Forum Discussion
iControl vs AS3
- Mar 08, 2023
Hey cbarlock - let me help you answer your question about AS3 vs Rest, i believe that the aim is more of AS3 should be considered the gold standard to delivering applications, for things like what you are talking about (querying and gathering data) to fill in blanks i think those will be around for a very long time, either that or will be adapated to something that will be more in-line with our Automation toolchain.
The automation toolchains are really aimed at deploying configurations in their endstate so in theory you wouldnt need to query an object as it would be configured to however the templates are designed, and any modifications would be done to the templates never within the GUI or CLI so the templates become the single source of truth.
There are 3 major parts of our Automation Tool Chain as per (https://www.f5.com/products/automation-and-orchestration). Ill try to explain to you how i define them.
- Declarative Onboarding (DO) - This is where you are setting up the F5 think of Day 1 type operations, setting up the BIG-IP (IPs/DNS/NTP/Self IPs/VLANS/Modules deployed/Sync Groups/etc.). DO is really about configuring the device(s) if you would like to see a example declaration i do with ansible and vSphere deployments.
https://github.com/VDI-Tech-Guy/f5-bd-bigip-vmware-vSphere/blob/main/roles/F5-Roles/do_configure/templates/do_configure.j2 - Applications Services 3 (AS3) - this is all about delivering applications within tenants, the idea of AS3 is to have 1 single declaration to deliver the "End State" of your deployment (for that tenant (partition)). Think of it as deploying all your vips/pools/nodes in their final configured state for the entire tenant (if thats 100s of vips or 10 vips) and the declaration contains the entire deployment for that tenant. The biggest thing to note here is that AS3 NEVER writes to the common partition and this is by design. the reason it wont write to common is becuase if think of common as ROOT and wrote its end state it would have to track every tenant within it or you could wipe out the entire root and partition set... so this is why its not allowed. AS3 is all about the Apps tho so when you think about delivering apps AS3 is what you aim for.
Here is an example of AS3 deployments that i do for deploying apps via our Ansible 101/201 courses where you are filling in variables in a template to deploy out tenants.
https://github.com/f5devcentral/f5-bd-ansible-labs/blob/main/201-F5-Advanced/AS3/01-Deploy-SSL-Enabled-App_Services-AS3/j2/https.j2 - Telemetry Streaming (TS) - is all about monitoring applications delivered, and setting up that monitoring with either BIG-IQ or other montioring services like Prometheus, Elastic/Kibana, Splunk etc. If you want to start doing things like Event-Driven Automation setting up some sort of telemetry is going to be key to delivering that level of automation.
Here is an example of TS with Elastic -
https://github.com/F5Networks/f5-telemetry-streaming/blob/master/examples/declarations/elasticsearch.json
Hopefully this helps answer your questions (sorry if long winded), and if not please let me know
- Declarative Onboarding (DO) - This is where you are setting up the F5 think of Day 1 type operations, setting up the BIG-IP (IPs/DNS/NTP/Self IPs/VLANS/Modules deployed/Sync Groups/etc.). DO is really about configuring the device(s) if you would like to see a example declaration i do with ansible and vSphere deployments.
Hey cbarlock - let me help you answer your question about AS3 vs Rest, i believe that the aim is more of AS3 should be considered the gold standard to delivering applications, for things like what you are talking about (querying and gathering data) to fill in blanks i think those will be around for a very long time, either that or will be adapated to something that will be more in-line with our Automation toolchain.
The automation toolchains are really aimed at deploying configurations in their endstate so in theory you wouldnt need to query an object as it would be configured to however the templates are designed, and any modifications would be done to the templates never within the GUI or CLI so the templates become the single source of truth.
There are 3 major parts of our Automation Tool Chain as per (https://www.f5.com/products/automation-and-orchestration). Ill try to explain to you how i define them.
- Declarative Onboarding (DO) - This is where you are setting up the F5 think of Day 1 type operations, setting up the BIG-IP (IPs/DNS/NTP/Self IPs/VLANS/Modules deployed/Sync Groups/etc.). DO is really about configuring the device(s) if you would like to see a example declaration i do with ansible and vSphere deployments.
https://github.com/VDI-Tech-Guy/f5-bd-bigip-vmware-vSphere/blob/main/roles/F5-Roles/do_configure/templates/do_configure.j2 - Applications Services 3 (AS3) - this is all about delivering applications within tenants, the idea of AS3 is to have 1 single declaration to deliver the "End State" of your deployment (for that tenant (partition)). Think of it as deploying all your vips/pools/nodes in their final configured state for the entire tenant (if thats 100s of vips or 10 vips) and the declaration contains the entire deployment for that tenant. The biggest thing to note here is that AS3 NEVER writes to the common partition and this is by design. the reason it wont write to common is becuase if think of common as ROOT and wrote its end state it would have to track every tenant within it or you could wipe out the entire root and partition set... so this is why its not allowed. AS3 is all about the Apps tho so when you think about delivering apps AS3 is what you aim for.
Here is an example of AS3 deployments that i do for deploying apps via our Ansible 101/201 courses where you are filling in variables in a template to deploy out tenants.
https://github.com/f5devcentral/f5-bd-ansible-labs/blob/main/201-F5-Advanced/AS3/01-Deploy-SSL-Enabled-App_Services-AS3/j2/https.j2 - Telemetry Streaming (TS) - is all about monitoring applications delivered, and setting up that monitoring with either BIG-IQ or other montioring services like Prometheus, Elastic/Kibana, Splunk etc. If you want to start doing things like Event-Driven Automation setting up some sort of telemetry is going to be key to delivering that level of automation.
Here is an example of TS with Elastic -
https://github.com/F5Networks/f5-telemetry-streaming/blob/master/examples/declarations/elasticsearch.json
Hopefully this helps answer your questions (sorry if long winded), and if not please let me know
Thank you Matt! Very thorough explanation.
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com