[rancid] Re: F5 ("bigip") script

john heasley heas at shrubbery.net
Mon Apr 20 20:34:18 UTC 2009


Mon, Apr 20, 2009 at 02:01:10PM -0600, Mike Ashcraft:
> I added the SSL directory listings to track changes to SSL certs [adds/removals/updates].
> 
> Storing these as part of the config within rancid would be reasonable only if there were very few certs.  They are best archived elsewhere by backing up the .ucs file as Marcus mentioned, an rsync to a backup host or similar methods.
> 
> Mike

thanks.  i'm drawing the line here; 2.3.2a10 will be 2.3.2 release.  the
motorola, wti, digi, netgear, and adtran stuff will go into 2.4.

> From: marcus gaysek [mailto:mgaysek at gmail.com]
> Sent: Monday, April 20, 2009 12:49 PM
> To: john heasley
> Cc: Mike Ashcraft; rancid-discuss at shrubbery.net
> Subject: Re: [rancid] Re: F5 ("bigip") script
> 
> Those are actually directories.  The name of the certs are always different.
> 
> Both cat and more are available (BigIPs are linux/bsd based).  I believe all the files below ssl directory are required, excluding ca-bundle.crt.  The amount of files depends on how many certs are installed on the device.
> 
> There are four directories: ssl.crl ssl.crt ssl.csr ssl.key
> 
> On Mon, Apr 20, 2009 at 2:37 PM, john heasley <heas at shrubbery.net<mailto:heas at shrubbery.net>> wrote:
> Mon, Apr 20, 2009 at 02:08:25PM -0400, marcus gaysek:
> > The certs are located in  in the config/ssl/ sub-directories, which would
> > need to be download'd. I would think that functionality would be outside of
> > Rancid, but if you lost your LTM you would need them to rebuild a new one.
> > You capture their names as part of the config.  They are listed in the last
> > few lines.
> if they're always these files
>        {'ls --full-time --color=never /config/ssl/ssl.crt' => 'ShowSslCrt'},
>        {'ls --full-time --color=never /config/ssl/ssl.key' => 'ShowSslKey'},
> is there a "cat" or "more" command?  Their contents should be ascii.
> 
> > There is a command in the BigIP devices (GTMs and LTMs) that captures all
> > the files and compresses them in a .ucs file.  Once they are created they
> > can be downloaded and used to restore a BigIP.
> >
> > On Mon, Apr 20, 2009 at 1:37 PM, Mike Ashcraft <mashcraft at omniture.com<mailto:mashcraft at omniture.com>>wrote:
> >
> > > LTM = Local Traffic Manager = F5 Big-IP
> > >
> > > Thanks
> > >
> > > -----Original Message-----
> > > From: rancid-discuss-bounces at shrubbery.net<mailto:rancid-discuss-bounces at shrubbery.net> [mailto:
> > > rancid-discuss-bounces at shrubbery.net<mailto:rancid-discuss-bounces at shrubbery.net>] On Behalf Of john heasley
> > > Sent: Monday, April 20, 2009 11:29 AM
> > > To: marcus gaysek
> > > Cc: rancid-discuss at shrubbery.net<mailto:rancid-discuss at shrubbery.net>
> > > Subject: [rancid] Re: F5 ("bigip") script
> > >
> > > Mon, Apr 20, 2009 at 12:34:18PM -0400, marcus gaysek:
> > > > I have tested with a couple of Cisco devices, including an ASA and I am
> > > not
> > > > seeing the formatting issues I have seen in the past.
> > >
> > > thats probably luck.
> > >
> > > > The LTM config looks great.  The only thing that I can see that needs to
> > > be
> > >
> > > what is 'LTM'?
> > >
> > > > manually downloaded are the certs. All in all this seems to be a great
> > > > improvemant.  Thanks for making it work.
> > >
> > > The certs are in the configuration?  is there a command or option to get
> > > them?
> > >
> > > > On Mon, Apr 20, 2009 at 9:27 AM, Teun Vink <teun at moonblade.net<mailto:teun at moonblade.net>> wrote:
> > > >
> > > > > On Thu, 2009-04-16 at 22:29 +0000, john heasley wrote:
> > > > > > I don't have a F5 box, but had put together a script while someone
> > > had
> > > > > > provided remote access, but hadn't finished testing it.  Would
> > > someone
> > > > > > with one an F5 download
> > > > > >       ftp://ftp.shrubbery.net/pub/rancid/rancid-2.3.2a10.tar.gz
> > > > > > and test it, please.
> > > > >
> > > > > Just did a quick test, it works fine for me. I had some issues with the
> > > > > previous version which seemed to have some ordering issues in the
> > > > > output, which resulted in false diffs every single run. I don't see
> > > them
> > > > > in this version, so I'm happy :)
> > > > >
> > > > > regards,
> > > > > Teun
> > > > >
> > > > > _______________________________________________
> > > > > Rancid-discuss mailing list
> > > > > Rancid-discuss at shrubbery.net<mailto:Rancid-discuss at shrubbery.net>
> > > > > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
> > > > >
> > > _______________________________________________
> > > Rancid-discuss mailing list
> > > Rancid-discuss at shrubbery.net<mailto:Rancid-discuss at shrubbery.net>
> > > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
> > > _______________________________________________
> > > Rancid-discuss mailing list
> > > Rancid-discuss at shrubbery.net<mailto:Rancid-discuss at shrubbery.net>
> > > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
> > >
> 


More information about the Rancid-discuss mailing list