MOVE TOWARDS SIMPLER AUTOMATION WITH ABSTRACTION USING ANSIBLE ROLES - - PowerPoint PPT Presentation

move towards simpler automation with abstraction using
SMART_READER_LITE
LIVE PREVIEW

MOVE TOWARDS SIMPLER AUTOMATION WITH ABSTRACTION USING ANSIBLE ROLES - - PowerPoint PPT Presentation

Nov 30, 2022 643 likes •909 views

MOVE TOWARDS SIMPLER AUTOMATION WITH ABSTRACTION USING ANSIBLE ROLES AND F5 DECLARATIVE APIS. Payal Singh, Forrest Crenshaw, Principal Solution Engineer, Product Management Engineer, F5 Networks F5 Networks payal.singh@f5.com

slide-1
SLIDE 1

MOVE TOWARDS SIMPLER AUTOMATION WITH ABSTRACTION USING ANSIBLE ROLES AND F5 DECLARATIVE APIS.

1

Forrest Crenshaw, 
 Product Management Engineer, 
 F5 Networks f.crenshaw@f5.com Payal Singh, Principal Solution Engineer, 
 F5 Networks payal.singh@f5.com

slide-2
SLIDE 2

AGENDA

  • F5 & Automation Introduction
  • F5 Ansible Roles
  • Demo: Modules & Roles
  • Ansible and the F5 Automation Toolchain
  • Demo: Declarative API through Ansible
  • Resources
slide-3
SLIDE 3

3

F5 BIG-IP

slide-4
SLIDE 4

RECAP

Previous Webinars

  • Automate BIG-IP in customer environments using Ansible
  • Basic F5 playbook
  • Ansible F5 modules

  • Fast application deployment and customer use case with Ansible and F5 BIG-

IP

  • Onboarding & App Deployments
  • WWT: Building A F5 solution with Ansible Tower
  • Using Tower to configure the BIG-IP
  • Tackling BIG-IP blue-green deployments in private cloud using F5 & VMWARE

Ansible modules

slide-5
SLIDE 5

F5 INTRODUCTION

ADC

Internet

Devices

LTM APM ASM BIG-IP Local Traffic Manager BIG-IP Access Policy Manager BIG-IP Application Security Manager

BIG-IP Cloud Virtual Physical

SECURITY

Platforms

BIG-IP

slide-6
SLIDE 6

NEW IN ANSIBLE 2.7

  • Modules
  • 31 new modules
  • 113 total F5 modules
  • Roles
  • BIG-IP Onboarding
  • GSLB Configuration
  • Device Backup
  • F5-SDK / BIGSUDS dependencies mostly

removed (2.8 fully removed)

bigsuds f5-sdk

slide-7
SLIDE 7

NEW MODULES

  • Software image Install
  • BIG-IP device facts
  • Firewall
  • Rule, list, policy, Dos
  • System Auth
  • Profiles
  • http, oneconnect, source

persistence

slide-8
SLIDE 8

8

F5 ANSIBLE ROLES

slide-9
SLIDE 9

F5 and Ansible Solution Playbook

Local Connection

Control Node Inventory

REST

Triple “for” loop For each PLAY For each HOST For each TASK

Datacenter / Cloud

slide-10
SLIDE 10

MODULE VS ROLE

10

Playbook comparison

gtm_pool_member gtm_virtual_server gtm_pool gtm_wide_ip Play: Create GSLB Record Hosts: BIG-IP DNS Tasks: import_role: bigip_gslb Play: Create GSLB Record Hosts: BIG-IP DNS Tasks:

For Free:

  • Looping Pools
  • Looping Pool members
  • Verification DNS is installed
  • Default variables
  • Dependency check
  • Fork to make it yours

Module

easy

Role

easier

slide-11
SLIDE 11
  • Simplified playbooks

– Make ”code” readable

  • Reusable common actions

– Think outside the box – Use someone else's box

  • Frequent updates
  • Community driven

– Github – Contribute / open issues

ANSIBLE GALAXY

11

slide-12
SLIDE 12

12

DEMO 1
 INSTALLING AND USING THE F5 GSLB ROLE

slide-13
SLIDE 13

DEMO 1 FLOW

13

PB

Control Node

Inv

1

  • Pull playbooks and

inventory from git

  • Review / Deploy GSLB

configuration via Modules

  • Review / Deploy GSLB

configuration via Roles

Control Node

2

BIG-IP Apps

Modules

Control Node

4

BIG-IP Apps

Roles

  • Download a Role from

Ansible Galaxy

Control Node

3

slide-14
SLIDE 14

DEMO 1 FOLDER STRUCTURE

14

  • Application definitions
  • Variables for each inventory

item

  • Where roles are stored
  • Inventory file
  • Ansible environment settings
  • The playbooks!
slide-15
SLIDE 15

DEMO GSLB OBJECT STRUCTURE

15

User

DNS Request: testapp.gslb.local.com DNS Response: 10.192.75.64

GSLB - WIDE-IP GSLB - Pool testapp.gslb.local.com testapp.gslb.local.com- pool GSLB – Virtual-Server GSLB – Server

10.192.75.64:8 10.192.75.6 4

DNS Resource F5 BIG-IP

slide-16
SLIDE 16

16

ANSIBLE AND THE F5 AUTOMATION TOOLCHAIN

slide-17
SLIDE 17

IMPERATIVE & DECLARATIVE

17

Imperative

Tell the system HOW to do something - every step of the way

Declarative

Tell the system WHAT you want, and let it figure out HOW to do it

&

slide-18
SLIDE 18

THROUGH ABSTRACTION YOU CAN…

  • Reduce automation complexity

– through reduction of domain specific knowledge

  • Focus on functionality and process

– rather than operational maintenance

  • Promote service feature adoption

– with declarative APIs

ABSTRACTION

18

Data Servers ADC Firewall Apps

slide-19
SLIDE 19
  • Distribution of data increases the complexity of
  • perations

– Where should I look to find the “correct” config?

  • Advantages to Source-of-Truth (SoT) consolidation:

– Easier rollback of changes – Faster Root Cause Analysis (RCA) – Single entry point for change control

  • Ansible Tower itself can use a GIT repo as SoT for

playbook templates SOURCE-OF-TRUTH

19

CMDB

slide-20
SLIDE 20

20

Bootstrap Onboard Deploy App Services Monitoring/Telemetry Change

Automation Lifecycle L1-L3

Declarative Onboarding

L4-L7

App Services 3 Telemetry Streaming

slide-21
SLIDE 21

21

Example Declarative Workflow

  • Easier integration into playbooks

– Configure services with a single API call – Success of a service is based on a single task rather than many

  • Error checking is done at a “service”

level rather than per task

– “Did it work, or not?”

  • Leverage the URI module and JINJA2

templates for crafting payloads

– Still utilizing Ansible’s core functionality

URI: Declarative Endpoint Play: Create GSLB Record Hosts: BIG-IP DNS Tasks:

Benefits:

  • Maintain Idempotency
  • Atomicity
  • Ansible “Block” compatible
  • Single API request
  • Further abstraction

Declarative

easiest

Loop: Verify 200 Response

slide-22
SLIDE 22

22

DEMO 2
 ANSIBLE AND THE F5 AUTOMATION TOOLCHAIN

slide-23
SLIDE 23

DECLARATIVE DEMO FLOW DIAGRAM

23

PB

Control Node

Inv

1

  • Pull playbooks and

inventory from git

  • Review / Deploy GSLB

configuration via Declarative APIs

Control Node

2

Apps

Declarative

AS3

  • Review / Deploy GSLB

configuration & Onboarding via Declarative APIs

Control Node

3

Apps

Declarative

AS3 DO

slide-24
SLIDE 24

24

WHERE DO I BEGIN

  • Commit to the shift in

mindset

– If a task seems like it should be easier, it probably can be!

  • Commit to learning new

things

– Super-NetOps – Ansible Linklight

  • Start with something simple

– Focus on the workflow, not the action

  • Solidify your workflow,

expand your scope Ansible Linklight Super-NetOps from F5

slide-25
SLIDE 25

REFERENCES

25

  • Get started on your automation journey:

– www.f5.com/supernetops

  • Learn more about solution: (webinars, modules, blogs)

– www.ansible.com/f5

  • Current F5 modules in Ansible core:

– http://docs.ansible.com/ansible/list_of_network_modules.html#f5

  • Request feature-enhancements:

– https://clouddocs.f5.com/products/extensions/f5-appsvcs-extension/latest/

  • Request feature-enhancements:

– https://github.com/F5Networks/f5-ansible/issues

  • Download Current Ansible (2.7):

– http://releases.ansible.com/ansible/

  • Webinar Demo Repo

– https://github.com/f5devcentral/f5-ansible-sandbox


slide-26
SLIDE 26

26

THANK YOU