BIG-IP Puppet Types and Providers

DevOps approach to deploying network and application services is so critical today. The ability to rapidly roll out consistent and repeatable application services that provide for the availability, security, and performance of applications is essential. The F5 and Puppet joint solution provides the functionality to deploy, automate, and manage the configuration of an entire application infrastructure stack. This puts control of the appropriate layers in the right hand, giving the application developers full Layer 7 control.

In the last article, we walked you through some of the scenarios or how customers are using the features we developed for release 1.7.0. 

Since then, we have introduced new release 1.8.0. As we continue on our journey through this article series, I feel compelled to highlight some new additions to the Puppet ecosystem.

Data Group

As you may know, data groups are useful when writing iRules. When you specify a data group along with the class match command or the contains operator, you eliminate the need to list multiple values as arguments in an iRule expression.

Puppet f5_datagroup module offers the solution to automate three types of data groups: address, integer, and string. It provides you the ability to scale the entries to meet the need of running enterprise-scale data centers and cloud. 

f5_datagroup { '/Common/datagroup1':
   ensure  => 'present',
   type    => 'ip',
   records => [
     {'data' => 'network 1', 'name' => ''},
     {'data' => 'network 2', 'name' => ''}

f5_datagroup { '/Common/datagroup2':
   ensure  => 'present',
   type    => 'string',
   records => [
     {'data' => 'image 1', 'name' => '.gif'},
     {'data' => 'image 2', 'name' => '.jpg'}

f5_datagroup { '/Common/datagroup3':
   ensure  => 'present',
   type    => 'integer',
   records => [
     {'data' => 'test 1', 'name' => '1'},
     {'data' => 'test 2', 'name' => '2'}


Using the BIG-IP Configuration utility, you can import an external file that contains content that you want to use in a data group. When you import an existing file to the BIG-IP system, Puppet f5_datagroupexternal module allows you to create data group that contains the specified type of file content (address, string, or integer).

f5_datagroupexternal { '/Common/datagroupext1':
   ensure             => 'present',
   external_file_name => '/Common/add_dg1',


Service and Persistence profile

Through various configuration frofiles, BIG-IP LTM allows you to intelligently control your application layer traffic. HTTP profile, as an example, defines the way that you want the BIG-IP system to manage HTTP traffic. Operational tasks like creating a service profile, adding/removing a profile to/from a virtual server is not only time consuming but error prone. 

In release 1.8.0, we added modules to configure HTTP profile, and persistence profile settings to set up session persistence on the BIG-IP system. As shown below, a new custom HTTP profile was created to replace the default HTTP profile.  

f5_profilehttp { '/Common/http-profile_1':
   ensure                          => 'present',
   fallback_host                   => "",
   fallback_status_codes           => ['500'],

f5_virtualserver { '/Common/http_vs':
   ensure                          => 'present',
   provider                        => 'standard',
   default_pool                    => '/Common/web_pool',
   destination_address             => '',
   destination_mask                => '',
#   http_profile                    => '/Common/http',
   http_profile                    => '/Common/http-profile_1',
   service_port                    => '80',
   protocol                        => 'tcp',
   source                          => '',
   source_address_translation      => 'automap',
   require                         => F5_pool['/Common/web_pool'],


TMSH command

While we continue to enrich Puppet module by adding BIG-IP features, there is always an opportunity for improvement when it comes to feature coverage. The Puppet f5_command module was created to make it easy to run arbitrary TMSH commands on a BIG-IP, to provide an option of last resort if there is no existing module that handles required functionality.

Additionally, some of the API endpoints simply do not exist in REST. Wherever the REST interface provides the functionality, we most definitely make use of it in Puppet modules. Where they do not provide the needed functionality, you will fall back to using f5_command module for now.

f5_command { '/Common/tmsh':
  tmsh => "tmsh show system software",

f5_command { '/Common/tmsh':
  tmsh  => "tmsh mv cm device bigip1 bigip-a.f5.local",


To view a complete list of BIG-IP modules available in Puppet F5 1.8.0 release click here.  If you encounter any problems, please create an issue at

Published Jan 08, 2018
Version 1.0

Was this article helpful?

No CommentsBe the first to comment