Version control and provisioning of F5 iRules with git hooks

Hallo Zusammen :)

In Switzerland I started to work with the F5 BIG LTM Load Balancer. It is a great device to balance HTTP traffic, and TCP traffic in general, to a pool of servers.


F5 BigIP Load Balancer

These devices are highly programmable, the can intercept HTTP sessions and trigger code snippets when some event occurs. In the code you can hack many HTTP options, inject headers and cookies, and even more. With the vendor terminology these code snippets are called iRules.

The subject was completely new to me, so I started reading the very good book An Introduction to F5 Networks LTM iRules. The language used to program iRules is Tcl, I am not an expert but it is easy to learn, and everybody wrote a little bit in Tcl when playing with ns2 at the university.

Pretty soon I realized that this is not the typical Cisco/Juniper device where it is enough to keep a backup/history of the configuration with rancid. You will end up with a lot of code running in the device, and you need to version control this code. Moreover handling code writing to the web interface is terrible,  you will want to write the code with a proper editor.

One more nice to have feature, is to have a central repository for the code, and use an easy workflow to push the latest code version to all devices in your network automatically. It is really hard to manage the network cutting and pasting code on the web interface of the devices.

The good news is that the F5 BIGIP Load Balancer can be accessed with a SOAP API called iControl. There is also an official python library called bigsuds released from F5.

At my github page I published a collection of Git Hooks to update the F5 device as soon the new version of the code is pushed to a git repository.

Here is a nice ASCII art schema of the architecture:

|DevPC| <--- git+ssh ---> |GitBareRepository| <--- iControl SOAP API ---> |BIG-IP LTM|

The key idea is that the developer (or network administrator if you prefer) works on his PC. When the git commits are pushed to a remote git bare repository,  the pre-receive hook is triggered, and the changes are synced to the BIGIP devices using the SOAP API.

It is a couple of months now I am using these hooks in production, and I did not find anything similar on the web ready to use. If you try this stuff please comments are appreciated, and pull requests are even more welcome !

Cheers !


Posted in Uncategorized | Tagged , , , , , | Leave a comment

sudo proc

Ieri ho visto scritto su una mailing list di Ninux:

echo 0 | sudo tee /proc/sys/net/ipv6/conf/all/disable_ipv6

E’ geniale ! Vi state chiedendo perché ?

Qualche anno fa avevo avuto questo problema:

sudo echo 1 > /proc/sys/net/ipv4/ip_forward

Ma cosa significa? esegui "sudo echo 1", poi l’output del comando viene preso
e scritto su /proc/sys/net/ipv4/ip_forward

Quando viene effettuata la scrittura però non abbiamo più i privilegi di root, e quindi questa forma NON FUNZIONA !

Avevo risolto all’epoca usando la sintassi corretta:

sudo sh -c "echo 1 > /proc/sys/net/ipv4/ip_forward"

Ovvero con il privilegio sudo chiamiamo l’interprete dei comandi sh e gli diciamo di eseguire con -c il comando nella stringa che segue tra le “”. In questo modo funziona, e quando redirigo l’output verso /proc ho ancora i privilegi di root.

Ma devo dire che la soluzione echo sudo tee è molto più elegante !!!

Posted in Uncategorized | Tagged | Leave a comment

Da Zug a Zurigo in bici

Cliccando qui i dettagli del percorso dal sito di Runtastic.

Posted in Uncategorized | Tagged , , , , , , | Leave a comment

Pedalare a Zug

Sono ormai 48 ore che sono in Svizzera. Mi sono trasferito a Zug. Sembra ormai un lontano ricordo quella banchina della stazione termini, dove domenica mattina chiaccheravo con un turista tedesco. Lui aveva attaccato bottone vedendo la mia brompton carica di bagagli. Mi raccontava che la bici in fitto dell’albergo gliel’avevano rubata, ed aveva dovuto restituire 200 euro. Si chiedeva come mai la signora dell’albergo non gli avesse dato una catena più seria. Probabilmente perché la bici valeva meno di 200 euro. Benvenuti a Roma :(

2014-11-02 07.49.48La Svizzera è fantastica. Tutta pista ciclabile. Mezzi pubblici che funzionano bene. Con la mia brompton e con i treni sono libero di andare veramente dove voglio. Anche se per ora ho fatto solo il tragitto casa lavoro, e su e giù tra Zug e Zurigo.

Alla stazione di Zug ho visto questo cartello, mi sa che ci sarà da esplorare i dintorni nei fine settimana!

Zug Train Station

Posted in Uncategorized | Tagged , , , | Leave a comment

I installed mqTranslate: the fork of qTranslate plugin compatible with WordPress 3.9

Today I was using a wordpress blog running version 3.9 and the latest qTranslate plugin. I figured out that the TinyMCE editor was not working at all. The buttons of the TinyMCE were not appearing at all on my screen.

It looks like it was not just matter of fixing this issue when upgrading to WordPress 3.9.

I found that somebody proposed a new plugin called mqTranslate. I installed it without problems. After deactivating qTranslate I activated mqTranslate. I had to go to the settings to enable the correct set of languages and put them in the right order. In the widget area I had to install the new mqTranslate language chooser widget.

There are still some issues with the TinyMCE, most users including me are reporting that is not possible to adjust the window size in the editor area.

There are still bugs but it looks like we finally have a qTranslate successor that is under active development !

Posted in Uncategorized | Tagged , , , , | 1 Comment