Technical Articles
F5 SMEs share good practice.
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- DevCentral
- Technical Articles
- Telemetry streaming - One click deploy using Ansib...
Options
- Subscribe to RSS Feed
- Mark as New
- Mark as Read
- Bookmark
- Subscribe
- Printer Friendly Page
Payal_S
Legacy Employee
Options
- Article History
- Subscribe to RSS Feed
- Mark as New
- Mark as Read
- Bookmark
- Subscribe
- Printer Friendly Page
on 29-Jul-2020 08:47
In this article we will focus on using Ansible to enable and install telemetry streaming (TS) and associated dependencies.
Telemetry streaming
The F5 BIG-IP is a full proxy architecture, which essentially means that the BIG-IP LTM completely understands the end-to-end connection, enabling it to be an endpoint and originator of client and server side connections. This empowers the BIG-IP to have traffic statistics from the client to the BIG-IP and from the BIG-IP to the server giving the user the entire view of their network statistics.
To gain meaningful insight, you must be able to gather your data and statistics (telemetry) into a useful place.Telemetry streaming is an extension designed to declaratively aggregate, normalize, and forward statistics and events from the BIG-IP to a consumer application.
You can earn more about telemetry streaming here, but let's get to Ansible.
Enable and Install using Ansible
The Ansible playbook below performs the following tasks
- Grab the latest Application Services 3 (AS) and Telemetry Streaming (TS) versions
- Download the AS3 and TS packages and install them on BIG-IP using a role
- Deploy AS3 and TS declarations on BIG-IP using a role from Ansible galaxy
- If AVR logs are needed for TS then provision the BIG-IP AVR module and configure AVR to point to TS
Prerequisites
- Supported on BIG-IP 14.1+ version
- If AVR is required to be configured make sure there is enough memory for the module to be enabled along with all the other BIG-IP modules that are provisioned in your environment
- The TS data is being pushed to Azure log analytics (modify it to use your own consumer). If azure logs are being used then change your TS json file with the correct workspace ID and sharedkey
- Ansible is installed on the host from where the scripts are run
- Following files are present in the directory
- Variable file (vars.yml)
- TS poller and listener setup (ts_poller_and_listener_setup.declaration.json)
- Declare logging profile (as3_ts_setup_declaration.json)
- Ansible playbook (ts_workflow.yml)
Get started
Download the following roles from ansible galaxy.
ansible-galaxy install f5devcentral.f5app_services_package --force
This role performs a series of steps needed to download and install RPM packages on the BIG-IP that are a part of F5 automation toolchain. Read through the prerequisites for the role before installing it.
ansible-galaxy install f5devcentral.atc_deploy --force
This role deploys the declaration using the RPM package installed above. Read through the prerequisites for the role before installing it.
By default, roles get installed into the /etc/ansible/role directory.
Next copy the below contents into a file named vars.yml.
Change the variable file to reflect your environment
# BIG-IP MGMT address and username/password f5app_services_package_server: "xxx.xxx.xxx.xxx" f5app_services_package_server_port: "443" f5app_services_package_user: "*****" f5app_services_package_password: "*****" f5app_services_package_validate_certs: "false" f5app_services_package_transport: "rest" # URI from where latest RPM version and package will be downloaded ts_uri: "https://github.com/F5Networks/f5-telemetry-streaming/releases" as3_uri: "https://github.com/F5Networks/f5-appsvcs-extension/releases" #If AVR module logs needed then set to 'yes' else leave it as 'no' avr_needed: "no" # Virtual servers in your environment to assign the logging profiles (If AVR set to 'yes') virtual_servers: - "vs1" - "vs2"
Next copy the below contents into a file named ts_poller_and_listener_setup.declaration.json.
