[rancid] Re: F5 ("bigip") script

Sotiris Tsimbonis stsimb at irc.gr
Tue Apr 21 19:58:44 UTC 2009


Teun Vink wrote, On 21/04/2009 09:50 AM:
> On Mon, 2009-04-20 at 17:28 +0000, john heasley wrote:
> [...]
>> what is 'LTM'?
>>
> 
> The Local Traffic Manager, one of the products of F5.
> 
>>> manually downloaded are the certs. All in all this seems to be a great
>>> improvemant.  Thanks for making it work.
>> The certs are in the configuration?  is there a command or option to get
>> them?
> 
> they are stored on local disk in
> /config/ssl/ssl.csr/*
> /config/ssl/ssl.key/*
> /config/ssl/ssl.crl/*
> /config/ssl/ssl.crt/*
> 

Here is a small script I've put together and run on our LTM..
----------------------------------------------------------------
bigip01:~# cat /root/rancid-ssl.sh
#!/bin/bash

ls -l /config/ssl/ssl.crt/*.crt

for file in `echo /config/ssl/ssl.crt/*.crt` ; do
  if [ $file != "/config/ssl/ssl.crt/ca-bundle.crt" ] ; then
   echo " "
   echo Contents of $file follow:
   cat $file
   echo " "
  fi
done

ls -l /config/ssl/ssl.key/*.key

for file in `echo /config/ssl/ssl.key/*.key` ; do
  echo " "
  echo Contents of $file follow:
  cat $file
  echo " "
done

echo "END-OF-RANCID-SSL"
----------------------------------------------------------------

and the corresponding mods sub in f5rancid ....

@commandtable = (
  ...
    {'/root/rancid-ssl.sh'  => 'RancidSSL'},

sub RancidSSL {
     print STDERR "    In ConfFile: $_" if ($debug);

     ProcessHistory("COMMENTS","","BO","!\n!\n! ####  Running 
$cmd\n!\n!\n");

     while (<INPUT>) {
         tr/\015//d;
         last if (/^END-OF-RANCID-SSL/);
#        next if (/^(\s*|\s*$cmd\s*)$/);
         ProcessHistory("","","$cmd","$_");
     }
#    ProcessHistory("","","$cmd","$_");
     $found_end = 1;
     return(0);
}


Sotiris.

> 
> Regards,
> Teun
> 
> 
> _______________________________________________
> Rancid-discuss mailing list
> Rancid-discuss at shrubbery.net
> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
> 



More information about the Rancid-discuss mailing list