Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- cli admin-partitions {
- update-partition Common
- }
- sys application template /Common/f5.automated_backup.v2.0 {
- actions {
- definition {
- html-help {
- }
- implementation {
- package require iapp 1.0.0
- iapp::template start
- tmsh::cd ..
- ## Backup type handler
- set backup_type $::backup_type__backup_type_select
- set create_backup_command_append_pass ""
- set create_backup_command_append_keys ""
- if { $backup_type eq "UCS (User Configuration Set)" } {
- set create_backup_command "tmsh::save /sys ucs"
- set backup_directory /var/local/ucs
- # Backup passphrase usage
- if { $::backup_type__backup_passphrase_select eq "Yes" } {
- set backup_passphrase $::backup_type__backup_passphrase
- set create_backup_command_append_pass "passphrase $backup_passphrase"
- }
- # Backup private key inclusion
- if { $::backup_type__backup_includeprivatekeys eq "No" } {
- set create_backup_command_append_keys "no-private-key"
- }
- set backup_file_name ""
- set backup_file_name_extension ""
- set backup_file_script_extension ".ucs"
- set scfextensionfix ""
- }
- elseif { $backup_type eq "SCF (Single Configuration File)" } {
- set create_backup_command "tmsh::save /sys config file"
- set backup_directory /var/local/scf
- set backup_file_name_extension ".scf"
- set backup_file_script_extension ""
- }
- if { $::destination_parameters__protocol_enable eq "remotely via SCP" } {
- # Set the config file
- set configfile "/config/f5.automated_backup_scp.conf"
- # Clean the configuration file for this protocol_enable
- exec rm -f $configfile
- # Get the F5 Master key
- set f5masterkey [exec f5mku -K]
- # Store the target server information securely, encrypted with the unit key
- exec echo "$::destination_parameters__scp_remote_username" | openssl aes-256-ecb -salt -a -k ${f5masterkey} > $configfile
- exec echo "$::destination_parameters__scp_remote_server" | openssl aes-256-ecb -salt -a -k ${f5masterkey} >> $configfile
- exec echo "$::destination_parameters__scp_remote_directory" | openssl aes-256-ecb -salt -a -k ${f5masterkey} >> $configfile
- # Clean the private key data before cleanup
- set cleaned_privatekey [exec echo "$::destination_parameters__scp_sshprivatekey" | sed -e "s/BEGIN RSA PRIVATE KEY/BEGIN;RSA;PRIVATE;KEY/g" -e "s/END RSA PRIVATE KEY/END;RSA;PRIVATE;KEY/g" -e "s/ /\\\n/g" -e "s/;/ /g"]
- # Encrypt the private key data before dumping to a file
- set encrypted_privatekey [exec echo "$cleaned_privatekey" | openssl aes-256-ecb -salt -a -k ${f5masterkey}]
- # Store the target server information securely, encrypted with the unit key
- exec echo "$encrypted_privatekey" >> $configfile
- # Create the iCall action
- set script {
- # Get the hostname of the device we're running on
- set host [tmsh::get_field_value [lindex [tmsh::get_config sys global-settings] 0] hostname]
- # Get the current date and time in a specific format
- set cdate [clock format [clock seconds] -format "FORMAT"]
- # Form the filename for the backup
- set fname "${cdate}BACKUPFILENAMEXTENSION"
- # Run the 'create backup' command
- BACKUPCOMMAND $fname BACKUPAPPEND_PASS BACKUPAPPEND_KEYS
- # Set the config file
- set configfile "/config/f5.automated_backup_scp.conf"
- # Set the script filename
- set scriptfile "/var/tmp/scp.sh"
- # Clean, recreate, run and reclean a custom bash script that will perform the SCP upload
- exec rm -f $scriptfile
- exec echo "yes"
