Discussion:
[rancid] F5 ("bigip") script
john heasley
2009-04-16 22:29:07 UTC
Permalink
I don't have a F5 box, but had put together a script while someone had
provided remote access, but hadn't finished testing it. Would someone
with one an F5 download
ftp://ftp.shrubbery.net/pub/rancid/rancid-2.3.2a10.tar.gz
and test it, please.
marcus gaysek
2009-04-17 12:48:40 UTC
Permalink
I may be able to test this for you in our Dev environment, sometime in the
next few days.

There are f5 scripts already in place, does you script perform anything
different than the current ones?
Post by john heasley
I don't have a F5 box, but had put together a script while someone had
provided remote access, but hadn't finished testing it. Would someone
with one an F5 download
ftp://ftp.shrubbery.net/pub/rancid/rancid-2.3.2a10.tar.gz
and test it, please.
_______________________________________________
Rancid-discuss mailing list
http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
john heasley
2009-04-17 19:58:59 UTC
Permalink
Post by marcus gaysek
I may be able to test this for you in our Dev environment, sometime in the
next few days.
There are f5 scripts already in place, does you script perform anything
different than the current ones?
IIRC, it largely the same as the one in 2.3.2a9, whose makefile did not
install the script.
Post by marcus gaysek
Post by john heasley
I don't have a F5 box, but had put together a script while someone had
provided remote access, but hadn't finished testing it. Would someone
with one an F5 download
ftp://ftp.shrubbery.net/pub/rancid/rancid-2.3.2a10.tar.gz
and test it, please.
_______________________________________________
Rancid-discuss mailing list
http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
marcus gaysek
2009-04-17 20:56:10 UTC
Permalink
Just a quick note. The install went smooth and the rancid-run ran fine. I
took a quick look at the config saved and I think I like what I see. I will
provide a better update on Monday or Tuesday.
Post by john heasley
Post by marcus gaysek
I may be able to test this for you in our Dev environment, sometime in
the
Post by marcus gaysek
next few days.
There are f5 scripts already in place, does you script perform anything
different than the current ones?
IIRC, it largely the same as the one in 2.3.2a9, whose makefile did not
install the script.
Post by marcus gaysek
Post by john heasley
I don't have a F5 box, but had put together a script while someone had
provided remote access, but hadn't finished testing it. Would someone
with one an F5 download
ftp://ftp.shrubbery.net/pub/rancid/rancid-2.3.2a10.tar.gz
and test it, please.
_______________________________________________
Rancid-discuss mailing list
http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
Teun Vink
2009-04-20 13:27:37 UTC
Permalink
Post by john heasley
I don't have a F5 box, but had put together a script while someone had
provided remote access, but hadn't finished testing it. Would someone
with one an F5 download
ftp://ftp.shrubbery.net/pub/rancid/rancid-2.3.2a10.tar.gz
and test it, please.
Just did a quick test, it works fine for me. I had some issues with the
previous version which seemed to have some ordering issues in the
output, which resulted in false diffs every single run. I don't see them
in this version, so I'm happy :)

regards,
Teun
john heasley
2009-04-20 17:28:40 UTC
Permalink
I have tested with a couple of Cisco devices, including an ASA and I am not
seeing the formatting issues I have seen in the past.
thats probably luck.
The LTM config looks great. The only thing that I can see that needs to be
what is 'LTM'?
manually downloaded are the certs. All in all this seems to be a great
improvemant. Thanks for making it work.
The certs are in the configuration? is there a command or option to get
them?
Post by Teun Vink
Post by john heasley
I don't have a F5 box, but had put together a script while someone had
provided remote access, but hadn't finished testing it. Would someone
with one an F5 download
ftp://ftp.shrubbery.net/pub/rancid/rancid-2.3.2a10.tar.gz
and test it, please.
Just did a quick test, it works fine for me. I had some issues with the
previous version which seemed to have some ordering issues in the
output, which resulted in false diffs every single run. I don't see them
in this version, so I'm happy :)
regards,
Teun
_______________________________________________
Rancid-discuss mailing list
http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
Mike Ashcraft
2009-04-20 17:37:33 UTC
Permalink
LTM = Local Traffic Manager = F5 Big-IP

Thanks

-----Original Message-----
From: rancid-discuss-***@shrubbery.net [mailto:rancid-discuss-***@shrubbery.net] On Behalf Of john heasley
Sent: Monday, April 20, 2009 11:29 AM
To: marcus gaysek
Cc: rancid-***@shrubbery.net
Subject: [rancid] Re: F5 ("bigip") script
I have tested with a couple of Cisco devices, including an ASA and I am not
seeing the formatting issues I have seen in the past.
thats probably luck.
The LTM config looks great. The only thing that I can see that needs to be
what is 'LTM'?
manually downloaded are the certs. All in all this seems to be a great
improvemant. Thanks for making it work.
The certs are in the configuration? is there a command or option to get
them?
Post by Teun Vink
Post by john heasley
I don't have a F5 box, but had put together a script while someone had
provided remote access, but hadn't finished testing it. Would someone
with one an F5 download
ftp://ftp.shrubbery.net/pub/rancid/rancid-2.3.2a10.tar.gz
and test it, please.
Just did a quick test, it works fine for me. I had some issues with the
previous version which seemed to have some ordering issues in the
output, which resulted in false diffs every single run. I don't see them
in this version, so I'm happy :)
regards,
Teun
_______________________________________________
Rancid-discuss mailing list
http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
marcus gaysek
2009-04-20 18:08:25 UTC
Permalink
The certs are located in in the config/ssl/ sub-directories, which would
need to be download'd. I would think that functionality would be outside of
Rancid, but if you lost your LTM you would need them to rebuild a new one.
You capture their names as part of the config. They are listed in the last
few lines.

There is a command in the BigIP devices (GTMs and LTMs) that captures all
the files and compresses them in a .ucs file. Once they are created they
can be downloaded and used to restore a BigIP.
Post by Mike Ashcraft
LTM = Local Traffic Manager = F5 Big-IP
Thanks
-----Original Message-----
Sent: Monday, April 20, 2009 11:29 AM
To: marcus gaysek
Subject: [rancid] Re: F5 ("bigip") script
I have tested with a couple of Cisco devices, including an ASA and I am
not
seeing the formatting issues I have seen in the past.
thats probably luck.
The LTM config looks great. The only thing that I can see that needs to
be
what is 'LTM'?
manually downloaded are the certs. All in all this seems to be a great
improvemant. Thanks for making it work.
The certs are in the configuration? is there a command or option to get
them?
Post by Teun Vink
Post by john heasley
I don't have a F5 box, but had put together a script while someone
had
Post by Teun Vink
Post by john heasley
provided remote access, but hadn't finished testing it. Would
someone
Post by Teun Vink
Post by john heasley
with one an F5 download
ftp://ftp.shrubbery.net/pub/rancid/rancid-2.3.2a10.tar.gz
and test it, please.
Just did a quick test, it works fine for me. I had some issues with the
previous version which seemed to have some ordering issues in the
output, which resulted in false diffs every single run. I don't see
them
Post by Teun Vink
in this version, so I'm happy :)
regards,
Teun
_______________________________________________
Rancid-discuss mailing list
http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
_______________________________________________
Rancid-discuss mailing list
http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
_______________________________________________
Rancid-discuss mailing list
http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
john heasley
2009-04-20 18:37:10 UTC
Permalink
Post by marcus gaysek
The certs are located in in the config/ssl/ sub-directories, which would
need to be download'd. I would think that functionality would be outside of
Rancid, but if you lost your LTM you would need them to rebuild a new one.
You capture their names as part of the config. They are listed in the last
few lines.
if they're always these files
{'ls --full-time --color=never /config/ssl/ssl.crt' => 'ShowSslCrt'},
{'ls --full-time --color=never /config/ssl/ssl.key' => 'ShowSslKey'},
is there a "cat" or "more" command? Their contents should be ascii.
Post by marcus gaysek
There is a command in the BigIP devices (GTMs and LTMs) that captures all
the files and compresses them in a .ucs file. Once they are created they
can be downloaded and used to restore a BigIP.
Post by Mike Ashcraft
LTM = Local Traffic Manager = F5 Big-IP
Thanks
-----Original Message-----
Sent: Monday, April 20, 2009 11:29 AM
To: marcus gaysek
Subject: [rancid] Re: F5 ("bigip") script
I have tested with a couple of Cisco devices, including an ASA and I am
not
seeing the formatting issues I have seen in the past.
thats probably luck.
The LTM config looks great. The only thing that I can see that needs to
be
what is 'LTM'?
manually downloaded are the certs. All in all this seems to be a great
improvemant. Thanks for making it work.
The certs are in the configuration? is there a command or option to get
them?
Post by Teun Vink
Post by john heasley
I don't have a F5 box, but had put together a script while someone
had
Post by Teun Vink
Post by john heasley
provided remote access, but hadn't finished testing it. Would
someone
Post by Teun Vink
Post by john heasley
with one an F5 download
ftp://ftp.shrubbery.net/pub/rancid/rancid-2.3.2a10.tar.gz
and test it, please.
Just did a quick test, it works fine for me. I had some issues with the
previous version which seemed to have some ordering issues in the
output, which resulted in false diffs every single run. I don't see
them
Post by Teun Vink
in this version, so I'm happy :)
regards,
Teun
_______________________________________________
Rancid-discuss mailing list
http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
_______________________________________________
Rancid-discuss mailing list
http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
_______________________________________________
Rancid-discuss mailing list
http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
marcus gaysek
2009-04-20 18:48:41 UTC
Permalink
Those are actually directories. The name of the certs are always
different.

