Irule to Run a tmsh command

Absolutely, but be warned that

 

1. The management shell where TMSH runs doesn't have the same memory/CPU capacity as TMM, so performing a TMSH command per client request would very quickly overwhelm the box.

    

2. You have to be very careful that any "bridge" that you create between the data and management plains cannot be used against you, where a user can execute arbitrary commands on the system.

    

3. And most important, it's just generally not a best practice thing to do.

    

With these warning out of the way, you have a few options:

 

1. You can configure a Syslog-ng facility to launch a shell command (via /etc/syslog-ng/syslog-ng.conf)

    

2. You can create a user_alert.conf element that looks for a specific syslog message and executes a shell command or script

    

3. If running 11.4 you can use an iCall that's a more robust form of the user_alert.conf technique.

    

These are all "one-way" bridges to the management plain in that you don't expect to recieve a response. There are others ways to create a bidirectional bridge, but the above stated warnings would be much more critical.

 

Thx can u give me example of irule running TMSH command , i will need to run the below for ex @ certian condition :

 

tmsh delete sys conn

 

when CLIENT_ACCEPTED {

 

if { [active_members http_pool] >= 2 } {

 

i want to run the TMSH command

 

} }

 

Take a look at this post for information on setting up user_alert.conf to launch a shell process;

 

https://devcentral.f5.com/questions/clearing-machine-cache

 

I would add though, that launching the process on every CLIENT_ACCEPTED event (where there are at least two pool members) will very quickly eat all of your a system resources. If you're going to do this at all, you should limit it to something that happens rarely.