Forum Discussion
Nimbostratustmsh transaction script to delete list of disabled virtual servers, CANCEL transaction if any are status enabled
I recently performed an f5 virtual server and virtual-address migration of about 30 virtual servers to a new pair of f5's a few weeks ago. The final step is to remove all the old virtual servers and virtual addresses from the original f5 pair to clean up the config. To do the migration I used a simple b import of the new virtual servers/addresses on the new f5's, then I ran a shell script on each pair that enabled/disabled ARP and the virtual servers all at once. Below is a sample of the original script I used for enabling/disabling the virtual servers:
disable_arp_vs.sh
tmsh modify ltm virtual vip_SOL.blah.bleeh.local-https disabled
tmsh modify ltm virtual-address 192.168.99.160 arp disabled
tmsh modify ltm virtual vip_annotate.conversion.abc.xzy.local-http disabled
tmsh modify ltm virtual-address 192.168.99.40 arp disabled
tmsh modify ltm virtual vip_annotate.abc.xzy.local-http disabled
tmsh modify ltm virtual vip_annotate.abc.xzy.local-https disabled
tmsh modify ltm virtual-address 192.168.99.37 arp disabled
and the list goes on..
While I can simply do a Ctrl-H, replace modify with delete, and remove the arp disabled and disabled ending arguments and be done with it, doint a mass delete without any status check on the virtual servers and virtual addresses makes me nervous. My worker mentioned the ability to run a tmsh tcl script using the tmsh::begin_transaction, tmsh::cancel_transaction, and tmsh::commit_transaction commands can be utilized for this type of scenario so if any command fails, or a matching criteria fails (in this case, if any of the virtual servers of virtual-addresses from the list are status 'enabled', then cancel the transaction and output the virtual servers that failed the check and were enabled.
Now that I've explained the scenario, I'm not quit sure what the best approach would be to A) reference the list of virtual servers and virtual addresses the script needs to use to query each virtual server/virtual addresses status, and then B) cancel the transaction if any of them are status 'enabled', or C) none of the virtual servers/addresses are enabled, so run the following delete commands to delete all the virtual servers/addresses from the list, and then finally D) tmsh::commit_transaction to complete and save the configuration.
tmsh delete ltm virtual vip_SOL.blah.bleeh.local-https
tmsh delete ltm virtual-address 192.168.99.160
tmsh delete ltm virtual vip_annotate.conversion.abc.xzy.local-http
tmsh delete ltm virtual-address 192.168.99.40
tmsh delete ltm virtual vip_annotate.abc.xzy.local-http
tmsh delete ltm virtual vip_annotate.abc.xzy.local-https
tmsh delete ltm virtual-address 192.168.99.37
Here's what I have so far (which is basically at square one, ha). Bare with me, i've made irules, but never got completely into building a tmsh tcl script outside of irules and a few redimentary backup scripts..
BEGINNING OF SCRIPT
script delete_oldprod_virtuals.tcl {
I'd assume the below script would be some sort of list of the virtual servers and addresses we could use in conjuntion with the tmsh::include command? The problem is I only want to list the specific set of servers I want to remove, so how to I list just those virtual servers and addresses in the below TCL script to use later to check status and then delete them?
cli script list_oldprod_virtualservers.tcl {
proc create''http''profile { name } {
Not sure the best way to do this.. I could also have the list of VS's in another file that this TCL script calls on to list?
tmsh modify ltm virtual vip_SOL.blah.bleeh.local-https disabled
tmsh modify ltm virtual-address 192.168.99.160 arp disabled
tmsh modify ltm virtual vip_annotate.conversion.abc.xzy.local-http disabled
tmsh modify ltm virtual-address 192.168.99.40 arp disabled
tmsh modify ltm virtual vip_annotate.abc.xzy.local-http disabled
tmsh modify ltm virtual vip_annotate.abc.xzy.local-https disabled
tmsh modify ltm virtual-address 192.168.99.37 arp disabled
}
proc script::run { } {
NEed to somehow query the above list of VS's and VS addresses, and query for status. If status = enabled, then cancel the transaction!!
foreach { virtual } [tmsh::get_status ltm virtual] {
if { "available" ne [tmsh::get_field_value \
$virtual "virtual-server.status.availability-state"] } {
append down " " [tmsh::get_name $virtual] "\n"
}
}
So would I then start the transaction here?
tmsh::begin_transaction
tmsh delete ltm virtual vip_SOL.blah.bleeh.local-https
tmsh delete ltm virtual-address 192.168.99.160
tmsh delete ltm virtual vip_annotate.conversion.abc.xzy.local-http
tmsh delete ltm virtual-address 192.168.99.40
tmsh delete ltm virtual vip_annotate.abc.xzy.local-http
tmsh delete ltm virtual vip_annotate.abc.xzy.local-https
tmsh delete ltm virtual-address 192.168.99.37
I assume I need the cancel transaction command somewhere around here to cancel if any of the VS's are enabled?
if tmsh::get_status ltm virtual = "available"
tmsh::cancel_transaction
Otherwise commit transaction?
tmsh::commit_transaction
I found a few sample scripts using some of the various tmsh::x_transaction, tmsh::include, and tmsh::get_status commands which I think could all be a part of the ideal script.
tmsh::include:
https://devcentral.f5.com/wiki/TMSH.tmsh__include.ashx
tmsh::get_status:
https://devcentral.f5.com/wiki/TMSH.VirtualStat.ashx
delete LTM pools:
https://devcentral.f5.com/wiki/TMSH...mbers.ashx
remove irules from virtual servers:
https://devcentral.f5.com/wiki/TMSH...pleVS.ashx