{
"class": "Telemetry",
"controls": {
"class": "Controls",
"logLevel": "debug"
},
"My_Poller": {
"class": "Telemetry_System_Poller",
"interval": 60
},
"My_Consumer": {
"class": "Telemetry_Consumer",
"type": "Azure_Log_Analytics",
"workspaceId": "<<workspace-id>>",
"passphrase": {
"cipherText": "<<sharedkey>>"
},
"useManagedIdentity": false,
"region": "eastus"
}
}
Next copy the below contents into a file named as3_ts_setup_declaration.json
{
"class": "ADC",
"schemaVersion": "3.10.0",
"remark": "Example depicting creation of BIG-IP module log profiles",
"Common": {
"Shared": {
"class": "Application",
"template": "shared",
"telemetry_local_rule": {
"remark": "Only required when TS is a local listener",
"class": "iRule",
"iRule": "when CLIENT_ACCEPTED {\n node 127.0.0.1 6514\n}"
},
"telemetry_local": {
"remark": "Only required when TS is a local listener",
"class": "Service_TCP",
"virtualAddresses": [
"255.255.255.254"
],
"virtualPort": 6514,
"iRules": [
"telemetry_local_rule"
]
},
"telemetry": {
"class": "Pool",
"members": [
{
"enable": true,
"serverAddresses": [
"255.255.255.254"
],
"servicePort": 6514
}
],
"monitors": [
{
"bigip": "/Common/tcp"
}
]
},
"telemetry_hsl": {
"class": "Log_Destination",
"type": "remote-high-speed-log",
"protocol": "tcp",
"pool": {
"use": "telemetry"
}
},
"telemetry_formatted": {
"class": "Log_Destination",
"type": "splunk",
"forwardTo": {
"use": "telemetry_hsl"
}
},
"telemetry_publisher": {
"class": "Log_Publisher",
"destinations": [
{
"use": "telemetry_formatted"
}
]
},
"telemetry_traffic_log_profile": {
"class": "Traffic_Log_Profile",
"requestSettings": {
"requestEnabled": true,
"requestProtocol": "mds-tcp",
"requestPool": {
"use": "telemetry"
},
"requestTemplate": "event_source=\"request_logging\",hostname=\"$BIGIP_HOSTNAME\",client_ip=\"$CLIENT_IP\",server_ip=\"$SERVER_IP\",http_method=\"$HTTP_METHOD\",http_uri=\"$HTTP_URI\",virtual_name=\"$VIRTUAL_NAME\",event_timestamp=\"$DATE_HTTP\""
}
}
}
}
}
NOTE: To better understand the above declarations check out our clouddocs page: https://clouddocs.f5.com/products/extensions/f5-telemetry-streaming/latest/telemetry-system.html
Next copy the below contents into a file named ts_workflow.yml
- name: Telemetry streaming setup
hosts: localhost
connection: local
any_errors_fatal: true
vars_files:
vars.yml
tasks:
- name: Get latest AS3 RPM name
action: shell wget -O - {{as3_uri}} | grep -E rpm | head -1 | cut -d "/" -f 7 | cut -d "=" -f 1 | cut -d "\"" -f 1
register: as3_output
- debug:
var: as3_output.stdout_lines[0]
- set_fact:
as3_release: "{{as3_output.stdout_lines[0]}}"
- name: Get latest AS3 RPM tag
action: shell wget -O - {{as3_uri}} | grep -E rpm | head -1 | cut -d "/" -f 6
register: as3_output
- debug:
var: as3_output.stdout_lines[0]
- set_fact:
as3_release_tag: "{{as3_output.stdout_lines[0]}}"
- name: Get latest TS RPM name
action: shell wget -O - {{ts_uri}} | grep -E rpm | head -1 | cut -d "/" -f 7 | cut -d "=" -f 1 | cut -d "\"" -f 1
register: ts_output
- debug:
var: ts_output.stdout_lines[0]
- set_fact:
ts_release: "{{ts_output.stdout_lines[0]}}"
- name: Get latest TS RPM tag
action: shell wget -O - {{ts_uri}} | grep -E rpm | head -1 | cut -d "/" -f 6
register: ts_output
- debug:
var: ts_output.stdout_lines[0]
- set_fact:
ts_release_tag: "{{ts_output.stdout_lines[0]}}"
- name: Download and Install AS3 and TS RPM ackages to BIG-IP using role
include_role:
name: f5devcentral.f5app_services_package
vars:
f5app_services_package_url: "{{item.uri}}/download/{{item.release_tag}}/{{item.release}}?raw=true"
f5app_services_package_path: "/tmp/{{item.release}}"
loop:
- {uri: "{{as3_uri}}", release_tag: "{{as3_release_tag}}", release: "{{as3_release}}"}
- {uri: "{{ts_uri}}", release_tag: "{{ts_release_tag}}", release: "{{ts_release}}"}
