Forum Discussion
Syafiq_89483
Cirrus
CirrusiRules Change Management
I have several irules running on a single box. Each irules consist of nearly 500 line of code.
The development process of this irules was so rapidly changing, considering that our customer needs...
I personally do not think this has to be handled on the F5 itself. If you consider each iRule as a configuration file, you can manage each one like you would manage a system configuration file. We started using Git to manage our iRules, right now it's a manual process, but the F5 has APIs which will be used to implement automated processes. We started by adding headers to each file, so that people know not to modify the iRules directly on the box. Here's what we put at the beginning of each iRule:
Managed by Git (git@your.git.machine/gitpath/conf.git) Version: $Id$ $Format:Git ID: (%h) %ci/%cn$And then you can add this to your .attributes file:
Manage the Identity substitution *.txt ident *_stash ident Substitute information on export *.txt export-subst *_stash export-substWe then use git archive to export the files, which will replace the variables with some information. I realize this solution is not perfect, we are in the early rounds.
The biggest challenge becomes the human factor, no iRules should be modified directly on the F5. BTW, the $Id$ variable can be used to verify that nobody touched the file.
Regards, Didier
Didier_Fort_226
Altostratus
AltostratusI personally do not think this has to be handled on the F5 itself. If you consider each iRule as a configuration file, you can manage each one like you would manage a system configuration file. We started using Git to manage our iRules, right now it's a manual process, but the F5 has APIs which will be used to implement automated processes. We started by adding headers to each file, so that people know not to modify the iRules directly on the box. Here's what we put at the beginning of each iRule:
Managed by Git (git@your.git.machine/gitpath/conf.git)
Version: $Id$
$Format:Git ID: (%h) %ci/%cn$
And then you can add this to your .attributes file:
Manage the Identity substitution
*.txt ident
*_stash ident
Substitute information on export
*.txt export-subst
*_stash export-subst
We then use git archive to export the files, which will replace the variables with some information. I realize this solution is not perfect, we are in the early rounds.
The biggest challenge becomes the human factor, no iRules should be modified directly on the F5. BTW, the $Id$ variable can be used to verify that nobody touched the file.
Regards, Didier
- JRahm
Admin
interesting concept. If you tied this into an iApp to manage all the iRules, then the rules themselves couldn't be changed directly. 
HamishCirrocumulus
I like it... Do you automate it as well so when a new version is checked into the git repository, the LTM's all get updated? H- Didier_Fort_226OK, I need to look at iApps. No, it's not automated yet, we are in the early stages. BTW, I personally think that adding $Id$ and other variables is a temporary step. Once the iRule are automatically pushed either via iApp or other means, these variables won't be necessary.
Saverio_180237Nimbostratus
Hello, I wrote some git hooks, so that you can manage iRules in git, and when you push to a remote repository the changes are pushed directly to the BIGIP device. you can find the code here: https://github.com/zioproto/f5-git-hooks if you make this code better please send me pull requests on github
