cancel
Showing results for 
Search instead for 
Did you mean: 
Login & Join the DevCentral Connects Group to watch the Recorded LiveStream (May 12) on Basic iControl Security - show notes included.
Matt_Mabis
F5 Employee
F5 Employee

I decided to start a series on my work with Beacon with Ansible. Utilizing the existing documentation and some good Ansible elbow grease I was able to knock out some of the prerequisites and the basics of communication with Beacon all within Ansible instead of using Postman for the prerequisites and Ansible for the communications parts.

My hope for this series is to get to a point where you can see how to use Ansible to gather BIG-IP and BIG-IQ Data and inject it into Beacon through automation.

What is F5 Beacon?

F5 Beacon, a SaaS offering, provides visibility and actionable insights into the health and performance of applications. Driven by an application-centric approach, F5 Beacon empowers leaders and app owners with the right set of visibility, monitoring, and analytics across their entire application portfolio.

Beacon offers:

  • End-to-end app visibility:
  • Account for all applications irrespective of where they are deployed
  • Review the health status of applications
  • Gain operations, security, and cost insights
  • Single pane of glass, where telemetry data from different sources can be fused together to provide actionable insights.
  • Ingest telemetry data from different sources, leveraging built-in integrations:
  • F5 portfolio of products and services
  • Telegraf: A plugin-driven server agent for collecting and reporting metrics from 170+ sources
  • Other sources: Datadog - Synthetics service and Up-time Robot leveraging our open declarative APIs and Web-hooks (see Ingest API)

What is Ansible?

Ansible is a universal language, unraveling the mystery of how work gets done. Turn tough tasks into repeatable playbooks. Roll out enterprise-wide protocols with the push of a button.

  • Automate - Deploy apps, Manage Systems, Crush Complexity.
  • Accelerate - Solve problems once and share the results with everyone.
  • Collaborate - Break down silos, create a culture of automation
  • Integrate - Automate the technologies you already use

The Basics and Prerequisites

Installing Beacon Collection in Ansible - ( https://galaxy.ansible.com/f5networks/f5_beacon )

Currently the Ansible collection for Beacon can be donwloaded and installed with the ansible-galaxy command directly or a wget to download the tar.gz file and manually installed with the ansible-galaxy command. Because the collection is currently is not a version 1.0+ you must call out the specific version of the code during the ansible-galaxy command for it to work correctly


My Machine

I used a VM with CentOS Linux release 7.7.1908 (Core) installed and Ansible version was latest build available at the time using Python 3

ansible 2.9.9

 config file = /root/.ansible.cfg

 configured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']

 ansible python module location = /usr/local/lib/python3.6/site-packages/ansible

 executable location = /usr/local/bin/ansible

 python version = 3.6.8 (default, Apr 2 2020, 13:34:55) [GCC 4.8.5 20150623 (Red Hat 4.8.5-39)]

Prerequisites/Notes:


Download/Install the collection from Ansible Galaxy command



ansible-galaxy collection install f5networks.f5_beacon:==0.5.2-beta



Accessing Beacon and your Primary_Account_ID

Accessing Beacon

Make sure prior to this point you have access to Beacon via a user account, this is step must be confirmed prior to moving below because without a user account you will not be able to get access to your Primary_Account_ID and authenticate to the APIs.

If you have access to F5 Beacon and are successfully authentication you should be able to access the Map and List Views within F5 Beacon.

0EM1T000001g17W.png

Accessing Your Primary_Account_ID via Ansible Playbooks

The primary_account_id is an essential part of accessing your Beacon environment and will be utilized for further code down the road for F5_Beacon API calls.

My vars file (located away from my playbook ../vars/f5_beacon.yml (Only change the Username/Password, everything else is correct including the host)

ansible_host: "api.cloudservices.f5.com"
ansible_user: "My-Username_for_F5-Beacon"
ansible_httpapi_password: "My-Password_for_F5-Beacon"
ansible_network_os: f5networks.f5_beacon.f5
ansible_httpapi_use_ssl: yes
cur_state: present

My Inventory File (located away from my playbook ../inventory/f5_beacon.yml

[beacon]
beacon_node ansible_host=portal.cloudservices.f5.com

My modified Playbook (f5-beacon-primary_account_id.yaml) for getting the Primary_Account_ID (Debugs are for ensuring that tokens and the ID is properly stored and displayed)

---
- name: Get Beacon Primary Account ID
  hosts: beacon
  gather_facts: false
  connection: httpapi
  collections:
    - f5networks.f5_beacon

  vars_files:
    - ../vars/f5_beacon.yml

  tasks:
    - name: Login to Beacon to get Access Token
      uri:
        url: https://api.cloudservices.f5.com/v1/svc-auth/login
        method: POST
        body_format: json
        body: '{ "username": "{{ansible_user}}", "password": "{{ansible_httpapi_password}}"}'
        status_code: 200
      register: login

    - debug:
        var: login.json.access_token

    - name: Login to Beacon to get Access Token
      uri:
        url: https://api.cloudservices.f5.com/v1/svc-account/user
        method: get
        headers:
          Authorization: "Bearer {{login.json.access_token}}"
        status_code: 200
      register: user_data

    - debug:
        var: user_data.json.primary_account_id

Running the playbook (as i use separated inventory files in lower directories so they are not captured in GitHub synchronizations i call it during the play)

ansible-playbook -i ../inventory/f5_beacon.yml f5-beacon-primary_account_id.yaml

Output (with essential data removed or changed for security) - When the code executes properly you will get a long Access Token and the Primary Account_ID will be shown. These are the first essential parts to getting access to beacon.

