Guest User

F5 Setup PSC HA 6.0

a guest
Sep 12th, 2016
174
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. create script psc-ha-60.tcl {
  2. proc script::run {} {
  3. if { $tmsh::argc < 7 } {
  4. puts "Requires 6 arguments: <node 1 IP> <node 2 IP> <VIP> <F5 Self IP/mask> <LB Cert Path> <LB Key Path>\n\
  5. For example: run cli script psc-ha-60.tcl 192.168.2.101 192.168.2.102 192.168.2.99 192.168.2.98/24 /tmp/lb.crt /tmp/lb.key"
  6. exit
  7. } else {
  8. set node1ip [lindex $tmsh::argv 1]
  9. set node2ip [lindex $tmsh::argv 2]
  10. set vip [lindex $tmsh::argv 3]
  11. set self [lindex $tmsh::argv 4]
  12. set certpath [lindex $tmsh::argv 5]
  13. set keypath [lindex $tmsh::argv 6]
  14. }
  15.  
  16. puts "Creating VLAN psc-ha-vlan"
  17. tmsh::create net vlan psc-ha-vlan interfaces add \{ 1.1 \{ untagged \} \}
  18.  
  19. puts "Disabling interfaces 1.2 and 1.3"
  20. tmsh::modify net interface 1.2 disabled
  21. tmsh::modify net interface 1.3 disabled
  22.  
  23. puts "Creating Self IP psc-ha-self $self "
  24. tmsh::create net self psc-ha-self address $self vlan psc-ha-vlan allow-service default traffic-group /Common/traffic-group-local-only
  25.  
  26. puts "Uploading Certificate $certpath"
  27. tmsh::create sys file ssl-cert psc-ha-lb-cert source-path file:$certpath
  28. puts "Uploading Private Key $keypath"
  29. tmsh::create sys file ssl-key psc-ha-lb-key source-path file:$keypath
  30.  
  31. puts "Creating SSL Client and Server Profiles"
  32. tmsh::create ltm profile client-ssl psc-ha-client-ssl cert psc-ha-lb-cert key psc-ha-lb-key
  33. tmsh::create ltm profile server-ssl psc-ha-server-ssl cert psc-ha-lb-cert key psc-ha-lb-key
  34.  
  35. puts "Creating Persistance Profile"
  36. tmsh::create ltm persistence source-addr psc-ha-persistence defaults-from source_addr match-across-services enabled timeout 28800
  37.  
  38. puts "Creating PSC Nodes $node1ip and $node2ip"
  39. tmsh::create ltm node psc-ha-node1 address $node1ip monitor icmp
  40. tmsh::create ltm node psc-ha-node2 address $node2ip monitor icmp
  41.  
  42. puts "Creating Pools for ports 443, 389, 636, 2012, 2014, 2020"
  43. tmsh::create ltm pool pool-443 members add "{ psc-ha-node1:443 psc-ha-node2:443 }" monitor tcp
  44. tmsh::create ltm pool pool-389 members add "{ psc-ha-node1:389 psc-ha-node2:389 }" monitor tcp
  45. tmsh::create ltm pool pool-636 members add "{ psc-ha-node1:636 psc-ha-node2:636 }" monitor tcp
  46. tmsh::create ltm pool pool-2012 members add "{ psc-ha-node1:2012 psc-ha-node2:2012 }" monitor tcp
  47. tmsh::create ltm pool pool-2014 members add "{ psc-ha-node1:2014 psc-ha-node2:2014 }" monitor tcp
  48. tmsh::create ltm pool pool-2020 members add "{ psc-ha-node1:2020 psc-ha-node2:2020 }" monitor tcp
  49.  
  50. puts "Creating VIPs for ports 443, 389, 636, 2012, 2014, 2020"
  51. tmsh::create ltm virtual vip-443 \{ destination $vip:443 ip-protocol tcp snat automap pool pool-443 persist replace-all-with \{ psc-ha-persistence \} profiles add \{ psc-ha-client-ssl \{ context clientside \} psc-ha-server-ssl \{ context serverside \} \} \}
  52. tmsh::create ltm virtual vip-389 \{ destination $vip:389 ip-protocol tcp snat automap pool pool-389 persist replace-all-with \{psc-ha-persistence \} \}
  53. tmsh::create ltm virtual vip-636 \{ destination $vip:636 ip-protocol tcp snat automap pool pool-636 persist replace-all-with \{psc-ha-persistence \} \}
  54. tmsh::create ltm virtual vip-2012 \{ destination $vip:2012 ip-protocol tcp snat automap pool pool-2012 persist replace-all-with \{psc-ha-persistence \} \}
  55. tmsh::create ltm virtual vip-2014 \{ destination $vip:2014 ip-protocol tcp snat automap pool pool-2014 persist replace-all-with \{psc-ha-persistence \} \}
  56. tmsh::create ltm virtual vip-2020 \{ destination $vip:2020 ip-protocol tcp snat automap pool pool-2020 persist replace-all-with \{psc-ha-persistence \} \}
  57.  
  58. puts "Completed Setup"
  59. }
  60. }
RAW Paste Data