From f5475ed3f2acc01e28f9e29c7fc7ec2f1ad4768d Mon Sep 17 00:00:00 2001 From: "Paul C. Buetow (mars.fritz.box)" Date: Tue, 29 Apr 2014 07:49:42 +0200 Subject: some restyle --- src/fapi | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/src/fapi b/src/fapi index 5d26e2a..ffa6a40 100755 --- a/src/fapi +++ b/src/fapi @@ -202,8 +202,8 @@ class Fapi(FapiBase): try: self.verbose('Trying to login to \'%s\'' % loadbalancer) self._f5 = bigsuds.BIGIP(hostname = loadbalancer, - username = username, - password = password) + username = username, + password = password) self._f5.Management.Partition.set_active_partition(self._folder) self.verbose('Set folder/adm. partition to \'%s\'' % self._folder) err = None @@ -449,8 +449,8 @@ class Fapi(FapiBase): resource = { 'type': 'RESOURCE_TYPE_POOL' } if poolname: resource['default_pool_name'] = poolname profile = { - 'profile_context': 'PROFILE_CONTEXT_TYPE_ALL', - 'profile_name': profile, + 'profile_context': 'PROFILE_CONTEXT_TYPE_ALL', + 'profile_name': profile, } self.verbose("vserver:%s netmask:%s resource:%s, profile:%s" % (vserver, netmask, resource, profile)) @@ -494,7 +494,7 @@ class Fapi(FapiBase): else: _, ip, _ = self.lookup(a.name) name = ip - + # Do the actual stuff if a.sub == 'get': if a.sub2 == 'detail': def detail(f5): -- cgit v1.2.3 From 288742e561977c8af28365a61a2af2f39fd4dc39 Mon Sep 17 00:00:00 2001 From: "Paul C. Buetow (mars.fritz.box)" Date: Tue, 29 Apr 2014 08:08:43 +0200 Subject: initial preparation for the bulk operation --- src/fapi | 35 ++++++++++++++++++++--------------- 1 file changed, 20 insertions(+), 15 deletions(-) diff --git a/src/fapi b/src/fapi index ffa6a40..c4a848c 100755 --- a/src/fapi +++ b/src/fapi @@ -654,36 +654,41 @@ class Fapi(FapiBase): orders = { 'device': a.sub3, 'order': a.sub4 } return lambda: f5().remove_all_ha_orders([a.name]) - def run(self): - ''' Do the actual stuff. - We are doning some lazy evaluation stuff here. The command line - tool does not do anything with the slow F5 API until it is clear - what to do and that there is no semantic or syntax error. ''' + def _lazy(self): + ''' Get the lazy code block to be executed ''' a = self._args - lazy = None if a.name: # Remove the /partition/ prefix, setting default partition after # login instead a.name = re.sub(self._folder, '', a.name) a.name = re.sub('^/+', '', a.name) if a.what == 'node': - lazy = self.__do_node(lambda: self._f5.LocalLB.NodeAddressV2) + return self.__do_node(lambda: self._f5.LocalLB.NodeAddressV2) elif a.what == 'monitor': - lazy = self.__do_monitor(lambda: self._f5.LocalLB.Monitor) + return self.__do_monitor(lambda: self._f5.LocalLB.Monitor) elif a.what == 'pool': - lazy = self.__do_pool(lambda: self._f5.LocalLB.Pool) + return self.__do_pool(lambda: self._f5.LocalLB.Pool) elif a.what == 'vserver': - lazy = self.__do_vserver(lambda: self._f5.LocalLB.VirtualServer) + return self.__do_vserver(lambda: self._f5.LocalLB.VirtualServer) elif a.what == 'vip': - lazy = self.__do_vip(lambda: self._f5.LocalLB.VirtualAddressV2) + return self.__do_vip(lambda: self._f5.LocalLB.VirtualAddressV2) elif a.what == 'vlan': - lazy = self.__do_vlan(lambda: self._f5.Networking.VLAN) + return self.__do_vlan(lambda: self._f5.Networking.VLAN) elif a.what == 'selfip': - lazy = self.__do_selfip(lambda: self._f5.Networking.SelfIPV2) + return self.__do_selfip(lambda: self._f5.Networking.SelfIPV2) elif a.what == 'tgroup': - lazy = self.__do_tgroup(lambda: self._f5.Management.TrafficGroup) + return self.__do_tgroup(lambda: self._f5.Management.TrafficGroup) elif a.what == 'folder': - lazy = self.__do_folder(lambda: self._f5.Management.Folder) + return self.__do_folder(lambda: self._f5.Management.Folder) + + + def run(self): + ''' Do the actual stuff. + We are doning some lazy evaluation stuff here. The command line + tool does not do anything with the slow F5 API until it is clear + what to do and that there is no semantic or syntax error. ''' + a = self._args + lazy = self._lazy() if isfunction(lazy): self.verbose('Doing some stuf via the API, it may take a while') self.