"},"localOverride":false,"__typename":"Theme"},"localOverride":false},"CachedAsset:text:en_US-shared/client/components/common/Loading/LoadingDot-1745262169148":{"__typename":"CachedAsset","id":"text:en_US-shared/client/components/common/Loading/LoadingDot-1745262169148","value":{"title":"Loading..."},"localOverride":false},"CachedAsset:text:en_US-components/common/EmailVerification-1745262169148":{"__typename":"CachedAsset","id":"text:en_US-components/common/EmailVerification-1745262169148","value":{"email.verification.title":"Email Verification Required","email.verification.message.update.email":"To participate in the community, you must first verify your email address. The verification email was sent to {email}. To change your email, visit My Settings.","email.verification.message.resend.email":"To participate in the community, you must first verify your email address. The verification email was sent to {email}. Resend email."},"localOverride":false},"CachedAsset:text:en_US-pages/tags/TagPage-1745262169148":{"__typename":"CachedAsset","id":"text:en_US-pages/tags/TagPage-1745262169148","value":{"tagPageTitle":"Tag:\"{tagName}\" | {communityTitle}","tagPageForNodeTitle":"Tag:\"{tagName}\" in \"{title}\" | {communityTitle}","name":"Tags Page","tag":"Tag: {tagName}"},"localOverride":false},"CachedAsset:quilt:f5.prod:pages/tags/TagPage:community:zihoc95639-1745262167287":{"__typename":"CachedAsset","id":"quilt:f5.prod:pages/tags/TagPage:community:zihoc95639-1745262167287","value":{"id":"TagPage","container":{"id":"Common","headerProps":{"removeComponents":["community.widget.bannerWidget"],"__typename":"QuiltContainerSectionProps"},"items":[{"id":"tag-header-widget","layout":"ONE_COLUMN","bgColor":"var(--lia-bs-white)","showBorder":"BOTTOM","sectionEditLevel":"LOCKED","columnMap":{"main":[{"id":"tags.widget.TagsHeaderWidget","__typename":"QuiltComponent"}],"__typename":"OneSectionColumns"},"__typename":"OneColumnQuiltSection"},{"id":"messages-list-for-tag-widget","layout":"ONE_COLUMN","columnMap":{"main":[{"id":"messages.widget.messageListForNodeByRecentActivityWidget","props":{"viewVariant":{"type":"inline","props":{"useUnreadCount":true,"useViewCount":true,"useAuthorLogin":true,"clampBodyLines":3,"useAvatar":true,"useBoardIcon":false,"useKudosCount":true,"usePreviewMedia":true,"useTags":false,"useNode":true,"useNodeLink":true,"useTextBody":true,"truncateBodyLength":-1,"useBody":true,"useRepliesCount":true,"useSolvedBadge":true,"timeStampType":"conversation.lastPostingActivityTime","useMessageTimeLink":true,"clampSubjectLines":2}},"panelType":"divider","useTitle":false,"hideIfEmpty":false,"pagerVariant":{"type":"loadMore"},"style":"list","showTabs":true,"tabItemMap":{"default":{"mostRecent":true,"mostRecentUserContent":false,"newest":false},"additional":{"mostKudoed":true,"mostViewed":true,"mostReplies":false,"noReplies":false,"noSolutions":false,"solutions":false}}},"__typename":"QuiltComponent"}],"__typename":"OneSectionColumns"},"__typename":"OneColumnQuiltSection"}],"__typename":"QuiltContainer"},"__typename":"Quilt"},"localOverride":false},"CachedAsset:quiltWrapper:f5.prod:Common:1745262147309":{"__typename":"CachedAsset","id":"quiltWrapper:f5.prod:Common:1745262147309","value":{"id":"Common","header":{"backgroundImageProps":{"assetName":"header.jpg","backgroundSize":"COVER","backgroundRepeat":"NO_REPEAT","backgroundPosition":"LEFT_CENTER","lastModified":"1702932449000","__typename":"BackgroundImageProps"},"backgroundColor":"transparent","items":[{"id":"custom.widget.Beta_MetaNav","props":{"widgetVisibility":"signedInOrAnonymous","useTitle":true,"useBackground":false,"title":"","lazyLoad":false},"__typename":"QuiltComponent"},{"id":"community.widget.navbarWidget","props":{"showUserName":false,"showRegisterLink":true,"style":{"boxShadow":"var(--lia-bs-box-shadow-sm)","linkFontWeight":"700","controllerHighlightColor":"hsla(30, 100%, 50%)","dropdownDividerMarginBottom":"10px","hamburgerBorderHover":"none","linkFontSize":"15px","linkBoxShadowHover":"none","backgroundOpacity":0.4,"controllerBorderRadius":"var(--lia-border-radius-50)","hamburgerBgColor":"transparent","linkTextBorderBottom":"none","hamburgerColor":"var(--lia-nav-controller-icon-color)","brandLogoHeight":"48px","linkLetterSpacing":"normal","linkBgHoverColor":"transparent","collapseMenuDividerOpacity":0.16,"paddingBottom":"10px","dropdownPaddingBottom":"15px","dropdownMenuOffset":"2px","hamburgerBgHoverColor":"transparent","borderBottom":"0","hamburgerBorder":"none","dropdownPaddingX":"10px","brandMarginRightSm":"10px","linkBoxShadow":"none","linkJustifyContent":"center","linkColor":"var(--lia-bs-primary)","collapseMenuDividerBg":"var(--lia-nav-link-color)","dropdownPaddingTop":"10px","controllerHighlightTextColor":"var(--lia-yiq-dark)","background":{"imageAssetName":"","color":"var(--lia-bs-white)","size":"COVER","repeat":"NO_REPEAT","position":"CENTER_CENTER","imageLastModified":""},"linkBorderRadius":"var(--lia-bs-border-radius-sm)","linkHoverColor":"var(--lia-bs-primary)","position":"FIXED","linkBorder":"none","linkTextBorderBottomHover":"2px solid #0C5C8D","brandMarginRight":"30px","hamburgerHoverColor":"var(--lia-nav-controller-icon-color)","linkBorderHover":"none","collapseMenuMarginLeft":"20px","linkFontStyle":"NORMAL","linkPaddingX":"10px","paddingTop":"10px","linkPaddingY":"5px","linkTextTransform":"NONE","dropdownBorderColor":"hsla(var(--lia-bs-black-h), var(--lia-bs-black-s), var(--lia-bs-black-l), 0.08)","controllerBgHoverColor":"hsla(var(--lia-bs-black-h), var(--lia-bs-black-s), var(--lia-bs-black-l), 0.1)","linkDropdownPaddingX":"var(--lia-nav-link-px)","linkBgColor":"transparent","linkDropdownPaddingY":"9px","controllerIconColor":"#0C5C8D","dropdownDividerMarginTop":"10px","linkGap":"10px","controllerIconHoverColor":"#0C5C8D"},"links":{"sideLinks":[],"mainLinks":[{"children":[{"linkType":"INTERNAL","id":"migrated-link-1","params":{"boardId":"TechnicalForum","categoryId":"Forums"},"routeName":"ForumBoardPage"},{"linkType":"INTERNAL","id":"migrated-link-2","params":{"boardId":"WaterCooler","categoryId":"Forums"},"routeName":"ForumBoardPage"}],"linkType":"INTERNAL","id":"migrated-link-0","params":{"categoryId":"Forums"},"routeName":"CategoryPage"},{"children":[{"linkType":"INTERNAL","id":"migrated-link-4","params":{"boardId":"codeshare","categoryId":"CrowdSRC"},"routeName":"TkbBoardPage"},{"linkType":"INTERNAL","id":"migrated-link-5","params":{"boardId":"communityarticles","categoryId":"CrowdSRC"},"routeName":"TkbBoardPage"}],"linkType":"INTERNAL","id":"migrated-link-3","params":{"categoryId":"CrowdSRC"},"routeName":"CategoryPage"},{"children":[{"linkType":"INTERNAL","id":"migrated-link-7","params":{"boardId":"TechnicalArticles","categoryId":"Articles"},"routeName":"TkbBoardPage"},{"linkType":"INTERNAL","id":"article-series","params":{"boardId":"article-series","categoryId":"Articles"},"routeName":"TkbBoardPage"},{"linkType":"INTERNAL","id":"security-insights","params":{"boardId":"security-insights","categoryId":"Articles"},"routeName":"TkbBoardPage"},{"linkType":"INTERNAL","id":"migrated-link-8","params":{"boardId":"DevCentralNews","categoryId":"Articles"},"routeName":"TkbBoardPage"}],"linkType":"INTERNAL","id":"migrated-link-6","params":{"categoryId":"Articles"},"routeName":"CategoryPage"},{"children":[{"linkType":"INTERNAL","id":"migrated-link-10","params":{"categoryId":"CommunityGroups"},"routeName":"CategoryPage"},{"linkType":"INTERNAL","id":"migrated-link-11","params":{"categoryId":"F5-Groups"},"routeName":"CategoryPage"}],"linkType":"INTERNAL","id":"migrated-link-9","params":{"categoryId":"GroupsCategory"},"routeName":"CategoryPage"},{"children":[],"linkType":"INTERNAL","id":"migrated-link-12","params":{"boardId":"Events","categoryId":"top"},"routeName":"EventBoardPage"},{"children":[],"linkType":"INTERNAL","id":"migrated-link-13","params":{"boardId":"Suggestions","categoryId":"top"},"routeName":"IdeaBoardPage"},{"children":[],"linkType":"EXTERNAL","id":"Common-external-link","url":"https://community.f5.com/c/how-do-i","target":"SELF"}]},"className":"QuiltComponent_lia-component-edit-mode__lQ9Z6","showSearchIcon":false},"__typename":"QuiltComponent"},{"id":"community.widget.bannerWidget","props":{"backgroundColor":"transparent","visualEffects":{"showBottomBorder":false},"backgroundImageProps":{"backgroundSize":"COVER","backgroundPosition":"CENTER_CENTER","backgroundRepeat":"NO_REPEAT"},"fontColor":"#222222"},"__typename":"QuiltComponent"},{"id":"community.widget.breadcrumbWidget","props":{"backgroundColor":"var(--lia-bs-primary)","linkHighlightColor":"#FFFFFF","visualEffects":{"showBottomBorder":false},"backgroundOpacity":60,"linkTextColor":"#FFFFFF"},"__typename":"QuiltComponent"}],"__typename":"QuiltWrapperSection"},"footer":{"backgroundImageProps":{"assetName":null,"backgroundSize":"COVER","backgroundRepeat":"NO_REPEAT","backgroundPosition":"CENTER_CENTER","lastModified":null,"__typename":"BackgroundImageProps"},"backgroundColor":"var(--lia-bs-body-color)","items":[{"id":"custom.widget.Beta_Footer","props":{"widgetVisibility":"signedInOrAnonymous","useTitle":true,"useBackground":false,"title":"","lazyLoad":false},"__typename":"QuiltComponent"},{"id":"custom.widget.Tag_Manager_Helper","props":{"widgetVisibility":"signedInOrAnonymous","useTitle":true,"useBackground":false,"title":"","lazyLoad":false},"__typename":"QuiltComponent"},{"id":"custom.widget.Consent_Blackbar","props":{"widgetVisibility":"signedInOrAnonymous","useTitle":true,"useBackground":false,"title":"","lazyLoad":false},"__typename":"QuiltComponent"}],"__typename":"QuiltWrapperSection"},"__typename":"QuiltWrapper","localOverride":false},"localOverride":false},"CachedAsset:text:en_US-components/common/ActionFeedback-1745262169148":{"__typename":"CachedAsset","id":"text:en_US-components/common/ActionFeedback-1745262169148","value":{"joinedGroupHub.title":"Welcome","joinedGroupHub.message":"You are now a member of this group and are subscribed to updates.","groupHubInviteNotFound.title":"Invitation Not Found","groupHubInviteNotFound.message":"Sorry, we could not find your invitation to the group. The owner may have canceled the invite.","groupHubNotFound.title":"Group Not Found","groupHubNotFound.message":"The grouphub you tried to join does not exist. It may have been deleted.","existingGroupHubMember.title":"Already Joined","existingGroupHubMember.message":"You are already a member of this group.","accountLocked.title":"Account Locked","accountLocked.message":"Your account has been locked due to multiple failed attempts. Try again in {lockoutTime} minutes.","editedGroupHub.title":"Changes Saved","editedGroupHub.message":"Your group has been updated.","leftGroupHub.title":"Goodbye","leftGroupHub.message":"You are no longer a member of this group and will not receive future updates.","deletedGroupHub.title":"Deleted","deletedGroupHub.message":"The group has been deleted.","groupHubCreated.title":"Group Created","groupHubCreated.message":"{groupHubName} is ready to use","accountClosed.title":"Account Closed","accountClosed.message":"The account has been closed and you will now be redirected to the homepage","resetTokenExpired.title":"Reset Password Link has Expired","resetTokenExpired.message":"Try resetting your password again","invalidUrl.title":"Invalid URL","invalidUrl.message":"The URL you're using is not recognized. Verify your URL and try again.","accountClosedForUser.title":"Account Closed","accountClosedForUser.message":"{userName}'s account is closed","inviteTokenInvalid.title":"Invitation Invalid","inviteTokenInvalid.message":"Your invitation to the community has been canceled or expired.","inviteTokenError.title":"Invitation Verification Failed","inviteTokenError.message":"The url you are utilizing is not recognized. Verify your URL and try again","pageNotFound.title":"Access Denied","pageNotFound.message":"You do not have access to this area of the community or it doesn't exist","eventAttending.title":"Responded as Attending","eventAttending.message":"You'll be notified when there's new activity and reminded as the event approaches","eventInterested.title":"Responded as Interested","eventInterested.message":"You'll be notified when there's new activity and reminded as the event approaches","eventNotFound.title":"Event Not Found","eventNotFound.message":"The event you tried to respond to does not exist.","redirectToRelatedPage.title":"Showing Related Content","redirectToRelatedPageForBaseUsers.title":"Showing Related Content","redirectToRelatedPageForBaseUsers.message":"The content you are trying to access is archived","redirectToRelatedPage.message":"The content you are trying to access is archived","relatedUrl.archivalLink.flyoutMessage":"The content you are trying to access is archived View Archived Content"},"localOverride":false},"CachedAsset:component:custom.widget.Beta_MetaNav-en-us-1745262174649":{"__typename":"CachedAsset","id":"component:custom.widget.Beta_MetaNav-en-us-1745262174649","value":{"component":{"id":"custom.widget.Beta_MetaNav","template":{"id":"Beta_MetaNav","markupLanguage":"HANDLEBARS","style":null,"texts":{},"defaults":{"config":{"applicablePages":[],"description":"MetaNav menu at the top of every page.","fetchedContent":null,"__typename":"ComponentConfiguration"},"props":[],"__typename":"ComponentProperties"},"components":[{"id":"custom.widget.Beta_MetaNav","form":null,"config":null,"props":[],"__typename":"Component"}],"grouping":"CUSTOM","__typename":"ComponentTemplate"},"properties":{"config":{"applicablePages":[],"description":"MetaNav menu at the top of every page.","fetchedContent":null,"__typename":"ComponentConfiguration"},"props":[],"__typename":"ComponentProperties"},"form":null,"__typename":"Component","localOverride":false},"globalCss":null,"form":null},"localOverride":false},"CachedAsset:component:custom.widget.Beta_Footer-en-us-1745262174649":{"__typename":"CachedAsset","id":"component:custom.widget.Beta_Footer-en-us-1745262174649","value":{"component":{"id":"custom.widget.Beta_Footer","template":{"id":"Beta_Footer","markupLanguage":"HANDLEBARS","style":null,"texts":{},"defaults":{"config":{"applicablePages":[],"description":"DevCentral´s custom footer.","fetchedContent":null,"__typename":"ComponentConfiguration"},"props":[],"__typename":"ComponentProperties"},"components":[{"id":"custom.widget.Beta_Footer","form":null,"config":null,"props":[],"__typename":"Component"}],"grouping":"CUSTOM","__typename":"ComponentTemplate"},"properties":{"config":{"applicablePages":[],"description":"DevCentral´s custom footer.","fetchedContent":null,"__typename":"ComponentConfiguration"},"props":[],"__typename":"ComponentProperties"},"form":null,"__typename":"Component","localOverride":false},"globalCss":null,"form":null},"localOverride":false},"CachedAsset:component:custom.widget.Tag_Manager_Helper-en-us-1745262174649":{"__typename":"CachedAsset","id":"component:custom.widget.Tag_Manager_Helper-en-us-1745262174649","value":{"component":{"id":"custom.widget.Tag_Manager_Helper","template":{"id":"Tag_Manager_Helper","markupLanguage":"HANDLEBARS","style":null,"texts":{},"defaults":{"config":{"applicablePages":[],"description":"Helper widget to inject Tag Manager scripts into head element","fetchedContent":null,"__typename":"ComponentConfiguration"},"props":[],"__typename":"ComponentProperties"},"components":[{"id":"custom.widget.Tag_Manager_Helper","form":null,"config":null,"props":[],"__typename":"Component"}],"grouping":"CUSTOM","__typename":"ComponentTemplate"},"properties":{"config":{"applicablePages":[],"description":"Helper widget to inject Tag Manager scripts into head element","fetchedContent":null,"__typename":"ComponentConfiguration"},"props":[],"__typename":"ComponentProperties"},"form":null,"__typename":"Component","localOverride":false},"globalCss":null,"form":null},"localOverride":false},"CachedAsset:component:custom.widget.Consent_Blackbar-en-us-1745262174649":{"__typename":"CachedAsset","id":"component:custom.widget.Consent_Blackbar-en-us-1745262174649","value":{"component":{"id":"custom.widget.Consent_Blackbar","template":{"id":"Consent_Blackbar","markupLanguage":"HTML","style":null,"texts":{},"defaults":{"config":{"applicablePages":[],"description":"","fetchedContent":null,"__typename":"ComponentConfiguration"},"props":[],"__typename":"ComponentProperties"},"components":[{"id":"custom.widget.Consent_Blackbar","form":null,"config":null,"props":[],"__typename":"Component"}],"grouping":"TEXTHTML","__typename":"ComponentTemplate"},"properties":{"config":{"applicablePages":[],"description":"","fetchedContent":null,"__typename":"ComponentConfiguration"},"props":[],"__typename":"ComponentProperties"},"form":null,"__typename":"Component","localOverride":false},"globalCss":null,"form":null},"localOverride":false},"CachedAsset:text:en_US-components/community/Breadcrumb-1745262169148":{"__typename":"CachedAsset","id":"text:en_US-components/community/Breadcrumb-1745262169148","value":{"navLabel":"Breadcrumbs","dropdown":"Additional parent page navigation"},"localOverride":false},"CachedAsset:text:en_US-components/tags/TagsHeaderWidget-1745262169148":{"__typename":"CachedAsset","id":"text:en_US-components/tags/TagsHeaderWidget-1745262169148","value":{"tag":"{tagName}","topicsCount":"{count} {count, plural, one {Topic} other {Topics}}"},"localOverride":false},"CachedAsset:text:en_US-components/messages/MessageListForNodeByRecentActivityWidget-1745262169148":{"__typename":"CachedAsset","id":"text:en_US-components/messages/MessageListForNodeByRecentActivityWidget-1745262169148","value":{"title@userScope:other":"Recent Content","title@userScope:self":"Contributions","title@board:FORUM@userScope:other":"Recent Discussions","title@board:BLOG@userScope:other":"Recent Blogs","emptyDescription":"No content to show","MessageListForNodeByRecentActivityWidgetEditor.nodeScope.label":"Scope","title@instance:1706288370055":"Content Feed","title@instance:1743095186784":"Most Recent Updates","title@instance:1704317906837":"Content Feed","title@instance:1743095018194":"Most Recent Updates","title@instance:1702668293472":"Community Feed","title@instance:1743095117047":"Most Recent Updates","title@instance:1704319314827":"Blog Feed","title@instance:1743095235555":"Most Recent Updates","title@instance:1704320290851":"My Contributions","title@instance:1703720491809":"Forum Feed","title@instance:1743095311723":"Most Recent Updates","title@instance:1703028709746":"Group Content Feed","title@instance:VTsglH":"Content Feed"},"localOverride":false},"Category:category:Forums":{"__typename":"Category","id":"category:Forums","categoryPolicies":{"__typename":"CategoryPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}},"displayId":"Forums"},"Forum:board:TechnicalForum":{"__typename":"Forum","id":"board:TechnicalForum","forumPolicies":{"__typename":"ForumPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}},"boardPolicies":{"__typename":"BoardPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}},"displayId":"TechnicalForum","nodeType":"board","conversationStyle":"FORUM","title":"Technical Forum","shortTitle":"Technical Forum","parent":{"__ref":"Category:category:Forums"}},"Forum:board:WaterCooler":{"__typename":"Forum","id":"board:WaterCooler","forumPolicies":{"__typename":"ForumPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}},"boardPolicies":{"__typename":"BoardPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Category:category:Articles":{"__typename":"Category","id":"category:Articles","categoryPolicies":{"__typename":"CategoryPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}},"displayId":"Articles"},"Tkb:board:TechnicalArticles":{"__typename":"Tkb","id":"board:TechnicalArticles","tkbPolicies":{"__typename":"TkbPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}},"boardPolicies":{"__typename":"BoardPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}},"displayId":"TechnicalArticles","nodeType":"board","conversationStyle":"TKB","title":"Technical Articles","shortTitle":"Technical Articles","parent":{"__ref":"Category:category:Articles"}},"Tkb:board:DevCentralNews":{"__typename":"Tkb","id":"board:DevCentralNews","tkbPolicies":{"__typename":"TkbPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}},"boardPolicies":{"__typename":"BoardPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Category:category:GroupsCategory":{"__typename":"Category","id":"category:GroupsCategory","categoryPolicies":{"__typename":"CategoryPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Category:category:F5-Groups":{"__typename":"Category","id":"category:F5-Groups","categoryPolicies":{"__typename":"CategoryPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Category:category:CommunityGroups":{"__typename":"Category","id":"category:CommunityGroups","categoryPolicies":{"__typename":"CategoryPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Occasion:board:Events":{"__typename":"Occasion","id":"board:Events","boardPolicies":{"__typename":"BoardPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}},"occasionPolicies":{"__typename":"OccasionPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Idea:board:Suggestions":{"__typename":"Idea","id":"board:Suggestions","boardPolicies":{"__typename":"BoardPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}},"ideaPolicies":{"__typename":"IdeaPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Category:category:CrowdSRC":{"__typename":"Category","id":"category:CrowdSRC","categoryPolicies":{"__typename":"CategoryPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}},"displayId":"CrowdSRC"},"Tkb:board:codeshare":{"__typename":"Tkb","id":"board:codeshare","tkbPolicies":{"__typename":"TkbPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}},"boardPolicies":{"__typename":"BoardPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}},"displayId":"codeshare","nodeType":"board","conversationStyle":"TKB","title":"CodeShare","shortTitle":"CodeShare","parent":{"__ref":"Category:category:CrowdSRC"}},"Tkb:board:communityarticles":{"__typename":"Tkb","id":"board:communityarticles","tkbPolicies":{"__typename":"TkbPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}},"boardPolicies":{"__typename":"BoardPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Tkb:board:security-insights":{"__typename":"Tkb","id":"board:security-insights","tkbPolicies":{"__typename":"TkbPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}},"boardPolicies":{"__typename":"BoardPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Tkb:board:article-series":{"__typename":"Tkb","id":"board:article-series","tkbPolicies":{"__typename":"TkbPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}},"boardPolicies":{"__typename":"BoardPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Conversation:conversation:339473":{"__typename":"Conversation","id":"conversation:339473","topic":{"__typename":"TkbTopicMessage","uid":339473},"lastPostingActivityTime":"2025-02-05T16:44:02.171-08:00","solved":false},"User:user:216804":{"__typename":"User","uid":216804,"login":"Carl_Brothers","registrationData":{"__typename":"RegistrationData","status":null},"deleted":false,"avatar":{"__typename":"UserAvatar","url":"https://community.f5.com/t5/s/zihoc95639/images/dS0yMTY4MDQtRDliNTJh?image-coordinates=0%2C89%2C2400%2C2490"},"id":"user:216804"},"TkbTopicMessage:message:339473":{"__typename":"TkbTopicMessage","subject":"Using bash and tmsh to make bulk updates","conversation":{"__ref":"Conversation:conversation:339473"},"id":"message:339473","revisionNum":12,"uid":339473,"depth":0,"board":{"__ref":"Tkb:board:TechnicalArticles"},"author":{"__ref":"User:user:216804"},"teaser@stripHtml({\"removeProcessingText\":true,\"truncateLength\":-1})":" Learn how to use bash and tmsh to find any setting across your BIG-IP configuration and make changes quickly. ","introduction":"Lessons learned while writing K000149084","metrics":{"__typename":"MessageMetrics","views":521},"postTime":"2025-02-05T16:44:02.171-08:00","lastPublishTime":"2025-02-05T16:44:02.171-08:00","body@stripHtml({\"removeProcessingText\":true,\"removeSpoilerMarkup\":true,\"removeTocMarkup\":true,\"truncateLength\":-1})":" How this began \n Customers who may have had AAM/WAM enabled in their BIG-IP systems may be unaware of removal of that entire module and code branch that was done in versions 16 and above. Any BIG-IP systems that had these objects configured, would face problems when upgrading their devices, unless they cleaned the configuration up. \n Since there are many different types of objects (TCP Profiles, Web acceleration Profiles, Acceleration Manager applications, etc), and since iApps were likely the primary deployment method to use AAM/WAM features, I wanted to find a fast way to document and make the changes needed for anyone impacted. \n \n Prerequisites \n \n Access to your BIG-IP system via your preferred SSH client. \n Admin credentials for the BIG-IP system. \n Access to the Advanced Shell, aka BASH. \n \n \n Finding specific profiles and settings via the GUI would be rather time consuming, and there is no good way to catalog and inventory what needs to be changed via the GUI. While we can list some items via tmsh, there are better filtering and output formatting tools within bash, plus we can more easily traverse all partitions on the system. I will explain as much about the commands as I know or have discovered in this process. If you consider yourself a bit more advanced, then just skip to the code blocks and enjoy. \n Before taking any of this to a BIG-IP, ensure that you have backed up the configuration and pulled that UCS file off the device. ALWAYS experiment on a test/non production environment before running any of these commands that have modify or delete statements in them. \n \n \n Scanning All Partitions \n When you launch into tmsh, by default, users with admin permissions will enter into the Common partition. To scan all partitions, you have to get to the root in tmsh. Like most shells, cd / will put you in the root directory. From there, we can use the list command with the recursive option to return objects of interest from all partitions and subfolders (iApps and FAST create subfolders within a partition). Filtering for values of interest and then acting on them is a critical step to ensure we have a proper list for editing later. \n A challenge to solve is that we need to send two commands into tmsh to get all of the objects across all partitions. Fortunately, tmsh has an option that allows us to send multiple commands via the -c option. The multiple commands need to be inside quotes and separated by a semi-colon. \n \n List all Virtual Servers on a device \n #this will return a list of all virtual server names \ntmsh -c 'cd /; list ltm virtual recursive one-line' | awk '{print $3}' \n Without the awk command, the entire virtual server config will be returned. In this example, awk is returning the third string/column it sees surrounded by spaces. Because we have every virtual server config, we can search for specific elements of interest using grep to either include or exclude based on what we seek. \n \n List all Virtual Servers on a device using the tcp profile \n Before you build a fancy grep string, only to figure out the value is not returned by the command because it is an implicit default value, add the all-properties option before the one-line option. In this example, we will list all virtual servers where the default tcp profile is being used for client-side (downstream in NGINX) and server side (upstream in NGINX). \n #Find Virtual Servers using the default tcp profile on client side and server side \ntmsh -c 'cd /; list ltm virtual recursive all-properties one-line' | grep -E \"Common/tcp { context all }\" |awk '{print \"/\" $3}' \n With this command, you have the names of all virtual servers that have this setting and can use that for your change management documentation. There is a slight change in the output of this command, where we have awk add a slash to the object name. When referencing an object in a tmsh command, it can either be just the name of the object if you are in the partition OR you give the full partition name to the command. In some cases where tmsh does not see the partition syntax, it will explicitly insert /Common onto the virtual server name and will fail. \n Now you may notice some virtual server names are much longer and you may see a. app somewhere in the name. That means you have virtual servers that were deployed using iApps. For making batch updates, as we will here, iApps by default, will block attempts to make changes. \n \n List iApps with Strict Updates enabled (default value) \n #show deployed iApps that have strict-updates enabled \n#Because this is a default setting, we have to look at all-properties. \ntmsh -c 'cd /; list sys application service recursive one-line all-properties' | grep -E \"strict-updates enabled\" | awk '{ print \"/\" $4 }' \n While we tend to shorthand the objects as iApps, the config calls them an application service and they are stored in the system module versus the ltm module. \n \n List iApps with Strict Updates disabled \n If you want to find the iApp names where Strict Updates are disabled, you can change the grep string to find \"strict-updates disabled\" or you can add a -v to the previous grep command. \n #show deployed iApps that have strict-updates disabled method 1 \n#While we do not need the all-properties option, we will keep it for consistency. \ntmsh -c 'cd /; list sys application service recursive one-line all-properties' | grep -E \"strict-updates disabled\" | awk '{ print \"/\" $4 }' \n#show deployed iApps that have strict-updates disabled method 2 \n#While we do not need the all-properties option, we will keep it for consistency. \ntmsh -c 'cd /; list sys application service recursive one-line all-properties' | grep -v \"strict-updates enabled\" | awk '{ print \"/\" $4 }' \n \n List iApps with Strict Updates enabled for Virtual Servers with default tcp profile in client and server contexts \n Before we make changes to the iApps, we usually want to be very selective in what we select for changes. Due to the location of the two values, the tcp profile in the virtual server, and the strict updates iApp setting, we will use a bash variable to build the search string argument. Because we are only looking for virtual servers built by an iApp, we have to exclude virtual servers that do not have an app-service defined. This is accomplished with the -v option for grep. Next, we have to format the output for a grep friendly OR expression. In this case, we replace the new line character with a pipe character using tr and then we use sed to remove the last pipe character that tr put into the string. \n Note that if the command that feeds inScopeiApp returns nothing, then the final tmsh command will have a grep error when it tries to parse a null (empty) string. \n #List the iApps that are in scope and will interfere with the commands \n#due to app-service none being an implicit default, we must use the all-properties directive to list it in the output. \n#due to strict-updates being enabled by default, we must use the all-properties directive to list it in the output. \ninScopeiApp=$(tmsh -c 'cd /; list ltm virtual recursive one-line all-properties' | grep -E \"Common/tcp { context all }\" | grep -v \"app-service none\" | awk '{print $10 }' | tr '\\n' '|' | sed '$s/.$/\\n/') \ntmsh -c 'cd /; list sys application service recursive one-line all-properties' | grep -E \"strict-updates enabled\" | awk '{ print \"/\" $4 }' | grep -E $inScopeiApp \n \n List iApps with Strict Updates enabled for Virtual Servers with AAM/WAM based profiles \n Now we are getting a bit more complex and have to go a level deeper to find the defaults-from values of profiles as well as some known profile names. First we build the PROFILES string with the known profile names, and then add in the profile names that have inherited an AAM/WAM profile. Then we get virtual server names that use those profiles to determine the list of iApps that we want to see if we need to disable strict-updates. \n #List the iApps that are in scope and will interfere with the commands \n#due to strict-updates being enabled by default, we must use the all-properties directive to list it in the output. \nPROFILES=\"wam-tcp-lan-optimized|wam-tcp-wan-optimized|wom-tcp-lan-optimized|wom-tcp-wan-optimized|\"$(tmsh -c 'cd /; list ltm profile recursive one-line' | grep -E \"defaults-from.