cancel
Showing results for 
Search instead for 
Did you mean: 

11.3 tmsh cli for irule

sally_calvert_8
Nimbostratus
Nimbostratus

I have the following irule, and I need to get it into one tmsh cli (using the editor or the gui is not an option). I can enter it through the gui just fine. But when I prepend tmsh create on the front, I can't come up with a sequence which works. Any advice?

 

ltm rule /Common/SNAT2VIP { when CLIENT_ACCEPTED { set VirtualIP [clientside {IP::local_addr}] snat $VirtualIP } }

 

tmsh create ltm rule /Common/SNAT2VIP when CLIENT_ACCEPTED { set VirtualIP [clientside {IP::local_addr}] snat $VirtualIP }} Syntax Error: can't parse TCL script beginning with when CLIENT_ACCEPTED { set VirtualIP [clientside {IP::local_addr}] snat }}

 

[root@sgkdhlbxxxx003:Active] config

 

9 REPLIES 9

What_Lies_Bene1
Cirrostratus
Cirrostratus

I'm not sure if it has to be a one-liner? If not, try using tmsh edit ltm rule 'name' instead.

 

sally_calvert_8
Nimbostratus
Nimbostratus

yeah - it has to be a one liner..the folks who will be actually executing the change are (unskilled) . would using a unix redirect with the above edit command work?

 

What_Lies_Bene1
Cirrostratus
Cirrostratus

I've tried everything, can't seem to find a way, sorry.

 

sally_calvert_8
Nimbostratus
Nimbostratus

thanks for looking...

 

You're welcome

Kevin_Stewart
F5 Employee
F5 Employee

Okay, admittedly this is a little hokey, but it does work:

 

echo -e "ltm rule /Common/test_rule {\nwhen CLIENT_ACCEPTED {\n set VirtualIP [IP::client_addr]\n snat \$VirtualIP\n}\n}" > /var/tmp/test-rule & tmsh load sys config merge file /var/tmp/test-rule

The idea is that it creates a properly formatted iRule in a temporary file (including newlines) and then imports that into the config via merge.

 

MVA
Nimbostratus
Nimbostratus

This imports correctly into 11.4.1 HF3 - just dropped the step of adding the variable - not sure if that would work.

 

[xxxxx@BigIP:Active:Standalone] log tmsh create ltm rule /Common/SNAT2VIP when CLIENT_ACCEPTED {snat [clientside {IP::local_addr}]} [xxxxx@BigIP:Active:Standalone] log tmsh list ltm rule /Common/SNAT2VIP ltm rule SNAT2VIP { when CLIENT_ACCEPTED {snat [clientside {IP::local_addr}]} }

 

Hope that helps.

 

Hendry_Chandra_
Historic F5 Account

Hi ALL,

 

Actually the command can be multiple liner. Only the issue is: read-ability of the codes are terrible. Example iRules with normally written using iRules Editor:

 

[root@BigIP:Active:Standalone] config tmsh list ltm rule Eval_Command ltm rule Eval_Command { when HTTP_REQUEST { set Command [string map {/ " "} [HTTP::uri]] if { $Command eq " " } { HTTP::respond 200 content "Usage: /Command/Argument_1/Argument_2/Argument_3/.../Argument_N/\r\n" noserver "Connection" "Close" } else { HTTP::respond 200 content "$Command\r\n\r\n[eval $Command]\r\n\r\n<--- [clock format [clock seconds] -format "%Y-%m-%d %H:%M:%S"] --->\r\n" noserver "Connection" "Close" } } } [root@BigIP:Active:Standalone] config

with CLI (tmsh), you can write it as below:

 

[root@BigIP:Active:Standalone] config tmsh create ltm rule Test_iRules_CLI `echo "when HTTP_REQUEST { set Command [string map {/ \" \"} [HTTP::uri]] ; if { \\$Command eq \" \" } { HTTP::respond 200 content \"Usage: /Command/Argument_1/Argument_2/Argument_3/.../Argument_N/\\\r\\\n\" noserver \"Connection\" \"Close\" } else { HTTP::respond 200 content \"\\$Command\\\r\\\n\\\r\\\n[eval \\$Command]\\\r\\\n\\\r\\\n<--- [clock format [clock seconds] -format \"%Y-%m-%d %H:%M:%S\"] --->\\\r\\\n\" noserver \"Connection\" \"Close\" } }"` [root@BigIP:Active:Standalone] config

the result will be:

 

[root@BigIP:Active:Standalone] config tmsh list ltm rule Test_iRules_CLI ltm rule Test_iRules_CLI { when HTTP_REQUEST { set Command [string map {/ " "} [HTTP::uri]] ; if { $Command eq " " } { HTTP::respond 200 content "Usage: /Command/Argument_1/Argument_2/Argument_3/.../Argument_N/\r\n" noserver "Connection" "Close" } else { HTTP::respond 200 content "$Command\r\n\r\n[eval $Command]\r\n\r\n<--- [clock format [clock seconds] -format "%Y-%m-%d %H:%M:%S"] --->\r\n" noserver "Connection" "Close" } } } [root@BigIP:Active:Standalone] config

Hope the above helps.

 

mtaylornz
Nimbostratus
Nimbostratus

Hi All,

 

Hey just on this topic, just keen to highlight the possibility to use any of: CLI Scripting (edit cli script , then run cli script ) iCalls (edit sys icall script , then edit sys icall handler periodic ) iApps (edit in GUI)

 

In these scripting environments tmsh::create ltm rule work

 

eg simple irule in CLI scripting

 

modify script test_cli_script { proc script::init {} { }

 

proc script::run {} { tmsh::create ltm rule "test_irule" "when HTTP_REQUEST \{ log local0. \"test irule\" \}" }

 

proc script::help {} { }

 

proc script::tabc {} { } }