__login() -- cgit v1.2.3 From 56ec0398d58b192c6870a636e91ecede7ce5943c Mon Sep 17 00:00:00 2001 From: "Paul C. Buetow (mars.fritz.box)" Date: Tue, 29 Apr 2014 08:11:47 +0200 Subject: rename ./-n to ./-d --- Makefile | 2 +- src/fapi | 9 +++++---- 2 files changed, 6 insertions(+), 5 deletions(-) diff --git a/Makefile b/Makefile index fcf76dd..dee5df6 100644 --- a/Makefile +++ b/Makefile @@ -28,7 +28,7 @@ documentation: --center="User Commands" ./docs/$(NAME).pod > ./docs/$(NAME).1 pod2text ./docs/$(NAME).pod > ./docs/$(NAME).txt cp ./docs/$(NAME).pod README.pod - ./bin/fapi -h -n > ./docs/synopsis.txt + ./bin/fapi -h -d > ./docs/synopsis.txt # Build a debian package (don't sign it, modify the arguments if you want to sign it) deb: all dpkg-buildpackage diff --git a/src/fapi b/src/fapi index c4a848c..a316392 100755 --- a/src/fapi +++ b/src/fapi @@ -36,7 +36,7 @@ class FapiBase(object): def info(self, message, color=''): ''' Prints an informational message to stderr ''' - if self._args.n: + if self._args.d: color = reset = '' else: reset = '' if color == '' else Style.RESET_ALL @@ -57,7 +57,7 @@ class FapiBase(object): def print_synopsis(self): ''' Prints the full Synopsis string ''' - if self._args.n: + if self._args.d: style = reset = '' else: style = Style.DIM @@ -131,13 +131,13 @@ class ArgumentParser(FapiBase): self._parser = parser = argparse.ArgumentParser(add_help=False) parser.add_argument('-b', action='store', help='Forces to use the secified loadbalancer (overwrites -e)') + parser.add_argument('-d', action='store_true', help='Disable colorful output') parser.add_argument('-e', action='store', help='Env to use, e.g. dev,qa,live', default='qa') parser.add_argument('-f', action='store', help='Overwrite partition/folder from fapi.conf') parser.add_argument('-h', action='store_true', help='Print this help') parser.add_argument('-i', action='store_true', help='Interactive shell') parser.add_argument('-l', action='store_true', help='Use list output') - parser.add_argument('-n', action='store_true', help='No color (disable colorful output)') parser.add_argument('-v', action='store_true', help='Verbose') parser.add_argument('-V', action='store_true', help='Print program version') parser.add_argument('-C', action='store', help='Config file', @@ -681,13 +681,14 @@ class Fapi(FapiBase): elif a.what == 'folder': return self.__do_folder(lambda: self._f5.Management.Folder) - def run(self): ''' Do the actual stuff. We are doning some lazy evaluation stuff here. The command line tool does not do anything with the slow F5 API until it is clear what to do and that there is no semantic or syntax error. ''' a = self._args + if a.name == '_': + print "BULK" lazy = self._lazy() if isfunction(lazy): self.verbose('Doing some stuf via the API, it may take a while') -- cgit v1.2.3 From 34dd414cebebcc9059d15870c2ea2a1c396895c5 Mon Sep 17 00:00:00 2001 From: "Paul C. Buetow (mars.fritz.box)" Date: Tue, 29 Apr 2014 08:14:46 +0200 Subject: introduce -n for no-op --- src/fapi | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/src/fapi b/src/fapi index a316392..80b600b 100755 --- a/src/fapi +++ b/src/fapi @@ -138,6 +138,7 @@ class ArgumentParser(FapiBase): parser.add_argument('-h', action='store_true', help='Print this help') parser.add_argument('-i', action='store_true', help='Interactive shell') parser.add_argument('-l', action='store_true', help='Use list output') + parser.add_argument('-n', action='store_true', help='No-op (don\'t do actual stuff)') parser.add_argument('-v', action='store_true', help='Verbose') parser.add_argument('-V', action='store_true', help='Print program version') parser.add_argument('-C', action='store', help='Config file', @@ -691,10 +692,13 @@ class Fapi(FapiBase): print "BULK" lazy = self._lazy() if isfunction(lazy): - self.verbose('Doing some stuf via the API, it may take a while') - self.__login() - self.out(lazy()) - self.info('done', Fore.GREEN) + if a.n: + self.info('no-op', Fore.GREEN) + else: + self.verbose('Doing some stuf via the API, it may take a while') + self.__login() + self.out(lazy()) + self.info('done', Fore.GREEN) else: self.print_synopsis() return 1 -- cgit v1.2.3 From bd872471737964416061c8d061b21bd93e6a0635 Mon Sep 17 00:00:00 2001 From: "Paul C. Buetow (mars.fritz.box)" Date: Tue, 29 Apr 2014 08:57:33 +0200 Subject: trying to implement a smart bulk edit --- src/fapi | 64 +++++++++++++++++++++++++++++++++++++++++++++++----------------- 1 file changed, 47 insertions(+), 17 deletions(-) diff --git a/src/fapi b/src/fapi index 80b600b..1418aea 100755 --- a/src/fapi +++ b/src/fapi @@ -171,6 +171,8 @@ class ArgumentParser(FapiBase): class Fapi(FapiBase): ''' The main F5 API Tool Object ''' + __loggedin = False + def __init__(self, args): ''' Initialize the config file, username and password ''' FapiBase.