data-group

8 Topics

Periodic iCall script to auto-generate NodeIP-to-NodeName datagroup
Problem this snippet solves: Hi Folks, the iCall script and handler below can be used to auto-generate a NodeIP-to-NodeName datagroup on scheduled intervals. The auto-generate datagroup can then be used to resolve the [LB::server addr] output to the coresponsing node name label using the [class match -value] syntax. Cheers, Kai How to use this snippet: Tweak the periodic intervals (in seconds) of the iCall handler as needed. Import the provided iCall script and handler using the tmsh load config merge from-terminal syntax Take a look to the configured data-groups and LTM logfiles to verify the results. Use [class match -value [LB::server addr] DG_IP_2_NODENAME] within an iRule to resolve the name of a selected pool member. Code : sys icall script DataGroup_NodeIP_to_NodeName { app-service none definition { set nodelist "" set nodecounter 0 # tmsh::log "iCall: Starting to enumerate existing node objects..." foreach partition [tmsh::get_config auth partition] { set partition "/[tmsh::get_name $partition]" # tmsh::log "iCall: Processing Partition: $partition" tmsh::cd $partition set nodes [tmsh::get_config /ltm node] foreach node $nodes { # tmsh::log "Processing Node : $partition/[tmsh::get_name $node]" append nodelist "\"[tmsh::get_field_value $node "address"]\" \{ data \"[tmsh::get_name $node]\" \}\n" incr nodecounter } # tmsh::log "Finished Partition: $partition" } tmsh::cd "/Common" if { not ([tmsh::list /ltm data-group] contains "ltm data-group internal DG_IP_2_NODENAME") } then { tmsh::log "iCall: Created the data-group \"DG_IP_2_NODENAME\"." tmsh::create /ltm data-group internal "DG_IP_2_NODENAME" type "string" } else { # tmsh::log "iCall: The DataGroup does exist." } eval "tmsh::modify /ltm data-group internal DG_IP_2_NODENAME \{ records replace-all-with \{ $nodelist \} \}" tmsh::log "iCall: Updated the data-group DG_IP_2_NODENAME with \"$nodecounter\" entries." } description none events none } sys icall handler periodic DataGroup_NodeIP_to_NodeName { first-occurrence 2016-09-12:00:00:00 interval 60 script DataGroup_NodeIP_to_NodeName } Tested this on version: 12.0
Kai_Wilke
Sep 01, 2023 Place CodeShare
697Views
0likes
1Comment
List single record from data-group on CLI
I'm trying to query the data of a particular record within a data-group via the command line. However when I pass in the record name it still returns all records. user1@LTM1:Active:Changes Pending] ~ # tmsh list ltm data-group internal ants_test_dg records { record_one } ltm data-group internal ants_test_dg { records { record_one { data value_one } record_three { data value_three } record_two { data value_two } } } I'm sure there must be a simple thing I'm missing here, could someone please advise? Many thanks Ant
Anthony
Jun 05, 2023 Place Technical Forum
288Views
0likes
2Comments
Print string found in Data Group to Log
I have an iRule that is looking in the HTTP POST request method data payload for a string that is defined in a data-group. I would like to print to the log whichever string from the referenced data-group is found. # See https://devcentral.f5.com/s/question/0D51T00006i7hpJSAQ/irule-to-block-requests-with-specific-word # #ltm data-group internal restricted_dg { #records { #restricted {} #} #type string #} when HTTP_REQUEST_DATA { set payload [HTTP::payload] if {[class match [string tolower $payload] contains "restricted_dg"]} { # set variable named restricted_text to the string found in $payload # that matches something in data-group restricted_dg log local0. "Rejecting restricted content $restricted_text" reject } }
spiv
Apr 28, 2020 Place Technical Forum
505Views
1like
2Comments
Controlling Bots
