How to assign an iRule to a virtual server in iApp template

Question

Hello!
I'm trying to modify radius iApp template to automatically create and assign an iRule to the virtual server.
I've managed to create an iRule, but I can't assign it to the server.&nbsp;
In the template there is the following code creating a virtual server:
    set supported_ports [set ::vs_pool_${service}__vs_port]
    foreach port $supported_ports {
        iapp::conf create ltm virtual ${tmsh::app_name}_${service}_${port} \
            destination [iapp::destination $addr text$port] \
            [iapp::substa mask($share_ip,$advanced)] \
            ip-protocol udp \
            [iapp::substa pool($create_new_pool,$override_monitor)] \
            $profiles_action \
            [iapp::substa snat($use_snat,$use_automap,$new_snatpool)] \
            vlans-disabled \
            vlans none \
            [iapp::substa rules($attach_irules)]
    }&nbsp;
I'm trying to rewrite the last line to assign my iRule:
    set supported_ports [set ::vs_pool_${service}__vs_port]
    foreach port $supported_ports {
        iapp::conf create ltm virtual ${tmsh::app_name}_${service}_${port} \
            destination [iapp::destination $addr $port] \
            [iapp::substa mask($share_ip,$advanced)] \
            ip-protocol udp \
            [iapp::substa pool($create_new_pool,$override_monitor)] \
            $profiles_action \
            [iapp::substa snat($use_snat,$use_automap,$new_snatpool)] \
            vlans-disabled \
            vlans none \
            rules RADIUS_persist
    }&nbsp;
iRule RADIUS_persist is created in the beggining of template with the following code:
    tmsh::create {
    ltm rule RADIUS_persist
    when CLIENT_ACCEPTED {
        set framed_ip [RADIUS::avp 8 ip4]
        set calling_station_id [RADIUS::avp 31 "string"]
        log local0. "request from $calling_station_id:$framed_ip"
        persist uie "$calling_station_id:$framed_ip"
        }
    }&nbsp;
When I'm trying to create iapp with my template i'm getting the following error:
    script did not successfully complete: ("RADIUS_persist" unexpected argument
    while executing
    "tmsh::create [string range $args 7 end] "
    ("create" arm line 1)
    invoked from within
    "switch -exact -- [string range $args 0 5] {
    create { tmsh::create [string range $args 7 end] }
    modify { tmsh::modify [string r..."
    (procedure "iapp::conf" line 14)
    invoked from within
    "iapp::conf create ltm virtual ${tmsh::app_name}_${service}_${port} destination [iapp::destination $addr $port] [iapp::substa mask($share_ip,$advance..."
    (procedure "configure_radius_deployment" line 114)
    invoked from within
    "configure_radius_deployment"
    invoked from within
    "subst $substa_out"
    invoked from within
    "if { [info exists [set substa_in]] } {
    set substa_out [subst $$substa_in]
    set substa_out [subst $substa_out]
    } else {
    ..."
    ("uplevel" body line 3)
    invoked from within
    "uplevel {
    append ::substa_debug "
$substa_in"
    if { [info exists [set substa_in]] } {
    set substa_out [subst $$substa_in]
    ..."
    (procedure "iapp::substa" line 9)
    invoked from within
    "iapp::substa main($is_v11_3,$upgrade,$downgrade)" line:349)&nbsp;
What is the right way to assign an iRule to virtual server?&nbsp;

mikeshimkus_111 · Answer

Hi, which version of the template and BIG-IP are you using?&nbsp;
thanks&nbsp;
Mike&nbsp;

a_pavlov_114144 · Answer

Hi!
I'm using BIG-IP v. 11.4.0 and the built-in template.

mikeshimkus_111 · Answer

We recommend selecting advanced configuration mode from the question, "Which configuration mode do you want to use?".  You should see a multichoice box in the iRules for Authentication and Authorization section of the iApp that will allow you to attach any iRules you like to the virtual server.

You will need to create the iRules before reconfiguring the iApp.

Mike

a_pavlov_114144 · Answer

Mike, I'd like to create a custom iapp that will automatically create iRule and assign it to the virtual server

a_pavlov_114144 · Answer

I've managed to do it. The right code was:&nbsp;        foreach port $supported_ports {
        iapp::conf create ltm virtual ${tmsh::app_name}_${service}_${port} \
            destination [iapp::destination $addr $port] \
            [iapp::substa mask($share_ip,$advanced)] \
            ip-protocol udp \
            [iapp::substa pool($create_new_pool,$override_monitor)] \
            $profiles_action \
            [iapp::substa snat($use_snat,$use_automap,$new_snatpool)] \
            vlans-disabled \
            vlans none \
            rules \{ RADIUS_persist \}
    }

Forum Discussion

How to assign an iRule to a virtual server in iApp template

5 Replies

Recent Discussions

Error while running ansible

ASM instance creation

[ASM] - what is "Browser Challange file" ?

[ASM] - HTML5 Cross-Domain Request Enforcement - CLI command

Reverse Proxy Not Behaving

Related Content

APM variable assign examples

Integrating SSL Orchestrator with Fortinet FortiGate Virtual Edition as a Virtual Wire

Virtual address from address list is down after assignment to VS

Mitigating OWASP API Security Risk: Mass Assignment using F5 XC Platform

External Monitor Information and Templates