Dig deeper into Ansible and F5 integration

Basics of Ansible and F5 integration were covered in a joint webinar held earlier in March 2017. To learn more about the integration and current F5 module support along with some use cases view the w...
Published Apr 05, 2017
Version 1.0
Ansible
application delivery
BIG-IP
devops
iControl
LTM
playbook
RedRenegade_364's avatar
RedRenegade_364
Icon for Nimbostratus rankNimbostratus
Jun 14, 2018

thanks payal.

the presented playbook in this article does not meet the requirements you specify for when explicit routes are needed vs. not needed. see below for the applicable snippet (truncated for simplicity in this case)

with_items:
    - name: 'External-SelfIP'
      address: '10.10.10.10'
      netmask: '255.255.255.0'
      vlan: 'External'
      allow_service: 'default'
    - name: 'Internal-SelfIP'
      address: '192.10.10.10'
      netmask: '255.255.255.0'
      vlan: 'Internal'
      allow_service: 'default'


name: Add http node to web-pool                
  bigip_pool_member:
    description: "HTTP Webserver-1"
    host: "{{ item.host }}"
    name: "{{ item.name }}"
    user: "admin"
    password: "admin"
    pool: "web-pool"
    port: "80"
    server: "{{ inventory_hostname }}"
    validate_certs: False
  with_items:
      - host: "192.168.168.140"
        name: "web01.internal"
      - host: "192.168.68.141"
        name: "web02.internal"


name: Create a virtual server                 
  bigip_virtual_server:
    description: "Secure web application"
    server: "{{ inventory_hostname }}"
    user: "admin"
    password: "admin"
    name: "https_vs"
    destination: "10.10.20.120"
    port: 443
    snat: "Automap"
    all_profiles:
        - http
        - clientssl
    pool: "web-pool"
    validate_certs: False
delegate_to: localhost

I suppose it's likely that many individuals who visit this site are capable of troubleshooting their way out of this problem (say, if they just copy your playbook for testing purposes) and figuring out that they must either modify they IP's of their nodes and front-end test clients or add the bigip_static_route module to the playbook to specify the respective gateways for reachability to the clients and servers. With that said....I'd want anything with my name on it to actually work as I say it should work, that is only true for this playbook if you place a disclaimer at the beginning of the article stating that this is not a complete bigip configuration being presented, that it's a subset of the configuration for the purpose of explaining ansible integration with F5.

I've started a list of the required modules for onboarding a pair of appliances in most standard enterprise implementations. While the list is not officially complete, this is the likely the minimum configuration needed to provision and initialize the appliances BEFORE any service configuration tasks are performed. thus far, the only configuration item that I can't find an ansible module for would be changing the AAA strategy, such as configuring tacacs or LDAP authentication. keep in mind....the goal, from my point of view, is to make it so the next administrator or engineer has to do less work than I did to bootstrap two appliances and get them up and running with services.

below is the list of modules for onboarding.

    -bigip_hostname
    -bigip_snmp
    -bigip_vlan
    -bigip_static_route
    -bigip_self_ip
    -bigip_device_connectivity
    -bigip_remote_syslog
    -bigip_device_ntp

thank you for the clarification!