f5.automated_backup_v2.0

1. cli admin-partitions {
2.     update-partition Common
3. }
4. sys application template /Common/f5.automated_backup.v2.0 {
5.     actions {
6.         definition {
7.             html-help {
8.             }
9.             implementation {
10.                 package require iapp 1.0.0
11.                 iapp::template start
12.  
13.                 tmsh::cd ..
14.  
15.                 ## Backup type handler
16.                 set backup_type $::backup_type__backup_type_select
17.                 set create_backup_command_append_pass ""
18.                 set create_backup_command_append_keys ""
19.                 if { $backup_type eq "UCS (User Configuration Set)" } {
20.                     set create_backup_command "tmsh::save /sys ucs"
21.                     set backup_directory /var/local/ucs
22.                     # Backup passphrase usage
23.                     if { $::backup_type__backup_passphrase_select eq "Yes" } {
24.                         set backup_passphrase $::backup_type__backup_passphrase
25.                         set create_backup_command_append_pass "passphrase $backup_passphrase"
26.                     }
27.                     # Backup private key inclusion
28.                     if { $::backup_type__backup_includeprivatekeys eq "No" } {
29.                         set create_backup_command_append_keys "no-private-key"
30.                     }
31.                     set backup_file_name ""
32.                     set backup_file_name_extension ""
33.                     set backup_file_script_extension ".ucs"
34.                     set scfextensionfix ""
35.                 }
36.                 elseif { $backup_type eq "SCF (Single Configuration File)" } {
37.                     set create_backup_command "tmsh::save /sys config file"
38.                     set backup_directory /var/local/scf
39.                     set backup_file_name_extension ".scf"
40.                     set backup_file_script_extension ""
41.                 }
42.  
43.                 if { $::destination_parameters__protocol_enable eq "remotely via SCP" } {
44.                     # Set the config file
45.                     set configfile "/config/f5.automated_backup_scp.conf"
46.                     # Clean the configuration file for this protocol_enable
47.                     exec rm -f $configfile
48.                     # Get the F5 Master key
49.                     set f5masterkey [exec f5mku -K]
50.                     # Store the target server information securely, encrypted with the unit key
51.                     exec echo "$::destination_parameters__scp_remote_username" | openssl aes-256-ecb -salt -a -k ${f5masterkey} > $configfile
52.                     exec echo "$::destination_parameters__scp_remote_server" | openssl aes-256-ecb -salt -a -k ${f5masterkey} >> $configfile
53.                     exec echo "$::destination_parameters__scp_remote_directory" | openssl aes-256-ecb -salt -a -k ${f5masterkey} >> $configfile
54.                     # Clean the private key data before cleanup
55.                     set cleaned_privatekey [exec echo "$::destination_parameters__scp_sshprivatekey" | sed -e "s/BEGIN RSA PRIVATE KEY/BEGIN;RSA;PRIVATE;KEY/g" -e "s/END RSA PRIVATE KEY/END;RSA;PRIVATE;KEY/g" -e "s/ /\\\n/g" -e "s/;/ /g"]
56.                     # Encrypt the private key data before dumping to a file
57.                     set encrypted_privatekey [exec echo "$cleaned_privatekey" | openssl aes-256-ecb -salt -a -k ${f5masterkey}]
58.                     # Store the target server information securely, encrypted with the unit key
59.                     exec echo "$encrypted_privatekey" >> $configfile
60.                     # Create the iCall action
61.                     set script {
62.                         # Get the hostname of the device we're running on
63.                         set host [tmsh::get_field_value [lindex [tmsh::get_config sys global-settings] 0] hostname]
64.                         # Get the current date and time in a specific format
65.                         set cdate [clock format [clock seconds] -format "FORMAT"]
66.                         # Form the filename for the backup
67.                         set fname "${cdate}BACKUPFILENAMEXTENSION"
68.                         # Run the 'create backup' command
69.                         BACKUPCOMMAND $fname BACKUPAPPEND_PASS BACKUPAPPEND_KEYS
70.                         # Set the config file
71.                         set configfile "/config/f5.automated_backup_scp.conf"
72.                         # Set the script filename
73.                         set scriptfile "/var/tmp/scp.sh"
74.                         # Clean, recreate, run and reclean a custom bash script that will perform the SCP upload
75.                         exec rm -f $scriptfile
76.                         exec echo "yes"
77.                         exec echo -e "put()\n{\n\tfields=\"username server directory\"\n\ti=1\n\tf5masterkey=\$(f5mku -K)\n\tfor current_field in \$fields ; do\n\t\tsedcommand=\"\${i}p\"\n\t\tcurrent_encrypted_value=\$(sed -n \"\$sedcommand\" $configfile)\n\t\tcurrent_decrypted_value=\$(echo \"\$current_encrypted_value\" | openssl aes-256-ecb -salt -a -d -k \$f5masterkey)\n\t\teval \"\$current_field=\$current_decrypted_value\"\n\t\tlet i=\$i+1\n\t\tunset current_encrypted_value current_decrypted_value sedcommand\n\tdone\n\tsed -n '4,\$p' $configfile | openssl aes-256-ecb -salt -a -d -k \$f5masterkey > /var/tmp/scp.key\n\tchmod 600 /var/tmp/scp.key\n\tscp -i /var/tmp/scp.key BACKUPDIRECTORY/${fname}BACKUPFILESCRIPTEXTENSION \${username}@\${server}:\${directory}\n\trm -f /var/tmp/scp.key\n\treturn \$?\n}\n\nput" > $scriptfile
78.                         exec chmod +x $scriptfile
79.                         exec $scriptfile
80.                         exec rm -f $scriptfile
81.                         # Remove the backup file from the F5
82.                         exec rm -f BACKUPDIRECTORY/$fnameBACKUPFILESCRIPTEXTENSION
83.                     }
84.                     set script [string map [list FORMAT [lindex [split $::destination_parameters__filename_format " "] 0]] $script]
85.                     set script [string map [list BACKUPFILENAMEXTENSION $backup_file_name_extension BACKUPFILESCRIPTEXTENSION $backup_file_script_extension BACKUPDIRECTORY $backup_directory BACKUPCOMMAND $create_backup_command BACKUPAPPEND_PASS $create_backup_command_append_pass BACKUPAPPEND_KEYS $create_backup_command_append_keys] $script]
86.                 }
87.                 elseif { $::destination_parameters__protocol_enable eq "remotely via SFTP" } {
88.                     # Set the config file
89.                     set configfile "/config/f5.automated_backup_sftp.conf"
90.                     # Clean the configuration file for this protocol_enable
91.                     exec rm -f $configfile
92.                     # Get the F5 Master key
93.                     set f5masterkey [exec f5mku -K]
94.                     # Store the target server information securely, encrypted with the unit key
95.                     exec echo "$::destination_parameters__sftp_remote_username" | openssl aes-256-ecb -salt -a -k ${f5masterkey} > $configfile
96.                     exec echo "$::destination_parameters__sftp_remote_server" | openssl aes-256-ecb -salt -a -k ${f5masterkey} >> $configfile
97.                     exec echo "$::destination_parameters__sftp_remote_directory" | openssl aes-256-ecb -salt -a -k ${f5masterkey} >> $configfile
98.                     # Clean the private key data before cleanup
99.                     set cleaned_privatekey [exec echo "$::destination_parameters__sftp_sshprivatekey" | sed -e "s/BEGIN RSA PRIVATE KEY/BEGIN;RSA;PRIVATE;KEY/g" -e "s/END RSA PRIVATE KEY/END;RSA;PRIVATE;KEY/g" -e "s/ /\\\n/g" -e "s/;/ /g"]
100.                     # Encrypt the private key data before dumping to a file
101.                     set encrypted_privatekey [exec echo "$cleaned_privatekey" | openssl aes-256-ecb -salt -a -k ${f5masterkey}]
102.                     # Store the target server information securely, encrypted with the unit key
103.                     exec echo "$encrypted_privatekey" >> $configfile
104.                     # Create the iCall action
105.                     set script {
106.                         # Get the hostname of the device we're running on
107.                         set host [tmsh::get_field_value [lindex [tmsh::get_config sys global-settings] 0] hostname]
108.                         # Get the current date and time in a specific format
109.                         set cdate [clock format [clock seconds] -format "FORMAT"]
110.                         # Form the filename for the backup
111.                         set fname "${cdate}BACKUPFILENAMEXTENSION"
112.                         # Run the 'create backup' command
113.                         BACKUPCOMMAND $fname BACKUPAPPEND_PASS BACKUPAPPEND_KEYS
114.                         # Set the config file
115.                         set configfile "/config/f5.automated_backup_sftp.conf"
116.                         # Set the script filename
117.                         set scriptfile "/var/tmp/sftp.sh"
118.                         # Clean, recreate, run and reclean a custom bash script that will perform the SCP upload
119.                         exec rm -f $scriptfile
120.                         exec echo "yes"
121.                         exec echo -e "put()\n{\n\tfields=\"username server directory\"\n\ti=1\n\tf5masterkey=\$(f5mku -K)\n\tfor current_field in \$fields ; do\n\t\tsedcommand=\"\${i}p\"\n\t\tcurrent_encrypted_value=\$(sed -n \"\$sedcommand\" $configfile)\n\t\tcurrent_decrypted_value=\$(echo \"\$current_encrypted_value\" | openssl aes-256-ecb -salt -a -d -k \$f5masterkey)\n\t\teval \"\$current_field=\$current_decrypted_value\"\n\t\tlet i=\$i+1\n\t\tunset current_encrypted_value current_decrypted_value sedcommand\n\tdone\n\tsed -n '4,\$p' $configfile | openssl aes-256-ecb -salt -a -d -k \$f5masterkey > /var/tmp/scp.key\n\tchmod 600 /var/tmp/scp.key\n\tscp -i /var/tmp/scp.key BACKUPDIRECTORY/$fnameBACKUPFILESCRIPTEXTENSION \${username}@\${server}:\${directory}\n\trm -f /var/tmp/scp.key\n\treturn \$?\n}\n\nput" > $scriptfile
122.                         exec chmod +x $scriptfile
123.                         exec $scriptfile
124.                         exec rm -f $scriptfile
125.                         # Remove the backup file from the F5
126.                         exec rm -f BACKUPDIRECTORY/$fnameBACKUPFILESCRIPTEXTENSION
127.                     }
128.                     set script [string map [list FORMAT [lindex [split $::destination_parameters__filename_format " "] 0]] $script]
129.                     set script [string map [list BACKUPFILENAMEXTENSION $backup_file_name_extension BACKUPFILESCRIPTEXTENSION $backup_file_script_extension BACKUPDIRECTORY $backup_directory BACKUPCOMMAND $create_backup_command BACKUPAPPEND_PASS $create_backup_command_append_pass BACKUPAPPEND_KEYS $create_backup_command_append_keys] $script]
130.                 }
131.                 elseif { $::destination_parameters__protocol_enable eq "remotely via FTP" } {
132.                     # Set the config file
133.                     set configfile "/config/f5.automated_backup_ftp.conf"
134.                     # Clean the configuration file for this protocol_enable
135.                     exec rm -f $configfile
136.                     # Get the F5 Master key
137.                     set f5masterkey [exec f5mku -K]
138.                     # Store the target server information securely, encrypted with the unit key
139.                     exec echo "$::destination_parameters__ftp_remote_username" | openssl aes-256-ecb -salt -a -k ${f5masterkey} > $configfile
140.                     exec echo "$::destination_parameters__ftp_remote_password" | openssl aes-256-ecb -salt -a -k ${f5masterkey} >> $configfile
141.                     exec echo "$::destination_parameters__ftp_remote_server" | openssl aes-256-ecb -salt -a -k ${f5masterkey} >> $configfile
142.                     exec echo "$::destination_parameters__ftp_remote_directory" | openssl aes-256-ecb -salt -a -k ${f5masterkey} >> $configfile
143.                     # Create the iCall action
144.                     set script {
145.                         # Get the hostname of the device we're running on
146.                         set host [tmsh::get_field_value [lindex [tmsh::get_config sys global-settings] 0] hostname]
147.                         # Get the current date and time in a specific format
148.                         set cdate [clock format [clock seconds] -format "FORMAT"]
149.                         # Form the filename for the backup
150.                         set fname "${cdate}BACKUPFILENAMEXTENSION"
151.                         # Run the 'create backup' command
152.                         BACKUPCOMMAND $fname BACKUPAPPEND_PASS BACKUPAPPEND_KEYS
153.                         # Set the config file
154.                         set configfile "/config/f5.automated_backup_ftp.conf"
155.                         # Set the script filename
156.                         set scriptfile "/var/tmp/ftp.sh"
157.                         # Clean, recreate, run and reclean a custom bash script that will perform the FTP upload
158.                         exec rm -f $scriptfile
159.                         exec echo -e "put()\n{\n\tfields=\"username password server directory\"\n\ti=1\n\tf5masterkey=\$(f5mku -K)\n\tfor current_field in \$fields ; do\n\t\tsedcommand=\"\${i}p\"\n\t\tcurrent_encrypted_value=\$(sed -n \"\$sedcommand\" $configfile)\n\t\tcurrent_decrypted_value=\$(echo \"\$current_encrypted_value\" | openssl aes-256-ecb -salt -a -d -k \$f5masterkey)\n\t\teval \"\$current_field=\$current_decrypted_value\"\n\t\tlet i=\$i+1\n\t\tunset current_encrypted_value current_decrypted_value sedcommand\n\tdone\n\tftp -n \${server} << END_FTP\nquote USER \${username}\nquote PASS \${password}\nput BACKUPDIRECTORY/${fname}BACKUPFILESCRIPTEXTENSION \${directory}/${fname}BACKUPFILESCRIPTEXTENSION\nquit\nEND_FTP\n\treturn \$?\n}\n\nput" > $scriptfile
160.                         exec chmod +x $scriptfile
161.                         exec $scriptfile
162.                         exec rm -f $scriptfile
163.                         # Remove the backup file from the F5
164.                         exec rm -f BACKUPDIRECTORY/$fnameBACKUPFILESCRIPTEXTENSION
165.                     }
166.                     set script [string map [list FORMAT [lindex [split $::destination_parameters__filename_format " "] 0]] $script]
167.                     set script [string map [list BACKUPFILENAMEXTENSION $backup_file_name_extension BACKUPFILESCRIPTEXTENSION $backup_file_script_extension BACKUPDIRECTORY $backup_directory BACKUPCOMMAND $create_backup_command BACKUPAPPEND_PASS $create_backup_command_append_pass BACKUPAPPEND_KEYS $create_backup_command_append_keys] $script]
168.                 }
169.                 elseif { $::destination_parameters__protocol_enable eq "remotely via SMB" } {
170.                     # Set the config file
171.                     set configfile "/config/f5.automated_backup_smb.conf"
172.                     # Clean the configuration file for this protocol_enable
173.                     exec rm -f /config/f5.automated_backup_smb.conf
174.                     # Get the F5 Master key
175.                     set f5masterkey [exec f5mku -K]
176.                     # Store the target server information securely, encrypted with the unit key
177.                     exec echo "$::destination_parameters__smb_remote_username" | openssl aes-256-ecb -salt -a -k ${f5masterkey} > $configfile
178.                     exec echo "$::destination_parameters__smb_remote_password" | openssl aes-256-ecb -salt -a -k ${f5masterkey} >> $configfile
179.                     exec echo "$::destination_parameters__smb_remote_server" | openssl aes-256-ecb -salt -a -k ${f5masterkey} >> $configfile
180.                     exec echo "$::destination_parameters__smb_remote_directory" | openssl aes-256-ecb -salt -a -k ${f5masterkey} >> $configfile
181.                     # Create the iCall action
182.                     set script {
183.                         # Get the hostname of the device we're running on
184.                         set host [tmsh::get_field_value [lindex [tmsh::get_config sys global-settings] 0] hostname]
185.                         # Get the current date and time in a specific format
186.                         set cdate [clock format [clock seconds] -format "FORMAT"]
187.                         # Form the filename for the backup
188.                         set fname "${cdate}BACKUPFILENAMEXTENSION"
189.                         # Run the 'create backup' command
190.                         BACKUPCOMMAND $fname BACKUPAPPEND_PASS BACKUPAPPEND_KEYS
191.                         # Set the config file
192.                         set configfile "/config/f5.automated_backup_smb.conf"
193.                         # Set the script filename
194.                         set scriptfile "/var/tmp/smb.sh"
195.                         # Clean, recreate, run and reclean a custom bash script that will perform the SMB upload
196.                         exec rm -f $scriptfile
197.                         exec echo -e "put()\n{\n\tfields=\"username password server directory\"\n\ti=1\n\tf5masterkey=\$(f5mku -K)\n\tfor current_field in \$fields ; do\n\t\tsedcommand=\"\${i}p\"\n\t\tcurrent_encrypted_value=\$(sed -n \"\$sedcommand\" $configfile)\n\t\tcurrent_decrypted_value=\$(echo \"\$current_encrypted_value\" | openssl aes-256-ecb -salt -a -d -k \$f5masterkey)\n\t\teval \"\$current_field=\$current_decrypted_value\"\n\t\tlet i=\$i+1\n\t\tunset current_encrypted_value current_decrypted_value sedcommand\n\tdone\n\tcd BACKUPDIRECTORY\nsmbclient //\${server}/\${directory} -I \${server} -U \${username}%\${password} -c 'put $fnameBACKUPFILESCRIPTEXTENSION' &> /dev/null\nreturn 0\n}\n\nput" > $scriptfile
198.                         exec chmod +x $scriptfile
199.                         exec $scriptfile
200.                         exec rm -f $scriptfile
201.                         # Remove the backup file from the F5
202.                         exec rm -f BACKUPDIRECTORY/$fnameBACKUPFILESCRIPTEXTENSION
203.                     }
204.                     set script [string map [list FORMAT [lindex [split $::destination_parameters__filename_format " "] 0]] $script]
205.                     set script [string map [list BACKUPFILENAMEXTENSION $backup_file_name_extension BACKUPFILESCRIPTEXTENSION $backup_file_script_extension BACKUPDIRECTORY $backup_directory BACKUPCOMMAND $create_backup_command BACKUPAPPEND_PASS $create_backup_command_append_pass BACKUPAPPEND_KEYS $create_backup_command_append_keys] $script]
206.                 }
207.                 else {
208.                     set script {
209.                         # Get the hostname of the device we're running on
210.                         set host [tmsh::get_field_value [lindex [tmsh::get_config sys global-settings] 0] hostname]
211.                         # Get the current date and time in a specific format
212.                         set cdate [clock format [clock seconds] -format "FORMAT"]
213.                         # Form the filename for the backup
214.                         set fname "${cdate}BACKUPFILENAMEXTENSION"
215.                         # Run the 'create backup' command
216.                         BACKUPCOMMAND $fname BACKUPAPPEND_PASS BACKUPAPPEND_KEYS
217.                     }
218.                     set script [string map [list FORMAT [lindex [split $::destination_parameters__filename_format " "] 0]] $script]
219.                     set script [string map [list BACKUPFILENAMEXTENSION $backup_file_name_extension BACKUPFILESCRIPTEXTENSION $backup_file_script_extension BACKUPDIRECTORY $backup_directory BACKUPCOMMAND $create_backup_command BACKUPAPPEND_PASS $create_backup_command_append_pass BACKUPAPPEND_KEYS $create_backup_command_append_keys] $script]
220.                 }
221.  
222.                 iapp::conf create sys icall script f5.automated_backup definition \{ $script \} app-service none
223.  
224.                 ## Get time info for setting first-occurrence on daily handler from iApp input
225.                 set freq $::backup_schedule__frequency_select
226.  
227.                 #Create the handlers
228.                 if { $freq eq "Disable" } {
229.  
230.                 }
231.                 elseif { $freq eq "Every X Minutes" } {
232.                     set everyxminutes $::backup_schedule__everyxminutes_value
233.                     set interval [expr $everyxminutes*60]
234.                     set cdate [clock format [clock seconds] -format "%Y-%m-%d:%H:%M"]
235.                     iapp::conf create sys icall handler periodic f5.automated_backup-handler \{ \
236.                     interval $interval \
237.                     first-occurrence $cdate:00 \
238.                     script f5.automated_backup \}
239.                 }
240.                 elseif { $freq eq "Every X Hours" } {
241.                     set everyxhours $::backup_schedule__everyxhours_value
242.                     set interval [expr $everyxhours*3600]
243.                     set minutes $::backup_schedule__everyxhours_min_select
244.                     set cdate [clock format [clock seconds] -format "%Y-%m-%d:%H"]
245.                     iapp::conf create sys icall handler periodic f5.automated_backup-handler \{ \
246.                     interval $interval \
247.                     first-occurrence $cdate:$minutes:00 \
248.                     script f5.automated_backup \}
249.                 }
250.                 elseif { $freq eq "Every X Days" } {
251.                     set everyxdays $::backup_schedule__everyxdays_value
252.                     set interval [expr $everyxdays*86400]
253.                     set hours [lindex [split $::backup_schedule__everyxdays_time ":"] 0]
254.                     set minutes [lindex [split $::backup_schedule__everyxdays_time ":"] 1]
255.                     set cdate [clock format [clock seconds] -format "%Y-%m-%d"]
256.                     iapp::conf create sys icall handler periodic f5.automated_backup-handler \{ \
257.                     interval $interval \
258.                     first-occurrence $cdate:$hours:$minutes:00 \
259.                     script f5.automated_backup \}
260.                 }
261.                 elseif { $freq eq "Every X Weeks" } {
262.                     set everyxweeks $::backup_schedule__everyxweeks_value
263.                     set interval [expr $everyxweeks*604800]
264.                     set hours [lindex [split $::backup_schedule__everyxweeks_time ":"] 0]
265.                     set minutes [lindex [split $::backup_schedule__everyxweeks_time ":"] 1]
266.                     ## Get day of week info for setting first-occurence on weekly handler from iApp input
267.                     array set dowmap {
268.                         Sunday 0
269.                         Monday 1
270.                         Tuesday 2
271.                         Wednesday 3
272.                         Thursday 4
273.                         Friday 5
274.                         Saturday 6
275.                     }
276.                     set sday_name $::backup_schedule__everyxweeks_dow_select
277.                     set sday_num $dowmap($sday_name)
278.                     set cday_name [clock format [clock seconds] -format "%A"]
279.                     set cday_num $dowmap($cday_name)
280.                     set date_offset [expr 86400*($sday_num - $cday_num)]
281.                     set date_final [clock format [expr [clock seconds] + $date_offset] -format "%Y-%m-%d"]
282.                     iapp::conf create sys icall handler periodic f5.automated_backup-handler \{ \
283.                         interval $interval \
284.                         first-occurrence $date_final:$hours:$minutes:00 \
285.                         script f5.automated_backup \}
286.                 }
287.                 elseif { $freq eq "Every X Months" } {
288.                     set everyxmonths $::backup_schedule__everyxmonths_value
289.                     set interval [expr 60*60*24*365]
290.                     set dom $::backup_schedule__everyxmonths_dom_select
291.                     set hours [lindex [split $::backup_schedule__everyxmonths_time ":"] 0]
292.                     set minutes [lindex [split $::backup_schedule__everyxmonths_time ":"] 1]
293.                     for { set month 1 } { $month < 13 } { set month [expr $month+$everyxmonths] } {
294.                         set cdate [clock format [clock seconds] -format "%Y-$month-$dom"]
295.                         iapp::conf create sys icall handler periodic f5.automated_backup-month_${month}-handler \{ \
296.                         interval $interval \
297.                         first-occurrence $cdate:$hours:$minutes:00 \
298.                         script f5.automated_backup \}
299.                     }
300.                 }
301.                 elseif { $freq eq "Custom" } {
302.                     set hours [lindex [split $::backup_schedule__custom_time ":"] 0]
303.                     set minutes [lindex [split $::backup_schedule__custom_time ":"] 1]
304.                     ## Get day of week info for setting first-occurence on weekly handler from iApp input
305.                     array set dowmap {
306.                         Sunday 0
307.                         Monday 1
308.                         Tuesday 2
309.                         Wednesday 3
310.                         Thursday 4
311.                         Friday 5
312.                         Saturday 6
313.                     }
314.                     foreach sday_name $::backup_schedule__custom_dow_select {
315.                         set sday_num $dowmap($sday_name)
316.                         set cday_name [clock format [clock seconds] -format "%A"]
317.                         set cday_num $dowmap($cday_name)
318.                         set date_offset [expr 86400*($sday_num - $cday_num)]
319.                         set date_final [clock format [expr [clock seconds] + $date_offset] -format "%Y-%m-%d"]
320.                         iapp::conf create sys icall handler periodic f5.automated_backup-handler-$sday_name \{ \
321.                             interval 604800 \
322.                             first-occurrence $date_final:$hours:$minutes:00 \
323.                             script f5.automated_backup \}
324.                     }
325.                 }
326.  
327.                 ## Automatic Pruning handler
328.                 if { $::destination_parameters__protocol_enable eq "on this F5" } {
329.                     set autoprune $::destination_parameters__pruning_enable
330.                     if { $autoprune eq "Yes" } {
331.                         set prune_conserve $::destination_parameters__keep_amount
332.                         set today [clock format [clock seconds] -format "%Y-%m-%d"]
333.                         set script {
334.                             # Get the hostname of the device we're running on
335.                             set host [tmsh::get_field_value [lindex [tmsh::get_config sys global-settings] 0] hostname]
336.                             # Set the script filename
337.                             set scriptfile "/var/tmp/autopruning.sh"
338.                             # Clean, recreate, run and reclean a custom bash script that will perform the pruning
339.                             exec rm -f $scriptfile
340.                             exec echo -e "files_tokeep=\$(ls -t /var/local/ucs/*.ucs | head -n CONSERVE\)\nfor current_ucs_file in `ls /var/local/ucs/*.ucs` ; do\n\tcurrent_ucs_file_basename=`basename \$current_ucs_file`\n\tcheck_file=\$(echo \$files_tokeep | grep -w \$current_ucs_file_basename)\n\tif \[ \"\$check_file\" == \"\" \] ; then\n\t\trm -f \$current_ucs_file\n\tfi\ndone" > $scriptfile
341.                             exec chmod +x $scriptfile
342.                             exec $scriptfile
343.                             exec rm -f $scriptfile
344.                         }
345.                         set script [string map [list CONSERVE $prune_conserve] $script]
346.                         iapp::conf create sys icall script f5.automated_backup_pruning definition \{ $script \} app-service none
347.                         set cdate [clock format [clock seconds] -format "%Y-%m-%d:%H:%M"]
348.                         iapp::conf create sys icall handler periodic f5.automated_backup_pruning-handler \{ \
349.                         interval 60 \
350.                         first-occurrence $cdate:00 \
351.                         script f5.automated_backup_pruning \}
352.                     }
353.                 }
354.                 iapp::template end
355.             }
356.  
357.             macro {
358.             }
359.  
360.             presentation {
361.                 section backup_type {
362.                     choice backup_type_select display "xxlarge" { "UCS (User Configuration Set)", "SCF (Single Configuration File)" }
363.                     optional ( backup_type_select == "UCS (User Configuration Set)" ) {
364.                         choice backup_passphrase_select display "small" { "Yes", "No" }
365.                         optional ( backup_passphrase_select == "Yes" ) {
366.                             password backup_passphrase display "large"
367.                         }
368.                         choice backup_includeprivatekeys display "small" { "Yes", "No" }
369.                     }
370.                     message backup_help_scf "Warning: Beware of choosing SCF file as not all configuration is included therein. Please check out SOL13408 (http://support.f5.com/kb/en-us/solutions/public/13000/400/sol13408.html) for more information."
371.                     message backup_help_passphrase "Remark: When using the passphrase option for UCS archives, it is important to know that the F5 will create a PGP encoded file. It is *not* simply a tar.gz with a password on it."
372.                     message backup_help_privatekeys "Warning: A UCS archive that does not contain the private keys CANNOT be used for restoring the device. It should be used for transfers to external services to whom you do not wish to disclose the private keys."
373.                 }
374.                 section backup_schedule {
375.                     choice frequency_select display "large" { "Disable", "Every X Minutes", "Every X Hours", "Every X Days", "Every X Weeks", "Every X Months", "Custom" }
376.                     optional ( frequency_select == "Every X Minutes" ) {
377.                         editchoice everyxminutes_value display "small" { "1", "2", "5", "10", "15", "20", "30", "45", "60" }
378.                     }
379.                     optional ( frequency_select == "Every X Hours" ) {
380.                         editchoice everyxhours_value display "small" { "1", "2", "3", "4", "6", "12", "24" }
381.                         choice everyxhours_min_select display "small" tcl {
382.                             for { set x 0 } { $x < 60 } { incr x } {
383.                                 append mins "$x\n"
384.                             }
385.                             return $mins
386.                         }
387.                     }
388.                     optional ( frequency_select == "Every X Days" ) {
389.                         editchoice everyxdays_value display "small" { "1", "2", "3", "4", "5", "7", "14" }
390.                         string everyxdays_time display "medium"
391.                     }
392.                     optional ( frequency_select == "Every X Weeks" ) {
393.                         editchoice everyxweeks_value display "small" { "1", "2", "3", "4", "5", "7", "14" }
394.                         choice everyxweeks_dow_select display "medium" { "Monday", "Tuesday", "Wednesday", "Thursday", "Friday", "Saturday", "Sunday" }
395.                         string everyxweeks_time display "small"
396.                     }
397.                     optional ( frequency_select == "Every X Months" ) {
398.                         editchoice everyxmonths_value display "small" { "1", "2", "3", "6", "12" }
399.                         choice everyxmonths_dom_select display "small" tcl {
400.                             for { set x 1 } { $x < 31 } { incr x } {
401.                                 append days "$x\n"
402.                             }
403.                             return $days
404.                         }
405.                         string everyxmonths_time display "small"
406.                     }
407.                     optional ( frequency_select == "Custom" ) {
408.                         multichoice custom_dow_select display "medium" { "Monday", "Tuesday", "Wednesday", "Thursday", "Friday", "Saturday", "Sunday" }
409.                         string custom_time display "small"
410.                     }
411.                 }
412.                 optional ( backup_schedule.frequency_select != "Disable" ) {
413.                     section destination_parameters {
414.                         choice protocol_enable display "large" { "on this F5", "remotely via SCP", "remotely via SFTP", "remotely via SMB", "remotely via FTP" }
415.                         optional ( protocol_enable == "remotely via SCP") {
416.                             string scp_remote_server display "medium" validator "IpAddress"
417.                             string scp_remote_username display "medium"
418.                             password scp_sshprivatekey display "large"
419.                             message scp_encrypted_field_storage_help "Passwords and private keys are stored in an encrypted format. The salt for the encryption algorithm is the F5 cluster's Master Key. The master key is not shared when exporting a qkview or UCS, thus rendering your passwords and private keys safe if a backup file were to be stored off-box."
420.                             string scp_remote_directory display "medium"
421.                         }
422.                         optional ( protocol_enable == "remotely via SFTP") {
423.                             string sftp_remote_server display "medium" validator "IpAddress"
424.                             string sftp_remote_username display "medium"
425.                             password sftp_sshprivatekey display "large"
426.                             message sftp_encrypted_field_storage_help "Passwords and private keys are stored in an encrypted format. The salt for the encryption algorithm is the F5 cluster's Master Key. The master key is not shared when exporting a qkview or UCS, thus rendering your passwords and private keys safe if a backup file were to be stored off-box."
427.                             string sftp_remote_directory display "medium"
428.                         }
429.                         optional ( protocol_enable == "remotely via SMB") {
430.                             string smb_remote_server display "medium" validator "IpAddress"
431.                             string smb_remote_username display "medium"
432.                             password smb_remote_password display "medium"
433.                             message smb_encrypted_field_storage_help "Passwords and private keys are stored in an encrypted format. The salt for the encryption algorithm is the F5 cluster's Master Key. The master key is not shared when exporting a qkview or UCS, thus rendering your passwords and private keys safe if a backup file were to be stored off-box."
434.                             string smb_remote_directory display "medium"
435.                         }
436.                         optional ( protocol_enable == "remotely via FTP") {
437.                             string ftp_remote_server display "medium" validator "IpAddress"
438.                             string ftp_remote_username display "medium"
439.                             password ftp_remote_password display "medium"
440.                             message ftp_encrypted_field_storage_help "Passwords and private keys are stored in an encrypted format. The salt for the encryption algorithm is the F5 cluster's Master Key. The master key is not shared when exporting a qkview or UCS, thus rendering your passwords and private keys safe if a backup file were to be stored off-box."
441.                             string ftp_remote_directory display "medium"
442.                         }
443.                         editchoice filename_format display "xxlarge" tcl {
444.                             set host [tmsh::get_field_value [lindex [tmsh::get_config sys global-settings] 0] hostname]
445.                             set formats ""
446.                             append formats {%Y%m%d%H%M%S_${host} => }
447.                             append formats [clock format [clock seconds] -format "%Y%m%d%H%M%S_${host}"]
448.                             append formats "\n"
449.                             append formats {%Y%m%d_%H%M%S_${host} => }
450.                             append formats [clock format [clock seconds] -format "%Y%m%d_%H%M%S_${host}"]
451.                             append formats "\n"
452.                             append formats {%Y%m%d_${host} => }
453.                             append formats [clock format [clock seconds] -format "%Y%m%d_${host}"]
454.                             append formats "\n"
455.                             append formats {${host}_%Y%m%d%H%M%S => }
456.                             append formats [clock format [clock seconds] -format "${host}_%Y%m%d%H%M%S"]
457.                             append formats "\n"
458.                             append formats {${host}_%Y%m%d_%H%M%S => }
459.                             append formats [clock format [clock seconds] -format "${host}_%Y%m%d_%H%M%S"]
460.                             append formats "\n"
461.                             append formats {${host}_%Y%m%d => }
462.                             append formats [clock format [clock seconds] -format "${host}_%Y%m%d"]
463.                             append formats "\n"
464.                             return $formats
465.                         }
466.                         message filename_format_help "You can select one, or create your own with all the [clock format] wildcards available in the tcl language, plus ${host} for the hostname. (http://www.tcl.tk/man/tcl8.6/TclCmd/clock.htm)"
467.                         optional ( protocol_enable == "on this F5" ) {
468.                             choice pruning_enable display "small" { "No", "Yes" }
469.                             optional ( pruning_enable == "Yes" ) {
470.                                 editchoice keep_amount display "small" { "1", "2", "3", "4", "5", "6", "7", "8", "9", "10" }
471.                                 message pruning_help "Warning: if you decide to manually create a backupfile in the default directory, the automatic pruning will clean it if it doesn't match the 'newest X files' in that directory."
