A Catch from the Codeshare: Removing iRules from Multiple Virtual Servers

On the side of the road in northern Missouri just north of Mark Twain’s stomping grounds, there is a slice of hillside removed just to the side of the highway. In Arkansas, there’s a nondescript field tucked away in a state park. Short of word of mouth and this thing they call the internet, you wouldn’t be any the wiser that buried or surfaced in these two locations are an amazing variety of geodes and diamonds, respectively. In this article series I will explore recent and well-aged gems from the codeshare, highlighting inventive solutions contributed by you, the community. Please join me on this great adventure as we oscillate on the Mohs’ scale of codeshare geekery.

Removing iRules from Multiple Virtual Servers

This contribution from community member Kai Wilke is not only cool because we’re taking a pause from some of the excellent iRules and iControl samples to feature a tmsh script, but it’s extra special because it’s second growth! Kai forked an existing codeshare entry and added partition support to it. This script takes an iRule name as command line input and crawls through the define partitions to delete the iRule from any virtual servers where it is applied. The first argument in any tmsh script is the script name and in this script, it’s looking for a second argument in the iRule name and exits otherwise. After setting a variable with the iRule name and another variable to hold the list of virtual servers where the iRule is applied, it iterates through the defined partitions. Within that loop, it enters the respective partition and starts a transaction after prepping more variables. Within the transaction, it iterates through the virtual servers in another loop and modifies each applicable one to strip the iRule.

proc script::run {} {
    if { $tmsh::argc != 2 } then {
        puts "A single rule name must be provided"
    set qualified_rulename [lindex $tmsh::argv 1]
    set vips_in_play ""
    foreach partition [tmsh::get_config auth partition] {
        set partition "/[tmsh::get_name $partition]"
        puts "Crawling Partition: $partition"
        tmsh::cd $partition
        if { $qualified_rulename starts_with $partition } then {
            set rulename [string range $qualified_rulename [expr { [string last "/" $qualified_rulename] + 1 } ] end]
        } else {
            set rulename $qualified_rulename
        set vips [tmsh::get_config /ltm virtual]
        foreach vip $vips {
            puts "\tCrawling VS : $partition/[tmsh::get_name $vip]"
            if { [tmsh::get_field_value $vip "rules" rules] == 0 } then {
                puts "\tFinished VS: No Rules bound to the VS"
            if { [lsearch -exact $rules $rulename] == -1 } then {
                puts "\tFinished VS: $rulename is not bound to VS"
            if { [llength $rules] < 2 } then {
            puts "\tFinished VS: $rulename is getting removed from VS"
            tmsh::modify /ltm virtual [tmsh::get_name $vip] rules none
            } else {
            puts "\tFinished VS: $rulename is getting removed from VS"
                set id [lsearch -exact $rules $rulename]
                set keepers [lreplace $rules $id $id]
                tmsh::modify /ltm virtual [tmsh::get_name $vip] rules "{ $keepers }"
            lappend vips_in_play "$partition/[tmsh::get_name $vip]"
        puts "Finished Partition: $partition"
    if { $vips_in_play ne "" } then {
        puts "The iRule $rulename was removed from the following virtuals:"
        foreach vip_in_play $vips_in_play {
            puts "\t$vip_in_play"
    } else {
        puts "The iRule $rulename was not found on any virtual."

Thanks Kai for the contribution, cool stuff!

Technorati Tags: iRules, tmsh, devops, big-ip

Published Apr 25, 2016
Version 1.0

Was this article helpful?