- exec echo -e "put()\n{\n\tfields=\"username server directory\"\n\ti=1\n\tf5masterkey=\$(f5mku -K)\n\tfor current_field in \$fields ; do\n\t\tsedcommand=\"\${i}p\"\n\t\tcurrent_encrypted_value=\$(sed -n \"\$sedcommand\" $configfile)\n\t\tcurrent_decrypted_value=\$(echo \"\$current_encrypted_value\" | openssl aes-256-ecb -salt -a -d -k \$f5masterkey)\n\t\teval \"\$current_field=\$current_decrypted_value\"\n\t\tlet i=\$i+1\n\t\tunset current_encrypted_value current_decrypted_value sedcommand\n\tdone\n\tsed -n '4,\$p' $configfile | openssl aes-256-ecb -salt -a -d -k \$f5masterkey > /var/tmp/scp.key\n\tchmod 600 /var/tmp/scp.key\n\tscp -i /var/tmp/scp.key BACKUPDIRECTORY/${fname}BACKUPFILESCRIPTEXTENSION \${username}@\${server}:\${directory}\n\trm -f /var/tmp/scp.key\n\treturn \$?\n}\n\nput" > $scriptfile
- exec chmod +x $scriptfile
- exec $scriptfile
- exec rm -f $scriptfile
- # Remove the backup file from the F5
- exec rm -f BACKUPDIRECTORY/$fnameBACKUPFILESCRIPTEXTENSION
- }
- set script [string map [list FORMAT [lindex [split $::destination_parameters__filename_format " "] 0]] $script]
- set script [string map [list BACKUPFILENAMEXTENSION $backup_file_name_extension BACKUPFILESCRIPTEXTENSION $backup_file_script_extension BACKUPDIRECTORY $backup_directory BACKUPCOMMAND $create_backup_command BACKUPAPPEND_PASS $create_backup_command_append_pass BACKUPAPPEND_KEYS $create_backup_command_append_keys] $script]
- }
- elseif { $::destination_parameters__protocol_enable eq "remotely via SFTP" } {
- # Set the config file
- set configfile "/config/f5.automated_backup_sftp.conf"
- # Clean the configuration file for this protocol_enable
- exec rm -f $configfile
- # Get the F5 Master key
- set f5masterkey [exec f5mku -K]
- # Store the target server information securely, encrypted with the unit key
- exec echo "$::destination_parameters__sftp_remote_username" | openssl aes-256-ecb -salt -a -k ${f5masterkey} > $configfile
- exec echo "$::destination_parameters__sftp_remote_server" | openssl aes-256-ecb -salt -a -k ${f5masterkey} >> $configfile
- exec echo "$::destination_parameters__sftp_remote_directory" | openssl aes-256-ecb -salt -a -k ${f5masterkey} >> $configfile
- # Clean the private key data before cleanup
- set cleaned_privatekey [exec echo "$::destination_parameters__sftp_sshprivatekey" | sed -e "s/BEGIN RSA PRIVATE KEY/BEGIN;RSA;PRIVATE;KEY/g" -e "s/END RSA PRIVATE KEY/END;RSA;PRIVATE;KEY/g" -e "s/ /\\\n/g" -e "s/;/ /g"]
- # Encrypt the private key data before dumping to a file
- set encrypted_privatekey [exec echo "$cleaned_privatekey" | openssl aes-256-ecb -salt -a -k ${f5masterkey}]
- # Store the target server information securely, encrypted with the unit key
- exec echo "$encrypted_privatekey" >> $configfile
- # Create the iCall action
- set script {
- # Get the hostname of the device we're running on
- set host [tmsh::get_field_value [lindex [tmsh::get_config sys global-settings] 0] hostname]
- # Get the current date and time in a specific format
- set cdate [clock format [clock seconds] -format "FORMAT"]
- # Form the filename for the backup
- set fname "${cdate}BACKUPFILENAMEXTENSION"
- # Run the 'create backup' command
- BACKUPCOMMAND $fname BACKUPAPPEND_PASS BACKUPAPPEND_KEYS
- # Set the config file
- set configfile "/config/f5.automated_backup_sftp.conf"
- # Set the script filename
- set scriptfile "/var/tmp/sftp.sh"
- # Clean, recreate, run and reclean a custom bash script that will perform the SCP upload
- exec rm -f $scriptfile
- exec echo "yes"
- exec echo -e "put()\n{\n\tfields=\"username server directory\"\n\ti=1\n\tf5masterkey=\$(f5mku -K)\n\tfor current_field in \$fields ; do\n\t\tsedcommand=\"\${i}p\"\n\t\tcurrent_encrypted_value=\$(sed -n \"\$sedcommand\" $configfile)\n\t\tcurrent_decrypted_value=\$(echo \"\$current_encrypted_value\" | openssl aes-256-ecb -salt -a -d -k \$f5masterkey)\n\t\teval \"\$current_field=\$current_decrypted_value\"\n\t\tlet i=\$i+1\n\t\tunset current_encrypted_value current_decrypted_value sedcommand\n\tdone\n\tsed -n '4,\$p' $configfile | openssl aes-256-ecb -salt -a -d -k \$f5masterkey > /var/tmp/scp.key\n\tchmod 600 /var/tmp/scp.key\n\tscp -i /var/tmp/scp.key BACKUPDIRECTORY/$fnameBACKUPFILESCRIPTEXTENSION \${username}@\${server}:\${directory}\n\trm -f /var/tmp/scp.key\n\treturn \$?\n}\n\nput" > $scriptfile
