[rancid] Backing up F5 BigIP LTM with rancid?

Scott Granados scott.granados at gmail.com
Wed Jun 10 14:40:33 UTC 2015


I have 3.5 working.

Basically using the internal library / included.  I will attach the f5rancid file I’m using though and earlier in this thread there’s an F5 part 2 line script you’ll need.

I will cut and paste the contents of that in the file.

First, creat a file called f5part in the /config dir of your F5.  This is needed if you use partitions only.

put the contents that follow in to this file and save

#!/bin/bash
tmsh -q -c "cd /;list recursive"


Make sure the file can be executed and then use the attached f5rancid which should pull down what you need.  Let me know how you make out, will be glad to help more if I can.

Thanks


On Jun 10, 2015, at 10:19 AM, Matt Almgren <matta at surveymonkey.com> wrote:

> 
> 
> Yup, I did.  I too am using 11.5.x with TMSH and HA.  I was hoping that
> since you had already done the lions share of the work and had something
> working (or in progress), you would be able to share what you have with
> the rest of us.  
> 
> I have a working Rancid copy of 2.8.x working well with f5 LTM, but have
> heard there were some problems with 3.2 and was just waiting until all the
> kinks have been worked out. Sounds like we¹re almost there.
> 
> ‹ Matt
> 
> 
> 
> 
> 
> On 6/10/15, 7:14 AM, "Scott Granados" <scott.granados at gmail.com> wrote:
> 
>> If you follow the thread between Josh and myself he helped me get to
>> where I needed to be with a pair of F5 BigIPs with HA and partitioning
>> enabled.  Also it¹s important to note you need an f5rancid file that¹s
>> based on tmsh instead of bagpipe as bagpipe is deprecated.
>> 
>> 
>> 
>> On Jun 10, 2015, at 9:36 AM, Matt Almgren <matta at surveymonkey.com> wrote:
>> 
>>> Jos and Alan, if you get this working, can you please share the
>>> f5rancid file with me?  I'll be setting up a 3.2 installation in the
>>> next couple weeks.
>>> 
>>> Much thanks!
>>> 
>>> --iMatt
>>> 
>>>> On Jun 9, 2015, at 10:55 PM, Alan McKinnon <alan.mckinnon at gmail.com>
>>>> wrote:
>>>> 
>>>>> On 10/06/2015 07:43, Jos wrote:
>>>>> Hi Scott
>>>>> 
>>>>> I trust you got this sorted by now, but you were not alone with this.
>>>>> I
>>>>> have finally managed to get this going on a Centos 6.5 machine with
>>>>> the
>>>>> config attached (a hacked amalgam of 3.2 rancid and the github tmsh
>>>>> stuff), hoping it¹s helpful to someone, the F5¹s we have that this
>>>>> works
>>>>> for are running 11.5.1 Build 4.123.128. It¹s currently producing
>>>>> noise,
>>>>> specifically the encrypted passwords for a couple local user accounts
>>>>> keep
>>>>> getting flagged in cvs as changing, but otherwise works well.
>>>>> 
>>>>> If I can figure out the regex to remove the encrypted passwords that
>>>>> follow:
>>>>> 
>>>>> auth-password-encrypted
>>>>> 
>>>>> Or
>>>>> privacy-password-encrypted
>>>>> 
>>>>> 
>>>>> I can share.
>>>> 
>>>> 
>>>> 
>>>> The rancid scripts are peppered with these sort of checks. Something
>>>> like this:
>>>> 
>>>> if (/^(\s*auth|privacy)-password-encrypted/ && $filter_pwds >= 1) {
>>>> ProcessHistory("whatever}","","","$1-password-encrypted <removed>\n");
>>>> }
>>>> next;
>>>> 
>>>> Regex gets complicated. There's a few examples aready in sub WriteTerm.
>>>> You'll obviously have to adapt the regex to cater for all the multiple
>>>> and various outputs different models from your vendor spit out.
>>>> 
>>>> -- 
>>>> Alan McKinnon
>>>> alan.mckinnon at gmail.com
>>>> 
>>>> _______________________________________________
>>>> Rancid-discuss mailing list
>>>> Rancid-discuss at shrubbery.net
>>>> http://www.shrubbery.net/mailman/listinfo/rancid-discuss
>>> _______________________________________________
>>> Rancid-discuss mailing list
>>> Rancid-discuss at shrubbery.net
>>> http://www.shrubbery.net/mailman/listinfo/rancid-discuss
>> 
> 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20150610/70b68705/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: f5rancid
Type: application/octet-stream
Size: 24069 bytes
Desc: not available
URL: <http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20150610/70b68705/attachment.obj>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20150610/70b68705/attachment-0001.html>


More information about the Rancid-discuss mailing list