Import PKCS 12 SSL to Device Certificate via API/Script or CLI on BIG-IP
We have more than 160 BIG-IP Virtual Edition with version 15.1.10.3 build 0.0.12. We need to import, in each one, an SSL Certificate in PFX/PKCS 12 format in the path System ›› Certificate Management: Device Certificate Management: Device Certificate. We looked in the documentation and the KB but we couldn't find a way to do it. Has anyone dealt with this and have a solution to do it via Script, CLI or API? Thank you.26Views0likes1CommentNotifications via External Monitor
Hi, I have an external monitor that sends a notification (email) when it fails. I don't want it failing so I just had it create a file when if fails. If that file doesn't exist, it will notify. If it does exist, it just marks it down but doesn't send the alert. The way I thought to clean it up was just to rm-f the file when the status goes back to UP. This works fine if the script is run manually, but will not work when it runs through F5. Here are the basics of the script: curl -s -v -k -H "Host: ${HOST}" -k https://${NODE}${URI} 2>&1 > /dev/null | grep -i "${RECV}" STATUS=$? rm -f $PIDFILE if [ $STATUS -eq 0 ] then rm -f /shared/tmp/service-${NODE} echo "UP" else if [ ! -f /shared/tmp/service-${NODE} ] then touch /shared/tmp/service-${NODE} chmod 777 /shared/tmp/service-${NODE} curl -s -o /shared/tmp/service-${NODE}.html -H "Host: ${HOST}" -k https://${NODE}${URI} EMAIL NOTIFICATION PART fi fi exit Is there something that I am missing? Is there a better way?190Views0likes1CommentUpgrade Verification - CLI tips and tricks
I mentioned recently in a conversation that I use to use the CLI to generate a snapshot of the bigip run state for pre/post comparison after an upgrade. By accident, I ran across these scripts today so here they are for your enjoyment. They are circa big-ip v12 so update as needed, feel free to post updated versions in the reply and i will tick them as the answer even. Pre-Change (Now supports partitions) # tmsh -c "cd /; show ltm virtual recursive" | awk '/Ltm::Virtual/ { printf $NF } /(Availability|State)/ { printf ":"$NF } /Reason/ { print ":"$NF} ' > bigip-virtual-state.pre # tmsh -c "cd /; show ltm pool recursive" | awk '/Ltm::Pool/ { printf $NF } /(Availability|State)/ { printf ":"$NF } /Reason/ { print ":"$NF} ' > bigip-pool-state.pre Post Change # tmsh -c "cd /; show ltm virtual recursive" | awk '/Ltm::Virtual/ { printf $NF } /(Availability|State)/ { printf ":"$NF } /Reason/ { print ":"$NF} ' > bigip-virtual-state.post # tmsh -c "cd /; show ltm pool recursive" | awk '/Ltm::Pool/ { printf $NF } /(Availability|State)/ { printf ":"$NF } /Reason/ { print ":"$NF} ' > bigip-pool-state.post Comparison # diff bigip-virtual-state.pre bigip-virtual-state.post # diff bigip-pool-state.pre bigip-pool-state.post580Views2likes1CommentConfigure a monitor/irule to check a webpage health only after login using a test credentials
I am looking for help to configure a monitor/irule to login to a web page with credentials then check the service up/down when the login is successful. It would be really appreciated if someone could be able to share/help me with coding/programming to achieve this. I have gone through some F5 articles but did not find a better solution.Solved1.3KViews1like2CommentsGetting started with a script to delete user APM session(s)
I have a request to create a script to delete the APM session(s) of a user ID. I can easily do this via the GUI and have found the commands to do it manually, however scripting is totally new to me (though I've programmed in the past). So, I have a few questions to help get an idea of how to approach this: Questions: Is there anything that needs to be imported/enabled on the F5 in order to allow scripting? Would Pythion be the best choice for the script? From where would such a script typically be run (specific server, desktop, etc)? My initial plan would be to base the script off of the sequence below: 1.) List the sessions IDs associated with a user ID: sessiondump -allkeys | grep -i <username> 2.) (pull the session IDs, if any) 3.) Delete the session ID(s): sessiondump --delete <SessionID> Any advice to get started tackling this would be appreciated. We have a vender who I can probably reach out to for assistance, but I want to do some initial research first. Thanks!Solved972Views0likes2Commentsstring variable