- exec chmod +x $scriptfile
- exec $scriptfile
- exec rm -f $scriptfile
- # Remove the backup file from the F5
- exec rm -f BACKUPDIRECTORY/$fnameBACKUPFILESCRIPTEXTENSION
- }
- set script [string map [list FORMAT [lindex [split $::destination_parameters__filename_format " "] 0]] $script]
- set script [string map [list BACKUPFILENAMEXTENSION $backup_file_name_extension BACKUPFILESCRIPTEXTENSION $backup_file_script_extension BACKUPDIRECTORY $backup_directory BACKUPCOMMAND $create_backup_command BACKUPAPPEND_PASS $create_backup_command_append_pass BACKUPAPPEND_KEYS $create_backup_command_append_keys] $script]
- }
- elseif { $::destination_parameters__protocol_enable eq "remotely via FTP" } {
- # Set the config file
- set configfile "/config/f5.automated_backup_ftp.conf"
- # Clean the configuration file for this protocol_enable
- exec rm -f $configfile
- # Get the F5 Master key
- set f5masterkey [exec f5mku -K]
- # Store the target server information securely, encrypted with the unit key
- exec echo "$::destination_parameters__ftp_remote_username" | openssl aes-256-ecb -salt -a -k ${f5masterkey} > $configfile
- exec echo "$::destination_parameters__ftp_remote_password" | openssl aes-256-ecb -salt -a -k ${f5masterkey} >> $configfile
- exec echo "$::destination_parameters__ftp_remote_server" | openssl aes-256-ecb -salt -a -k ${f5masterkey} >> $configfile
- exec echo "$::destination_parameters__ftp_remote_directory" | openssl aes-256-ecb -salt -a -k ${f5masterkey} >> $configfile
- # Create the iCall action
- set script {
- # Get the hostname of the device we're running on
- set host [tmsh::get_field_value [lindex [tmsh::get_config sys global-settings] 0] hostname]
- # Get the current date and time in a specific format
- set cdate [clock format [clock seconds] -format "FORMAT"]
- # Form the filename for the backup
- set fname "${cdate}BACKUPFILENAMEXTENSION"
- # Run the 'create backup' command
- BACKUPCOMMAND $fname BACKUPAPPEND_PASS BACKUPAPPEND_KEYS
- # Set the config file
- set configfile "/config/f5.automated_backup_ftp.conf"
- # Set the script filename
- set scriptfile "/var/tmp/ftp.sh"
- # Clean, recreate, run and reclean a custom bash script that will perform the FTP upload
- exec rm -f $scriptfile
- exec echo -e "put()\n{\n\tfields=\"username password server directory\"\n\ti=1\n\tf5masterkey=\$(f5mku -K)\n\tfor current_field in \$fields ; do\n\t\tsedcommand=\"\${i}p\"\n\t\tcurrent_encrypted_value=\$(sed -n \"\$sedcommand\" $configfile)\n\t\tcurrent_decrypted_value=\$(echo \"\$current_encrypted_value\" | openssl aes-256-ecb -salt -a -d -k \$f5masterkey)\n\t\teval \"\$current_field=\$current_decrypted_value\"\n\t\tlet i=\$i+1\n\t\tunset current_encrypted_value current_decrypted_value sedcommand\n\tdone\n\tftp -n \${server} << END_FTP\nquote USER \${username}\nquote PASS \${password}\nput BACKUPDIRECTORY/${fname}BACKUPFILESCRIPTEXTENSION \${directory}/${fname}BACKUPFILESCRIPTEXTENSION\nquit\nEND_FTP\n\treturn \$?\n}\n\nput" > $scriptfile
- exec chmod +x $scriptfile
- exec $scriptfile
- exec rm -f $scriptfile
- # Remove the backup file from the F5
- exec rm -f BACKUPDIRECTORY/$fnameBACKUPFILESCRIPTEXTENSION
- }
- set script [string map [list FORMAT [lindex [split $::destination_parameters__filename_format " "] 0]] $script]
- set script [string map [list BACKUPFILENAMEXTENSION $backup_file_name_extension BACKUPFILESCRIPTEXTENSION $backup_file_script_extension BACKUPDIRECTORY $backup_directory BACKUPCOMMAND $create_backup_command BACKUPAPPEND_PASS $create_backup_command_append_pass BACKUPAPPEND_KEYS $create_backup_command_append_keys] $script]
- }
- elseif { $::destination_parameters__protocol_enable eq "remotely via SMB" } {
- # Set the config file
- set configfile "/config/f5.automated_backup_smb.conf"
- # Clean the configuration file for this protocol_enable
- exec rm -f /config/f5.automated_backup_smb.conf
- # Get the F5 Master key
- set f5masterkey [exec f5mku -K]
- # Store the target server information securely, encrypted with the unit key
- exec echo "$::destination_parameters__smb_remote_username" | openssl aes-256-ecb -salt -a -k ${f5masterkey} > $configfile
- exec echo "$::destination_parameters__smb_remote_password" | openssl aes-256-ecb -salt -a -k ${f5masterkey} >> $configfile
- exec echo "$::destination_parameters__smb_remote_server" | openssl aes-256-ecb -salt -a -k ${f5masterkey} >> $configfile
- exec echo "$::destination_parameters__smb_remote_directory" | openssl aes-256-ecb -salt -a -k ${f5masterkey} >> $configfile
- # Create the iCall action
- set script {
- # Get the hostname of the device we're running on
- set host [tmsh::get_field_value [lindex [tmsh::get_config sys global-settings] 0] hostname]
- # Get the current date and time in a specific format
- set cdate [clock format [clock seconds] -format "FORMAT"]
- # Form the filename for the backup
- set fname "${cdate}BACKUPFILENAMEXTENSION"
- # Run the 'create backup' command
- BACKUPCOMMAND $fname BACKUPAPPEND_PASS BACKUPAPPEND_KEYS
- # Set the config file
- set configfile "/config/f5.automated_backup_smb.conf"
- # Set the script filename
- set scriptfile "/var/tmp/smb.sh"
- # Clean, recreate, run and reclean a custom bash script that will perform the SMB upload
- exec rm -f $scriptfile
- exec echo -e "put()\n{\n\tfields=\"username password server directory\"\n\ti=1\n\tf5masterkey=\$(f5mku -K)\n\tfor current_field in \$fields ; do\n\t\tsedcommand=\"\${i}p\"\n\t\tcurrent_encrypted_value=\$(sed -n \"\$sedcommand\" $configfile)\n\t\tcurrent_decrypted_value=\$(echo \"\$current_encrypted_value\" | openssl aes-256-ecb -salt -a -d -k \$f5masterkey)\n\t\teval \"\$current_field=\$current_decrypted_value\"\n\t\tlet i=\$i+1\n\t\tunset current_encrypted_value current_decrypted_value sedcommand\n\tdone\n\tcd BACKUPDIRECTORY\nsmbclient //\${server}/\${directory} -I \${server} -U \${username}%\${password} -c 'put $fnameBACKUPFILESCRIPTEXTENSION' &> /dev/null\nreturn 0\n}\n\nput" > $scriptfile
- exec chmod +x $scriptfile
- exec $scriptfile
- exec rm -f $scriptfile
- # Remove the backup file from the F5
- exec rm -f BACKUPDIRECTORY/$fnameBACKUPFILESCRIPTEXTENSION
- }
- set script [string map [list FORMAT [lindex [split $::destination_parameters__filename_format " "] 0]] $script]
- set script [string map [list BACKUPFILENAMEXTENSION $backup_file_name_extension BACKUPFILESCRIPTEXTENSION $backup_file_script_extension BACKUPDIRECTORY $backup_directory BACKUPCOMMAND $create_backup_command BACKUPAPPEND_PASS $create_backup_command_append_pass BACKUPAPPEND_KEYS $create_backup_command_append_keys] $script]
- }
- else {
- set script {
- # Get the hostname of the device we're running on
- set host [tmsh::get_field_value [lindex [tmsh::get_config sys global-settings] 0] hostname]
- # Get the current date and time in a specific format
- set cdate [clock format [clock seconds] -format "FORMAT"]
- # Form the filename for the backup
- set fname "${cdate}BACKUPFILENAMEXTENSION"
- # Run the 'create backup' command
- BACKUPCOMMAND $fname BACKUPAPPEND_PASS BACKUPAPPEND_KEYS