Problem this snippet solves: Webbots, you can't live with them, you can't live without them... This iRule determines if a webbot is accessing your systems and assigns them to a lower priority resource. The first example includes the bot list inside the rule and uses the switch statement to find a match. Code : when HTTP_REQUEST { switch -glob [string tolower [HTTP::header User-Agent]] { "*scooter*" - "*slurp*" - "*msnbot*" - "*fast-*" - "*teoma*" - "*googlebot*" { # Send bots to the bot pool pool slow_webbot_pool } default { # Send all other requests to a default pool pool default_pool } } } ### or if you prefer data groups ### ---- String Class ---- class bots { "scooter" "slurp" "msnbot" "fast-" "teoma" "googlebot" } ---- iRule ---- when HTTP_REQUEST { if { [matchclass [string tolower [HTTP::header User-Agent]] contains $::bots] } { pool slow_webbot_pool } else { pool default_pool } } Tested this on version: 10.0
bwolmarans_1284
Mar 06, 2017 Place CodeShare
590Views
0likes
1Comment
Alerts for data-group changes
I'd like to receive alerts when members of a data group are added or removed. Is there anyway to get some type of notification sent to an endpoint when one of these actions occurs? I'm using the events notification and subscription components of iControl for network changes like virtual server enables/disables but unfortunately data-group/class membership changes don't trigger an event to be sent to my endpoint.
caulfig_287171
Nov 07, 2016 Place Technical Forum
154Views
0likes
0Comments
Data-Group Event Notifications
Hi, I've implemented the EventNotification interface and can see events on my devices such as enable/disables. Is there a way to also see events from adding or deleting objects on LTM devices from data groups?
caulfig_287171
Sep 06, 2016 Place Technical Forum
212Views
0likes
1Comment
Data Group String Wildcard?
We just upgraded a pair of 8900's from v10.2.1 with v11.4.1 HF3 and noticed our data-group string list became unusable. We have been unable to edit or add any entry in the data-group after the upgrade. We called support and they advised us to use an External Data Group list and that isn't working at all. We've finally figured out a way to utilize the String/Value datagroup by simply adding an entry in both the String and Value section. For example, we added www.abc.com with the same syntax string in both areas "String" and "Value" and it works! Unfortunately now, we ran into another issue which we are not able to use wildcard values? For example, we get an error when we use a syntax with variable like "*" like *.abc.com. We were able to use this value before the upgrade, did something change in the new version 11.x? Please advise?
JCMATTOS_41723
Feb 26, 2015 Place Technical Forum
734Views
0likes
2Comments
Variable Length URI Lookup
Problem this snippet solves: This iRule uses findclass to perform class lookup for URI's of varying path length, returning the value for the longest path matched. This example uses the lookup value for pool selection, but of course could be modified to send a redirect perform some other appropriate action. This rule should only be used on v9. If using v10 or v11, it's recommended to use "class match" instead of findclass. Code : when HTTP_REQUEST { set lookup [HTTP::path] set i 1 while { $i > 0 }{ set myPool [findclass $lookup $::myPools " "] if {$myPool != ""}{ pool $myPool # log local0. "Path: [HTTP::path] Pool: $myPool" break } else { set i [string last "/" [string range $lookup 0 [expr [string length $lookup]-2]]] set lookup [string range $lookup 0 $i] } } } ### Required Class: ### # (Note all paths are represented twice, once with a trailing slash and once without. # That format is critical for proper functioning of the iRule above if legal URI's for which # the match must succeed may be submitted without the trailing slash.) class myPools { "/this pool6" "/this/ pool6" "/this/is pool5" "/this/is/ pool5" "/this/is/my pool4" "/this/is/my/ pool4" "/this/is/my/path pool3" "/this/is/my/path/ pool3" "/this/is/my/path/ok pool2" "/this/is/my/path/ok/ pool2" "/this/is/my/path/ok/file.html pool1" } Tested this on version: 9.0
Deb_Allen_18
Jan 30, 2015 Place CodeShare
415Views
0likes
1Comment