BIG-IP deployments using Ansible in private and public cloud

F5 has been actively developing Ansible modules that help in deploying an application on the BIG-IP. For a list of candidate modules for Ansible 2.4 release refer to the Github link. These modules can be used to configure any BIG-IP (physical/virtual) in any environment (Public/Private or Hybrid cloud)

Before we can use the BIG-IP to deploy an application, we need to spin up a virtual edition of the BIG. Let’s look at some ways to spin up a BIG-IP in the Public and Private cloud

Private cloud

Create a BIG-IP guest VM through VMware vSphere

For more details on the ansible module refer to Ansible documentation

Pre-condition: On the VMware a template of the BIG-IP image has been created

Example Playbook:

- name: Create VMware guest
hosts: localhost
connection: local
become: true
tasks:
- name: Deploy BIG-IP VE
vsphere_guest:
vcenter_hostname: 10.192.73.100	//vCenter hostname or IP address
esxi:
datacenter: F5 BD Lab	//Datacenter name
hostname: 10.192.73.22	//esxi hostname or IP address
username: root	//vCenter username
password: *****	//vCenter password
guest: “BIGIP-VM”	//Name of the BIG-IP to be created
from_template: yes
template_src: "BIG-IP VE 12.1.2.0.0.249-Template"	//Name of the template

Spin up a BIG-IP VM in VMWARE using govc

For more details on the govc refer to govc github and vmware github

Pre-condition: govc has been installed on the ansible host

Example Playbook:

- name: Create VMware guest
hosts: localhost
connection: local
tasks:
- name: Import OVA and deploy BIG-IP VM
command: "/usr/local/bin/govc import.ova -name=newVM BIGIP005 /tmp/BIGIP-12.1.2.0.0.249.LTM-scsi.ova"	//Command to import the BIG-IP ova file
environment:
GOVC_HOST: "10.192.73.100"	//vCenter hostname or IP address
GOVC_URL: "https://10.192.73.100/sdk"
GOVC_USERNAME: "root"	//vCenter username
GOVC_PASSWORD: "*******"	//vCenter password
GOVC_INSECURE: "1"
GOVC_DATACENTER: "F5 BD Lab"	//Datacenter name
GOVC_DATASTORE: "datastore1 (5)"	//Datastore on where to store the ova file
GOVC_RESOURCE_POOL: "Testing"	//Resource pool to use

- name: Power on the VM
command: "/usr/local/bin/govc vm.power -on newVM-BIGIP005"
environment:
GOVC_HOST: "10.192.73.100"
GOVC_URL: "https://10.192.73.100/sdk"
GOVC_USERNAME: "root"
GOVC_PASSWORD: "vmware"
GOVC_INSECURE: "1"
GOVC_DATACENTER: "F5 BD Lab"
GOVC_DATASTORE: "datastore1 (5)"
GOVC_RESOURCE_POOL: "Testing"

Public Cloud

Spin up a BIG-IP using cloud formation templates in AWS

For more details on the BIG-IP cloud formation templates, refer to the following Github Page

Pre-condition: Cloud formation JSON template has been downloaded to the Ansible host

Example Playbook:

- name: Launch BIG-IP CFT in AWS
hosts: localhost
gather_facts: false

tasks:
- name: Launch BIG-IP CFT
cloudformation:
aws_access_key: "******************"	//AWS access key
aws_secret_key: "******************"	//AWS secret key
stack_name: "StandaloneBIGIP-1nic-experimental-Ansible"
state: "present"
region: "us-west-2"
disable_rollback: true
template: "standalone-hourly-1nic-experimental.json"	//JSON blob for the CFT
template_parameters:	//template parameters
availabilityZone1: "us-west-2a"
sshKey: "bigip-test"
validate_certs : false
register: stack
- name: Get facts(IP-address) from a cloud formation stack
cloudformation_facts:
aws_access_key: "*****************"
aws_secret_key: "*****************"
region: "us-west-2"
stack_name: "StandaloneBIGIP-1nic-experimental-Ansible"
register: bigip_ip_address

- set_fact:	//Extract the BIG-IP MGMT IP address
ip_address: "{{ bigip_ip_address['ansible_facts']['cloudformation']['StandaloneBIGIP-1nic-experimental-Ansible']['stack_outputs']['Bigip1subnet1Az1SelfEipAddress']}}"

- copy:	//Copy the BIG-IP MGMT IP address to a file
content: "bigip_ip_address: {{ ip_address}}"
dest: "aws_var_file.yaml"	//Copied IP address can be be referenced from file
mode: 0644

Above mentioned are few ways to spin up a BIG-IP Virtual edition in your private/public cloud environment. Once the BIG-IP is installed then use the F5 ansible modules to deploy the application on the BIG-IP.

Refer to DevCentral article to learn more about ansible roles and how we can use roles to onboard and network a BIG-IP.

Included is a simple playbook that you can download and run against the BIG-IP.

- name: Onboarding BIG-IP
hosts: bigip	//bigip variable should be present in the ansible inventory file
gather_facts: false

tasks:

- name: Configure NTP server on BIG-IP
bigip_device_ntp:
server: "<bigip_ip_address>"
user: "admin"
password: "admin"
ntp_servers: "172.2.1.1"
validate_certs: False
delegate_to: localhost

- name: Configure BIG-IP hostname
bigip_hostname:
server: "<bigip_ip_address>"
user: "admin"
password: "admin"
validate_certs: False
hostname: "bigip1.local.com"
delegate_to: localhost

- name: Manage SSHD setting on BIG-IP
bigip_device_sshd:
server: "<bigip_ip_address>"
user: "admin"
password: "admin"
banner: "enabled"
banner_text: "Welcome- CLI username/password to login "
validate_certs: False
delegate_to: localhost

- name: Manage BIG-IP DNS settings
bigip_device_dns:
server: "<bigip_ip_address>"
user: "admin"
password: "admin"
name_servers: "172.2.1.1"
search: "localhost"
ip_version: "4"
validate_certs: False
delegate_to: localhost