Jump to content

All Activity

This stream auto-updates     

  1. Earlier
  2. First it would be helpful to get a list of users that are already on your Linux box. Get a List of All Users using the /etc/passwd File Local user information is stored in the /etc/passwd file. Each line in this file represents login information for one user. less /etc/passwd Below is an example $ less /etc/passwd root:x:0:0:root:/root:/bin/bash bin:x:1:1:bin:/bin:/sbin/nologin daemon:x:2:2:daemon:/sbin:/sbin/nologin adm:x:3:4:adm:/var/adm:/sbin/nologin lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin sync:x:5:0:sync:/sbin:/bin/sync shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown halt:x:7:0:halt:/sbin:/sbin/halt mail:x:8:12:mail:/var/spool/mail:/sbin/nologin operator:x:11:0:operator:/root:/sbin/nologin games:x:12:100:games:/usr/games:/sbin/nologin ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin nobody:x:99:99:Nobody:/:/sbin/nologin systemd-network:x:192:192:systemd Network Management:/:/sbin/nologin dbus:x:81:81:System message bus:/:/sbin/nologin polkitd:x:999:997:User for polkitd:/:/sbin/nologin postfix:x:89:89::/var/spool/postfix:/sbin/nologin sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin tss:x:59:59:Account used by the trousers package to sandbox the tcsd daemon:/dev/null:/sbin/nologin nginx:x:998:996:nginx user:/var/cache/nginx:/bin/sh mysql:x:27:27:MariaDB Server:/var/lib/mysql:/sbin/nologin apache:x:48:48:Apache:/usr/share/httpd:/sbin/nologin dockerroot:x:997:993:Docker User:/var/lib/docker:/sbin/nologin netadm1n:x:1000:1000:netadm1n:/home/netadm1n:/bin/bash Each line has seven fields delimited by colons that contain the following information: User name Encrypted password (x means that the password is stored in the /etc/shadow file) User ID number (UID) User’s group ID number (GID) Full name of the user (GECOS) User home directory Login shell (defaults to /bin/bash) If you want to display only the username you can use either awk or cut commands to print only the first field containing the username: Using awk example: $ awk -F: '{ print $1}' /etc/passwd root bin daemon adm lp sync shutdown halt mail operator games ftp nobody systemd-network dbus polkitd postfix sshd tss nginx mysql apache dockerroot netadm1n Using cut example: $ cut -d: -f1 /etc/passwd root bin daemon adm lp sync shutdown halt mail operator games ftp nobody systemd-network dbus polkitd postfix sshd tss nginx mysql apache dockerroot netadm1n So you may have identified your Linux system doesn't have a user on it that needs to exist. Let's go to the next section that describes how to add a user How to Create Users in Linux In Linux, you can create a user account and assign the user to different groups using the useradd command. The general syntax for the useradd command is as follows: useradd [OPTIONS] USERNAME NOTE: To be able to use the useradd command and create new users you need to be logged in as root or a user with sudo access. To create a new user account type useradd followed by the username. For example to create a new user named username you would run: useradd username The command adds an entry to /etc/passwd /etc/shadow /etc/group /etc/gshadow files To be able to log in as the newly created user, you need to set the user password. To do that run the passwd command followed by the username: passwd username You will be prompted to enter and confirm the password. In most Linux distros, when creating a new user account with the useradd command the user home directory is not created. Use the -m (--create-home) option to create the user home directory as /home/username: useradd -m username The command above creates the new user’s home directory and copies files from /etc/skel directory to the user’s home directory.
  3. Common LB Application Patterns SSL Offload SSL offloading, also known as SSL termination, decrypts all HTTPS traffic on the load balancer. Layer 7 actions can be carried out and the data proceeds to the backend server as plain HTTP traffic. SSL offloading allows data to be inspected as it passes between the load balancer and server. It also reduces CPU demand on an application server by decrypting data in advance. SSL offloading is vulnerable to attack as the data travels unencrypted between the load balancer and application server. SSL Bridge SSL bridging is a process where a device, usually located at the edge of a network, decrypts SSL traffic and then re-encrypts it before sending it on to the Web server. SSL bridging can be useful when the edge device performs deep-packet inspection to verify that the contents of the SSL-encrypted transmission are safe, or if there are security concerns about unencrypted traffic traversing the internal network. Pass-through SSL passthrough happens when an incoming security sockets layer (SSL) request is not decrypted at the load balancer but passed along to a server for decryption. SSL passthrough is used when web application security is a top concern. SSL passthrough keeps the data encrypted as it travels through the load balancer. The web server does the decryption upon receipt. SSL passthrough uses TCP mode to pass encrypted data to servers. The data passes through fully encrypted, which precludes any layer 7 actions. LTM Policy GTM (Active/Active or Active/Passive) UnCommon Patterns 2-way SSL Openshift Patterns
  4. We were running into an issue and I thought it would be good to know what Virtual Servers have a lot of connections but the Statistics Module isn't good unless you clear statistics and start watching at that moment (don't forget to refresh) Here are two CLI commands that did me well Maximum Connections per Virtual Server tmsh show sys connection | egrep -v 'T|S' | awk '{print $2}' | sort -n | uniq -c | sort -n The output looks something like this with the Virtual Server at the bottom with 3655 connections 330 172.74.1.20:443 709 10.40.64.162:53 713 10.40.64.163:53 966 172.74.1.62:443 1086 10.40.32.50:53 1210 172.74.1.72:443 1460 10.47.53.25:389 1465 10.47.53.27:389 1467 10.47.53.26:389 1477 10.44.112.234:53 1580 10.44.112.233:53 2046 172.74.1.8:17533 2393 10.43.144.136:389 2395 10.47.144.151:389 3655 172.74.1.44:443 Maximum Connections per VIP (really just another way to get the same results) tmsh show sys connection | egrep -v 'T|S' | awk '{print $2}' | cut -d: -f 1 |sort -n | uniq -c | sort -n
