Forum Discussion
danra_139044
Altostratus
AltostratusAdd irule via tmsh without deleting existing irules, and how to re-order
In v11.5 - need assistance in adding irules via tmsh, without deleting existing irules.
tmsh modify /ltm virtual rules { irulename } this removes all the applied irules and only adds the new irule inside the curly braces.
I also would like to re-order rules via tmsh, once the irules are applied.
Regards,
uni_87886Cirrostratus
There was a similar question a couple of weeks ago, asking about adding and deleting individual profiles. I am using 11.4.1, and found that the equivalent syntax for the rules collection within a virtual does not work. I think you are stuck with rewriting the entire rules list.
This may not apply to other versions. I know through various versions little things like this are broken and fixed in tmsh. Things like being able to use wildcards for some objects and not others. The code behind tmsh must be dreadful.
danra_139044Thanks. I requested an enhancement request, which might be a while to get implemented.
TJ_VreugdenhilCirrus
I can confirm your RFE did not make it in v12: :( tj@(F5_v12)(cfg-sync Standalone)(Active)(/Common)(tmos) show /sys version Sys::Version Main Package Product BIG-IP Version 12.0.0 Build 0.0.606 Edition Final Date Fri Aug 21 13:29:22 PDT 2015 tj@(F5_v12)(cfg-sync Standalone)(Active)(/Common)(tmos) modify /ltm virtual test rules ? Values: "{" Replace the set with a new set none Remove all items from the set
uniThere was a similar question a couple of weeks ago, asking about adding and deleting individual profiles. I am using 11.4.1, and found that the equivalent syntax for the rules collection within a virtual does not work. I think you are stuck with rewriting the entire rules list.
This may not apply to other versions. I know through various versions little things like this are broken and fixed in tmsh. Things like being able to use wildcards for some objects and not others. The code behind tmsh must be dreadful.
- danra_139044Thanks. I requested an enhancement request, which might be a while to get implemented.
- TJ_VreugdenhilI can confirm your RFE did not make it in v12: :( tj@(F5_v12)(cfg-sync Standalone)(Active)(/Common)(tmos) show /sys version Sys::Version Main Package Product BIG-IP Version 12.0.0 Build 0.0.606 Edition Final Date Fri Aug 21 13:29:22 PDT 2015 tj@(F5_v12)(cfg-sync Standalone)(Active)(/Common)(tmos) modify /ltm virtual test rules ? Values: "{" Replace the set with a new set none Remove all items from the set
nitass_89166Noctilucent
In v11.5 - need assistance in adding irules via tmsh, without deleting existing irules.
is "tmsh load sys config from-terminal merge" useful?
I also would like to re-order rules via tmsh, once the irules are applied.
i prefer using event priority.
priority
https://devcentral.f5.com/wiki/iRules.priority.ashx- danra_139044Thanks! I will read the link above.
nitassEmployee
In v11.5 - need assistance in adding irules via tmsh, without deleting existing irules.
is "tmsh load sys config from-terminal merge" useful?
I also would like to re-order rules via tmsh, once the irules are applied.
i prefer using event priority.
priority
https://devcentral.f5.com/wiki/iRules.priority.ashx- danra_139044Thanks! I will read the link above.
- Kevin_Stewart
Okay, this is wildly simplistic, but take a look:
!/bin/bash current_rules=`tmsh list ltm virtual $1 one-line all-properties |perl -ne 'print "$1" if /rules {(.*?)}/'` tmsh modify ltm virtual $1 rules { $current_rules $2 }There's no error checking here, so you'd need to add it. The above takes the VIP name as the first param ($1) and the new iRule as the second ($2). The first line extracts the current iRules form the given VIP into a variable, and then adds them back in with the second line.
RemcoNimbostratus
We got the same issue here, we are in the middle of upgrading all our F5's from v10 to v11.4.1 and are running into issue with our scripting. We are using EM to bring down our sites by adding a maintenance or sorry irule on the virtuals. But the EM staged changesets are based on bigpipe commands and have not find any information how to get tmsh based changeset working on EM.