*(wam|wom|webacceleration)\" | awk '{print $4}' | tr '\\n' '|' | sed '$s/.$/\\n/') \ninScopeiApp=$(tmsh -c 'cd /; list ltm virtual recursive one-line all-properties' | grep -E \"(profiles.*($PROFILES))\" | grep -v \"app-service none\" | awk '{print $10 }' | tr '\\n' '|' | sed '$s/.$/\\n/') \ntmsh -c 'cd /; list sys application service recursive one-line all-properties' | grep -E \"strict-updates enabled\" | awk '{ print \"/\" $4 }' | grep -E $inScopeiApp \n \n Using the lists to make changes \n Everything we have done so far is to find objects of interest to document them for future changes/deletions, etc. Now we will take these lists as input for modifying statements. The tool I chose was xargs because it can write and execute commands based on the inputs you give it. \n \n Changing the Strict Updates setting in iApps to allow out of band modifications \n It is important to note that while you may loosen this setting to make this change and then set it again, these steps are out of band modifications to the iApp, and as a result, you may never use the Reconfigure GUI nor update the iApp template. Of note, iApps are now deprecated in favor of FAST for AS3. You can read more on that here—https://my.f5.com/manage/s/article/K13422 This example is lifted from K000149084, to find all iApps that use profiles associated with AAM/WAM and disable strict updates. I chose to add the -T option to xargs, so that it would output the commands it was running. This way if there is an error or you need to record what was done, you will have a record of it. \n #Modify the iApps that are in scope and will interfere with the commands \n#due to strict-updates being enabled by default, we must use the all-properties directive to list it in the output. \n#***IMPORTANT NOTE - This script aims to specifically target ONLY the iApps needed for the steps below to succeed. \n#Once Strict updates are disabled and changes made to the objects, you can no longer update the template or use the Reconfigure screen in the GUI. \nPROFILES=\"wam-tcp-lan-optimized|wam-tcp-wan-optimized|wom-tcp-lan-optimized|wom-tcp-wan-optimized|\"$(tmsh -c 'cd /; list ltm profile recursive one-line' | grep -E \"defaults-from.*(wam|wom|webacceleration)\" | awk '{print $4}' | tr '\\n' '|' | sed '$s/.$/\\n/') \ninScopeiApp=$(tmsh -c 'cd /; list ltm virtual recursive one-line all-properties' | grep -E \"(profiles.*($PROFILES))\" | grep -v \"app-service none\" | awk '{print $10 }' | tr '\\n' '|' | sed '$s/.$/\\n/') \ntmsh -c 'cd /; list sys application service recursive one-line all-properties' | grep -E \"strict-updates enabled\" | awk '{ print \"/\" $4 }' | grep -E $inScopeiApp | xargs -t -I iAppname tmsh modify sys application service iAppname strict-updates disabled \n \n Changing Parent Profiles for TCP profiles that have AAM/WAM based profiles \n In the last list segment, you were introduced to the code where we scan for known tcp profiles and then a list of profiles that inherited their settings from an AAM/WAM profile. Now we will just look for tcp profiles that inherited their settings from an AAM/WAM profile and change them to use Optimized TCP profiles. Because this is a new iteration, I will show the list of commands separately, for the change management side of things to identify the profiles and the virtual servers that would be impacted. \n #Find TCP profiles with wam/wom based profiles \ntmsh -c 'cd /; list ltm profile tcp recursive one-line' | grep -E \"defaults-from.Common.w(a|o)m-tcp-*\" | awk '{ print \"/\" $4 }' \n#List the virtuals with any profiles that are related to WAM/WOM/AAM \nPROFILES=\"wam-tcp-lan-optimized|wam-tcp-wan-optimized|wom-tcp-lan-optimized|wom-tcp-wan-optimized|\"$(tmsh -c 'cd /; list ltm profile recursive one-line' | grep -E \"defaults-from.*(wam|wom|webacceleration)\" | awk '{print $4}' | tr '\\n' '|' | sed '$s/.$/\\n/') \ntmsh -c 'cd /; list ltm virtual recursive one-line' | grep -E \"(profiles.*($PROFILES))\" | awk '{print \"/\" $3}' \n Due to the requirements of wan side and lan side, the commands are very specific to each context. When updating a virtual server, you have to first add the new profiles and then delete the unwanted ones. When you attempt to delete the profiles first, the system will give you an error as it is a mandatory field. \n *** Note these commands will fail on objects that are a part of an iApp that has strict enabled \n #************************************************************************************************************** \n#These commands will change your configuration, so only use when ready #Find TCP profiles with wam/wom based profiles for lan and replace the defaults-from \ntmsh -c 'cd /; list ltm profile tcp recursive one-line' | grep -E \"defaults-from.Common.w(a|o)m-tcp-lan*\" | awk '{ print \"/\" $4 }' | xargs -t -I tcp_profile tmsh modify ltm profile tcp tcp_profile defaults-from f5-tcp-lan \n\n#Find TCP profiles with wam/wom based profiles for wan and replace the defaults-from \ntmsh -c 'cd /; list ltm profile tcp recursive one-line' | grep -E \"defaults-from.Common.w(a|o)m-tcp-wan*\" | awk '{ print \"/\" $4 }' | xargs -t -I tcp_profile tmsh modify ltm profile tcp tcp_profile defaults-from f5-tcp-wan \n\n#Execute commands for TCP profile updates to the Virtual Servers in all partitons. have to do this in a server side and client side pass to avoid errors \ntmsh -c 'cd /; list ltm virtual recursive one-line' | grep -E \"(profiles.*(w(a|o)m-tcp-lan*))\" | awk '{print \"/\" $3}' | xargs -t -I vsName tmsh modify ltm virtual vsName profiles add { f5-tcp-lan { context serverside } } profiles delete { wam-tcp-lan-optimized } \ntmsh -c 'cd /; list ltm virtual recursive one-line' | grep -E \"(profiles.*(w(a|o)m-tcp-wan*))\" | awk '{print \"/\" $3}' | xargs -t -I vsName tmsh modify ltm virtual vsName profiles add { f5-tcp-wan { context clientside } } profiles delete { wam-tcp-wan-optimized } \n \n Changing the default TCP profile on Virtual Servers to use Optimized TCP Profiles \n In case you did read Martin Duke's posts about using the base tcp profile Stop Using the Base TCP Profile! or you saw F5 Unveils New Built-In TCP Profiles or you noticed what was used in the new FAST HTTP Template, and want to go all in, well here is the command to change any virtual server that you found in the second example, to use the Optimized TCP Profiles. Unlike our previous tcp profile modification, we can do this in one pass because the Serverside inherited the setting from the Clientside. \n #Execute commands for TCP profile updates to the Virtual Servers in all partitons. \n#We have to add the profiles before we can delete the one we want to remove.do this in a server side and client side pass to avoid errors \ntmsh -c 'cd /; list ltm virtual recursive one-line all-properties' | grep -E \"Common/tcp { context all }\" | awk '{print \"/\" $3}' | xargs -t -I vsName tmsh modify ltm virtual vsName profiles add { f5-tcp-lan { context serverside } } profiles add { f5-tcp-wan { context clientside } } profiles delete { tcp } \n \n Conclusion \n With these commands, you have gained an understanding of how to look for certain settings and then make the changes you would like. ","body@stripHtml({\"removeProcessingText\":true,\"removeSpoilerMarkup\":true,\"removeTocMarkup\":true,\"truncateLength\":-1})@stringLength":"15585","kudosSumWeight":1,"repliesCount":0,"readOnly":false,"images":{"__typename":"AssociatedImageConnection","edges":[],"totalCount":0,"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}},"videos":{"__typename":"VideoConnection","edges":[],"totalCount":0,"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}}},"Conversation:conversation:339397":{"__typename":"Conversation","id":"conversation:339397","topic":{"__typename":"TkbTopicMessage","uid":339397},"lastPostingActivityTime":"2025-02-05T10:56:57.505-08:00","solved":false},"User:user:275883":{"__typename":"User","uid":275883,"login":"Tony_Marfil","registrationData":{"__typename":"RegistrationData","status":null},"deleted":false,"avatar":{"__typename":"UserAvatar","url":"https://community.f5.com/t5/s/zihoc95639/images/dS0yNzU4ODMtQ2o3aUZ6?image-coordinates=0%2C0%2C3022%2C3022"},"id":"user:275883"},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMzkzOTctT0t4a2hK?revision=8\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMzkzOTctT0t4a2hK?revision=8","title":"Terminal Demo.jpg","associationType":"TEASER","width":692,"height":610,"altText":""},"TkbTopicMessage:message:339397":{"__typename":"TkbTopicMessage","subject":"Five Ways to Automate F5OS with Ansible: A Practical Guide","conversation":{"__ref":"Conversation:conversation:339397"},"id":"message:339397","revisionNum":8,"uid":339397,"depth":0,"board":{"__ref":"Tkb:board:TechnicalArticles"},"author":{"__ref":"User:user:275883"},"teaser@stripHtml({\"removeProcessingText\":true,\"truncateLength\":-1})":" \n ","introduction":"","metrics":{"__typename":"MessageMetrics","views":683},"postTime":"2025-02-04T05:00:00.038-08:00","lastPublishTime":"2025-02-05T10:56:57.505-08:00","body@stripHtml({\"removeProcessingText\":true,\"removeSpoilerMarkup\":true,\"removeTocMarkup\":true,\"truncateLength\":-1})":" This article explores five methods for automating F5OS using Ansible, complete with real-world examples you can adapt to your own environment. The five methods, with working code examples, include F5OS collection modules, REST API calls, Linux shell access, F5OS CLI commands, and Bash scripts. \n Understanding F5OS Architecture \n Our example system is an F5OS appliance named r5900-2 . \n When you connect to an F5OS device terminal as the root user, you enter a Linux Bash shell: \n [root@appliance-1(r5900-2):Active] ~ # uname -r\n3.10.0-1160.71.1.F5.1.1.1.el7_8.x86_64\n[root@appliance-1(r5900-2):Active] ~ # cat /etc/centos-release \nCentOS Linux release 7.8.2003 (Core)\n[root@appliance-1(r5900-2):Active] ~ #\n \n Root access is rarely needed to manage an F5OS appliance. Most tasks can be accomplished via the F5OS CLI. \n If you 'substitute user' to the 'admin' user (via the su command) or SSH directly as admin@r5900-2, you enter the F5OS CLI. Here you configure low-level network components such as Link Aggregation Groups and VLANs, monitor the F5OS platform, and manage BIG-IP tenants. \n [root@appliance-1(r5900-2):Active] ~ # su admin\nWelcome to the Management CLI\nadmin connected from 172.18.7.92 using ssh on r5900-2 \nr5900-2# show system version\nsystem version os-version 1.8.0-16036\nsystem version service-version 1.8.0-16036 \nsystem version product F5OS-A\n \n The F5OS CLI is built on top of the F5OS API. With this same admin account, you can target the F5OS API to configure anything at the F5OS layer. A simple test with curl can confirm you are ready to automate via the F5OS API: \n $ curl -k -X GET \\\nf/data/openconfi> \"https://r5900-2:8888/restconf/data/openconfig-system:system/f5-system-version:version\" \\\nH \"Content-Type:> -H \"Content-Type: application/yang-data+json\" \\\n> -H \"Accept: application/yang-data+json\" \\\n> -u admin:'YOUR_PASSWORD'\n{\n \"f5-system-version:version\": {\n \"os-version\": \"1.8.0-16036\",\n \"service-version\": \"1.8.0-16036\",\n \"product\": \"F5OS-A\"\n }\n}\n \n When you create a BIG-IP tenant, it behaves like a traditional BIG-IP instance. The tenant has its own isolated management IP address and iControl REST API endpoint. Your existing BIG-IP Ansible playbooks will continue to work with minimal changes. \n However, automation workflows for BIG-IP are not compatible with F5OS. Let's explore how we can automate just about anything on F5OS using Ansible. \n \n Method 1: F5OS Ansible Collection Modules \n # Method 1: Using F5OS collection module\n- name: Get F5OS system information using F5OS Ansible module\n f5os_device_info:\n gather_subset:\n - system-info\n register: f5os_facts\n \n Mechanics: This method uses the official F5OS Ansible collection to communicate with the F5OS REST API over HTTPS. The modules handle authentication, request formatting, and response parsing. \n Pros: \n \n Purpose-built for F5OS operations \n Input validation and error handling \n Consistent interface across F5OS versions \n Simplified syntax for complex operations \n \n Cons: \n \n Limited to functionality provided by existing modules \n May need to wait for new modules as F5OS features evolve \n \n \n Method 2: Direct REST API Calls \n # Method 2: Using generic Ansible uri module for REST API\n- name: Get F5OS version information using REST API direct call\n uri:\n url: \"{{ api_base_url }}/data/openconfig-system:system/f5-system-version:version\"\n method: GET\n force_basic_auth: true \n user: \"{{ ansible_user }}\"\n password: \"{{ ansible_httpapi_password }}\"\n headers:\n Content-Type: \"application/yang-data+json\"\n Accept: \"application/yang-data+json\" \n validate_certs: \"{{ ansible_httpapi_validate_certs }}\"\n status_code: 200\n return_content: true\n register: f5os_version\n \n Mechanics: This approach uses Ansible's uri module to make direct REST API calls to F5OS. It provides maximum flexibility but requires detailed knowledge of the F5OS API. \n Pros: \n \n Access to all F5OS API endpoints \n No dependency on F5OS collection modules \n Useful for testing new F5OS features \n \n Cons: \n \n Requires understanding of F5OS API structure \n More verbose configuration \n Need to handle response parsing manually \n \n \n Method 3: Linux System Access \n # Method 3: Using generic Ansible SSH for Linux system access \n- name: Gather Linux system information via SSH\n setup:\n gather_subset:\n - hardware \n delegate_to: r5900-2-linux\n vars:\n ansible_user: root\n ansible_connection: ssh\n register: linux_facts\n \n Mechanics: This method establishes an SSH connection to access the underlying Linux operating system for system-level operations and diagnostics. \n Pros: \n \n Direct access to system resources \n Useful for troubleshooting \n Leverage existing Linux automation skills \n \n Cons: \n \n Requires root access \n Risk of affecting system stability \n \n \n Method 4: F5OS CLI via SSH \n # Method 4: Using generic Ansible shell module for F5OS CLI\n- name: Get F5OS version information via CLI \n shell: |\n sshpass -p \"{{ f5os_cli_password }}\" ssh -t -o StrictHostKeyChecking=no admin@{{ hostvars['r5900-2-cli']['ansible_host'] }} << 'EOF'\n show sys version\n EOF\n delegate_to: localhost\n register: cli_version\n \n Mechanics: This method uses SSH to connect directly to the F5OS CLI, similar to how you interact with the device manually. \n Pros: \n \n Familiar CLI interface \n Suitable for operational commands \n Easy to test and debug \n \n Cons: \n \n Output parsing can be complex \n Less idempotent than API methods \n Requires sshpass installation \n \n \n Method 5: Bash Scripts with f5sh \n # Method 5: Using Ansible copy and shell modules to run f5sh commands from Bash scripts\n- name: Transfer f5sh_example.sh script to F5OS device\n copy:\n content: |\n #!