<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html;charset=ISO-8859-1" http-equiv="Content-Type">
<title></title>
</head>
<body bgcolor="#ffffff" text="#000000">
john heasley wrote:
<blockquote cite="mid:20090420203418.GA21045@shrubbery.net" type="cite">
<pre wrap="">Mon, Apr 20, 2009 at 02:01:10PM -0600, Mike Ashcraft:
</pre>
<blockquote type="cite">
<pre wrap="">I added the SSL directory listings to track changes to SSL certs [adds/removals/updates].
Storing these as part of the config within rancid would be reasonable only if there were very few certs. They are best archived elsewhere by backing up the .ucs file as Marcus mentioned, an rsync to a backup host or similar methods.
Mike
</pre>
</blockquote>
<pre wrap=""><!---->
thanks. i'm drawing the line here; 2.3.2a10 will be 2.3.2 release. the
motorola, wti, digi, netgear, and adtran stuff will go into 2.4.
</pre>
</blockquote>
I second your decision. F5 has support has been stable now so making it
to a major release is good move. Rest we can work towards next release.<br>
<br>
Thanks,<br>
sam<br>
<blockquote cite="mid:20090420203418.GA21045@shrubbery.net" type="cite">
<pre wrap="">
</pre>
<blockquote type="cite">
<pre wrap="">From: marcus gaysek [<a class="moz-txt-link-freetext" href="mailto:mgaysek@gmail.com">mailto:mgaysek@gmail.com</a>]
Sent: Monday, April 20, 2009 12:49 PM
To: john heasley
Cc: Mike Ashcraft; <a class="moz-txt-link-abbreviated" href="mailto:rancid-discuss@shrubbery.net">rancid-discuss@shrubbery.net</a>
Subject: Re: [rancid] Re: F5 ("bigip") script
Those are actually directories. The name of the certs are always different.
Both cat and more are available (BigIPs are linux/bsd based). I believe all the files below ssl directory are required, excluding ca-bundle.crt. The amount of files depends on how many certs are installed on the device.
There are four directories: ssl.crl ssl.crt ssl.csr ssl.key
On Mon, Apr 20, 2009 at 2:37 PM, john heasley <<a class="moz-txt-link-abbreviated" href="mailto:heas@shrubbery.net">heas@shrubbery.net</a><a class="moz-txt-link-rfc2396E" href="mailto:heas@shrubbery.net"><mailto:heas@shrubbery.net></a>> wrote:
Mon, Apr 20, 2009 at 02:08:25PM -0400, marcus gaysek:
</pre>
<blockquote type="cite">
<pre wrap="">The certs are located in in the config/ssl/ sub-directories, which would
need to be download'd. I would think that functionality would be outside of
Rancid, but if you lost your LTM you would need them to rebuild a new one.
You capture their names as part of the config. They are listed in the last
few lines.
</pre>
</blockquote>
<pre wrap="">if they're always these files
{'ls --full-time --color=never /config/ssl/ssl.crt' => 'ShowSslCrt'},
{'ls --full-time --color=never /config/ssl/ssl.key' => 'ShowSslKey'},
is there a "cat" or "more" command? Their contents should be ascii.
</pre>
<blockquote type="cite">
<pre wrap="">There is a command in the BigIP devices (GTMs and LTMs) that captures all
the files and compresses them in a .ucs file. Once they are created they
can be downloaded and used to restore a BigIP.
On Mon, Apr 20, 2009 at 1:37 PM, Mike Ashcraft <<a class="moz-txt-link-abbreviated" href="mailto:mashcraft@omniture.com">mashcraft@omniture.com</a><a class="moz-txt-link-rfc2396E" href="mailto:mashcraft@omniture.com"><mailto:mashcraft@omniture.com></a>>wrote:
</pre>
<blockquote type="cite">
<pre wrap="">LTM = Local Traffic Manager = F5 Big-IP
Thanks
-----Original Message-----
From: <a class="moz-txt-link-abbreviated" href="mailto:rancid-discuss-bounces@shrubbery.net">rancid-discuss-bounces@shrubbery.net</a><a class="moz-txt-link-rfc2396E" href="mailto:rancid-discuss-bounces@shrubbery.net"><mailto:rancid-discuss-bounces@shrubbery.net></a> [mailto:
<a class="moz-txt-link-abbreviated" href="mailto:rancid-discuss-bounces@shrubbery.net">rancid-discuss-bounces@shrubbery.net</a><a class="moz-txt-link-rfc2396E" href="mailto:rancid-discuss-bounces@shrubbery.net"><mailto:rancid-discuss-bounces@shrubbery.net></a>] On Behalf Of john heasley
Sent: Monday, April 20, 2009 11:29 AM
To: marcus gaysek
Cc: <a class="moz-txt-link-abbreviated" href="mailto:rancid-discuss@shrubbery.net">rancid-discuss@shrubbery.net</a><a class="moz-txt-link-rfc2396E" href="mailto:rancid-discuss@shrubbery.net"><mailto:rancid-discuss@shrubbery.net></a>
Subject: [rancid] Re: F5 ("bigip") script
Mon, Apr 20, 2009 at 12:34:18PM -0400, marcus gaysek:
</pre>
<blockquote type="cite">
<pre wrap="">I have tested with a couple of Cisco devices, including an ASA and I am
</pre>
</blockquote>
<pre wrap="">not
</pre>
<blockquote type="cite">
<pre wrap="">seeing the formatting issues I have seen in the past.
