Forum Discussion
rdessert_76127
Nimbostratus
NimbostratusCreating a process for changing irule applied to a virtual server
Hi All,
Here's my situation...
I'm in the process of eliminating several IIS proxies by rolling the proxy function to LTM. In IIS this application used 2 different mod_rewrite scripts, one during normal operation and a different one during maintenance mode to redirect client connections to different servers / pages etc.
As part of the migration I have created 2 different irules to perform the same function the mod_rewrite scripts were doing when IIS was in use. Everything works great.
The situation I am trying to overcome is that the owners of this site used to have an automated process to switch between the IIS mod-rewrite scripts (using MOVEit) when they wanted to change from prod to maintenance mode. I would like to come up with a way to automate the change between the prod irule and the maintenance irule. I'm trying to avoid giving application owners accounts on the LTM's and training them how to change the irules applied to virtual servers. I'm also trying to avoid them having to call the F5 admin team to make the change for them.
I'm curious if any of you have been faced with a similar situation and / or have any input on how I could automate this via a script of some sort etc.
I appreciate all input!
Thanks,
Rich
GavinW_29074Rich
I've done something very similar for our services to cover maintenance mode functionality.
I came up with the following iRule, which allows an authorized user to hit a defined URI and enable/disable a maintenance window.
https://devcentral.f5.com/wiki/irules.LTM-Dynamic-Maintenance-using-Session-Table.ashx
The above iRule is light on security, however I've updated our local copy to include both a Client IP filter and a HTTP Basic Authentication check...
Therefore if you've got multiple customers you could tweak the rule by having a different set of datagroups for each VS...
Let me know if you want a copy of the iRule including the above security features.
Regards
Gavin
rdessert_76127Thanks for the input Gavin! I'll look into it.
Rich
Michael_YatesHi RDessert,
You may also want to look at creating a Custom Health Check that would do what you are trying to accomplish as well.
Example:
You create a monitor for an Windows Service that you don't normally use (like TCP Print Services on Windows which runs on Port 515). Apply the monitor to the server pool and allow your Application Support Teams to control which servers are available in the pool by Enabling/Starting and Disabling/Stopping the Windows Service directly on the servers.
This would require that they have access to start and stop Windows Services, but it is a simpler solution (less administrative overhead) than an iRule solution which would require on going collaboration with the Application Teams.
Just another option.
Hope this helps.