[rancid] F5 & tmsh - was Re: issue with bigip rancid diff

Chris Moody chris at node-nine.com
Wed Dec 5 22:25:32 UTC 2012 

So this actually raises a somewhat related point.

We actually just got some new F5 gear in recently and bigpipe is no 
longer a supported command.

I wanted to check in to see if any development efforts were underway on 
a 'tmsh' version of the F5 backup routine.

=====
[root at qdc-sl01-lb1:/S1-green-P:Active] config # bigpipe
/bin/bigpipe: bigpipe is no longer supported; please use tmsh.
-----
root at qdc-sl01-lb1(/S1-green-P:Active)(/Common)(tmos.sys.version)# show

Sys::Version
Main Package
   Product  BIG-IP
   Version  11.1.0
   Build    2027.0
   Edition  Hotfix HF2
   Date     Mon Feb 20 22:39:59 PST 2012
=====

Cheers,
-Chris


On 12/2/12 2:44 AM, Shaun Krok wrote:
> Thanks - okay to the command used is :  bigpipe base list
> If I grep for the SNMP user I see it, but now how do I filter this command to not show the usmuser
>
> Thank you for your help this far
>
> Shaun
>
>
> usmuser iENM_F5_SNMP_1 {
>           access ro
>           auth password crypt "*VQ3\\1fLG;JlcWfvB?M>=RsRL[1T]*92A+0hr`T@\\QT\\P9:"
>           auth protocol SHA
>           oid ".1"
>           privacy password crypt "c)Yi:O-4o=X<Km1SV`=V:[]JZ2bFoA;dpYh<L[0fc7OT7:V"
>           privacy protocol DES
>           security level authPriv
>           username "ENM_F5_SNMP"
>
> -----Original Message-----
> From: heasley [mailto:heas at shrubbery.net]
> Sent: Saturday, December 01, 2012 7:34 PM
> To: Shaun Krok
> Cc: heasley; rancid-discuss at shrubbery.net
> Subject: Re: [rancid] issue with bigip rancid diff
>
> Fri, Nov 30, 2012 at 09:38:33AM +0000, Shaun Krok:
>> Hi there
>>
>> Thanks for your reply.
>>
>> The command on the F5 using tmsh is :
>>
>> I am guessing and have not confirmed but I should just hash this command out of the F5rancid script ?
>>
>> Thanks
>>
>> Shaun
>>
>>
>> (tmos)# list sys snmp users
>> sys snmp {
>>      users {
>>          iENM_F5_SNMP_1 {
>>              auth-password-encrypted "TI1P at K@kT::OA3<[Eik_\?_OIYSb=N7:_<c\\]2R4[\?Ck_A:m"
>>              auth-protocol sha
>>              oid-subset .1
>>              privacy-password-encrypted "EX\\AHd:HY_QV/H2]a_Y,HS\\RH:=2g5A<TbP<>VGd>16^V9F"
>>              privacy-protocol des
>>              security-level auth-privacy
>>              username ENM_F5_SNMP
> it does not use that command; it uses these:
>
>          {'bigpipe version'              => 'ShowVersion'},
>          {'bigpipe platform'             => 'ShowPlatform'},
>          {'cat /config/bigip.license'    => 'ShowLicense'},
>          {'bigpipe monitor list all'     => 'ShowMonitor'},
>          {'bigpipe profile list'         => 'ShowProfile'},
>          {'bigpipe base list'            => 'ShowBaseRun'},
>          {'bigpipe db show'              => 'ShowDb'},
>          {'bigpipe route static show'    => 'ShowRouteStatic'},
>          {'ls --full-time --color=never /config/ssl/ssl.crt' => 'ShowSslCrt'},
>          {'ls --full-time --color=never /config/ssl/ssl.key' => 'ShowSslKey'},
>          {'bigpipe list'                 => 'WriteTerm'}
>
>> -----Original Message-----
>> From: heasley [mailto:heas at shrubbery.net]
>> Sent: Friday, November 30, 2012 12:20 AM
>> To: Shaun Krok
>> Cc: rancid-discuss at shrubbery.net
>> Subject: Re: [rancid] issue with bigip rancid diff
>>
>> Thu, Nov 29, 2012 at 09:20:53AM +0000, Shaun Krok:
>>> Hi there
>>>
>>> Please could I ask if someone has some input as to how fix/stop the following issue.
>>> Rancid and BIGIP boxes using tmsh F5 rancid script are working 100%
>>>
>>> But the problem is that the cron which runs every hour is generating an email that shows the following :
>>> The same is generated for every F5 device in that is being monitored by Rancid.
>>> It would seem the issue is that the F5 seems to be changing or re-hashing the SNMP password or something like this.
>>>
>>> Any help would be much appreciated ???
>> you would need to add a filter to the script.  i'm fairly ignorant of the F5; in the output of which command does this appear?
>>
>>> // snip of email diff
>>> **********************************************************************
>>> *******************
>>>
>>>            iENM_F5_SNMP_1 {
>>>
>>> -             auth-password-encrypted ";ZdCaD>7S2YO,J6I\\C<dSO;HMSK<,4uDl4AHPXXhcb8Ta>p"
>>>
>>> +             auth-password-encrypted "KAaTUL;ZRHjJDPG,SLGKlXZ3JlReGCL;mORiEcKek_cUS9a"
>>>
>>>                auth-protocol sha
>>>
>>>                oid-subset .1
>>>
>>> -             privacy-password-encrypted @fG9HR]i^K4YOVM<g:jTAKFBWN1b,7_RA*mFq_5lg\\P2Z9h
>>>
>>> +             privacy-password-encrypted "P;`P9[6`e1iD\\[>UbCakLYcSLm<\?\?=dWCEdcbSXoe[Q;U7o"
>>>
>>>                privacy-protocol des
>>>
>>>                security-level auth-privacy
>>>
>>>                username ENM_F5_SNMP
>>>
>>>
>>> Shaun Krok
>>> IBM Networking and Security Department
>>>
>>> [Description: cid:image001.png at 01CD8508.B733CBB0]
>>> 13 Ha'amal St., P.O.Box 11793
>>> Afek Industrial Park, Rosh-Ha'ayin 48092 Israel Office
>>> +972-73-790-2791 Mobile +972-54-2030399
>>>
>>>
>>>
>>>
>>>
>>
>>
>>> _______________________________________________
>>> Rancid-discuss mailing list
>>> Rancid-discuss at shrubbery.net
>>> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
>>
>
> _______________________________________________
> Rancid-discuss mailing list
> Rancid-discuss at shrubbery.net
> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss

More information about the Rancid-discuss mailing list