- }
- set script [string map [list FORMAT [lindex [split $::destination_parameters__filename_format " "] 0]] $script]
- set script [string map [list BACKUPFILENAMEXTENSION $backup_file_name_extension BACKUPFILESCRIPTEXTENSION $backup_file_script_extension BACKUPDIRECTORY $backup_directory BACKUPCOMMAND $create_backup_command BACKUPAPPEND_PASS $create_backup_command_append_pass BACKUPAPPEND_KEYS $create_backup_command_append_keys] $script]
- }
- iapp::conf create sys icall script f5.automated_backup definition \{ $script \} app-service none
- ## Get time info for setting first-occurrence on daily handler from iApp input
- set freq $::backup_schedule__frequency_select
- #Create the handlers
- if { $freq eq "Disable" } {
- }
- elseif { $freq eq "Every X Minutes" } {
- set everyxminutes $::backup_schedule__everyxminutes_value
- set interval [expr $everyxminutes*60]
- set cdate [clock format [clock seconds] -format "%Y-%m-%d:%H:%M"]
- iapp::conf create sys icall handler periodic f5.automated_backup-handler \{ \
- interval $interval \
- first-occurrence $cdate:00 \
- script f5.automated_backup \}
- }
- elseif { $freq eq "Every X Hours" } {
- set everyxhours $::backup_schedule__everyxhours_value
- set interval [expr $everyxhours*3600]
- set minutes $::backup_schedule__everyxhours_min_select
- set cdate [clock format [clock seconds] -format "%Y-%m-%d:%H"]
- iapp::conf create sys icall handler periodic f5.automated_backup-handler \{ \
- interval $interval \
- first-occurrence $cdate:$minutes:00 \
- script f5.automated_backup \}
- }
- elseif { $freq eq "Every X Days" } {
- set everyxdays $::backup_schedule__everyxdays_value
- set interval [expr $everyxdays*86400]
- set hours [lindex [split $::backup_schedule__everyxdays_time ":"] 0]
- set minutes [lindex [split $::backup_schedule__everyxdays_time ":"] 1]
- set cdate [clock format [clock seconds] -format "%Y-%m-%d"]
- iapp::conf create sys icall handler periodic f5.automated_backup-handler \{ \
- interval $interval \
- first-occurrence $cdate:$hours:$minutes:00 \
- script f5.automated_backup \}
- }
- elseif { $freq eq "Every X Weeks" } {
- set everyxweeks $::backup_schedule__everyxweeks_value
- set interval [expr $everyxweeks*604800]
- set hours [lindex [split $::backup_schedule__everyxweeks_time ":"] 0]
- set minutes [lindex [split $::backup_schedule__everyxweeks_time ":"] 1]
- ## Get day of week info for setting first-occurence on weekly handler from iApp input
- array set dowmap {
- Sunday 0
- Monday 1
- Tuesday 2
- Wednesday 3
- Thursday 4
- Friday 5
- Saturday 6
- }
- set sday_name $::backup_schedule__everyxweeks_dow_select
- set sday_num $dowmap($sday_name)
- set cday_name [clock format [clock seconds] -format "%A"]
- set cday_num $dowmap($cday_name)
- set date_offset [expr 86400*($sday_num - $cday_num)]
- set date_final [clock format [expr [clock seconds] + $date_offset] -format "%Y-%m-%d"]
- iapp::conf create sys icall handler periodic f5.automated_backup-handler \{ \
- interval $interval \
- first-occurrence $date_final:$hours:$minutes:00 \
- script f5.automated_backup \}
- }
- elseif { $freq eq "Every X Months" } {
- set everyxmonths $::backup_schedule__everyxmonths_value
- set interval [expr 60*60*24*365]
- set dom $::backup_schedule__everyxmonths_dom_select
- set hours [lindex [split $::backup_schedule__everyxmonths_time ":"] 0]
- set minutes [lindex [split $::backup_schedule__everyxmonths_time ":"] 1]
- for { set month 1 } { $month < 13 } { set month [expr $month+$everyxmonths] } {
- set cdate [clock format [clock seconds] -format "%Y-$month-$dom"]
- iapp::conf create sys icall handler periodic f5.automated_backup-month_${month}-handler \{ \
- interval $interval \
- first-occurrence $cdate:$hours:$minutes:00 \
- script f5.automated_backup \}
- }
- }
- elseif { $freq eq "Custom" } {
- set hours [lindex [split $::backup_schedule__custom_time ":"] 0]
- set minutes [lindex [split $::backup_schedule__custom_time ":"] 1]
- ## Get day of week info for setting first-occurence on weekly handler from iApp input
- array set dowmap {
- Sunday 0
- Monday 1
- Tuesday 2
- Wednesday 3
- Thursday 4
- Friday 5
- Saturday 6
- }
- foreach sday_name $::backup_schedule__custom_dow_select {
- set sday_num $dowmap($sday_name)
- set cday_name [clock format [clock seconds] -format "%A"]
- set cday_num $dowmap($cday_name)
- set date_offset [expr 86400*($sday_num - $cday_num)]
- set date_final [clock format [expr [clock seconds] + $date_offset] -format "%Y-%m-%d"]
- iapp::conf create sys icall handler periodic f5.automated_backup-handler-$sday_name \{ \
- interval 604800 \
- first-occurrence $date_final:$hours:$minutes:00 \
- script f5.automated_backup \}
- }
- }
- ## Automatic Pruning handler
- if { $::destination_parameters__protocol_enable eq "on this F5" } {
- set autoprune $::destination_parameters__pruning_enable
- if { $autoprune eq "Yes" } {
- set prune_conserve $::destination_parameters__keep_amount
- set today [clock format [clock seconds] -format "%Y-%m-%d"]
- set script {
- # Get the hostname of the device we're running on
- set host [tmsh::get_field_value [lindex [tmsh::get_config sys global-settings] 0] hostname]
- # Set the script filename
- set scriptfile "/var/tmp/autopruning.sh"
- # Clean, recreate, run and reclean a custom bash script that will perform the pruning
- exec rm -f $scriptfile
- exec echo -e "files_tokeep=\$(ls -t /var/local/ucs/*.ucs | head -n CONSERVE\)\nfor current_ucs_file in `ls /var/local/ucs/*.ucs` ; do\n\tcurrent_ucs_file_basename=`basename \$current_ucs_file`\n\tcheck_file=\$(echo \$files_tokeep | grep -w \$current_ucs_file_basename)\n\tif \[ \"\$check_file\" == \"\" \] ; then\n\t\trm -f \$current_ucs_file\n\tfi\ndone" > $scriptfile
- exec chmod +x $scriptfile
- exec $scriptfile
- exec rm -f $scriptfile
- }
- set script [string map [list CONSERVE $prune_conserve] $script]
- iapp::conf create sys icall script f5.automated_backup_pruning definition \{ $script \} app-service none
- set cdate [clock format [clock seconds] -format "%Y-%m-%d:%H:%M"]
- iapp::conf create sys icall handler periodic f5.automated_backup_pruning-handler \{ \
- interval 60 \
- first-occurrence $cdate:00 \
- script f5.automated_backup_pruning \}
- }
- }
- iapp::template end
- }
- macro {
- }
- presentation {
- section backup_type {
- choice backup_type_select display "xxlarge" { "UCS (User Configuration Set)", "SCF (Single Configuration File)" }
- optional ( backup_type_select == "UCS (User Configuration Set)" ) {
- choice backup_passphrase_select display "small" { "Yes", "No" }
- optional ( backup_passphrase_select == "Yes" ) {
- password backup_passphrase display "large"
- }
- choice backup_includeprivatekeys display "small" { "Yes", "No" }
- }
- message backup_help_scf "Warning: Beware of choosing SCF file as not all configuration is included therein. Please check out SOL13408 (http://support.f5.com/kb/en-us/solutions/public/13000/400/sol13408.html) for more information."
- message backup_help_passphrase "Remark: When using the passphrase option for UCS archives, it is important to know that the F5 will create a PGP encoded file. It is *not* simply a tar.gz with a password on it."
- message backup_help_privatekeys "Warning: A UCS archive that does not contain the private keys CANNOT be used for restoring the device. It should be used for transfers to external services to whom you do not wish to disclose the private keys."
