A Catch from the Codeshare: Python iRule Deployments

On the side of the road in northern Missouri just north of Mark Twain’s stomping grounds, there is a slice of hillside removed just to the side of the highway. In Arkansas, there’s a nondescript field tucked away in a state park. Short of word of mouth and this thing they call the internet, you wouldn’t be any the wiser that buried or surfaced in these two locations are an amazing variety of geodes and diamonds, respectively. In this article series I will explore recent and well-aged gems from the codeshare, highlighting inventive solutions contributed by you, the community. Please join me on this great adventure as we oscillate on the Mohs’ scale of codeshare geekery.

Python iRule Deployments

My first foray into iControl was via Perl back in my customer days, and then my buddy Matt Cauthorn introduced me to python and the soap libraries (first zsi and then suds.) Since the REST interface was introduced in 11.5, I’ve been focusing most of my sample code there. But the SOAP interface is alive and well, and the bigsuds python library is a great tool.

Community member Manu-u has contributed a great utility to be able to quickly apply an existing iRule to any number of virtual servers. His use case was to drop an iRule to mitigate the ShellShock vulnerability and then apply that rule to all the appropriate virtual servers on his BIG-IP. His code works through the number of virtual servers, checking for priorities and profiles and building out the list of virtual servers needing the update.

count = 0
for vs in virtualservers:
asHttp_Profile = False
as_already_rule = False
check_priority = []
for profile in profiles[count]:
if profile["profile_type"] == "PROFILE_TYPE_HTTP":
asHttp_Profile = True
break
for rule in rules[count]:
check_priority.append(rule["priority"])
if rule["rule_name"] == new_rule:
as_already_rule = True
if asHttp_Profile and not as_already_rule:
vs_to_update.append(vs)
if check_priority:
rule_to_add.append({'rule_name': new_rule, 'priority': (max(check_priority) + 1)})
else:
rule_to_add.append({'rule_name': new_rule, 'priority': 0})
count += 1

After that list is populated, he then makes the updates.

count = 0
for vs in vs_to_update:
print "\n\nVS to change: %s" % vs
print "\tRule to add: %s" % rule_to_add[count]
try:
b.LocalLB.VirtualServer.add_rule([vs], [[rule_to_add[count]]])
except Exception, e:
print e
count +=1

This is a good step as all the updates are made in one call instead of issuing the update virtual b virtual, which would be far less efficient. For the full code, go check out Manu-u’s entry in the codeshare. For an alternative example in the REST interface, I wrote an article a while back with sample code accomplishing much the same task.