BIG-IP LTM VE: Transfer your iRules in style with the iRule Editor
The new LTM VE has opened up the possibilities for writing, testing and deploying iRules in a big way. It’s easier than ever to get a test environment set up in which you can break things develop to your heart’s content. This is fantastic news for us iRulers that want to be doing the newest, coolest stuff without having to worry about breaking a production system. That’s all well and good, but what the heck do you do to get all of your current stuff onto your test system? There are several options, ranging from copy and paste (shudder) to actual config copies and the like, which all work fine. Assuming all you’re looking for though is to transfer over your iRules, like me, the easiest way I’ve found is to use the iRule editor’s export and import features. It makes it literally a few clicks and super easy to get back up and running in the new environment. First, log into your existing LTM system with your iRule editor (you are using the editor, right? Of course you are…just making sure). You’ll see a screen something like this (right) with a list of a bagillionty iRules on the left and their cool, color coded awesomeness on the right. You can go through and select iRules and start moving them manually, but there’s really no need. All you need to do is go up to the File –> Archive –> Export option and let it do its magic. All it’s doing is saving text files to your local system to archive off all of your iRuley goodness. Once that’s done, you can then spin up your new LTM VE and get logged in via the iRule editor over there. Connect via the iRule editor, and go to File –> Archive –> Import, shown below. Once you choose the import option you’ll start seeing your iRules popping up in the left-hand column, just like you’re used to. This will take a minute depending on how many iRules you have archived (okay, so I may have more than a few iRules in my collection…) but it’s generally pretty snappy. One important thing to note at his point, however, is that all of your iRules are bolded with an asterisk next to them. This means they are not saved in their current state on the LTM. If you exit at this point, you’ll still be iRuleless, and no one wants that. Luckily Joe thought of that when building the iRule editor, so all you need to do is select File –> Save All, and you’ll be most of the way home. I say most of the way because there will undoubtedly be some errors that you’ll need to clean up. These will be config based errors, like pools that used to exist on your old system and don’t now, etc. You can either go create the pools in the config or comment out those lines. I tend to try and keep my iRules as config agnostic as possible while testing things, so there aren’t a ton of these but some of them always crop up. The editor makes these easy to spot and fix though. The name of the iRule that’s having a problem will stay bolded and any errors in that particular code will be called out (assuming you have that feature turned on) so you can pretty quickly spot them and fix them. This entire process took me about 15 minutes, including cleaning up the code in certain iRules to at least save properly on the new system, and I have a bunch of iRules, so that’s a pretty generous estimate. It really is quick, easy and painless to get your code onto an LTM VE and get hacking coding. An added side benefit, but a cool one, is that you now have your iRules backed up locally. Not only does this mean you’re double plus sure that they won’t be lost, but it means the next time you want to deploy them somewhere, all you have to do is import from the editor. So if you haven’t yet, go download your BIG-IP LTM VE and get started. I can’t recommend it enough. Also make sure to check out some of the really handy DC content that shows you how to tweak it for more interfaces or Joe’s supremely helpful guide on how to use a single VM to run an entire client/LTM/server setup. Wicked cool stuff. Happy iRuling. #Colin
Editor doesn' t work with HTTP proxy that requires authentication
It appears that the editor does not work with ISA HTTP proxy when authentication is needed. When the editor starts up, it issues the request GET http://devcentral.f5.com/apps/iRuler/iRuler.application HTTP/1.1 And our proxy replies with HTTP/1.1 407 Proxy Authentication Required ( The ISA Server requires authorization to fulfill the request. Access to the Web Proxy filter is denied. ) The editor doesn't attempt to authenticate. I'm still able to use the editor, I just don't get the templates and cannot check for updates. -AlDoes editor support GTM iRules
I launched the editor and connected to my GTM to do a little investigation and noticed that the iRule I have defined in the GTM aren't populated in the editor. When I paste this working GTM rule into the editor, it gives an error (pasted below the rule). when LB_SELECTED { log "LDNS [IP::client_addr] assigned to [LB::server addr] for request [DNS::rrname]" } line 2: [ltm_rule_L4 feature not licensed] [LB::server addr] line 2: [undefined procedure: DNS::rrname] [DNS::rrname] Is the editor not supporting GTM at this time?
Adding string with trailing forward slash in class
I'm trying to enter path data into the "String" field in the "Editing String Data Group" dialog box, and the forward slash character is causing strange behavior. When you type a forward slash and there is no character following it (at the beginning of an empty field or the end of a populated one), nothing is added to the input field, instead the cursor jumps to the beginning of the field. The resulting string can be edited to include forward slashes, as long as a forward slash is not the last character in the field. When it is typed as the last character, the cursor consistently jumps to the beginning of the field. For example, if I type: /what/is/the/deal/ the resulting entry is actually: is/the/deal/what So I cannot create an entry ending in a forward slash. (We should be able to add strings including a trailing forward slash, since it's fairly common to include the trailing slash in URIs in classlists as a natural delimiter -- including it protects against an unintended match on a partial directory name or filename.) iRuler still rocks though! Thanks! (hoping that made sense... should be easy to repro) /deb
Custom Syntax Coloring
I'm one of those weird people who likes to have a black background in my editors. I've figured out how to change most of the syntax coloring, but there's one part that's bugging me. I can't seem to change the color of the caret. It looks like the 2 colors the caret uses is black and whatever the background color is. Unfortunately, since my background color is black the caret never appears, which makes editing a bit difficult. It looks like the editor is based off of scintilla and the other applications I have based on that allow the caret color to be modified using something like the following: selection-fore="default-selection-fore" selection-back="default-selection-back" /> I tried using something like that in the XML config for the iRule editor but it didn't work. Is there any way to change the caret coloring, or am I stuck making my background white?Can't add rule with dash in name
iRuler v0.9.1.3 Tried to add a new rule with a dash in the name (TT-HTTPretry) and got the following error:Invalid characters in the iRule name. Only alpha characters, numbers, and the following special characters are allowed (.*/-:_?=@,) 2 issues: 1) A dash is definitely an allowed character in the iRule name, as the list represents, but that pesky error... (The editor does allow me to re-save existing iRules with dashes in their names.) 2) Not all of those characters are valid in iRule names. Using the following characters in the iRule name: */:?=@, you can create the rule in the editor, but you get an iControl exception error re: invalid name when you attempt to save. (Couldn't test (), not sure if they are part of the list or just delimiters) Looks like the allowed characters are alphas, numerics, underscore, period & dash only? thanks! /deb
Unable to connect to the remote server
Hello, I use the iRULEs editor to develop iRULEs, via a public NAT to my F5 pair (in private address space) everything seems to work great except if I try to "generate traffic" I get a "Unable to connect to the remote server" example "public IP" of my F5 (routed only to my PC) 202.2.2.10 actual "private IP" of my F5 (translated by a CISCO router to the F5) 10.0.7.11 As I said everything works great for developing iRULEs, I just go to 202.2.2.10 ( just like the main GUI for the F5 is accessible from https://202.2.2.10/) and I go to town, but I have no idea how to trigger/use the generate traffic feature, to my iRULEs from the editor - shouldn't it just work since I am logged in via SSH to the F5? Perhaps I have to configure more then a URI of "/" and a method GET Any advice would be appreciated. I know there is a "proxy" setting should I put a socks proxy on the F5 itself or on a client that can actually access the F5 (e.g. normal production use). There doesn't seem to be much in the way of documentation concerning use of the proxy stuff.
iRuler timeout on failed connection
Hi Joe, One of our local .NET gurus helped me with a minor annoyance with the iRuler. When a BIG-IP I'm trying to connect to answers with a reset, the iRuler would hang. Using Task Manager or the CLI tool, taskkill, didn't stop the process. So he recompiled the code with a 5s timeout on the connection attempt (sysInfo.Timeout = 5000; 😞 ConnectionDialog.cs -> OKLinkLabel_LinkClicked // Now verify if we can connect to the host iControl.SystemSystemInfo sysInfo = new iControl.SystemSystemInfo(); sysInfo.Timeout = 5000; sysInfo.Credentials = Clients.ConnectionInfo.creds; sysInfo.PreAuthenticate = true; A timeout might be nice to add in a future version. It would also be ideal to handle routing failures (try connecting to 1.1.1.1 or any other destination which your default gateway will drop) and check that the iRuler times out in a reasonable amount of time and allows the user to re-enter the connection details. Also, could you shorten the splash screen display time in a future version or make it configurable within the GUI whether to display it or not? Lastly, could you post the source for the latest binary version? I think the current source is 0.9.1.4 (Click here). Thanks as always for providing such a useful tool. Aaron
