iRules Change Management
I have several irules running on a single box. Each irules consist of nearly 500 line of code.
The development process of this irules was so rapidly changing, considering that our customer needs change the logic of irules until become stable and acceptable.
The problem is, sometimes we don't know which part have been changed and which part haven't. Can we get the information when a user/admin/engineer do a change to our irules, and which part of the irules they have change? Maybe it's like implementation of subversion in big-ip.
any idea would highly appreciated.
thanks!
I personally do not think this has to be handled on the F5 itself. If you consider each iRule as a configuration file, you can manage each one like you would manage a system configuration file. We started using Git to manage our iRules, right now it's a manual process, but the F5 has APIs which will be used to implement automated processes. We started by adding headers to each file, so that people know not to modify the iRules directly on the box. Here's what we put at the beginning of each iRule:
Managed by Git (git@your.git.machine/gitpath/conf.git) Version: $Id$ $Format:Git ID: (%h) %ci/%cn$
And then you can add this to your .attributes file:
Manage the Identity substitution *.txt ident *_stash ident Substitute information on export *.txt export-subst *_stash export-subst
We then use git archive to export the files, which will replace the variables with some information. I realize this solution is not perfect, we are in the early rounds.
The biggest challenge becomes the human factor, no iRules should be modified directly on the F5. BTW, the $Id$ variable can be used to verify that nobody touched the file.
Regards, Didier