BIG-IP deployments using Ansible in private and public cloud

F5 has been actively developing Ansible modules that help in deploying an application on the BIG-IP. For a list of candidate modules for Ansible 2.4 release refer to the Github link. These modules can be used to configure any BIG-IP (physical/virtual) in any environment (Public/Private or Hybrid cloud)

Before we can use the BIG-IP to deploy an application, we need to spin up a virtual edition of the BIG. Let’s look at some ways to spin up a BIG-IP in the Public and Private cloud

Private cloud

Create a BIG-IP guest VM through VMware vSphere

For more details on the ansible module refer to Ansible documentation

Pre-condition: On the VMware a template of the BIG-IP image has been created

Example Playbook:

- name: Create VMware guest

 

  hosts: localhost

 

  connection: local

 

  become: true

 

  tasks:

 

  - name: Deploy BIG-IP VE

 

    vsphere_guest:

 

      vcenter_hostname: 10.192.73.100

//vCenter hostname or IP address

      esxi:

 

        datacenter: F5 BD Lab

//Datacenter name

        hostname: 10.192.73.22

//esxi hostname or IP address

      username: root

//vCenter username

      password: *****

//vCenter password

      guest: “BIGIP-VM”

//Name of the BIG-IP to be created

      from_template: yes

 

      template_src: "BIG-IP VE 12.1.2.0.0.249-Template"

//Name of the template

 

Spin up a BIG-IP VM in VMWARE using govc

For more details on the govc refer to govc github and vmware github

Pre-condition: govc has been installed on the ansible host

Example Playbook:

- name: Create VMware guest

 

  hosts: localhost

 

  connection: local

 

  tasks:

 

  - name: Import OVA and deploy BIG-IP VM

 

    command: "/usr/local/bin/govc import.ova -name=newVM  BIGIP005 /tmp/BIGIP-12.1.2.0.0.249.LTM-scsi.ova"

//Command to import the BIG-IP ova file

    environment:

 

     GOVC_HOST: "10.192.73.100"                         

//vCenter hostname or IP address

     GOVC_URL: "https://10.192.73.100/sdk"

 

     GOVC_USERNAME: "root"                                 

//vCenter username

     GOVC_PASSWORD: "*******"                                  

//vCenter password

     GOVC_INSECURE: "1"

 

     GOVC_DATACENTER: "F5 BD Lab"   

//Datacenter name

     GOVC_DATASTORE: "datastore1 (5)"  

//Datastore on where to store the ova file

     GOVC_RESOURCE_POOL: "Testing"         

//Resource pool to use

 

 

  - name: Power on the VM

 

    command: "/usr/local/bin/govc vm.power -on newVM-BIGIP005"

 

    environment:

 

     GOVC_HOST: "10.192.73.100"

 

     GOVC_URL: "https://10.192.73.100/sdk"

 

     GOVC_USERNAME: "root"

 

     GOVC_PASSWORD: "vmware"

 

     GOVC_INSECURE: "1"

 

     GOVC_DATACENTER: "F5 BD Lab"

 

     GOVC_DATASTORE: "datastore1 (5)"

 

     GOVC_RESOURCE_POOL: "Testing"

 

Public Cloud

Spin up a BIG-IP using cloud formation templates in AWS

For more details on the BIG-IP cloud formation templates, refer to the following Github Page

Pre-condition: Cloud formation JSON template has been downloaded to the Ansible host

Example Playbook:

- name: Launch BIG-IP CFT in AWS

 

  hosts: localhost

 

  gather_facts: false

 

 

 

  tasks:

 

  - name: Launch BIG-IP CFT

 

    cloudformation:

 

     aws_access_key: "******************"                                           

//AWS access key

     aws_secret_key: "******************"                                           

//AWS secret key

     stack_name: "StandaloneBIGIP-1nic-experimental-Ansible"

 

     state: "present"

 

     region: "us-west-2"

 

     disable_rollback: true

 

     template: "standalone-hourly-1nic-experimental.json"                    

//JSON blob for the CFT

     template_parameters:                                                                         

//template parameters

      availabilityZone1: "us-west-2a"

 

      sshKey: "bigip-test"

 

     validate_certs : false

 

    register: stack

 

  - name: Get facts(IP-address) from a cloud formation stack

 

    cloudformation_facts:

 

     aws_access_key: "*****************"

 

     aws_secret_key: "*****************"

 

     region: "us-west-2"

 

     stack_name: "StandaloneBIGIP-1nic-experimental-Ansible"

 

    register: bigip_ip_address

 

 

 

  - set_fact:

//Extract the BIG-IP MGMT IP address

     ip_address: "{{ bigip_ip_address['ansible_facts']['cloudformation']['StandaloneBIGIP-1nic-experimental-Ansible']['stack_outputs']['Bigip1subnet1Az1SelfEipAddress']}}"

 

 

 

  - copy:

//Copy the BIG-IP MGMT IP address to a file

     content: "bigip_ip_address: {{ ip_address}}"

 

     dest: "aws_var_file.yaml"

//Copied IP address can be be referenced from file

     mode: 0644

 

Above mentioned are few ways to spin up a BIG-IP Virtual edition in your private/public cloud environment. Once the BIG-IP is installed then use the F5 ansible modules to deploy the application on the BIG-IP.

Refer to DevCentral article to learn more about ansible roles and how we can use roles to onboard and network a BIG-IP.

Included is a simple playbook that you can download and run against the BIG-IP.

- name: Onboarding BIG-IP

 

  hosts: bigip

//bigip variable should be present in the ansible inventory file

  gather_facts: false

 

 

 

  tasks:

 

 

 

  - name: Configure NTP server on BIG-IP

 

    bigip_device_ntp:

 

      server: "<bigip_ip_address>"

 

      user: "admin"

 

      password: "admin"

 

      ntp_servers: "172.2.1.1"

 

      validate_certs: False

 

    delegate_to: localhost

 

 

 

  - name: Configure BIG-IP hostname

 

    bigip_hostname:

 

      server: "<bigip_ip_address>"

 

      user: "admin"

 

      password: "admin"

 

      validate_certs: False

 

      hostname: "bigip1.local.com"

 

    delegate_to: localhost

 

 

 

  - name: Manage SSHD setting on BIG-IP

 

    bigip_device_sshd:

 

      server: "<bigip_ip_address>"

 

      user: "admin"

 

      password: "admin"

 

      banner: "enabled"

 

      banner_text: "Welcome- CLI username/password to login "

 

      validate_certs: False

 

    delegate_to: localhost

 

 

 

  - name: Manage BIG-IP DNS settings

 

    bigip_device_dns:

 

     server: "<bigip_ip_address>"

 

     user: "admin"

 

     password: "admin"

 

     name_servers: "172.2.1.1"

 

     search: "localhost"

 

     ip_version: "4"

 

     validate_certs: False

 

    delegate_to: localhost

 

 

For more information on BIG-IP ansible playbooks visit the following github link

 

Published Jun 13, 2017
Version 1.0
  • What are the various software compatibility dependencies for getting ansible f5 to work?

     

  • @kernelPanic bigsuds & f5sdk

     

    pip install bigsuds

     

    pip install f5-sdk

     

    for more details - including solution overview & technical White-paper: