Manual Chapter :
Managing GSLB
iRules
Applies To:
Show Versions
BIG-IQ Centralized Management
- 8.3.0, 8.2.0, 8.1.0, 8.0.0, 7.1.0
Managing GSLB
iRules
How do I manage permissions for DNS GSLB
objects?
F5 BIG-IQ Centralized Management makes it
straightforward for you to manage permissions that allow users to view only
the specific DNS GSLB objects you assign to them.
To provide permissions for a specific set of objects, you complete these
tasks.
- Add a custom resource group- In this task, you specify the GSLB objects that you want this user to work with. You create a resource group for each collection of objects that you want to assign to a user.
- Add a custom role- Next, you associate the GSLB Viewer role type with the resource groups that contain the objects you want your delegates to view. For example, if you had a resource group made up of two wide IPs, one namedSeattlePrimeand the other namedSeattleSecond, you might name this roleviewSeattle.
- Add a custom user- Finally, you create a user and assign a custom role to that user. The role gives that user permissions to view the objects that belong to the objects in the resource group. In the current example, you could assign your custom user to theviewSeattlerole to give that user the ability to view the GSLB objects in the two Seattle wide IPs.
For step-by-step guidance on each of these tasks, refer to
How do I give users
customized permissions to specific BIG-IP resources based on their job
responsibilities?
on support.f5.com
.How do I manage GSLB iRules in BIG-IQ?
iRules® allow you to manipulate
and manage the application traffic in your GSLB domain. Using iRules scripting syntax, you can
customize how you intercept, inspect, transform, and direct inbound or outbound application
traffic.
The workflows for creating a new iRule or changing the settings for a
iRule that already reside on devices in a managed sync group are very similar. In each case,
there are four tasks to perform.
This figure illustrates the workflow you perform to manage the iRules in
a sync group. Changing the settings or creating the iRule is the second step in this
process.
Change iRule
workflow
You can view the GSLB iRules configured for the DNS sync groups you manage
by navigating to . From there, click an iRule to view it, or click
Create
to set up a new one.View GSLB objects
Before you can use a BIG-IQ to manage DNS GSLB objects on a managed device, you must configure at least one Datacenter on that device using the BIG-IP user interface.
When you use F5 BIG-IQ Centralized Management to manage your DNS sync group, you can view the GSLB objects that are defined on devices in the sync group.
- At the top of the screen, clickConfiguration.
- On the left, click , and then select the object type that you want to view.The screen displays a list of the selected object type that are defined on devices managed by this BIG-IQ system. For each object (except iRules, topology records, or topology regions), icons describe the health status and availability.
- To view overview information about a particular object, select the check box for that object.An overview panel and a related items panel display for this object.
- To see a list of related items for a GSLB object:
- Select the check box for that object.
- In the Related Items panel, clickShow.You can view the list of related items; and, for many of the items, you can click a link to view properties for that item.
- To view the general properties for a GSLB object, click the name of that object.The screen displays the properties for the selected object.
Create a GSLB iRule
You create a GSLB iRule so that you can manage the
virtual servers that host the content of your domain.
- At the top of the screen, clickConfiguration, then, on the left, click .The screen displays the list of iRules defined on this device.
- ClickCreate.The New iRule screen opens.
- Type aNamefor the GSLB iRule.
- In theBodyfield, compose the script sequence that defines the iRule.For guidance on creating an iRule, consult the AskF5 Knowledge Base. You can search the AskF5 website for iRules documentation that provides an overview of iRules, lists the basic elements that make up an iRule, and shows some examples of how to use iRules.
- ClickSave & Close.The system creates the new iRule and adds it to the list of iRules.
Changes that you make are
made only to the pending version. The
pending version
serves as a repository for changes you stage before deploying them to the managed device.
Object settings for the pending version are not the same as the object settings on the
actual BIG-IP device until they are deployed or discarded. When you finish specifying the settings for
this iRule, the next step is to evaluate and then deploy the changes to devices in the
sync group. Until you deploy the changes stored in the pending version, objects on the
devices in the sync group are not changed.
Edit a GSLB iRule
You can review the properties that have been
specified for the selected iRule, and you can change the body of the iRule.
- At the top of the screen, clickConfiguration, then, on the left, click .The screen displays the list of iRules defined on this device.
- Click the name of the iRule you want to revise.The screen displays the current settings for the selected iRule.
- Make the changes you want to the body and then, when your edits are complete, clickSave & Close.The system updates the iRule with the settings you specified.
Changes that you make are
made only to the pending version. The
pending version
serves as a repository for changes you stage before deploying them to the managed device.
Object settings for the pending version are not the same as the object settings on the
actual BIG-IP device until they are deployed or discarded. When you finish revising the settings for
this iRule, the next step is to evaluate and then deploy the changes to devices in the
sync group. Until you deploy the changes stored in the pending version, objects on the
devices in the sync group are not changed.