- }
- section backup_schedule {
- choice frequency_select display "large" { "Disable", "Every X Minutes", "Every X Hours", "Every X Days", "Every X Weeks", "Every X Months", "Custom" }
- optional ( frequency_select == "Every X Minutes" ) {
- editchoice everyxminutes_value display "small" { "1", "2", "5", "10", "15", "20", "30", "45", "60" }
- }
- optional ( frequency_select == "Every X Hours" ) {
- editchoice everyxhours_value display "small" { "1", "2", "3", "4", "6", "12", "24" }
- choice everyxhours_min_select display "small" tcl {
- for { set x 0 } { $x < 60 } { incr x } {
- append mins "$x\n"
- }
- return $mins
- }
- }
- optional ( frequency_select == "Every X Days" ) {
- editchoice everyxdays_value display "small" { "1", "2", "3", "4", "5", "7", "14" }
- string everyxdays_time display "medium"
- }
- optional ( frequency_select == "Every X Weeks" ) {
- editchoice everyxweeks_value display "small" { "1", "2", "3", "4", "5", "7", "14" }
- choice everyxweeks_dow_select display "medium" { "Monday", "Tuesday", "Wednesday", "Thursday", "Friday", "Saturday", "Sunday" }
- string everyxweeks_time display "small"
- }
- optional ( frequency_select == "Every X Months" ) {
- editchoice everyxmonths_value display "small" { "1", "2", "3", "6", "12" }
- choice everyxmonths_dom_select display "small" tcl {
- for { set x 1 } { $x < 31 } { incr x } {
- append days "$x\n"
- }
- return $days
- }
- string everyxmonths_time display "small"
- }
- optional ( frequency_select == "Custom" ) {
- multichoice custom_dow_select display "medium" { "Monday", "Tuesday", "Wednesday", "Thursday", "Friday", "Saturday", "Sunday" }
- string custom_time display "small"
- }
- }
- optional ( backup_schedule.frequency_select != "Disable" ) {
- section destination_parameters {
- choice protocol_enable display "large" { "on this F5", "remotely via SCP", "remotely via SFTP", "remotely via SMB", "remotely via FTP" }
- optional ( protocol_enable == "remotely via SCP") {
- string scp_remote_server display "medium" validator "IpAddress"
- string scp_remote_username display "medium"
- password scp_sshprivatekey display "large"
- message scp_encrypted_field_storage_help "Passwords and private keys are stored in an encrypted format. The salt for the encryption algorithm is the F5 cluster's Master Key. The master key is not shared when exporting a qkview or UCS, thus rendering your passwords and private keys safe if a backup file were to be stored off-box."
- string scp_remote_directory display "medium"
- }
- optional ( protocol_enable == "remotely via SFTP") {
- string sftp_remote_server display "medium" validator "IpAddress"
- string sftp_remote_username display "medium"
- password sftp_sshprivatekey display "large"
- message sftp_encrypted_field_storage_help "Passwords and private keys are stored in an encrypted format. The salt for the encryption algorithm is the F5 cluster's Master Key. The master key is not shared when exporting a qkview or UCS, thus rendering your passwords and private keys safe if a backup file were to be stored off-box."
- string sftp_remote_directory display "medium"
- }
- optional ( protocol_enable == "remotely via SMB") {
- string smb_remote_server display "medium" validator "IpAddress"
- string smb_remote_username display "medium"
- password smb_remote_password display "medium"
- message smb_encrypted_field_storage_help "Passwords and private keys are stored in an encrypted format. The salt for the encryption algorithm is the F5 cluster's Master Key. The master key is not shared when exporting a qkview or UCS, thus rendering your passwords and private keys safe if a backup file were to be stored off-box."
- string smb_remote_directory display "medium"
- }
- optional ( protocol_enable == "remotely via FTP") {
- string ftp_remote_server display "medium" validator "IpAddress"
- string ftp_remote_username display "medium"
- password ftp_remote_password display "medium"
- message ftp_encrypted_field_storage_help "Passwords and private keys are stored in an encrypted format. The salt for the encryption algorithm is the F5 cluster's Master Key. The master key is not shared when exporting a qkview or UCS, thus rendering your passwords and private keys safe if a backup file were to be stored off-box."
- string ftp_remote_directory display "medium"
- }
- editchoice filename_format display "xxlarge" tcl {
- set host [tmsh::get_field_value [lindex [tmsh::get_config sys global-settings] 0] hostname]
- set formats ""
- append formats {%Y%m%d%H%M%S_${host} => }
- append formats [clock format [clock seconds] -format "%Y%m%d%H%M%S_${host}"]
- append formats "\n"
- append formats {%Y%m%d_%H%M%S_${host} => }
- append formats [clock format [clock seconds] -format "%Y%m%d_%H%M%S_${host}"]
- append formats "\n"
- append formats {%Y%m%d_${host} => }
- append formats [clock format [clock seconds] -format "%Y%m%d_${host}"]
- append formats "\n"
- append formats {${host}_%Y%m%d%H%M%S => }
- append formats [clock format [clock seconds] -format "${host}_%Y%m%d%H%M%S"]
- append formats "\n"
- append formats {${host}_%Y%m%d_%H%M%S => }
- append formats [clock format [clock seconds] -format "${host}_%Y%m%d_%H%M%S"]
- append formats "\n"
- append formats {${host}_%Y%m%d => }
- append formats [clock format [clock seconds] -format "${host}_%Y%m%d"]
- append formats "\n"
- return $formats
- }
- message filename_format_help "You can select one, or create your own with all the [clock format] wildcards available in the tcl language, plus ${host} for the hostname. (http://www.tcl.tk/man/tcl8.6/TclCmd/clock.htm)"
- optional ( protocol_enable == "on this F5" ) {
- choice pruning_enable display "small" { "No", "Yes" }
- optional ( pruning_enable == "Yes" ) {
- editchoice keep_amount display "small" { "1", "2", "3", "4", "5", "6", "7", "8", "9", "10" }
- message pruning_help "Warning: if you decide to manually create a backupfile in the default directory, the automatic pruning will clean it if it doesn't match the 'newest X files' in that directory."