/bin/bash\n f5sh show sys version\n dest: \"/root/f5sh_example.sh\"\n mode: '0755'\n delegate_to: r5900-2-linux\n vars:\n ansible_user: root\n ansible_connection: ssh\n register: script_transfer\n\n- name: Execute f5sh_example.sh script on F5OS device\n shell: \"/root/f5sh_example.sh\"\n delegate_to: r5900-2-linux\n vars:\n ansible_user: root\n ansible_connection: ssh\n register: script_output \n \n Mechanics: This method combines Linux shell access with the f5sh command prefix introduced in F5OS 1.8.0, allowing F5OS CLI commands to be run from Bash scripts. \n Pros: \n \n Combine shell scripting with F5OS commands \n \n Cons: \n \n Requires root access \n \n \n Inventory and Connection Methods \n Each connection method requires specific inventory settings defined in 'hosts.yml': \n API Connections \n # hosts.yml \nf5os:\n hosts:\n r5900-2-api:\n ansible_host: r5900-2\n \n Used with httpapi connection in the playbook: \n # playbook.yml\n- name: F5OS Management Tasks\n connection: httpapi\n hosts: r5900-2-api\n vars:\n ansible_user: \"admin\" \n ansible_httpapi_password: \"{{ f5os_api_password }}\"\n ansible_network_os: \"f5networks.f5os.f5os\"\n ansible_httpapi_use_ssl: true\n ansible_httpapi_port: 8888\n \n You may send API calls to either port 8888 or port 443. The URI path will change slightly depending on which TCP port you choose to use: \n \n For port 443: Initial path will be /api \n For port 8888: Initial path will be /restconf \n \n F5OS also listens on port 80 and will redirect to TCP port 443. You can then configure distinct network access control policies for traffic to: \n \n Management interface user interface (443) \n Management interface REST API endpoint (8888) \n \n CLI Access \n # hosts.yml\nf5os_cli: \n hosts:\n r5900-2-cli:\n ansible_host: r5900-2\n ansible_user: admin\n ansible_connection: ssh\n ansible_become: no \n ansible_ssh_common_args: '-o StrictHostKeyChecking=no'\n \n Enables CLI commands through SSH: \n # playbook.yml \n- name: Get F5OS version information via CLI\n shell: |\n sshpass -p \"{{ f5os_cli_password }}\" ssh -t -o StrictHostKeyChecking=no admin@{{ hostvars['r5900-2-cli']['ansible_host'] }} << 'EOF' \n show sys version\n EOF\n delegate_to: localhost\n \n Linux Shell Access \n # hosts.yml\nlinux_hosts:\n hosts: \n r5900-2-linux:\n ansible_host: r5900-2\n ansible_user: root\n ansible_connection: ssh\n ansible_become: no\n ansible_python_interpreter: /usr/bin/python3\n ansible_ssh_common_args: '-o StrictHostKeyChecking=no' \n \n Used for system information gathering and script execution: \n # playbook.yml\n- name: Gather Linux system information via SSH\n setup:\n gather_subset:\n - hardware\n delegate_to: r5900-2-linux \n vars:\n ansible_user: root\n ansible_connection: ssh\n \n Notes on hosts.yml Inventory Entries \n The inventory defines three connections to the same device: \n \n r5900-2-api : HTTPS API access \n r5900-2-cli : SSH CLI access with admin user \n r5900-2-linux : SSH root access \n \n SSH configuration: \n \n StrictHostKeyChecking=no : Skips host key verification \n ansible_become: no : No privilege escalation \n Custom Python path for Linux shell access \n \n Run playbooks with --ask-pass to prompt for the root password when accessing the Linux shell: \n ansible-playbook -i hosts.yml playbook.yml --ask-pass\n \n See the complete hosts.yml and playbook.yml examples below as templates for your own environments. The latest versions are hosted on GitHub. \n # hosts.yml - Ansible inventory configuration\n# This inventory file defines multiple ways to connect to the same F5OS device\n\nall:\n children:\n # F5OS API group - For REST API interactions via HTTPS\n # This method is used for F5OS platform configuration and monitoring via REST\n # User credentials configured as vars in playbook.yml\n f5os:\n hosts:\n r5900-2-api:\n ansible_host: r5900-2\n\n # F5OS CLI group - For F5OS CLI access via SSH\n # This method is used to run F5OS CLI commands via SSH using admin account\n # User credentials prompted for at runtime\n f5os_cli:\n hosts:\n r5900-2-cli:\n ansible_host: r5900-2\n ansible_user: admin\n ansible_connection: ssh\n ansible_become: no\n ansible_ssh_common_args: '-o StrictHostKeyChecking=no'\n\n # Linux group - For direct Linux shell access via SSH\n # This method is used to access the underlying Linux OS using root account\n # User credentials prompted for at runtime using --ask-pass\n linux_hosts:\n hosts:\n r5900-2-linux:\n ansible_host: r5900-2\n ansible_user: root\n ansible_connection: ssh\n ansible_become: no\n ansible_python_interpreter: /usr/bin/python3\n ansible_ssh_common_args: '-o StrictHostKeyChecking=no'\n # playbook.yml\n#\n# This playbook demonstrates multiple methods to interact with F5OS devices using Ansible:\n# 1. Using F5OS-specific Ansible modules from the F5 Ansible collection\n# - Connects via HTTPS to F5OS REST API\n# - Uses F5OS maintained collection modules\n# - Best for F5OS platform operations with verified modules\n#\n# 2. Using Ansible uri module to make direct REST API calls\n# - Connects via HTTPS to F5OS REST API\n# - Uses Ansible built-in uri module\n# - Best for custom REST API operations or when collection modules unavailable\n#\n# 3. Using SSH connection to access the underlying Linux OS\n# - Connects via SSH as root to Linux shell\n# - Uses Ansible built-in setup modules\n# - Best for system-level operations and diagnostics\n#\n# 4. Using SSH to connect as admin and run F5OS CLI commands\n# - Connects via SSH as admin to F5OS CLI\n# - Uses Ansible built-in shell module with sshpass\n# - Best for running operational commands and gathering CLI output\n#\n# 5. Using SSH connection to access the underlying Linux OS\n# - Connects via SSH as root to Linux shell\n# - Uses Ansible built-in SSH modules\n# - Uses Ansible built-in copy module to transfer Bash script\n# - Uses Ansible built-in shell module to execute script and display output\n# - Best for automated script-based management via f5sh commands\n#\n# Requirements:\n# - sshpass must be installed on the Ansible control node for F5OS CLI access\n# Ubuntu/Debian: sudo apt-get install sshpass\n# RHEL/CentOS: sudo yum install sshpass\n#\n# References:\n# - F5OS Collection: https://clouddocs.f5.com/products/orchestration/ansible/devel/f5os/F5OS-index.html\n# - Ansible URI Module: https://docs.ansible.com/ansible/latest/collections/ansible/builtin/uri_module.html\n# - F5OS-A/F5 rSeries - API: https://clouddocs.f5.com/api/rseries-api/rseries-api-index.html\n# - Ansible SSH Connection: https://docs.ansible.com/ansible/latest/collections/ansible/builtin/ssh_connection.html\n# - F5OS-A/F5 rSeries - CLI: https://clouddocs.f5.com/api/rseries-api/rseries-cli-index.html\n#\n# Debug Notes:\n# - Each connection method has debug lines (commented out) that can be enabled\n# - Uncomment Debug Info lines when troubleshooting connection issues\n# - Use -vvvv verbosity for additional connection debugging\n# - CLI task can be modified to show stderr/stdout with no_log: false\n---\n- name: F5OS Management Tasks\n connection: httpapi\n hosts: r5900-2-api\n gather_facts: false\n collections:\n - f5networks.f5os\n any_errors_fatal: true\n\n vars_prompt:\n - name: f5os_api_password\n prompt: \"ENTER F5OS REST API password (admin user):\"\n private: yes\n - name: f5os_cli_password\n prompt: \"ENTER F5OS CLI SSH password (admin user):\"\n private: yes\n\n vars:\n ansible_user: \"admin\"\n ansible_httpapi_password: \"{{ f5os_api_password }}\"\n ansible_network_os: \"f5networks.f5os.f5os\"\n ansible_httpapi_use_ssl: true\n ansible_httpapi_use_proxy: false\n ansible_httpapi_validate_certs: \"no\"\n ansible_httpapi_port: 8888\n ansible_command_timeout: 1800\n persistent_log_messages: true\n api_base_url: \"https://{{ ansible_host }}:{{ ansible_httpapi_port }}/restconf\"\n\n tasks:\n # Method 1: Using F5OS maintained collection module\n - name: Get F5OS system information using F5OS Ansible module\n f5os_device_info:\n gather_subset:\n - system-info\n register: f5os_facts\n\n # Method 2: Using generic Ansible uri module for REST API\n - name: Get F5OS version information using REST API direct call\n uri:\n url: \"{{ api_base_url }}/data/openconfig-system:system/f5-system-version:version\"\n method: GET\n force_basic_auth: true\n user: \"{{ ansible_user }}\"\n password: \"{{ ansible_httpapi_password }}\"\n headers:\n Content-Type: \"application/yang-data+json\"\n Accept: \"application/yang-data+json\"\n validate_certs: \"{{ ansible_httpapi_validate_certs }}\"\n status_code: 200\n return_content: true\n register: f5os_version\n\n # Method 3: Using generic Ansible SSH for Linux system access\n - name: Gather Linux system information via SSH connection\n setup:\n gather_subset:\n - hardware\n delegate_to: r5900-2-linux\n vars:\n ansible_user: root\n ansible_connection: ssh\n register: linux_facts\n\n # Method 4: Using generic Ansible shell module for F5OS CLI\n - name: Get F5OS version information via CLI\n shell: |\n sshpass -p \"{{ f5os_cli_password }}\" ssh -t -o StrictHostKeyChecking=no admin@{{ hostvars['r5900-2-cli']['ansible_host'] }} << 'EOF'\n show sys version\n EOF\n delegate_to: localhost\n register: cli_version\n changed_when: false\n # no_log: false # Uncomment to show CLI output for debugging\n # failed_when: false # Uncomment to prevent CLI failures for debugging\n\n # Method 5: Using generic Ansible SSH connection to access the underlying Linux OS\n - name: Transfer f5sh_example.sh script to F5OS device\n copy:\n content: |\n #!/bin/bash\n f5sh show sys version\n dest: \"/root/f5sh_example.sh\"\n mode: '0755'\n delegate_to: r5900-2-linux\n vars:\n ansible_user: root\n ansible_connection: ssh\n register: script_transfer\n\n - name: Execute f5sh_example.sh script on F5OS device\n shell: \"/root/f5sh_example.sh\"\n delegate_to: r5900-2-linux\n vars:\n ansible_user: root\n ansible_connection: ssh\n register: script_output\n\n # Display combined information from all five methods\n - name: Show combined information from all sources\n vars:\n system_info:\n \"F5OS Version Info (via F5 maintained F5OS Ansible module collection, communicating over HTTPS REST API, using: admin account)\":\n \"Platform Type\": \"{{ f5os_facts.system_info.platform_type }}\"\n \"Software Version\": \"{{ f5os_facts.system_info.running_software.os_version }}\"\n # \"Debug Info\": \"{{ f5os_facts | default('f5os_facts not defined') }}\"\n \"F5OS Version Info (via built-in Ansible uri module, communicating over HTTPS REST API, using: admin account)\":\n \"OS Version\": \"{{ f5os_version.json['f5-system-version:version']['os-version'] }}\"\n \"Product\": \"{{ f5os_version.json['f5-system-version:version']['product'] }}\"\n \"Service Version\": \"{{ f5os_version.json['f5-system-version:version']['service-version'] }}\"\n # \"Debug Info\": \"{{ f5os_version | default('f5os_version not defined') }}\"\n \"Linux System Info (via built-in Ansible ssh module, communicating over SSH, using: root account and bash shell)\":\n \"Distribution\": \"{{ linux_facts.ansible_facts.ansible_distribution }}\"\n \"Kernel Version\": \"{{ linux_facts.ansible_facts.ansible_kernel }}\"\n \"Python Version\": \"{{ linux_facts.ansible_facts.ansible_python_version }}\"\n \"Total Memory\": \"{{ linux_facts.ansible_facts.ansible_memtotal_mb }} MB\"\n # \"Debug Info\": \"{{ linux_facts | default('linux_facts not defined') }}\"\n \"F5OS Version Info (via built-in Ansible ssh module, communicating over SSH, using: admin account and f5_confd_cli shell)\":\n \"OS Version\": \"{{ cli_version.stdout_lines[0].split()[-1] if cli_version is defined and cli_version.rc == 0 else 'Error getting CLI version' }}\"\n \"Service Version\": \"{{ cli_version.stdout_lines[1].split()[-1] if cli_version is defined and cli_version.rc == 0 else 'Error getting CLI version' }}\"\n \"Product\": \"{{ cli_version.stdout_lines[2].split()[-1] if cli_version is defined and cli_version.rc == 0 else 'Error getting CLI version' }}\"\n # \"CLI Return Code\": \"{{ cli_version.rc | default('rc not defined') }}\"\n # \"CLI STDOUT\": \"{{ cli_version.stdout_lines | default('stdout not defined') }}\"\n # \"CLI STDERR\": \"{{ cli_version.stderr_lines | default('stderr not defined') }}\"\n # \"Debug Info\": \"{{ cli_version | default('cli_version not defined') }}\"\n \"F5OS Version Info (via built-in Ansible script copy and execution modules, using: root account, bash shell, and f5sh commands)\":\n \"OS Version\": \"{{ script_output.stdout_lines[0].split()[-1] if script_output is defined and script_output.rc == 0 else 'Error executing script' }}\"\n \"Product\": \"{{ script_output.stdout_lines[2].split()[-1] if script_output is defined and script_output.rc == 0 else 'Error executing script' }}\"\n \"Service Version\": \"{{ script_output.stdout_lines[1].split()[-1] if script_output is defined and script_output.rc == 0 else 'Error executing script' }}\"\n # \"Script Return Code\": \"{{ script_output.rc | default('rc not defined') }}\"\n # \"Script STDOUT\": \"{{ script_output.stdout_lines | default('stdout not defined') }}\"\n # \"Script STDERR\": \"{{ script_output.stderr_lines | default('stderr not defined') }}\"\n # \"Debug Info\": \"{{ script_output | default('script_output not defined') }}\"\n debug:\n var: system_info \n \n Terminal Demo \n ansible-playbook -i hosts.yml playbook.yml --ask-pass\n \n \n \n Notes on Software Version Compatibility \n If using the F5-maintained F5OS collection, you'll need a compatible version of Ansible: https://github.com/F5Networks/f5-ansible-f5os \n If using an alternate method that depends on compatibility with the Python3 version on the remote host, confirm the Python3 version on your F5OS appliance: \n [root@appliance-1(r5900-2):Active] ~ # python3 --version\nPython 3.6.8\n \n ...against the ansible-core support matrix. \n \n Responsible Authentication \n This tutorial focused on simple examples using default local accounts (root, admin) and local authentication. \n In production, authentication is more complex, requiring: \n \n SSH key-based authentication instead of passwords \n API token authentication instead of basic auth \n Role-based access control with dedicated automation accounts \n Secure credential management (e.g. Ansible Vault) \n Regular credential rotation and audit logging \n Remote authentication (LDAP, TACACS+, RADIUS) \n Upgrading from self-signed and invalid certificates to Certificate Authority signed and validated certificates \n ","body@stripHtml({\"removeProcessingText\":true,\"removeSpoilerMarkup\":true,\"removeTocMarkup\":true,\"truncateLength\":-1})@stringLength":"21046","kudosSumWeight":0,"repliesCount":0,"readOnly":false,"images":{"__typename":"AssociatedImageConnection","edges":[{"__typename":"AssociatedImageEdge","cursor":"MjUuM3wyLjF8b3wyNXxfTlZffDE","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMzkzOTctT0t4a2hK?revision=8\"}"}}],"totalCount":1,"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}},"videos":{"__typename":"VideoConnection","edges":[],"totalCount":0,"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}}},"Conversation:conversation:339378":{"__typename":"Conversation","id":"conversation:339378","topic":{"__typename":"ForumTopicMessage","uid":339378},"lastPostingActivityTime":"2025-02-05T09:51:47.121-08:00","solved":false},"ForumTopicMessage:message:339378":{"__typename":"ForumTopicMessage","subject":"Removing AAM/WAM for a successful upgrade","conversation":{"__ref":"Conversation:conversation:339378"},"id":"message:339378","revisionNum":1,"uid":339378,"depth":0,"board":{"__ref":"Forum:board:TechnicalForum"},"author":{"__ref":"User:user:216804"},"metrics":{"__typename":"MessageMetrics","views":133},"postTime":"2025-01-27T15:53:54.063-08:00","lastPublishTime":"2025-01-27T15:53:54.063-08:00","body@stripHtml({\"removeProcessingText\":true,\"removeSpoilerMarkup\":true,\"removeTocMarkup\":true,\"truncateLength\":-1})":" If you are wanting to upgrade to version 16 or 17 of BIG-IP, one thing that can cause your config not to load, is any element of AAM/WAM/WOM. As I discovered via a customer of mine, even removing all AAM/WAM items from traffic objects is not enough. While I know how to identify things in the conf files and can see them in iHealth, that doesn't help Admins in the field assess if this is an issue for them, and if it is, how to document what needs to be changed for the necessary approvals. With some help, I wrote this knowledge article to meet these needs as well as provide a way to quickly make the changes - https://my.f5.com/manage/s/article/K000149084 I am sharing this in the forum to not only advertise this, but explain some of the commands and help the community understand how they might be used for other tasks. From spending time running a few BIG-IPs myself in a prior life and working with hundreds of customers, I knew that my solution needed to address partitions and even iApps. My coworker Fernando C provided me the syntax to crawl every partition and I quickly found ways to morph that into this document. Lets take a look at the syntax that can read the lan TCP profiles in the Common partition and then see the changes needed to read all partitions. \n In order to filter the results a bit better we run these from bash so that we have access to a number of tools like grep, awk, sed, etc. \n # Return all virtual server names in Common that use a TCP Profile from wam or wom (aka AAM)\n# grep to find the profile prefixes and then piping that to AWK to grab the third word in the output of each line\ntmsh list ltm virtual one-line | grep -E \"(profiles.