I am trying to somewhat automate the certificate bundle update on the F5 devices. There is not one command that can check for SSL bundle expiry and match it to the server SSL profile name. So I am trying to do it with greps (as its all I know =) There are two commands:
tmsh -c "cd /;list sys file ssl-cert recursive is-bundle expiration-string" | grep true -B 2 | grep "2018 GMT\|2019 GMT\|2020 GMT\|2021 GMT\|2022 GTM" -B 1 | grep ssl-cert | awk -F[\ \{] '{print $4}'
This will give an output of expired bundle names, one on each line, like this
Common/somebundle.crt
Common/someotherbundlename.crt
Common/whoknowswhatthisbundleisfor.crt
tmsh -c 'cd /;list ltm profile server-ssl recursive ca-file chain'
This command will get a list of all server-ssl profile names and its links to certs/bundles etc. I am them using | grep Common/somebundle.crt -B 1
to only give me info about a particular output from the command 1 output. So command 2 becomes:
tmsh -c 'cd /;list ltm profile server-ssl recursive ca-file chain' | grep Common/somebundle.crt -B 1
Then I have to manually repeat for each of the found bundles in command 1 output.
I am trying to somehow use command 1 and then either xargs (or whatever I can) to run the command 2, passing the output from 1 into the grep in 2
It does not have to be one-liner, I just dont know bash enough to write a script
I have created something that works, though not very clean looking =)
for i in $(tmsh -c "cd /;list sys file ssl-cert recursive is-bundle expiration-string" | grep true -B 2 | grep "2018 GMT\|2019 GMT\|2020 GMT\|2021 GMT\|2022 GTM" -B 1 | grep ssl-cert | awk -F[\ \{] '{print $4}'); do echo -n "$i -> "; tmsh -c "cd /;list ltm profile server-ssl recursive" | grep -B20 $i >> /dev/null || echo "Not Found" && tmsh -c "cd /;list ltm profile server-ssl recursive" | grep -B20 $i |grep -i "ltm profile" | tail -n1 | awk -F "{" '{print $1}' ; done
It should be possible with bash while
loop and read
function. You can pipe your first command into while loop, reading line-by-line your output:
tmsh -c "cd /;list sys file ssl-cert recursive is-bundle expiration-string" | grep true -B 2 | grep "2018 GMT\|2019 GMT\|2020 GMT\|2021 GMT\|2022 GTM" -B 1 | grep ssl-cert | awk -F[\ \{] '{print $4}' | while read bundle;do tmsh -c 'cd /;list ltm profile server-ssl recursive ca-file chain' | grep "$bundle" -B 1 |...do whatever else is needed ;done
It also can be splitted into normal multiline script:
tmsh -c "cd /;list sys file ssl-cert recursive is-bundle expiration-string" | grep true -B 2 | grep "2018 GMT\|2019 GMT\|2020 GMT\|2021 GMT\|2022 GTM" -B 1 | grep ssl-cert | awk -F[\ \{] '{print $4}' | while read bundle
do
echo "===== $bundle ===="
tmsh -c 'cd /;list ltm profile server-ssl recursive ca-file chain' | grep "$bundle" -B 1 |...do whatever else is needed
done