Forum Discussion
Using Client Subnet in DNS Requests
Dear Team,
Appreciate for your reply please and assistance.
- Vitaly_NikolaevJan 23, 2019
Nimbostratus
Interesting, we fragmenting ltm configuration to domains, basically: route-domain + partition + vlans + bunch of VIPs.
Right now we create "domain" semi-automatically, you need to login to both active/standby LTMs and start creating vlans/route-domain/partition/self_ips on both, then check if everything in sync and start creating the floating part.
we have a script that generates configuration and admin need run multiple config merge commands in sequence to apply it. It pretty risky even with verify. easy to mess up order.
Do you think iControl REST with transactions would be the best way to fully automate this process? can I create global objects (vlans, self ips, route domain) with it.
Thank you
the sdk certainly supports this, but I would encourage you to use the AS3 package within the automation toolchain. Everything is declarative, so you submit all the config in one request and you're done.
- Peter_BaumannJan 22, 2020
Cirrostratus
Well with the SDK and REST-API we can change objects in the configuration AND configure it further in the F5 Admin UI.
With the AS3 we need to do as you said everything in declarative.
For example: We need a solution to only do certificate automation. That means renew/replace/create certificates/keys in F5.
The rest will still be managed by the team over the F5 Admin UI.
I like the AS3 approach but it means when you implement it that everything needs to be declarative.
So in a big organization with a NOC and support and engineering not everyone can create these declarative configs (yet).