Sign Up | Login
Search
Tech Tips on DevCentral
   
You are here: Tutorials > Tech Tips

Current Articles | Categories | Search | Syndication

Wednesday, August 11, 2010 11:44 AM

Restful Access to BIG-IP Subtables

by Jason Rahm - 2478 views Article Rating
3 Comments

Surely by now you have tasted the goodness that is tables.  No?  Stop now and go read up on the table command.  No, really, right now!  I’ll wait…

OK, now that you are a tables expert, it’s clear to you that this is very powerful, but as I’m sure you read in the fine print, there’s no way to get to the table data outside of tmm.  That means no shell access, no icontrol access, no nada.  But, as is often the case, iRules to the rescue! 

 

The REST interface

REST came about as a lightweight response to the heavyweight champ SOAP standard for web services.  With REST, the HTTP methods are used as an API.  I’ll use two approaches here.  The first is a cheat of sorts.  It’s pretty common for developers to put the parameters in the URI instead of using PUT and DELETE, so I’ll show that first.  With the second approach, I’ll use the normal REST methods (GET/POST/PUT/DELETE) to determine the operation.  The table below (no pun intended) shows the actions the iRule will take given the request.

tablemethods

The response to either approach should be formatted in xml, but I’ll leave that exercise to you.

Common Logic

As shown in the table above, for approach one, every request will be a get, so I need an action keyword to tell the iRule what table operation to use.  The actions are lookup, add, replace, & delete.  For the second approach, the HTTP method is used as the operator, so I only need to supply the table information.  I built a class to control which tables could be accessed and manipulated, but one should probably put more controls (source IP’s allowed, maybe some authentication) around it as well.  Finally, I’m using indefinite on the timeout and lifetime just so I don’t have to worry about my k/v pairs disappearing during testing.  This might not be desirable in a production environment as indefinite times X connections/second could lead to a very large and perhaps catastrophic memory footprint.

Approach 1

   1: # class p_subtables {
   2: #   "foo"
   3: #   "bar"
   4: # }
   5:  
   6: when HTTP_REQUEST {
   7:     
   8:   set full_uri [split [URI::path [HTTP::uri]] "/"]
   9:     
  10:   if { [class match [lindex $full_uri 1] equals p_subtables] } {
  11:         
  12:     switch [llength $full_uri] {
  13:       4 { scan [lrange $full_uri 1 end-1] %s%s tname action }
  14:       5 { scan [lrange $full_uri 1 end-1] %s%s%s tname action key }
  15:       6 { scan [lrange $full_uri 1 end-1] %s%s%s%s tname action key val }
  16:       default { HTTP::respond 200 content "<HTML><BODY>ERROR</BODY></HTML>" }
  17:     }
  18:     switch $action {
  19:       "lookup" {
  20:         if { [info exists tname] && [info exists key] } {
  21:           set kvpair [table lookup -notouch -subtable $tname $key]
  22:         } elseif { [info exists tname] } {
  23:             foreach tkey [table keys -subtable $tname] {
  24:               lappend kvpair "$tkey:[table lookup -notouch -subtable $tname $tkey]"
  25:             }
  26:         } else { HTTP::respond 200 content "<HTML><BODY>Table and/or Key information invalid</BODY></HTML>" }
  27:         HTTP::respond 200 content "<HTML><BODY>$kvpair</BODY></HTML>"
  28:       }
  29:       "add" { 
  30:         if { [info exists tname] && [info exists key] && [info exists val] } {
  31:           table add -subtable $tname $key $val indefinite indefinite
  32:           HTTP::respond 200 content "<HTML><BODY>SUCCESS</BODY></HTML>"
  33:         } else { HTTP::respond 200 content "<HTML><BODY>Error!  Must supply /table/key/value/</BODY></HTML>" }
  34:       }
  35:       "replace" {
  36:         if { [info exists tname] && [info exists key] && [info exists val] } {
  37:           table replace -subtable $tname $key $val indefinite indefinite
  38:           HTTP::respond 200 content "<HTML><BODY>SUCCESS</BODY></HTML>"
  39:         } else { HTTP::respond 200 content "<HTML><BODY>Error!  Must supply /table/key/value/</BODY></HTML>" }
  40:       }
  41:       "delete" {
  42:         if { [info exists tname] && [info exists key] } {
  43:           table delete -subtable $tname $key
  44:           HTTP::respond 200 content "<HTML><BODY>SUCCESS</BODY></HTML>"
  45:         } else { HTTP::respond 200 content "<HTML><BODY>Error! Must supply /table/key/</BODY></HTML>" }
  46:       }
  47:       default { HTTP::respond 200 content "<HTML><BODY>Not a valid method for this interface</BODY></HTML>" } 
  48:     }
  49:   } else { HTTP::respond 200 content "<HTML><BODY>Not Permitted</BODY></HTML>" }
  50: }

