11.4 iapp namespace
Hi, I'm developing some iApp templates based on the f5.http. I need to be able to let the user decide if a specific pool member is enabled or disabled when the iApp is deployed. I already added in the presentation section a choice field to enable or disable the member: table members { editchoice addr display "large" tcl { package require iapp 1.0.0 return [iapp::get_items ltm node] } string port display "small" required default "80" validator "PortNumber" string connection_limit display "small" required default "0" validator "NonNegativeNumber" optional ( lb_method == "ratio-member" || lb_method == "ratio-node" || lb_method == "ratio-session" || lb_method == "ratio-least-connections-member" || lb_method == "ratio-least-connections-node" || lb_method == "dynamic-ratio-member" || lb_method == "dynamic-ratio-node" ) { string ratio default "1" validator "NonNegativeNumber" display "small" } optional ( options.advanced == "yes" && use_pga == "yes" ) { string priority default "0" required validator "NonNegativeNumber" display "small" } optional ( options.advanced == "yes" ) { choice state display "xlarge" default "enabled" } } The pool is configured with this statement in the template: array set pool_arr { 1,0 { [iapp::conf create ltm pool ${app}_pool \ [iapp::substa pool_ramp_pga_arr($advanced,$do_slow_ramp,$do_pga)] \ [iapp::substa pool_lb_queue_arr($advanced)] \ [iapp::substa monitor_arr($new_pool,$new_monitor,$advanced)] \ [iapp::pool_members $::pool__members]] \ [iapp::conf modify ltm pool ${app}_pool \ ] } 0,0 { [expr { $::net__server_mode ne "tunnel" ? \ $::pool__pool_to_use : $::pool__pool_to_use_wom }] } * { none translate-address disabled } } As the pool members are configured with the "iapp::pool_members" routine, it would be best if this configures the state of the member too. I haven't found the source of this routine so i don't know if it is capable of doing this. Is there any documentation on the iapp:: namespace and it's source code? If the routine is not capable of setting the state - any ideas on how to configure the member state besides iterating over the $::pool__members variable? Greetings, Eric278Views0likes2CommentsF5 automated backup script not removing ucs archives/executing post copy clean up commands.
I've installed the https://devcentral.f5.com/codeshare/complete-f5-automated-backup-solution components and when utilizing the scp option have noticed that, although the archives do get copied to remote storage, the /var/local/ucs archives are not being cleaned up. I've seen posts which recommend changing from exec rm -f BACKUPDIRECTORY/$fnameBACKUPFILESCRIPTEXTENSION to exec rm -f BACKUPDIRECTORY/${fname}BACKUPFILESCRIPTEXTENSION which did not help. To me it appears that once the call to execute the bash script, which handles the scp, is performed it never properly returns back to the calling script. I'm basing this on the fact that neither /var/local/usc archives or the /var bash script are ever cleaned up. The commands to remove them immediately follows the call to the bash script. I've modified the command that builds the scp.sh bash, appending the clean up commands to the end of it, so that the clean up happens w/in the bash script before it returns back to the calling script. Before: exec echo -e "put()\n{\n\tfields=\"username server directory\"\n\ti=1\n\tf5masterkey=\$(f5mku -K)\n\tfor current_field in \$fields ; do\n\t\tsedcommand=\"\${i}p\"\n\t\tcurrent_encrypted_value=\$(sed -n \"\$sedcommand\" $configfile)\n\t\tcurrent_decrypted_value=\$(echo \"\$current_encrypted_value\" | openssl aes-256-ecb -salt -a -d -k \$f5masterkey)\n\t\teval \"\$current_field=\$current_decrypted_value\"\n\t\tlet i=\$i+1\n\t\tunset current_encrypted_value current_decrypted_value sedcommand\n\tdone\n\tsed -n '4,\$p' $configfile | openssl aes-256-ecb -salt -a -d -k \$f5masterkey > /var/tmp/scp.key\n\tchmod 600 /var/tmp/scp.key\n\tscp -i /var/tmp/scp.key BACKUPDIRECTORY/${fname}BACKUPFILESCRIPTEXTENSION \${username}@\${server}:\${directory}\n\trm -f /var/tmp/scp.key\n\treturn \$?