[rancid] Backing up F5 BigIP LTM with rancid?

Matt Almgren matta at surveymonkey.com
Wed Jun 10 14:46:15 UTC 2015


Thank  you very much!  I’ll let you know how it goes in the next couple weeks.

 — Matt





From: Scott Granados <scott.granados at gmail.com<mailto:scott.granados at gmail.com>>
Date: Wednesday, June 10, 2015 at 7:40 AM
To: Matt Almgren <matta at surveymonkey.com<mailto:matta at surveymonkey.com>>
Cc: Alan McKinnon <alan.mckinnon at gmail.com<mailto:alan.mckinnon at gmail.com>>, "rancid-discuss at shrubbery.net<mailto:rancid-discuss at shrubbery.net>" <rancid-discuss at shrubbery.net<mailto:rancid-discuss at shrubbery.net>>
Subject: Re: [rancid] Backing up F5 BigIP LTM with rancid?

I have 3.5 working.

Basically using the internal library / included.  I will attach the f5rancid file I’m using though and earlier in this thread there’s an F5 part 2 line script you’ll need.

I will cut and paste the contents of that in the file.

First, creat a file called f5part in the /config dir of your F5.  This is needed if you use partitions only.

put the contents that follow in to this file and save

#!/bin/bash
tmsh -q -c "cd /;list recursive"


Make sure the file can be executed and then use the attached f5rancid which should pull down what you need.  Let me know how you make out, will be glad to help more if I can.

Thanks


On Jun 10, 2015, at 10:19 AM, Matt Almgren <matta at surveymonkey.com<mailto:matta at surveymonkey.com>> wrote:



Yup, I did.  I too am using 11.5.x with TMSH and HA.  I was hoping that
since you had already done the lions share of the work and had something
working (or in progress), you would be able to share what you have with
the rest of us.

I have a working Rancid copy of 2.8.x working well with f5 LTM, but have
heard there were some problems with 3.2 and was just waiting until all the
kinks have been worked out. Sounds like we¹re almost there.

‹ Matt





On 6/10/15, 7:14 AM, "Scott Granados" <scott.granados at gmail.com<mailto:scott.granados at gmail.com>> wrote:

If you follow the thread between Josh and myself he helped me get to
where I needed to be with a pair of F5 BigIPs with HA and partitioning
enabled.  Also it¹s important to note you need an f5rancid file that¹s
based on tmsh instead of bagpipe as bagpipe is deprecated.



On Jun 10, 2015, at 9:36 AM, Matt Almgren <matta at surveymonkey.com<mailto:matta at surveymonkey.com>> wrote:

Jos and Alan, if you get this working, can you please share the
f5rancid file with me?  I'll be setting up a 3.2 installation in the
next couple weeks.

Much thanks!

--iMatt

On Jun 9, 2015, at 10:55 PM, Alan McKinnon <alan.mckinnon at gmail.com<mailto:alan.mckinnon at gmail.com>>
wrote:

On 10/06/2015 07:43, Jos wrote:
Hi Scott

I trust you got this sorted by now, but you were not alone with this.
I
have finally managed to get this going on a Centos 6.5 machine with
the
config attached (a hacked amalgam of 3.2 rancid and the github tmsh
stuff), hoping it¹s helpful to someone, the F5¹s we have that this
works
for are running 11.5.1 Build 4.123.128. It¹s currently producing
noise,
specifically the encrypted passwords for a couple local user accounts
keep
getting flagged in cvs as changing, but otherwise works well.

If I can figure out the regex to remove the encrypted passwords that
follow:

auth-password-encrypted

Or
privacy-password-encrypted


I can share.



The rancid scripts are peppered with these sort of checks. Something
like this:

if (/^(\s*auth|privacy)-password-encrypted/ && $filter_pwds >= 1) {
ProcessHistory("whatever}","","","$1-password-encrypted <removed>\n");
}
next;

Regex gets complicated. There's a few examples aready in sub WriteTerm.
You'll obviously have to adapt the regex to cater for all the multiple
and various outputs different models from your vendor spit out.

--
Alan McKinnon
alan.mckinnon at gmail.com<mailto:alan.mckinnon at gmail.com>

_______________________________________________
Rancid-discuss mailing list
Rancid-discuss at shrubbery.net<mailto:Rancid-discuss at shrubbery.net>
http://www.shrubbery.net/mailman/listinfo/rancid-discuss
_______________________________________________
Rancid-discuss mailing list
Rancid-discuss at shrubbery.net<mailto:Rancid-discuss at shrubbery.net>
http://www.shrubbery.net/mailman/listinfo/rancid-discuss



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20150610/7c76dc4e/attachment.html>


More information about the Rancid-discuss mailing list