Approach 2

   1: # class p_subtables {
   2: #   "foo"
   3: #   "bar"
   4: # }
   5:  
   6: when HTTP_REQUEST {
   7:  
   8:   set full_uri [split [URI::path [HTTP::uri]] "/"]
   9:     
  10:   if { [class match [lindex $full_uri 1] equals p_subtables] } {
  11:         
  12:     switch [llength $full_uri] {
  13:       3 { set tname [lindex $full_uri 1] }
  14:       4 { scan [lrange $full_uri 1 end-1] %s%s tname key }
  15:       5 { scan [lrange $full_uri 1 end-1] %s%s%s tname key val }
  16:       default {    HTTP::respond 200 content "<HTML><BODY>ERROR</BODY></HTML>" }
  17:     }        
  18:     switch [HTTP::method] {
  19:       "GET" {
  20:         if { [info exists tname] && [info exists key] } {
  21:           set kvpair [table lookup -notouch -subtable $tname $key]
  22:         } elseif { [info exists tname] } {
  23:             foreach tkey [table keys -subtable $tname] {
  24:               lappend kvpair "$tkey:[table lookup -notouch -subtable $tname $tkey]"
  25:             }
  26:         } else { HTTP::respond 200 content "<HTML><BODY>Table and/or Key information invalid</BODY></HTML>" }
  27:         HTTP::respond 200 content "<HTML><BODY>$kvpair</BODY></HTML>"
  28:       }
  29:       "POST" {
  30:         if { [info exists tname] && [info exists key] && [info exists val] } {
  31:           table add -subtable $tname $key $val indefinite indefinite
  32:           HTTP::respond 200 content "<HTML><BODY>SUCCESS</BODY></HTML>"
  33:         } else { HTTP::respond 200 content "<HTML><BODY>Error!  Must supply /table/key/value/</BODY></HTML>" }
  34:       }
  35:       "PUT" {
  36:         if { [info exists tname] && [info exists key] && [info exists val] } {
  37:           table replace -subtable $tname $key $val indefinite indefinite
  38:           HTTP::respond 200 content "<HTML><BODY>SUCCESS</BODY></HTML>"
  39:         } else { HTTP::respond 200 content "<HTML><BODY>Error!  Must supply /table/key/value/</BODY></HTML>" }
  40:       }
  41:       "DELETE" {
  42:         if { [info exists tname] && [info exists key] } {
  43:           table delete -subtable $tname $key
  44:           HTTP::respond 200 content "<HTML><BODY>SUCCESS</BODY></HTML>"
  45:         } else { HTTP::respond 200 content "<HTML><BODY>Error! Must supply /table/key/</BODY></HTML>" }
  46:       }
  47:       default { HTTP::respond 200 content "<HTML><BODY>Not a valid method for this interface</BODY></HTML>" }
  48:     }
  49:   } else { HTTP::respond 200 content "<HTML><BODY>Not Permitted</BODY></HTML>" }
  50: }

The Test

You can use a browser for the first approach as everything is a get method.  For the second method, cURL is great for the ease of method allocation.  I tested both approaches with cURL, results are below.

