Forum Discussion

Aasis_162538's avatar
Aasis_162538
Icon for Nimbostratus rankNimbostratus
Jun 29, 2017

Add 200 IP to the datagroup list

I came across the scenario where I need to add 200 specific IPs to the datagroup list. Rather than adding it manually, is there a way i can do it via cli? Can you please post the complete command/script to do this.

 

Its for BIG IP LTM v12.1.0

 

Thanks in advance.

 

  • Well if its an internal DG, you can follow the below,

    Step 1 : Do a list of the existing records and copy it to a file. If the list is small, copy it to a text file and save it in the local desktop.

    Command : tmsh list ltm data-group internal 

    Eg : AOL which is a F5 default dg. Make sure you copy this part too.

    ltm data-group internal aol {
        records {
        IP's
        }
        type ip
    }
    

    Step 2: Once the IP's and the keywords are copied to a text file, paste the new 200 IP's as per the subnets required inbetween the records section { } , without adding subnets will make it default /32.

    Step 3: Winscp the txt file to the LTM, or you can create it in the F5 /var/tmp/ location itself.

    Step 4: Merge the uploaded file or the tmp location file.

    Command : tmsh load /sys config file /var/tmp/ip_list.txt merge

    NOTE: Make sure you add the merge command at the end, else your entire config will be replaced with this txt file alone. There wont be any config left and your box will go config less...
  • Via TMSH you can add records to an internal data-group with:

    modify ltm data-group internal  records add {   ... }

    If this is a one-time addition, use your preferred text editor to format your 200 entries into a space-delimited list and pasted into above.

    You might need to add them in small groups. I cannot remember immediately if there is a length limitation on TMSH commands.

  • JG's avatar
    JG
    Icon for Cumulonimbus rankCumulonimbus

    Put all your addresses in a file:

     cat /tmp/address_list
    1.1.1.1
    2.2.2.2
    3.3.3.3
    4.4.4.4
    5.5.5.5
    

    Run the following script (an example):

    !/bin/sh
    
     Uncomment the following line if your data group does not yet exist.
    tmsh create ltm data-group internal test_dg type ip records add { 9.9.9.9 }
    
    for i in `cat /tmp/address_list`
    do
        tmsh modify ltm data-group internal test_dg records add { $i }
    done
    
    tmsh list ltm data-group internal test_dg
    

    If you see the following output:

    ltm data-group internal test_dg {
        records {
            1.1.1.1/32 { }
            2.2.2.2/32 { }
            3.3.3.3/32 { }
            4.4.4.4/32 { }
            5.5.5.5/32 { }
            9.9.9.9/32 { }
        }
        type ip
    }
    

    save the configuration as follows:

     tmsh save /sys config

  • In case this helps anyone in the future you can simpy just use a GET on one F5 device and then a PUT or PATCH on the device you want to move the datagroup to.  I've used powershell and the existing LTM module to leverage sessions but you can do this in any language.

    $add = Invoke-RestMethodOverride -Method GET -URI ($F5Session.BaseURL.Replace('/ltm/',"/ltm/data-group/internal/yourrule")) -WebSession $F5Session.WebSession
    
    $add = $add | convertto-json -depth 5
    
    Invoke-RestMethodOverride -Method PATCH -URI ($F5Session.BaseURL.Replace('/ltm/',"/ltm/data-group/internal/yourrule")) -Body $json  -ContentType "application/json" -WebSession $F5Session.WebSession