ネットワークエンジニア系ブログ。エンターテイメント、おすすめ映画、本、キッズ系などお役立ち情報を紹介!

GOISBLOG

サーバー技術

【RANCID】TMSHコマンド(BIG-IP)を対応させる設定

投稿日:2014年9月11日 更新日:

RANCIDでBIG-IPのコンフィグを取得する際、BIG-IPOSバージョンはver.11からtmshコマンドを使用するためコンフィグがガラッと変わります。

最新のOSでコンフィグを取得させるように設定したのでメモをしておきます。

f5rancidを編集しtmshに対応

BIG-IPの最新バージョンに対応するために「/usr/local/rancid/bin/」配下にある「f5rancid」ファイルを編集します。

事前に、元ファイルのコピーは取っておきましょう。

cp -p f5rancid f5rancid_org

diffを取った結果ですが、以下で設定を追加しています。

$ diff f5rancid f5rancid_org
52c52
<     print "@PACKAGE@ @VERSION@\n";
---
>     print "rancid 2.3.8\n";
308,334d307
< # This routine parses "tmsh show sys hardware"
< sub ShowHardware {
<     print STDERR "    In ShowHardware: $_" if ($debug);
< 
<     while (<INPUT>) {
<         tr/\015//d;
<         last if (/^$prompt/);
<         next if (/^(\s*|\s*$cmd\s*)$/);
<         return(1) if /^\s*\^\s*$/;
<         return(1) if /(Invalid input detected|Type help or )/;
<         return(-1) if (/command authorization failed/i);
< 
<         s/\d+rpm//ig;
<         s/^\|//;
<         s/^\ \ ([0-9]+)(\ +).*up.*[0-9]/  $1$2up REMOVED/i;
<         s/^\ \ ([0-9]+)(\ +).*Air\ Inlet/  $1$2REMOVED Air Inlet/i;
<         s/^\ \ ([0-9]+)(\ +).*HSBe/  $1$2REMOVED HSBe/i;
<         s/^\ \ ([0-9]+)(\ +).*TMP421 on die/  $1$2REMOVED TMP421 on die/i;
<         s/^\ \ ([0-9]+)(\ +)[0-9]+\ +[0-9]+/  $1$2REMOVED     REMOVED/;
<         /Type: / && ProcessHistory("COMMENTS","keysort","A0",
<                                    "#Chassis type: $'");
< 
<         ProcessHistory("COMMENTS","keysort","B1","#$_") && next;
<     }
<     return(0);
< }
< 
443,523d415
< # This routine parses "cat /config/ZebOS.conf"
< sub ShowZebOSconf {
<     my($line) = (0);
<     print STDERR "    In ShowZebOSconf: $_" if ($debug);
< 
<     while (<INPUT>) {
<         tr/\015//d;
<         last if (/^$prompt/);
<         next if (/^(\s*|\s*$cmd\s*)$/);
<         return(1) if /^\s*\^\s*$/;
<         return(1) if /(Invalid input detected|Type help or )/;
<         return(-1) if (/command authorization failed/i);
< 
<         if (!$line++) {
<             ProcessHistory("ZEBOSCONF","","","#\n#/config/ZebOS.conf:\n");
<         }
<         ProcessHistory("ZEBOSCONF","","","# $_") && next;
<     }
<     return(0);
< }
< 
< # This routine parses "lsof -n -i :179"
< sub ShowZebOSsockets {
<     my($line) = (0);
<     print STDERR "    In ShowZebOSsockets: $_" if ($debug);
< 
<     while (<INPUT>) {
<         tr/\015//d;
<         last if (/^$prompt/);
<         next if (/^(\s*|\s*$cmd\s*)$/);
<         return(1) if /^\s*\^\s*$/;
<         return(1) if /(Invalid input detected|Type help or )/;
<         return(-1) if (/command authorization failed/i);
< 
<         if (!$line++) {
<             ProcessHistory("ZEBOSSOCKETS","","","#\n#lsof -n -i :179:\n");
<         }
<         ProcessHistory("ZEBOSSOCKETS","","","# $_") && next;
<     }
<     return(0);
< }
< 
< # This routine processes a "tmsh list"
< sub WriteTermTMSH {
<     my($lines) = 0;
<     print STDERR "    In WriteTerm: $_" if ($debug);
< 
<     while (<INPUT>) {
<         tr/\015//d;
<         next if (/^\s*$/);
< 
<         s/state down$/state up/i; # Ignore monitor down state, save the config as up.
< 
<         # end of config - hopefully.  f5 does not have a reliable end-of-config
<         # tag.
<         if (/^$prompt/) {
<             $found_end++;
<             last;
<         }
<         return(-1) if (/command authorization failed/i);
< 
<         $lines++;
< 
<         if (/(bind-pw|encrypted-password|user-password-encrypted|passphrase) / && $filter_pwds >= 1) {
<             ProcessHistory("ENABLE","","","# $1 <removed>\n");
<             next;
<         }
< 
<         # catch anything that wasnt matched above.
<         ProcessHistory("","","","$_");
<     }
< 
<     if ($lines < 3) {
<         printf(STDERR "ERROR: $host configuration appears truncated.\n");
<         $found_end = 0;
<         return(-1);
<     }
< 
<     return(0);
< }
< 
525c417
< sub WriteTermBIGPIPE {
---
> sub WriteTerm {
626,627c518
< # bigpipe commands, BIGIP v9 and v10
< @bigpipe_commandtable = (
---
> @commandtable = (
636,651c527,529
<       #{'ls --full-time --color=never /config/ssl/ssl.crt' => 'ShowSslCrt'},
<       #{'ls --full-time --color=never /config/ssl/ssl.key' => 'ShowSslKey'},
<       {'bigpipe list'                 => 'WriteTermBIGPIPE'}
< );
< 
< # tmsh commands, BIGIP v11
< @tmsh_commandtable = (
<         {'tmsh show /sys version'                           => 'ShowVersion'},
<         {'tmsh show /sys hardware'                          => 'ShowHardware'},
<         {'tmsh show /sys license'                           => 'ShowLicense'},
<         {'cat /config/ZebOS.conf'                           => 'ShowZebOSconf'},
<         {'lsof -i :179'                                     => 'ShowZebOSsockets'},
<         {'tmsh show /net route static'                      => 'ShowRouteStatic'},
<       #{'ls --full-time --color=never /config/ssl/ssl.crt' => 'ShowSslCrt'},
<       #{'ls --full-time --color=never /config/ssl/ssl.key' => 'ShowSslKey'},
<         {'tmsh -q list'                                        => 'WriteTermTMSH'},
---
>       {'ls --full-time --color=never /config/ssl/ssl.crt' => 'ShowSslCrt'},
>       {'ls --full-time --color=never /config/ssl/ssl.key' => 'ShowSslKey'},
>       {'bigpipe list'                 => 'WriteTerm'}
655,679c533,534
< #
< # bigpipe version should always return 0 on a BIGIP v9 and v10 system, even 
< # if not licensed properly. On a v11 system it will return an error saying
< # "bigpipe is no longer supported; please use tmsh" and exit with code 1.
< # Hopefully system will return 127 if in future bigpipe executable is 
< # removed completly ?
< 
< @commands = map(keys(%$_), @bigpipe_commandtable);
< %commands = map(%$_, @bigpipe_commandtable);
< 
< print STDERR "executing clogin -t $timeo -c \"bigpipe version 2>&1\" $host\n" if ($debug);
< print STDOUT "executing clogin -t $timeo -c \"bigpipe version 2>&1\" $host\n" if ($log);
< system "clogin -t $timeo -c \"bigpipe version 2>&1\" $host </dev/null > $host.raw 2>&1" || die "clogin failed for $host: $!\n";
< open(INPUT, "< $host.raw") || die "clogin failed for $host: $!\n";
< while (<INPUT>) {
<     if (/tmsh/) {
<         print STDERR "The F5 says to use tmsh, using tmsh command table for config collection.\n" if ($debug);
<         print STDOUT "The F5 says to use tmsh, using tmsh command table for config collection.\n" if ($log);
<         @commands = map(keys(%$_), @tmsh_commandtable);
<         %commands = map(%$_, @tmsh_commandtable);
<         break;
<     }
< }
< unlink("$host.raw");
< close(INPUT);
---
> @commands = map(keys(%$_), @commandtable);
> %commands = map(%$_, @commandtable);
703,704c558,559
<     print STDERR "executing clogin -t $timeo -c \"$cisco_cmds\" $host\n" if ($debug);
<     print STDOUT "executing clogin -t $timeo -c \"$cisco_cmds\" $host\n" if ($log);
---
>     print STDERR "executing clogin -t $timeo -c\"$cisco_cmds\" $host\n" if ($debug);
>     print STDOUT "executing clogin -t $timeo -c\"$cisco_cmds\" $host\n" if ($log);
794d648
< 