*(w(a|o)m-tcp-lan*))\" | awk '{print $3}'\n \n This simply returns the virtual server name without the partition name. \n Now to read all partitions, the tmsh portion of the command has to change. Specifically, we pass the -c option to tmsh to tell it to run multiple commands. When you enter tmsh, by default you are in the Common partition, so we have to back out to the root. Because we are in the root directory, we need to add the recursive option to read all subfolders which in this case are the partitions. \n #Read all partitions and filter for virtual servers that use the wam/wom TCP profiles on the lan or server side \ntmsh -c 'cd /; list ltm virtual recursive one-line' | grep -E \"(profiles.*(w(a|o)m-tcp-lan*))\" | awk '{print $3}' \n Now the output is the partition name and virtual server name, or if iApps are involved, the appservice name as well. You can take the output from the first command and pass it to xarg to use your output as a variable in a command to execute. CAUTION, the following command will attempt to make changes to your config. \n #Read all partitions and filter for virtual servers that use the wam/wom TCP profiles on the lan or server side then insert new profiles and delete the original profile\n#This will cause an error\ntmsh -c 'cd /; list ltm virtual recursive one-line' | grep -E \"(profiles.*(w(a|o)m-tcp-lan*))\" | awk '{print $3}' | xargs -t -I vsName tmsh modify ltm virtual vsName profiles add { f5-tcp-lan { context serverside } } profiles delete { wam-tcp-lan-optimized }\n \n If you run this command, it will error out, because without the proper syntax, tmsh assumes you are referencing objects in the /Common partition and as a result it will help you by implicitly adding that to the beginning of every object in your xarg command. I added the -t option to xarg to output the command that it will execute. \n To correct the syntax error, in the awk command, you add a forward slash and now tmsh will treat your command as if you have explicitly declared the partition name for every object. Caution - This will make changes to your configuration, very fast... \n #Read all partitions and filter for virtual servers that use the wam/wom TCP profiles on the lan or server side then insert new profiles and delete the original profile\n#CAUTION - This will make changes to your system. \ntmsh -c 'cd /; list ltm virtual recursive one-line' | grep -E \"(profiles.*(w(a|o)m-tcp-lan*))\" | awk '{print \"/\" $3}' | xargs -t -I vsName tmsh modify ltm virtual vsName profiles add { f5-tcp-lan { context serverside } } profiles delete { wam-tcp-lan-optimized }\n \n \n When I first hit the wall with xarg beyond the /Common partition, I did not realize what the fix was. However my OCD wanted to see a slash in front of the partition name and I had modified the awk to add it, but had given up on the xarg to modify things outside of /Common. It wasn't until I went to show the error to a peer, Chad T., that I discovered I stumbled upon the proper syntax, and realized I could simplify the instructions quite a bit. \n Where I would love some help from the community would be on ways to crawl the iApps to quickly disable Strict Updates. The xarg commands to modify/delete objects associated with an iApp will fail if the default setting of \"Strict Updates\" is enabled. \n \n Hope this helps, \n Carl \n \n \n \n \n ","body@stripHtml({\"removeProcessingText\":true,\"removeSpoilerMarkup\":true,\"removeTocMarkup\":true,\"truncateLength\":-1})@stringLength":"5163","kudosSumWeight":3,"repliesCount":3,"readOnly":false,"images":{"__typename":"AssociatedImageConnection","edges":[],"totalCount":0,"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}},"videos":{"__typename":"VideoConnection","edges":[],"totalCount":0,"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}}},"Conversation:conversation:273908":{"__typename":"Conversation","id":"conversation:273908","topic":{"__typename":"TkbTopicMessage","uid":273908},"lastPostingActivityTime":"2025-01-27T12:04:22.371-08:00","solved":false},"User:user:6658":{"__typename":"User","uid":6658,"login":"pauld_104632","registrationData":{"__typename":"RegistrationData","status":null},"deleted":false,"avatar":{"__typename":"UserAvatar","url":"https://community.f5.com/t5/s/zihoc95639/m_assets/avatars/default/avatar-8.svg?time=0"},"id":"user:6658"},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0yNzM5MDgtNDk1N2kyMzREQ0E4MEJERjY1OUM3?revision=2\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0yNzM5MDgtNDk1N2kyMzREQ0E4MEJERjY1OUM3?revision=2","title":"0151T000003d9E6QAI.png","associationType":"BODY","width":705,"height":377,"altText":"null"},"TkbTopicMessage:message:273908":{"__typename":"TkbTopicMessage","subject":"VIPRION external monitor","conversation":{"__ref":"Conversation:conversation:273908"},"id":"message:273908","revisionNum":2,"uid":273908,"depth":0,"board":{"__ref":"Tkb:board:codeshare"},"author":{"__ref":"User:user:6658"},"teaser@stripHtml({\"removeProcessingText\":true,\"truncateLength\":-1})":"","introduction":"","metrics":{"__typename":"MessageMetrics","views":307},"postTime":"2015-03-12T15:44:24.000-07:00","lastPublishTime":"2025-01-27T12:04:22.371-08:00","body@stripHtml({\"removeProcessingText\":true,\"removeSpoilerMarkup\":true,\"removeTocMarkup\":true,\"truncateLength\":-1})":" Problem this snippet solves: \n This VIPRION specific external monitor script is written in bash and utilizes TMSH to extend the built-in monitoring functionality of BIG-IP version 10.2.3. This write-up assumes the reader has working knowledge writing BIG-IP LTM external monitors. The following link is a great starting point LTM External Monitors: The Basics | DevCentral \n Logical network diagram: \n NOTE: The monitor is written to meet very specific environmental requirements. Therefore, your implementation may vary greatly. This post is inteded to show you some requirements for writing external monitors on the VIPRION platform while offering some creative ways to extend the functionality of external monitors using TMSH. \n The VIPRION acts as a hop in the default path of traffic destined for the Internet. Specific application flows are vectored to optimization servers and all other traffic is passed to the next hop router (Router C) toward the Internet. Router A and Router C are BGP neighbors through the VIPRION. Router B is a BGP neighbor with the VIPRION via ZebOS. A virtual address has route health injection enabled. The script monitors a user defined (agrument to the script) pool and transitions into the failed state when the available pool member count drops below a threshold value (argument to the script). \n In the failed state the following actions are performed once, effectively stopping client traffic flow through the VIPRION. \n \n Two virtual servers (arguments to the script) are disable to stop traffic through VIPRION. \n A virtual address (argument to the script) is disabled to disable route health injection of the address. \n All non Self-IP BGP connections are found in the connection table and deleted. \n \n NOTE: Manual intervention is required to enable virtual servers and virtual address when the monitor transitions from failed state to successful state before normal traffic flows will proceed. \n How to use this snippet: \n The monitor definition: \n monitor eavbgpv3 { defaults from external interval 20 timeout 61 args \"poolhttp 32 vsforward1 vsforward2 10.10.10.1\"v DEBUG \"0\"v run \"rhi_v3.bsh\" } \n This external monitor is configured to check for available members in the pool \"poolhttp\". When the available members falls below 32 the monitor transistions into the failed state and disables the virtual servers \"vsforward1\" and \"vs_forward2\" and disables the virtual address \"10.10.10.1\". When the available pool members increases above 32 neither the virtuals servers nor the virtual address is enabled. This will require manual intervention. The external monitor is assigned to a phantom pool with a single member \"1.1.1.1:4353\". No traffic is sent to the pool member. This pool and pool member are in place so the operator can see the current status of the external monitor. \n The Pool definition: \n pool bgpmonitor { monitor all eavbgp_v3 members 1.1.1.1:f5-iquery {} } \n You can download the script here: rhi_v3.bsh \n CODE: \n #!/bin/bash\n# (c) Copyright 1996-2007 F5 Networks, Inc.\n#\n# This software is confidential and may contain trade secrets that are the\n# property of F5 Networks, Inc. No part of the software may be disclosed\n# to other parties without the express written consent of F5 Networks, Inc.\n# It is against the law to copy the software. No part of the software may\n# be reproduced, transmitted, or distributed in any form or by any means,\n# electronic or mechanical, including photocopying, recording, or information\n# storage and retrieval systems, for any purpose without the express written\n# permission of F5 Networks, Inc. Our services are only available for legal\n# users of the program, for instance in the event that we extend our services\n# by offering the updating of files via the Internet.\n#\n# author: Paul DeHerrera pauld@f5.com\n#\n# these arguments supplied automatically for all external monitors:\n# $1 = IP (nnn.nnn.nnn.nnn notation or hostname)\n# $2 = port (decimal, host byte order) -- not used in this monitor, assumes default port 53\n#\n# these arguments must be supplied in the monitor configuration:\n# $3 = name of pool to monitor\n# $4 = threshold value of the pool. If the available pool member count drops below this value the monitor will respond in 'failed' state\n# $5 = first Virtual server to disable\n# $6 = second Virtual server to disable\n# $7 = first Virtual address to disable\n# $8 = second Virtual address to disable\n### Check for the 'DEBUG' variable, set it here if not present.\n\n# is the DEBUG variable passed as a variable?\nif [ -z \"$DEBUG\" ]\nthen\n # If the monitor config didn't specify debug as a variable then enable/disable it here\n DEBUG=0\nfi\n\n### If Debug is on, output the script start time to /var/log/ltm\n\n# capture and log (when debug is on) a timestamp when this eav starts\nexport ST=`date +%Y%m%d-%H:%M:%S`\nif [ $DEBUG -eq 1 ]; then echo \"EAV `basename $0` ($$): started at $ST\" | logger -p local0.debug; fi\n\n### Do not execute this script within the first 300 seconds after BIG-IP boot. This is a customer specific requirement\n\n# this section is used to introduce a delay of 300 seconds after system boot before executing this eav for the first time\nBOOT_DATE=`who -b | grep -i 'system boot' | awk {'print $3 \" \" $4 \" \" $5'}`\nif [ $DEBUG -eq 1 ]; then echo \"EAV `basename $0` ($$): boot_date: ($BOOT_DATE)\" | logger -p local0.debug; fi\nEPOCH_DATE=`date -d \"$BOOT_DATE\" +%s`\nif [ $DEBUG -eq 1 ]; then echo \"EAV `basename $0` ($$): epoch_date: ($EPOCH_DATE)\" | logger -p local0.debug; fi\nEPOCH_DATE=$((${EPOCH_DATE}+300))\nif [ $DEBUG -eq 1 ]; then echo \"EAV `basename $0` ($$): epoch_date +300: ($EPOCH_DATE)\" | logger -p local0.debug; fi\nCUR_DATE=`date +%s`\nif [ $DEBUG -eq 1 ]; then echo \"EAV `basename $0` ($$): current_date: ($CUR_DATE)\" | logger -p local0.debug; fi\n\nif [ $CUR_DATE -ge $EPOCH_DATE ]\n then\n\n### Assign a value to variables. The VIPRION requires some commands to be executed on the Primary slot as you will see later in this script\n\n# export some variables\nif [ $DEBUG -eq 1 ]; then echo \"EAV `basename $0` ($$): exporting variables...\" | logger -p local0.debug; fi\nexport REMOTEUSER=\"root\"\nexport HOME=\"/root\"\nexport IP=`echo $1 | sed 's/::ffff://'`\nexport PORT=$2\nexport POOL=$3\nexport MEMBER_THRESHOLD=$4\nexport VIRTUAL_SERVER1=$5\nexport VIRTUAL_SERVER2=$6\nexport VIRTUAL_ADDRESS1=$7\nexport VIRTUAL_ADDRESS2=$8\nexport PIDFILE=\"/var/run/`basename $0`.$IP.$PORT.pid\"\nexport TRACKING_FILENAME=/var/tmp/rhi_bsh_monitor_status\nexport PRIMARY_SLOT=`tmsh list sys db cluster.primary.slot | grep -i 'value' | sed -e 's/\\\"//g' | awk {'print $NF'}`\n\n### Output the Primary slot to /var/log/ltm\n\nif [ $DEBUG -eq 1 ]; then echo \"EAV `basename $0` ($$): the primary blade is in slot number: ($PRIMARY_SLOT)...\" | logger -p local0.debug; fi\n\n### This section is for debugging only. Check to see if this script is executing on the Primary blade and output to /var/log/ltm\n\nif [ $DEBUG -eq 1 ]; then export PRIMARY_BLADE=`tmsh list sys db cluster.primary | grep -i \"value\" | sed -e 's/\\\"//g' | awk {'print $NF'}`; fi\nif [ $DEBUG -eq 1 ]; then echo \"EAV `basename $0` ($$): is this monitor executing on the primary blade: ($PRIMARY_BLADE)\" | logger -p local0.debug; fi\n\n### Standard EAV check to see if an instance of this script is already running for the memeber. If so, kill the previous instance and output to /var/log/ltm\n\n# is there already an instance of this EAV running for this member?\nif [ -f $PIDFILE ]\nthen\n if [ $DEBUG -eq 1 ]; then echo \"EAV `basename $0` ($$): pid file is present, killing process...\" | logger -p local0.debug; fi\n kill -9 `cat $PIDFILE` > /dev/null 2>&1\n echo \"EAV `basename $0` ($$): exceeded monitor interval, needed to kill ${IP}:${PORT} with PID `cat $PIDFILE`\" | logger -p local0.error\nfi\n\n### Create a new pid file to track this instance of the monitor for the current member\n\n# create a pidfile\nif [ $DEBUG -eq 1 ]; then echo \"EAV `basename $0` ($$): creating new pid file...\" | logger -p local0.debug; fi\necho \"$$\" > $PIDFILE\n\n### Export variables for available pool members and total pool members\n\n# export more variables (these require tmsh)\nexport AVAILABLE=`tmsh show /ltm pool $POOL members all-properties | grep -i \"Availability\" | awk {'print $NF'} | grep -ic \"available\"`\nexport TOTAL_POOL_MEMBERS=`tmsh show /ltm pool $POOL members all-properties | grep -c \"Pool Member\"`\nlet \"AVAILABLE-=1\"\n\n### If Debug is on, output some variables to /var/log/ltm - helps with troubleshooting\n\nif [ $DEBUG -eq 1 ]; then echo \"EAV `basename $0` ($$): Pool ($POOL) has ($AVAILABLE) available of ($TOTAL_POOL_MEMBERS) total members.\" | logger -p local0.debug; fi\nif [ $DEBUG -eq 1 ]; then echo \"EAV `basename $0` ($$): Pool ($POOL) threshold = ($MEMBER_THRESHOLD) members. Virtual server1 ($VIRTUAL_SERVER1) and Virtual server2 ($VIRTUAL_SERVER2)\" | logger -p local0.debug; fi\nif [ $DEBUG -eq 1 ]; then echo \"EAV `basename $0` ($$): Member Threshold ($MEMBER_THRESHOLD)\" | logger -p local0.debug; fi\n\n### If the available members is less than the threshold then we are in a 'failed' state.\n\n# main monitor logic\nif [ \"$AVAILABLE\" -lt \"$MEMBER_THRESHOLD\" ]\nthen\n\n### If Debug is on, output status to /var/log/ltm \n\n ### notify log - below threshold and disabling virtual server1\n if [ $DEBUG -eq 1 ]; then echo \"EAV `basename $0` ($$): AVAILABLE < MEMBER_THRESHOLD, disabling the virtual server...\" | logger -p local0.debug; fi\n\n if [ $DEBUG -eq 1 ]; then echo \"EAV `basename $0` ($$): disabling Virtual Server 1 ($VIRTUAL_SERVER1)\" | logger -p local0.debug; fi\n\n### Disable the first virtual server, which may exist in an administrative partition. For version 10.2.3 (possibly others) the script is required to change the 'update-partition' before disabling the virtual server. To accomplish this we first determine the administrative partition name where the virtual is configured then we build a list construct to execute both commands consecutively. \n\n ### disable virtual server 1\n\n### obtain the administrative partition for the virtual. if no administrative partition is found, assume common\n export VS1_PART=`tmsh list ltm virtual $VIRTUAL_SERVER1 | grep 'partition' | awk {'print $NF'}`\n if [ -z ${VS1_PART} ]; then\n### no administrative partition was found so execute a list construct to change the update-partition to Common and disable the virtual server consecutively\n export DISABLE1=`ssh -o StrictHostKeyChecking=no root\\@slot$PRIMARY_SLOT \"tmsh modify cli admin-partitions update-partition Common && tmsh modify /ltm virtual $VIRTUAL_SERVER1 disabled\"`\n### If Debug is on, output the command to /var/log/ltm\n if [ $DEBUG -eq 1 ]; then echo \"EAV `basename $0` ($$): disable cmd1: ssh -o StrictHostKeyChecking=no root\\@slot$PRIMARY_SLOT 'tmsh modify cli admin-partitions update-partition Common && tmsh modify /ltm virtual $VIRTUAL_SERVER1 disabled'\" | logger -p local0.debug; fi\n else\n### the administrative partition was found so execute a list construct to change the update-partition and disable the virtual server consecutively. The command is sent to the primary slot via SSH\n export DISABLE1=`ssh -o StrictHostKeyChecking=no root\\@slot$PRIMARY_SLOT \"tmsh modify cli admin-partitions update-partition $VS1_PART && tmsh modify /ltm virtual $VIRTUAL_SERVER1 disabled\"`\n### If Debug is on, output the command to /var/log/ltm\n if [ $DEBUG -eq 1 ]; then echo \"EAV `basename $0` ($$): disable cmd1: ssh -o StrictHostKeyChecking=no root\\@slot$PRIMARY_SLOT 'tmsh modify cli admin-partitions update-partition $VS1_PART && tmsh modify /ltm virtual $VIRTUAL_SERVER1 disabled'\" | logger -p local0.debug; fi\n fi\n\n### If Debug is on, output status to /var/log/ltm \n\n if [ $DEBUG -eq 1 ]; then echo \"EAV `basename $0` ($$): disabling Virtual Server 2 ($VIRTUAL_SERVER2)\" | logger -p local0.debug; fi\n\n### Disable the second virtual server. This section is the same as above, so I will skip the detailed comments here.\n\n ### disable virtual server 2\n export VS2_PART=`tmsh list ltm virtual $VIRTUAL_SERVER2 | grep 'partition' | awk {'print $NF'}`\n if [ -z ${VS2_PART} ]; then\n export DISABLE2=`ssh -o StrictHostKeyChecking=no root\\@slot$PRIMARY_SLOT \"tmsh modify cli admin-partitions update-partition Common && tmsh modify /ltm virtual $VIRTUAL_SERVER2 disabled\"`\n if [ $DEBUG -eq 1 ]; then echo \"EAV `basename $0` ($$): disable cmd2: ssh -o StrictHostKeyChecking=no root\\@slot$PRIMARY_SLOT 'tmsh modify cli admin-partitions update-partition Common && tmsh modify /ltm virtual $VIRTUAL_SERVER2 disabled'\" | logger -p local0.debug; fi\n else\n export DISABLE2=`ssh -o StrictHostKeyChecking=no root\\@slot$PRIMARY_SLOT \"tmsh modify cli admin-partitions update-partition $VS2_PART && tmsh modify /ltm virtual $VIRTUAL_SERVER2 disabled\"`\n if [ $DEBUG -eq 1 ]; then echo \"EAV `basename $0` ($$): disable cmd2: ssh -o StrictHostKeyChecking=no root\\@slot$PRIMARY_SLOT 'tmsh modify cli admin-partitions update-partition $VS2_PART && tmsh modify ltm virtual $VIRTUAL_SERVER2 disabled'\" | logger -p local0.debug; fi\n fi\n\n ### notify log - disconnecting all BGP connection\n if [ $DEBUG -eq 1 ]; then echo \"EAV `basename $0` ($$): Pool ($POOL) disconnecting all BGP connections...\" | logger -p local0.debug; fi\n\n ### acquire a list of self IPs\n SELF_IPS=(`tmsh list net self | grep 'net self' | sed -e 's/\\//\\ /g' | awk {'print $3'}`)\n ### start to build our TMSH command excluding self IPs\n BGP_CONNS=\"tmsh show sys conn cs-server-port 179 | sed -e 's/\\:/\\ /g' | egrep -v '\"\n COUNT=1\n if [ $DEBUG -eq 1 ]; then echo \"EAV `basename $0` ($$): BGP Step 1 - ${BGP_CONNS}\" | logger -p local0.debug; fi\n\n ### loop through the self IPs\n for ip in \"${SELF_IPS[@]}\"\n do\n if [ $DEBUG -eq 1 ]; then echo \"EAV `basename $0` ($$): BGP Step 2 - ${ip}\" | logger -p local0.debug; fi\n\n ### continue to build our TMSH command - append self IPs to ignore\n if [ ${COUNT} -gt 1 ]\n then\n BGP_CONNS=${BGP_CONNS}\"|${ip}\"\n else\n BGP_CONNS=${BGP_CONNS}\"${ip}\"\n fi\n (( COUNT++ ))\n done\n\n ### if debug is on log a message with the TMSH command up until this point\n if [ $DEBUG -eq 1 ]; then echo \"EAV `basename $0` ($$): BGP Step 3 - ${BGP_CONNS}\" | logger -p local0.debug; fi\n ### finish the TMSH command to show BGP connections not including self IPs\n BGP_CONNS=${BGP_CONNS}\"' | egrep -v 'Sys|Total' | awk {'print \\$1'}\"\n if [ $DEBUG -eq 1 ]; then echo \"EAV `basename $0` ($$): BGP Step 4 - ${BGP_CONNS}\" | logger -p local0.debug; fi\n ### gather all BGP connection not including those to self IPs\n DISCONNS=(`eval $BGP_CONNS`)\n DISCMD=''\n NEWCOUNT=1\n if [ $DEBUG -eq 1 ]; then echo \"EAV `basename $0` ($$): BGP Step 5 - ${DISCONNS}\" | logger -p local0.debug; fi\n ### loop through the resulting BGP connections and build another TMSH command to delete these connections from the connection table\n for newip in \"${DISCONNS[@]}\"\n do\n if [ $DEBUG -eq 1 ]; then echo \"EAV `basename $0` ($$): BGP Step 6\" | logger -p local0.debug; fi\n if [ ${NEWCOUNT} -gt 1 ]\n then\n DISCMD=${DISCMD}\" && tmsh delete sys connection cs-client-addr ${newip} cs-server-port 179\"\n else\n DISCMD=${DISCMD}\"tmsh delete sys connection cs-client-addr ${newip} cs-server-port 179\"\n fi\n (( NEWCOUNT++ ))\n done\n ### if debug is on log the command we just assembled\n if [ $DEBUG -eq 1 ]; then echo \"EAV `basename $0` ($$): BGP Step 7 - ${DISCMD}\" | logger -p local0.debug; fi\n ### One the primary slot execute the command to delete the non self IP BGP connections.\n export CONNECTIONS=`ssh -o StrictHostKeyChecking=no root\\@slot$PRIMARY_SLOT \"${DISCMD}\"`\n if [ $DEBUG -eq 1 ]; then echo \"EAV `basename $0` ($$): BGP Step 8 - $CONNECTIONS\" | logger -p local0.debug; fi\n ### disable virtual address 1\n if [ $DEBUG -eq 1 ]; then echo \"EAV `basename $0` ($$): VA1 ($VIRTUAL_ADDRESS1)\" | logger -p local0.debug; fi\n if [ ! -z \"$VIRTUAL_ADDRESS1\" ]; then\n if [ $DEBUG -eq 1 ]; then echo \"EAV `basename $0` ($$): disabling Virtual Address 1 ($VIRTUAL_ADDRESS1)\" | logger -p local0.debug; fi\n export VA1_PART=`tmsh list ltm virtual-address $VIRTUAL_ADDRESS1 | grep 'partition' | awk {'print $NF'}`\n if [ $DEBUG -eq 1 ]; then echo \"EAV `basename $0` ($$): cmd: ssh -o StrictHostKeyChecking=no root\\@slot$PRIMARY_SLOT tmsh modify cli admin-partitions update-partition $VA1_PART && tmsh modify /ltm virtual-address $VIRTUAL_ADDRESS1 enabled no \" | logger -p local0.debug; fi\n export VA2_UPCMD=`ssh -o StrictHostKeyChecking=no root\\@slot$PRIMARY_SLOT \"tmsh modify cli admin-partitions update-partition $VA1_PART && tmsh modify /ltm virtual-address $VIRTUAL_ADDRESS1 enabled no\"`\n if [ $DEBUG -eq 1 ]; then echo \"EAV `basename $0` ($$): virtual address 1 disabled?\" | logger -p local0.debug; fi\n fi\n ### disable virtual address 2\n if [ ! -z \"$VIRTUAL_ADDRESS2\" ]; then\n if [ $DEBUG -eq 1 ]; then echo \"EAV `basename $0` ($$): disabling Virtual Address 2 ($VIRTUAL_ADDRESS2)\" | logger -p local0.debug; fi\n export VA2_PART=`tmsh list ltm virtual-address $VIRTUAL_ADDRESS2 | grep 'partition' | awk {'print $NF'}`\n if [ $DEBUG -eq 1 ]; then echo \"EAV `basename $0` ($$): update-partition - $VA2_PART\" | logger -p local0.debug; fi\n export VA2_UPCMD=`ssh -o StrictHostKeyChecking=no root\\@slot$PRIMARY_SLOT \"tmsh modify cli admin-partitions update-partition $VA2_PART && tmsh modify /ltm virtual-address $VIRTUAL_ADDRESS2 enabled no\"`\n if [ $DEBUG -eq 1 ]; then echo \"EAV `basename $0` ($$): cmd: virtual address 2 disabled?\" | logger -p local0.debug; fi\n fi\n ### track number of times this monitor has failed\n if [ -e \"$TRACKING_FILENAME\" ]\n then\n export COUNT=`cat $TRACKING_FILENAME`\n export NEW_COUNT=$((${COUNT}+1))\n echo $NEW_COUNT > $TRACKING_FILENAME\n else\n echo 1 > $TRACKING_FILENAME\n export NEW_COUNT=1\n fi\n ### notify log - failure count\n echo \"EAV `basename $0` ($$): Pool $POOL only has $AVAILABLE available of $TOTAL_POOL_MEMBERS total members, failing site. Virtual servers ($VIRTUAL_SERVER1 and $VIRTUAL_SERVER2) will be disabled and all connections with destination port 179 will be terminated. Virtual servers must be manually enabled after pool $MEMBER_THRESHOLD or more pool members are available. This monitor has failed $NEW_COUNT times.\" | logger -p local0.debug\n\n # remove the pidfile\n if [ $DEBUG -eq 1 ]; then echo \"EAV `basename $0` ($$): removing the pidfile...\" | logger -p local0.debug; fi\n export PIDBGONE=`rm -f $PIDFILE`\n if [ $DEBUG -eq 1 ]; then echo \"EAV `basename $0` ($$): pidfile has been removed ($PIDBGONE)\" | logger -p local0.debug; fi\n export END=`date +%Y%m%d-%H:%M:%S`\n if [ $DEBUG -eq 1 ]; then echo \"EAV `basename $0` ($$): stopped at $END\" | logger -p local0.debug; fi\nelse\n if [ -e \"$TRACKING_FILENAME\" ]\n then\n ### log the status\n echo \"EAV `basename $0` ($$): Pool $POOL has $AVAILABLE members of $TOTAL_POOL_MEMBERS total members. No change to virtual servers ($VIRTUAL_SERVER1 and $VIRTUAL_SERVER2). No change to port 179 connections. Virtual servers must be manually enabled to pass traffic if they are disabled.\" | logger -p local0.debug\n rm -f $TRACKING_FILENAME\n fi\n ### remove the pidfile\n if [ $DEBUG -eq 1 ]; then echo \"EAV `basename $0` ($$): removing the pidfile...\" | logger -p local0.debug; fi\n export PIDBGONE=`rm -f $PIDFILE`\n if [ $DEBUG -eq 1 ]; then echo \"EAV `basename $0` ($$): pidfile has been removed ($PIDBGONE)\" | logger -p local0.debug; fi\n export END=`date +%Y%m%d-%H:%M:%S`\n if [ $DEBUG -eq 1 ]; then echo \"EAV `basename $0` ($$): stopped at $END\" | logger -p local0.debug; fi\n echo \"UP\"\nfi\n\nfi ","body@stripHtml({\"removeProcessingText\":true,\"removeSpoilerMarkup\":true,\"removeTocMarkup\":true,\"truncateLength\":-1})@stringLength":"19877","kudosSumWeight":0,"repliesCount":0,"readOnly":false,"images":{"__typename":"AssociatedImageConnection","edges":[{"__typename":"AssociatedImageEdge","cursor":"MjUuM3wyLjF8b3wyNXxfTlZffDE","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0yNzM5MDgtNDk1N2kyMzREQ0E4MEJERjY1OUM3?revision=2\"}"}}],"totalCount":1,"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}},"videos":{"__typename":"VideoConnection","edges":[],"totalCount":0,"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}}},"Conversation:conversation:292929":{"__typename":"Conversation","id":"conversation:292929","topic":{"__typename":"ForumTopicMessage","uid":292929},"lastPostingActivityTime":"2024-12-02T14:25:19.986-08:00","solved":false},"User:user:112466":{"__typename":"User","uid":112466,"login":"lnxgeek","registrationData":{"__typename":"RegistrationData","status":null},"deleted":false,"avatar":{"__typename":"UserAvatar","url":"https://community.f5.com/t5/s/zihoc95639/images/dS0xMTI0NjYtMjE0NzNpOEM2MThGODRCN0JDRDBFNQ"},"id":"user:112466"},"ForumTopicMessage:message:292929":{"__typename":"ForumTopicMessage","subject":"Let's Encrypt with Cloudflare DNS and F5 REST API","conversation":{"__ref":"Conversation:conversation:292929"},"id":"message:292929","revisionNum":3,"uid":292929,"depth":0,"board":{"__ref":"Forum:board:TechnicalForum"},"author":{"__ref":"User:user:112466"},"metrics":{"__typename":"MessageMetrics","views":2429},"postTime":"2022-02-25T13:10:17.160-08:00","lastPublishTime":"2024-12-02T14:25:19.986-08:00","body@stripHtml({\"removeProcessingText\":true,\"removeSpoilerMarkup\":true,\"removeTocMarkup\":true,\"truncateLength\":-1})":" Hi all \n This is a followup on the now very old Let's Encrypt on a Big-IP article. \n It has served me, and others, well but is kind of locked to a specific environment and doesn't scale well. I have been going around it for some time but couldn't find the courage (aka time) to get started. \n However, due to some changes to my DNS provider (they were aquired and shut down) I finally took the plunges and moved my domains to a provider with an API and that gave me the opportunity to make a more nimble solution. \n To make things simple I chose Cloudflare as the community proliferation is enormous and it is easy to find examples and tools. I though think that choosing another provide with an open API isn't such a big deal. After playing around with different tools I realized that I didn't need them as it ended up being much easier to just use curl. So, if the other providers have just a somewhat close resemblance it shouldn't be such a big task converting the scripts to fit. \n There might be finer and more advanced solutions out there, but my goal was that I needed a solution that had as few dependencies as possible and if I could make that only Bash and Curl it would be perfect. \n And that is what I ended up with 😎 \n Just put 5 files in the same directory, adjust the config to your environment, and BAM you're good to go!!😻 And if you need to run it somewhere else just copy the directory over and continue like nothing was changed. That is what I call portability 😁 \n Find all the details here: \n Let's Encrypt with Cloudflare DNS and F5 REST API \n Please just drop me a line if you have any questions or feedback or find any bugs. ","body@stripHtml({\"removeProcessingText\":true,\"removeSpoilerMarkup\":true,\"removeTocMarkup\":true,\"truncateLength\":-1})@stringLength":"1660","kudosSumWeight":1,"repliesCount":8,"readOnly":false,"images":{"__typename":"AssociatedImageConnection","edges":[],"totalCount":0,"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}},"videos":{"__typename":"VideoConnection","edges":[],"totalCount":0,"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}}},"Conversation:conversation:330127":{"__typename":"Conversation","id":"conversation:330127","topic":{"__typename":"ForumTopicMessage","uid":330127},"lastPostingActivityTime":"2024-05-29T17:00:41.681-07:00","solved":false},"User:user:429015":{"__typename":"User","uid":429015,"login":"williammyer1","registrationData":{"__typename":"RegistrationData","status":null},"deleted":false,"avatar":{"__typename":"UserAvatar","url":"https://community.f5.com/t5/s/zihoc95639/m_assets/avatars/default/avatar-10.svg?time=0"},"id":"user:429015"},"ForumTopicMessage:message:330127":{"__typename":"ForumTopicMessage","subject":"BigIP UCS Backup script; looking for some guidance on design","conversation":{"__ref":"Conversation:conversation:330127"},"id":"message:330127","revisionNum":1,"uid":330127,"depth":0,"board":{"__ref":"Forum:board:TechnicalForum"},"author":{"__ref":"User:user:429015"},"metrics":{"__typename":"MessageMetrics","views":276},"postTime":"2024-05-29T09:09:45.309-07:00","lastPublishTime":"2024-05-29T09:09:45.309-07:00","body@stripHtml({\"removeProcessingText\":true,\"removeSpoilerMarkup\":true,\"removeTocMarkup\":true,\"truncateLength\":-1})":" Greetings, I've began to work on a bash script, intended to be ran locally on each F5 appliance via a cron task. The criteria for this script has been, Saves the UCS /w encryption using {Hostname}-YYYY-MM-DD.ucs naming format. Uploads the generated UCS file to a SFTP server SFTP native commands are a MUST, SCP will not work due to it's reliance on command shell/login. Rollover after X # of saved files in order to prevent storage exhaustion on the target SFTP Server I strongly doubt any form of deduplication will work with a encrypted UCS Sends an email notification if the backup failed I've so far written a script that addresses the first 3 criteria and have been waiting for those to go through their paces in testing before adding in notification logic. The commands and logic being used have gotten more complex, the further I've gotten into the script's development. This has lead to some concerns about whether this is the best approach given the nature of the F5 BigIP systems being a vendor appliance and worry that there's a large possibility commands may stop working correctly after a major x. version update, requiring an overhaul of a fairly complex script. I'm almost wondering if setting up an AWX/Tower host in our environment and then using the f5networks Ansible Module for the majority of the heavy lifting followed by some basic logic for file rotation, would be a better long term approach. Ansible would also be a bit more flexible in that I wouldn't have to hardcore values that diverge between individual hosts into the script itself. It's however not clear if the F5networks ansible module supports SFTP as I only see SCP referenced. https://my.f5.com/manage/s/article/K35454259 Advice and insight is much appreciated! #!/bin/bash\n# F5 backup script based on https://my.f5.com/manage/s/article/K000138297\n\n# User-configurable Variables\nUCS_DIR=\"/var/ucs\"\nREMOTE_USER=\"svc_f5backup\"\nREMOTE_HOST=\"myhost.contoso.local\"\nREMOTE_DIR=\"/data/f5/dev\"\nSSH_KEY=\"/shared/scripts/f5-backup/mykeys/f5user\"\nENCRYPTION_PASSPHRASE='' # Blank out the value to not encrypt the UCS backup.\nLOG_FILE=\"/var/log/backupscript.log\"\nMAX_FILES=45 # Maximum number of backup files to keep\n\n# Dynamic Variables (do not edit)\nHOSTNAME=$(/bin/hostname)\nDATE=$(date +%Y-%m-%d)\nUCS_FILE=\"${UCS_DIR}/${HOSTNAME}-${DATE}.ucs\"\n\n# Start logging\necho \"$(date +'%Y-%m-%d %H:%M:%S') - Starting backup script.\" >> ${LOG_FILE}\n\n# Save the UCS backup file\nif [ -n \"${ENCRYPTION_PASSPHRASE}\" ]; then\n echo \"Running the UCS save operation (encrypted).\" >> ${LOG_FILE}\n tmsh save /sys ucs ${UCS_FILE} passphrase \"${ENCRYPTION_PASSPHRASE}\" >> ${LOG_FILE} 2>&1\nelse\n echo \"Running the UCS save operation (not encrypted).\" >> ${LOG_FILE}\n tmsh save /sys ucs ${UCS_FILE} >> ${LOG_FILE} 2>&1\nfi\n\n# Create a temporary batch file for SFTP commands\nBATCH_FILE=$(mktemp)\necho \"cd ${REMOTE_DIR}\" > $BATCH_FILE\necho \"put ${UCS_FILE}\" >> $BATCH_FILE\necho \"bye\" >> $BATCH_FILE\n\n# Log that the transfer is starting\necho \"Starting SFTP transfer.\" >> ${LOG_FILE}\n\n# Execute SFTP command and capture the output\ntransfer_command_output=$(sftp -b \"$BATCH_FILE\" -i \"${SSH_KEY}\" -oBatchMode=no \"${REMOTE_USER}@${REMOTE_HOST}\" 2>&1)\ntransfer_status=$?\n\n# Extract the \"Transferred:\" line\ntransfer_summary=$(echo \"$transfer_command_output\" | grep \"^Transferred: sent\")\n\nif [ $transfer_status -eq 0 ]; then\n if [ -n \"$transfer_summary\" ]; then\n echo \"UCS file copied to the SFTP server successfully (remote:${REMOTE_HOST}:${REMOTE_DIR}/${UCS_FILE}). $transfer_summary\" >> ${LOG_FILE}\n else\n echo \"UCS file copied to the SFTP server successfully (remote:${REMOTE_HOST}:${REMOTE_DIR}/${UCS_FILE}). Please check the log for details.\" >> ${LOG_FILE}\n fi\nelse\n echo \"$transfer_command_output\" >> ${LOG_FILE}\n echo \"UCS SFTP copy operation failed. Please read the log for details.\" >> ${LOG_FILE}\n rm -f $BATCH_FILE\n exit 1\nfi\n\n# Clean up the temporary batch file\nrm -f $BATCH_FILE\n\n# Rollover backup files if the number exceeds MAX_FILES\necho \"Checking and maintaining the maximum number of backup files.\" >> ${LOG_FILE}\n\n# Create a list of files to delete\nsftp -i \"${SSH_KEY}\" -oBatchMode=no \"${REMOTE_USER}@${REMOTE_HOST}\" <<EOF > file_list.txt\ncd ${REMOTE_DIR}\nls -1 ${HOSTNAME}-*.ucs\nbye\nEOF\n\n# Filter out unwanted lines and sort the files alphanumerically\ngrep -v 'sftp>' file_list.txt | grep -v '^cd ' | sort > filtered_file_list.txt\n\n# Determine files to delete\nfiles_to_delete=$(head -n -${MAX_FILES} filtered_file_list.txt)\n\nif [ -n \"$files_to_delete\" ]; then\n # Create a temporary batch file for SFTP cleanup commands\n CLEANUP_BATCH_FILE=$(mktemp)\n echo \"cd ${REMOTE_DIR}\" > $CLEANUP_BATCH_FILE\n for file in $files_to_delete; do\n echo \"Deleting $file\" >> ${LOG_FILE}\n echo \"rm $file\" >> $CLEANUP_BATCH_FILE\n done\n echo \"bye\" >> $CLEANUP_BATCH_FILE\n\n # Execute SFTP cleanup command and log the output\n cleanup_command_output=$(sftp -b \"$CLEANUP_BATCH_FILE\" -i \"${SSH_KEY}\" -oBatchMode=no \"${REMOTE_USER}@${REMOTE_HOST}\" 2>&1)\n echo \"$cleanup_command_output\" >> ${LOG_FILE}\n\n # Clean up the temporary batch file\n rm -f $CLEANUP_BATCH_FILE\nelse\n echo \"No files to delete. Total files within limit.\" >> ${LOG_FILE}\nfi\n\n# Clean up the file lists\nrm -f file_list.txt filtered_file_list.txt\n\n# Delete the local copy of the UCS archive\ntmsh delete /sys ucs ${UCS_FILE} >> ${LOG_FILE} 2>&1\n\necho \"$(date +'%Y-%m-%d %H:%M:%S') - Backup script completed.\" >> ${LOG_FILE} ","body@stripHtml({\"removeProcessingText\":true,\"removeSpoilerMarkup\":true,\"removeTocMarkup\":true,\"truncateLength\":-1})@stringLength":"5778","kudosSumWeight":0,"repliesCount":2,"readOnly":false,"images":{"__typename":"AssociatedImageConnection","edges":[],"totalCount":0,"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}},"videos":{"__typename":"VideoConnection","edges":[],"totalCount":0,"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}}},"Conversation:conversation:328335":{"__typename":"Conversation","id":"conversation:328335","topic":{"__typename":"TkbTopicMessage","uid":328335},"lastPostingActivityTime":"2024-03-08T14:52:20.339-08:00","solved":false},"User:user:51154":{"__typename":"User","uid":51154,"login":"JRahm","registrationData":{"__typename":"RegistrationData","status":null},"deleted":false,"avatar":{"__typename":"UserAvatar","url":"https://community.f5.com/t5/s/zihoc95639/images/dS01MTE1NC1uYzdSVFk?image-coordinates=0%2C0%2C1067%2C1067"},"id":"user:51154"},"TkbTopicMessage:message:328335":{"__typename":"TkbTopicMessage","subject":"List BIG-IP Next Instance Backups on Central Manager","conversation":{"__ref":"Conversation:conversation:328335"},"id":"message:328335","revisionNum":2,"uid":328335,"depth":0,"board":{"__ref":"Tkb:board:codeshare"},"author":{"__ref":"User:user:51154"},"teaser@stripHtml({\"removeProcessingText\":true,\"truncateLength\":-1})":"","introduction":"","metrics":{"__typename":"MessageMetrics","views":133},"postTime":"2024-03-07T16:04:06.872-08:00","lastPublishTime":"2024-03-08T14:52:20.339-08:00","body@stripHtml({\"removeProcessingText\":true,\"removeSpoilerMarkup\":true,\"removeTocMarkup\":true,\"truncateLength\":-1})":" In the Central Manager GUI, you can create/schedule BIG-IP Next Instance backups, but outside of the listing shown there, you can't download the files from that view if you want to archive them for off-box requirements. Finding them in the Central Manager command line to download them via secure copy (scp) requires some kubernetes-fu knowhow, mainly, interrogating the persistent volume claims and persistent volumes: \n \n kubectl get pvc mbiq-local-storage-pv-claim -o yaml | grep volumeName \n kubectl get pv <volumename result> -o yaml | grep \"path: \" \n \n This script takes the guesswork out of all that and let's you focus on more important things. Example output: \n admin@cm1:~$ ./lbu.sh\n\nBackup path: /var/lib/rancher/k3s/storage/pvc-ae75faee-101e-49eb-89f7-b66542da1281_default_mbiq-local-storage-pv-claim/backup\n\ntotal 3860\n 4 drwxrwxrwx 2 root root 4096 Mar 7 19:33 .\n 4 drwxrwxrwx 7 root root 4096 Feb 2 00:01 ..\n1780 -rw-r--r-- 1 ubuntu lxd 1821728 Feb 28 18:40 3b9ef4d8-0f0b-453d-b350-c8720a30db16.2024-02-28.18-39-59.backup.tar.gz\n 288 -rw-r--r-- 1 ubuntu lxd 292464 Feb 28 18:39 7bf4e3ac-e8a2-44a3-bead-08be6c590071.2024-02-28.18-39-15.backup.tar.gz\n1784 -rw-r--r-- 1 ubuntu lxd 1825088 Mar 7 19:33 7bf4e3ac-e8a2-44a3-bead-08be6c590071.2024-03-07.19-32-56.backup.tar.gz \n \n Script Source ","body@stripHtml({\"removeProcessingText\":true,\"removeSpoilerMarkup\":true,\"removeTocMarkup\":true,\"truncateLength\":-1})@stringLength":"1339","kudosSumWeight":1,"repliesCount":0,"readOnly":false,"images":{"__typename":"AssociatedImageConnection","edges":[],"totalCount":0,"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}},"videos":{"__typename":"VideoConnection","edges":[],"totalCount":0,"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}}},"Conversation:conversation:327576":{"__typename":"Conversation","id":"conversation:327576","topic":{"__typename":"ForumTopicMessage","uid":327576},"lastPostingActivityTime":"2024-02-07T14:14:50.337-08:00","solved":false},"User:user:427257":{"__typename":"User","uid":427257,"login":"touriel","registrationData":{"__typename":"RegistrationData","status":null},"deleted":false,"avatar":{"__typename":"UserAvatar","url":"https://community.f5.com/t5/s/zihoc95639/m_assets/avatars/default/avatar-4.svg?time=0"},"id":"user:427257"},"ForumTopicMessage:message:327576":{"__typename":"ForumTopicMessage","subject":"Issue with a simple Bash Script for adding an iRule to a list of Virtual Servers.","conversation":{"__ref":"Conversation:conversation:327576"},"id":"message:327576","revisionNum":4,"uid":327576,"depth":0,"board":{"__ref":"Forum:board:TechnicalForum"},"author":{"__ref":"User:user:427257"},"metrics":{"__typename":"MessageMetrics","views":119},"postTime":"2024-02-07T08:03:19.920-08:00","lastPublishTime":"2024-02-07T08:19:42.247-08:00","body@stripHtml({\"removeProcessingText\":true,\"removeSpoilerMarkup\":true,\"removeTocMarkup\":true,\"truncateLength\":-1})":" Hello Community, I am having an issue with a bash script for an F5 BIG-IP Load Balancer, intended to read and iterate over a .txt list of Virtual Server names, look up the partition for a given VS, and add an iRule to it. When running the script I am only hitting the outermost 'else' statement for being unable to find the partition and VS name. My script logic is based on F5 Support solution K41961653: <p>\n#!/bin/bash\n\n# Prompt the user for the iRule name and read it into the 'new' variable\necho \"Please enter the iRule name:\"\nread new\n\nnoneRules='rules none'\n\nwhile IFS= read -r vs_name; do\n # Retrieve the partition and virtual server name\n full_vs_info=$(tmsh -c \"cd /; list ltm virtual recursive\" | grep \"$vs_name\" | grep -m1 \"^ltm virtual\")\n echo \"Full VS Info Debug: $full_vs_info\"\n\n # Extract the partition and virtual server name from the retrieved information\n if [[ $full_vs_info =~ ltm\\ virtual\\ (.+)/(.+) ]]; then\n partition=\"${BASH_REMATCH[1]}\"\n vs_name=\"${BASH_REMATCH[2]}\"\n \n # Format the tmsh command to include the partition\n rule=$(tmsh list ltm virtual /$partition/$vs_name rules | egrep -v \"\\{|\\}\" | xargs)\n \n if [[ \"$rule\" == \"$noneRules\" ]]; then\n tmsh modify ltm virtual /$partition/$vs_name rules { $new }\n echo \"iRule $new was added to $vs_name in partition $partition\"\n else#\n tmsh modify ltm virtual /$partition/$vs_name rules { $rule $new }\n echo \"iRules $rule were conserved and added $new to $vs_name in partition $partition\"\n fi\n else\n echo \"Could not find partition and virtual server name for $vs_name\"\n fi\ndone < /shared/tmp/test_list.txt\n\ntmsh save sys config\n</p> As far as I was able to troubleshoot, the problem I am encountering appears to be with line 11 of my script where I attempt to assign the string \"ltm virtual SomePartition/VS_Example.com {\" to the \"full_vs_info\" variable using: full_vs_info=$(tmsh -c \"cd /; list ltm virtual recursive\" | grep \"$vs_name\" | grep -m1 \"^ltm virtual\") When I run the tmsh command [tmsh -c \"cd /; list ltm virtual recursive\" | grep \"VS_Example.com\" | grep -m1 \"^ltm virtual\"] on its own, from the F5's Bash shell, I am getting the output I expect: \"ltm virtual SomePartition/VS_Example.com {\" However, when I run the script with the debug echo , it only outputs \"Full VS Info Debug:\", and ends the script with \"Could not find partition and virtual server name for $vs_name\" and a sys config save. I am attempting to run this on a BIG-IP, version 15.1.10.2, build 0.44.2. I am quite new to both Bash scripting and F5 LBs. All feedback and criticism is highly appreciated! Thanks in advance! ","body@stripHtml({\"removeProcessingText\":true,\"removeSpoilerMarkup\":true,\"removeTocMarkup\":true,\"truncateLength\":-1})@stringLength":"2685","kudosSumWeight":0,"repliesCount":2,"readOnly":false,"images":{"__typename":"AssociatedImageConnection","edges":[],"totalCount":0,"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}},"videos":{"__typename":"VideoConnection","edges":[],"totalCount":0,"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}}},"Conversation:conversation:290663":{"__typename":"Conversation","id":"conversation:290663","topic":{"__typename":"TkbTopicMessage","uid":290663},"lastPostingActivityTime":"2023-06-05T22:51:21.972-07:00","solved":false},"User:user:309135":{"__typename":"User","uid":309135,"login":"Vijay_E","registrationData":{"__typename":"RegistrationData","status":null},"deleted":false,"avatar":{"__typename":"UserAvatar","url":"https://community.f5.com/t5/s/zihoc95639/m_assets/avatars/default/avatar-11.svg?time=0"},"id":"user:309135"},"TkbTopicMessage:message:290663":{"__typename":"TkbTopicMessage","subject":"F5 Automation - TCL & Bash","conversation":{"__ref":"Conversation:conversation:290663"},"id":"message:290663","revisionNum":2,"uid":290663,"depth":0,"board":{"__ref":"Tkb:board:codeshare"},"author":{"__ref":"User:user:309135"},"teaser@stripHtml({\"removeProcessingText\":true,\"truncateLength\":-1})":"","introduction":"","metrics":{"__typename":"MessageMetrics","views":1963},"postTime":"2016-06-27T17:19:39.000-07:00","lastPublishTime":"2023-06-05T22:51:21.972-07:00","body@stripHtml({\"removeProcessingText\":true,\"removeSpoilerMarkup\":true,\"removeTocMarkup\":true,\"truncateLength\":-1})":" Problem this snippet solves: This is a really simple way to automate CLI command execution on multiple F5 devices using Bash & TCL scripting. How to use this snippet: On a linux machine that is utilized to connect to the F5 device: \n Create a directory \n mkdir F5_Check \n Within the \"F5_Check\" directory, create the following 3 files: \n F5_Host.txt (This file contains F5's IP address) \n F5_Bash_v1 (This is the bash script used to collect username/password for F5) \n F5_Out_v1.exp (This is the TCL script executes the relevant commands on F5) \n Explanation of the 3 files: \n File Content: F5_Out_v1.exp is provided as code share. This is the main TCL script that is utiliezd to execute CLI commands on multiple F5 devices. \n File Content: F5_Bash_v1 \n #!/bin/bash\n# Collect the username and password for F5 access\necho -n \"Enter the username \"\nread -s -e user\necho -ne '\\n'\necho -n \"Enter the password \"\nread -s -e password\necho -ne '\\n'\n\n# Feed the expect script a device list & the collected username & passwords\nfor device in `cat ~/F5_Check/F5_Host.txt`; do\n ./F5_Out_v1.exp $device $password $user ;\n done\n \n\n File Contents: F5_Host.txt \n This contains the management IP of the F5 devices. \n Example: \n cat F5_Host.txt \n 10.12.12.200\n 10.12.12.201\n 10.12.12.202 \n 10.12.12.203\n Code : #!