scripts
4 TopicsHow to install lets encrypt on BIG IP
Hello, I’m wondering if there are updated steps in installing letsencrypt on F5. I have been trying to piece it together from github resources but not really sure how to create the scripts on the F5 via CLI in the proper steps as I am not able to make progress after first couple steps of creating the data group and iRule. Hoping to get a more detailed set of steps as this is not something I have had to do on the BIG IP yet, I have a testing environment to set this up in initially. We are running version 13 on BIG IP. Thank you in advance to the community.Solved3.9KViews0likes4Commentslist data-group using tmsh script
Hi all, I'm developing some scripts in order to make easier certain operation with data-groups. I figured out how to add, modify and delete elements this way but when it comes to show the data-group... No way. I duplicated the same command but with different syntax to see if something worked: cli script VPN_users_SHOW { proc script::run {} { set cmd "tmsh::list /ltm data-group internal auth_users_access" tmsh::log "Executing the command: $cmd" eval $cmd list ltm data-group internal auth_users_access } } To run the script I simply execute it: "run cli script VPN_tmp_user_access_SHOW" I expected to list the data-group but it does not show any data. Any suggestion of what is missing?2.3KViews0likes1CommentScript to switch between two pool members.
Has anyone written a script to switch pool members state? Switch the enable member to disable and the disabled member to enable in a 2 member pool. We are not running active/active so the disabled member would need to be brought up first. Thanks. Mike.222Views0likes1CommentHelp with creating script
Currently we are using the google authenticator with our F5 implementation. We provide our users with a shared secret key and store the same key in our Active Directory for later reference. So basically we add a sample key like this to one of our AD fields: GVUEYVDJMNSFIMD2 So basically i have a ton of users with this setup in their AD fields. One of the issues i have with our setup is the fact the key we store in Active Directory is too visible to others in my organization. So a friend point this link to me and I think it will fix my concerns: https://devcentral.f5.com/questions/apm-active-directory-authention-with-google-auth So we add the following code to the google authenticator generator page: append ga_secret_http_resp "key (secret): $secret_b32\n \n " set key "3658F2C8C5C2017839B2B1761F713F8B" set iv "DC4F6A9A1C6D12C15FEC43179660C78B" set enc_ga_secret [b64encode [CRYPTO::encrypt -alg aes-128-cbc -keyhex $key -ivhex $iv $secret_b32]] append ga_secret_http_resp "encrypted secret: $enc_ga_secret\n" append ga_secret_http_resp "\n" Users are provide the key GVUEYVDJMNSFIMD2 and we now add this encrypted key 3qqb/Yr1gSblF99F8/XkgJVFG5vs9KG5OwflwLHkU9I= to AD. The F5 can then decrypt the key and it works great. However, I now need to create a script that will take the remain shared key we have in everybody account and encrypt it. I was hoping someone knew a little power shell or some other scripting language that could help me out of this jam!171Views0likes0Comments