  5. So I upgrade from 13.1.1.5 to 13.1.3 and out of 30 LTMs (all vCMP Guests) only about half are successful. What happens is after the system boots up on the new code it shows the configuration is unable to shown. First step in troubleshooting is go to the CLI and run tmsh load sys config See where it errors out (see below for my example) [root@txsat1slbco22:/S3-red-P::Offline:Disconnected] config # tmsh load sys config Loading system configuration... /defaults/asm_base.conf /defaults/config_base.conf /defaults/ipfix_ie_base.conf /defaults/ipfix_ie_f5base.conf /defaults/low_profile_base.conf /defaults/low_security_base.conf /defaults/policy_base.conf /defaults/wam_base.conf /defaults/analytics_base.conf /defaults/apm_base.conf /defaults/apm_oauth_base.conf /defaults/apm_saml_base.conf /defaults/app_template_base.conf /defaults/classification_base.conf /var/libdata/dpi/conf/classification_update.conf /defaults/ips_base.conf /var/libdata/ips/ips_update.conf /defaults/daemon.conf /defaults/pem_base.conf /defaults/profile_base.conf /defaults/sandbox_base.conf /defaults/security_base.conf /defaults/urldb_base.conf /usr/share/monitors/base_monitors.conf /defaults/cipher.conf /defaults/ilx_base.conf Loading configuration... Loading schema version: 13.1.1.4 /config/bigip_base.conf /config/bigip_user.conf /config/bigip.conf Loading schema version: 13.1.3 01071008:3: Provisioning failed with error 1 - 'Disk limit exceeded. 16188 MB are required to provision these modules, but only 15752 MB are available.' . Unexpected Error: Loading configuration process failed. [root@txsat1slbco22:/S3-red-P::Offline:Disconnected] config # 2019 Aug 14 13:05:35 slot3/txsat1slbco22 overdog[3111]: 01140043:0: Ha feature software_update reboot requested. I have four cores assigned to the vCMP Guest which per F5 that should be plenty for three modules provisioned. As a test I removed APM (especially since I don't use it yet so no risk) and then clicked System - Configuration - General - Reboot Guest Chassis to reboot and save the config first. Then reboot back to the partition (System - Software Management - Boot Locations and click HD1.1 or whatever the partition is that has the new code) see if the issue goes away. SAME issue.. CRAP! My next attempt is to reduce the amount of images/partitions on the drive to just two versus three. Run the following command to show you how many images/partitions you have tmsh show sys software --------------------------------------------------------- Sys::Software Status Volume Slot Product Version Build Active Status --------------------------------------------------------- HD1.1 3 BIG-IP 13.1.3 0.0.6 yes complete HD1.2 3 BIG-IP 12.1.3.5 0.0.10 no complete HD1.3 3 BIG-IP 13.1.1.4 0.0.4 no complete --------------------------- Sys::Software Update Check --------------------------- Check Enabled true Phonehome Enabled true Frequency weekly Status none Errors 0 My goal is to always keep two versions. The working one and the future one... always have 1 rollback. So in this case we are running 13.1.1.4 and "trying" to upgrade to 13.1.3 so we don't need HD1.2 so lets remove it in order to free up some space. The below is the command I ran to remove HD1.2 tmsh delete /sys software volume HD1.2 Then double check by re-running your show sys software command tmsh show sys software -------------------------------------------------------- Sys::Software Status Volume Slot Product Version Build Active Status -------------------------------------------------------- HD1.1 3 BIG-IP 13.1.3 0.0.6 yes complete HD1.3 3 BIG-IP 13.1.1.4 0.0.4 no complete --------------------------- Sys::Software Update Check --------------------------- Check Enabled true Phonehome Enabled true Frequency weekly Status none Errors 0 Okay now let's just do a quick verify loading the config tmsh load sys config verify Validating system configuration... /defaults/asm_base.conf /defaults/config_base.conf /defaults/ipfix_ie_base.conf /defaults/ipfix_ie_f5base.conf /defaults/low_profile_base.conf /defaults/low_security_base.conf /defaults/policy_base.conf /defaults/wam_base.conf /defaults/analytics_base.conf /defaults/apm_base.conf /defaults/apm_oauth_base.conf /defaults/apm_saml_base.conf /defaults/app_template_base.conf /defaults/classification_base.conf /var/libdata/dpi/conf/classification_update.conf /defaults/ips_base.conf /var/libdata/ips/ips_update.conf /defaults/daemon.conf /defaults/pem_base.conf /defaults/profile_base.conf /defaults/sandbox_base.conf /defaults/security_base.conf /defaults/urldb_base.conf /usr/share/monitors/base_monitors.conf /defaults/cipher.conf /defaults/ilx_base.conf Validating configuration... Loading schema version: 13.1.1.4 /config/bigip_base.conf /config/bigip_user.conf /config/bigip.conf /config/bigip_script.conf Loading schema version: 13.1.3 There were warnings: /Common/f5.bigiq-analytics definition:130: warning: [use curly braces to avoid double substitution][($start_hour] /Common/f5.bigiq-analytics definition:131: warning: [use curly braces to avoid double substitution][($end_hour] /Common/f5.bigiq-analytics definition:133: warning: [use curly braces to avoid double substitution][$end_minute] /Common/f5.bigiq-analytics definition:141: warning: [use curly braces to avoid double substitution][$start_random] /Common/f5.bigiq-analytics definition:145: warning: [use curly braces to avoid double substitution][round("00.[lindex $start_random 1]"] /Common/f5.bigiq-analytics definition:2189: warning: [use curly braces to avoid double substitution][$nonpriority] /Common/f5.bigiq-analytics definition:2192: warning: [use curly braces to avoid double substitution][$nonpriority] /Common/f5.bigiq-analytics definition:2249: warning: [use curly braces to avoid double substitution][$::time] /Common/f5.bigiq-analytics definition:2290: warning: [use curly braces to avoid double substitution][$::uniqueid] /Common/f5.bigiq-analytics definition:2363: warning: [use curly braces to avoid double substitution][($start_hour] /Common/f5.bigiq-analytics definition:2363: warning: [use curly braces to avoid double substitution][($current_hour] /Common/f5.bigiq-analytics definition:2364: warning: [use curly braces to avoid double substitution][$time] /Common/f5.bigiq-analytics definition:2529: warning: [use curly braces to avoid double substitution][$::uniqueid] /Common/f5.bigiq-analytics definition:2531: warning: [use curly braces to avoid double substitution][$::uniqueid] /Common/f5.bigiq-analytics definition:2547: warning: [use curly braces to avoid double substitution][$::uniqueid] /Common/f5.bigiq-analytics definition:2549: warning: [use curly braces to avoid double substitution][$::uniqueid] /Common/f5.bigiq-analytics definition:2560: warning: [use curly braces to avoid double substitution][$::uniqueid] /Common/f5.bigiq-analytics definition:2562: warning: [use curly braces to avoid double substitution][$::uniqueid] /Common/f5.bigiq-analytics definition:2871: warning: [use curly braces to avoid double substitution][$::uniqueid] /Common/f5.bigiq-analytics definition:2917: warning: [use curly braces to avoid double substitution][$::uniqueid] /Common/f5.bigiq-analytics definition:2920: warning: [use curly braces to avoid double substitution][$::uniqueid] /Common/f5.bigiq-analytics definition:2927: warning: [use curly braces to avoid double substitution][$::uniqueid] /Common/f5.bigiq-analytics definition:2929: warning: [use curly braces to avoid double substitution][$::uniqueid] /Common/f5.bigiq-analytics definition:2968: warning: [use curly braces to avoid double substitution][$::uniqueid] /Common/f5.bigiq-analytics definition:3012: warning: [use curly braces to avoid double substitution][$::uniqueid] /Common/f5.bigiq-analytics definition:3016: warning: [use curly braces to avoid double substitution][$::uniqueid] /Common/f5.bigiq-analytics definition:3023: warning: [use curly braces to avoid double substitution][$::uniqueid] /Common/f5.bigiq-analytics definition:3025: warning: [use curly braces to avoid double substitution][$::uniqueid] curly braces error isn't critical and technically shouldn't be the reason we can't load the config so let's try and load the config. We do know based on the verify that it does appear to be making it further than before so I believe removing that partition may have solved the issue tmsh load /sys config Command line is looking positive (txsat1slbco21)(cfg-sync Disconnected)(/S3-green-P::Standby)(/Common)(tmos) Let's log into the GUI to make sure all is good.... DAMN it! Have to re-activate license on the Viprion chassis which will affect every vCMP Guest you have on that chassis.
  6. Pool For this Application Template the following needs to be checked Properties LB mode: [ dynamic-ratio-member,dynamic-ratio-node,fastest-app-response,fatest-node,least-connections-member,least-connections-node,least-sessions,observed-member,observed-node,predictive-member,predictive-node,ratio-least-connections-member,ratio-least-connections-node,ratio-member,ratio-node,ratio-session,round-robin,weighted-least-connections-member,weighted-least-connections-node ] (Load-balancing mode) Monitors: [ http,https,icmp,tcp-half-open,tcp ] (List of health monitors (each by name or AS3 pointer) Members Service port: 80 (Service L4 port (optional port-discovery may override)) Administration State: [enabled,disable,offline] (Setting adminState to enable will create the node in an operational state. Set to disable to disallow new connections but allow existing connections to drain. Set to offline to force immediate termination of all connections) Share Nodes: Enabled checked (If enabled, nodes are created in /Common instead of the tenant) Server addresses: Editable (Static IP addresses of servers (nodes) Slow ramp time: 300 (AS3 slowly the connection rate to a newly-active member slowly during this interval (seconds)) JSON Detail { "properties": { "class": {}, "members": { "type": "array", "items": { "type": "object", "properties": { "servicePort": { "type": "number", "default": 80 }, "adminState": { "type": "string", "default": "enable" }, "shareNodes": { "type": "boolean", "default": true, "const": true }, "serverAddresses": { "type": "array" } } } }, "monitors": { "type": "array", "default": [ "http" ] }, "loadBalancingMode": { "type": "string", "default": "least-connections-member", "const": "least-connections-member" }, "slowRampTime": { "type": "number", "default": 300, "const": 300 } }, "type": "object", "additionalproperties": false } Here are the options that are not selected
  7. Persist All default options (nothing customized for this template) JSON Detail { "properties": { "class": {}, "persistenceMethod": { "type": "string" } }, "type": "object", "additionalProperties": false }
  8. HTTP_Profile All default options (nothing customized for this template) JSON Detail { "properties": { "class": {} }, "type": "object", "additionalproperties": false }
  9. Analytics_Profile For this Application Template the following needs to be checked Collected Statistics Internal Logging (Specifies that statistics logs are stored in the system) Collect Max TPS and Throughput (Specifies that the system collects statistics for the maximum number of transactions per second, and the maximum amount of traffic moving through the system, both request and response throughput values) Collect Page Load Time (Specifies that the system collects statistics of the round-trip latency between client end-users and the servers) Collect Client-Side Statistics (Specifies that the system collects statistics regarding the HTTP request and response times) Collect URL (Specifies that the system collects statistics of requested URLs) Collect Countries (Specifies that the system collects statistics of the name of the countries from which that traffic was sent) Collect Client IP Addresses (Specifies that the system collects statistics of the IP addresses of where the traffic came from) Collect Client Subnet (Specifies that the system collects statistics of client subnets) Collect Response Code (Specifies that the system collects statistics about the distribution of HTTP response codes returned by the servers) Collect User Agent (Specifies that the system collects statistics about browsers used to send traffic) Collect Method (Specifies that the system