__init__(self, args) @@ -183,6 +185,7 @@ class Fapi(FapiBase): def __login(self): ''' Logs into the F5 BigIP SOAP API and changes the folder/adm. partition''' + if __loggedin: return c = self._config a = self._args if c.has_option('fapi', 'username'): @@ -214,6 +217,7 @@ class Fapi(FapiBase): pass if err: raise Exception(err) + __loggedin = True def lookup(self, what): ''' Does a DNS lookup to fetch the name (mostly FQDN) and the IPs @@ -258,6 +262,22 @@ class Fapi(FapiBase): self.verbose("Looked \'%s\' up to name:\'%s\', ip:\'%s\', port:\'%s\'" % (what, name, ip, port)) return (name, ip, port) + + def li(self, name): + ''' Checks if name is a list and returns a list if not. ''' + return name if isinstance(name, list) else [name] + + + def pa(self, length, params): + ''' Checks if name is a list and returns a list of params if so ''' + paramlist = [] + if length > 1: + for _ in xrange(length): paramlist.append(params) + else: + paramlist.append(params) + return paramlist + + def __do_node(self, f5): ''' Do stuff concerning nodes ''' a = self._args @@ -267,24 +287,26 @@ class Fapi(FapiBase): if a.sub2 == 'detail': def detail(f5): d = {} - d['connection_limit'] = f5().get_connection_limit([a.name]) + d['connection_limit'] = f5().get_connection_limit(li(a.name)) d['default_node_monitor'] = f5().get_default_node_monitor() - d['description'] = f5().get_description([a.name]) - d['dynamic_ratio'] = f5().get_dynamic_ratio_v2([a.name]) - d['monitor_instance'] = f5().get_monitor_instance([a.name]) - d['monitor_rule'] = f5().get_monitor_rule([a.name]) - d['monitor_status'] = f5().get_monitor_status([a.name]) - d['object_status'] = f5().get_object_status([a.name]) - d['rate_limit'] = f5().get_rate_limit([a.name]) - d['ratio'] = f5().get_ratio([a.name]) - d['session_status'] = f5().get_session_status([a.name]) + d['description'] = f5().get_description(li(a.name)) + d['dynamic_ratio'] = f5().get_dynamic_ratio_v2(li(a.name)) + d['monitor_instance'] = f5().get_monitor_instance(li(a.name)) + d['monitor_rule'] = f5().get_monitor_rule(li(a.name)) + d['monitor_status'] = f5().get_monitor_status(li(a.name)) + d['object_status'] = f5().get_object_status(li(a.name)) + d['rate_limit'] = f5().get_rate_limit(li(a.name)) + d['ratio'] = f5().get_ratio(li(a.name)) + d['session_status'] = f5().get_session_status(li(a.name)) return d return lambda: detail(f5) if a.sub2 == 'status': - return lambda: f5().get_monitor_status([a.name]) + return lambda: f5().get_monitor_status(li(a.name)) elif a.sub == 'create': fqdn_or_ip, ip, _ = self.lookup(a.name) - return lambda: f5().create([fqdn_or_ip],[ip],[0]) + return lambda: f5().create(li(fqdn_or_ip), + [ip], + pa(len(fqdn_or_ip),0)) elif a.sub == 'delete': fqdn_or_ip, _, _ = self.lookup(a.name) return lambda: f5().delete_node_address([fqdn_or_ip]) @@ -658,11 +680,17 @@ class Fapi(FapiBase): def _lazy(self): ''' Get the lazy code block to be executed ''' a = self._args - if a.name: + def namify(name): # Remove the /partition/ prefix, setting default partition after # login instead - a.name = re.sub(self._folder, '', a.name) - a.name = re.sub('^/+', '', a.name) + name = re.sub(self._folder, '', name) + name = re.sub('^/+', '', name) + return name + if a.name: + if isinstance(a.name, list): + a.name = map(namify, a.name) + else: + a.name = namify(a.name) if a.what == 'node': return self.__do_node(lambda: self._f5.LocalLB.NodeAddressV2) elif a.what == 'monitor': @@ -688,11 +716,13 @@ class Fapi(FapiBase): tool does not do anything with the slow F5 API until it is clear what to do and that there is no semantic or syntax error. ''' a = self._args - if a.name == '_': - print "BULK" + # Inline bulk + if a.name and ',' in a.name: + a.name = a.name.split(',') lazy = self._lazy() if isfunction(lazy): if a.n: + self.verbose(lazy) self.info('no-op', Fore.GREEN) else: self.verbose('Doing some stuf via the API, it may take a while') -- cgit v1.2.3 From addfd539238d0780afabc0b238cb9d4deb11a975 Mon Sep 17 00:00:00 2001 From: "Paul C. Buetow (mars.fritz.box)" Date: Fri, 16 May 2014 19:26:15 +0200 Subject: fix email address --- debian/changelog | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/debian/changelog b/debian/changelog index b8812bc..a041bbc 100644 --- a/debian/changelog +++ b/debian/changelog @@ -4,7 +4,7 @@ fapi (0.7.0) stable; urgency=low * Can also set SNAT to automap * Small updates in the documentation - -- Paul Buetow Fri, 16 May 2014 17:52:31 +0200 + -- Paul Buetow Fri, 16 May 2014 17:52:31 +0200 fapi (0.6.2) stable; urgency=low -- cgit v1.2.3 From 142276a72e3587762b971fa4f42831f3ab107e18 Mon Sep 17 00:00:00 2001 From: "Paul C. Buetow (mars.fritz.box)" Date: Fri, 16 May 2014 19:26:30 +0200 Subject: fix makefile target --- Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Makefile b/Makefile index 0bc6d71..104db0c 100644 --- a/Makefile +++ b/Makefile @@ -31,7 +31,7 @@ documentation: ./bin/fapi -h -n > ./docs/synopsis.txt # Build a debian package deb: all - dpkg-buildpackage -us -uc + dpkg-buildpackage # -us -uc dch: dch -i release: dch deb -- cgit v1.2.3 From 3ca51363be15ea13c292a84aec38c3b6847b2b40 Mon Sep 17 00:00:00 2001 From: "Paul C. Buetow (mars.fritz.box)" Date: Fri, 16 May 2014 19:37:07 +0200 Subject: document NAT and SNAT --- docs/fapi.pod | 32 +++++++++++++++++++++++++++++--- 1 file changed, 29 insertions(+), 3 deletions(-) diff --git a/docs/fapi.pod b/docs/fapi.pod index b5cfa9b..163b025 100644 --- a/docs/fapi.pod +++ b/docs/fapi.pod @@ -140,13 +140,39 @@ And everything can be deleted as folows: fapi node fooserver1.example.com delete fapi node fooserver2.example.com delete -=head2 Setting up simple NAT Services +=head2 Setting up simple HTTP NAT Services - (Docu to be written) +A simple HTTP NATed service can be created as follows. + + # Create a NATed HTTP vserver + # fapi auto resolves the IP address. + fapi vserver myvserver.example.com:80 create PROTOCOL_TCP /Common/http + + # Add the pool to the vserver. + fapi vserver myvserver.example.com:80 set pool foopool + + # Add a NATed HTTPS vserver + fapi vserver myvserver.example.com:443 create PROTOCOL_TCP /Common/http + fapi vserver myvserver.example.com:443 set pool foopool + + # Restrict the vserver to a specific VLAN (IMPORTANT! security + # hole otherwise!) + fapi vserver myvserver.example.com:443 set vlan VLANNAME + + # Put the VirtualAddress of the vserver into a specific traffic group + fapi vip myserver.example.com set tgroup some-traffic-group + +In order to make this work your application servers need to have setup a +default route to the loadbalancers floating self IP. =head2 Setting up simple SNAT Services - (Docu to be written) +Same as setting up a NATed services, but you don't need to configure default +routes from your application servers to the loadbalancers floating self IP. + +You need also to set the SNAT flag as follows: + + fapi vserver myvserver.example.com:443 set snat automap =head2 About the NAME argument -- cgit v1.2.3 From cad5da1f4f7e6f65b7b40f32f59718a4f5c45cd5 Mon Sep 17 00:00:00 2001 From: "Paul C. Buetow (mars.fritz.box)" Date: Fri, 16 May 2014 20:02:32 +0200 Subject: New release --- .version | 2 +- README.pod | 32 +++++++++++++++++++++++++++++--- debian/changelog | 8 ++++++++ debian/files | 2 +- docs/fapi.1 | 38 ++++++++++++++++++++++++++++++++------ docs/fapi.txt | 33 ++++++++++++++++++++++++++++++--- docs/synopsis.txt | 13 +++++++------ 7 files changed, 108 insertions(+), 20 deletions(-) diff --git a/.version b/.version index faef31a..39e898a 100644 --- a/.version +++ b/.version @@ -1 +1 @@ -0.7.0 +0.7.1 diff --git a/README.pod b/README.pod index b5cfa9b..163b025 100644 --- a/README.pod +++ b/README.pod @@ -140,13 +140,39 @@ And everything can be deleted as folows: fapi node fooserver1.example.com delete fapi node fooserver2.example.com delete -=head2 Setting up simple NAT Services +=head2 Setting up simple HTTP NAT Services - (Docu to be written) +A simple HTTP NATed service can be created as follows. + + # Create a NATed HTTP vserver + # fapi auto resolves the IP address. + fapi vserver myvserver.example.com:80 create PROTOCOL_TCP /Common/http + + # Add the pool to the vserver. + fapi vserver myvserver.example.com:80 set pool foopool + + # Add a NATed HTTPS vserver + fapi vserver myvserver.example.com:443 create PROTOCOL_TCP /Common/http + fapi vserver myvserver.example.com:443 set pool foopool + + # Restrict the vserver to a specific VLAN (IMPORTANT! security + # hole otherwise!) + fapi vserver myvserver.example.com:443 set vlan VLANNAME + + # Put the VirtualAddress of the vserver into a specific traffic group + fapi vip myserver.example.com set tgroup some-traffic-group + +In order to make this work your application servers need to have setup a +default route to the loadbalancers floating self IP. =head2 Setting up simple SNAT Services - (Docu to be written) +Same as setting up a NATed services, but you don't need to configure default +routes from your application servers to the loadbalancers floating self IP. + +You need also to set the SNAT flag as follows: + + fapi vserver myvserver.example.com:443 set snat automap =head2 About the NAME argument diff --git a/debian/changelog b/debian/changelog index a041bbc..5e32861 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,11 @@ +fapi (0.7.1) stable; urgency=low + + * Add example how to create a NATed VirtualServer... + * Add example how to create a SNATed VirtualServer... + ... to the manpage + + -- Paul Buetow Fri, 16 May 2014 20:01:48 +0200 + fapi (0.7.0) stable; urgency=low * Can also set and get the vlan of a vserver diff --git a/debian/files b/debian/files index 5a378c3..04da810 100644 --- a/debian/files +++ b/debian/files @@ -1 +1 @@ -fapi_0.7.0_all.deb utils optional +fapi_0.7.1_all.deb utils optional diff --git a/docs/fapi.1 b/docs/fapi.1 index 1dc317f..78b7cdb 100644 --- a/docs/fapi.1 +++ b/docs/fapi.1 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "FAPI 1" -.TH FAPI 1 "2014-05-16" "fapi 0.7.0" "User Commands" +.TH FAPI 1 "2014-05-16" "fapi 0.7.1" "User Commands" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -281,15 +281,41 @@ And everything can be deleted as folows: \& fapi node fooserver1.example.com delete \& fapi node fooserver2.example.com delete .Ve -.SS "Setting up simple \s-1NAT\s0 Services" -.IX Subsection "Setting up simple NAT Services" -.Vb 1 -\& (Docu to be written) +.SS "Setting up simple \s-1HTTP\s0 \s-1NAT\s0 Services" +.IX Subsection "Setting up simple HTTP NAT Services" +A simple \s-1HTTP\s0 NATed service can be created as follows. +.PP +.Vb 3 +\& # Create a NATed HTTP vserver +\& # fapi auto resolves the IP address. +\& fapi vserver myvserver.example.com:80 create PROTOCOL_TCP /Common/http +\& +\& # Add the pool to the vserver. +\& fapi vserver myvserver.example.com:80 set pool foopool +\& +\& # Add a NATed HTTPS vserver +\& fapi vserver myvserver.example.com:443 create PROTOCOL_TCP /Common/http +\& fapi vserver myvserver.example.com:443 set pool foopool +\& +\& # Restrict the vserver to a specific VLAN (IMPORTANT! security +\& # hole otherwise!) +\& fapi vserver myvserver.example.com:443 set vlan VLANNAME +\& +\& # Put the VirtualAddress of the vserver into a specific traffic group +\& fapi vip myserver.example.com set tgroup some\-traffic\-group .Ve +.PP +In order to make this work your application servers need to have setup a +default route to the loadbalancers floating self \s-1IP\s0. .SS "Setting up simple \s-1SNAT\s0 Services" .IX Subsection "Setting up simple SNAT Services" +Same as setting up a NATed services, but you don't need to configure default +routes from your application servers to the loadbalancers floating self \s-1IP\s0. +.PP +You need also to set the \s-1SNAT\s0 flag as follows: +.PP .Vb 1 -\& (Docu to be written) +\& fapi vserver myvserver.example.com:443 set snat automap .Ve .SS "About the \s-1NAME\s0 argument" .IX Subsection "About the NAME argument" diff --git a/docs/fapi.txt b/docs/fapi.txt index 698a0cb..d875f43 100644 --- a/docs/fapi.txt +++ b/docs/fapi.txt @@ -128,11 +128,38 @@ EXAMPLES fapi node fooserver1.example.com delete fapi node fooserver2.example.com delete - Setting up simple NAT Services - (Docu to be written) + Setting up simple HTTP NAT Services + A simple HTTP NATed service can be created as follows. + + # Create a NATed HTTP vserver + # fapi auto resolves the IP address. + fapi vserver myvserver.example.com:80 create PROTOCOL_TCP /Common/http + + # Add the pool to the vserver. + fapi vserver myvserver.example.com:80 set pool foopool + + # Add a NATed HTTPS vserver + fapi vserver myvserver.example.com:443 create PROTOCOL_TCP /Common/http + fapi vserver myvserver.example.com:443 set pool foopool + + # Restrict the vserver to a specific VLAN (IMPORTANT! security + # hole otherwise!) + fapi vserver myvserver.example.com:443 set vlan VLANNAME + + # Put the VirtualAddress of the vserver into a specific traffic group + fapi vip myserver.example.com set tgroup some-traffic-group + + In order to make this work your application servers need to have setup a + default route to the loadbalancers floating self IP. Setting up simple SNAT Services - (Docu to be written) + Same as setting up a NATed services, but you don't need to configure + default routes from your application servers to the loadbalancers + floating self IP. + + You need also to set the SNAT flag as follows: + + fapi vserver myvserver.example.com:443 set snat automap About the NAME argument In most cases NAME can be a hostname, FQDN or an IP address. Optionally diff --git a/docs/synopsis.txt b/docs/synopsis.txt index 054543f..8e7317c 100644 --- a/docs/synopsis.txt +++ b/docs/synopsis.txt @@ -1,4 +1,4 @@ -usage: fapi [-b B] [-e E] [-f F] [-h] [-i] [-l] [-n] [-v] [-V] [-C C] +usage: fapi [-b B] [-d] [-e E] [-f F] [-h] [-i] [-l] [-n] [-v] [-V] [-C C] [what] [name] [sub] [sub2] [sub3] [sub4] [sub5] positional arguments: @@ -12,19 +12,20 @@ positional arguments: optional arguments: -b B Forces to use the secified loadbalancer (overwrites -e) + -d Disable colorful output -e E Env to use, e.g. dev,qa,live -f F Overwrite partition/folder from fapi.conf -h Print this help -i Interactive shell -l Use list output - -n No color (disable colorful output) + -n No-op (don't do actual stuff) -v Verbose -V Print program version -C C Config file Synopsis: - monitor + monitor monitor NAME get desc|state node node NODENAME create|delete @@ -50,9 +51,9 @@ Synopsis: vserver NAME set nat|pat disabled|enabled vserver NAME set pool POOLNAME vserver NAME set snat automap|none - vserver NAME set vlan [list,of,vlans,to,allow] + vserver NAME set vlan [list,of,vlans,to,allow] The following partially needs admininstrator privileges on / and /Common - -f Common -b balancer.example.com selfip + -f Common -b balancer.example.com selfip -f Common -b balancer.example.com selfip NAME create NETMASK VLANNAME [TGROUP] -f Common -b balancer.example.com selfip NAME delete -f Common -b balancer.example.com selfip NAME get detail|tgroup @@ -72,5 +73,5 @@ The following