Ansible HA pair deployment using excel spreadsheet. No Ansible knowledge required

Problem this snippet solves:

No Ansible knowledge required. Just fill in the spreadsheet and run the playbook. Easily customisable if you want to get more complex

Please see:

How to use this snippet:


Using ansible and an xlsx spreadsheet to set up an HA pair

Tested on BIG-IP Software version 12.1.2

The default admin password of admin has been used

This project uses the module by Matt Mullen


BIG-IP Requirements
The BIG-IP devices will need to have their management IP, netmask, and management gateway configured

They will also need to be licensed and provisionned with ltm. It is possible to both provision and license the devices with ansible but it is not within the remit of this project.

For additional information on Ansible and F5 Ansible modules, please see:

Ansible Control Machine Requirements
I am using Centos, other OS are available

Note: It will be easiest to carry out the below as the root user

You will need Python 2.7+
$ yum install python

You will need pip
$ curl '' > && sudo python

You will need ansible 2.5+
$ pip install ansible

If 2.5+ is not yet available, which it wasn't at the time of writing, please download directly from git
$ yum install git
$ pip install --upgrade git+

You will need to add a few other modules
$ pip install f5-sdk bigsuds netaddr deepdiff request objectpath openpyxl

You will need to create and copy a root ssh-key to BOTH the bigip devices
$ ssh-keygen
Accept the defaults
$ ssh-copy-id -i /root/.ssh/ root@<bigip-management-ip>
$ ssh-copy-id -i /root/.ssh/ root@

You will need to download the files using git - see above for git installation
$ git clone
$ cd simple-ha-pair

Executing the playbook

You will then need to edit the simple-ha-pair.xlsx file to your preferences

Then execute the playbook as root

$ ansible-playbook simple-ha-pair.yml


In the simple-ha-pair.xlsx spreadsheet:
The HA VLAN must be called 'HA'
The settings where yes/no are required must be yes/no and not YES/NO or Yes/No
One device must have primary=yes and the other must have primary=no

I have added only Standard Virtual Servers with http, client & server ssl profiles, but hopefully it is pretty obvious from the simple-ha-pair.yml playbook how to add in others.

Trunks haven't been added. This is because you can't have trunks in VE and also there is no F5 ansible module to add trunks. It could be done relatively easily using the bigip_command module, and hopefully the bigip_command examples in the simple-ha-pair.yml file will show that.

I haven't added in persistence settings, as this would require a dropdown list of some kind. Is simple enough to do.

Automation does not sit well with complication

To update if there are any changes, please cd to the same folder and run:
$ git pull

You will notice there is also a reset.yml playbook to reset the devices to factory defaults.
To run the reset.yml playbook as root:
$ ansible-playbook reset.yml

Code :

Tested this on version:

Published Feb 12, 2018
Version 1.0

Was this article helpful?

No CommentsBe the first to comment