collects statistics about the distribution of HTTP methods found in requests) Collect Operating System and Browser (Specifies that the system collect statistics about the OSs and Browsers used to send requests) Which produces the following JSON Detail { "properties": { "class": {}, "collectUserAgent": { "type": "boolean", "default": true, "const": true }, "collectClientSideStatistics": { "type": "boolean", "default": true, "const": true }, "collectGeo": { "type": "boolean", "default": true, "const": true }, "collectUrl": { "type": "boolean", "default": true, "const": true }, "collectOsAndBrowser": { "type": "boolean", "default": true, "const": true }, "collectMethod": { "type": "boolean", "default": true, "const": true }, "collectResponseCode": { "type": "boolean", "default": true, "const": true }, "collectSubnet": { "type": "boolean", "default": true, "const": true }, "collectIp": { "type": "boolean", "default": true, "const": true }, "collectPageLoadTime": { "type": "boolean", "default": true, "const": true }, "collectMaxTpsAndThroughput": { "type": "boolean", "default": true, "const": true } }, "type": "object", "additionalproperties": false } The following are not selected Capture Filter Request Captured Parts [ all,body,headers,none ] (Specifies which parts of the request data the system captures) Response Captured Parts [ all,body,headers,none ] (Specifies which parts of the response data the system captures) DoS Activity [ any,mitigated-by-dosl7 ] (Specifies whether the system captures traffic data mitigated by the D0S Layer 7 Enforcer, or traffic regardless of DoS activity) Captured Protocols [ all, ] Qualified for JavaScript Injection Enabled (not checked by default) Virtual Servers Node Addresses Response Status Codes HTTP Methods URL Filter Type URL Path Prefixes User Agent Substrings Client IP Addresses Request Content Filter Search Request Content Filter Search String Response Content Filter Search Part Response Content Filter Search String Collected Statistics External Logging Captured Traffic Internal Logging Captured Traffic External Logging externalLogging Use (AS3 pointer to log publisher declaration) Bigip (pathname of existing BIG-IP log publisher) Notification by syslog Notification by SNMP Notification by Email E-mail Notification Recipients Publish iRule Statistics Collect User Sessions URLs for Statistics Collection Countries for Statistics Collection Subnets for Statistics Collection Session Cookie Security [ ssl-only,always-secure,never-secure ] (Specify whether to secure session cookies) Session Timeout in Minutes 5 (The number of minutes of user non-activity to allow before the system considers the session to be over)
  10. Add Classes to your AS3 Application Template Go through and select the following for this template Analytics_Profile HTTP_Profile Persist Pool Service_HTTP TCP_Profile NEXT its time to customize each class which creates the JSON Detail
  11. Here is the template used in BIG-IQ name: http-app-v1 tenant: check Editable Description: Custom HTTP template PROPERTIES { "type": "object", "properties": { "class": { "type": "string", "const": "Application" }, "template": {}, "schemaOverlay": {}, "label": {}, "remark": {} }, "additionalProperties": { "allOf": [ { "anyOf": [ { "properties": { "class": { "const": "Analytics_Profile" } } }, { "properties": { "class": { "const": "HTTP_Profile" } } }, { "properties": { "class": { "const": "Pool" } } }, { "properties": { "class": { "const": "Service_HTTP" } } }, { "properties": { "class": { "const": "Persist" } } }, { "properties": { "class": { "const": "TCP_Profile" } } } ] }, { "if": { "properties": { "class": { "const": "Analytics_Profile" } } }, "then": { "$ref": "#/definitions/Analytics_Profile" } }, { "if": { "properties": { "class": { "const": "HTTP_Profile" } } }, "then": { "$ref": "#/definitions/HTTP_Profile" } }, { "if": { "properties": { "class": { "const": "Pool" } } }, "then": { "$ref": "#/definitions/Pool" } }, { "if": { "properties": { "class": { "const": "Service_HTTP" } } }, "then": { "$ref": "#/definitions/Service_HTTP" } }, { "if": { "properties": { "class": { "const": "Persist" } } }, "then": { "$ref": "#/definitions/Persist" } }, { "if": { "properties": { "class": { "const": "TCP_Profile" } } }, "then": { "$ref": "#/definitions/TCP_Profile" } } ] }, "required": [ "class" ], "definitions": { "Analytics_Profile": { "properties": { "class": {}, "collectUserAgent": { "type": "boolean", "default": true, "const": true }, "collectClientSideStatistics": { "type": "boolean", "default": true, "const": true }, "collectGeo": { "type": "boolean", "default": true, "const": true }, "collectUrl": { "type": "boolean", "default": true, "const": true }, "collectOsAndBrowser": { "type": "boolean", "default": true, "const": true }, "collectMethod": { "type": "boolean", "default": true, "const": true }, "collectResponseCode": { "type": "boolean", "default": true, "const": true }, "collectSubnet": { "type": "boolean", "default": true, "const": true }, "collectIp": { "type": "boolean", "default": true, "const": true }, "collectPageLoadTime": { "type": "boolean", "default": true, "const": true }, "collectMaxTpsAndThroughput": { "type": "boolean", "default": true, "const": true } }, "type": "object", "additionalproperties": false }, "HTTP_Profile": { "properties": { "class": {} }, "type": "object", "additionalproperties": false }, "Pool": { "properties": { "class": {}, "members": { "type": "array", "items": { "type": "object", "properties": { "servicePort": { "type": "number", "default": 80 }, "adminState": { "type": "string", "default": "enable" }, "shareNodes": { "type": "boolean", "default": true, "const": true }, "serverAddresses": { "type": "array" } } } }, "monitors": { "type": "array", "default": [ "http" ] }, "loadBalancingMode": { "type": "string", "default": "least-connections-member", "const": "least-connections-member" }, "slowRampTime": { "type": "number", "default": 300, "const": 300 } }, "type": "object", "additionalproperties": false }, "Service_HTTP": { "properties": { "class": {}, "virtualPort": { "type": "number", "default": 80 }, "profileAnalytics": { "type": "object", "properties": { "use": { "type": "string", "default": "Analytics_Profile" } } }, "profileHTTP": { "type": "object", "properties": { "use": { "type": "string", "default": "HTTP_Profile" } } }, "virtualAddresses": { "type": "array" }, "pool": { "type": "string", "default": "Pool" }, "enable": { "type": "boolean", "default": true }, "snat": { "type": "object", "properties": { "bigip": { "type": "string" } } }, "iRules": { "type": "array" }, "metadata": { "type": "object", "properties": { "value": { "type": "string" } } }, "profileTCP": { "type": "object", "properties": { "use": { "type": "string" } } }, "persistenceMethods": { "type": "array", "default": [ "cookie" ] }, "clonePools": { "type": "object", "properties": { "ingress": { "type": "object", "properties": { "bigip": { "type": "string" } } }, "egress": { "type": "object", "properties": { "bigip": { "type": "string" } } } } } }, "type": "object", "additionalproperties": false }, "Persist": { "properties": { "class": {}, "persistenceMethod": { "type": "string" } }, "type": "object", "additionalProperties": false }, "TCP_Profile": { "properties": { "class": {} }, "type": "object", "additionalProperties": false } } }
  12. Just run this command to see what your uptime is on your F5 BIG-IP # tmsh run /util bash -c uptime 15:12:56 up 302 days, 15:10, 1 user, load average: 2.92, 3.23, 3.16
  13. rev.dennis

    Clear Browser Cache

    Google Chrome On your computer, open Chrome. At the top right, click More . Click More tools Clear browsing data. At the top, select All time. Next to "Cookies and other site data" and "Cached images and files," check the boxes. Click Clear data. Safari <coming soon>
  14. Upgrade Instructions on how I upgraded our BIG-IQ from 6.1.0 to 7.0.0 First download the .iso from support.f5.com Log into BIG-IQ GUI and click on System - Software Management Click on Images and then the button Upload Image then browse to that .iso you just downloaded and click open. Then you have to click Upload and you'll see a status bar similar to the one I show below Now that the image uploaded now its time to install the image. So now click on System - Software Management - Installations Click the Upgrade button Now you need to select whether you want to do a Rolling Upgrade or Regular Upgrade. (Rolling Upgrade is great if you don't want any interruption and Regular Upgrade is for anyone that is okay with your BIG-IQ being down for awhile and if you have less than 3 DCDs) NOTE: the system will upgrade all DCD's first so you still have full use of BIG-IQ until it upgrades the BIG-IQ system appliance When they are at 100% you'll loose connection and it take a long long time before you get anything to pop backup on the GUI which below is one of the several screens that are displayed when its booting back up
  15. shadowmac

    Cloud Storage Issues

    So many choices and yes I have tried them all and in many cases at the same time since certain applications only offer support for one or the other or a couple but never all of them. In my experience these last few years, dropbox is the clear winner when you want to talk about compatibility. If an app supports any cloud type of storage then Dropbox is always there but (always a but) its also the most expensive of all cloud storage services. I was paying $199/year for 2TB which they just upgraded to 3TB. They really don't offer a wide selection of choices. I use to use Google Drive a lot but they have been phasing Google Drive out for some BS app called Drive Stream which is part of the Google Suite and that is great if you are a business but if you just want to pay for cloud storage then Google probably won't be your choice anymore. I think its a HUGE mistake on Google's part to decomm Google Drive. It was a direct competitor to Dropbox and the fight was always very close on who won. Right now, Dropbox is still the winner since Google has removed itself and now offers this tool called backup and sync and its complete garbage. Another one bites the dust. Through the years I have become more and more an Apple fan and then Steve Jobs passes away and I can see and feel how Apple has lost a lot of its drive for innovation and being the leader of new cool stuff. iCloud Drive could be cooler and I expected it to be cooler but its slower than any of the other cloud services and its not always available as an option to store stuff or pull files from. They are also one of the more expensive cloud storage choices. Since I have an Amazon account and I thought because AWS (Amazon Web Services) is so huge and pretty much dominates the cloud services arena I thought Amazon Drive would be the coolest but its the least accepted cloud storage solution of any of them. I haven't found more than a couple applications that recoginizes Amazon Drive. It could grow but I really don't think Amazon cares if it grows or not. It feels as though Amazon threw it out there for people to use if they want but without any bells or whistles or compatibility. Now anyone who knows me knows I have a strong dislike for Microsoft. I feel they just buy other peoples inventions, puts the Microsoft sticker on it and changes the code ever so slightly to make it worse than it was. With the release of Office 365 (where if you want to use office products anymore you have to continue to pay a subscription for it) they are slowly getting away from you having the ability to just buy office products which I hate that I have to keep paying for something I already bought. Something nice with Office 365 is they give you 1TB of storage on OneDrive. I was very reluctant to use OneDrive (stupid Microsoft) but since I already paid for it with my Office 365 subscription and its accepted on just about every application I have tried and it works really well with any office apps on my iPhone or iPad, it just makes sense. Now they don't allow you to expand your storage like the others. You are locked to 1TB of drive and thats it (probably because there stupid Windows servers would roll over). So there you have it.. migrating from Dropbox and Google Drive to OneDrive and keeping some on my iCloud Drive. This saves me some money. Also I do utilize my QNAP NAS as a backup of all my old archive stuff that I don't need in the cloud.
  16. I have played aroune with Sublime Text, Atom, Eclipse IDE and I have been recently told to try Visual Studio Code. I have been trying not to since it has the name Microsoft in the name but I'll be honest, its pretty nice. I learned that this is very much like Atom or Sublime. Atom slows down with large projects where VS Code doesn't slow down at all. Some extensions I installed to help me out include: Rest Client – quick and easy testing of REST API (not as feature rich as POSTMAN, but good for quick testing) Python Prettier – For making JSON look indented (having issues installing based on a corrupt zip file) YAML – for ansible ANSIBLE Indented block highlighting – for highlighting the JSON block you are in (useful for F5 AS3) Project Manager – for easily switching between multiple projects There are so many videos to help you get going with VS Code.
  17. Waiting for the new version has been very painful as they keep pushing it back due to issues with BIG-IP 14.x Some major difference with 7.x from the current 6.1.0 support for clone pools support for one-connect Creation of applications using AS3 application templates (this is monsterous since now you will be able to create applications in the GUI that would mimic if you created the application via an API call to AS3 which allows user to control pool members).. its a requirement. We are trying to migrate from current Legacy LTMs to NEW LTMs which involves us 1. Export Certificate & Key from Legacy LTM 2. Import Cert & Key on BIG-IQ 3. Create SSL Client Profile using imported Cert & Key and cipher settings and options. Now when you deploy that application using AS3, you'll reference the SSL-Client profile.
  18. This example we are adding cache to our internal GTMs that are the first DNS servers configured on most servers so if we could get rid of alot of the noise coming to the Infoblox servers it would be nice. DNS cache settings are set with optimum values considering the cpu & memory resources available. None of these settings settings are propagated to other GTMs in sync group. DNS cache is something very local to the box ( configuration and maintenance ). Here are the instructions we run on each of our four internal GTMs Implementation:- 1.Create DNS cache as per below. DNS -> Caches -> click create Name:- non-wideip-resolver-cache Keep all default values. click Finished. Note:- Modifying cache size by default clears the cache of the respective field changed. 2.Apply cache created to the DNS profile which will eventually apply to the DNS listeners DNS ›› Delivery : Profiles : DNS ›› Properties : internal_dns DNS cache -> Enabled. DNA cache name:- non-wideip-resolver-cache Click Update Backout:- 1.Remove cache from the DNS profile which will eventually apply to the DNS listeners DNS ›› Delivery : Profiles : DNS ›› Properties : internal_dns DNS cache -> Disabled. Click Update 2.Delete DNS cache as per below. DNS -> Caches -> select cache name as per below. Name:- non-wideip-resolver-cache click Delete. Test plan:- 1.Please perform 100 digs and make sure it is server from the cache based of splunk logs. dig @10.11.12.234 www.int.mywiseguys.com 2.Observe cache hits count increasing. tmsh show ltm dns cache resolver 3. Run the following command on each iGTM that will show Clientside queries and responses tmsh show ltm dns View resouce record cache size (its pretty large so you may want to round to first 1000 records) tmsh show ltm dns cache records rrset cache non-wideip-transparent-cache View resource record cache size count tmsh show ltm dns cache records rrset cache non-wideip-transparent-cache count-only Clear/Delete cache synatx: tmsh delete <cache-type> type <record-type> cache <cache-name> example to delete the a records from the resource record cache of the resolver cache named non-wideip-transparent-cache: tmsh delete rrset type a cache non-wideip-transparent-cache
  19. 1) Move the txsat1slbco12 guest to another slot You need to Provision the vCMP Guest, change slot (in this case I moved it to 4) and watched the status state Guest Migration, then click Deploy.
  20. Looks to me like the bug is confirmed. Here is where the issue appears to lie: As you can see, txsat1slbco12 and txsat1slbco36 are reporting the same rebroad_mac address (far column on right). We have 4 options here: 1) Move the txsat1slbco12 guest to another slot 2) apply the workaround specified in bugtracker - --Disable clusterd from sending packets over tmm_bp by turning off the db variable clusterd.communicateovertmmbp: modify sys db clusterd.communicateovertmmbp value false. 3) Escalate and request and EHF to address this issue. 4) upgrade to v14 line as that appears unaffected. Any option will likely require a change record to cover yourself. Upgrading to v14 or EHF would be the most impactful as the other 2 can be run without a reboot.
  21. Having an issue where my vCMP Guest will not run. I have tried to rebuild it, delete the img file, change what version of operating system and nothing. So there is currently a bug (ID 759968) that referencve a bug with clustering of the devices. In short, the guests end up having duplicate rebroad_mac on one or more slots. You can confirm this by running the following command clsh tmctl -d blade tmm/vcmp -w 200 Look at the “reborad_mac” field This is common when you run your guest on one blade. If you used more than one blade the issue typically goes away.