Need to create variable from string with multiple delimiters Example: TXT=my Variable Value, with spaces and other characters, TXT2=More Data for Second variable, TXT3=Additional info, convert to: myVar1 = my Variable Value, with spaces and other characters myVar2 = More Data for Second variable myVar3 = Additional info if I use split with the = and , that works, but I can't use , as a delimiter as some of the strings might have commas, each string will end in a comma, but may have non delimited commas in the string as well. The = sign is always after the string name, and I need to assign the variable based on the string name, but don't want to keep the TXT= as part of the variable. TXT value is either one or two spaces, but for each variable it will always be the same, so myVar1, would always be 3 spaces plus the = as TXT= where myVar2 will always be 4 spaces as TXT1 and the = Would prefer to not use regular expressions, for performance reasons, but may have to if no other solution exists.438Views0likes2CommentsOS X F5 Access Scripting
Hello All, Is there any way to script the F5 Access client on the Mac? The documentation does not indicate that any scripting language can be used. AppleScript is not an option because all of tcc is now behind SIP, so we'd like to do BASH or Pyton, but Swift/Coca would also be acceptable if that was my only option. I would like to... Install the app via VPP (using my MDM for this) Configure it to launch through a LaunchAgent Create a new configuration Manage (Enable/Open and Disable/Close) a configuration If none of that is possible, does anybody know if the F5 environment can be configured to allow the Mac's built-in VPN (L2TP over IPSec, IKEv2 or Cisco IPSec) clients and what that configuration may look like. If I can be pointed to the right documentation or if anybody has examples, I would greatly appreciate the assist. Thank You, Nick Lucia329Views0likes0CommentsAPM special cases
Hi All/DC Experts, I have a question 2 question regarding Access Policy Manager. First scenario, I have users that is member of multiple groups, does f5 can automatically merged resources if it detects that this user is member of multiple groups? Second I have a users of multiple groups and I just want that this user only can use this specific resources even though he is member of a multiple groups. THank you everyone, I am hoping that you can help me with this. -Nathan196Views0likes1Commentautomation - failing over wideips between two data centers
Hey guys, Been sort of at this on for a while now. Here Ill post a general outline of how we have our environment configured and questions to along with as it pertains to what we setup. As of now we have two DCs with GTMS that face internal and external. On the GTM we have the two vips in a pool configured with global availability. So say when an application needs to be failover from one DC to another I would go and change the weight of the member from 0 to 1 or 1 to 0 depending on the location of the DC. I have a script that contains a bunch of tmos commands that modifies the pool member to go failover from 1 to 0 or 0 to 1 that are actually in separate scripts that are on the internal and external facing gtms. I am looking for some ideas/suggestions as to ways to improve the script or maybe another way all together to preform this so that I can either run a script or automate it all together. The other tricky is that alot of applications are mission critical with most of the run on certain intervals either within the hour and we have to work with multiple teams to move pieces of the application/infrastructure over to our other DC. Tanks178Views0likes1CommentUsing tmsh commands in tcl script not working
I have been messing around with some tcl stuff. I want to change the order of vips in a pool on the GTM. How would I inject this command into the tcl script ? Here is the cmd I want to use ultimately - tmsh::modify /gtm pool poolname members modify { :https { order 1 }} Here the test bed script that I put together: modify script flip.tcl { proc script::run {} { tmsh::modify /gtm pool poolmen members modify { :https { order 1 }} } Its saves without error but I executed I get this error: flip.tcl: script failed to complete: can't eval proc: "script::run" members: required brace is missing "{" while executing "tmsh::modify /gtm pool sdx-pq1-pool members modify { 10.15.10.200:https { order 1 }}" (procedure "script::run" line 3) invoked from within "script::run" line:1 script did not successfully complete, status:1 any help will be great! thanks249Views0likes1Comment