<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:x="urn:schemas-microsoft-com:office:excel" xmlns:p="urn:schemas-microsoft-com:office:powerpoint" xmlns:a="urn:schemas-microsoft-com:office:access" xmlns:dt="uuid:C2F41010-65B3-11d1-A29F-00AA00C14882" xmlns:s="uuid:BDC6E3F0-6DA3-11d1-A2A3-00AA00C14882" xmlns:rs="urn:schemas-microsoft-com:rowset" xmlns:z="#RowsetSchema" xmlns:b="urn:schemas-microsoft-com:office:publisher" xmlns:ss="urn:schemas-microsoft-com:office:spreadsheet" xmlns:c="urn:schemas-microsoft-com:office:component:spreadsheet" xmlns:odc="urn:schemas-microsoft-com:office:odc" xmlns:oa="urn:schemas-microsoft-com:office:activation" xmlns:html="http://www.w3.org/TR/REC-html40" xmlns:q="http://schemas.xmlsoap.org/soap/envelope/" xmlns:D="DAV:" xmlns:mt="http://schemas.microsoft.com/sharepoint/soap/meetings/" xmlns:x2="http://schemas.microsoft.com/office/excel/2003/xml" xmlns:ois="http://schemas.microsoft.com/sharepoint/soap/ois/" xmlns:dir="http://schemas.microsoft.com/sharepoint/soap/directory/" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:dsp="http://schemas.microsoft.com/sharepoint/dsp" xmlns:udc="http://schemas.microsoft.com/data/udc" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:sub="http://schemas.microsoft.com/sharepoint/soap/2002/1/alerts/" xmlns:ec="http://www.w3.org/2001/04/xmlenc#" xmlns:sp="http://schemas.microsoft.com/sharepoint/" xmlns:sps="http://schemas.microsoft.com/sharepoint/soap/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:udcs="http://schemas.microsoft.com/data/udc/soap" xmlns:udcxf="http://schemas.microsoft.com/data/udc/xmlfile" xmlns:udcp2p="http://schemas.microsoft.com/data/udc/parttopart" xmlns:wf="http://schemas.microsoft.com/sharepoint/soap/workflow/" xmlns:dsss="http://schemas.microsoft.com/office/2006/digsig-setup" xmlns:dssi="http://schemas.microsoft.com/office/2006/digsig" xmlns:mdssi="http://schemas.openxmlformats.org/package/2006/digital-signature" xmlns:mver="http://schemas.openxmlformats.org/markup-compatibility/2006" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns:mrels="http://schemas.openxmlformats.org/package/2006/relationships" xmlns:spwp="http://microsoft.com/sharepoint/webpartpages" xmlns:ex12t="http://schemas.microsoft.com/exchange/services/2006/types" xmlns:ex12m="http://schemas.microsoft.com/exchange/services/2006/messages" xmlns:pptsl="http://schemas.microsoft.com/sharepoint/soap/SlideLibrary/" xmlns:spsl="http://microsoft.com/webservices/SharePointPortalServer/PublishedLinksService" xmlns:Z="urn:schemas-microsoft-com:" xmlns:st="" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv=Content-Type content="text/html; charset=us-ascii">
<meta name=Generator content="Microsoft Word 12 (filtered medium)">
<style>
<!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
span.EmailStyle17
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;}
@page Section1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.Section1
{page:Section1;}
-->
</style>
<!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang=EN-US link=blue vlink=purple>
<div class=Section1>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>I added the SSL directory listings to track changes to SSL certs
[adds/removals/updates]. <o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>Storing these as part of the config within rancid would be reasonable
only if there were very few certs. They are best archived elsewhere by
backing up the .ucs file as Marcus mentioned, an rsync to a backup host or
similar methods. <o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>Mike<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<div style='border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in'>
<p class=MsoNormal><b><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'>From:</span></b><span
style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'> marcus gaysek
[mailto:mgaysek@gmail.com] <br>
<b>Sent:</b> Monday, April 20, 2009 12:49 PM<br>
<b>To:</b> john heasley<br>
<b>Cc:</b> Mike Ashcraft; rancid-discuss@shrubbery.net<br>
<b>Subject:</b> Re: [rancid] Re: F5 ("bigip") script<o:p></o:p></span></p>
</div>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal style='margin-bottom:12.0pt'>Those are actually
directories. The name of the certs are always different. <br>
<br>
Both cat and more are available (BigIPs are linux/bsd based). I believe
all the files below ssl directory are required, excluding ca-bundle.crt.
