Cautionary note to the reader. While this works great to see configuration revisions it is not a full backup of the F5 configuration. Aside from certificates and keys most things will be there but you can’t use it as is to restore a box.
If using local auth you can just create an admin user and you’re good to go. However, when using remote authorization you need to fiddle around with the configuration a bit.
When using remote auth the users are not present in the /etc/passwd file which makes it impossible for the OS to assign a specific shell. You can read the official KB article about it here: https://support.f5.com/csp/article/K10272
Lucky enough, the steps to work around this limitation are simple:
- Verify that you have access to the root/admin passwords so be safe
- Change the auth from the remote auth method to local. ie. ldap -> local
- Create a local admin user for oxidized with permission to use the advanced shell
- Revert back to the previous remote auth method
In the case of ldap all settings was saved so I did not have to re-configure it.
Now, if you have many devices to configure (I did) here’s the tmsh commands you need:
modify auth source type local
create auth user ouroxidizeduser partition-access add { all-partitions { role admin } } shell bash password ouroxidizedpassword
modify auth source type ldapVoilà!