- }
- }
- }
- }
- text {
- backup_type "Backup Type"
- backup_type.backup_type_select "Select the type of backup:"
- backup_type.backup_passphrase_select "Use a passphrase to encrypt the UCS archive:"
- backup_type.backup_passphrase "What is the passphrase you want to use?"
- backup_type.backup_includeprivatekeys "Include the private keys in the archives?"
- backup_type.backup_help_scf ""
- backup_type.backup_help_passphrase ""
- backup_type.backup_help_privatekeys ""
- backup_schedule "Backup Schedule"
- backup_schedule.frequency_select "Frequency:"
- backup_schedule.everyxminutes_value "Where X equals:"
- backup_schedule.everyxhours_value "Where X equals:"
- backup_schedule.everyxhours_min_select "On what minute of each X hours should the backup occur?"
- backup_schedule.everyxdays_value "Where X equals:"
- backup_schedule.everyxdays_time "On what time of each X days should the backup occur? (Ex.: 15:25)"
- backup_schedule.everyxweeks_value "Where X equals:"
- backup_schedule.everyxweeks_time "On what time of the chosen day of each X weeks should the backup occur? (Ex.: 04:15)"
- backup_schedule.everyxweeks_dow_select "On what day of each X weeks should the backup should occur:"
- backup_schedule.everyxmonths_value "Where X equals:"
- backup_schedule.everyxmonths_time "On what time of the chosen day of each X months should the backup occur? (Ex.: 04:15)"
- backup_schedule.everyxmonths_dom_select "On what day of each X months should the backup should occur:"
- backup_schedule.custom_time "What time of each selected day should the backup occur? (Ex.: 08:00)"
- backup_schedule.custom_dow_select "Choose the days of the week the backup should occur:"
- destination_parameters "Destination Parameters"
- destination_parameters.protocol_enable "Where do the backup files need to be saved?"
- destination_parameters.scp_remote_server "Destination IP:"
- destination_parameters.scp_remote_username "Username:"
- destination_parameters.scp_sshprivatekey "Enter the SSH private key to be used for passwordless authentication:"
- destination_parameters.scp_encrypted_field_storage_help ""
- destination_parameters.scp_remote_directory "Set the remote directory the archive should be copied to:"
- destination_parameters.sftp_remote_server "Destination IP:"
- destination_parameters.sftp_remote_username "Username:"
- destination_parameters.sftp_sshprivatekey "Enter the SSH private key to be used for passwordless authentication:"
- destination_parameters.sftp_encrypted_field_storage_help ""
- destination_parameters.sftp_remote_directory "Set the remote directory the archive should be copied to:"
- destination_parameters.smb_remote_username "Username:"
- destination_parameters.smb_remote_password "Password:"
- destination_parameters.smb_encrypted_field_storage_help ""
- destination_parameters.smb_remote_server "Destination IP:"
- destination_parameters.smb_remote_directory "Name of the SMB Shared Folder:"
- destination_parameters.ftp_remote_username "Username:"
- destination_parameters.ftp_remote_password "Password:"
- destination_parameters.ftp_encrypted_field_storage_help ""
- destination_parameters.ftp_remote_server "Destination IP:"
- destination_parameters.ftp_remote_directory "Set the remote directory the archive should be copied to:"
- destination_parameters.filename_format "Select the filename format:"
- destination_parameters.filename_format_help ""
- destination_parameters.pruning_enable "Activate automatic pruning?"
- destination_parameters.pruning_help ""
- destination_parameters.keep_amount "Amount of files to keep at any given time:"
- }
- }
- role-acl { admin manager resource-admin }
- run-as none
- }
- }
- description none
- ignore-verification false
- requires-bigip-version-max none
- requires-bigip-version-min 11.4.0
- requires-modules { ltm }
- signing-key none
- tmpl-checksum none
- tmpl-signature none
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement