How to update datagroup on a regular basis from external data source

You mentioned ASM - are you using the ASM module on the f5 - if so it might be easier to enforce from an AD group using ASM

Unfortunately the ExchangeDeviceIDs are not stored in the ActiveDirectory. They somehow have to be stored on the BigIP.

 

 

Regards,

 

Florian

 

 

 

I read some posts about external datagroups and have the idea to put the file via ssh on the BigIP and then do some remote ssh magic to activate the file. Not sure if this would work or if there is a better alternative...

 

 

 

I would suggest the "better alternative" you were asking for is to use the APM and AD Groups, your asking a question on the iRule forum but your only wanting to know how to ssh a file, I would suggest a linux forum. However you can also setup a cron job on your f5 to run the scp cron job every 60 seconds not that I recommend what your attempting to do for several reasons.

Hi Florian,

 

 

I think what you are trying to do is programmatically possible if you really want to do it.

 

 

- Your first problem is going to be the information from the source into a Properly Formatted External Datagroup on the LTM. See the class command for more formatting information on the formatting. If you cannot get your data into the the proper format then the rest of what you are trying to do is mute.

 

- Your second problem will be getting the LTM to trigger a reload of the contents of the Datagroup (the methodology could be as easy as changing the permissions on the file itself (tmsh modify ltm data-group DATA.GROUP.NAME access-mode {read-only or read-write}). Changing the permission on the External Datagroup file will trigger the LTM to reload the data into memory and then be used by the iRule. Changing the content within the file will not trigger a reload automatically.

 

 

You may want to take a look at and collect performance data to compare before and after you do this if you get all of this done and working. It may make you reconsider doing this every 60 seconds (or not). Just a suggestion.

 

 

Hope this helps.

If I may add, you can also simply import a new file (or the same file after editing) with the following:

modify sys file data-group DATA.GROUP.NAME source-path file:/config/dev/test.foo

The trick, as Michael states, is getting the external information into usable data group format. Take a look at the following post for some really good insight:

https://devcentral.f5.com/community/group/asg/53/aft/2159165/showtab/groupforums

Also, interestingly, the source-path option above acts like a cURL command, so the path could just as easily be a remote HTTP URI. I agree with Michael that modifying the config every 60 seconds probably isn't the best method, but if you absolutely had to do it, I'd create an external monitor script and apply it to a "phantom pool" - an arbitrary pool of IPs not tied to any virtual server. The pool assignment 1) causes the external script to fire on a schedule (like a cron job), and 2) is saved with the configuration (unlike a cron job). How you choose to get the (properly formatted) data to the BIG-IP (push via SCP or pull via TMSH source-path) is a completely different challenge.

Thank you very much for your hints. This looks promising. I will take a closer look.