guru

When migrating you want to make sure you don't miss anything so here are a few commands that I run to help me make sure what was on the old is on the new. CONFIGURATION PHASE Virtual Servers First objective is to check to make sure all the Virtual Servers are present. If you aren't changing IP addresses then all I grab is the destination field since in many cases the name and/or partition may change. For example we are moving to deploying all our Virtual Servers using JSON format and the Partition is now the IP address so all pools, profiles etc that are specific to that virtual server would be found under that partition/ip address. Anyhow, so how do you get all the destination IPs from all partitions? Just run this command: tmsh -q -c 'cd / ; show ltm virtual recursive' | grep -i "destination " > /var/tmp/vs-destination-old_$HOSTNAME"."$(date +%Y%m%d).txt Why do I use show versus list? List command will show the destination IP with the port in the common name like 443 would be listed as https but on the show command its always the port number no matter how it was configured which is consistent which also makes it easier to do compares. Certificates and Keys AWAF Policies DEPLOYMENT PHASE - BEFORE MIGRATION DEPLOYMENT PHASE - AFTER MIGRATION VALIDATION PHASE

Here is a very helpful script that can be used to export Virtual Server Profile Certificate Ciphers I personally create a file called: show-vs-cpfl-cert-ciphers.sh Then I make it executable: chmod 755 show-vs-cpfl-cert-ciphers.sh Now copy the code below and paste it in the new file #!/bin/bash # Search /config and sub directories (partitions) for bigip.conf files LIST=`find /config -name bigip.conf | xargs awk '$2 == "virtual" {print $3}' 2> /dev/null | sort -u` echo "Virtual: Profile: Certificate: Ciphers:" echo "__________________________________________________________" for VAL in ${LIST} do PROF=`tmsh show /ltm virtual ${VAL} profiles 2> /dev/null | grep -B 1 " Ltm::ClientSSL Profile:" | cut -d: -f4 | grep -i "[a-z]" | sed s'/ //'g| sort -u` test -n "${PROF}" 2>&- && { VIRTS=`expr $VIRTS + 1` for PCRT in ${PROF} do CERT=`tmsh list /ltm profile client-ssl ${PCRT} | awk '$1 == "cert" {print $2}' 2> /dev/null | sort -u` test -n "${CERT}" 2>&- && { CIPHERS=`tmsh list /ltm profile client-ssl ${PCRT} ciphers | grep ciphers | awk '{print $2}'` echo "${VAL} ${PCRT} ${CERT} ${CIPHERS}" } done } done echo "Virtual server count: ${VIRTS}" Finally you can run the newly created file: ./show-vs-cpfl-cert-ciphers.sh My preference is to run it and capture the output to a txt file that I can manipulate later to sort by each of the fields so I run the command this way: ./show-vs-cpfl-cert-ciphers.sh > /var/tmp/how-vs-cpfl-cert-ciphers_output_$HOSTNAME"."$(date +%Y%m%d).txt Hope this helps you out as it has helped me

Need to work on the development of the new Event Management Application for Invision Community Board version 5 when its released. To be able to invest in the new development we need to do a few things first Acquire Funds (estimated cost will be close to 10k) by November 2023 should acquire the funds Write out project and expectations (can leverage some of what we are currently using) HISTORY Spreadsheets Filemaker Pro database Invision Community 3.x Brandon Davie (no longer doing development for IPB) Invision Community 4.x Ahmed Zayed (appears to have lost interest in developing these apps) Invision Community 5.x ?? (possibly Adriano Faria or Terabyte or InterMedia) GOALS Identify a developer that invests in app and can provide updates and support as needed (difficult to keep changing developers) Utilize website for each customer to leverage for all shows (use Mid-America Festivals as example) Services App would provide include Ticketing and Accounting Not mandatory but having a POS app that we could load on Android or iOS device that would accept info (even offline) and transfer to website when connection is re-established) Have the ability to export and import data for setup and transactions (preferable via CSV) Needs the ability to print reports with Logo included (possibly just use logo in header)