Both cat and more are available (BigIPs are linux/bsd based). I believe all
the files below ssl directory are required, excluding ca-bundle.crt. The
amount of files depends on how many certs are installed on the device.

There are four directories: ssl.crl ssl.crt ssl.csr ssl.key
Post by john heasley
Post by marcus gaysek
The certs are located in in the config/ssl/ sub-directories, which would
need to be download'd. I would think that functionality would be outside
of
Post by marcus gaysek
Rancid, but if you lost your LTM you would need them to rebuild a new
one.
Post by marcus gaysek
You capture their names as part of the config. They are listed in the
last
Post by marcus gaysek
few lines.
if they're always these files
{'ls --full-time --color=never /config/ssl/ssl.crt' =>
'ShowSslCrt'},
{'ls --full-time --color=never /config/ssl/ssl.key' =>
'ShowSslKey'},
is there a "cat" or "more" command? Their contents should be ascii.
Post by marcus gaysek
There is a command in the BigIP devices (GTMs and LTMs) that captures all
the files and compresses them in a .ucs file. Once they are created they
can be downloaded and used to restore a BigIP.
Post by Mike Ashcraft
LTM = Local Traffic Manager = F5 Big-IP
Thanks
-----Original Message-----
Sent: Monday, April 20, 2009 11:29 AM
To: marcus gaysek
Subject: [rancid] Re: F5 ("bigip") script
I have tested with a couple of Cisco devices, including an ASA and I
am
Post by marcus gaysek
Post by Mike Ashcraft
not
seeing the formatting issues I have seen in the past.
thats probably luck.
The LTM config looks great. The only thing that I can see that needs
to
Post by marcus gaysek
Post by Mike Ashcraft
be
what is 'LTM'?
manually downloaded are the certs. All in all this seems to be a
great
Post by marcus gaysek
Post by Mike Ashcraft
improvemant. Thanks for making it work.
The certs are in the configuration? is there a command or option to
get
Post by marcus gaysek
Post by Mike Ashcraft
them?
Post by Teun Vink
Post by john heasley
I don't have a F5 box, but had put together a script while
someone
Post by marcus gaysek
Post by Mike Ashcraft
had
Post by Teun Vink
Post by john heasley
provided remote access, but hadn't finished testing it. Would
someone
Post by Teun Vink
Post by john heasley
with one an F5 download
ftp://ftp.shrubbery.net/pub/rancid/rancid-2.3.2a10.tar.gz
and test it, please.
Just did a quick test, it works fine for me. I had some issues with
the
Post by marcus gaysek
Post by Mike Ashcraft
Post by Teun Vink
previous version which seemed to have some ordering issues in the
output, which resulted in false diffs every single run. I don't see
them
Post by Teun Vink
in this version, so I'm happy :)
regards,
Teun
_______________________________________________
Rancid-discuss mailing list
http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
_______________________________________________
Rancid-discuss mailing list
http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
_______________________________________________
Rancid-discuss mailing list
http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
Mike Ashcraft
2009-04-20 20:01:10 UTC
Permalink
I added the SSL directory listings to track changes to SSL certs [adds/removals/updates].