In the meantime if tried the script described in: link text
In the hope it can be modified to also add irules, but it gives errors on this line:
if { [tmsh::get_field_value $vip "rules" rules] == 0 } {Does any one has an idea what could be causing this?
Still don't understand why something as basic as adding irules is not possible in tmsh while it was in bigpipe.
Thomas_Brown_12Until F5 incorporates this feature request into the product I wrote two scripts to allow appending an iRule to as well as deleting an iRule from an existing virtual:
!/bin/sh f5-irule-add - add iRule to virtual server, preserving existing iRule configuration Thomas Brown, CA Technologies - Mon Aug 1 15:21:29 GMT 2016 - initial version Parse command line arguments if [ $ -ne 2 ]; then echo "Usage: $0 virtual irule" >&2 exit 1 fi virtual=$1 irule_add=$2 Capture existing iRule configuration tmsh list ltm virtual ${virtual} one-line | grep -q " rules { " if [ $? -eq 1 ]; then echo "$0: ${virtual} currently contains no rules; adding new rule" irule_current="" else irule_current=`tmsh list ltm virtual ${virtual} one-line | sed -e 's/.* rules { //' -e 's/ }.*//'` Check if rule already exists exists=0 for rule in ${irule_current} do if [ ${rule} == ${irule_add} ]; then exists=1 fi done if [ ${exists} -eq 1 ]; then echo "$0: ${irule_add} already exists in virtual ${virtual}" >&2 exit 2 fi fi Modify iRule list command="tmsh modify ltm virtual ${virtual} rules { ${irule_current} ${irule_add} }" echo ${command} exec ${command} status=$? if [ ${status} -ne 0 ]; then echo "tmsh returned error status ${status}" >&2 exit ${status} fi!/bin/sh f5-irule-delete - delete iRule from virtual server, preserving existing iRule configuration Thomas Brown, CA Technologies - Mon Aug 1 15:52:03 GMT 2016 - initial version Parse command line arguments if [ $ -ne 2 ]; then echo "Usage: $0 virtual irule" >&2 exit 1 fi virtual=$1 irule_del=$2 Capture existing iRule configuration tmsh list ltm virtual $virtual one-line | grep -q " rules { " if [ $? -eq 1 ]; then echo "$0: ${virtual} currently contains no rules; exiting" exit 2 else irule_current=`tmsh list ltm virtual ${virtual} one-line | sed -e 's/.* rules { //' -e 's/ }.*//'` Check if rule already exists exists=0 for rule in ${irule_current} do if [ ${rule} == ${irule_del} ]; then exists=1 fi done if [ ${exists} -eq 0 ]; then echo "$0: ${irule_del} does not exist in virtual ${virtual}" >&2 exit 2 else irule_current=`echo " ${irule_current} " | sed -e "s/ ${irule_del} / /"` fi fi Modify iRule list command="echo tmsh modify ltm virtual ${virtual} rules { ${irule_current} }" echo ${command} exec ${command} status=$? if [ ${status} -ne 0 ]; then echo "tmsh returned error status ${status}" >&2 exit ${status} fi- danielm1
Thanks Thomas for sharing.
- jba3126
This is an old topic, but still relevant. I have a need to remove a specific iRule from a specific set of VIPs. @Thomas Brown script works for adding; however the delete version is simply echoing back the command it should run to delete. As you can see from the output it never actually ran. Now I can take the output and manually run but that is not ideal for a whole list.
[root@lab-lb1]./f5-irule-delete /P1/VIP1-CA_DR-XNET-443 Disable-SSL-Renegotiation echo tmsh modify ltm virtual /P1/VIP1-CA_DR-XNET-443 rules { } tmsh modify ltm virtual /P1/VIP1-CA_DR-XNET-443 rules { }
[root@lab-lb1] tmsh list ltm virtual /P1/VIP1-CA_DR-XNET-443 | egrep 'ltm|Dis' ltm virtual /P1/VIP1-CA_DR-XNET-443 { Disable-SSL-Renegotiation
/jeff 12.1.2 HF1