Trying to migrate an LTM from old school to doing to via JSON and this particular LTM has AWAF Resource Provisioned so its what makes it difficult AND we are running version 15.x which only supports exporting policies into XML. In newer versions (16.x and 17.x) the AWAF policies can be exported into JSON format. We exported the policies and imported them and now when you go to a child policy and you want to update it, the settings are grayed out like shown here But it use to look like this here where you can Add and do changes. It took a minute to understand what's happening but I eventually discovered that inheritance is taking place so you could make the changes at the parent policy but it would affect all child policies. If you want to edit just certain child policies then you will need to go to Inheritence Settings on the child policy and click Decline and you will see that button change from Decline to Declined. Below is a picture of what it looks like.. (in red is declining inheritance and in gray it is keeping the inheritance)

Here is the demo

REQUIREMENTS: For the BIG-IP DNS synchronization group members to properly synchronize their configuration settings, verify that the following requirements are in place: BIG-IP DNS synchronization group members must be running the same software version A BIG-IP DNS device should be running the same software version as other members in the synchronization group. BIG-IP DNS devices that are running different software versions will not be able to communicate and properly synchronize BIG-IP DNS configuration and zone files. For information about displaying the software version, refer to K8759: Displaying the BIG-IP software version. Synchronization parameters must be properly defined for all members Synchronization must be enabled and each device must have the same synchronization group name. You can define the synchronization parameters by navigating to: BIG-IP DNS 11.5.0 and later: DNS > Settings > GSLB > General BIG-IP GTM 10.0.0 through 11.4.1: System > Configuration > Device > GTM > General NTP must be configured on each device Before you can synchronize BIG-IP DNS systems, you must define the network time protocol (NTP) servers for all synchronization group members. Configuring NTP servers ensures that each BIG-IP DNS synchronization group member is referencing the same time when verifying the configuration data that needs to be synchronized. You can configure NTP by navigating to System > Configuration > Device > NTP. Port Lockdown must be set properly for the relevant self IP addresses Port lockdown is a security feature that specifies the protocols and services from which a self IP address can accept traffic. F5 recommends using the Allow Custom option for self IP addresses that are used for synchronization and other critical redundant pair intercommunications. You can configure port lockdown by navigating to Network > Self IPs. Note: Management-IP address are not compatible with iQuery; you should not use them as server IP addresses in the DNS server list. Configure the service ports shown in the following table for BIG-IP DNS operation on the specific self IP. Allowed Protocol Service Service Definition TCP 4353 iQuery TCP 22 SSH TCP 53 DNS UDP 53 DNS UDP 1026 Network Failover For further information on Port Lockdown behavior, please refer to K17333 listed in the Supplemental Information section below. TCP port 4353 must be allowed between BIG-IP GTM systems BIG-IP DNS synchronization group members use TCP port 4353 to communicate. You must verify that port 4353 is allowed between BIG-IP DNS systems. Compatible big3d versions must be installed on synchronization group members The big3d process runs on BIG-IP systems and collects performance information on behalf of the BIG-IP DNS system. For metrics collection to work properly, synchronization group members must run the same version of the big3d process. For more information about verifying big3d version information, refer to K13703: Overview of big3d version management. A valid device certificate must be installed on all members The device certificate is used by the F5 system to identify itself to a requesting F5 client system. The default device certificate, /config/httpd/conf/ssl.crt/server.crt, must be installed on each sync group member. You can verify the certificate validity by navigating to System> Device Certificates. EXPLANATION of DNS SYNC A BIG-IP DNS synchronization group is a collection of multiple BIG-IP DNS systems that share and synchronize configuration settings. You must meet several minimum requirements for BIG-IP DNS synchronization group members to communicate and synchronize properly. Starting in 11.x, the BIG-IP DNS system uses a commit_id structure, which is linked to an MCP transaction, as a timestamp when updating the configuration for a given sync group. The BIG-IP DNS sync group communication flow works as follows: The Configuration utility or the TMOS Shell (tmsh) communicates configuration changes to the mcpd process. The mcpd process forwards the new configuration in its entirety to the local gtmd process. The gtmd process updates the commit_id value and writes the new configuration to the /config/bigip_gtm.conf file. The local big3d process begins advertising the updated commit_id value using heartbeat messages transmitted to all remote gtmd processes. When a remote gtmd process notices that the peer BIG-IP DNS system has a newer commit_id value, the remote gtmd invokes the iqsyncer utility to pull the newer configuration. The iqsyncer utility connects to the big3d process of the BIG-IP DNS system with the newer commit_id and requests the changes between the newer commit_id and its current commit_id. The big3d process connects to its mcpd process and if the differences between commit_ids exist in the incremental config sync cache, then just these incremental changes are passed back. If not, the full configuration are passed in one or more messages. The big3d process then transmits those messages back to the requesting iqsyncer utility, and iqsyncer passes the new configuration directly to its own mcpd process, which loads it into memory. After the mcpd process receives the new configuration, it passes the configuration to its own gtmd process, which updates its timestamp with the commit_id of the source BIG-IP DNS system, and writes the configuration to the /config/bigip_gtm.conf file.

Ran into an issue last night where I had to redirect https://example.thezah.com/ to https://example.thezah.com/?idp_id=two Attempted a few different way of redirecting the URI in the Policy and they all didn't work. Ran into a few issues... When creating the Redirect_URI policy under the do the following: Replace - HTTP URI - path with value /?idp_id=two at request time What would happen is when you enter the value /?idp_id=two and save F5 would change it to /\?idp_id=two and my assumption is its using reg-ex to escape the ? so I used the URL encode for question mark which is %3F so it looked like /%3Fidp_id=two and still no luck. Then realized they were breaking because to use policies you need an HTTP Profile (Client) of http. Then we added an SSL Profile (Client) with the FQDN in for example.thezah.com and also add the F5 default SSL Profile (Server) called serverssl The Policy still wouldn't work so created an iRule like the one below when HTTP_REQUEST { if { [HTTP::uri] equals "/" } { HTTP::uri "/?idp_id=two" } } Assigned the iRule to the Virtual Server Resources and now we are in business.

If you have BIG-IQ in your environment to help manage/monitor your applications then let me help understand how to use some cool features of BIG-IQ. Many times you have several F5's in your environment and trying to identify what F5 has the application you need to troubleshoot is kind of a pain in the butt unless you have BIG-IQ. First thing I do is if someone says they have an issue with their application is I ask for the FQDN or the URL that is having issues. Next thing I do is go to BIG-IQ and click on the Configuration Tab then click on Virtual Servers and you get a screen like the one below You can enter the fqdn in the filter box on the right and if that doesn't work because the name of the virtual server may differ, go to your command prompt and do a dig on the FQDN to get the IP Address and come back to BIG-IQ and enter the IP Address in the Filter box on the right. What if you get nothing still? Then a few things could be happening Maybe there application doesn't go through the F5 BIG-IQ is only up to date if the application was deployed via JSON/AS3 and for those legacy apps that didn't use JSON/AS3 to deploy, under the Devices Tab you must click those legacy boxes and click import on the services to keep the BIG-IQ database up to date.

