RANCID monitoring of F5's with BIGIP v11.x

bigpipe has been EoL’ed, and tmsh needs to be used now. This should apply against rancid-2.3.x cleanly.

Also tested on v10.2.2 and v10.2.3, as I’ve now converted all F5 units I’m responsible to TMSH based config change monitoring.

It also cats /config/ZebOS.conf, and lists active TCP/179 sockets for ZebOS bgpd so you will be informed if BGP sessions go down and are re-established.

If you’re modifying the main() list of commands and using any other tmsh list commands be sure to use -q also, as it wil l ensure tmsh will not prompt the user to enter y/n when there is a large number of configuration items to display.

/files/rancid.in.diff

<br></br>
--- bin/f5rancid.in.orig        2010-06-22 23:17:29.000000000 +0000<br></br>
+++ bin/f5rancid.in     2011-12-07 21:05:25.551471472 +0000<br></br>
@@ -305,6 +305,34 @@<br></br>
     return(0);<br></br>
 }```

+# This routine parses "tmsh show sys hardware"  
 +sub ShowHardware {  
 + print STDERR " In ShowHardware: $_" if ($debug);  
 +  
 + while (<INPUT>) {  
 + tr/15//d;  
 + last if (/^$prompt/);  
 + next if (/^(s*|s*$cmds*)$/);  
 + return(1) if /^s*^s*$/;  
 + return(1) if /(Invalid input detected|Type help or )/;  
 + return(-1) if (/command authorization failed/i);  
 +  
 + /fan speed/i && next;  
 + /chassis temperature/i && next;  
 + /degC/ && next;  
 + s/d+rpm//ig;  
 + s/^|//;  
 + s/^ ([0-9]+)( +).*up.*[0-9]/ $1$2up REMOVED/i;  
 + s/^ ([0-9]+)( +).*Air Inlet/ $1$2REMOVED Air Inlet/i;  
 + s/^ ([0-9]+)( +)[0-9]+ +[0-9]+/ $1$2REMOVED REMOVED/;  
 + /Type: / && ProcessHistory("COMMENTS","keysort","A0",  
 + "#Chassis type: $'");  
 +  
 + ProcessHistory("COMMENTS","keysort","B1","#$_") && next;  
 + }  
 + return(0);  
 +}  
 +  
 # This routine parses "bigpipe profile list"  
 sub ShowProfile {  
 print STDERR " In ShowProfile: $_" if ($debug);  
 @@ -413,6 +441,84 @@  
 return(0);  
 }

+# This routine parses "cat /config/ZebOS.conf"  
 +sub ShowZebOSconf {  
 + my($line) = (0);  
 + print STDERR " In ShowZebOSconf: $_" if ($debug);  
 +  
 + while (<INPUT>) {  
 + tr/15//d;  
 + last if (/^$prompt/);  
 + next if (/^(s*|s*$cmds*)$/);  
 + return(1) if /^s*^s*$/;  
 + return(1) if /(Invalid input detected|Type help or )/;  
 + return(-1) if (/command authorization failed/i);  
 +  
 + if (!$line++) {  
 + ProcessHistory("ZEBOSCONF","","","#n#/config/ZebOS.conf:n");  
 + }  
 + ProcessHistory("ZEBOSCONF","","","# $_") && next;  
 + }  
 + return(0);  
 +}  
 +  
 +# This routine parses "lsof -n -i :179"  
 +sub ShowZebOSsockets {  
 + my($line) = (0);  
 + print STDERR " In ShowZebOSsockets: $_" if ($debug);  
 +  
 + while (<INPUT>) {  
 + tr/15//d;  
 + last if (/^$prompt/);  
 + next if (/^(s*|s*$cmds*)$/);  
 + return(1) if /^s*^s*$/;  
 + return(1) if /(Invalid input detected|Type help or )/;  
 + return(-1) if (/command authorization failed/i);  
 +  
 + if (!$line++) {  
 + ProcessHistory("ZEBOSSOCKETS","","","#n#lsof -n -i :179:n");  
 + }  
 + ProcessHistory("ZEBOSSOCKETS","","","# $_") && next;  
 + }  
 + return(0);  
 +}  
 +  
 +# This routine processes a "tmsh list"  
 +sub WriteTermTMSH {  
 + my($lines) = 0;  
 + print STDERR " In WriteTerm: $_" if ($debug);  
 +  
 + while (<INPUT>) {  
 + tr/15//d;  
 + next if (/^s*$/);  
 + # end of config - hopefully. f5 does not have a reliable end-of-config  
 + # tag.  
 + if (/^$prompt/) {  
 + $found_end++;  
 + last;  
 + }  
 + return(-1) if (/command authorization failed/i);  
 +  
 + $lines++;  
 +  
 + if (/(bind-pw|encrypted-password|user-password-encrypted|passphrase) / && $filter_pwds >= 1) {  
 + ProcessHistory("ENABLE","","","# $1 n");  
 + next;  
 + }  
 +  
 + # catch anything that wasnt matched above.  
 + ProcessHistory("","","","$_");  
 + }  
 +  
 + if ($lines 'ShowVersion'},  
 +# {'bigpipe platform' => 'ShowPlatform'},  
 +# {'cat /config/bigip.license' => 'ShowLicense'},  
 +# {'bigpipe monitor list all' => 'ShowMonitor'},  
 +# {'bigpipe profile list' => 'ShowProfile'},  
 +# {'bigpipe base list' => 'ShowBaseRun'},  
 +# {'bigpipe db show' => 'ShowDb'},  
 +# {'bigpipe route static show' => 'ShowRouteStatic'},  
 +# {'ls --full-time --color=never /config/ssl/ssl.crt' => 'ShowSslCrt'},  
 +# {'ls --full-time --color=never /config/ssl/ssl.key' => 'ShowSslKey'},  
 +# {'bigpipe list' => 'WriteTerm'}  
 +#);  
 +# tmsh commands  
 @commandtable = (  
 - {'bigpipe version' => 'ShowVersion'},  
 - {'bigpipe platform' => 'ShowPlatform'},  
 - {'cat /config/bigip.license' => 'ShowLicense'},  
 - {'bigpipe monitor list all' => 'ShowMonitor'},  
 - {'bigpipe profile list' => 'ShowProfile'},  
 - {'bigpipe base list' => 'ShowBaseRun'},  
 - {'bigpipe db show' => 'ShowDb'},  
 - {'bigpipe route static show' => 'ShowRouteStatic'},  
 - {'ls --full-time --color=never /config/ssl/ssl.crt' => 'ShowSslCrt'},  
 - {'ls --full-time --color=never /config/ssl/ssl.key' => 'ShowSslKey'},  
 - {'bigpipe list' => 'WriteTerm'}  
 + {'tmsh show /sys version' => 'ShowVersion'},  
 + {'tmsh show /sys hardware' => 'ShowHardware'},  
 + {'tmsh show /sys license' => 'ShowLicense'},  
 + {'cat /config/ZebOS.conf' => 'ShowZebOSconf'},  
 + {'lsof -n -i :179' => 'ShowZebOSsockets'},  
 + {'tmsh show /net route static' => 'ShowRouteStatic'},  
 + {'ls --full-time --color=never /config/ssl/ssl.crt' => 'ShowSslCrt'},  
 + {'ls --full-time --color=never /config/ssl/ssl.key' => 'ShowSslKey'},  
 + {'tmsh -q list' => 'WriteTermTMSH'},  
 );  
 # Use an array to preserve the order of the commands and a hash for mapping  
 # commands to the subroutine and track commands that have been completed.


Author image
About colin-stubbs