Forum Discussion
modify/edit irule using ansible
Hi,
My question is how to edit/modify existing irule using ansible automatically. Please help me by pointing to code or module to do so.
I have existing irules which are needed to be edited/modified frequently. So, I'm automating it using ansible. I have found code to create and delete irule using ansible but it dont have option to edit. Please help me.
Thanks in advance,
Ahmed Wajid
Hello.
There is only one module to deal with iRules ->
https://docs.ansible.com/ansible/2.4/bigip_irule_module.html
From clouddocs perspective ->
https://clouddocs.f5.com/products/orchestration/ansible/devel/modules/bigip_irule_module.html
https://clouddocs.f5.com/training/community/gsts/html/class1/module3/lab07.html
KR,
Dario.
- AhmedBaigNimbostratus
Thanks for your reply Dario. What I want is actually to edit/modify existing irules. I have seen this before its not so clear how to modify or edit existing irules. Or even If I want to take existing irule edit and recreate it.
Please help me.
Thanks in advance,
Ahmed
Hi Ahmed,
Ansible is a state machine. It will deploy a configuration with or without an iRule. The state option on the link provided by Dario hints at this. There is no such thing as edit. You would redeploy the iRule again to overwrite the old one. I would just run the playbook again with an updated file and see if it updates the F5's active configuration.
Totally agree with Kevin. It's a redeployment.
- AhmedBaigNimbostratus
But I'm not able to write code for it. Can somebody please help me? I'm newbie.
Thanks in advance
- AhmedBaigNimbostratus
Hi , , Kindly please help me with code for redeployment. Please help me.
Thanks in advance,
Ahmed
I've already shared with you an example of using
https://clouddocs.f5.com/products/orchestration/ansible/devel/modules/bigip_irule_module.html
Did you try it?
KR,
Dario.
- AhmedBaigNimbostratus
Hi Dario,
My understanding now is with ansible it is not possible to modify/update existing irule. Is it possible in some other tools like tcl etc? Or do we have REST api for this?
Thanks in advance,
Ahmed
- JRahmAdmin
Hi AhmedBaig, ansible does the config management well, you give it an irule and it updates it. If you are asking about using an offline editor to pull down an irule, edit it on the fly, and "save" which updates the iRule on the BIG-IP, you can use the Eclipse plugin for that, or you can use the rest API to update the contents of an iRule directly. In fact, I even wrote a little demo app in python's flask environment that you can use a local docker container to edit your iRules with. Let me know which direction you are seeking and I'll point you to the right resources.
Update:
Example using the API with python below. That said, doing it this way is really no different than using ansible as you are not interactively changing the irule. You update it in a file and then use the API to push the update.
import requests, json def create_rule(bsess, burl, name, code): payload = {} payload['name'] = name payload['apiAnonymous'] = code bsess.post('%s/ltm/rule/' % burl, data=json.dumps(payload)) print('Rule %s created...' % name) b = requests.session() b.auth = ('admin', 'admin') b.verify = False b.headers.update({'Content-Type' : 'application/json'}) b_url = 'https://192.168.102.5/mgmt/tm' with open('myirule.tcl', 'r') as irule: mycode = irule.read() irule.close() create_rule(b, b_url, 'myirule', mycode)
- Stefan_EngelCirrus
Hi,
I've had a similar challenge and used a combination of REST and Ansible modules, but everything called from Ansible.
In our case its imply to append an additional line to an existing irule for redirects of short names.
- name: Test F5 hosts: localhost gather_facts: no become_method: runas vars: provider: user: '{{ f5_username }}' password: '{{ f5_password }}' server: '{{ f5_server }}' server_port: 443 validate_certs: no irule_add: 'vanitytestxx05' irule_add_content: "if { ([HTTP::host] eq \"{{ irule_add }}\")} {\n HTTP::redirect https://test.com\n }\n}" tasks: - name: Request F5 token uri: url: "https://{{provider.server}}/mgmt/shared/authn/login" method: POST force_basic_auth: yes return_content: yes body_format: json body: username: "{{ provider.user }}" password: "{{ provider.password }}" loginProviderName: "tmos" validate_certs: no register: token until: token is success - name: Get current irule content uri: url: "https://{{provider.server}}/mgmt/tm/ltm/rule/~Common~VANITY_irule" method: GET return_content: yes headers: X-F5-Auth-Token: "{{ token.json.token.name }}" Content-Type: "application/json" validate_certs: no register: irule_current until: irule_current is success - name: List irule content set_fact: irule_current_content: "{{ irule_current.json.apiAnonymous | regex_replace('}$', '')}}" # list content of irule "apiAnonymous" and remove last } in order to append new content - name: Add content to current irule set_fact: irule_combined_content: '{{ irule_current_content }} {{ irule_add_content }}' - name: ADD iRules to F5 bigip_irule: provider: "{{item}}" module: "ltm" name: "VANITY_irule" content: "{{ irule_combined_content }}"
Additionally you could use REST for updating the irule instead of the bigip_irule module.
- name: Update irule uri: url: "https://{{provider.server}}/mgmt/tm/ltm/rule/~Common~VANITY_irule" method: PATCH return_content: yes headers: X-F5-Auth-Token: "{{ token.json.token.name }}" Content-Type: "application/json" body_format: json body: ' {"apiAnonymous":{{ irule_combined_content|to_json }}} ' validate_certs: no
Hope this helps.
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com