\n}\n\nput" > $scriptfile After: exec echo -e "put()\n{\n\tfields=\"username server directory\"\n\ti=1\n\tf5masterkey=\$(f5mku -K)\n\tfor current_field in \$fields ; do\n\t\tsedcommand=\"\${i}p\"\n\t\tcurrent_encrypted_value=\$(sed -n \"\$sedcommand\" $configfile)\n\t\tcurrent_decrypted_value=\$(echo \"\$current_encrypted_value\" | openssl aes-256-ecb -salt -a -d -k \$f5masterkey)\n\t\teval \"\$current_field=\$current_decrypted_value\"\n\t\tlet i=\$i+1\n\t\tunset current_encrypted_value current_decrypted_value sedcommand\n\tdone\n\tsed -n '4,\$p' $configfile | openssl aes-256-ecb -salt -a -d -k \$f5masterkey > /var/tmp/scp.key\n\tchmod 600 /var/tmp/scp.key\n\tscp -i /var/tmp/scp.key BACKUPDIRECTORY/${fname}BACKUPFILESCRIPTEXTENSION \${username}@\${server}:\${directory}\n\tcp /var/tmp/scp.key /var/tmp/scp.key.bak\n\trm -f /var/tmp/scp.key\n\trm -f BACKUPDIRECTORY/${fname}BACKUPFILESCRIPTEXTENSION\n\trm -f $scriptfile\n\treturn \$?\n}\n\nput" > $scriptfile This seems to work but I was wondering if anyone else has encountered this issue and has a better solution?654Views0likes1CommentExchange 2016 iApp Template v1.0.2 and the current RC
I'm trying to use the Exchange 2016 iApp when I try to create the Application Service it throws the following error: Error parsing template:can't eval proc: "script::run" script does not exist while executing "tmsh::run_proc avr" (procedure "script::run" line 1) invoked from within "script::run" line:1 ! I'm a newb with BIG-IP, but all the other templates in the iapps 1.0.0.492.0 download work fine.447Views0likes6CommentsF5 iApp Exchange 2016 AD - Authentication Fail - UPN suffix mismatch
Hi Everybody We are in the process of deploying Exchange 2016 / Outlook 2016 with F5 v11.6.0 (build 4.0.420) and APM. Our reference is the Exchange 2016 deployment guide (https://www.f5.com/pdf/deployment-guides/microsoft-exchange-2016-dg.pdf). We are using the latest iApp . Without APM it seems to be working fine, but as soon as we enable APM we are having athentication problems with Outlook Anywhere. When we start Outlook 2016, it tries to authenticate using UPN firstname.lastname@company.com. The internal domain used however is company.local instead of company.com. So we are running into the problem described here (https://support.f5.com/csp/article/K12252), where UPN suffix does not equal domain suffix. I get the same error "... Please verify Active Directory and DNS configuration...." when doing a manual adauth test via CLI. We cannot seem to get the workaround descibed to work (replace APM AD Auth with LDAP). Does anybody have a reference or can tell me if it is even possible to configure the APM (i.e. modify the iApp) to use LDAP instead of AD Auth with SSO in this scenario? Any advice would be greatly appreciated. Thanks in advance. Ingo363Views0likes1CommentiApp missing smartcard authentication section in the deployment guide for Horizon View
We have a pair of 6900s in an HA configuration with fully licensed APM and LTM. I want to use the f5.vmware_view.v1.5.0rc1 iApp for Horizon view. It loads fine but omits the whole section on smartcard authentication in the APM section of the accompanying deployment guide. This is a critical feature that we need for this implementation. The rest of the APM questions appear as they do in the guide. How can I get the iApp to show this section?280Views0likes3Comments