Priority Group activation between 10 servers
Hi All, Is it possible to enable the priority group activation between 10 servers- condition is that at a time any one server should up, if it goes down any other one server become active and serve the request. Meaning out of 10 servers 1 should serve the request on F5 LTM.
Script to send an email if Traffic-group failovers on F5
I am using this script to detect the status of a traffic-group and send out an email if it changes its status from Active to Standby, some how i am not getting any email when i flip over the traffic group between active standby boxes. Though i have tested email through CLI and mail works. need experts advice if i am missing any thing? #!/bin/bash # Variables EMAIL_TO="x@x.com" EMAIL_SUBJECT="HLR-STG-LB01 WHARF Traffic-Group Failover Alert" TRAFFIC_GROUP="wharf" CHECK_INTERVAL=60 LOG_FILE="/var/log/failover_notify.log" # Function to send email send_email() { local message=$1 echo -e "To: ${EMAIL_TO}\nSubject: ${EMAIL_SUBJECT}\n\n${message}" | ssmtp ${EMAIL_TO} } # Function to log messages log_message() { local message=$1 echo "$(date): ${message}" >> ${LOG_FILE} 2>&1 } # Function to get the current status of the traffic group get_traffic_group_status() { tmsh show cm traffic-group | grep "${TRAFFIC_GROUP}" } # Initial state previous_status=$(get_traffic_group_status) # Main loop while true; do current_status=$(get_traffic_group_status) if [[ "${previous_status}" != "${current_status}" ]]; then if echo "${current_status}" | grep -qi "standby"; then log_message "Traffic group ${TRAFFIC_GROUP} failed over to standby." send_email "Alert: Traffic group ${TRAFFIC_GROUP} has failed over to standby on another device." elif echo "${current_status}" | grep -qi "active"; then log_message "Traffic group ${TRAFFIC_GROUP} is now active." send_email "Info: Traffic group ${TRAFFIC_GROUP} is now active on this device." fi previous_status=${current_status} fi sleep ${CHECK_INTERVAL} done ~ ~ Added this script to crontab. ensured that script is running #ps aux | grep failover_notify.sh root 23928 0.0 0.0 115208 1500 pts/1 T 12:04 0:00 /bin/bash ./failover_notify.sh root 31495 0.0 0.0 114736 948 pts/1 S+ 12:52 0:00 grep failover_notify.sh
Issues with F5 appliance black holeing traffic
Hi wondering if anyone can help or has seen an issue similar to this? 2 tenants on 1 Host One tenant has the issue, the other doesn't. All upstream networks and devices assurance checked and logs analysed. Issue only present on Hostname: dcnn-lb01-int.circlehealthgroup.co.uk Key Info: CPU in the control plane consistently spikes at 100% (5-10 times per min) Outbound traffic is blackholed if session starts during CPU spikes. All outbound traffic types all affected - ICMP from tmos, Node polling, F5 sync messaging, snmp messages....etc If session starts outside of CPU spikes then issue isn't present - ICMP started will run continuously without drops Symptoms last < 2secs per "CPU event". Symptoms present as if the default route drops/changes, gateway is unreachable or traffic is blackholed. Repeating here but essential to note that this is only for newly established sessions during that window. Established sessions (e.g. continuous ICMP from tmos) are not affected during the same blackholing event window where new sessions are. Thanks in advance Dave
Error while running ansible
I am getting the following error when I am trying to run ansible script on f5 instance through jumphost The full traceback is: Traceback (most recent call last): File "/Library/Frameworks/Python.framework/Versions/3.12/lib/python3.12/urllib/request.py", line 1344, in do_open h.request(req.get_method(), req.selector, req.data, headers, File "/Library/Frameworks/Python.framework/Versions/3.12/lib/python3.12/http/client.py", line 1336, in request self._send_request(method, url, body, headers, encode_chunked) File "/Library/Frameworks/Python.framework/Versions/3.12/lib/python3.12/http/client.py", line 1382, in _send_request self.endheaders(body, encode_chunked=encode_chunked) File "/Library/Frameworks/Python.framework/Versions/3.12/lib/python3.12/http/client.py", line 1331, in endheaders self._send_output(message_body, encode_chunked=encode_chunked) File "/Library/Frameworks/Python.framework/Versions/3.12/lib/python3.12/http/client.py", line 1091, in _send_output self.send(msg) File "/Library/Frameworks/Python.framework/Versions/3.12/lib/python3.12/http/client.py", line 1035, in send self.connect() File "/Library/Frameworks/Python.framework/Versions/3.12/lib/python3.12/http/client.py", line 1477, in connect self.sock = self._context.wrap_socket(self.sock, ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/Library/Frameworks/Python.framework/Versions/3.12/lib/python3.12/ssl.py", line 455, in wrap_socket return self.sslsocket_class._create( ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/Library/Frameworks/Python.framework/Versions/3.12/lib/python3.12/ssl.py", line 1042, in _create self.do_handshake() File "/Library/Frameworks/Python.framework/Versions/3.12/lib/python3.12/ssl.py", line 1320, in do_handshake self._sslobj.do_handshake() ssl.SSLError: [SSL: WRONG_VERSION_NUMBER] wrong version number (_ssl.c:1000) During handling of the above exception, another exception occurred: Traceback (most recent call last): File "/Users/pranaychowd.pinapaka/.ansible/tmp/ansible-tmp-1714109490.0885582-73185-193526554178977/AnsiballZ_bigip_command.py", line 107, in <module> _ansiballz_main() File "/Users/pranaychowd.pinapaka/.ansible/tmp/ansible-tmp-1714109490.0885582-73185-193526554178977/AnsiballZ_bigip_command.py", line 99, in _ansiballz_main invoke_module(zipped_mod, temp_path, ANSIBALLZ_PARAMS) File "/Users/pranaychowd.pinapaka/.ansible/tmp/ansible-tmp-1714109490.0885582-73185-193526554178977/AnsiballZ_bigip_command.py", line 47, in invoke_module runpy.run_module(mod_name='ansible_collections.f5networks.f5_modules.plugins.modules.bigip_command', init_globals=dict(_module_fqn='ansible_collections.f5networks.f5_modules.plugins.modules.bigip_command', _modlib_path=modlib_path), File "<frozen runpy>", line 226, in run_module File "<frozen runpy>", line 98, in _run_module_code File "<frozen runpy>", line 88, in _run_code File "/var/folders/4c/dnty3w814gxd01c5lq6910nr0000gn/T/ansible_bigip_command_payload_rjjis8dv/ansible_bigip_command_payload.zip/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_command.py", line 757, in <module> File "/var/folders/4c/dnty3w814gxd01c5lq6910nr0000gn/T/ansible_bigip_command_payload_rjjis8dv/ansible_bigip_command_payload.zip/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_command.py", line 750, in main File "/var/folders/4c/dnty3w814gxd01c5lq6910nr0000gn/T/ansible_bigip_command_payload_rjjis8dv/ansible_bigip_command_payload.zip/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_command.py", line 680, in exec_module File "/var/folders/4c/dnty3w814gxd01c5lq6910nr0000gn/T/ansible_bigip_command_payload_rjjis8dv/ansible_bigip_command_payload.zip/ansible_collections/f5networks/f5_modules/plugins/modules/bigip_command.py", line 631, in exec_module File "/var/folders/4c/dnty3w814gxd01c5lq6910nr0000gn/T/ansible_bigip_command_payload_rjjis8dv/ansible_bigip_command_payload.zip/ansible_collections/f5networks/f5_modules/plugins/module_utils/icontrol.py", line 551, in tmos_version File "/var/folders/4c/dnty3w814gxd01c5lq6910nr0000gn/T/ansible_bigip_command_payload_rjjis8dv/ansible_bigip_command_payload.zip/ansible_collections/f5networks/f5_modules/plugins/module_utils/bigip.py", line 31, in api File "/var/folders/4c/dnty3w814gxd01c5lq6910nr0000gn/T/ansible_bigip_command_payload_rjjis8dv/ansible_bigip_command_payload.zip/ansible_collections/f5networks/f5_modules/plugins/module_utils/bigip.py", line 52, in connect_via_token_auth File "/var/folders/4c/dnty3w814gxd01c5lq6910nr0000gn/T/ansible_bigip_command_payload_rjjis8dv/ansible_bigip_command_payload.zip/ansible_collections/f5networks/f5_modules/plugins/module_utils/icontrol.py", line 239, in post File "/var/folders/4c/dnty3w814gxd01c5lq6910nr0000gn/T/ansible_bigip_command_payload_rjjis8dv/ansible_bigip_command_payload.zip/ansible_collections/f5networks/f5_modules/plugins/module_utils/icontrol.py", line 194, in send File "/var/folders/4c/dnty3w814gxd01c5lq6910nr0000gn/T/ansible_bigip_command_payload_rjjis8dv/ansible_bigip_command_payload.zip/ansible/module_utils/urls.py", line 1578, in open File "/Library/Frameworks/Python.framework/Versions/3.12/lib/python3.12/urllib/request.py", line 215, in urlopen return opener.open(url, data, timeout) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/Library/Frameworks/Python.framework/Versions/3.12/lib/python3.12/urllib/request.py", line 515, in open response = self._open(req, data) ^^^^^^^^^^^^^^^^^^^^^ File "/Library/Frameworks/Python.framework/Versions/3.12/lib/python3.12/urllib/request.py", line 532, in _open result = self._call_chain(self.handle_open, protocol, protocol + ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/Library/Frameworks/Python.framework/Versions/3.12/lib/python3.12/urllib/request.py", line 492, in _call_chain result = func(*args) ^^^^^^^^^^^ File "/var/folders/4c/dnty3w814gxd01c5lq6910nr0000gn/T/ansible_bigip_command_payload_rjjis8dv/ansible_bigip_command_payload.zip/ansible/module_utils/urls.py", line 605, in https_open File "/Library/Frameworks/Python.framework/Versions/3.12/lib/python3.12/urllib/request.py", line 1347, in do_open raise URLError(err) urllib.error.URLError: <urlopen error [SSL: WRONG_VERSION_NUMBER] wrong version number (_ssl.c:1000)> fatal: [hostip ]: FAILED! => { "changed": false, "module_stderr": "Traceback (most recent call last):\n File \"/Library/Frameworks/Python.framework/Versions/3.12/lib/python3.12/urllib/request.py\", line 1344, in do_open\n h.request(req.get_method(), req.selector, req.data, headers,\n File \"/Library/Frameworks/Python.framework/Versions/3.12/lib/python3.12/http/client.py\", line 1336, in request\n .. . . . payload.zip/ansible_collections/f5networks/f5_modules/plugins/module_utils/bigip.py\", line 52, in connect_via_token_auth\n File \"/var/folders/4c/dnty3w814gxd01c5lq6910nr0000gn/T/ansible_bigip_command_payload_rjjis8dv/ansible_bigip_command_payload.zip/ansible_collections/f5networks/f5_modules/plugins/module_utils/icontrol.py\", line 239, in post\n File \"/var/folders/4c/dnty3w814gxd01c5lq6910nr0000gn/T/ansible_bigip_command_payload_rjjis8dv/ansible_bigip_command_payload.zip/ansible_collections/f5networks/f5_modules/plugins/module_utils/icontrol.py\", line 194, in send\n File \"/var/folders/4c/dnty3w814gxd01c5lq6910nr0000gn/T/ansible_bigip_command_payload_rjjis8dv/ansible_bigip_command_payload.zip/ansible/module_utils/urls.py\", line 1578, in open\n File \"/Library/Frameworks/Python.framework/Versions/3.12/lib/python3.12/urllib/request.py\", line 215, in urlopen\n return opener.open(url, data, timeout)\n ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^\n File \"/Library/Frameworks/Python.framework/Versions/3.12/lib/python3.12/urllib/request.py\", line 515, in open\n response = self._open(req, data)\n ^^^^^^^^^^^^^^^^^^^^^\n File \"/Library/Frameworks/Python.framework/Versions/3.12/lib/python3.12/urllib/request.py\", line 532, in _open\n result = self._call_chain(self.handle_open, protocol, protocol +\n ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^\n File \"/Library/Frameworks/Python.framework/Versions/3.12/lib/python3.12/urllib/request.py\", line 492, in _call_chain\n result = func(*args)\n ^^^^^^^^^^^\n File \"/var/folders/4c/dnty3w814gxd01c5lq6910nr0000gn/T/ansible_bigip_command_payload_rjjis8dv/ansible_bigip_command_payload.zip/ansible/module_utils/urls.py\", line 605, in https_open\n File \"/Library/Frameworks/Python.framework/Versions/3.12/lib/python3.12/urllib/request.py\", line 1347, in do_open\n raise URLError(err)\nurllib.error.URLError: <urlopen error [SSL: WRONG_VERSION_NUMBER] wrong version number (_ssl.c:1000)>\n", "module_stdout": "", "msg": "MODULE FAILURE\nSee stdout/stderr for the exact error", "rc": 1 }Telemetry streaming to Elasticsearch
Hi all I am following a couple of threads since I want to send ASM logging to Elasticsearch like this one fromGreg What I understand is that I need to send an AS3 declaration and a TS declaration. But there are a couple of things not entirely clear to me. 1. Can I remove the iRule, Service_TCP, Pool, Log_Destination, Log_Publisher and Traffic_Log_profile declarations from the AS3 declaration json? In the example the telemetry_asm_security_log_profile does not seem to depend on these? 2. In the AS declaration json an IP address is specified 255.255.255.254 (perhaps just an example since it is a subnet mask) and also in the TS declaration where it is 172.16.60.194. How are the IP in the servers section of the AS3 declaration related to the one in the consumer part in the TS declaration? 3. Intelemetry_asm_security_log_profile the field remoteStorage is set to splunk. According to the reference guide:Reference Guide security-log-profile-application-objectthe allowed values are “remote”, “splunk”, “arcsight”, “bigiq”. I would opt for just remote. Is that the correct choice? Regards Hans
Get associated pool name from VIP IP using F5-LTM
I am trying to get the pool name from the VIP IP which I am getting from a input file, but I am unable to get any cmdlet related to that ``` $secpasswd = ConvertTo-SecureString "" -AsPlainText -Force $MyLTM_IP = "12.16.16.8" $mycreds = New-Object System.Management.Automation.PSCredential "rk", $secpasswd $session = $null #Create an F5 session $session = New-F5Session -LTMName $MyLTM_IP -LTMCredentials $mycreds -PassThru $get_data = Import-Csv -Path "D:\f5\IP_Addition_Input.csv" $VIP_IP = $get_data.VIPIP ``` Please let me know how can I get the pool name. going forward I have a add nodes to that pool. I am using `F5-LTM` module ``` # Download latest version $webclient = New-Object System.Net.WebClient $url = "https://github.com/joel74/POSH-LTM-Rest/archive/master.zip" Write-Host "Downloading latest version of F5-LTM from $url" -ForegroundColor Cyan $file = "$($env:TEMP)\F5-LTM.zip" $webclient.DownloadFile($url,$file) Write-Host "File saved to $file" -ForegroundColor Green # Unblock and decompress Unblock-File -Path $file $targetondisk = "$($env:USERPROFILE)\Documents\WindowsPowerShell\Modules" # no need to handle, this folder should just exist New-Item -ItemType Directory -Force -Path $targetondisk -ErrorAction SilentlyContinue | out-null # Unzip Write-Host "Uncompressing the Zip file to $($targetondisk)" -ForegroundColor Cyan $shell_app=new-object -com shell.application $zip_file = $shell_app.namespace($file) $destination = $shell_app.namespace($targetondisk) $destination.Copyhere($zip_file.items(), 0x10) # Rename and import Write-Host "Renaming folder" -ForegroundColor Cyan if (Test-Path ($targetondisk+"\F5-LTM")) { Write-Host "Removing prior $($targetondisk+"\F5-LTM") folder" -ForegroundColor Yellow Remove-Item -Recurse -Force -Path ($targetondisk+"\F5-LTM") | out-null } Move-Item -Path ($targetondisk+"\POSH-LTM-Rest-master") -Destination "$($targetondisk+"\F5-LTM")" -Force | out-null Write-Host "Module has been installed" -ForegroundColor Green Import-Module -Name "$($targetondisk+"\F5-LTM\F5-LTM")" # Zip file has a sub F5-LTM folder with the module Get-Command -Module F5-LTM <#!-------------------#> ```
