Remove iRule From Multiple Virtual Servers (Fork /w multiple partition support)
Problem this snippet solves:
Credits: Fork from https://devcentral.f5.com/codeshare?sid=310
The outlined script will detach an iRule from one or more virtual servers. I've added code to the original script, to allow the removal from one or more virtual servers across multiple partitions.
This script would search through the virtual server configuration of every partition and then detach the specified iRule from any virtual servers. The iRule itself would not become deleted from the system.
Cheers, Kai
How to use this snippet:
Script Output
[itacs@f5-02:Active:Standalone] tmp # tmsh run cli script file script.tcl /Common/iRule_2_Delete Crawling Partition: /Common Crawling VS : /Common/Default_Forward Finished VS: No Rules bound to the VS Crawling VS : /Common/VS_DNS_210 Finished VS: No Rules bound to the VS Crawling VS : /Common/VS_HTTPS_210 Finished VS: iRule_2_Delete is not bound to VS Crawling VS : /Common/VS_HTTPS_211 Finished VS: No Rules bound to the VS Crawling VS : /Common/VS_HTTP_210 Finished VS: iRule_2_Delete is getting removed from VS Crawling VS : /Common/VS_HTTP_211 Finished VS: iRule_2_Delete is getting removed from VS Crawling VS : /Common/VS_LDAPS_636 Finished VS: iRule_2_Delete is not bound to VS Crawling VS : /Common/VS_LDAP_389 Finished VS: iRule_2_Delete is not bound to VS Crawling VS : /Common/VS_RDP_211 Finished VS: iRule_2_Delete is not bound to VS Finished Partition: /Common Crawling Partition: /Other1 Crawling VS : /Other1/VS_HTTP_111 Finished VS: /Common/iRule_2_Delete is getting removed from VS Finished Partition: /Other1 Crawling Partition: /Other2 Crawling VS : /Other2/VS_HTTP_151 Finished VS: No Rules bound to the VS Finished Partition: /Other2 The provided iRule /Common/iRule_2_Delete was removed from the following virtuals: /Common/VS_HTTP_210 /Common/VS_HTTP_211 /Other1/VS_HTTP_111 [itacs@f5-02:Active:Standalone] tmp #
Code :
proc script::run {} {
if { $tmsh::argc != 2 } then {
puts "A single rule name must be provided"
exit
}
set qualified_rulename [lindex $tmsh::argv 1]
set vips_in_play ""
foreach partition [tmsh::get_config auth partition] {
set partition "/[tmsh::get_name $partition]"
puts "Crawling Partition: $partition"
tmsh::cd $partition
if { $qualified_rulename starts_with $partition } then {
set rulename [string range $qualified_rulename [expr { [string last "/" $qualified_rulename] + 1 } ] end]
} else {
set rulename $qualified_rulename
}
set vips [tmsh::get_config /ltm virtual]
tmsh::begin_transaction
foreach vip $vips {
puts "\tCrawling VS : $partition/[tmsh::get_name $vip]"
if { [tmsh::get_field_value $vip "rules" rules] == 0 } then {
puts "\tFinished VS: No Rules bound to the VS"
continue
}
if { [lsearch -exact $rules $rulename] == -1 } then {
puts "\tFinished VS: $rulename is not bound to VS"
continue
}
if { [llength $rules] < 2 } then {
puts "\tFinished VS: $rulename is getting removed from VS"
tmsh::modify /ltm virtual [tmsh::get_name $vip] rules none
} else {
puts "\tFinished VS: $rulename is getting removed from VS"
set id [lsearch -exact $rules $rulename]
set keepers [lreplace $rules $id $id]
tmsh::modify /ltm virtual [tmsh::get_name $vip] rules "{ $keepers }"
}
lappend vips_in_play "$partition/[tmsh::get_name $vip]"
}
tmsh::commit_transaction
puts "Finished Partition: $partition"
}
if { $vips_in_play ne "" } then {
puts "The iRule $rulename was removed from the following virtuals:"
foreach vip_in_play $vips_in_play {
puts "\t$vip_in_play"
}
} else {
puts "The iRule $rulename was not found on any virtual."
}
}Tested this on version:
12.0Updated Jun 06, 2023
Version 2.0
jba3126Cirrus
Kal, Nice work! Any suggestions how I might leverage this or something similar to remove a particular iRule from a list? I have a UAT & Prod change so I have to segment out the removal. The gear I'd run this on has both so I need to be selective hence wanting to run it through a list. Again nice work!
Regards,
/jeff
XterminatorNimbostratus
Hello, thanks for the script
Adapted it to contain also eventual keywords, in order to delete the specified iRule from Virtual Servers which have a specific naming convention (e.g. application.test.bank.com). Just contains one more IF-THEN clause:
proc script::run {} { if { $tmsh::argc != 2 } then { puts "A single rule name must be provided" exit } set qualified_rulename [lindex $tmsh::argv 1] set vips_in_play "" foreach partition [tmsh::get_config auth partition] { set partition "/[tmsh::get_name $partition]" puts "Crawling Partition: $partition" tmsh::cd $partition if { $qualified_rulename starts_with $partition } then { set rulename [string range $qualified_rulename [expr { [string last "/" $qualified_rulename] + 1 } ] end] } else { set rulename $qualified_rulename } set vips [tmsh::get_config /ltm virtual] tmsh::begin_transaction foreach vip $vips { if { $vip contains "KEYWORD" } then { puts "\tCrawling VS : $partition/[tmsh::get_name $vip]" if { [tmsh::get_field_value $vip "rules" rules] == 0 } then { puts "\tFinished VS: No Rules bound to the VS" continue } if { [lsearch -exact $rules $rulename] == -1 } then { puts "\tFinished VS: $rulename is not bound to VS" continue } if { [llength $rules] < 2 } then { puts "\tFinished VS: $rulename is getting removed from VS" tmsh::modify /ltm virtual [tmsh::get_name $vip] rules none } else { puts "\tFinished VS: $rulename is getting removed from VS" set id [lsearch -exact $rules $rulename] set keepers [lreplace $rules $id $id] tmsh::modify /ltm virtual [tmsh::get_name $vip] rules "{ $keepers }" } lappend vips_in_play "$partition/[tmsh::get_name $vip]" } } tmsh::commit_transaction puts "Finished Partition: $partition" } if { $vips_in_play ne "" } then { puts "The iRule $rulename was removed from the following virtuals:" foreach vip_in_play $vips_in_play { puts "\t$vip_in_play" } } else { puts "The iRule $rulename was not found on any virtual." } }Regards