Storing these as part of the config within rancid would be reasonable only if there were very few certs. They are best archived elsewhere by backing up the .ucs file as Marcus mentioned, an rsync to a backup host or similar methods.

Mike

From: marcus gaysek [mailto:***@gmail.com]
Sent: Monday, April 20, 2009 12:49 PM
To: john heasley
Cc: Mike Ashcraft; rancid-***@shrubbery.net
Subject: Re: [rancid] Re: F5 ("bigip") script

Those are actually directories. The name of the certs are always different.

Both cat and more are available (BigIPs are linux/bsd based). I believe all the files below ssl directory are required, excluding ca-bundle.crt. The amount of files depends on how many certs are installed on the device.

There are four directories: ssl.crl ssl.crt ssl.csr ssl.key
Post by marcus gaysek
The certs are located in in the config/ssl/ sub-directories, which would
need to be download'd. I would think that functionality would be outside of
Rancid, but if you lost your LTM you would need them to rebuild a new one.
You capture their names as part of the config. They are listed in the last
few lines.
if they're always these files
{'ls --full-time --color=never /config/ssl/ssl.crt' => 'ShowSslCrt'},
{'ls --full-time --color=never /config/ssl/ssl.key' => 'ShowSslKey'},
is there a "cat" or "more" command? Their contents should be ascii.
Post by marcus gaysek
There is a command in the BigIP devices (GTMs and LTMs) that captures all
the files and compresses them in a .ucs file. Once they are created they
can be downloaded and used to restore a BigIP.
Post by Mike Ashcraft
LTM = Local Traffic Manager = F5 Big-IP
Thanks
-----Original Message-----
Sent: Monday, April 20, 2009 11:29 AM
To: marcus gaysek
Subject: [rancid] Re: F5 ("bigip") script
I have tested with a couple of Cisco devices, including an ASA and I am
not
seeing the formatting issues I have seen in the past.
thats probably luck.
The LTM config looks great. The only thing that I can see that needs to
be
what is 'LTM'?
manually downloaded are the certs. All in all this seems to be a great
improvemant. Thanks for making it work.
The certs are in the configuration? is there a command or option to get
them?
Post by Teun Vink
Post by john heasley
I don't have a F5 box, but had put together a script while someone
had
Post by Teun Vink
Post by john heasley
provided remote access, but hadn't finished testing it. Would
someone
Post by Teun Vink
Post by john heasley
with one an F5 download
ftp://ftp.shrubbery.net/pub/rancid/rancid-2.3.2a10.tar.gz
and test it, please.
Just did a quick test, it works fine for me. I had some issues with the
previous version which seemed to have some ordering issues in the
output, which resulted in false diffs every single run. I don't see
them
Post by Teun Vink
in this version, so I'm happy :)
regards,
Teun
_______________________________________________
Rancid-discuss mailing list
http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
_______________________________________________
Rancid-discuss mailing list
http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
_______________________________________________
Rancid-discuss mailing list
http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
john heasley
2009-04-20 20:34:18 UTC
Permalink
Post by Mike Ashcraft
I added the SSL directory listings to track changes to SSL certs [adds/removals/updates].
Storing these as part of the config within rancid would be reasonable only if there were very few certs. They are best archived elsewhere by backing up the .ucs file as Marcus mentioned, an rsync to a backup host or similar methods.
Mike
thanks. i'm drawing the line here; 2.3.2a10 will be 2.3.2 release. the
motorola, wti, digi, netgear, and adtran stuff will go into 2.4.
Post by Mike Ashcraft
Sent: Monday, April 20, 2009 12:49 PM
To: john heasley
Subject: Re: [rancid] Re: F5 ("bigip") script
Those are actually directories. The name of the certs are always different.
Both cat and more are available (BigIPs are linux/bsd based). I believe all the files below ssl directory are required, excluding ca-bundle.crt. The amount of files depends on how many certs are installed on the device.
There are four directories: ssl.crl ssl.crt ssl.csr ssl.key
Post by marcus gaysek
The certs are located in in the config/ssl/ sub-directories, which would
need to be download'd. I would think that functionality would be outside of
Rancid, but if you lost your LTM you would need them to rebuild a new one.
You capture their names as part of the config. They are listed in the last
few lines.
if they're always these files
{'ls --full-time --color=never /config/ssl/ssl.crt' => 'ShowSslCrt'},
{'ls --full-time --color=never /config/ssl/ssl.key' => 'ShowSslKey'},
is there a "cat" or "more" command? Their contents should be ascii.
Post by marcus gaysek
There is a command in the BigIP devices (GTMs and LTMs) that captures all
the files and compresses them in a .ucs file. Once they are created they
can be downloaded and used to restore a BigIP.
Post by Mike Ashcraft
LTM = Local Traffic Manager = F5 Big-IP
Thanks
-----Original Message-----
Sent: Monday, April 20, 2009 11:29 AM
To: marcus gaysek
Subject: [rancid] Re: F5 ("bigip") script
I have tested with a couple of Cisco devices, including an ASA and I am
not
seeing the formatting issues I have seen in the past.
thats probably luck.
The LTM config looks great. The only thing that I can see that needs to
be
what is 'LTM'?
manually downloaded are the certs. All in all this seems to be a great
improvemant. Thanks for making it work.
The certs are in the configuration? is there a command or option to get
them?
Post by Teun Vink
Post by john heasley
I don't have a F5 box, but had put together a script while someone
had
Post by Teun Vink
Post by john heasley
provided remote access, but hadn't finished testing it. Would
someone
Post by Teun Vink
Post by john heasley
with one an F5 download
ftp://ftp.shrubbery.net/pub/rancid/rancid-2.3.2a10.tar.gz
and test it, please.
Just did a quick test, it works fine for me. I had some issues with the
previous version which seemed to have some ordering issues in the
output, which resulted in false diffs every single run. I don't see
them
Post by Teun Vink
in this version, so I'm happy :)
regards,
Teun
_______________________________________________
Rancid-discuss mailing list
http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
_______________________________________________
Rancid-discuss mailing list
http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
_______________________________________________
Rancid-discuss mailing list
http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
Sam Munzani
2009-04-21 14:10:40 UTC
Permalink
Post by john heasley
Post by Mike Ashcraft
I added the SSL directory listings to track changes to SSL certs [adds/removals/updates].
Storing these as part of the config within rancid would be reasonable only if there were very few certs. They are best archived elsewhere by backing up the .ucs file as Marcus mentioned, an rsync to a backup host or similar methods.
Mike
thanks. i'm drawing the line here; 2.3.2a10 will be 2.3.2 release. the
motorola, wti, digi, netgear, and adtran stuff will go into 2.4.
I second your decision. F5 has support has been stable now so making it
to a major release is good move. Rest we can work towards next release.

Thanks,
sam
Post by john heasley
Post by Mike Ashcraft
Sent: Monday, April 20, 2009 12:49 PM
To: john heasley
Subject: Re: [rancid] Re: F5 ("bigip") script
Those are actually directories. The name of the certs are always different.
Both cat and more are available (BigIPs are linux/bsd based). I believe all the files below ssl directory are required, excluding ca-bundle.crt. The amount of files depends on how many certs are installed on the device.
There are four directories: ssl.crl ssl.crt ssl.csr ssl.key
Post by marcus gaysek
The certs are located in in the config/ssl/ sub-directories, which would
need to be download'd. I would think that functionality would be outside of
Rancid, but if you lost your LTM you would need them to rebuild a new one.
You capture their names as part of the config. They are listed in the last
few lines.
if they're always these files
{'ls --full-time --color=never /config/ssl/ssl.crt' => 'ShowSslCrt'},
{'ls --full-time --color=never /config/ssl/ssl.key' => 'ShowSslKey'},
is there a "cat" or "more" command? Their contents should be ascii.
Post by marcus gaysek
There is a command in the BigIP devices (GTMs and LTMs) that captures all
the files and compresses them in a .ucs file. Once they are created they
can be downloaded and used to restore a BigIP.
Post by Mike Ashcraft
LTM = Local Traffic Manager = F5 Big-IP
Thanks
-----Original Message-----
Sent: Monday, April 20, 2009 11:29 AM
To: marcus gaysek
Subject: [rancid] Re: F5 ("bigip") script
I have tested with a couple of Cisco devices, including an ASA and I am
not
seeing the formatting issues I have seen in the past.
thats probably luck.
The LTM config looks great. The only thing that I can see that needs to
be
what is 'LTM'?
manually downloaded are the certs. All in all this seems to be a great
improvemant. Thanks for making it work.
The certs are in the configuration? is there a command or option to get
them?
Post by Teun Vink
Post by john heasley
I don't have a F5 box, but had put together a script while someone
had
Post by Teun Vink
Post by john heasley
provided remote access, but hadn't finished testing it. Would
someone
Post by Teun Vink
Post by john heasley
with one an F5 download
ftp://ftp.shrubbery.net/pub/rancid/rancid-2.3.2a10.tar.gz
and test it, please.
Just did a quick test, it works fine for me. I had some issues with the
previous version which seemed to have some ordering issues in the
output, which resulted in false diffs every single run. I don't see
them
Post by Teun Vink
in this version, so I'm happy :)
regards,
Teun
_______________________________________________
Rancid-discuss mailing list
http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
_______________________________________________
Rancid-discuss mailing list
http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
_______________________________________________
Rancid-discuss mailing list
http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
_______________________________________________
Rancid-discuss mailing list
http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
Sam Munzani
2009-04-21 14:12:54 UTC
Permalink
Usually SSL certs don't change every day. The approach I have taken is
tar ball them all and scp over. Then do those manual steps only when the
certs change.

Thanks,
Sam
Post by Mike Ashcraft
I added the SSL directory listings to track changes to SSL certs [adds/removals/updates].
Storing these as part of the config within rancid would be reasonable
only if there were very few certs. They are best archived elsewhere
by backing up the .ucs file as Marcus mentioned, an rsync to a backup
host or similar methods.
Mike
*Sent:* Monday, April 20, 2009 12:49 PM
*To:* john heasley
*Subject:* Re: [rancid] Re: F5 ("bigip") script
Those are actually directories. The name of the certs are always different.
Both cat and more are available (BigIPs are linux/bsd based). I
believe all the files below ssl directory are required, excluding
ca-bundle.crt. The amount of files depends on how many certs are
installed on the device.
There are four directories: ssl.crl ssl.crt ssl.csr ssl.key
Post by marcus gaysek
The certs are located in in the config/ssl/ sub-directories, which
would
Post by marcus gaysek
need to be download'd. I would think that functionality would be
outside of
Post by marcus gaysek
Rancid, but if you lost your LTM you would need them to rebuild a
new one.
Post by marcus gaysek
You capture their names as part of the config. They are listed in
the last
Post by marcus gaysek
few lines.
if they're always these files
{'ls --full-time --color=never /config/ssl/ssl.crt' =>
'ShowSslCrt'},
{'ls --full-time --color=never /config/ssl/ssl.key' =>
'ShowSslKey'},
is there a "cat" or "more" command? Their contents should be ascii.
Post by marcus gaysek
There is a command in the BigIP devices (GTMs and LTMs) that
captures all
Post by marcus gaysek
the files and compresses them in a .ucs file. Once they are created
they
Post by marcus gaysek
can be downloaded and used to restore a BigIP.
On Mon, Apr 20, 2009 at 1:37 PM, Mike Ashcraft
Post by Mike Ashcraft
LTM = Local Traffic Manager = F5 Big-IP
Thanks
-----Original Message-----
Sent: Monday, April 20, 2009 11:29 AM
To: marcus gaysek
Subject: [rancid] Re: F5 ("bigip") script
I have tested with a couple of Cisco devices, including an ASA
and I am
Post by marcus gaysek
Post by Mike Ashcraft
not
seeing the formatting issues I have seen in the past.
thats probably luck.
The LTM config looks great. The only thing that I can see that
needs to
Post by marcus gaysek
Post by Mike Ashcraft
be
what is 'LTM'?
manually downloaded are the certs. All in all this seems to be a
great
Post by marcus gaysek
Post by Mike Ashcraft
improvemant. Thanks for making it work.
The certs are in the configuration? is there a command or option
to get
Post by marcus gaysek
Post by Mike Ashcraft
them?
Post by Teun Vink
Post by john heasley
I don't have a F5 box, but had put together a script while
someone
Post by marcus gaysek
Post by Mike Ashcraft
had
Post by Teun Vink
Post by john heasley
provided remote access, but hadn't finished testing it. Would
someone
Post by Teun Vink
Post by john heasley
with one an F5 download
ftp://ftp.shrubbery.net/pub/rancid/rancid-2.3.2a10.tar.gz
and test it, please.
Just did a quick test, it works fine for me. I had some issues
with the
Post by marcus gaysek
Post by Mike Ashcraft
Post by Teun Vink
previous version which seemed to have some ordering issues in the
output, which resulted in false diffs every single run. I
don't see
Post by marcus gaysek
Post by Mike Ashcraft
them
Post by Teun Vink
in this version, so I'm happy :)
regards,
Teun
_______________________________________________
Rancid-discuss mailing list
http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
_______________________________________________
Rancid-discuss mailing list
http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
_______________________________________________
Rancid-discuss mailing list
http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
------------------------------------------------------------------------
_______________________________________________
Rancid-discuss mailing list
http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
Teun Vink
2009-04-21 06:50:15 UTC
Permalink
On Mon, 2009-04-20 at 17:28 +0000, john heasley wrote:
[...]
Post by john heasley
what is 'LTM'?
The Local Traffic Manager, one of the products of F5.
Post by john heasley
manually downloaded are the certs. All in all this seems to be a great
improvemant. Thanks for making it work.
The certs are in the configuration? is there a command or option to get
them?
they are stored on local disk in
/config/ssl/ssl.csr/*
/config/ssl/ssl.key/*
/config/ssl/ssl.crl/*
/config/ssl/ssl.crt/*


