objRename script
Objective: Rename user defined monitors, client-ssl profiles (and related certs and keys), and iRules with specified prefix in preparation for a device import into BIG-IQ.
Prep-work
· Verify HA is synched
· Save running config to file
· Backup current config
· Take snapshot of pre-change pool member stats (for post change validation)
Monitors
· Rename user defined monitors
· Update objects referring to renamed monitors with new monitor names
· Delete old (unused) monitors
SSL-Profiles, Certs, and Keys
· Obtain user defined certs and keys from BIG-IP.
· Re-install certs and keys with new names
· Rename SSL profiles and update with new cert and key names
· Update objects referring to renamed SSL-profiles with new profile names
· Delete old (unused) SSL profiles, certs, and keys.
iRules
· Obtain user defined iRules from BIG-IP
· Rename iRules
· Update objects referring to renamed iRules
· Delete old (unused) iRules
Post-change
· Save running config to file
· Take snapshot of post-change pool member stats
· Compare pre-change and post-change pool member stats
Implementation
1. On the BIG-IP, create a directory to work from like /var/tmp/objRename
mkdir /var/tmp/objRename
If the directory is different than above, change the filePath in the script accordingly
filePath="/var/tmp/objRename/"
2. Copy the script to the working directory and change permissions so we can execute it
Chmod 755 /var/tmp/objRename/objRename.sh
3. Run the script with a single command line argument for the tag string that will be prepended to the renamed objects (monitors, client-ssl profiles, certs, keys, and iRules) in preparation for import into BIG-IQ.
Example:
./objRename.sh SK-PrdInt
Post Implementation
After the script completes, there will be files and directories created in the working directory. The following files are created and can be used for validation or trouble shooting.
objRename.log – log file showing actions taken and timestamps which can be correlated to the ltm and audit logs on the BIG-IP
postchange-stats, prechange-stats – status of pool members taken before and after change for validation
mon/new-monitors – config file containing renamed monitors for loading onto BIG-IP
mon/orig-monitors – config file containing original monitors taken prior to change
mon/new-tmshcommands – file of tmsh commands for modifying nodes and pools to refer to renamed monitors
ssl/orig-filenames – list of ssl certs and keys from BIG-IP which will be renamed.
ssl/[cert and key files] – renamed ssl certs and keys to be installed onto BIG-IP
ssl/affected-clientssl – client ssl profiles that need to be renamed
ssl/new-clientssl – config file containing renamed client-ssl profiles and new cert/key references
ssl/vs-tmscommands – file containing tmsh commands to update virtual servers with renamed client-ssl profiles
ssl/sslprof-tmshcommands – file with tmsh commands to delete old (unused) client-ssl profiles
rul/orig-irules – config file containing iRules from BIG-IP that will be renamed
rul/new-irules – config file containing renamed iRules
As the script finishes, it will take another snapshot of current pool members stats on the BIG-IP for comparison to the pre-change snapshot that was taken. If there are any differences you will see output like the example below which can be followed up to determine cause.
Obtaining post-change pool member stats
Diff of Pre and Post change pool member stats:
478,480c478,480
Before - vltimagent-pool-16231 vltimagent 10.65.14.57 16231 offline enabled
Before - sdipim-pool-16232 vltimagent 10.65.14.57 16232 offline enabled
Before - vltimagentad-pool-45580 vltimagent 10.65.14.57 45580 offline enabled
---
After - vltimagent-pool-16231 vltimagent 10.65.14.57 16231 unknown enabled
After - sdipim-pool-16232 vltimagent 10.65.14.57 16232 unknown enabled
After - vltimagentad-pool-45580 vltimagent 10.65.14.57 45580 unknown enabled
Backout Procedure
Before changes are made, the script generates SCF and UCS files for backout purposes. The files are located in /var/local/scf/ and /var/local/ucs/ respectively.
SCF and UCS filename format: pre-change_[big-ip-hostname]_[yyyy-mm-dd]
Restoring from the SCF file
https://support.f5.com/csp/article/K13408
Restoring from the UCS file
https://support.f5.com/csp/article/K13132