Automated ASM Backup - working bash script now to automate or convert to iCall/tcl

Question

Hi All,&nbsp;I have put together a BASH script that when run performs a backup of the ASM policies and copies them to a remote location. The script runs great and I have had it set as a Cron job in my lab setup to automate the backups. Unfortunately, the business does not want a script running as a Cron job on the F5.&nbsp;I have had it suggested to me to use iCall. I have seen only limited information regarding iCall that was written in a way that someone that has never seen iCall could understand. This got me far enough to understand that iCall runs tcl scripts, not bash scripts! The result being if I was to use iCall I would need to re-write the script completely.&nbsp;I am looking for 2 options here:&nbsp;&nbsp;&nbsp;&nbsp;A means to automate running a bash script on the F5.&nbsp;&nbsp;&nbsp;OR detailed information or getting started with iCall - Better yet, converting bash to tcl.&nbsp;To illustrate my issue, my bash script lives on the F5 and does the following:&nbsp;&nbsp;&nbsp;reads a counter value from a file&nbsp;&nbsp;&nbsp;curl command to the management interface and copies a list of ASM policy details to a txt file.&nbsp;&nbsp;&nbsp;greps the policy names from the original txt file to a new txt file.&nbsp;&nbsp;&nbsp;greps the policy IDs from the original txt file to a new txt file.&nbsp;&nbsp;&nbsp;sets a parameter with the current data and time as the value&nbsp;&nbsp;&nbsp;makes a localDirectory using the data and time parameter as the folder name (this ensures a known date of the backup - also ensures you can re-run and get a new folder on the same day if required)&nbsp;&nbsp;&nbsp;uses curl post and get commands to get the policies from the F5.&nbsp;&nbsp;&nbsp;curl upload-file command to copy files to remote smb location&nbsp;&nbsp;&nbsp;adjust the counter&nbsp;&nbsp;&nbsp;performs a cleanup of any files that were created locally.&nbsp;If I switch over to using iCall the above all needs to be done with tcl - I am not sure how much of that is supported. I have found that "echo" is replaced with "puts", is there a "curl", "cat", etc equivalent?&nbsp;Thanks in advance

andy_mcgrath · Accepted Answer

For the basics see https://devcentral.f5.com/s/articles/what-is-icall-27404

Also check out the following as an iCall example https://devcentral.f5.com/s/articles/icall-crl-update-with-route-domains-and-auto-sync-1169 (shameless plug of my own code)

You can run shell commands from TCL using the exec command and also run tmsh commands (see TMSH scripting help at https://clouddocs.f5.com/api/tmsh/)

It is a lot to take in and learn over running Bash scripts (and using cron to schedule them) as the iCall scripts and configuration is part of the F5 configuration so backed up and retained during upgrades.

saidshow · Answer

&nbsp; - You did it mate!! I have what I need now. I had a script setup and the script running with the periodic handler, the missing component was the exec command in the script!!! The missing component was simple but I couldn't find it anywhere. Thank You!!!

andy_mcgrath · Answer

@saidshow not a problem, glad you managed to work it out.

It it always is the simple things missed that catch us out, took me a while and many many versions to get that iCall working correctly.

Also if you want to set my answer as the accepted answer will hopefully help other in the future.

saidshow · Answer

&nbsp; - Done. Thanks again. I'll come back and add some more specific information to help out anyone landing here in the future.

saidshow · Answer

Sorry it took me so long to come back and put some detail here.First up, I copied my bash script to the F5 platform.Next I created the iCall script that will execute the bash script.Finally I created the iCall period handler that will run every 4 weeks.*From interactive tmsh shell on the F5:create sys icall script asmBackupScriptNow in VIM, edit the script and save.   sys icall script hi {
&nbsp;
      app-service none
&nbsp;
      definition {
&nbsp;
         exec /asmBackup/asmBackup.sh
&nbsp;
      }
&nbsp;
      description none
&nbsp;
      events noneCreating the iCall Periodic Handler:The one liner below needs to run from an interactive tmsh shell. create sys icall handler periodic asmBackupHandler {interval 2419200 script asmBackupScript}You can then edit this script further in vim by running:edit sys icall handler periodic asmBackupHandlereg: you can add a time for this script to run first time:The setup below will see the script run every 4th Sunday at 10:00amsys icall handler periodic asmBackupHandler {
	first-occurrence 2019-07-07:10:00:00
	interval 2419200
	script asmBackupScript
}

sivayenduri · Answer

Hello guys, can i use the same script in LTM (v12.1.4) to get a backup of LTM config and other tmsh show commands output in a csv or XML format?and... What does "app-service none" mean?

Forum Discussion

Automated ASM Backup - working bash script now to automate or convert to iCall/tcl

6 Replies

Recent Discussions

minimum tmos software version for connect CIS (openshift)

Chrome V 124+ on MacOS - Virtual Server Access Issue

F5 Rseries HA

Need advise to setup a policy on F5

F5 Rseries R2600 Tenant sizing

Related Content

Automating ACMEv2 Certificate Management on BIG-IP

Automate Let's Encrypt Certificates on BIG-IP

Automate scp transfers using password

F5 and Cisco ACI Essentials: Automate automate automate !!!

F5 iApp Automated Backup