For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Periodic iCall script to auto-generate NodeIP-to-NodeName datagroup

Problem this snippet solves:

Hi Folks,

the iCall script and handler below can be used to auto-generate a NodeIP-to-NodeName datagroup on scheduled intervals. The auto-generate datagroup can then be used to resolve the 

[LB::server addr]
output to the coresponsing node name label using the 
[class match -value]
syntax.

Cheers, Kai

How to use this snippet:

  1. Tweak the periodic intervals (in seconds) of the iCall handler as needed.
  2. Import the provided iCall script and handler using the tmsh load config merge from-terminal syntax
  3. Take a look to the configured data-groups and LTM logfiles to verify the results.
  4. Use 
    [class match -value [LB::server addr] DG_IP_2_NODENAME]
    within an iRule to resolve the name of a selected pool member.

Code :

sys icall script DataGroup_NodeIP_to_NodeName {
    app-service none
    definition {
        set nodelist ""
        set nodecounter 0
        # tmsh::log "iCall: Starting to enumerate existing node objects..."
        foreach partition [tmsh::get_config auth partition] {
            set partition "/[tmsh::get_name $partition]"
            # tmsh::log "iCall: Processing Partition: $partition"
            tmsh::cd $partition
            set nodes [tmsh::get_config /ltm node]
            foreach node $nodes {
                # tmsh::log "Processing Node : $partition/[tmsh::get_name $node]"
                append nodelist "\"[tmsh::get_field_value $node "address"]\" \{ data \"[tmsh::get_name $node]\" \}\n"
                incr nodecounter
            }
            # tmsh::log "Finished Partition: $partition"
        }
        tmsh::cd "/Common"
        if { not ([tmsh::list /ltm data-group] contains "ltm data-group internal DG_IP_2_NODENAME") } then {
            tmsh::log "iCall: Created the data-group \"DG_IP_2_NODENAME\"."
            tmsh::create /ltm data-group internal "DG_IP_2_NODENAME" type "string"
        } else {
            # tmsh::log "iCall: The DataGroup does exist."
        }
        eval "tmsh::modify /ltm data-group internal DG_IP_2_NODENAME \{ records replace-all-with \{ $nodelist \} \}"
        tmsh::log "iCall: Updated the data-group DG_IP_2_NODENAME with \"$nodecounter\" entries."
    }
    description none
    events none
}
sys icall handler periodic DataGroup_NodeIP_to_NodeName {
    first-occurrence 2016-09-12:00:00:00
    interval 60
    script DataGroup_NodeIP_to_NodeName
}

Tested this on version:

12.0
Updated Jun 06, 2023
Version 2.0
data-group
devops
Kai_Wilke's avatar
Icon for MVP rankMVP
My name is Kai Wilke and I'm working as a Principal Consultant for IT-Security at itacs GmbH - a German consulting company specialized in Microsoft Security cloud solutions, F5 customizations as well as for classic IT-Consulting. You can find additional information about me and my work here: https://devcentral.f5.com/articles/q-a-with-itacs-gmbhs-kai-wilke-devcentrals-featured-member-for-february-24890
View Profile

1 Comment

  • JoshBecigneul's avatar
    JoshBecigneul
    Icon for MVP rankMVP
    Sep 01, 2023

    Was practicing trying to use this on 15.1.3.1 (in my lab) and running into this error:

    Script (/Common/NodeList_2_Datagroup) generated this Tcl error: (script did not successfully complete: ("10.10.101.1" unknown property

    Don't know quite enough about iCall to diagnose, maybe Kai_Wilke could hook us up with a fix? 🙂