Regards,
Teun
Sotiris Tsimbonis
2009-04-21 19:58:44 UTC
Permalink
Post by Teun Vink
[...]
Post by john heasley
what is 'LTM'?
The Local Traffic Manager, one of the products of F5.
Post by john heasley
manually downloaded are the certs. All in all this seems to be a great
improvemant. Thanks for making it work.
The certs are in the configuration? is there a command or option to get
them?
they are stored on local disk in
/config/ssl/ssl.csr/*
/config/ssl/ssl.key/*
/config/ssl/ssl.crl/*
/config/ssl/ssl.crt/*
Here is a small script I've put together and run on our LTM..
----------------------------------------------------------------
bigip01:~# cat /root/rancid-ssl.sh
#!/bin/bash

ls -l /config/ssl/ssl.crt/*.crt

for file in `echo /config/ssl/ssl.crt/*.crt` ; do
if [ $file != "/config/ssl/ssl.crt/ca-bundle.crt" ] ; then
echo " "
echo Contents of $file follow:
cat $file
echo " "
fi
done

ls -l /config/ssl/ssl.key/*.key

for file in `echo /config/ssl/ssl.key/*.key` ; do
echo " "
echo Contents of $file follow:
cat $file
echo " "
done

echo "END-OF-RANCID-SSL"
----------------------------------------------------------------

and the corresponding mods sub in f5rancid ....

@commandtable = (
...
{'/root/rancid-ssl.sh' => 'RancidSSL'},

sub RancidSSL {
print STDERR " In ConfFile: $_" if ($debug);

ProcessHistory("COMMENTS","","BO","!\n!\n! #### Running
$cmd\n!\n!\n");

while (<INPUT>) {
tr/\015//d;
last if (/^END-OF-RANCID-SSL/);
# next if (/^(\s*|\s*$cmd\s*)$/);
ProcessHistory("","","$cmd","$_");
}
# ProcessHistory("","","$cmd","$_");
$found_end = 1;
return(0);
}


Sotiris.
Post by Teun Vink
Regards,
Teun
_______________________________________________
Rancid-discuss mailing list
http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
marcus gaysek
2009-04-20 16:34:18 UTC
Permalink
I have tested with a couple of Cisco devices, including an ASA and I am not
seeing the formatting issues I have seen in the past.
The LTM config looks great. The only thing that I can see that needs to be
manually downloaded are the certs. All in all this seems to be a great
improvemant. Thanks for making it work.
Post by Teun Vink
Post by john heasley
I don't have a F5 box, but had put together a script while someone had
provided remote access, but hadn't finished testing it. Would someone
with one an F5 download
ftp://ftp.shrubbery.net/pub/rancid/rancid-2.3.2a10.tar.gz
and test it, please.
Just did a quick test, it works fine for me. I had some issues with the
previous version which seemed to have some ordering issues in the
output, which resulted in false diffs every single run. I don't see them
in this version, so I'm happy :)
regards,
Teun
_______________________________________________
Rancid-discuss mailing list
http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
Loading...