Automating via BIG-IQ vs. BIG-IP direct configuration
Hello,
I'm a bit puzzled with the architectural intention of central management through BIG-IQ platform from the perspective of automating the multi-Load-balancer configuration (system parameters AND services).
1. Some properties of BIG-IQ (such as it synchronizing with the BIG-IP nodes and being able to populate their settings centrally) seem to indicate, that it is the central point of policy definition and application, which in turn would suggest that any config to BIG-IP systems should be defined and applied via the BIG-IQ CM node.
2. On the other hand, when looking at the config backup content, I can't find any service objects in the CM itself, but rather all the configuration policy is distributed and is present directly in corresponding managed BIG-IP devices. This leads me into looking at BIG-IQ as more of an orchestrator - easing the pushing of config policy to multiple nodes and providing the overall visibility on the service state instead of being a true aggregator of all intended configuration policy. This Orchestrator-like "vibe" is further strenghened when I check out the f5networks.f5_modules collection in ansible, which seemingly is mostly adapted to pushing config directly to BIG-IP (avoiding BIG-IQ alltogether).
I'm currently building the ansible code, which has to build and configure a group of BIG-IP node clusters together with a BIG-IQ CM cluster. My question then is: should I strive for configuring as much as possible through the BIG-IQ (as would be true in scenario 1, despite it means NOT using ansible f5networks collection) or I should just configure my BIG-IPs and then resync their config with BIG-IQ afterwards (as would make much more sense in scenario 2 given the existing ansible code is targeting BIG-IPs directly)?
thanks,
Vytautas
vytbr2 From what I have seen and experienced you are correct in your conclusions. As far as backups are concerned the only piece that will suffice as a backup is running a backup on the BIG-IQ which is usually a scheduled task and in that task you can also copy the backup to another device such as backup server for long term storage and even configure a setting to delete over a certain amount of backups off of the BIG-IQ. Now you to retain a certain amount of configuration on the BIG-IQ for the BIG-IPs that it manages but nothing that can be used to restore a deleted or failed device. If you had a replacement device and you configured everything on it so it would be accessible the remainder of the configuration such as virtual servers, pools, monitors, and other LTM functions those would sync back to the BIG-IP provide the device is named the same.