  22. Upgraded from two different versions 12.1.3.5 --> 13.1.1.5 (fail with "The configuration has not yet loaded. If this message persists, it may indicate a configuration problem") 13.1.1.4 --> 13.1.1.5 (fail with "The configuration has not yet loaded. If this message persists, it may indicate a configuration problem") Logged into cli and ran tmsh load /sys config verify which gave me the following # tmsh load /sys config verify Validating system configuration... /defaults/asm_base.conf /defaults/config_base.conf /defaults/ipfix_ie_base.conf /defaults/ipfix_ie_f5base.conf /defaults/low_profile_base.conf /defaults/low_security_base.conf /defaults/policy_base.conf /defaults/wam_base.conf /defaults/analytics_base.conf /defaults/apm_base.conf /defaults/apm_oauth_base.conf /defaults/apm_saml_base.conf /defaults/app_template_base.conf /defaults/classification_base.conf /var/libdata/dpi/conf/classification_update.conf /defaults/ips_base.conf /var/libdata/ips/ips_update.conf /defaults/daemon.conf /defaults/pem_base.conf /defaults/profile_base.conf /defaults/sandbox_base.conf /defaults/security_base.conf /defaults/urldb_base.conf /usr/share/monitors/base_monitors.conf /defaults/cipher.conf /defaults/ilx_base.conf Validating configuration... Loading schema version: 13.1.1.4 /config/bigip_base.conf /config/bigip_user.conf /config/bigip.conf /config/bigip_script.conf Loading schema version: 13.1.1.5 There were warnings: /Common/f5.bigiq-analytics definition:130: warning: [use curly braces to avoid double substitution][($start_hour] /Common/f5.bigiq-analytics definition:131: warning: [use curly braces to avoid double substitution][($end_hour] /Common/f5.bigiq-analytics definition:133: warning: [use curly braces to avoid double substitution][$end_minute] /Common/f5.bigiq-analytics definition:141: warning: [use curly braces to avoid double substitution][$start_random] /Common/f5.bigiq-analytics definition:145: warning: [use curly braces to avoid double substitution][round("00.[lindex $start_random 1]"] /Common/f5.bigiq-analytics definition:1999: warning: [use curly braces to avoid double substitution][$nonpriority] /Common/f5.bigiq-analytics definition:2002: warning: [use curly braces to avoid double substitution][$nonpriority] /Common/f5.bigiq-analytics definition:2059: warning: [use curly braces to avoid double substitution][$::time] /Common/f5.bigiq-analytics definition:2100: warning: [use curly braces to avoid double substitution][$::uniqueid] /Common/f5.bigiq-analytics definition:2173: warning: [use curly braces to avoid double substitution][($start_hour] /Common/f5.bigiq-analytics definition:2173: warning: [use curly braces to avoid double substitution][($current_hour] /Common/f5.bigiq-analytics definition:2174: warning: [use curly braces to avoid double substitution][$time] /Common/f5.bigiq-analytics definition:2339: warning: [use curly braces to avoid double substitution][$::uniqueid] /Common/f5.bigiq-analytics definition:2341: warning: [use curly braces to avoid double substitution][$::uniqueid] /Common/f5.bigiq-analytics definition:2357: warning: [use curly braces to avoid double substitution][$::uniqueid] /Common/f5.bigiq-analytics definition:2359: warning: [use curly braces to avoid double substitution][$::uniqueid] /Common/f5.bigiq-analytics definition:2370: warning: [use curly braces to avoid double substitution][$::uniqueid] /Common/f5.bigiq-analytics definition:2372: warning: [use curly braces to avoid double substitution][$::uniqueid] /Common/f5.bigiq-analytics definition:2681: warning: [use curly braces to avoid double substitution][$::uniqueid] /Common/f5.bigiq-analytics definition:2727: warning: [use curly braces to avoid double substitution][$::uniqueid] /Common/f5.bigiq-analytics definition:2730: warning: [use curly braces to avoid double substitution][$::uniqueid] /Common/f5.bigiq-analytics definition:2737: warning: [use curly braces to avoid double substitution][$::uniqueid] /Common/f5.bigiq-analytics definition:2739: warning: [use curly braces to avoid double substitution][$::uniqueid] /Common/f5.bigiq-analytics definition:2778: warning: [use curly braces to avoid double substitution][$::uniqueid] /Common/f5.bigiq-analytics definition:2822: warning: [use curly braces to avoid double substitution][$::uniqueid] /Common/f5.bigiq-analytics definition:2826: warning: [use curly braces to avoid double substitution][$::uniqueid] /Common/f5.bigiq-analytics definition:2833: warning: [use curly braces to avoid double substitution][$::uniqueid] /Common/f5.bigiq-analytics definition:2835: warning: [use curly braces to avoid double substitution][$::uniqueid] 01071008:3: Provisioning failed with error 1 - 'Disk limit exceeded. 16188 MB are required to provision these modules, but only 15752 MB are available.' . Unexpected Error: Validating configuration process failed. So first I figure out whats on each partition # tmsh show /sys software status --------------------------------------------------------- Sys::Software Status Volume Slot Product Version Build Active Status --------------------------------------------------------- HD1.1 4 BIG-IP 13.1.1.5 0.0.4 yes complete HD1.2 4 BIG-IP 12.1.3.5 0.0.10 no complete HD1.3 4 BIG-IP 13.1.1.4 0.0.4 no complete Then check disk configuration by running # tmsh list /sys disk logical-disk HD1/4 all-properties sys disk logical-disk HD1/4 { mode mixed size 102400 vg-free 11852 vg-in-use 89296 vg-reserved 0 } Now let's modify the vg-reserved to a minimum of 10,000 but let's go for what the error was above which said a min of 16188 is needed so to be safe I'm reserving 20,000 with the following command tmsh modify /sys disk logical-disk HD1 vg-reserved 20000 And you can repeat the tmsh list /sys disk logical-disk to see the new value. Now re-run the command tmsh load /sys config verify STILL ERROR so I rebooted to see if that would work
  23. A quick breakout of the operating system for your reference
  24. If you want to send curl multiple times you can use (below its 20 times) for i in 'seq 1 20';do curl https://10.44.88.98/sahealth/f5chk.html
  25. Application Services 3 Extension (referred to as AS3 Extension or more often simply AS3) is a flexible, low-overhead mechanism for managing application-specific configurations on a BIG-IP system. AS3 uses a declarative model, meaning you provide a JSON declaration rather than a set of imperative commands. The declaration represents the configuration which AS3 is responsible for creating on a BIG-IP system. AS3 is well-defined according to the rules of JSON Schema, and declarations validate according to JSON Schema. AS3 accepts declaration updates via REST (push), reference (pull), or CLI (flat file editing). AS3 overview: Install & Use AS3: Requirements for using AS3 with BIG-IQ To use AS3 with BIG-IQ, you must perform the following. For specific instructions on these tasks, see the BIG-IQ online help or documentation (BIG-IQ) or the BIG-IP documentation. Install BIG-IQ v6.1.0 or later. Manage one or more BIG-IP devices in BIG-IQ. LTM and any other relevant services should be discovered/imported. Specify the target BIG-IP in your AS3 declarations on BIG-IQ. BIG-IQ can manage multiple BIG-IP devices, so declarations must specify the applicable BIG-IP. In order to make use of BIG-IQ’s analytics capabilities, you must also: Connect at least one (data collection device) to BIG-IQ. Use BIG-IP version 13.1.0.5 or newer. Provision Analytics (PDF) (Analytics) on BIG-IP. Enable stats for the BIG-IP within BIG-IQ. Configure an analytics profile for your service in the declaration. Additionally, we recommend that: You use AS3’s asynchronous mode (by POSTing with the query parameter ?async=true). AS3 waits for applications to be configured in BIG-IQ, which can result in timeouts when using AS3’s synchronous mode. See Method POST for more information. IMPORTANT: AS3 3.7.0 introduces new behavior for asynchronous mode. Even if you have asynchronous mode set to false, after 45 seconds AS3 sets asynchronous mode to true (API swap), and returns an async response. This allows you to use GET to poll for status (you should see a 202 status until the declaration is complete). This typically occurs for most declarations to BIG-IQ (and only very large declarations to BIG-IP); if the declaration completes in less than 45 seconds, AS3 does not modify asynchronous mode. You only use AS3 running on BIG-IQ. BIG-IQ does not support cases where AS3 runs externally (in a container for example). To make use of the RBAC capabilities on BIG-IQ: Use BIG-IQ’s auth token for authentication (see the BIG-IQ auth documentation for specific instructions). For application creation, add users to a custom Application Creator role, with access to any relevant AS3 templates. For each application created, a manager and viewer role are created automatically. Important Currently, the DELETE method is not supported when using BIG-IQ and AS3 with the target field. Additionally, the PATCH method when using BIG-IQ and AS3 with the target field is only supported using BIG-IQ 7.0 or later and AS3 3.10.0 and later; previous versions are not supported. Install AS3 If you are familiar with the BIG-IP system, and generally familiar with REST and using APIs, this section contains the minimum amount of information to get you up and running with AS3. Download the latest RPM package from F5 AS3 site on GitHub in the dist directory. Upload and install the RPM package on the using the BIG-IP GUI: Main tab > iApps > Package Management LX > Import Select the downloaded file and click Upload For complete instructions see Installing AS3 using the BIG-IP Configuration utility or Installing AS3 using cURL from the Linux shell. Be sure to see the known issues on GitHub (https://github.com/F5Networks/f5-appsvcs-extension/issues) and Warnings, Notes, & Tips pages to review any known issues and other important information before you attempt to use AS3. Provide authorization (basic auth) to the BIG-IP system: If using a RESTful API client like Postman, in the Authorization tab, type the user name and password for a BIG-IP user account with Administrator permissions. If using cURL, see Installing AS3 using cURL from the Linux shell. Copy one of the Example declarations which best matches the configuration you want to use. Alternatively, you can use the simple “Hello World” example below, which is a good start if you don’t have an example in mind. Paste the declaration into your API client, and modify names and IP addresses as applicable. See Appendix A: Schema Reference for additional options you can declare. POST to the URI https://<BIG-IP>/mgmt/shared/appsvcs/declare Quick Start Example 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 { "class": "AS3", "action": "deploy", "persist": true, "declaration": { "class": "ADC", "schemaVersion": "3.0.0", "id": "urn:uuid:33045210-3ab8-4636-9b2a-c98d22ab915d", "label": "Sample 1", "remark": "Simple HTTP Service with Round-Robin Load Balancing", "Sample_01": { "class": "Tenant", "A1": { "class": "Application", "template": "http", "serviceMain": { "class": "Service_HTTP", "virtualAddresses": [ "10.0.1.10" ], "pool": "web_pool" }, "web_pool": { "class": "Pool", "monitors": [ "http" ], "members": [ { "servicePort": 80, "serverAddresses": [ "192.0.1.10", "192.0.1.11" ] } ] } } } } } I loaded Postman up on a Centos 7 virtual to test with inside our corporate intranet and no luck testing using the same method as described in the video above. I get the following error whenever I try and post. Some great links Validate Declarations BIG-IQ Monitoring and Managing AS3 Template example Using declarations with AS3 Templates Still need more manuals on BIG-IQ
  26. Declarative Onboarding https://clouddocs.f5.com/products/extensions/f5-declarative-onboarding/latest/ App Services Extension https://clouddocs.f5.com/products/extensions/f5-appsvcs-extension/latest/ Telemetry Streaming https://clouddocs.f5.com/products/extensions/f5-telemetry-streaming/latest/ Intro to DevOps https://clouddocs.f5.com/training/community/programmability/html/ Quick-hit learning material https://www.youtube.com/channel/UCtVHX3fmQVjVgj_cGRIxRSg
  1. Load more activity
×
×
  • Create New...