Manual Chapter : Managing GSLB iRules

Applies To:

Show Versions Show Versions

BIG-IQ Centralized Management

  • 7.1.0
Manual Chapter

Managing GSLB iRules

How do I manage permissions for DNS GSLB objects?

F5 BIG-IQ Centralized Management makes it straightforward for you to manage permissions that allow users to view only the specific DNS GSLB objects you assign to them.
To provide permissions for a specific set of objects, you complete these tasks.
  1. Add a custom resource group
    - In this task, you specify the GSLB objects that you want this user to work with. You create a resource group for each collection of objects that you want to assign to a user.
  2. Add a custom role
    - Next, you associate the GSLB Viewer role type with the resource groups that contain the objects you want your delegates to view. For example, if you had a resource group made up of two wide IPs, one named
    SeattlePrime
    and the other named
    SeattleSecond
    , you might name this role
    viewSeattle
    .
  3. Add a custom user
    - Finally, you create a user and assign a custom role to that user. The role gives that user permissions to view the objects that belong to the objects in the resource group. In the current example, you could assign your custom user to the
    viewSeattle
    role to give that user the ability to view the GSLB objects in the two Seattle wide IPs.
For step-by-step guidance on each of these tasks, refer to
How do I give users customized permissions to specific BIG-IP resources based on their job responsibilities?
on
support.f5.com
.

How do I manage GSLB iRules in BIG-IQ?

iRules® allow you to manipulate and manage the application traffic in your GSLB domain. Using iRules scripting syntax, you can customize how you intercept, inspect, transform, and direct inbound or outbound application traffic.
The workflows for creating a new iRule or changing the settings for a iRule that already reside on devices in a managed sync group are very similar. In each case, there are four tasks to perform.
This figure illustrates the workflow you perform to manage the iRules in a sync group. Changing the settings or creating the iRule is the second step in this process.
Change iRule workflow
Workflow for changing object settings on a managed device
You can view the GSLB iRules configured for the DNS sync groups you manage by navigating to
Configuration
DNS
GSLB
iRules
. From there, click an iRule to view it, or click
Create
to set up a new one.

View GSLB objects

Before you can use a BIG-IQ to manage DNS GSLB objects on a managed device, you must configure at least one Datacenter on that device using the BIG-IP user interface.
Before you can view GSLB objects, you must discover and import BIG-IP devices that are members of a DNS sync group that has GSLB objects.
When you use F5 BIG-IQ Centralized Management to manage your DNS sync group, you can view the GSLB objects that are defined on devices in the sync group.
  1. At the top of the screen, click
    Configuration
    .
  2. On the left, click
    DNS
    GSLB
    , and then select the object type that you want to view.
    The screen displays a list of the selected object type that are defined on devices managed by this BIG-IQ system. For each object (except iRules, topology records, or topology regions), icons describe the health status and availability.
  3. To view overview information about a particular object, select the check box for that object.
    An overview panel and a related items panel display for this object.
  4. To see a list of related items for a GSLB object:
    1. Select the check box for that object.
    2. In the Related Items panel, click
      Show
      .
      You can view the list of related items; and, for many of the items, you can click a link to view properties for that item.
  5. To view the general properties for a GSLB object, click the name of that object.
    The screen displays the properties for the selected object.

Create a GSLB iRule

You create a GSLB iRule so that you can manage the virtual servers that host the content of your domain.
  1. At the top of the screen, click
    Configuration
    , then, on the left, click
    DNS
    GSLB
    iRules
    .
    The screen displays the list of iRules defined on this device.
  2. Click
    Create
    .
    The New iRule screen opens.
  3. Type a
    Name
    for the GSLB iRule.
  4. In the
    Body
    field, compose the script sequence that defines the iRule.
    For guidance on creating an iRule, consult the AskF5 Knowledge Base. You can search the AskF5 website for iRules documentation that provides an overview of iRules, lists the basic elements that make up an iRule, and shows some examples of how to use iRules.
  5. Click
    Save & Close
    .
    The system creates the new iRule and adds it to the list of iRules.
Changes that you make are made only to the pending version. The
pending version
serves as a repository for changes you stage before deploying them to the managed device. Object settings for the pending version are not the same as the object settings on the actual BIG-IP device until they are deployed or discarded.
When you finish specifying the settings for this iRule, the next step is to evaluate and then deploy the changes to devices in the sync group. Until you deploy the changes stored in the pending version, objects on the devices in the sync group are not changed.

Edit a GSLB iRule

You can review the properties that have been specified for the selected iRule, and you can change the body of the iRule.
  1. At the top of the screen, click
    Configuration
    , then, on the left, click
    DNS
    GSLB
    iRules
    .
    The screen displays the list of iRules defined on this device.
  2. Click the name of the iRule you want to revise.
    The screen displays the current settings for the selected iRule.
  3. Make the changes you want to the body and then, when your edits are complete, click
    Save & Close
    .
    The system updates the iRule with the settings you specified.
Changes that you make are made only to the pending version. The
pending version
serves as a repository for changes you stage before deploying them to the managed device. Object settings for the pending version are not the same as the object settings on the actual BIG-IP device until they are deployed or discarded.
When you finish revising the settings for this iRule, the next step is to evaluate and then deploy the changes to devices in the sync group. Until you deploy the changes stored in the pending version, objects on the devices in the sync group are not changed.