</pre>
</blockquote>
<pre wrap="">thats probably luck.
</pre>
<blockquote type="cite">
<pre wrap="">The LTM config looks great. The only thing that I can see that needs to
</pre>
</blockquote>
<pre wrap="">be
what is 'LTM'?
</pre>
<blockquote type="cite">
<pre wrap="">manually downloaded are the certs. All in all this seems to be a great
improvemant. Thanks for making it work.
</pre>
</blockquote>
<pre wrap="">The certs are in the configuration? is there a command or option to get
them?
</pre>
<blockquote type="cite">
<pre wrap="">On Mon, Apr 20, 2009 at 9:27 AM, Teun Vink <<a class="moz-txt-link-abbreviated" href="mailto:teun@moonblade.net">teun@moonblade.net</a><a class="moz-txt-link-rfc2396E" href="mailto:teun@moonblade.net"><mailto:teun@moonblade.net></a>> wrote:
</pre>
<blockquote type="cite">
<pre wrap="">On Thu, 2009-04-16 at 22:29 +0000, john heasley wrote:
</pre>
<blockquote type="cite">
<pre wrap="">I don't have a F5 box, but had put together a script while someone
</pre>
</blockquote>
</blockquote>
</blockquote>
<pre wrap="">had
</pre>
<blockquote type="cite">
<blockquote type="cite">
<blockquote type="cite">
<pre wrap="">provided remote access, but hadn't finished testing it. Would
</pre>
</blockquote>
</blockquote>
</blockquote>
<pre wrap="">someone
</pre>
<blockquote type="cite">
<blockquote type="cite">
<blockquote type="cite">
<pre wrap="">with one an F5 download
<a class="moz-txt-link-freetext" href="ftp://ftp.shrubbery.net/pub/rancid/rancid-2.3.2a10.tar.gz">ftp://ftp.shrubbery.net/pub/rancid/rancid-2.3.2a10.tar.gz</a>
and test it, please.
</pre>
</blockquote>
<pre wrap="">Just did a quick test, it works fine for me. I had some issues with the
previous version which seemed to have some ordering issues in the
output, which resulted in false diffs every single run. I don't see
</pre>
</blockquote>
</blockquote>
<pre wrap="">them
</pre>
<blockquote type="cite">
<blockquote type="cite">
<pre wrap="">in this version, so I'm happy :)
regards,
Teun
_______________________________________________
Rancid-discuss mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Rancid-discuss@shrubbery.net">Rancid-discuss@shrubbery.net</a><a class="moz-txt-link-rfc2396E" href="mailto:Rancid-discuss@shrubbery.net"><mailto:Rancid-discuss@shrubbery.net></a>
<a class="moz-txt-link-freetext" href="http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss">http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss</a>
</pre>
</blockquote>
</blockquote>
<pre wrap="">_______________________________________________
Rancid-discuss mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Rancid-discuss@shrubbery.net">Rancid-discuss@shrubbery.net</a><a class="moz-txt-link-rfc2396E" href="mailto:Rancid-discuss@shrubbery.net"><mailto:Rancid-discuss@shrubbery.net></a>
<a class="moz-txt-link-freetext" href="http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss">http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss</a>
_______________________________________________
Rancid-discuss mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Rancid-discuss@shrubbery.net">Rancid-discuss@shrubbery.net</a><a class="moz-txt-link-rfc2396E" href="mailto:Rancid-discuss@shrubbery.net"><mailto:Rancid-discuss@shrubbery.net></a>
<a class="moz-txt-link-freetext" href="http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss">http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss</a>
</pre>
</blockquote>
</blockquote>
</blockquote>
<pre wrap=""><!---->_______________________________________________
Rancid-discuss mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Rancid-discuss@shrubbery.net">Rancid-discuss@shrubbery.net</a>
<a class="moz-txt-link-freetext" href="http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss">http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss</a>
</pre>
</blockquote>
<br>
</body>
</html>