partially needs admininstrator privileges on / and /Common -f / folder -f / folder NAME create|delete -f / folder NAME get detail|dgroup|tgroup - -f / folder NAME set dgroup|tgroup DGROUP|TGROUP + -f / folder NAME set dgroup|tgroup DGROUP|TGROUP Please consult the manpage for examples. -- cgit v1.2.3 From b4969592859f7a7b8fbc54dc6a923739e36c4a6e Mon Sep 17 00:00:00 2001 From: "Paul C. Buetow (mars.fritz.box)" Date: Fri, 16 May 2014 20:11:41 +0200 Subject: fix documentation --- docs/fapi.pod | 30 +++--------------------------- 1 file changed, 3 insertions(+), 27 deletions(-) diff --git a/docs/fapi.pod b/docs/fapi.pod index 163b025..225a5f6 100644 --- a/docs/fapi.pod +++ b/docs/fapi.pod @@ -107,22 +107,12 @@ If you want to list all configured objects on your partition just run A simple nPath service can be created as follows. - # Create a nPath HTTP vserver, 'nPath' also auto disables NAT and PAT - # fapi auto resolves the IP address. fapi vserver myvserver.example.com:80 create PROTOCOL_TCP nPath - - # Add the pool to the vserver. The vservers name inside of BigIP will be - # the FQDN followed by _PORT. In this case it would be: - # myvserver.example.com_80 (or full: /Partition/myvserver.example.com_80) - # The reason is that : are not allowed in vserver names. fapi vserver myvserver.example.com:80 set pool foopool - # Add a nPath HTTPS vserver - fapi vserver myvserver.example.com:443 create PROTOCOL_TCP nPath - fapi vserver myvserver.example.com:443 set pool foopool - - # Restrict the vserver to a specific VLAN (IMPORTANT! security + # Restrict the vservers to a specific VLAN (IMPORTANT! security # hole otherwise!) + fapi vserver myvserver.example.com:80 set vlan VLANNAME fapi vserver myvserver.example.com:443 set vlan VLANNAME # Put the VirtualAddress of the vserver into a specific traffic group @@ -144,24 +134,10 @@ And everything can be deleted as folows: A simple HTTP NATed service can be created as follows. - # Create a NATed HTTP vserver - # fapi auto resolves the IP address. fapi vserver myvserver.example.com:80 create PROTOCOL_TCP /Common/http - - # Add the pool to the vserver. + fapi vserver myvserver.example.com:80 set vlan VLANNAME fapi vserver myvserver.example.com:80 set pool foopool - # Add a NATed HTTPS vserver - fapi vserver myvserver.example.com:443 create PROTOCOL_TCP /Common/http - fapi vserver myvserver.example.com:443 set pool foopool - - # Restrict the vserver to a specific VLAN (IMPORTANT! security - # hole otherwise!) - fapi vserver myvserver.example.com:443 set vlan VLANNAME - - # Put the VirtualAddress of the vserver into a specific traffic group - fapi vip myserver.example.com set tgroup some-traffic-group - In order to make this work your application servers need to have setup a default route to the loadbalancers floating self IP. -- cgit v1.2.3 From db6eeb697243ff2ef4eff87df0b568ec8ec1b4ac Mon Sep 17 00:00:00 2001 From: "Paul C. Buetow (mars.fritz.box)" Date: Fri, 16 May 2014 20:12:07 +0200 Subject: New release --- .version | 2 +- README.pod | 30 +++--------------------------- debian/changelog | 6 ++++++ debian/files | 2 +- docs/fapi.1 | 34 +++++----------------------------- docs/fapi.txt | 30 +++--------------------------- 6 files changed, 19 insertions(+), 85 deletions(-) diff --git a/.version b/.version index 39e898a..7486fdb 100644 --- a/.version +++ b/.version @@ -1 +1 @@ -0.7.1 +0.7.2 diff --git a/README.pod b/README.pod index 163b025..225a5f6 100644 --- a/README.pod +++ b/README.pod @@ -107,22 +107,12 @@ If you want to list all configured objects on your partition just run A simple nPath service can be created as follows. - # Create a nPath HTTP vserver, 'nPath' also auto disables NAT and PAT - # fapi auto resolves the IP address. fapi vserver myvserver.example.com:80 create PROTOCOL_TCP nPath - - # Add the pool to the vserver. The vservers name inside of BigIP will be - # the FQDN followed by _PORT. In this case it would be: - # myvserver.example.com_80 (or full: /Partition/myvserver.example.com_80) - # The reason is that : are not allowed in vserver names. fapi vserver myvserver.example.com:80 set pool foopool - # Add a nPath HTTPS vserver - fapi vserver myvserver.example.com:443 create PROTOCOL_TCP nPath - fapi vserver myvserver.example.com:443 set pool foopool - - # Restrict the vserver to a specific VLAN (IMPORTANT! security + # Restrict the vservers to a specific VLAN (IMPORTANT! security # hole otherwise!) + fapi vserver myvserver.example.com:80 set vlan VLANNAME fapi vserver myvserver.example.com:443 set vlan VLANNAME # Put the VirtualAddress of the vserver into a specific traffic group @@ -144,24 +134,10 @@ And everything can be deleted as folows: A simple HTTP NATed service can be created as follows. - # Create a NATed HTTP vserver - # fapi auto resolves