参考元:

https://github.com/dotwaffle/rancid-git/blob/master/bin/f5rancid.in

上記設定が完了したら、「rancid-run」でコンフィグを取得しましょう。

スポンサーリンク


viewvcでtmshの出力コンフィグが表示されない

「/usr/local/rancid/var/任意のディレクトリ/configs/」配下でコンフィグは取れているが、viewvcで以下のように表示されません。

rancid-BIG-IP

「display of files larger than 512 kb disallowed by configuration」
って言われて512kバイト以上のファイルの表示は禁止しますとか。。。

BIG-IPのファイルサイズを確認すると

$ ls -lh
合計 2.4M
-rw-r----- 1 rancid rancid 2.3M  9月 10 19:10 2014 test-lb011

なんとtmshのファイル2M越え!
でかすぎる。。。

ということで、viewvc.confで以下の設定を変更しましょう。
max filesizeを512→4096に変更しました。

# vim /usr/local/viewvc/viewvc.conf

## max_filesize_kbytes: Limit ViewVC's processing of file contents in
## "markup" and "annotate" views to only those files which are smaller
## than this setting, expressed in kilobytes.  Set to 0 to disable
## this safeguard.
##
## NOTE: The "co" and "tar" views are unaffected by this setting.
## 
#max_filesize_kbytes = 512
max_filesize_kbytes = 4096

これでうまく表示されます。

おつかれでした。

この記事が気に入ったら
いいね!しよう

Twitter で
スポンサーリンク

-サーバー技術
-,

Copyright© GOISBLOG , 2016 AllRights Reserved.