For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Ansible playbook run tasks only on Active LTM member

Problem this snippet solves:

This is an example of a simple Ansible playbook can be run against a pair of F5 devices and will only run select tasks on is the F5 is in an active state.

This is done using the 

block
and 
when
statements within the playbook ('block' requires Ansible 2.5 or above)

In this example it sets the hostname of the F5 and if failover state is 

active
then creates three test nodes, a test pool and adds the nodes as pool members all under the 
test
partition.

NOTE: This playbook prompts for the F5 username and password to connect to the F5 device, this would normally be set with another file or pulled from something like HashiCorp 

Vault

How to use this snippet:

Ansible hosts Inventory example inventory/hosts:


[F5DeviceGroup]
f5vm01.lab.domain.local
f5vm02.lab.domain.local


Assuming the hosts file in located locally within a directory named inventory and the Ansible Playbook is named f5TestPool.yml you can run the example using the following command:


ansible-playbook -i inventory f5TestPool.yml


Example output:


F5 Username: 
F5 Password: 

PLAY [Run tasks on Active LTM] *******************************************************************************************************************************************************************************************************

TASK [Set hostname] ******************************************************************************************************************************************************************************************************************
ok: [f5vm01.lab.domain.local -> localhost]
ok: [f5vm02.lab.domain.local -> localhost]

TASK [Get BIG-IP failover status] ****************************************************************************************************************************************************************************************************
ok: [f5vm01.lab.domain.local -> localhost]
ok: [f5vm02.lab.domain.local -> localhost]

TASK [The active LTMs management IP is....] ******************************************************************************************************************************************************************************************
ok: [f5vm01.lab.domain.local] => {
   "inventory_hostname": "f5vm01.lab.domain.local"
}
skipping: [f5vm02.lab.domain.local]

TASK [Add pool test_pool] ************************************************************************************************************************************************************************************************************
ok: [f5vm01.lab.domain.local -> localhost]
skipping: [f5vm02.lab.domain.local]

TASK [Add node [{u'name': u'test01', u'address': u'8.8.8.8'}, {u'name': u'test02', u'address': u'8.8.4.4'}, {u'name': u'test03', u'address': u'8.8.1.1'}]] ***************************************************************************
ok: [f5vm01.lab.domain.local -> localhost] => (item={u'name': u'test01', u'address': u'8.8.8.8'})
ok: [f5vm01.lab.domain.local -> localhost] => (item={u'name': u'test02', u'address': u'8.8.4.4'})
ok: [f5vm01.lab.domain.local -> localhost] => (item={u'name': u'test03', u'address': u'8.8.1.1'})
skipping: [f5vm02.lab.domain.local] => (item={u'name': u'test01', u'address': u'8.8.8.8'}) 
skipping: [f5vm02.lab.domain.local] => (item={u'name': u'test02', u'address': u'8.8.4.4'}) 
skipping: [f5vm02.lab.domain.local] => (item={u'name': u'test03', u'address': u'8.8.1.1'}) 

TASK [Add pool member [{u'name': u'test01', u'address': u'8.8.8.8'}, {u'name': u'test02', u'address': u'8.8.4.4'}, {u'name': u'test03', u'address': u'8.8.1.1'}] to Pool test_pool] **************************************************
ok: [f5vm01.lab.domain.local -> localhost] => (item={u'name': u'test01', u'address': u'8.8.8.8'})
ok: [f5vm01.lab.domain.local -> localhost] => (item={u'name': u'test02', u'address': u'8.8.4.4'})
ok: [f5vm01.lab.domain.local -> localhost] => (item={u'name': u'test03', u'address': u'8.8.1.1'})
skipping: [f5vm02.lab.domain.local] => (item={u'name': u'test01', u'address': u'8.8.8.8'}) 
skipping: [f5vm02.lab.domain.local] => (item={u'name': u'test02', u'address': u'8.8.4.4'}) 
skipping: [f5vm02.lab.domain.local] => (item={u'name': u'test03', u'address': u'8.8.1.1'})

PLAY RECAP ***************************************************************************************************************************************************************************************************************************
f5vm01.lab.domain.local : ok=6   changed=0   unreachable=0   failed=0
f5vm02.lab.domain.local : ok=2   changed=0   unreachable=0   failed=0


Code :

---
# Playbook 'f5TestPool.yml'
- name: Run tasks on Active LTM
  hosts: F5DeviceGroup
  connection: local
  gather_facts: False

  vars_prompt:
    - name: f5User
      prompt: F5 Username
    - name: f5Pwd
      prompt: F5 Password
  vars:
    f5Provider:
      server: "{{ inventory_hostname }}"
      server_port: 443
      user: "{{ f5User }}"
      password: "{{ f5Pwd }}"
      validate_certs: no
      transport: rest
    nodelist:
      - {name: 'test01', address: "8.8.8.8"}
      - {name: 'test02', address: "8.8.4.4"}
      - {name: 'test03', address: "8.8.1.1"}

  tasks:
    - name: Set hostname
      bigip_hostname:
        provider: "{{ f5Provider }}"
        hostname: "{{ inventory_hostname }}"
      delegate_to: localhost

    - name : Get BIG-IP failover status
      bigip_command:
        provider: "{{ f5Provider }}"
        commands:
          - "tmsh show sys failover"
      delegate_to: localhost
      register: failoverStatus

    - name: Executing on ACTIVE F5 LTM
      block:
        - name: The active LTMs management IP is....
          debug: 
            var: inventory_hostname

        - name: Add pool test_pool
          bigip_pool:
            provider: "{{ f5Provider }}"
            description: "Test pool set by Ansible run by {{ f5User }}"
            lb_method: least-connections-member
            name: test_pool
            partition: test
            monitor_type: single
            monitors:
              - /Common/gateway_icmp
            priority_group_activation: 0
          delegate_to: localhost

        - name: "Add node {{ nodelist }}"
          bigip_node:
            provider: "{{ f5Provider }}"
            partition: test
            address: "{{ item.address }}"
            name: "{{ item.name }}"
          loop: "{{ nodelist }}"
          delegate_to: localhost

        - name: "Add pool member {{ nodelist }} to Pool test_pool"
          bigip_pool_member:
            provider: "{{ f5Provider }}"
            partition: test
            pool: test_pool
            address: "{{ item.address }}"
            name: "{{ item.name }}"
            port: 53
          loop: "{{ nodelist }}"
          delegate_to: localhost
      when: "'active' in failoverStatus['stdout'][0]"

Tested this on version:

12.1
Updated Jun 06, 2023
Version 2.0
Ansible
BIG-IP
devops

1 Comment

  • cwkim's avatar
    cwkim
    Icon for Nimbostratus rankNimbostratus
    Jun 25, 2019

    Could I see the inventory file. Because I want to see the path and method about it(server: "{{ inventory_hostname }}").