Forum Discussion
NimbostratusSideband usage opinions (please critique)
I was given an automation requirement form a development team using some java caching zzzzzzzzzz. what? oh, right...they wanted to be able to purge the cache via a script/rest call.
This call was a simple get. Here is what I came up with:
when HTTP_REQUEST {
log local0. "Client Accepted"
if { ([HTTP::uri] starts_with "/purge") } {
set context [split [HTTP::uri] "/"]
set i 3
set mycontext ""
while { [llength $context] > $i} {
set mycontext "$mycontext/[lindex $context $i]"
incr i
}
log local0. "$mycontext"
foreach poolmember [ active_members -list [lindex $context 2]] {
if {[catch {connect -timeout 1000 -idle 30 -status conn_status 10.0.0.1:443} conn_id] == 0 && $conn_id ne ""}{
set data "GET [string map {{ } :} $poolmember]:[lindex $context 2]:$mycontext HTTP/1.0\r\n\r\n"
set send_bytes [send -timeout 1000 -status send_status $conn_id $data]
if {[info exists "my_data"]}{
append my_data "sent $mycontext to $poolmember
\n"
} else {
set my_data "\nsent $mycontext to $poolmember
\n"
}
close $conn_id
} else {
log local0. "Connection could not be established to [IP::local_addr].[TCP::local_port]"
}
}
} else {
set fields [split [HTTP::uri] ":"]
log local0. "Recieved connection for: pool [lindex $fields 2] member [lindex $fields 0] [lindex $fields 1]"
HTTP::uri [lindex $fields 3]
pool [lindex $fields 2] member [lindex $fields 0] [lindex $fields 1]
}
}
when HTTP_RESPONSE {
HTTP::respond 200 content "Response Page$my_data"
}
It works, but, as always, I'm open to more efficient options.
8 Replies
Yann_DesmarestCirrus
Hello,
This is strange, this sideband connection should not work because you try to connect to a backend listening on 443 (normally https) : 10.0.0.1:443
In order to be able to connect to an https backend using sideband, you have to configure a layered Virtual Server listening on http (1.1.1.1:80) and assign a ssl server profile and the corresponding pool of https backends.
I think that the following lines could trigger errors in specific scenario because there is some case "my_data" stay undefined after the HTTP_REQUEST event : when HTTP_RESPONSE { HTTP::respond 200 content "$my_data" }
R_MarcThanks for the feedback. This is a work in progress, so I'm sure it'll morph.I intend to add ssl client authentication to the call, so the calls will be minimal and single threaded.
Rabbit23_116296@Yann - please if you could elaboare on exactly what is required. I could never get HTTPS to work with a sideband / layered virtual and i have another requirement for this.
Yann_Desmarest_Nacreous
Hello,
This is strange, this sideband connection should not work because you try to connect to a backend listening on 443 (normally https) : 10.0.0.1:443
In order to be able to connect to an https backend using sideband, you have to configure a layered Virtual Server listening on http (1.1.1.1:80) and assign a ssl server profile and the corresponding pool of https backends.
I think that the following lines could trigger errors in specific scenario because there is some case "my_data" stay undefined after the HTTP_REQUEST event : when HTTP_RESPONSE { HTTP::respond 200 content "$my_data" }
- R_MarcThanks for the feedback. This is a work in progress, so I'm sure it'll morph.I intend to add ssl client authentication to the call, so the calls will be minimal and single threaded.
- Rabbit23_116296@Yann - please if you could elaboare on exactly what is required. I could never get HTTPS to work with a sideband / layered virtual and i have another requirement for this.
- R_Marc
I should clarify. I created a non-ssl virtual to accept the sideband connection (what F5 calls a layered virtual).
- Kevin_Stewart
Employee
@Yann - please if you could elaboare on exactly what is required. I could never get HTTPS to work with a sideband / layered virtual and i have another requirement for this.
You cannot. Your internal layered VIP must not do SSL on the client side, though it can certainly do SSL on the server side.