The amount of files depends on how many certs are installed on the device. <br>
<br>
There are four directories: ssl.crl ssl.crt ssl.csr ssl.key<br>
<br>
<o:p></o:p></p>
<div>
<p class=MsoNormal>On Mon, Apr 20, 2009 at 2:37 PM, john heasley <<a
href="mailto:heas@shrubbery.net">heas@shrubbery.net</a>> wrote:<o:p></o:p></p>
<p class=MsoNormal>Mon, Apr 20, 2009 at 02:08:25PM -0400, marcus gaysek:<o:p></o:p></p>
<div>
<p class=MsoNormal style='margin-bottom:12.0pt'>> The certs are located in
in the config/ssl/ sub-directories, which would<br>
> need to be download'd. I would think that functionality would be outside
of<br>
> Rancid, but if you lost your LTM you would need them to rebuild a new one.<br>
> You capture their names as part of the config. They are listed in
the last<br>
> few lines.<o:p></o:p></p>
</div>
<p class=MsoNormal>if they're always these files<br>
{'ls --full-time --color=never /config/ssl/ssl.crt'
=> 'ShowSslCrt'},<br>
{'ls --full-time --color=never /config/ssl/ssl.key'
=> 'ShowSslKey'},<br>
is there a "cat" or "more" command? Their contents
should be ascii.<o:p></o:p></p>
<div>
<div>
<p class=MsoNormal><br>
> There is a command in the BigIP devices (GTMs and LTMs) that captures all<br>
> the files and compresses them in a .ucs file. Once they are created
they<br>
> can be downloaded and used to restore a BigIP.<br>
><br>
> On Mon, Apr 20, 2009 at 1:37 PM, Mike Ashcraft <<a
href="mailto:mashcraft@omniture.com">mashcraft@omniture.com</a>>wrote:<br>
><br>
> > LTM = Local Traffic Manager = F5 Big-IP<br>
> ><br>
> > Thanks<br>
> ><br>
> > -----Original Message-----<br>
> > From: <a href="mailto:rancid-discuss-bounces@shrubbery.net">rancid-discuss-bounces@shrubbery.net</a>
[mailto:<br>
> > <a href="mailto:rancid-discuss-bounces@shrubbery.net">rancid-discuss-bounces@shrubbery.net</a>]
On Behalf Of john heasley<br>
> > Sent: Monday, April 20, 2009 11:29 AM<br>
> > To: marcus gaysek<br>
> > Cc: <a href="mailto:rancid-discuss@shrubbery.net">rancid-discuss@shrubbery.net</a><br>
> > Subject: [rancid] Re: F5 ("bigip") script<br>
> ><br>
> > Mon, Apr 20, 2009 at 12:34:18PM -0400, marcus gaysek:<br>
> > > I have tested with a couple of Cisco devices, including an ASA
and I am<br>
> > not<br>
> > > seeing the formatting issues I have seen in the past.<br>
> ><br>
> > thats probably luck.<br>
> ><br>
> > > The LTM config looks great. The only thing that I can see
that needs to<br>
> > be<br>
> ><br>
> > what is 'LTM'?<br>
> ><br>
> > > manually downloaded are the certs. All in all this seems to be a
great<br>
> > > improvemant. Thanks for making it work.<br>
> ><br>
> > The certs are in the configuration? is there a command or
option to get<br>
> > them?<br>
> ><br>
> > > On Mon, Apr 20, 2009 at 9:27 AM, Teun Vink <<a
href="mailto:teun@moonblade.net">teun@moonblade.net</a>> wrote:<br>
> > ><br>
> > > > On Thu, 2009-04-16 at 22:29 +0000, john heasley wrote:<br>
> > > > > I don't have a F5 box, but had put together a script
while someone<br>
> > had<br>
> > > > > provided remote access, but hadn't finished testing
it. Would<br>
> > someone<br>
> > > > > with one an F5 download<br>
> > > > > <a
href="ftp://ftp.shrubbery.net/pub/rancid/rancid-2.3.2a10.tar.gz" target="_blank">ftp://ftp.shrubbery.net/pub/rancid/rancid-2.3.2a10.tar.gz</a><br>
> > > > > and test it, please.<br>
> > > ><br>
> > > > Just did a quick test, it works fine for me. I had some
issues with the<br>
> > > > previous version which seemed to have some ordering issues
in the<br>
> > > > output, which resulted in false diffs every single run. I
don't see<br>
> > them<br>
> > > > in this version, so I'm happy :)<br>
> > > ><br>
> > > > regards,<br>
> > > > Teun<br>
> > > ><br>
> > > > _______________________________________________<br>
> > > > Rancid-discuss mailing list<br>
> > > > <a href="mailto:Rancid-discuss@shrubbery.net">Rancid-discuss@shrubbery.net</a><br>
> > > > <a
href="http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss"
target="_blank">http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss</a><br>
> > > ><br>
> > _______________________________________________<br>
> > Rancid-discuss mailing list<br>
> > <a href="mailto:Rancid-discuss@shrubbery.net">Rancid-discuss@shrubbery.net</a><br>
> > <a href="http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss"
target="_blank">http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss</a><br>
> > _______________________________________________<br>
> > Rancid-discuss mailing list<br>
> > <a href="mailto:Rancid-discuss@shrubbery.net">Rancid-discuss@shrubbery.net</a><br>
> > <a href="http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss"
target="_blank">http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss</a><br>
> ><o:p></o:p></p>
</div>
</div>
</div>
<p class=MsoNormal><o:p> </o:p></p>
</div>
</body>
</html>