the IP address. fapi vserver myvserver.example.com:80 create PROTOCOL_TCP /Common/http - - # Add the pool to the vserver. + fapi vserver myvserver.example.com:80 set vlan VLANNAME fapi vserver myvserver.example.com:80 set pool foopool - # Add a NATed HTTPS vserver - fapi vserver myvserver.example.com:443 create PROTOCOL_TCP /Common/http - fapi vserver myvserver.example.com:443 set pool foopool - - # Restrict the vserver to a specific VLAN (IMPORTANT! security - # hole otherwise!) - fapi vserver myvserver.example.com:443 set vlan VLANNAME - - # Put the VirtualAddress of the vserver into a specific traffic group - fapi vip myserver.example.com set tgroup some-traffic-group - In order to make this work your application servers need to have setup a default route to the loadbalancers floating self IP. diff --git a/debian/changelog b/debian/changelog index 5e32861..e92d2c6 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,9 @@ +fapi (0.7.2) stable; urgency=low + + * Fixes documentation + + -- Paul Buetow Fri, 16 May 2014 20:11:45 +0200 + fapi (0.7.1) stable; urgency=low * Add example how to create a NATed VirtualServer... diff --git a/debian/files b/debian/files index 04da810..c278a0d 100644 --- a/debian/files +++ b/debian/files @@ -1 +1 @@ -fapi_0.7.1_all.deb utils optional +fapi_0.7.2_all.deb utils optional diff --git a/docs/fapi.1 b/docs/fapi.1 index 78b7cdb..740f5f4 100644 --- a/docs/fapi.1 +++ b/docs/fapi.1 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "FAPI 1" -.TH FAPI 1 "2014-05-16" "fapi 0.7.1" "User Commands" +.TH FAPI 1 "2014-05-16" "fapi 0.7.2" "User Commands" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -245,23 +245,13 @@ If you want to list all configured objects on your partition just run .IX Subsection "Setting up a simple nPath Service" A simple nPath service can be created as follows. .PP -.Vb 3 -\& # Create a nPath HTTP vserver, \*(AqnPath\*(Aq also auto disables NAT and PAT -\& # fapi auto resolves the IP address. +.Vb 2 \& fapi vserver myvserver.example.com:80 create PROTOCOL_TCP nPath -\& -\& # Add the pool to the vserver. The vservers name inside of BigIP will be -\& # the FQDN followed by _PORT. In this case it would be: -\& # myvserver.example.com_80 (or full: /Partition/myvserver.example.com_80) -\& # The reason is that : are not allowed in vserver names. \& fapi vserver myvserver.example.com:80 set pool foopool \& -\& # Add a nPath HTTPS vserver -\& fapi vserver myvserver.example.com:443 create PROTOCOL_TCP nPath -\& fapi vserver myvserver.example.com:443 set pool foopool -\& -\& # Restrict the vserver to a specific VLAN (IMPORTANT! security +\& # Restrict the vservers to a specific VLAN (IMPORTANT! security \& # hole otherwise!) +\& fapi vserver myvserver.example.com:80 set vlan VLANNAME \& fapi vserver myvserver.example.com:443 set vlan VLANNAME \& \& # Put the VirtualAddress of the vserver into a specific traffic group @@ -286,23 +276,9 @@ And everything can be deleted as folows: A simple \s-1HTTP\s0 NATed service can be created as follows. .PP .Vb 3 -\& # Create a NATed HTTP vserver -\& # fapi auto resolves the IP address. \& fapi vserver myvserver.example.com:80 create PROTOCOL_TCP /Common/http -\& -\& # Add the pool to the vserver. +\& fapi vserver myvserver.example.com:80 set vlan VLANNAME \& fapi vserver myvserver.example.com:80 set pool foopool -\& -\& # Add a NATed HTTPS vserver -\& fapi vserver myvserver.example.com:443 create PROTOCOL_TCP /Common/http -\& fapi vserver myvserver.example.com:443 set pool foopool -\& -\& # Restrict the vserver to a specific VLAN (IMPORTANT! security -\& # hole otherwise!) -\& fapi vserver myvserver.example.com:443 set vlan VLANNAME -\& -\& # Put the VirtualAddress of the vserver into a specific traffic group -\& fapi vip myserver.example.com set tgroup some\-traffic\-group .Ve .PP In order to make this work your application servers need to have setup a diff --git a/docs/fapi.txt b/docs/fapi.txt index d875f43..93e9122 100644 --- a/docs/fapi.txt +++ b/docs/fapi.txt @@ -95,22 +95,12 @@ EXAMPLES Setting up a simple nPath Service A simple nPath service can be created as follows. - # Create a nPath HTTP vserver, 'nPath' also auto disables NAT and PAT - # fapi auto resolves the IP address. fapi vserver myvserver.example.com:80 create PROTOCOL_TCP nPath - - # Add the pool to the vserver. The vservers name inside of BigIP will be - # the FQDN followed by _PORT. In this case it would be: - # myvserver.example.com_80 (or full: /Partition/myvserver.example.com_80) - # The reason is that : are not allowed in vserver names. fapi vserver myvserver.example.com:80 set pool foopool - # Add a nPath HTTPS vserver - fapi vserver myvserver.example.com:443 create PROTOCOL_TCP nPath - fapi vserver myvserver.example.com:443 set pool foopool - - # Restrict the vserver to a specific VLAN (IMPORTANT! security + # Restrict the vservers to a specific VLAN (IMPORTANT! security # hole otherwise!) + fapi vserver myvserver.example.com:80 set vlan VLANNAME fapi vserver myvserver.example.com:443 set vlan VLANNAME # Put the VirtualAddress of the vserver into a specific traffic group @@ -131,24 +121,10 @@ EXAMPLES Setting up simple HTTP NAT Services A simple HTTP NATed service can be created as follows. - # Create a NATed HTTP vserver - # fapi auto resolves the IP address. fapi vserver myvserver.example.com:80 create PROTOCOL_TCP /Common/http - - # Add the pool to the vserver. + fapi vserver myvserver.example.com:80 set vlan VLANNAME fapi vserver myvserver.example.com:80 set pool foopool - # Add a NATed HTTPS vserver - fapi vserver myvserver.example.com:443 create PROTOCOL_TCP /Common/http - fapi vserver myvserver.example.com:443 set pool foopool - - # Restrict the vserver to a specific VLAN (IMPORTANT! security - # hole otherwise!) - fapi vserver myvserver.example.com:443 set vlan VLANNAME - - # Put the VirtualAddress of the vserver into a specific traffic group - fapi vip myserver.example.com set tgroup some-traffic-group - In order to make this work your application servers need to have setup a default route to the loadbalancers floating self IP. -- cgit v1.2.3 From 11907a7e5362509e3526ae1bede68c93f2e38add Mon Sep 17 00:00:00 2001 From: "Paul C. Buetow (mars.fritz.box)" Date: Fri, 16 May 2014 20:13:49 +0200 Subject: New release --- .version | 2 +- README.pod | 2 +- debian/changelog | 6 ++++++ debian/files | 2 +- docs/fapi.1 | 4 ++-- docs/fapi.pod | 2 +- docs/fapi.txt | 2 +- 7 files changed, 13 insertions(+), 7 deletions(-) diff --git a/.version b/.version index 7486fdb..f38fc53 100644 --- a/.version +++ b/.version @@ -1 +1 @@ -0.7.2 +0.7.3 diff --git a/README.pod b/README.pod index 225a5f6..ca50e31 100644 --- a/README.pod +++ b/README.pod @@ -148,7 +148,7 @@ routes from your application servers to the loadbalancers floating self IP. You need also to set the SNAT flag as follows: - fapi vserver myvserver.example.com:443 set snat automap + fapi vserver myvserver.example.com:80 set snat automap =head2 About the NAME argument diff --git a/debian/changelog b/debian/changelog index e92d2c6..2d47e4f 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,9 @@ +fapi (0.7.3) stable; urgency=low + + * Fixes documentation + + -- Paul Buetow Fri, 16 May 2014 20:13:29 +0200 + fapi (0.7.2) stable; urgency=low * Fixes documentation diff --git a/debian/files b/debian/files index c278a0d..0d3edca 100644 --- a/debian/files +++ b/debian/files @@ -1 +1 @@ -fapi_0.7.2_all.deb utils optional +fapi_0.7.3_all.deb utils optional diff --git a/docs/fapi.1 b/docs/fapi.1 index 740f5f4..c47300d 100644 --- a/docs/fapi.1 +++ b/docs/fapi.1 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "FAPI 1" -.TH FAPI 1 "2014-05-16" "fapi 0.7.2" "User Commands" +.TH FAPI 1 "2014-05-16" "fapi 0.7.3" "User Commands" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -291,7 +291,7 @@ routes from your application servers to the loadbalancers floating self \s-1IP\s You need also to set the \s-1SNAT\s0 flag as follows: .PP .Vb 1 -\& fapi vserver myvserver.example.com:443 set snat automap +\& fapi vserver myvserver.example.com:80 set snat automap .Ve .SS "About the \s-1NAME\s0 argument" .IX Subsection "About the NAME argument" diff --git a/docs/fapi.pod b/docs/fapi.pod index 225a5f6..ca50e31 100644 --- a/docs/fapi.pod +++ b/docs/fapi.pod @@ -148,7 +148,7 @@ routes from your application servers to the loadbalancers floating self IP. You need also to set the SNAT flag as follows: - fapi vserver myvserver.example.com:443 set snat automap + fapi vserver myvserver.example.com:80 set snat automap =head2 About the NAME argument diff --git a/docs/fapi.txt b/docs/fapi.txt index 93e9122..67fe651 100644 --- a/docs/fapi.txt +++ b/docs/fapi.txt @@ -135,7 +135,7 @@ EXAMPLES You need also to set the SNAT flag as follows: - fapi vserver myvserver.example.com:443 set snat automap + fapi vserver myvserver.example.com:80 set snat automap About the NAME argument In most cases NAME can be a hostname, FQDN or an IP address. Optionally -- cgit v1.2.3 From 5226f622e1c20ebf1c836c19e5d57ff7a3aa5591 Mon Sep 17 00:00:00 2001 From: "Paul C. Buetow (mars.fritz.box)" Date: Sun, 25 May 2014 10:12:32 +0200 Subject: add note about python --- src/fapi | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/fapi b/src/fapi index 0a78306..ca3e801 100755 --- a/src/fapi +++ b/src/fapi @@ -1,6 +1,8 @@ #!/usr/bin/env python # 2014 (c) Paul C. Buetow +# I'm sorry, but this is my first Python program to find out if it's worth +# using it. I'm more into Perl, and it will stay so. import argparse import base64 -- cgit v1.2.3