Forum Discussion

AhmedBaig's avatar
AhmedBaig
Icon for Nimbostratus rankNimbostratus
Jun 10, 2019

modify/edit irule using ansible

Hi,

 

My question is how to edit/modify existing irule using ansible automatically. Please help me by pointing to code or module to do so.

 

I have existing irules which are needed to be edited/modified frequently. So, I'm automating it using ansible. I have found code to create and delete irule using ansible but it dont have option to edit. Please help me.

 

Thanks in advance,

Ahmed Wajid

  • Thanks for your reply Dario. What I want is actually to edit/modify existing irules. I have seen this before its not so clear how to modify or edit existing irules. Or even If I want to take existing irule edit and recreate it.

    Please help me.

    Thanks in advance,

    Ahmed

  • Hi Ahmed,

     

    Ansible is a state machine. It will deploy a configuration with or without an iRule. The state option on the link provided by Dario hints at this. There is no such thing as edit. You would redeploy the iRule again to overwrite the old one. I would just run the playbook again with an updated file and see if it updates the F5's active configuration.

  • But I'm not able to write code for it. Can somebody please help me? I'm newbie.

     

    Thanks in advance

     

  • Hi  ,  , Kindly please help me with code for redeployment. Please help me.

     

    Thanks in advance,

    Ahmed

    • I've already shared with you an example of using

      https://clouddocs.f5.com/products/orchestration/ansible/devel/modules/bigip_irule_module.html

      Did you try it?

      KR,

      Dario. ​

  • Hi Dario,

    My understanding now is with ansible it is not possible to modify/update existing irule. Is it possible in some other tools like tcl etc? Or do we have REST api for this?

     

    Thanks in advance,

    Ahmed

    • JRahm's avatar
      JRahm
      Icon for Admin rankAdmin

      Hi AhmedBaig, ansible does the config management well, you give it an irule and it updates it. If you are asking about using an offline editor to pull down an irule, edit it on the fly, and "save" which updates the iRule on the BIG-IP, you can use the Eclipse plugin for that, or you can use the rest API to update the contents of an iRule directly. In fact, I even wrote a little demo app in python's flask environment that you can use a local docker container to edit your iRules with. Let me know which direction you are seeking and I'll point you to the right resources.

       

      Update:

       

      Example using the API with python below. That said, doing it this way is really no different than using ansible as you are not interactively changing the irule. You update it in a file and then use the API to push the update.

       

      import requests, json
       
      def create_rule(bsess, burl, name, code):
          payload = {}
          payload['name'] = name
          payload['apiAnonymous'] = code
       
          bsess.post('%s/ltm/rule/' % burl, data=json.dumps(payload))
          print('Rule %s created...' % name)
       
      b = requests.session()
      b.auth = ('admin', 'admin')
      b.verify = False
      b.headers.update({'Content-Type' : 'application/json'})
      b_url = 'https://192.168.102.5/mgmt/tm'
       
      with open('myirule.tcl', 'r') as irule:
          mycode = irule.read()
      irule.close()
       
      create_rule(b, b_url, 'myirule', mycode)

       

  • Hi,

    I've had a similar challenge and used a combination of REST and Ansible modules, but everything called from Ansible.

    In our case its imply to append an additional line to an existing irule for redirects of short names.

     - name: Test F5
      hosts: localhost
      gather_facts: no
      become_method: runas
     
      vars:
        provider:
          user: '{{ f5_username }}'
          password: '{{ f5_password }}'
          server: '{{ f5_server }}'
          server_port: 443
          validate_certs: no
        irule_add: 'vanitytestxx05'
        irule_add_content: "if { ([HTTP::host] eq \"{{ irule_add }}\")} {\n  HTTP::redirect https://test.com\n }\n}"
     
      tasks:
      - name: Request F5 token
        uri:
          url: "https://{{provider.server}}/mgmt/shared/authn/login"
          method: POST
          force_basic_auth: yes
          return_content: yes
          body_format: json
          body:
            username: "{{ provider.user }}"
            password: "{{ provider.password }}"
            loginProviderName: "tmos"
          validate_certs: no
        register: token
        until: token is success
     
      - name: Get current irule content
        uri:
          url: "https://{{provider.server}}/mgmt/tm/ltm/rule/~Common~VANITY_irule"
          method: GET
          return_content: yes
          headers:
              X-F5-Auth-Token: "{{ token.json.token.name }}"
              Content-Type: "application/json"
          validate_certs: no
        register: irule_current
        until: irule_current is success
     
      - name: List irule content
        set_fact:
          irule_current_content: "{{ irule_current.json.apiAnonymous | regex_replace('}$', '')}}"
        # list content of irule "apiAnonymous" and remove last } in order to append new content
     
      - name: Add content to current irule
        set_fact:
          irule_combined_content: '{{ irule_current_content }} {{ irule_add_content }}'
     
      - name: ADD iRules to F5
        bigip_irule:
          provider: "{{item}}"
          module: "ltm"
          name: "VANITY_irule"
          content: "{{ irule_combined_content }}"

    Additionally you could use REST for updating the irule instead of the bigip_irule module.

    - name: Update irule
         uri:
           url: "https://{{provider.server}}/mgmt/tm/ltm/rule/~Common~VANITY_irule"
           method: PATCH
           return_content: yes
           headers:
               X-F5-Auth-Token: "{{ token.json.token.name }}"
               Content-Type: "application/json"
           body_format: json
           body: ' {"apiAnonymous":{{ irule_combined_content|to_json }}} '
           validate_certs: no

    Hope this helps.