PLAY [Get Beacon Primary Account ID] ***********************************************************************************************************************


TASK [Login to Beacon to get Access Token] ****************************************************************************************************
ok: [beacon_node]


TASK [debug] **********************************************************************************************************************************
ok: [beacon_node] => {
    "login.json.access_token": "eyJraWQi..."
}


TASK [Login to Beacon to get Access Token] ****************************************************************************************************
ok: [beacon_node]


TASK [debug] **********************************************************************************************************************************
ok: [beacon_node] => {
    "user_data.json.primary_account_id": "a-..."
}


PLAY RECAP ************************************************************************************************************************************
beacon_node                : ok=4    changed=0    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0

Verify Beacon Access.

This time i will be cloning the previous play and adding another task to confirm connectivity to Beacon.

In my Web Portal we have already imported some VIPs (VMware Horizon) into Beacon that will be translated and shown in the access command

0EM1T000001g17X.png

Code with Add-in

Filename - f5-beacon-data.yaml

---
- name: Get Beacon Data
  hosts: beacon
  gather_facts: false
  connection: httpapi
  collections:
    - f5networks.f5_beacon


  vars_files:
    - ../vars/f5_beacon.yml


  tasks:
    - name: Login to Beacon to get Access Token
      uri:
        url: https://api.cloudservices.f5.com/v1/svc-auth/login
        method: POST
        body_format: json
        body: '{ "username": "{{ansible_user}}", "password": "{{ansible_httpapi_password}}"}'
        status_code: 200
      register: login


    - debug:
        var: login.json.access_token


    - name: Login to Beacon to get Access Token
      uri:
        url: https://api.cloudservices.f5.com/v1/svc-account/user
        method: get
        headers:
          Authorization: "Bearer {{login.json.access_token}}"
        status_code: 200
      register: user_data


    - debug:
        var: user_data.json.primary_account_id


# Gather Information about Beacon
    - name: Collect Beacon Information
      beacon_info:
        preferred_account_id: "{{ user_data.json.primary_account_id }}"
        gather_subset:
          - tokens
          - sources
      register: beacon_info


    - debug:
        var: beacon_info

Running the playbook (as i use separated inventory files in lower directories so they are not captured in GitHub synchronizations i call it during the play)

ansible-playbook -i ../inventory/f5_beacon.yml f5-beacon-data.yaml

Output (with essential data removed or changed for security) - When the code executes properly you will get a long Access Token and the Primary Account_ID and Beacon Data will be shown.

PLAY [Get Beacon Data] ************************************************************************************************************************


TASK [Login to Beacon to get Access Token] ****************************************************************************************************
ok: [beacon_node]


TASK [debug] **********************************************************************************************************************************
ok: [beacon_node] => {
    "login.json.access_token": "eyJraWQi..."
}


TASK [Login to Beacon to get Access Token] ****************************************************************************************************
ok: [beacon_node]


TASK [debug] **********************************************************************************************************************************
ok: [beacon_node] => {
    "user_data.json.primary_account_id": "a-..."
}


TASK [Collect Beacon Information] *************************************************************************************************************
ok: [beacon_node]


TASK [debug] **********************************************************************************************************************************
ok: [beacon_node] => {
    "beacon_info": {
        "ansible_facts": {
            "ansible_net_queried": true,
            "ansible_net_sources": [
                {
                    "last_feed_time": "2020-07-06T06:59:09Z",
                    "name": "BIG-IQ-d413...",
                    "token_name": "Horizon_data_Ingest",
                    "type": "bigiq-system"
                },
                {
                    "last_feed_time": "2020-07-13T18:49:51Z",
                    "name": "Horizon-BIP.bd.f5.com",
                    "token_name": "Horizon_data_Ingest",
                    "type": "bigip-system"
                }
            ],
            "ansible_net_tokens": [
                {
                    "access_token": "a-aalb...",
                    "create_time": "2020-07-16T03:02:54.809199Z",
                    "description": "Ansible Token",
                    "name": "ExampleToken",
                    "source_count": 0
                },
                {
                    "access_token": "a-aalb...",
                    "create_time": "2020-05-20T17:13:33.203313Z",
                    "description": "",
                    "name": "Horizon_data_Ingest",
                    "source_count": 2
                }
            ]
        },
        "changed": false,
        "failed": false,
        "queried": true,
        "sources": [
            {
                "last_feed_time": "2020-07-06T06:59:09Z",
                "name": "BIG-IQ-d413...",
                "token_name": "Horizon_data_Ingest",
                "type": "bigiq-system"
            },
            {
                "last_feed_time": "2020-07-13T18:49:51Z",
                "name": "Horizon-BIP.bd.f5.com",
                "token_name": "Horizon_data_Ingest",
                "type": "bigip-system"
            }
        ],
        "tokens": [
            {
                "access_token": "a-aalb...",
                "create_time": "2020-07-16T03:02:54.809199Z",
                "description": "Ansible Token",
                "name": "ExampleToken",
                "source_count": 0
            },
            {
                "access_token": "a-aalb...",
                "create_time": "2020-05-20T17:13:33.203313Z",
                "description": "",
                "name": "Horizon_data_Ingest",
                "source_count": 2
            }
        ]
    }
}

I know this information will be useful to those looking for automation integrations with F5 Beacon using Ansible. Stay Tuned for the next part in the series.

Version history
Last update:
‎31-Aug-2020 16:26
Updated by:
Contributors