How can I get started with iCall
Hi all . Recently, I want to learn how to use iCall to do some automated operations work, but I haven't seen any comprehensive tutorials about iCall on askf5. Are there any good articles I can refer to for learning? Do I need to systematically learn Tcl first? I still have a question about iCall. What is the difference between using iCall and using shell scripts with scheduled tasks to achieve automated management and configuration of F5? Best Regards
Icall script argument
Hello! How I can translate to icall script argument from APM via iRule? Example. I want generate user certificate SSL via APM. I wrote bash script, but it should be called with two argument - UserName and UserDomain. Thank you! sys icall script gcc_script { app-service none definition { exec /home/root/scripts/certificates.sh $UserDN $DomainDN exec istats remove "GCC generate for UserDN" } description none events none }
Regular expression format in user_alert.conf
I'm trying to use iCall and an event from user_alert.conf to fail over a BIG-IP VE cluster if an arbitrary BGP neighbor goes down. I have the handler and script working just fine if the event only looks in my logs for a static phrase, but when I have it look for a regex instead, it no longer works. However, if I test in a tool like regex101 with my expression and a log entry, it matches just fine. Here's my user_alert.conf (sanitized of course) alert bgp_neighbor_down "neighbor 100.200.[0-9]{1,3}.[0-9]{1,3} Down" { exec command="tmsh generate sys icall event neighbordown context { { name protocol value bgp } }" } And one of the logs I'm trying to match on: 2024/06/20 15:04:32 informational: BGP : %BGP-5-ADJCHANGE: neighbor 100.200.30.4 Down BGP Notification CEASE If I then run imish and shut down a neighbor that should match that regex, the device I'm on stays active. Any thoughts on what else I can try?
Run a sync-config from iCall
Hi, I am wrinting a iCall which modify the configuration with tmsh::modify. I have a cluster of Big-IP so after the command tmsh::modify change the configuration, I have to run a config-sync. My question is how to run a config-sync from a iCall? I can not find any command unless maybe with exec. Thank you. Regards,
F5 LTM customized Packet cloning
Hello every body I have an application using SMPP, SMPP is TCP based protocol and it establish sessions to send traffic, SMPP has unique command IDs to Establish session and tear them up, below image is simple protocol flow: In below example in packet 8 in attached tcpdump, you will see under SMPP (Short Message Peer to Peer) layer a command ID: 0x00000009 which represent bind command (establish a connection/SMPP session). What I need to similar to customized clone pool concept but on pool member level and on certain condition, I need an iRule or may be an iCall procedure to check for SMPP bind command by scanning packet PDU, similar example is below: https://devcentral.f5.com/questions/balancing-smpp-traffic-based-on-recipient-address when CLIENT_ACCEPTED { set s_seq_idx 1 set first_bind_resp 1 set smsc1 set smsc2 TCP::collect } when CLIENT_DATA { while { [TCP::payload length] > 16 } { binary scan [TCP::payload] IH8IIa* len oper status seq p if { [TCP::payload length] < $len &&} // We need here to add check for bind command id as well { TCP::collect $len return } My challenge is to replicate SMPP bind packet to all available pool members in certain pool 😃 , Once SMPP Bind packet is replicated, as result we will get established SMPP sessions with all available pool members, and F5 LTM then will be able to load-balance other incoming traffic with all pool members as far as connection is established. If concept is OK, the rest is not challenging as we need to consider other bind command IDs to be replicated (0x00000001, 0x00000002 and 0x00000009), and of course we need to replicate unbind as well 0x00000006 if possible. Thank you so much in advance. Sincerely, SAMIcall, get availability status of gtm virtual server.
Hello everyone, I have an iCall script which checks the status of DNS VS and if the VS is offline the script will do something. Now I trying to check the status via next command: [tmsh::get_field_value [lindex [tmsh::get_status "/gtm server /Common/server virtual-servers { /Common/some_vs }"] 0] "status.availability-state"] But this command return the status of DNS server, not DNS VS. How I can take the status only DNS VS? Help needed! Thanks.
Alerts || Events triggered for audit logs too
Hi All, I had few custom alerts configured in /config/user_alert.conf like, so its looking for log message jaikumar in the ltm log, alert testing "jaikumar" { exec echo "Jai is doing testing" } But recently I noticed, the alerts are triggered for logs of audit too. It was my understanding that alertd daemon examines the /var/log/ltm logs alone. So everytime when I wanted to test it I used to run throw a message in ltm log - logger -p local0.notice "jaikumar" So when I ran a dummy command like, obviously the virtual does not exist, tmsh list ltm virtual jaikumar alertd examines the log message (jaikumar) from audit log & triggers the custom event action thats configured. Can someone confirm me if this behavior is normal, does alertd looks for every log messages. Can we restrict it ?how to set up variables in iCall?
I set up iCall to collect tcpdump at status "session status forced disabled" alert: alert POOL-MEMBER-DOWN "Pool (.*?) member (.*?):(.*?) session status forced disabled" { exec command="tmsh generate sys icall event tcpdump context none" } script: modify script tcpdump { app-service none definition { set date [clock format [clock seconds] -format "%Y%m%d%H%M%S"] exec tcpdump -ni any -s0 -w /var/dmp/${date}.dmp -c 100 host and port } description none events none } That works for one server. How set up this script for other servers but use one alert? I tried to other values for variables, but still don't work.
