Data group list

Data groups are text-based dictionaries, lists of key-value pairs, that reside *somewhere* on the BIG-IP. They can be in the configuration file (bigip.conf), or a separate file in the filesystem (generally in /var/class). Data groups cannot be on a separate machine. There are, however, methods to read information from remote locations, but the methods used depend on how and when you need the information. For example, if you need data from a remote server (potentially not the hosting web server) in real-time, as in during the client request or server response, you can use a sideband call in v11 or HTTP::request/HTTP::retry in v10. If you don't need the information in real-time, you can use an external monitor and a shell script (bash, cURL, Perl, etc.) to do your bidding.

What development team whats to implement is a file that they can modify in real-time to indicate a maintenance. Then a maintenance page would be displayed for anyone, except for their network that would still have access to the website.. Is that feasible?

 

 

How could i access that file in real time? Everytime that i receive a http request to the website i should check also that file... HTTP::request allow me to get this value in another uri?

 

 

Thanks a lot for your help Kevin,

 

 

Regards

I think your better bet is to create TWO data groups and a "PUSH" mechanism (vs. PULL😞

The first data group would be your IP list - the list of IPs or IP subnets that you want to allow access regardless of maintenance mode. In the BIG-IP management UI, under Local Traffic and iRules, click the Data Group List tab. This is where you create internal data groups and the references to external (file-based) data groups. We'll create a simple Address data group here and specify the IPs or IP subnets of your internal admin network. In this example I'll the data group "MAINTMODE_IP".

The second data group would be your maintenance "switch". There's a hundred ways to do this, but for now create a string data group with a string value of "maintenance" (arbitrary), and a value of 0 (zero). In this example I'll call the data group "MAINTMODE_SWITCH".

Then create an iRule that you'll apply to the virtual server:

when HTTP_REQUEST {
    if { ( [class lookup "maintenance" MAINTMODE_SWITCH] eq 1 ) and not ( [class match [IP::client_addr] equals MAINTMODE_IP] ) } {
         initiate maintenance mode content
        HTTP::respond 200 content "maintenance mode"
    }
}

To enable maintenance mode, set the "maintenance" key in the MAINTMODE_SWITCH data group to a value of 1. When an HTTP_REQUEST event is triggered, the first condition will be true (maintenance == 1). Then if the client IP is NOT in the MAINTMODE_IP data group, the request will immediately trigger an HTTP::respond action. You can put any HTML/CSS/JS content that you can imagine inside the HTTP::respond command.

The next step then would be to determine WHEN to enable maintenance mode. I'm assuming that you're attempting to (manually) set a file on a server to some value to enable maintenance mode and expecting the BIG-IP to PULL this information on each client request. The above configuration allows you to PUSH the information instead, which will not suffer the same latency issues. There are also a ton of ways to do this too. If you have access to a Linux box or an SSH terminal, you can issue remote commands via SSH to change the value of the data group. Here's what that command would look like:

tmsh modify ltm data-group internal MAINTMODE_SWITCH records modify { maintenance { data 1 } }

Alternatively, you can issue an iControl call using your favorite language (Powershell, Perl, Python, .NET, Java, etc.). There are a lot of choices here too, so I won't get into the details of each.

Great Kevin, i will modify the value of the data group instead of polling. This is much better and easier too.. thanks a million for your help!