Forum Discussion

kman_52500's avatar
kman_52500
Icon for Nimbostratus rankNimbostratus
May 16, 2012

replacing defined iRules for a vip

I'm trying to update the list of iRules on a virtual but I don't want to delete then add because that leaves the virtual without any rules temporarily.

 

I've opened an enhancement request to add a set call that would allow you to set what rules you want and have it replace all rules with the new list, but as usually I get the response of "it's logged as a request, we have no ETA on when it will be put in" which seems to always translate into never.

 

 

Sorry for the rant, just a little frustrated.

 

dev
devops
iControl

6 Replies

Sort By
  • George_Watkins_'s avatar
    George_Watkins_
    Historic F5 Account
    May 17, 2012
    kman,

     

     

    This can already be done from the web UI and tmsh. From the web UI you can edit the assign rules and place them in any order you like, then update the virtual. tmsh offers the equivalent functionality of "replace with" from the web UI (see below).

     

    test-ltm-01(Active)(/Common)(tmos) list /ltm virtual test-http-virtual-02.element.local 
 ltm virtual test-http-virtual-02.element.local { 
     destination 10.84.3.227:http 
     ip-protocol tcp 
     mask 255.255.255.255 
     pool test-ubuntu-lucid_http 
     profiles { 
         http { } 
         tcp { } 
     } 
     rules { 
         xml-to-http-header 
     } 
     snat automap 
     vlans-disabled 
 }
    test-ltm-01(Active)(/Common)(tmos) modify /ltm virtual test-http-virtual-02.element.local rules { exp_backoff vip-target-vip sqrt math }
    results in:

     

    test-ltm-01(Active)(/Common)(tmos) list /ltm virtual test-http-virtual-02.element.local 
 ltm virtual test-http-virtual-02.element.local { 
     destination 10.84.3.227:http 
     ip-protocol tcp 
     mask 255.255.255.255 
     pool test-ubuntu-lucid_http 
     profiles { 
         http { } 
         tcp { } 
     } 
     rules { 
         exp_backoff 
         vip-target-vip 
         sqrt 
         math 
     } 
     snat automap 
     vlans-disabled 
 }
    I agree that historically it would have been nice to have a method to do this, but it isn't necessary in version 11. This behavior can be implemented with iControl transactions, which were introduced in version 11. The idea is that you start a transaction, execute iControl calls as you normally would, then submit the transaction. Action will only be taken if all the commands will execute correctly. The transaction will cause the iControl commands to be executed in parallel and should not impact your users (unless of course they were dependent on the iRules that you remove). Here is an article I wrote on transactions when we launched version 11: v11 iControl: Transactions. In the next post is a code sample written in Java provide the functionality you are requesting.

     

     

    Best regards,

     

     

     

    George

     

  • George_Watkins_'s avatar
    George_Watkins_
    Historic F5 Account
    May 17, 2012
    package com.f5se.examples;

import iControl.services.LocalLBVirtualServerVirtualServerRule;

import java.rmi.RemoteException;
import java.util.ArrayList;
import java.util.Collections;
import java.util.HashMap;
import java.util.List;

import javax.xml.rpc.ServiceException;

public class ReplaceRulesWith {

/**
 * @param args
 */
public static void main(String[] args) {
// iControl connection parameters
HashMap bigipConn = new HashMap();
bigipConn.put("address", "test-ltm-ve-03.element.local");
bigipConn.put("username", "admin");
bigipConn.put("password", "admin");

// virtual server name
String virtualServerName = "test-http-virtual-01.element.local";

// list of iRules on virtual server
List newRuleList = new ArrayList();
newRuleList.add("exp_backoff");
newRuleList.add("math");
newRuleList.add("sqrt");

int ruleCount = newRuleList.size();

// Collect new list of rules and priorities and place in LocalLBVirtualServerVirtualServerRule type
LocalLBVirtualServerVirtualServerRule[][] newRuleStruct = new LocalLBVirtualServerVirtualServerRule[1][ruleCount];

// Reverse list so that rules are added in the correct order
Collections.reverse(newRuleList);

int i = 0;

for(String ruleName : newRuleList) {
newRuleStruct[0][i] = new LocalLBVirtualServerVirtualServerRule();
newRuleStruct[0][i].setRule_name(ruleName);
newRuleStruct[0][i].setPriority(i);
i++;
}

// Configure iControl interface
iControl.BigIP bigip = new iControl.BigIP(bigipConn.get("address"), bigipConn.get("username"), bigipConn.get("password"));
bigip.setIgnoreInvalidCert(true);

try {
bigip.SystemSession().start_transaction();
bigip.LocalLBVirtualServer().remove_all_rules(new String[] { virtualServerName});
bigip.LocalLBVirtualServer().add_rule(new String[] { virtualServerName }, newRuleStruct);
bigip.SystemSession().submit_transaction();
} catch (RemoteException e) {
e.printStackTrace();
} catch (ServiceException e) {
e.printStackTrace();
}
}
}
  • kman_52500's avatar
    kman_52500
    Icon for Nimbostratus rankNimbostratus
    May 17, 2012
    web gui an tmsh don't really get me mutch here, sure it works as a one-off, but not for automated remote administration.

     

    The transactions sound like they might work, but I would have to test. It looks like at some level it would still happen as a remove then add and not a replace.

     

    I'll have to wait until we decide to jump to v11 to try that, untill then, I think I'm SOL

     

     

  • smp_86112's avatar
    smp_86112
    Icon for Cirrostratus rankCirrostratus
    Jun 28, 2012
    set what rules you want and have it replace all rules with the new list

     

     

    Doesn't the add_rule function replace all existing rules? My recollection is that this is how it works.
  • kman_52500's avatar
    kman_52500
    Icon for Nimbostratus rankNimbostratus
    Jun 28, 2012
    No, like it's name indicates, it adds/appends the rules to the existing list and you can indicate a priotiry wich specifies it's position in the list.