icall periodic handler
7 TopicsDisable Interface if Pool Member Availability Drops Below Threshold
Problem this snippet solves: This iCall script can be used to disable an interface (int 1.3 in this case) if the member availability of a pool drops below a certain threshold (70% in this example.) How to use this snippet: Implementation Details This iCall script requires v11.4 or higher. The script is called by a periodic handler, but could be converted to a triggered handler with some custom work in /config/user_alert.conf on the pool members. Code : ## Script ## sys icall script poolCheck.v1.0.0 { app-service none definition { set pn "/Common/pool4" set total 0 set usable 0 foreach obj [tmsh::get_status /ltm pool $pn detail] { #puts $obj foreach member [tmsh::get_field_value $obj members] { #puts $member incr total if { [tmsh::get_field_value $member status.availability-state] == "available" && \ [tmsh::get_field_value $member status.enabled-state] == "enabled" } { incr usable } } } if { [expr $usable.0 / $total] < 0.7 } { tmsh::log "Not enough pool members in pool $pn, interface 1.3 disabled" tmsh::modify /net interface 1.3 disabled } else { tmsh::log "Enough pool members in pool $pn, interface 1.3 enabled" tmsh::modify /net interface 1.3 enabled } } description none events none } ## Handler ## sys icall handler periodic poolCheck.v1.0.0 { first-occurrence 2014-09-16:11:00:00 interval 60 script poolCheck.v1.0.0 }587Views0likes5CommentsGenerate Config Backup
Problem this snippet solves: This iCall script is generated by included iApp and will archive the BIG-IP config at specified date/time. Supports scp to remote server. Key generation and instructions for remote server included in attachment. How to use this snippet: Implementation Details This iCall script requires v11.4 or higher.382Views0likes3CommentsAPM AD Site Awareness
Problem this snippet solves: This example iCall will keep an APM Active Directory AAA object and pool in lockstep with a particular Site construct in an AD domain. It's a periodic script and should probably be run no more than every 30 seconds (although it's fairly lightweight in operation). It requires two configuration entries to be set: ad_site: The name of the Active Directory site whose DCs you want to track (not case-sensitive). ad_aaa: The name of the AAA object to keep in sync; the domain name and pool will be read from the object. If you change the AD sitename configured in the iCall script, it will repopulate the existing object with the new site's DCs -- making it very easy to retarget your domain controller traffic. It will also notice when DCs are added or removed from an existing site. If someone adds a non-site entry manually to the configuration, it'll remove it. How to use this snippet: Implementation Details This iCall script requires v11.4 or higher. Code : sys icall script /Common/f5.ad_aaa_maintainer { app-service none definition { ################################################# ## ad_aaa object maintainer ## version 1.0 -jm ## - works best with a periodic run of no ## greater than 30 seconds ## ## CONFIGURATION ## ## Active Directory Site Name # Set the name of the AD Site whose domain controllers # you want to track for the AAA object. This name is not # case sensitive. set ad_site "seattle" ## Active Directory AAA Object # Set the name of the AAA object whose pool members you # wish to maintain. set ad_aaa "olympus-f5" ## ## MAIN ## tmsh::log_level notice tmsh::stateless enabled # Get the domain and pool from the AAA object. set ad_domain [tmsh::get_field_value [lindex [tmsh::get_config /apm aaa active-directory $ad_aaa] 0] "domain"] if { $ad_domain == "" } { tmsh::log_level alert tmsh::log "ad_aaa_maintainer: ERROR! This AD AAA object is not configured correctly or does not exist. Please verify your iCall settings." exit 1 } set ad_pool [tmsh::get_field_value [lindex [tmsh::get_config /apm aaa active-directory $ad_aaa] 0] "pool"] if { $ad_pool == "" } { tmsh::log_level alert tmsh::log "ad_aaa_maintainer: ERROR! This AD AAA object is not configured as a pool-type object. Please verify your iCall settings." exit 1 } # Find the site's members from the Kerberos SRV records. set ad_ipaddrs [exec -keepnewline -- /usr/bin/dig +short -q _kerberos._tcp.${ad_site}._sites.${ad_domain}. SRV | /bin/cut -c9- | /bin/sort | /bin/sed "s/.\$//"] # Create an array of site DCs discovered from DNS. foreach name ${ad_ipaddrs} { set addr [exec -- /usr/bin/dig +short -q $name A] set dns_member($name) $addr } # If nothing was discovered from DNS, then error out -- someone has # removed our site. Otherwise, create an array of DCs from the # AAA object configuration. if { [array size dns_member] > 0 } { set ad_config_serverlist [tmsh::get_field_value [lindex [tmsh::get_config /apm aaa active-directory $ad_aaa] 0] "domain-controllers"] foreach member $ad_config_serverlist { set config_member([lindex $member 1]) [lindex [lindex $member 2] 1] } # Compare the two arrays and find differences. set ilist1 [array names dns_member] set ilist2 [array names config_member] foreach idx $ilist1 { # If we don't have a config entry for a DNS-discovered DC, # then it must have joined the site. Add it. if {![info exists config_member($idx)]} { lappend retn_list $idx tmsh::log "ad_aaa_maintainer: Domain Controller joined site $ad_site. Added $idx ip $dns_member($idx)." tmsh::modify /apm aaa active-directory $ad_aaa domain-controllers add "{ $idx { ip $dns_member($idx) } }" tmsh::modify /ltm pool $ad_pool members add "{ $dns_member($idx):any }" continue } # If an existing config entry has a different value for IP # address than the DNS entry tells us, change it to the new # value. if {$dns_member($idx) != $config_member($idx)} { tmsh::log "ad_aaa_maintainer: Domain Controller changed addresses in site $ad_site. Modified AAA object $ad_aaa : $idx ip $dns_member($idx) - was $config_member($idx)." tmsh::modify /apm aaa active-directory $ad_aaa domain-controllers modify "{ $idx { ip $dns_member($idx) } }" tmsh::modify /ltm pool $ad_pool members remove "{ $config_member($idx):any }" tmsh::modify /ltm pool $ad_pool members add "{ $dns_member($idx):any }" lappend retn_list $idx } } # If we have an entry in the config that doesn't appear in # DNS then the DC has either left the site or someone is adding # things to the configuration. Remove it from the AAA object # and pool. foreach idx $ilist2 { if {![info exists dns_member($idx)]} { tmsh::log "ad_aaa_maintainer: Domain Controller left site $ad_site. Deleted $idx from AAA object $ad_aaa." tmsh::modify /apm aaa active-directory $ad_aaa domain-controllers delete "{ $idx }" tmsh::modify /ltm pool $ad_pool members delete "{ $config_member($idx):any }" } } } else { tmsh::log_level alert tmsh::log "ad_aaa_maintainer: ERROR! No pool members detected. Please check your sitename for errors." exit 1 } ## ################################################# } description none events none } sys icall handler periodic f5.ad_aaa_task { interval 30 script f5.ad_aaa_maintainer }336Views0likes1CommentPrioritize SharePoint Nodes on Reported Health
Problem this snippet solves: In SharePoint 2010 and 2013, the SharePoint web servers return a header named X-SharepointHealthScore that indicates the overall health of the server. This iCall script will query for that header value and change the ratio of the associated pool member so that new connections to the pool are distributed optimally across servers. The script also averages the ratios of all the pool members, and enables or disables appropriate member(s) when the average pool ratio crosses a lower or upper threshold, respectively. How to use this snippet: Implementation Details This iCall script requires v11.4 or higher. Code : 66807333Views0likes1CommentPool Sync from DNS
Problem this snippet solves: This is an iApp that collects some information from the user with the intent of keeping the members of a GTM or LTM pool object synchronized against the result of a DNS lookup. Users provide: name of the pool type: gtm or ltm if gtm, what datacenter it should be in what nameserver to query how often to query what hostnames to lookup what port to use when creating the pool members This creates a periodic handler that runs at the specified interval, using the results of "dig" against the specified nameserver for the hostnames to create/modify the specified pool. Note: For the sake of keeping the demo simple, the script doesn't handle error/empty/timeout responses from the nameserver. How to use this snippet: Implementation Details This iCall script requires v11.4 or higher.343Views0likes0CommentsGTM Monitor Weight Change
Problem this snippet solves: This iCall script can be used to change the virtual server score (VS Score) of an LTM virtual server that is being monitored by a Global Traffic Manager. Normally, when a virtual server has a default pool assigned, the GTM administrator would select the VS Capacity load balancing method to choose a virtual server based on the number of available pool members in the default pool. When there is no default pool (the pool assignment is being made by an iRule, for example), LTM does not associate the pool capacity information with the virtual server, and GTM cannot access it. This script will express the ratio of available pool members to total pool members as a percentage, and set the VS Score on the specified virtual server to that percentage, or set it to 1 if there are no pool members available. The GTM admin can then select VS Score as the GTM load balancing method. How to use this snippet: Implementation Details This iCall script requires v11.4 or higher. Code : ###periodic handler to run the script every 10 seconds ###tmsh command to disable script for maintenance, etc: modify sys icall handler periodic gtm_score_changer status inactive sys icall handler periodic gtm_score_changer_periodic { interval 10 script gtm_score_changer } ###script to change virtual server VS Score based on number of available pool members in an arbitrary pool (that is, not the default pool of the VS) ###this script will express the ratio of available pool members to total pool members as a percentage, and set the VS Score to that percentage or 1 if there are no pool members available sys icall script gtm_score_changer { app-service none definition { ###name of virtual server for which we will change VS Score ###replace icall_virtual with the name of your virtual server set vs icall_virtual ###get current VS Score for comparison set vs_list [tmsh::get_config ltm virtual $vs] if { [llength $vs_list] != 0 } { set vs_config [lindex $vs_list 0] } else { puts "virtual server not found" return 0 } set current_vs_score [tmsh::get_field_value $vs_config "gtm-score"] ###get number of pool members that are both enabled and healthy set enabled_count 0 ###replace icall_pool with the name of your pool set pool_list [[tmsh::get_config ltm pool icall_pool members] if { [llength $pool_list] != 0 } { set pool_members [lindex $pool_list 0] set total_count 0 } else { puts "pool not found" return 0 } ###iterate through pool members to get their state and health status foreach member [tmsh::get_field_value $pool_members "members"] { incr total_count set name [tmsh::get_name $member] set abled [tmsh::get_field_value $member "session"] set state [tmsh::get_field_value $member "state"] if { $abled eq "monitor-enabled" && $state eq "up" } { incr enabled_count } } ###convert integers to floating point numbers to calculate percentage set enabled_count [expr double($enabled_count)] set total_count [expr double($total_count)] if { $enabled_count != 0 } { ##divide number of available members by number of total members, convert to a percentage, then convert back to an integer for use in tmsh command set new_vs_score [expr (int(($enabled_count/$total_count)*100))] if { $current_vs_score != $new_vs_score } { ###modify VS Score on virtual server if score has changed tmsh::modify ltm virtual $vs gtm-score $new_vs_score puts "VS Score changed to: $new_vs_score." } else { puts "VS Score unchanged." } } else { ###since a gtm-score value is required, set VS Score to 1 if no pool members are available tmsh::modify ltm virtual $vs gtm-score 1 puts "No pool members available; VS Score is 1." } } description none events none }357Views0likes0Comments