Internal Medicine (3 doctors) just came in and checked to see how Kate is doing and feeling. Sounds like Chemotherapy is still on the docket for today but we are awaiting Dr.Yang. They checked on how Kate is doing with all the procedures she had done yesterday. She is super sleepy and is passed out now but I think its a good thing. I see its lunch time and I may sneak downstairs and get something to munch on. I love chips but because of all the stroke victims in the hospital I lean away from them since its one of the major causes of a stroke. Actually I have been trying to eat healthy so I can keep taking care of Kate but I may break down and get something non-healthy (meaning something with some flavor) today for lunch like a burger from Wendys. Dr.yang came in at the this time and gave us more information. Results of lumbar punture (spinal tap) proved positive results (no cancer in spinal fluid). He also spoke about treatment which includes: the following once a week (every Monday as out patient): daunorubicin (side effect: nausea, hair loss) - Syringe vincristine (side effect: tingling in hands) - IV bag *constipation is a worry with treatments so much the nurse and doctors ask every time they come in the following every day for 28 days: steroid: prednisone may add another drug week 2 and another drug that is used on children week 3 (rituxan) which focuses on A.L.L. he mentioned things to pay attention to while she’s home which is mainly infection (fever of 100.4 that lasts more than 30minutes she must come to ER). mentioned chemo will reduce platelets which are optimum at 50k but at 30k now and we may notice bleeding when below 10k. —— after Induction period (first 4 weeks) the chemotherapy gets kicked up a notch and is unpleasant and this will happen for 6 months and sounds like multiple visits per week. .. Kates first chemotherapy treatment is coming soon (sometime this afternoon) They gave Zofran (for nausea) and Prednisone (the steroid) today at 14:30 at this time (15:12) kate received the daunorubicin via syringe. Nurse mentioned it is important for oral hygiene since it could create sores in your mouth. Also it will more than likely create red urine. They are also giving the vincristine via IV. COMPLETED adding the daunorubicin and vincristine at 15:30 Kate is doing good. She's groggy but doing okay. Just brought her an ICEE (coke.. uh oh), grilled chicken bits from chik-fil-a and watching TV. Shes not a fan of how she feels because its different than anything else she felt. She is homesick... missing her puppies. I'm saying she's emotional which the doc said a side effect of the medicine. They just put a bag of cefepime and a couple blue pills which we believe is antibiotics (fungal, bacterial, ) Bloodwork at 3am and then more antibiotics at 4:30am unfortunately Kate didn’t get much sleep (which is another side effect of chemo). She’s also nauseous and did have tingling in her feet but she was able to work out the tingling. visit from internal medicine at 7:30am to check on her status. LABs moved up to twice a day because of Chemo they need to keep monitoring blood counts. As of now, morning labs came back with hemoglobin 7+ & platelets 33 so no blood transfusion at the moment. We'll have another bloodwork around 5pm tonight and we'll see what her numbers are then. We are still on track for going home Friday and we are both hoping that stays true since she is going stir crazy being cooped up in the hospital. I may leave today to go get a shower and change of clothes since we are here until Friday. I feel disgusting so need a refresher. Hoping they validate the parking since we have been there since Sunday. Nurses helped kate change into a new gown and I got her a breakfast bagel. They flushed the PICC line to help the machine stop beeping because of blockage. They also recommended her getting up and walking the floor. Bandage for PICC line will be changed before we go home which will be nice even though we are only home for Saturday and Sunday and back on Monday for an all day treatment but its suppose to be outpatient so we'll be able to go back home. She is getting Zofran for nauseous at 9am Kate got another dose of antibiotics and her daily steroid at 10:15am antifungal: diflucan antibacterial: bactrin antiviral: aciclovir steroid: prednisone which she'll get every day during the induction phase (roughly 28 days) And still getting the IV drip of cefepime (2gm/100mL) which is also used to treat bacterial infections. Kate got about 3 hours sleep last night. They said the chemo chemicals would cause sleeplessness. Kate is getting headaches but they give her a Tylenol 3 before going to sleep and it helps relieve the pain and allow her to sleep. They took blood at 5am and Hemoglobin dropped to 7.1 and Platelets dropped to 24k. She is also still getting some nausea but the Zofran does help relieve it. So today we walked around the floor with her pet IV stand closely in hand. She decided to wear a gown with an exposed back which proudly displays the lovely bruises from the bone marrow biopsy and lumbar puncture. We did two Different walks which all together equals about 1/2 mile walked today. they dropped her bloodwork to once a day instead of the typical twice a day. No bowl movement since Tuesday so they gave her some Colace. she should get bloodwork at either 3am or 5am, then blood transfusion. Odd but her hemoglobin has to be less than 7 for her to get a blood transfusion and it was at 7.1 this morning so we all know it will be low 6 probably tomorrow morning which will prompt the blood transfusion allowing Kate and I to go home for the weekend.

Induction Phase It’s 3am on 2/17/2020 and we are in a room on the 9th floor in Karmanos Cancer Facility in Detroit. This is the beginning of the Induction process which in short means the beginning of chemo treatments while keeping a close eye on Kate during the process. The doctor believes this will take less than a week this visit but the Induction process is typically a week. There are four phases to chemotherapy treatment: The first phase is called Remission Induction. Treatment during this phase is designed to kill the leukemic cells in the blood and the bone marrow, putting the disease into remission. The second phase is Central Nervous System Directed Therapy. This phase kills cancer cells in the central nervous system and prevents the disease from spreading to the spinal fluid. The Consolidation/Intensification phase is given after the disease is considered to be in remission. It's designed to kill remaining leukemic cells that may be inactive but could begin growing again and cause the leukemia to recur. This phase usually lasts several months. The maintenance phase is the final phase of treatment that lasts for two to three years. It's used to kill any remaining cells that could cause a recurrence. Medications are often given at lower doses. So her hemoglobin dropped to 6.1 overnight (in less than 12 hours) so they are getting everything together for another blood transfusion (#6). Today she'll also get spinal tap which will inject some Chemo into her spinal cord while they take a sample to test to see if the Leukemia has made its way into the spinal cord.. we are hoping it hasn't. Dr.Yang is a superstar of a Doctor but seriously all of the doctors that we have encountered have been awesome. Our least favorite area was the Harper Hutzel ER room (happy to be out of there). They may take another bone marrow biopsy if Dr.Yang doesn't get back the results from the company they sent the bone marrow biopsy they took in Flint McLaren Hospital. Dr.Yang doesn't want to delay treatment anymore so another bone marrow biopsy is a possibility and he can get the results next day to find out if she is Philadelphia chromosome positive or negative which dictates what ingredients need to be in the chemo treatment. Starting Blood Transfusion now... need to get Kate’s blood count up. Only numbers they are really focusing on is hemoglobin (They want above 7 and its 6) and platelets (they want in the 50’s and it’s in 30’s). Finished transfusion just now and they are now moving into doing a bone marrow biopsy on left side since it was done on the right side. also adding some platelets Good news is they didn’t do a bone marrow biopsy but instead they did something where they just extracted some marrow which I think they called aspired. So Kate earns her hashtag again #k8strong they mentioned MRD testing, need to look that up. next they are adding platelets and will do the spinal tap adding chemo in the spinal fluid at the same time taking some fluid for testing Kate just left to IVR (radiation) for spinal punch. The procedure is roughly 20-40minutes and then there is recovery. They do sedate Kate which she is looking forward to so maybe she could get some sleep. dr.yang got some news from the bone marrow biopsy and they said Kate is Philadelphia chromosome negative but he wants to double-check since treatment is very important to know for sure. So the test he did earlier will give him those results in 24 hours. He did say they are trying to get us a room on the 8th floor which is reserved for chemo patients. They do not want to start chemo until Kate gets on the 8th floor since the nurses here on the 9th floor don’t work with chemo. now we wait for procedure. Just spoke to Dr.Yang as he made a visit on his way out for the day. he recommends Kate lay as flat as she can when she gets back to the room for 2 hours preferable but 1 hour minimum. he said there is no reason why they can not start chemotherapy tomorrow which will consist of two drugs for chemo and she will have to take one pill (steroid) orally. The steroid she will take daily and the two chemo injections she will do once a week. More than likely she will need another transfusion but the current tentative goal is go home Friday and come back Monday. Repeat process for a total of four weeks which would conclude the Induction process at which time they want to get more blood marrow to see if the cancer cells are declining. Kate got some food in her and now she’s fighting through some pain (with the assist of some pain killers) and maybe one more dose of pain killers before she tries to get some sleep. im hoping to sleep on a cot or anything besides these chairs which are not comfortable. i really need to thank our friends And family for helping take care of our dogs while we are gone. It’s a huge stress for Kate and I being so far away but everyone seems to be helping relieve the stress and I seriously can’t thank u enough. it appear the remaining of our night will be hopefully uneventful so don’t be surprised if you don’t see anymore posts tonight (unless something negative happens). we just got moved down to the chemotherapy floor (8) so now we are in room 8223 her hemoglobin is down to 7 so they are going to give her a blood transfusion. Kate got some sleep and woke up on her own at 4am because she had to pee. The nurses then did bloodwork to see if her hemoglobin is back up from 7.4 now that she had a unit of blood last night. white blood cells 1.3 (normal is 4-11) and platelets 35 (normal is 55+). Kate's fed, she took a tylenol 3 for pain (pill), allopurinol (pill), antiviral (pill), anti-bacterial (pill) and an anti fungal (oral liquid) medicine. Now we wait for Dr. Yang to give us the game plan for today.

What is a Lumbar Puncture - Spinal Tap During the time you are fighting cancer (especially A.L.L.) you will have to received several Lumbar Punctures or also referred to as Spinal Taps. So what are they? Lumbar puncture, also known as a spinal tap, is a medical procedure in which a needle is inserted into the spinal canal, most commonly to collect cerebrospinal fluid for diagnostic testing. The main reason for a lumbar puncture is to help diagnose diseases of the central nervous system, including the brain and spine. A lumbar puncture (spinal tap) is performed in your lower back, in the lumbar region. During a lumbar puncture, a needle is inserted between two lumbar bones (vertebrae) to remove a sample of cerebrospinal fluid. This is the fluid that surrounds your brain and spinal cord to protect them from injury. A lumbar puncture can help diagnose serious infections. Sometimes doctors use lumbar punctures to inject anesthetic medications or chemotherapy drugs into the cerebrospinal fluid.

