Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- create script psc-ha-60.tcl {
- proc script::run {} {
- if { $tmsh::argc < 7 } {
- puts "Requires 6 arguments: <node 1 IP> <node 2 IP> <VIP> <F5 Self IP/mask> <LB Cert Path> <LB Key Path>\n\
- For example: run cli script psc-ha-60.tcl 192.168.2.101 192.168.2.102 192.168.2.99 192.168.2.98/24 /tmp/lb.crt /tmp/lb.key"
- exit
- } else {
- set node1ip [lindex $tmsh::argv 1]
- set node2ip [lindex $tmsh::argv 2]
- set vip [lindex $tmsh::argv 3]
- set self [lindex $tmsh::argv 4]
- set certpath [lindex $tmsh::argv 5]
- set keypath [lindex $tmsh::argv 6]
- }
- puts "Creating VLAN psc-ha-vlan"
- tmsh::create net vlan psc-ha-vlan interfaces add \{ 1.1 \{ untagged \} \}
- puts "Disabling interfaces 1.2 and 1.3"
- tmsh::modify net interface 1.2 disabled
- tmsh::modify net interface 1.3 disabled
- puts "Creating Self IP psc-ha-self $self "
- tmsh::create net self psc-ha-self address $self vlan psc-ha-vlan allow-service default traffic-group /Common/traffic-group-local-only
- puts "Uploading Certificate $certpath"
- tmsh::create sys file ssl-cert psc-ha-lb-cert source-path file:$certpath
- puts "Uploading Private Key $keypath"
- tmsh::create sys file ssl-key psc-ha-lb-key source-path file:$keypath
- puts "Creating SSL Client and Server Profiles"
- tmsh::create ltm profile client-ssl psc-ha-client-ssl cert psc-ha-lb-cert key psc-ha-lb-key
- tmsh::create ltm profile server-ssl psc-ha-server-ssl cert psc-ha-lb-cert key psc-ha-lb-key
- puts "Creating Persistance Profile"
- tmsh::create ltm persistence source-addr psc-ha-persistence defaults-from source_addr match-across-services enabled timeout 28800
- puts "Creating PSC Nodes $node1ip and $node2ip"
- tmsh::create ltm node psc-ha-node1 address $node1ip monitor icmp
- tmsh::create ltm node psc-ha-node2 address $node2ip monitor icmp
- puts "Creating Pools for ports 443, 389, 636, 2012, 2014, 2020"
- tmsh::create ltm pool pool-443 members add "{ psc-ha-node1:443 psc-ha-node2:443 }" monitor tcp
- tmsh::create ltm pool pool-389 members add "{ psc-ha-node1:389 psc-ha-node2:389 }" monitor tcp
- tmsh::create ltm pool pool-636 members add "{ psc-ha-node1:636 psc-ha-node2:636 }" monitor tcp
- tmsh::create ltm pool pool-2012 members add "{ psc-ha-node1:2012 psc-ha-node2:2012 }" monitor tcp
- tmsh::create ltm pool pool-2014 members add "{ psc-ha-node1:2014 psc-ha-node2:2014 }" monitor tcp
- tmsh::create ltm pool pool-2020 members add "{ psc-ha-node1:2020 psc-ha-node2:2020 }" monitor tcp
- puts "Creating VIPs for ports 443, 389, 636, 2012, 2014, 2020"
- tmsh::create ltm virtual vip-443 \{ destination $vip:443 ip-protocol tcp snat automap pool pool-443 persist replace-all-with \{ psc-ha-persistence \} profiles add \{ psc-ha-client-ssl \{ context clientside \} psc-ha-server-ssl \{ context serverside \} \} \}
- tmsh::create ltm virtual vip-389 \{ destination $vip:389 ip-protocol tcp snat automap pool pool-389 persist replace-all-with \{psc-ha-persistence \} \}
- tmsh::create ltm virtual vip-636 \{ destination $vip:636 ip-protocol tcp snat automap pool pool-636 persist replace-all-with \{psc-ha-persistence \} \}
- tmsh::create ltm virtual vip-2012 \{ destination $vip:2012 ip-protocol tcp snat automap pool pool-2012 persist replace-all-with \{psc-ha-persistence \} \}
- tmsh::create ltm virtual vip-2014 \{ destination $vip:2014 ip-protocol tcp snat automap pool pool-2014 persist replace-all-with \{psc-ha-persistence \} \}
- tmsh::create ltm virtual vip-2020 \{ destination $vip:2020 ip-protocol tcp snat automap pool pool-2020 persist replace-all-with \{psc-ha-persistence \} \}
- puts "Completed Setup"
- }
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement