Forum Discussion

saidshow's avatar
saidshow
Icon for Cirrus rankCirrus
Jun 19, 2019

Automated ASM Backup - working bash script now to automate or convert to iCall/tcl

Hi All,

 

I have put together a BASH script that when run performs a backup of the ASM policies and copies them to a remote location. The script runs great and I have had it set as a Cron job in my lab setup to automate the backups. Unfortunately, the business does not want a script running as a Cron job on the F5.

 

I have had it suggested to me to use iCall. I have seen only limited information regarding iCall that was written in a way that someone that has never seen iCall could understand. This got me far enough to understand that iCall runs tcl scripts, not bash scripts! The result being if I was to use iCall I would need to re-write the script completely.

 

I am looking for 2 options here:

 

  •    A means to automate running a bash script on the F5.
  •    OR detailed information or getting started with iCall - Better yet, converting bash to tcl.

 

To illustrate my issue, my bash script lives on the F5 and does the following:

  •    reads a counter value from a file
  •    curl command to the management interface and copies a list of ASM policy details to a txt file.
  •    greps the policy names from the original txt file to a new txt file.
  •    greps the policy IDs from the original txt file to a new txt file.
  •    sets a parameter with the current data and time as the value
  •    makes a localDirectory using the data and time parameter as the folder name (this ensures a known date of the backup - also ensures you can re-run and get a new folder on the same day if required)
  •    uses curl post and get commands to get the policies from the F5.
  •    curl upload-file command to copy files to remote smb location
  •    adjust the counter
  •    performs a cleanup of any files that were created locally.

 

If I switch over to using iCall the above all needs to be done with tcl - I am not sure how much of that is supported. I have found that "echo" is replaced with "puts", is there a "curl", "cat", etc equivalent?

 

Thanks in advance

  • For the basics see https://devcentral.f5.com/s/articles/what-is-icall-27404

     

    Also check out the following as an iCall example https://devcentral.f5.com/s/articles/icall-crl-update-with-route-domains-and-auto-sync-1169 (shameless plug of my own code)

     

    You can run shell commands from TCL using the exec command and also run tmsh commands (see TMSH scripting help at https://clouddocs.f5.com/api/tmsh/)

     

    It is a lot to take in and learn over running Bash scripts (and using cron to schedule them) as the iCall scripts and configuration is part of the F5 configuration so backed up and retained during upgrades.

  • Hello guys, can i use the same script in LTM (v12.1.4) to get a backup of LTM config and other tmsh show commands output in a csv or XML format?

    and... What does "app-service none" mean?

  •   - You did it mate!! I have what I need now. I had a script setup and the script running with the periodic handler, the missing component was the exec command in the script!!! The missing component was simple but I couldn't find it anywhere. Thank You!!!

    • Andy_McGrath's avatar
      Andy_McGrath
      Icon for Cumulonimbus rankCumulonimbus

      @saidshow not a problem, glad you managed to work it out.

       

      It it always is the simple things missed that catch us out, took me a while and many many versions to get that iCall working correctly.

       

      Also if you want to set my answer as the accepted answer will hopefully help other in the future.

      • saidshow's avatar
        saidshow
        Icon for Cirrus rankCirrus

        Sorry it took me so long to come back and put some detail here.

        1. First up, I copied my bash script to the F5 platform.
        2. Next I created the iCall script that will execute the bash script.
        3. Finally I created the iCall period handler that will run every 4 weeks.

        *From interactive tmsh shell on the F5:

        create sys icall script asmBackupScript

        Now in VIM, edit the script and save.

           sys icall script hi {
         
              app-service none
         
              definition {
         
                 exec /asmBackup/asmBackup.sh
         
              }
         
              description none
         
              events none

        Creating the iCall Periodic Handler:

        The one liner below needs to run from an interactive tmsh shell.

        create sys icall handler periodic asmBackupHandler {interval 2419200 script asmBackupScript}

        You can then edit this script further in vim by running:

        edit sys icall handler periodic asmBackupHandler

        eg: you can add a time for this script to run first time:

        The setup below will see the script run every 4th Sunday at 10:00am

        sys icall handler periodic asmBackupHandler {
        	first-occurrence 2019-07-07:10:00:00
        	interval 2419200
        	script asmBackupScript
        }
  • For the basics see https://devcentral.f5.com/s/articles/what-is-icall-27404

     

    Also check out the following as an iCall example https://devcentral.f5.com/s/articles/icall-crl-update-with-route-domains-and-auto-sync-1169 (shameless plug of my own code)

     

    You can run shell commands from TCL using the exec command and also run tmsh commands (see TMSH scripting help at https://clouddocs.f5.com/api/tmsh/)

     

    It is a lot to take in and learn over running Bash scripts (and using cron to schedule them) as the iCall scripts and configuration is part of the F5 configuration so backed up and retained during upgrades.