11:00pm they brought her down for x-ray Gave Kate tordol at this time for her headaches. when we came in they gave her via an IV (not using PICC line) cefepime 2gm which is an antibiotic. we are watching 2.5 men (the era that Charlie sheen still existed) just had a visit from the Karmanos doctor on duty which did a quick evaluation of Kate. Going to transfer Kate up to a room in Karmanos, just waiting. So Karmanos doctor on duty came in and did some more checking while we wait for a room. She mentioned Kate’s hemoglobin is down to 7.2 and her white blood cell count is at 1.7, so now we wait for her room Got our room (9203) in Karmanos on the 9th floor but was told they may move her to 8th floor.. but not sure when. I'm thinking Kate would really just like to sleep. FYI: room is HUGE.

Arrived at Harper-Hutzel Hospital (it's attached to Karmanos and they address after hours concerns with Karmanos patients) Just saw Dr.Woolman. Man he was a talker. Not giving Kate a chance to answer any questions. They asked these questions: when admitted to Mclaren (flint): Tuesday the 4th. When bone marrow biopsy: 2/6/20 when was picc line installed: 2/6/20 last transfusion: 2/7/20 did they give you any medicine: dexatron (2/7/20-2/10/20) 40mg a day for the 4 days. When did you learn for sure Kate has ALL: bone marrow biopsy confirmed Kate has ALL on 2/10/20 allergic to anything: no taking any medicine: allopurinol (300mg) because music acid high, norco 7.5mg for discomfort for bone marrow biopsy but hasn’t taken any anything doctor should know? we noticed bleeding from picc Line. mentioned she had a bloody nose NOTE: We are going to avoid Harper Hutzel Hospital as much as humanly possible.... horrible!

Fevers are no good Tonight Kate developed a fever (running 100.5) and whats scary is they say if you have Leukemia and get a fever you must go to the nearest Emergency Room since its more than likely an infection which can prove to be fatal. So right now we are calling 1-800-Karmanos to find out what they want us to do. Patients with acute lymphoblastic leukemia (ALL) present with either symptoms relating to direct infiltration of the marrow or other organs by leukemic cells, or symptoms relating to the decreased production of normal marrow elements. Fever is one of the most common symptoms of ALL, and patients with ALL often have fever without any other evidence of infection. However, in these patients, one must assume that all fevers are from infections until proved otherwise, because a failure to treat infections promptly and aggressively can be fatal. Infections are still the most common cause of death in patients undergoing treatment for ALL. The doc called Kate and said she needs to immediately get down the the hospital because it means it could be infection. Loading up the car and heading down as fast as we can since the doctor expressed urgency.

Home Care Nurse Visit Last night Kate called the Support line for the Homecare nurse complaining on how much the bandage hurts after they redid it during our Hospital visit yesterday (Friday). Kate was complaining of a burning sensation and very uncomfortable. A homecare nurse showed up and was very polite and helped explain how to clean the pic line with basically salt water and yea, I got my intro on how to do this myself for Kate. She re-bandaged it up and Kate kept thanking the nurse because it was like night and day difference. She is no longer after the polite home care nurse re-bandaged Kates pic-line. Now if I could only get Kate to relax... I'm trying to restrict her some so she doesn't get her blood flowing. In my mind, more blood flow means the quicker the cancer can spread since it is a cancer of the blood. Of course thats my logic and I really don't want to loose my wife. What is a PICC Line? Below is a pretty good illustration but its basically a quick way for doctors to pull blood from within having to re-stab kate with a needle every-time. It's also a place for the doctor to administer the chemo treatments. She has to keep moving that right arm so it doesn't get buildup on the line as well as get clogs.. we don't want to get clogs in the line which is why I get the pleasure of flushing the line out daily. I am glad she is more comfortable now. Kareta had hers in her chest & that seemed constantly uncomfortable. So glad she doesn't have it in her chest. So much love & many prayers being sent!