- name: Deploy AS3 and TS declaration on the BIG-IP using role
include_role:
name: f5devcentral.atc_deploy
vars:
atc_method: POST
atc_declaration: "{{ lookup('template', item.file) }}"
atc_delay: 10
atc_retries: 15
atc_service: "{{item.service}}"
provider:
server: "{{ f5app_services_package_server }}"
server_port: "{{ f5app_services_package_server_port }}"
user: "{{ f5app_services_package_user }}"
password: "{{ f5app_services_package_password }}"
validate_certs: "{{ f5app_services_package_validate_certs | default(no) }}"
transport: "{{ f5app_services_package_transport }}"
loop:
- {service: "AS3", file: "as3_ts_setup_declaration.json"}
- {service: "Telemetry", file: "ts_poller_and_listener_setup_declaration.json"}
#If AVR logs need to be enabled
- name: Provision BIG-IP with AVR
bigip_provision:
provider:
server: "{{ f5app_services_package_server }}"
server_port: "{{ f5app_services_package_server_port }}"
user: "{{ f5app_services_package_user }}"
password: "{{ f5app_services_package_password }}"
validate_certs: "{{ f5app_services_package_validate_certs | default(no) }}"
transport: "{{ f5app_services_package_transport }}"
module: "avr"
level: "nominal"
when: avr_needed == "yes"
- name: Enable AVR logs using tmsh commands
bigip_command:
commands:
- modify analytics global-settings { offbox-protocol tcp offbox-tcp-addresses add { 127.0.0.1 } offbox-tcp-port 6514 use-offbox enabled }
- create ltm profile analytics telemetry-http-analytics { collect-geo enabled collect-http-timing-metrics enabled collect-ip enabled collect-max-tps-and-throughput enabled collect-methods enabled collect-page-load-time enabled collect-response-codes enabled collect-subnets enabled collect-url enabled collect-user-agent enabled collect-user-sessions enabled publish-irule-statistics enabled }
- create ltm profile tcp-analytics telemetry-tcp-analytics { collect-city enabled collect-continent enabled collect-country enabled collect-nexthop enabled collect-post-code enabled collect-region enabled collect-remote-host-ip enabled collect-remote-host-subnet enabled collected-by-server-side enabled }
provider:
server: "{{ f5app_services_package_server }}"
server_port: "{{ f5app_services_package_server_port }}"
user: "{{ f5app_services_package_user }}"
password: "{{ f5app_services_package_password }}"
validate_certs: "{{ f5app_services_package_validate_certs | default(no) }}"
transport: "{{ f5app_services_package_transport }}"
when: avr_needed == "yes"
- name: Assign TCP and HTTP profiles to virtual servers
bigip_virtual_server:
provider:
server: "{{ f5app_services_package_server }}"
server_port: "{{ f5app_services_package_server_port }}"
user: "{{ f5app_services_package_user }}"
password: "{{ f5app_services_package_password }}"
validate_certs: "{{ f5app_services_package_validate_certs | default(no) }}"
transport: "{{ f5app_services_package_transport }}"
name: "{{item}}"
profiles:
- http
- telemetry-http-analytics
- telemetry-tcp-analytics
loop: "{{virtual_servers}}"
when: avr_needed == "yes"
Now execute the playbook:
ansible-playbook ts_workflow.yml
Verify
- Login to the BIG-IP UI
- Go to menu iApps->Package Management LX. Both the f5-telemetry and f5-appsvs RPM's should be present
- Login to BIG-IP CLI
- Check restjavad logs present at /var/log for any TS errors
- Login to your consumer where the logs are being sent to and make sure the consumer is receiving the logs
Conclusion
The Telemetry Streaming (TS) extension is very powerful and is capable of sending much more information than described above. Take a look at the complete list of logs as well as consumer applications supported by TS over on CloudDocs: https://clouddocs.f5.com/products/extensions/f5-telemetry-streaming/latest/using-ts.html
Labels: