How to check the support id.
Hi Guys, I am new for F5. Dome times users can able to access our clients network from outside. User provides us a support id. Now my query is how to check this support id in LTM and allow that URL so that user's can able to access the URL.Kindly help me to fix issue. Please tell me the steps. Regards Tan_SalKnowledge sharing: Ways to trigger and schedule scripts on the F5 BIG-IP devices.
I think that it is interesting to share how on F5 different scripts can be run at different times and states. 1. You can use the cron job like on any linux device to run a script. As I have used this to restart the tomcat and httpd each night with "bigstart restart <name>" or "tmsh restart /sys service <name>" (https://support.f5.com/csp/article/K89999342), because of a bug till I upgade the devices (https://support.f5.com/csp/article/K25554628 ). https://support.f5.com/csp/article/K03108954 2.Newer versions of F5 also have anacron tool that can add some randomness to the timframe when a script is run and many F5 default scripts use this and not the crontab: https://support.f5.com/csp/article/K33730915 3.You can even trigger scripts on the F5 device if the state changes from active to standby or from standby to active by adding the scripts under /config/failover/<state>. For example if you have a bug for a critical process that causes a failover ( you can use the command show /sys ha-status all-properties to check for this https://support.f5.com/csp/article/K20060182 ) but the device does not reboot or fix the process you can run a script to when the device becomes standby to restart the process. https://support.f5.com/csp/article/K6008 4. You afcource can run scripts at the F5 start time (startup/bootup): https://support.f5.com/csp/article/K11948 5.The final thing thing I can think of is to run a script at the backround that monitors the log and for example when there is a specific message in /var/log/ltm to trigger a tcpdump (in some cases better than creating a rotating tcpdum to catch an issue as per https://support.f5.com/csp/article/K65251607 ). The script can be a bash script with "tail -f" command that is run on the backround or better use the F5 intergrated "icall" feature. Bash: https://www.thegeekstuff.com/2010/12/5-ways-to-execute-linux-command/ Icall: https://devcentral.f5.com/s/articles/what-is-icall-27404 https://devcentral.f5.com/s/articles/run-tcpdump-on-event 5. You can use utility "logger -p" to generate manually log messages in the F5 device's log for testing of your scripts as this is used also for SNMP custom alarm traps tests (for more about SNMP https://support.f5.com/csp/article/K3727 ) https://support.f5.com/csp/article/K86480148 6. You can also trigger scripts from an BIG-IQ device bt you still can't schedule them when to run: https://clouddocs.f5.com/training/community/big-iq-cloud-edition/html/class5/module1/lab6.html 7.Of course the final option is to use ansible or python SDK that uses the F5 rest-api to execute commands on the F5 devices. https://f5-sdk.readthedocs.io/en/latest/ 8. You can even use TCP expect and bash for automations using SSH connection but this is really old way to do things: https://devcentral.f5.com/s/articles/f5-automation-tcl-amp-bash-921 https://f5-sdk.readthedocs.io/en/latest/userguide/ltm_pools_members_code_example.html 9.F5 is well integrated with Ansible and it is better than REST-API Python SDK or TCL for me as even the declarative AS3 interface is supported: https://clouddocs.f5.com/products/orchestration/ansible/devel/ https://clouddocs.f5.com/products/orchestration/ansible/devel/ https://www.f5.com/partners/technology-alliances/ansible Imperative: https://support.f5.com/csp/article/K42420223 https://clouddocs.f5.com/products/orchestration/ansible/devel/usage/playbook_tutorial.html Declaritive: https://www.f5.com/company/blog/f5-as3-and-red-hat-ansible-automation https://clouddocs.f5.com/training/fas-ansible-workshop-101/3.0-as3-intro.html 10. For some automations without rest-api better use the F5 native cli scripts than bash with tmsh commands: https://clouddocs.f5.com/cli/tmsh-reference/v14/modules/cli/cli_script.html https://clouddocs.f5.com/api/tmsh/script__run.html
Step by Step Instructions for iCall
I have read several articles about iCall (& iStats) but I'm missing how to actually implement it. With iRules I put the script in the iRules editor and save. If I want to do an iCall that is triggered from within an iRule I'm not understanding where to put the iCall pieces. Is it files that I store in a special folder? Is it multiple files, eg. if I have a handler, script etc...? What I would like is a link or an explanation of how to get started, please.
An error has occurred while trying to process your request while selecting certificate
How to find the special character in the certificate. Getting the below error. Could not use GUI to see certificate details. Only tmos works. at iControl.ManagementKeyCertificateBindingStub.get_certificate_list_v2(ManagementKeyCertificateBindingStub.java:1760) at com.f5.model.security.PKIStore.getSSLCertificatesMap(PKIStore.java:82) ... 84 more Caused by: org.xml.sax.SAXParseException; lineNumber: 1109; columnNumber: 43; An invalid XML character (Unicode: 0x13) was found in the element content of the document. at com.sun.org.apache.xerces.internal.util.ErrorHandlerWrapper.createSAXParseException(ErrorHandlerWrapper.java:198) at com.sun.org.apache.xerces.internal.util.ErrorHandlerWrapper.fatalError(ErrorHandlerWrapper.java:177) I'm unable to narrow down the certificate which may be causing this. I guess, I've hit article - K47741472: The Configuration utility does not process SSL keys and certificates with names that include special characters
Big-IQ snapshot management
Hello community, I have an interesting situation that I want to run by you guys and hopefully somebody/someone can give me a hand. We have in our environment 20 Big-IQ devices, handling nearly 500 devices (between LTMs, ASMs, DNSs and combination of them). Internally we have configured Big-IQs to trigger snapshots for all of them, the only difference we have is that we only keep snapshot files storaged in the Big-IQ is for ASMs. The rest of the modules keep their snapshots locally. Now, we want (need) to create a python script (basically because we make it run from a 3rd party solution that ssh into the Big-IQs and run that python script) to delete snapshots older than 30 days, for example. For that purpose, I have searched for several documentation regarding API for snapshot management on Big IQ , basically there are 2 API calls relevant for me: 1.- Snapshot checkup: GET /cm/<module>/tasks/snapshot-config/<id> 2.- Snapshot deletion: DELETE mgmt/cm/<module>/tasks/snapshot-config/<id> Now the values between <>, which are: 'module' and 'id', in our case module = asm and 'id' is for the snapshot we want to checkup and delete if meets the criteria. The thing here is that, we do not have any 'id' number, because the snapshots are created by several business units outside our team, where they log into the Big-IQ's GUI and deploy the snapshot manually. I have tried to send a GET request (via POSTMAN) using these variations (hoping some sort of response): GET /cm/<module>/tasks/snapshot-config/ GET /cm/<module>/tasks/snapshot-config/* But logically is expecting the 'id' value so it shoots back an error. NOTE: the 'id' is provided when you try the API call for snapshot creation: POST mgmt/cm/<module>/tasks/snapshot-config. That particular POST, only request the name of the snapshot as parameter and then provides the precious 'id' in return. So you can see my dilemma and where I am missing data. QUESTIONS: 1.- Is there any way to fetch the 'id' using any resource? 2.- where exactly is located the repository for these snapshots in the Big-IQ? I mean the Linux's bash prompt for each Big-IQ, I have searched and searched but I haven't found them... This would be a great peace of information. 3.- Is this the right approach? I found some information about 'restcurl' but I am not completely sure about this resource. Thanks.-
