F5 Setup PSC HA 6.0

1. create script psc-ha-60.tcl {
2. proc script::run {} {
3. if { $tmsh::argc < 7 } {
4. puts "Requires 6 arguments: <node 1 IP> <node 2 IP> <VIP> <F5 Self IP/mask> <LB Cert Path> <LB Key Path>\n\
5. For example: run cli script psc-ha-60.tcl 192.168.2.101 192.168.2.102 192.168.2.99 192.168.2.98/24 /tmp/lb.crt /tmp/lb.key"
6. exit
7. } else {
8. set node1ip [lindex $tmsh::argv 1]
9. set node2ip [lindex $tmsh::argv 2]
10. set vip [lindex $tmsh::argv 3]
11. set self [lindex $tmsh::argv 4]
12. set certpath [lindex $tmsh::argv 5]
13. set keypath [lindex $tmsh::argv 6]
14. }
15.  
16. puts "Creating VLAN psc-ha-vlan"
17. tmsh::create net vlan psc-ha-vlan interfaces add \{ 1.1 \{ untagged \} \}
18.  
19. puts "Disabling interfaces 1.2 and 1.3"
20. tmsh::modify net interface 1.2 disabled
21. tmsh::modify net interface 1.3 disabled
22.  
23. puts "Creating Self IP psc-ha-self $self "
24. tmsh::create net self psc-ha-self address $self vlan psc-ha-vlan allow-service default traffic-group /Common/traffic-group-local-only
25.  
26. puts "Uploading Certificate $certpath"
27. tmsh::create sys file ssl-cert psc-ha-lb-cert source-path file:$certpath
28. puts "Uploading Private Key $keypath"
29. tmsh::create sys file ssl-key psc-ha-lb-key source-path file:$keypath
30.  
31. puts "Creating SSL Client and Server Profiles"
32. tmsh::create ltm profile client-ssl psc-ha-client-ssl cert psc-ha-lb-cert key psc-ha-lb-key
33. tmsh::create ltm profile server-ssl psc-ha-server-ssl cert psc-ha-lb-cert key psc-ha-lb-key
34.  
35. puts "Creating Persistance Profile"
36. tmsh::create ltm persistence source-addr psc-ha-persistence defaults-from source_addr match-across-services enabled timeout 28800
37.  
38. puts "Creating PSC Nodes $node1ip and $node2ip"
39. tmsh::create ltm node psc-ha-node1 address $node1ip monitor icmp
40. tmsh::create ltm node psc-ha-node2 address $node2ip monitor icmp
41.  
42. puts "Creating Pools for ports 443, 389, 636, 2012, 2014, 2020"
43. tmsh::create ltm pool pool-443 members add "{ psc-ha-node1:443 psc-ha-node2:443 }" monitor tcp
44. tmsh::create ltm pool pool-389 members add "{ psc-ha-node1:389 psc-ha-node2:389 }" monitor tcp
45. tmsh::create ltm pool pool-636 members add "{ psc-ha-node1:636 psc-ha-node2:636 }" monitor tcp
46. tmsh::create ltm pool pool-2012 members add "{ psc-ha-node1:2012 psc-ha-node2:2012 }" monitor tcp
47. tmsh::create ltm pool pool-2014 members add "{ psc-ha-node1:2014 psc-ha-node2:2014 }" monitor tcp
48. tmsh::create ltm pool pool-2020 members add "{ psc-ha-node1:2020 psc-ha-node2:2020 }" monitor tcp
49.  
50. puts "Creating VIPs for ports 443, 389, 636, 2012, 2014, 2020"
51. tmsh::create ltm virtual vip-443 \{ destination $vip:443 ip-protocol tcp snat automap pool pool-443 persist replace-all-with \{ psc-ha-persistence \} profiles add \{ psc-ha-client-ssl \{ context clientside \} psc-ha-server-ssl \{ context serverside \} \} \}
52. tmsh::create ltm virtual vip-389 \{ destination $vip:389 ip-protocol tcp snat automap pool pool-389 persist replace-all-with \{psc-ha-persistence \} \}
53. tmsh::create ltm virtual vip-636 \{ destination $vip:636 ip-protocol tcp snat automap pool pool-636 persist replace-all-with \{psc-ha-persistence \} \}
54. tmsh::create ltm virtual vip-2012 \{ destination $vip:2012 ip-protocol tcp snat automap pool pool-2012 persist replace-all-with \{psc-ha-persistence \} \}
55. tmsh::create ltm virtual vip-2014 \{ destination $vip:2014 ip-protocol tcp snat automap pool pool-2014 persist replace-all-with \{psc-ha-persistence \} \}
56. tmsh::create ltm virtual vip-2020 \{ destination $vip:2020 ip-protocol tcp snat automap pool pool-2020 persist replace-all-with \{psc-ha-persistence \} \}
57.  
58. puts "Completed Setup"
59. }
60. }