linuxbashsslgrepf5

How do I use to pass output from command as parameter to another (complex)?


I am trying to somewhat automate the certificate bundle update on the F5 devices. There is not one command that can check for SSL bundle expiry and match it to the server SSL profile name. So I am trying to do it with greps (as its all I know =) There are two commands:

  1. tmsh -c "cd /;list sys file ssl-cert recursive is-bundle expiration-string" | grep true -B 2 | grep "2018 GMT\|2019 GMT\|2020 GMT\|2021 GMT\|2022 GTM" -B 1 | grep ssl-cert | awk -F[\ \{] '{print $4}'

This will give an output of expired bundle names, one on each line, like this

Common/somebundle.crt
Common/someotherbundlename.crt
Common/whoknowswhatthisbundleisfor.crt
  1. tmsh -c 'cd /;list ltm profile server-ssl recursive ca-file chain'

This command will get a list of all server-ssl profile names and its links to certs/bundles etc. I am them using | grep Common/somebundle.crt -B 1 to only give me info about a particular output from the command 1 output. So command 2 becomes: tmsh -c 'cd /;list ltm profile server-ssl recursive ca-file chain' | grep Common/somebundle.crt -B 1 Then I have to manually repeat for each of the found bundles in command 1 output.

I am trying to somehow use command 1 and then either xargs (or whatever I can) to run the command 2, passing the output from 1 into the grep in 2

It does not have to be one-liner, I just dont know bash enough to write a script

I have created something that works, though not very clean looking =)

for i in $(tmsh -c "cd /;list sys file ssl-cert recursive is-bundle expiration-string" | grep true -B 2 | grep "2018 GMT\|2019 GMT\|2020 GMT\|2021 GMT\|2022 GTM" -B 1 | grep ssl-cert | awk -F[\ \{] '{print $4}'); do echo -n "$i -> "; tmsh -c "cd /;list ltm profile server-ssl recursive" | grep -B20 $i  >> /dev/null || echo "Not Found" && tmsh -c "cd /;list ltm profile server-ssl recursive" | grep -B20 $i |grep -i "ltm profile" | tail -n1 | awk -F "{" '{print $1}' ; done

Solution

  • It should be possible with bash while loop and read function. You can pipe your first command into while loop, reading line-by-line your output:

    tmsh -c "cd /;list sys file ssl-cert recursive is-bundle expiration-string" | grep true -B 2 | grep "2018 GMT\|2019 GMT\|2020 GMT\|2021 GMT\|2022 GTM" -B 1 | grep ssl-cert | awk -F[\ \{] '{print $4}' | while read bundle;do tmsh -c 'cd /;list ltm profile server-ssl recursive ca-file chain' | grep "$bundle" -B 1 |...do whatever else is needed ;done
    

    It also can be splitted into normal multiline script:

    tmsh -c "cd /;list sys file ssl-cert recursive is-bundle expiration-string" | grep true -B 2 | grep "2018 GMT\|2019 GMT\|2020 GMT\|2021 GMT\|2022 GTM" -B 1 | grep ssl-cert | awk -F[\ \{] '{print $4}' | while read bundle
    do 
    echo "===== $bundle ===="
    tmsh -c 'cd /;list ltm profile server-ssl recursive ca-file chain' | grep "$bundle" -B 1 |...do whatever else is needed 
    
    done