/usr/bin/expect -f\n\n# Set variables\nset hostname [lindex $argv 0]\nset password [lindex $argv 1]\nset username [lindex $argv 2]\n\n# Log results\nlog_file -a ~/F5_Check/F5LOG.log\n\n# Announce which device we are working on and the time\nsend_user \"\\n\"\nsend_user \">>>>> Working on $hostname @ [exec date] <<<<<\\n\"\nsend_user \"\\n\"\n\n# SSH access to device\nspawn ssh $username@$hostname\n\nexpect {\n\"no)? \" { \nsend \"yes\\n\"\nexpect \"*assword: \"\nsleep 1\nsend \"$password\\r\"\n}\n\"*assword: \" { \nsleep 1\nsend \"$password\\r\"\n }\n}\n\nexpect \"(tmos)#\"\nsend \"sys\\n\"\nexpect \"(tmos.sys)#\"\n\nsend \"show software\\n\"\nexpect \"#\"\nsend \"exit\\n\"\nexpect \"#\"\nsend \"quit\\n\"\n\nexpect \":~\\$\"\nexit Tested this on version: 11.5","body@stripHtml({\"removeProcessingText\":true,\"removeSpoilerMarkup\":true,\"removeTocMarkup\":true,\"truncateLength\":-1})@stringLength":"2047","kudosSumWeight":0,"repliesCount":2,"readOnly":false,"images":{"__typename":"AssociatedImageConnection","edges":[],"totalCount":0,"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}},"videos":{"__typename":"VideoConnection","edges":[],"totalCount":0,"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}}},"Conversation:conversation:287908":{"__typename":"Conversation","id":"conversation:287908","topic":{"__typename":"TkbTopicMessage","uid":287908},"lastPostingActivityTime":"2023-06-05T22:02:08.134-07:00","solved":false},"User:user:261033":{"__typename":"User","uid":261033,"login":"Stanislas_Piro2","registrationData":{"__typename":"RegistrationData","status":null},"deleted":false,"avatar":{"__typename":"UserAvatar","url":"https://community.f5.com/t5/s/zihoc95639/m_assets/avatars/default/avatar-2.svg?time=0"},"id":"user:261033"},"TkbTopicMessage:message:287908":{"__typename":"TkbTopicMessage","subject":"Use F5 LTM as HTTP Proxy","conversation":{"__ref":"Conversation:conversation:287908"},"id":"message:287908","revisionNum":2,"uid":287908,"depth":0,"board":{"__ref":"Tkb:board:codeshare"},"author":{"__ref":"User:user:261033"},"teaser@stripHtml({\"removeProcessingText\":true,\"truncateLength\":-1})":"","introduction":"","metrics":{"__typename":"MessageMetrics","views":11008},"postTime":"2018-05-04T09:52:24.000-07:00","lastPublishTime":"2023-06-05T22:02:08.134-07:00","body@stripHtml({\"removeProcessingText\":true,\"removeSpoilerMarkup\":true,\"removeTocMarkup\":true,\"truncateLength\":-1})":" Problem this snippet solves: LTM product can be used as a HTTP Proxy for servers and PC. \n This code explains minimum requirements to configure proxy feature without SWG module (configurations from Explicit Forward Proxy documentation without documentation ) and without explicit proxy iApp. How to use this snippet: All these commands must be run in bash shell. \n Create HTTP PROXY VIRTUAL SERVER \n Configure variables used in next commands \n Variable HTTPBaseName is used to create : \n Resolver object : RESOLVER_${HTTPBaseName} HTTP profile : http_${HTTPBaseName} virtual server : VS_${HTTPBaseName} \n \n HTTPBaseName=\"HTTP_FORWARD_PROXY\"\nVS_IP=\"192.168.2.80\"\nVS_PORT=\"8080\"\n \n\n create DNS resolver with your DNS server (1.1.1.1 is for demo using cloudflare) \n tmsh create net dns-resolver RESOLVER_${HTTPBaseName} { forward-zones replace-all-with { . { nameservers replace-all-with { 1.1.1.1:domain { } } } } route-domain 0 }\n \n\n create HTTP profile type explicit, using DNS resolver. \n The parameter default-connect-handling allow enables HTTPS connections without SSL inspection \n tmsh create ltm profile http http_${HTTPBaseName} { defaults-from http-explicit explicit-proxy { default-connect-handling allow dns-resolver RESOLVER_${HTTPBaseName} } proxy-type explicit }\n \n\n create HTTP proxy Virtual server \n tmsh create ltm virtual VS_${HTTPBaseName} { destination ${VS_IP}:${VS_PORT} ip-protocol tcp mask 255.255.255.255 profiles replace-all-with { http_${HTTPBaseName} { } tcp } source 0.0.0.0/0 source-address-translation { type automap } translate-address enabled translate-port enabled}\n \n\n ENABLE SSL FORWARD PROXY \n This section is not required to forward HTTPS requests but only to enable SSL inspection on HTTPS requests. Note : Following configuration requires SSL, Forward Proxy License. \n Configure variables used in next commands \n Variable SSLBaseName is used to create : \n certificate / key pair : ${SSLBaseName} Client SSL profile : clientssl_${SSLBaseName} Server SSL profile : serverssl_${SSLBaseName} virtual server : VS_${SSLBaseName} \n \n SSLBaseName=\"SSL_FORWARD_PROXY\"\ndirname=\"/var/tmp\"\nCASubject=\"/C=FR/O=DEMO\\ COMPANY/CN=SSL\\ FORWARD\\ PROXY\\ CA\"\n \n\n Create self-signed certificate for CA purpose (not available in WebUI) \n Self-signed certificates created in WebUI doesn't have CA capability required for SSL FORWARD PROXY. \n openssl genrsa -out ${dirname}/${SSLBaseName}.key 4094\nopenssl req -sha512 -new -x509 -days 3650 -key ${dirname}/${SSLBaseName}.key -out ${dirname}/${SSLBaseName}.crt -subj \"${CASubject}\"\n \n\n Import certificates in TMOS \n tmsh install sys crypto key ${SSLBaseName}.key from-local-file ${dirname}/${SSLBaseName}.key; \ntmsh install sys crypto cert ${SSLBaseName}.crt from-local-file ${dirname}/${SSLBaseName}.crt; \n \n\n After CA Certificate is imported, browse in WebUI, retrieve it and import it in client browsers trusted CA \n Create SSL profiles for SSL FORWARD PROXY \n tmsh create ltm profile client-ssl clientssl_${SSLBaseName} { cert-lookup-by-ipaddr-port disabled defaults-from clientssl mode enabled proxy-ca-cert ${SSLBaseName}.crt proxy-ca-key ${SSLBaseName}.key ssl-forward-proxy enabled }\ntmsh create ltm profile server-ssl serverssl_${SSLBaseName} { defaults-from serverssl ssl-forward-proxy enabled }\n \n\n create SSL FORWARD PROXY Virtual server \n tmsh create ltm virtual VS_${SSLBaseName} { destination 0.0.0.0:https ip-protocol tcp profiles replace-all-with { clientssl_${SSLBaseName} { context clientside } serverssl_${SSLBaseName} { context serverside } http { } tcp { } } source 0.0.0.0/0 translate-address disabled translate-port disabled vlans replace-all-with { http-tunnel } vlans-enabled }\n \n\n Change HTTP EXPLICIT PROXY Default Connect Handling to Deny \n tmsh modify ltm profile http http_${HTTPBaseName} explicit-proxy { default-connect-handling deny }\n \n\n Note : These commands were tested in both 12.1 and 13.1 versions. Code : No Code ","body@stripHtml({\"removeProcessingText\":true,\"removeSpoilerMarkup\":true,\"removeTocMarkup\":true,\"truncateLength\":-1})@stringLength":"3979","kudosSumWeight":1,"repliesCount":24,"readOnly":false,"images":{"__typename":"AssociatedImageConnection","edges":[],"totalCount":0,"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}},"videos":{"__typename":"VideoConnection","edges":[],"totalCount":0,"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}}},"CachedAsset:text:en_US-components/community/Navbar-1745262169148":{"__typename":"CachedAsset","id":"text:en_US-components/community/Navbar-1745262169148","value":{"community":"Community Home","inbox":"Inbox","manageContent":"Manage Content","tos":"Terms of Service","forgotPassword":"Forgot Password","themeEditor":"Theme Editor","edit":"Edit Navigation Bar","skipContent":"Skip to content","migrated-link-9":"Groups","migrated-link-7":"Technical Articles","migrated-link-8":"DevCentral News","migrated-link-1":"Technical Forum","migrated-link-10":"Community Groups","migrated-link-2":"Water Cooler","migrated-link-11":"F5 Groups","Common-external-link":"How Do I...?","migrated-link-0":"Forums","article-series":"Article Series","migrated-link-5":"Community Articles","migrated-link-6":"Articles","security-insights":"Security Insights","migrated-link-3":"CrowdSRC","migrated-link-4":"CodeShare","migrated-link-12":"Events","migrated-link-13":"Suggestions"},"localOverride":false},"CachedAsset:text:en_US-components/community/NavbarHamburgerDropdown-1745262169148":{"__typename":"CachedAsset","id":"text:en_US-components/community/NavbarHamburgerDropdown-1745262169148","value":{"hamburgerLabel":"Side Menu"},"localOverride":false},"CachedAsset:text:en_US-components/community/BrandLogo-1745262169148":{"__typename":"CachedAsset","id":"text:en_US-components/community/BrandLogo-1745262169148","value":{"logoAlt":"Khoros","themeLogoAlt":"Brand Logo"},"localOverride":false},"CachedAsset:text:en_US-components/community/NavbarTextLinks-1745262169148":{"__typename":"CachedAsset","id":"text:en_US-components/community/NavbarTextLinks-1745262169148","value":{"more":"More"},"localOverride":false},"CachedAsset:text:en_US-components/authentication/AuthenticationLink-1745262169148":{"__typename":"CachedAsset","id":"text:en_US-components/authentication/AuthenticationLink-1745262169148","value":{"title.login":"Sign In","title.registration":"Register","title.forgotPassword":"Forgot Password","title.multiAuthLogin":"Sign In"},"localOverride":false},"CachedAsset:text:en_US-components/nodes/NodeLink-1745262169148":{"__typename":"CachedAsset","id":"text:en_US-components/nodes/NodeLink-1745262169148","value":{"place":"Place {name}"},"localOverride":false},"CachedAsset:text:en_US-components/tags/TagSubscriptionAction-1745262169148":{"__typename":"CachedAsset","id":"text:en_US-components/tags/TagSubscriptionAction-1745262169148","value":{"success.follow.title":"Following Tag","success.unfollow.title":"Unfollowed Tag","success.follow.message.followAcrossCommunity":"You will be notified when this tag is used anywhere across the community","success.unfollowtag.message":"You will no longer be notified when this tag is used anywhere in this place","success.unfollowtagAcrossCommunity.message":"You will no longer be notified when this tag is used anywhere across the community","unexpected.error.title":"Error - Action Failed","unexpected.error.message":"An unidentified problem occurred during the action you took. Please try again later.","buttonTitle":"{isSubscribed, select, true {Unfollow} false {Follow} other{}}","unfollow":"Unfollow"},"localOverride":false},"CachedAsset:text:en_US-shared/client/components/common/QueryHandler-1745262169148":{"__typename":"CachedAsset","id":"text:en_US-shared/client/components/common/QueryHandler-1745262169148","value":{"title":"Query Handler"},"localOverride":false},"Category:category:top":{"__typename":"Category","id":"category:top","nodeType":"category"},"CachedAsset:text:en_US-components/community/NavbarDropdownToggle-1745262169148":{"__typename":"CachedAsset","id":"text:en_US-components/community/NavbarDropdownToggle-1745262169148","value":{"ariaLabelClosed":"Press the down arrow to open the menu"},"localOverride":false},"CachedAsset:text:en_US-components/messages/MessageListTabs-1745262169148":{"__typename":"CachedAsset","id":"text:en_US-components/messages/MessageListTabs-1745262169148","value":{"mostKudoed":"{value, select, IDEA {Most Votes} other {Most Likes}}","mostReplies":"Most Replies","mostViewed":"Most Viewed","newest":"{value, select, IDEA {Newest Ideas} OCCASION {Newest Events} other {Newest Topics}}","newestOccasions":"Newest Events","mostRecent":"Most Recent","noReplies":"No Replies Yet","noSolutions":"No Solutions Yet","solutions":"Solutions","mostRecentUserContent":"Most Recent","trending":"Trending","draft":"Drafts","spam":"Spam","abuse":"Abuse","moderation":"Moderation","tags":"Tags","PAST":"Past","UPCOMING":"Upcoming","sortBymostRecent":"Sort By Most Recent","sortBymostRecentUserContent":"Sort By Most Recent","sortBymostKudoed":"Sort By Most Likes","sortBymostReplies":"Sort By Most Replies","sortBymostViewed":"Sort By Most Viewed","sortBynewest":"Sort By Newest Topics","sortBynewestOccasions":"Sort By Newest Events","otherTabs":" Messages list in the {tab} for {conversationStyle}","guides":"Guides","archives":"Archives"},"localOverride":false},"CachedAsset:text:en_US-components/messages/MessageView/MessageViewInline-1745262169148":{"__typename":"CachedAsset","id":"text:en_US-components/messages/MessageView/MessageViewInline-1745262169148","value":{"bylineAuthor":"{bylineAuthor}","bylineBoard":"{bylineBoard}","anonymous":"Anonymous","place":"Place {bylineBoard}","gotoParent":"Go to parent {name}"},"localOverride":false},"CachedAsset:text:en_US-shared/client/components/common/Pager/PagerLoadMore-1745262169148":{"__typename":"CachedAsset","id":"text:en_US-shared/client/components/common/Pager/PagerLoadMore-1745262169148","value":{"loadMore":"Show More"},"localOverride":false},"CachedAsset:text:en_US-components/customComponent/CustomComponent-1745262169148":{"__typename":"CachedAsset","id":"text:en_US-components/customComponent/CustomComponent-1745262169148","value":{"errorMessage":"Error rendering component id: {customComponentId}","bannerTitle":"Video provider requires cookies to play the video. Accept to continue or {url} it directly on the provider's site.","buttonTitle":"Accept","urlText":"watch"},"localOverride":false},"CachedAsset:text:en_US-shared/client/components/common/OverflowNav-1745262169148":{"__typename":"CachedAsset","id":"text:en_US-shared/client/components/common/OverflowNav-1745262169148","value":{"toggleText":"More"},"localOverride":false},"CachedAsset:text:en_US-components/users/UserLink-1745262169148":{"__typename":"CachedAsset","id":"text:en_US-components/users/UserLink-1745262169148","value":{"authorName":"View Profile: {author}","anonymous":"Anonymous"},"localOverride":false},"CachedAsset:text:en_US-components/messages/MessageSubject-1745262169148":{"__typename":"CachedAsset","id":"text:en_US-components/messages/MessageSubject-1745262169148","value":{"noSubject":"(no subject)"},"localOverride":false},"CachedAsset:text:en_US-components/messages/MessageTime-1745262169148":{"__typename":"CachedAsset","id":"text:en_US-components/messages/MessageTime-1745262169148","value":{"postTime":"Published: {time}","lastPublishTime":"Last Update: {time}","conversation.lastPostingActivityTime":"Last posting activity time: {time}","conversation.lastPostTime":"Last post time: {time}","moderationData.rejectTime":"Rejected time: {time}"},"localOverride":false},"CachedAsset:text:en_US-shared/client/components/nodes/NodeIcon-1745262169148":{"__typename":"CachedAsset","id":"text:en_US-shared/client/components/nodes/NodeIcon-1745262169148","value":{"contentType":"Content Type {style, select, FORUM {Forum} BLOG {Blog} TKB {Knowledge Base} IDEA {Ideas} OCCASION {Events} other {}} icon"},"localOverride":false},"CachedAsset:text:en_US-components/messages/MessageUnreadCount-1745262169148":{"__typename":"CachedAsset","id":"text:en_US-components/messages/MessageUnreadCount-1745262169148","value":{"unread":"{count} unread","comments":"{count, plural, one { unread comment} other{ unread comments}}"},"localOverride":false},"CachedAsset:text:en_US-components/messages/MessageViewCount-1745262169148":{"__typename":"CachedAsset","id":"text:en_US-components/messages/MessageViewCount-1745262169148","value":{"textTitle":"{count, plural,one {View} other{Views}}","views":"{count, plural, one{View} other{Views}}"},"localOverride":false},"CachedAsset:text:en_US-components/kudos/KudosCount-1745262169148":{"__typename":"CachedAsset","id":"text:en_US-components/kudos/KudosCount-1745262169148","value":{"textTitle":"{count, plural,one {{messageType, select, IDEA{Vote} other{Like}}} other{{messageType, select, IDEA{Votes} other{Likes}}}}","likes":"{count, plural, one{like} other{likes}}"},"localOverride":false},"CachedAsset:text:en_US-components/messages/MessageRepliesCount-1745262169148":{"__typename":"CachedAsset","id":"text:en_US-components/messages/MessageRepliesCount-1745262169148","value":{"textTitle":"{count, plural,one {{conversationStyle, select, IDEA{Comment} OCCASION{Comment} other{Reply}}} other{{conversationStyle, select, IDEA{Comments} OCCASION{Comments} other{Replies}}}}","comments":"{count, plural, one{Comment} other{Comments}}"},"localOverride":false},"CachedAsset:text:en_US-components/messages/MessageBody-1745262169148":{"__typename":"CachedAsset","id":"text:en_US-components/messages/MessageBody-1745262169148","value":{"showMessageBody":"Show More","mentionsErrorTitle":"{mentionsType, select, board {Board} user {User} message {Message} other {}} No Longer Available","mentionsErrorMessage":"The {mentionsType} you are trying to view has been removed from the community.","videoProcessing":"Video is being processed. Please try again in a few minutes.","bannerTitle":"Video provider requires cookies to play the video. Accept to continue or {url} it directly on the provider's site.","buttonTitle":"Accept","urlText":"watch"},"localOverride":false},"CachedAsset:text:en_US-shared/client/components/users/UserAvatar-1745262169148":{"__typename":"CachedAsset","id":"text:en_US-shared/client/components/users/UserAvatar-1745262169148","value":{"altText":"{login}'s avatar","altTextGeneric":"User's avatar"},"localOverride":false}}}},"page":"/tags/TagPage/TagPage","query":{"messages.widget.messagelistfornodebyrecentactivitywidget-tab-main-messages-list-for-tag-widget-0":"mostRecent","tagName":"bash"},"buildId":"FP3zsFp6DJl70wDujOvtu","runtimeConfig":{"buildInformationVisible":false,"logLevelApp":"info","logLevelMetrics":"info","openTelemetryClientEnabled":false,"openTelemetryConfigName":"f5","openTelemetryServiceVersion":"25.3.0","openTelemetryUniverse":"prod","openTelemetryCollector":"http://localhost:4318","openTelemetryRouteChangeAllowedTime":"5000","apolloDevToolsEnabled":false,"inboxMuteWipFeatureEnabled":false},"isFallback":false,"isExperimentalCompile":false,"dynamicIds":["./components/customComponent/CustomComponent/CustomComponent.tsx","./components/community/Navbar/NavbarWidget.tsx","./components/community/Breadcrumb/BreadcrumbWidget.tsx","./components/tags/TagsHeaderWidget/TagsHeaderWidget.tsx","./components/messages/MessageListForNodeByRecentActivityWidget/MessageListForNodeByRecentActivityWidget.tsx","./components/tags/TagSubscriptionAction/TagSubscriptionAction.tsx","./components/customComponent/CustomComponentContent/TemplateContent.tsx","../shared/client/components/common/List/ListGroup/ListGroup.tsx","./components/messages/MessageView/MessageView.tsx","./components/messages/MessageView/MessageViewInline/MessageViewInline.tsx","../shared/client/components/common/Pager/PagerLoadMore/PagerLoadMore.tsx","./components/customComponent/CustomComponentContent/HtmlContent.tsx","./components/customComponent/CustomComponentContent/CustomComponentScripts.tsx"],"appGip":true,"scriptLoader":[]}