on 31-Mar-2021 08:46
Problem this snippet solves:
This script fetches the Azure IP Ranges (IPv4 and/or IPv6) JSON file from Microsoft's Azure IP Ranges and Service Tags page and dynamically creates and updates IPv4 and IPv6 data groups. These datagroups can be used to allow access from Azure. If the script is running on an HA pair of BIG-IPs then the script will also initiate a ConfigSync to push the updated configuration from the active BIG-IP to the standby BIG-IP.
By default the script is using the 'AzureTrafficManager' service tag, which will fill the IPv4 data group with Azure IP Ranges from which Azure Traffic Manager will perform the health tests.
NOTE: This script is based on work from Makoto Omura, F5 Networks Japan G.K, Regan Anderson, F5 Networks and Brett Smith, Principal Systems Engineer.
How to use this snippet:
bash
mkdir /shared/azure
Note: If not creating the directory as it is above, ensure you update the variables under System Options with the correct path.
python /shared/azure/datagroup_azure_update.py
cat /var/log/azure_update
This BIG-IP is HA STANDBY. Aborting Azure update.
tmsh create sys icall script azure_update_script definition { catch { exec python /shared/azure/datagroup_azure_update.py } }
Run once every 60 minutes (3600 seconds), starting now:
tmsh create sys icall handler periodic azure_update_handler script azure_update_script interval 3600
Run once every 24 hours (86400 seconds), starting on March 20, 2020 at 03:00:
tmsh create sys icall handler periodic azure_update_handler script azure_update_script interval 86400 first-occurrence 2020-03-20:03:00:00
tmsh save sys config
This concludes the steps required to install this script.
Tested this on version:
14.1