Forum Discussion
11.3 tmsh cli for irule
I have the following irule, and I need to get it into one tmsh cli (using the editor or the gui is not an option). I can enter it through the gui just fine. But when I prepend tmsh create on the front, I can't come up with a sequence which works. Any advice?
ltm rule /Common/SNAT2VIP { when CLIENT_ACCEPTED { set VirtualIP [clientside {IP::local_addr}] snat $VirtualIP } }
tmsh create ltm rule /Common/SNAT2VIP when CLIENT_ACCEPTED { set VirtualIP [clientside {IP::local_addr}] snat $VirtualIP }} Syntax Error: can't parse TCL script beginning with when CLIENT_ACCEPTED { set VirtualIP [clientside {IP::local_addr}] snat }}
[root@sgkdhlbxxxx003:Active] config
- What_Lies_Bene1Cirrostratus
I'm not sure if it has to be a one-liner? If not, try using
instead.tmsh edit ltm rule 'name'
- sally_calvert_8Nimbostratus
yeah - it has to be a one liner..the folks who will be actually executing the change are (unskilled) . would using a unix redirect with the above edit command work?
- What_Lies_Bene1Cirrostratus
I've tried everything, can't seem to find a way, sorry.
- sally_calvert_8Nimbostratus
thanks for looking...
- What_Lies_Bene1CirrostratusYou're welcome
- Kevin_StewartEmployee
Okay, admittedly this is a little hokey, but it does work:
echo -e "ltm rule /Common/test_rule {\nwhen CLIENT_ACCEPTED {\n set VirtualIP [IP::client_addr]\n snat \$VirtualIP\n}\n}" > /var/tmp/test-rule & tmsh load sys config merge file /var/tmp/test-rule
The idea is that it creates a properly formatted iRule in a temporary file (including newlines) and then imports that into the config via merge.
- MVANimbostratus
This imports correctly into 11.4.1 HF3 - just dropped the step of adding the variable - not sure if that would work.
[xxxxx@BigIP:Active:Standalone] log tmsh create ltm rule /Common/SNAT2VIP when CLIENT_ACCEPTED {snat [clientside {IP::local_addr}]} [xxxxx@BigIP:Active:Standalone] log tmsh list ltm rule /Common/SNAT2VIP ltm rule SNAT2VIP { when CLIENT_ACCEPTED {snat [clientside {IP::local_addr}]} }
Hope that helps.
- Hendry_Chandra_Historic F5 Account
Hi ALL,
Actually the command can be multiple liner. Only the issue is: read-ability of the codes are terrible. Example iRules with normally written using iRules Editor:
[root@BigIP:Active:Standalone] config tmsh list ltm rule Eval_Command ltm rule Eval_Command { when HTTP_REQUEST { set Command [string map {/ " "} [HTTP::uri]] if { $Command eq " " } { HTTP::respond 200 content "Usage: /Command/Argument_1/Argument_2/Argument_3/.../Argument_N/\r\n" noserver "Connection" "Close" } else { HTTP::respond 200 content "$Command\r\n\r\n[eval $Command]\r\n\r\n<--- [clock format [clock seconds] -format "%Y-%m-%d %H:%M:%S"] --->\r\n" noserver "Connection" "Close" } } } [root@BigIP:Active:Standalone] config
with CLI (tmsh), you can write it as below:
[root@BigIP:Active:Standalone] config tmsh create ltm rule Test_iRules_CLI `echo "when HTTP_REQUEST { set Command [string map {/ \" \"} [HTTP::uri]] ; if { \\$Command eq \" \" } { HTTP::respond 200 content \"Usage: /Command/Argument_1/Argument_2/Argument_3/.../Argument_N/\\\r\\\n\" noserver \"Connection\" \"Close\" } else { HTTP::respond 200 content \"\\$Command\\\r\\\n\\\r\\\n[eval \\$Command]\\\r\\\n\\\r\\\n<--- [clock format [clock seconds] -format \"%Y-%m-%d %H:%M:%S\"] --->\\\r\\\n\" noserver \"Connection\" \"Close\" } }"` [root@BigIP:Active:Standalone] config
the result will be:
[root@BigIP:Active:Standalone] config tmsh list ltm rule Test_iRules_CLI ltm rule Test_iRules_CLI { when HTTP_REQUEST { set Command [string map {/ " "} [HTTP::uri]] ; if { $Command eq " " } { HTTP::respond 200 content "Usage: /Command/Argument_1/Argument_2/Argument_3/.../Argument_N/\r\n" noserver "Connection" "Close" } else { HTTP::respond 200 content "$Command\r\n\r\n[eval $Command]\r\n\r\n<--- [clock format [clock seconds] -format "%Y-%m-%d %H:%M:%S"] --->\r\n" noserver "Connection" "Close" } } } [root@BigIP:Active:Standalone] config
Hope the above helps.
- mtaylornzNimbostratus
Hi All,
Hey just on this topic, just keen to highlight the possibility to use any of: CLI Scripting (edit cli script , then run cli script ) iCalls (edit sys icall script , then edit sys icall handler periodic ) iApps (edit in GUI)
In these scripting environments tmsh::create ltm rule work
eg simple irule in CLI scripting
modify script test_cli_script { proc script::init {} { }
proc script::run {} { tmsh::create ltm rule "test_irule" "when HTTP_REQUEST \{ log local0. \"test irule\" \}" }
proc script::help {} { }
proc script::tabc {} { } }
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com