Feature Update - Login from command line
My company uses a visionapp Remote Desktop to manage our servers (windows, linux, F5) by connecting via RDP, SSH and HTTP. One of the features we wanted to take advantage of is their External Application config. This allows the tool to launch an external application and pass parameters like servername, username and password. Since we already manage our LTMs via web & SSH through this tool, I wanted to add the iRule Editor to the mix. Below are some code changes I made to the source to read command line parameters and auto-connect if servername, username and password were all found. I'm sure there are other ways to do this but this is my example. 1st, add 3 module variables to the class: private string m_hostName = ""; private string m_userName = "admin"; private string m_password = ""; Next, add the following subroutine in the Initialization Methods region: protected void loadCommandArgs() { string lastarg = ""; foreach (string arg in Environment.GetCommandLineArgs()) { switch (lastarg.ToLower()) { case "/host": case "/hostname": case "/server": m_hostName = arg; break; case "/user": case "/username": m_userName = arg; break; case "/pass": case "/password": m_password = arg; break; } lastarg = arg; } } Next, remove the DoConnect() routine and replace it with the following: private void DoConnect() { if (DoDisconnect()) { return; } //ConnectionDialog cd = new ConnectionDialog(); iControl.Dialogs.ConnectionDialog cd = new iControl.Dialogs.ConnectionDialog(); cd.ConnectionInfo = Clients.ConnectionInfo; cd.centerX = this.Location.X + (this.Width / 2); cd.centerY = this.Location.Y + (this.Height / 2); DialogResult dr = cd.ShowDialog(this); if (DialogResult.OK == dr) { Clients.initialize(); if (Clients.Connected) { toolStripMenuItem_FileConnect.Text = "Dis&connect"; toolStripButton_Connect.Image = global::iRuler.Properties.Resources.ToolbarDisconnect; toolStripButton_Connect.Text = "Disconnect. Click the Connect button..."; statusStripLabel_Connection.Text = "Connected to " + Clients.ConnectionInfo.hostname; setStatus(statusStripLabel_Connection.Text, getStatusVisible()); updatePartitionInfo(); refreshiRules(); showButtons(true); updateTitle(false); } } else { setStatus("The host you have specified must be a v9.x BIG-IP", true); } } private void DoConnect(string sHostname, string sUsername, string sPassword) { DoDisconnect(); // Check to see if we received valid arguments and connect if possible if (!string.IsNullOrEmpty(sHostname) && !string.IsNullOrEmpty(sUsername) && !string.IsNullOrEmpty(sPassword)) { Clients.ConnectionInfo.hostname = sHostname; Clients.ConnectionInfo.username = sUsername; Clients.ConnectionInfo.password = sPassword; Clients.initialize(); if (Clients.Connected) { toolStripMenuItem_FileConnect.Text = "Dis&connect"; toolStripButton_Connect.Image = global::iRuler.Properties.Resources.ToolbarDisconnect; toolStripButton_Connect.Text = "Disconnect. Click the Connect button..."; statusStripLabel_Connection.Text = "Connected to " + Clients.ConnectionInfo.hostname; setStatus(statusStripLabel_Connection.Text, getStatusVisible()); updatePartitionInfo(); refreshiRules(); showButtons(true); updateTitle(false); } } } private bool DoDisconnect() { if (Clients.Connected) { Clients.Connected = false; toolStripMenuItem_FileConnect.Text = "&Connect"; statusStripLabel_Connection.Text = "Disconnected. Click the Connect button..."; toolStripButton_Connect.Image = global::iRuler.Properties.Resources.ToolbarConnect; toolStripButton_Connect.Text = "Connect"; treeView_iRules.Nodes.Clear(); m_textEditor.Text = ""; m_lastTreeViewNode = null; showButtons(false); setStatus("Disconnected", getStatusVisible()); m_currentPartition = ""; updateTitle(false); return true; } return false; } Finally, call the new LoadCommandlineParms and DoConnect(x,x,x) routines from the iRulerMain_Load routine. (The two lines with ++ are to be inserted in the block noted) if (initializeEditor()) { m_textEditor.Focus(); splitContainer2.SplitterDistance = 0; showButtons(false); DateTime dt2 = DateTime.Now; DateTime dt1 = new DateTime(m_lastUpdate); TimeSpan ts = dt2 - dt1; if (ts.Days >= 1) { DoCheckForUpdates(true, false); } updateAutoCompleteList(); updateIndentionSettings(); viewStatus(m_showStatus); ++ loadCommandArgs(); ++ DoConnect(m_hostName, m_userName, m_password); } else I hope other people find this as useful as my team has. -Robert