Approach 1

jrahm@jrahm-dev:~$ curl http://10.10.20.50/foo/add/client1/jasonrahm/
<HTML><BODY>SUCCESS</BODY></HTML>
jrahm@jrahm-dev:~$ curl http://10.10.20.50/foo/add/client2/colinwalker/
<HTML><BODY>SUCCESS</BODY></HTML>
jrahm@jrahm-dev:~$ curl http://10.10.20.50/foo/lookup/
<HTML><BODY>client1:jasonrahm client2:colinwalker</BODY></HTML>
jrahm@jrahm-dev:~$ curl http://10.10.20.50/foo/lookup/client1/
<HTML><BODY>jasonrahm</BODY></HTML>
jrahm@jrahm-dev:~$ curl http://10.10.20.50/foo/replace/client1/jeffbrowning/
<HTML><BODY>SUCCESS</BODY></HTML>
jrahm@jrahm-dev:~$ curl http://10.10.20.50/foo/lookup/client1/
<HTML><BODY>jeffbrowning</BODY></HTML>
jrahm@jrahm-dev:~$ curl http://10.10.20.50/foo/delete/client2/
<HTML><BODY>SUCCESS</BODY></HTML>
jrahm@jrahm-dev:~$ curl http://10.10.20.50/foo/lookup/
<HTML><BODY>client1:jeffbrowning</BODY></HTML>

Approach 2

jrahm@jrahm-dev:~$ curl -X POST http://10.10.20.50/foo/client1/jasonrahm/
<HTML><BODY>SUCCESS</BODY></HTML>
jrahm@jrahm-dev:~$ curl -X POST http://10.10.20.50/foo/client2/colinwalker/
<HTML><BODY>SUCCESS</BODY></HTML>
jrahm@jrahm-dev:~$ curl -X GET http://10.10.20.50/foo/
<HTML><BODY>client1:jasonrahm client2:colinwalker</BODY></HTML>
jrahm@jrahm-dev:~$ curl -X PUT http://10.10.20.50/foo/client1/joepruitt/
<HTML><BODY>SUCCESS</BODY></HTML>
jrahm@jrahm-dev:~$ curl -X GET http://10.10.20.50/foo/
<HTML><BODY>client1:joepruitt client2:colinwalker</BODY></HTML>
jrahm@jrahm-dev:~$ curl -X DELETE http://10.10.20.50/foo/client2/
<HTML><BODY>SUCCESS</BODY></HTML>
jrahm@jrahm-dev:~$ curl -X GET http://10.10.20.50/foo/
<HTML><BODY>client1:joepruitt</BODY></HTML>

Impressive, no?  Much thanks to the genius that is Matt Cauthorn, who seeded the idea internally.  So, now that you have access, what will you do with such power?  I have several use cases I could share, but I'll wait to update until the mindshare flows in.  Comment away!


Rate This Article:

COMMENTS

posted @ Wednesday, August 11, 2010 5:06 PM   

posted @ Friday, September 10, 2010 11:08 AM by Colin Walker  

posted @ Wednesday, September 22, 2010 11:20 PM by Kevin   

Thats a lot of code when this will do...

when HTTP_REQUEST {
set page_header "Table data"
set page_footer ""
switch -regex [HTTP::URI] {
"^/keys" {

default {

table [getfield [HTTP::URI] "/" 2] -subtable [getfield [HTTP::URI] "/" 3] [getfield [HTTP::URI] "/" 4] [getfield [HTTP::URI] "/" 5]
}

http://127.0.0.1/add/mytable/hello/there
http://127.0.0.1/delete/mytable/hello/there
http://127.0.0.1/delete/mytable/hello/-all
Only registered users may post comments.
  
Subscriptions: Video  |  Audio  |  Tutorials  |  Tech Tips  |  Features  | 

More...

 

 

Essentials Quick Start Guides
iRules Wiki | iControl SDK | WebAccelerator Wiki iRules | iControl
FirePass Wiki | Advanced Design & Config Wiki WebAccelerator | FirePass

 

Videos

  

Audio

Cache in with LTM and iRules
Can iRules fix my cert mismatch errors?
Concurrent iControl Programming Explained
Cookie LoJack vi iRules
Creating An iControl PowerShell Monitoring Dashboard With Google Charts
Custom SNMP Traps
Exchange Persistence Duality and iRules
FTPS Offload via iRules
Getting Started with pyControl
iControl 101 - #19 - Time Conversions
iControl 101 - #20 - Port Lockdown
iControl 101 - #21 - Rate Classes
iControl 101 - #22 - GTM Data Centers
iControl Apps - #04 - Graceful Server Shutdown
iControl Apps - #05 - Rate Based Statistics
iControl Apps - #06 - Configuration Archiving
iControl Apps - #07 - System Http Statistics
iControl Apps - #08 - System IP Statistics
iControl Apps - #09 - TMM Statistics
iControl Apps - #10 - Bigpipe List
iControl Apps - #11 - Global GTM Statistics
iControl Apps - #12 - Global SSL Statistics
iControl Apps - #13 - System PVA Statistics
iControl Apps - #14 - Global Statistics
iControl Apps - #18 - Virtual Server Reverse Lookup
Investigating the LTM TCP Profile: Acknowledgements
Investigating the LTM TCP Profile: Congestion Control Algorithms
Investigating the LTM TCP Profile: ECN &amp; LTR
Investigating the LTM TCP Profile: Max Syn Retransmissions &amp; Idle Timeout
Investigating the LTM TCP Profile: Nagle’s Algorithm
Investigating the LTM TCP Profile: The Finish Line
Investigating the LTM TCP Profile: Windows &amp; Buffers
iRules 101 - #13 - TCL String Commands Part 1
iRules 101 - #14 - TCL String Commands Part 2
iRules 101 - #15 - TCL List Handling Commands
iRules Event Order
Managing The System Boot Location with iControl
Persisting SSL Connections
Replacing the WebSphere Apache Plugin with iRules
Ruby meets iControl: Creating VIPs
Ruby meets iControl: Making Wide IPs
Ruby Meets iControl: Switching Policies
Ten Steps to iRules Optimization
Unbind your LDAP servers with iRules
v.10 - A new iRules Namespace
v.10 - FastHTTP and Cookie Persistence
v.10 - iRules and the after command
v.10 - New class features in iRules
v.10 - Remote Authorization via TACACS&#43;
v10.1 - Configuring GTM's DNS Security Extensions
  

Features

  

Tutorials

  

iControl

  

iRules

  

Monitoring & Management

  

Advanced Design & Config

  

93,050 Members in 191 Countries and Growing!

Join DevCentral Today!

About DevCentral

F5 DevCentral is your source for the best technical documentation, discussion forums, blogs, media and more related to application delivery networking.

So dive in, meet your peers, and get familiar with DevCentral. We hope it makes your job easier and helps you get more from your F5 investment. If new to DevCentral, check out the Getting Started section. And if you have any problems, or think something could be easier to use, let us know.

Got It !

We've received your comment and transmitted it directly to DevCentral HQ.

Thanks for taking time to let us know what's on your mind. At DevCentral | Community Matters!

Get In Touch With Us

Have questions, suggestions or just want to get something off your chest?

Use our handy form below to Direct Connect with DevCentral Mission Control.

Send Us Feedback      or
 
Copyright 1996 - 2011 F5 Networks, Inc.

Powered by the DevCentral Crew  |  Privacy Statement   |  Terms Of Use  |  Code of Conduct

Page generated in 0.390625 seconds.