Saturday 20 July 2019

F5 CLI commands


Commands
Explaination
Config# date MMDDhhmmYYYY.ss
System - Fri Sep  7 17:19:10 PDT 2018
#tmsh list sys management-ip
Shows system management IP address
(tmos)# list /sys ucs
Shows details of file in /var/local/ucs/
Tmos# save sys ucsfilename.ucs
Creates ucs backup file for current config
# save /sys ucs /var/tmp/MyUCS.ucs passphrase password
encrypt the UCS archive with a passphrase
# save /sys ucs /var/tmp/MyUCS.ucs no-private-key
exclude SSL private keys from the UCS archive
Tmos# save sys config
Save the configuration change from bigip.conf file into RAM
# tmsh load /sys ucs /var/tmp/MyUCS.ucs no-license
install the UCS archive from mentioned location, this cannot be done from GUI only CLI, used for new RMA device
Tmos# load sys ucscs_backup.ucs
Restore backup file
#tar –xvzf train1_base.ucs
Decompress and extract the file contents
Tmos# load sys config verify
Verifies config files
Tmos# load sys config
Will load bigip.conf file into ram for settings to take effect
Tmos# show ltm persistence persist-records
Persistent connection
Tmos# show sys memory

Tmos# show sys hardware
(tmos)# show sys hardware | grep Appliance Serial
Device show  number details
(tmos)# show cm device
Hostname, Mgmt Ip
(tmos)# modify sys global-settings hostname bigip1.com
# tmsh modify cm device <hostname_of_the_device> hostname <new_hostname>
Change hostname of f5, name FQDN
Tmos#show sys version

Tmos# show sys software
To view the complete list of currently installed software images
Tmos# list sys software image
To view the software images available for installation in /shared/images/
Tmos# install sys software image BIGIP-12.0.0.0.0.606.iso volume HD1.5 create-volume
to install BIG-IP 12.0.0 to new volume HD1.5
Tmos# install sys software hotfix Hotfix-BIGIP-11.0.0-1234.0-HF1.iso volume HD1.1
to install a hotfix on HD1.1
Tmos# show sys software status
To show the status of the hotfix installation
Tmos# delete sys software volume HD1.1
to delete volume HD1.1 running BIG-IP 10.2.4
Tmos# show sys ucs

Tmos# show ltm
Detailed Status of virtual servers, pools, nodes
Tmos# show ltm virtual
Status of virtual servers
Tmos# show sys disk

Config# config
GUI based management IP configure
Root# bigtop
# bigtop -n -scroll 0<&- > /var/tmp/bigtop.out
displays real-time statistical information for BIG-IP LTM system objects such as virtual servers and nodes
Output file for bigtop
root# bigstart restart mcpd
can use the command line to manage most core daemons on the BIG-IP system. ,To stop, start, restart, or view the status of a daemon using the bigstart command
config # bigstart status
config # bigstart status | grep mcpd
command returns output for daemons related to the unprovisioned module
Root# config
For setting management IP address for f5
Root# netstat –nr/-r
Route table of F5 with default gateway
# tmsh list net self-allow
Port lockdown - the default supported protocols and services
# tmshmodify /net self 10.10.10.1 allow-service default
port lockdown setting for self IP address 10.10.10.1 to default
# tmshmodify /sys dns name-servers add { 192.168.1.2 192.168.100.100 192.168.200.200 }
To add a name server to your/etc/resolv.conf file
# tmshmodify /sys dns name-servers delete { 192.168.1.2 192.168.100.100 192.168.200.200 }
delete
# tmshmodify /sys dns name-servers none
can remove all configured name servers
# tmshmodify /sys dns search add { f5.com foo.com test.com }
add one or more domains to your DNS search list
check system is able to resolve names
# qkview
# qkview -s0 -f /var/tmp/f5waf25.qkview
qkview utility is a script, automatically collects configuration and diagnostic information from f5
config # tmsh list net interface media-active vendor serial
SFP device serial number
config # tmsh list net interface all-properties
All interface details
(tmos)# list net interface media-capabilities
Display the valid media types for a specific interface. 100TX-HD,1000T-FD
Config# ifconfig eth0
Interface eth0 details
Config# ping --help
Ping command options
(tmos)# ping -I 192.168.1.245 192.168.1.246
PING 192.168.1.246 (192.168.1.246) from 192.168.1.245 : 56(84) bytes of data
Config# telnet 10.2.0.11 80
Get / http/1.1
Command to server for port 80 service confirmation
Config# curl http://10.2.0.11
Html content from server
(tmos)# list ltm monitor http my_http
Will show health monitor configuration
Config# ntpq –pn
Check system time is in sync with ntp server
Config# ntpstat
Stratum  and in sync
Config# top
Real time cpu utilization
Config# ps –ef
Cpu utilization with each PID
#show
Will show working status
#list
Will show configuration details
(tmos)# show /ltm pool

(tmos)#ltm
(tmos.ltm)# show pool

(tmos.ltm)# pool
(tmos.ltm.pool)# show members

Config# tmsh show /ltm pool
Shows current status of pool with bits in/out
(tmos)# list /ltm pool
Will show pool members and details associated with them
Config# tmsh show /ltm pool p_80pool members {all}
Show all pool members of pool p_80pool details
(tmos.ltm)# create pool TEST-POOL-1
Config# tmsh create /ltm pool TEST-POOL-1
Create pool object from  CLI
Config# tmsh delete /ltm pool TEST-POOL-1
delete pool object from  CLI
Config# tmsh reboot
config # shutdown -r now
Device reboot
config # shutdown -H now
Device operation will halt, but will be powered ON
config # shutdown -P now
Device will power OFF
Config# switchboot –b HD1.1
Default boot partition set
Config# switchboot -l
Shows current, default and available boot images
Tmos# reboot volume HD1.1
to boot the BIG-IP system to volume HD1.1 running BIG-IP 12.0.0, Current config is not restored after reboot
Tmos# cpcfg --source=HD1.2 HD1.3
to copy the configuration from boot location HD1.2 (11.3.0) to boot location HD1.3 (11.4.0)
Config# cpcfg --source=HD1.2 --reboot HD1.3
to copy the configuration from boot location HD1.2 (BIG-IP 11.3.0) to boot location HD1.3 (BIG-IP 11.4.0) and immediately reboot the system to the HD1.3 boot location
Config# keyswap.sh sccp
To verify that the BIG-IP system synchronized the new or replaced secure shell (SSH) keys with the Switch Card Control Processor (SCCP)
Config# md5sum /shared/images/BIGIP-12.0.0.0.0.606.iso
to obtain the MD5 checksum value for the BIG-IP 12.0.0 .iso file
Config# md5sum --check Hotfix-BIGIP-11.0.0-8120.0-HF1.iso.md5
output verifies the integrity of the Hotfix-BIGIP-11.0.0-8120.0-HF1.iso file
Config# md5sum -c EUD_B-11.4.0.4.0.im.md5
to check the EUD ISO or IM file integrity
Config# im<file_name>.im
Installing the EUD from an IM installation package
Tmos# modify /ltm node 10.10.10.211 session user-disabled
Tmos# modify /ltm node <node name> session user-enabled
to set the state of the node 10.10.10.211 to Disabled/enabled
Tmos# modify /ltm node 10.10.10.211 state user-down session user-disabled
Tmos# modify /ltm node <node name> state user-up session user-enabled
to set the state of the node 10.10.10.211 to Forced Offline/online
Tmos# tmsh delete /sys connection ss-server-addr 10.10.10.211
If after disabling or forcing the node offline, you want to delete all connections to that node, to delete all connections to node 10.10.10.211
Tmos# modify /ltm pool http-pool members modify { 10.10.10.211:http { session user-disabled } }
Tmos# modify /ltm pool http-pool members modify { <pool member:port> { session user-enabled } }
to set the state of the pool member 10.10.10.211:http in pool http-pool to Disabled/enabled
Tmos# modify /ltm pool http-pool members modify { 10.10.10.211:http { session user-disabled state user-down} }
Tmos# modify /ltm pool http-pool members modify { <pool member:port> { session user-enabled state user-up } }
to set the state of the pool member 10.10.10.211:http in pool http-pool to Forced Offline/Online
#tmsh show /ltm pool https_pool |more
#tmsh show /ltm virtual vs_https |more
view pool statistics and virtual server statistics by entering the following commands
Tmos# tmsh delete /sys connection ss-server-addr 10.10.10.211 ss-server-port 80
to delete all port 80 connections to the pool member 10.10.10.211:http
config # tmsh show sys log

Sys::Log

 daemon       : Unix Daemon Logs
gtm          : Global Traffic Manager Logs
 kernel       : Linux Kernel Messages
ltm          : Local Traffic Manager Logs
 mail         : Mail Daemon Logs
 messages     : Application Messages
 security     : Security Related Messages
tmm          : Traffic Manager Microkernel Logs
 user         : Various user process logs
webui        : Logs for the Web User Interface
 audit        : Audits of configuration changes
Logs shown

Config# zcat
can run the Linux zcat command at the system prompt to expand the codes in log messages to provide more information.
# tmsh show sys conn cs-client-addr “client IP”
to show a client’s current connection in the connection table
(tmos.net)#show interface <interface_key>
# tmsh show net interface
(tmos.net)#show interface
Display the current status of a specific interface
Display the current status of all interfaces.
#tmsh list /net vlan | less

#tmsh list /net self | less

#tmsh list /net interface | less

#tmsh show /sys license | less

# tar -czpf /var/tmp/logfiles.tar.gz /var/log/*
Create a tar archive named logfiles.tar.gz in the /var/tmp directory which contains all the files in the /var/log directory

“| less” command used in the instructions below allows scrolling when output from a tmsh command is more than the console can display on one screen. Use the arrow keys and the space bar to scroll through the output. Press <q> to quit scrolling mode and return to the Linux bash prompt.
Press “ q“ as quit to exit

No comments:

Post a Comment

iRule

  iRule: -- o iRule is a powerful and flexible feature within the BIG-IP local traffic management (LTM). o IRule is a powerful & flexibl...