VMware Horizon and F5 iAPP Deployments Backed by Ansible Automation

The Intro:

A little over a year ago I knew barely anything about automation, zero about ansible, and didn't even think it would be something so tied to my life like it is now. I spend all my moments trying to think about how I can make Automation easier in my life, and being in Business Development I spend a lot of time testing F5 solutions and integrations between vendors (specifically between F5 and VMware as well as F5 and RedHat Ansible). I figured why not bring them a little closer together? It takes forever to build Labs and setup environments, and with automation I can do this in mere minutes compared to the hours it use to take (we are talking fresh builds, clean environments).

I plan on sharing more about more of my VMware and Ansible automation integrations down the chain (like Horizon labs that can be built from scratch and ready to test in 30 minutes or less). But I wanted to start out with something that I get a lot of questions about: is it possible to automate iApp Deployments? Specifically the VMware Horizon iApp? The answer is YOU CAN NOW! grant you this like all automation is a work in progress. My suggestion is if you have a use case you want to build using what I have started with I encourage it!! TAKE, FORK and Expand!!!!


The Code:

All of the code I am using is completely accessible via the F5 DevCentral Git Repository and feel free to use it! What does it do? Well, if you are an F5 Guru then you might think it looks similar to how our AS3 code works, if you aren't a Guru its basically taking one set of variables and sending off a single command to the F5 to build the Application (I tell it the things that make it work, and how I want it deployed and it does all the work for me).

Keep in mind this isn't using F5 AS3 code, it just mimics the same methods by taking a JSON declaration of how I want things to be and the F5 does all of the imperative commands for me.

	- name: Build JSON payload
	  ansible.builtin.template: src=f5.horizon.{{deployment_type |lower }}.j2 dest=/tmp/f5.horizon.json

	- name: Deploy F5 Horizon iApp
	  f5networks.f5_modules.bigip_iapp_service: #Using Collections if not use - bigip_iapp_service:
	    name: "VMware-Horizon"
	    template: "{{iapp_template_name}}"
	    parameters: "{{ lookup('template', '/tmp/f5.horizon.json') }}"
	      server: "{{f5_ip}}"
	      user: "{{f5_user}}"
	      password: "{{f5_pass}}"
	      validate_certs: no
	  delegate_to: localhost


All of this code can be found at - https://github.com/f5devcentral/f5-bd-horizon-iapp-deploy/



Using the F5 iApp for Horizon provided many options of deployment but they were all categorized into 3 buckets

  • F5 APM with VMware Horizon - Where the F5 acts as the Gateway for all VMware Horizon Connections (Proxying PCoIP/Blast)
  • F5 LTM with VMware Horizon - Internal Connections to an environment from a LAN and being able to secure and load balance Connection Servers
  • F5 LTM with VMware Unified Access Gateway - Using the F5 to load balance the VMware Unified Access Gateways (UAGs) and letting the UAGs proxy the connections.

The deployments offer the ability to utilize pre-imported certificates, set the Virtual IP, add additional Connection Servers, Create the iRule for internal connections (origin header check) and much more. All of this is dependent on your deployment and the way you need it setup.

The current code doesn't import in the iApp Template nor the certificates, this could be done with other code but currently is not part of this code.

All three of these deployment models are considered and part of the code and how its deployed is based on the variables file

"{{code_directory}}/vars/horizon_iapp_vars.yml" as shown below.

Keep in mind this is using clear text (i.e. username/password for AD) for some variables you can add other ways of securing your passwords like an Ansible VAULT.

#F5 Authentication
f5_user: admin
f5_pass: "my_password" 
f5_admin_port: 443

#All Deployment Types
deployment_type: "apm"  #option can be APM, LTM or UAG

  #iApp Variables
iapp_vip_address: ""
iapp_template_name: "f5.vmware_view.v1.5.9"

  #SSL Info
iapp_ssl_cert: "/Common/Wildcard-2022" # If want to use F5 Default Cert for Testing use "/Common/default.crt"
iapp_ssl_key: "/Common/Wildcard-2022" # If want to use F5 Default Cert for Testing use "/Common/default.key"
iapp_ssl_chain: "/#do_not_use#" 

  #Horizon Info
iapp_horizon_fqdn: "horizon.mycorp.com"
iapp_horizon_netbios: "My-Corp"
iapp_horizon_domainname: "My-Corp.com"
iapp_horizon_nat_addresss: "" #enter NAT address or leave empty for none

# LTM Deployment Type
  - "/Common/Horizon-Origin-Header"
# APM and LTM Deployment Types
  - { ip: "", port: "443" }  # to add Connection Servers just add additional line 
  - { ip: "", port: "443" }

#APM Deployment Type
iapp_active_directory_username: "my_ad_user"
iapp_active_directory_password: "my_ad_password"
iapp_active_directory_password_encrypted: "no" # This is still being validated but requires the encrypted password from the BIG-IP
  - { name: "ad_server_1.mycorp.com", ip: "" } # to add Active Directory Servers just add additional lines
  - { name: "ad_server_2.mycorp.com", ip: "" }

# UAG Deployment Type
  - { ip: "", port: "443" }  # to add UAG Servers Just add additional lines
  - { ip: "", port: "443" }


How do the Variables integrate with the Templates?

The templates are JSON based code which Ansible will inject the variables into them depending on the deployment method called. This makes it easier to templates to specific deployments because we don't hard code specific values that aren't necessary or are part of the default deployments. Advanced Deployments would require modification of the JSON code to apply specialized settings that aren't apart of the default.

If you want to see more about the templates for each operation (APM/LTM/UAG) check out the JSON Code at the link below:


The Results:

Within seconds I can deploy, configure and make changes to my deployments or even change my deployment type. Could I do this in the GUI? Absolutely but the point is to Automate ALL THE THINGS, and being able to integrate this with solutions like Lab in a box (built from scratch including the F5) saves massive amounts of time.


Example of a VMware Horizon iApp Deployment with F5 APM done in ~12 Seconds

[root@Elysium f5-bd-horizon-iapp-deploy]# time ansible-playbook horizon_iapp_deploy.yaml

PLAY [localhost] ********************************************************************************************************************************************************************

TASK [bypass-variables : ansible.builtin.stat] **************************************************************************************************************************************
ok: [localhost]

TASK [bypass-variables : ansible.builtin.include_vars] ******************************************************************************************************************************
ok: [localhost]

TASK [create-irule : Create F5 iRule] ***********************************************************************************************************************************************
skipping: [localhost]

TASK [ansible-deploy-iapp : Build JSON payload] *************************************************************************************************************************************
ok: [localhost]

TASK [ansible-deploy-iapp : Deploy F5 Horizon iApp] *********************************************************************************************************************************
changed: [localhost]

PLAY RECAP **************************************************************************************************************************************************************************
localhost                  : ok=4    changed=1    unreachable=0    failed=0    skipped=1    rescued=0    ignored=0

real    0m11.954s
user    0m6.114s
sys     0m0.542s




All of this code can be found at - https://github.com/f5devcentral/f5-bd-horizon-iapp-deploy/

Published Mar 23, 2021
Version 1.0

Was this article helpful?

No CommentsBe the first to comment