472.                             }
473.                         }
474.                     }
475.                 }
476.                 text {
477.                     backup_type "Backup Type"
478.                     backup_type.backup_type_select "Select the type of backup:"
479.                     backup_type.backup_passphrase_select "Use a passphrase to encrypt the UCS archive:"
480.                     backup_type.backup_passphrase "What is the passphrase you want to use?"
481.                     backup_type.backup_includeprivatekeys "Include the private keys in the archives?"
482.                     backup_type.backup_help_scf ""
483.                     backup_type.backup_help_passphrase ""
484.                     backup_type.backup_help_privatekeys ""
485.                     backup_schedule "Backup Schedule"
486.                     backup_schedule.frequency_select "Frequency:"
487.                     backup_schedule.everyxminutes_value "Where X equals:"
488.                     backup_schedule.everyxhours_value "Where X equals:"
489.                     backup_schedule.everyxhours_min_select "On what minute of each X hours should the backup occur?"
490.                     backup_schedule.everyxdays_value "Where X equals:"
491.                     backup_schedule.everyxdays_time "On what time of each X days should the backup occur? (Ex.: 15:25)"
492.                     backup_schedule.everyxweeks_value "Where X equals:"
493.                     backup_schedule.everyxweeks_time "On what time of the chosen day of each X weeks should the backup occur? (Ex.: 04:15)"
494.                     backup_schedule.everyxweeks_dow_select "On what day of each X weeks should the backup should occur:"
495.                     backup_schedule.everyxmonths_value "Where X equals:"
496.                     backup_schedule.everyxmonths_time "On what time of the chosen day of each X months should the backup occur? (Ex.: 04:15)"
497.                     backup_schedule.everyxmonths_dom_select "On what day of each X months should the backup should occur:"
498.                     backup_schedule.custom_time "What time of each selected day should the backup occur? (Ex.: 08:00)"
499.                     backup_schedule.custom_dow_select "Choose the days of the week the backup should occur:"
500.                     destination_parameters "Destination Parameters"
501.                     destination_parameters.protocol_enable "Where do the backup files need to be saved?"
502.                     destination_parameters.scp_remote_server "Destination IP:"
503.                     destination_parameters.scp_remote_username "Username:"
504.                     destination_parameters.scp_sshprivatekey "Enter the SSH private key to be used for passwordless authentication:"
505.                     destination_parameters.scp_encrypted_field_storage_help ""
506.                     destination_parameters.scp_remote_directory "Set the remote directory the archive should be copied to:"
507.                     destination_parameters.sftp_remote_server "Destination IP:"
508.                     destination_parameters.sftp_remote_username "Username:"
509.                     destination_parameters.sftp_sshprivatekey "Enter the SSH private key to be used for passwordless authentication:"
510.                     destination_parameters.sftp_encrypted_field_storage_help ""
511.                     destination_parameters.sftp_remote_directory "Set the remote directory the archive should be copied to:"
512.                     destination_parameters.smb_remote_username "Username:"
513.                     destination_parameters.smb_remote_password "Password:"
514.                     destination_parameters.smb_encrypted_field_storage_help ""
515.                     destination_parameters.smb_remote_server "Destination IP:"
516.                     destination_parameters.smb_remote_directory "Name of the SMB Shared Folder:"
517.                     destination_parameters.ftp_remote_username "Username:"
518.                     destination_parameters.ftp_remote_password "Password:"
519.                     destination_parameters.ftp_encrypted_field_storage_help ""
520.                     destination_parameters.ftp_remote_server "Destination IP:"
521.                     destination_parameters.ftp_remote_directory "Set the remote directory the archive should be copied to:"
522.                     destination_parameters.filename_format "Select the filename format:"
523.                     destination_parameters.filename_format_help ""
524.                     destination_parameters.pruning_enable "Activate automatic pruning?"
525.                     destination_parameters.pruning_help ""
526.                     destination_parameters.keep_amount "Amount of files to keep at any given time:"
527.                 }
528.             }
529.             role-acl { admin manager resource-admin }
530.             run-as none
531.         }
532.     }
533.     description none
534.     ignore-verification false
535.     requires-bigip-version-max none
536.     requires-bigip-version-min 11.4.0
537.     requires-modules { ltm }
538.     signing-key none
539.     tmpl-checksum none
540.     tmpl-signature none
541. }