MOVE TOWARDS SIMPLER AUTOMATION WITH ABSTRACTION USING ANSIBLE ROLES - PowerPoint PPT Presentation

MOVE TOWARDS SIMPLER AUTOMATION WITH ABSTRACTION USING ANSIBLE ROLES AND F5 DECLARATIVE APIS. Payal Singh, Forrest Crenshaw, 
 Principal Solution Engineer, 
 Product Management Engineer, 
 F5 Networks F5 Networks payal.singh@f5.com f.crenshaw@f5.com � 1

AGENDA • F5 & Automation Introduction • F5 Ansible Roles • Demo: Modules & Roles • Ansible and the F5 Automation Toolchain • Demo: Declarative API through Ansible • Resources

F5 BIG-IP � 3

RECAP Previous Webinars • Automate BIG-IP in customer environments using Ansible • Basic F5 playbook • Ansible F5 modules 
 • Fast application deployment and customer use case with Ansible and F5 BIG- IP • Onboarding & App Deployments • WWT: Building A F5 solution with Ansible Tower • Using Tower to configure the BIG-IP • Tackling BIG-IP blue-green deployments in private cloud using F5 & VMWARE Ansible modules

F5 INTRODUCTION BIG-IP ADC SECURITY Devices Internet Physical Virtual Cloud Platforms BIG-IP Local Traffic Manager LTM BIG-IP BIG-IP Access Policy Manager APM BIG-IP Application Security Manager ASM

NEW IN ANSIBLE 2.7 • Modules • 31 new modules • 113 total F5 modules • Roles • BIG-IP Onboarding • GSLB Configuration • Device Backup • … • F5-SDK / BIGSUDS dependencies mostly bigsuds f5-sdk removed (2.8 fully removed)

NEW MODULES • Software image Install • BIG-IP device facts • Firewall • Rule, list, policy, Dos • System Auth • Profiles • http, oneconnect, source persistence

F5 ANSIBLE ROLES � 8

F5 and Ansible Solution Triple “for” loop Local Datacenter / Cloud Connection For each PLAY Control Node REST For each HOST For each TASK Inventory Playbook

MODULE VS ROLE Playbook comparison Module Role easier easy Play: Create GSLB Record Play: Create GSLB Record Hosts: BIG-IP DNS Hosts: BIG-IP DNS Tasks: Tasks: gtm_wide_ip import_role: bigip_gslb gtm_pool For Free: Looping Pools • gtm_pool_member Looping Pool members • Verification DNS is installed • Default variables • gtm_virtual_server Dependency check • Fork to make it yours • � 10

ANSIBLE GALAXY • Simplified playbooks – Make ”code” readable • Reusable common actions – Think outside the box – Use someone else's box • Frequent updates • Community driven – Github – Contribute / open issues � 11

DEMO 1 
 INSTALLING AND USING THE F5 GSLB ROLE � 12

DEMO 1 FLOW PB Inv • 1 Pull playbooks and Control Node inventory from git BIG-IP Apps Modules • Review / Deploy GSLB 2 Control Node configuration via Modules • Download a Role from 3 Control Node Ansible Galaxy BIG-IP Apps Roles 4 • Review / Deploy GSLB Control Node configuration via Roles � 13

DEMO 1 FOLDER STRUCTURE • Application definitions • Variables for each inventory item • Where roles are stored • Inventory file • Ansible environment settings • The playbooks! � 14

DEMO GSLB OBJECT STRUCTURE F5 BIG-IP DNS Resource GSLB - WIDE-IP testapp.gslb.local.com DNS Request: User testapp.gslb.local.com GSLB - Pool testapp.gslb.local.com- pool GSLB – Virtual-Server 10.192.75.64:8 DNS Response: 0 10.192.75.64 GSLB – Server 10.192.75.6 4 � 15

ANSIBLE AND THE F5 AUTOMATION TOOLCHAIN � 16

IMPERATIVE & DECLARATIVE Imperative Declarative & Tell the system HOW to do Tell the system WHAT you want, something - every step of the and let it figure out HOW to do it way � 17

ABSTRACTION THROUGH ABSTRACTION YOU CAN… Apps • Reduce automation complexity – through reduction of domain specific Servers knowledge • Focus on functionality and process – rather than operational maintenance Data • Promote service feature adoption – with declarative APIs ADC Firewall � 18

SOURCE-OF-TRUTH • Distribution of data increases the complexity of operations – Where should I look to find the “correct” config? • Advantages to Source-of-Truth (SoT) consolidation: – Easier rollback of changes – Faster Root Cause Analysis (RCA) – Single entry point for change control • Ansible Tower itself can use a GIT repo as SoT for playbook templates CMDB � 19

Automation Lifecycle Change Bootstrap Onboard Deploy App Services Monitoring/Telemetry L4-L7 L1-L3 Telemetry Streaming Declarative Onboarding App Services 3 � 20

Example Declarative Workflow Declarative • Easier integration into playbooks easiest Play: Create GSLB Record – Configure services with a single API call – Success of a service is based on a single task Hosts: BIG-IP DNS rather than many • Tasks: Error checking is done at a “service” level rather than per task URI: Declarative Endpoint – “Did it work, or not?” • Leverage the URI module and JINJA2 Loop: Verify 200 Response templates for crafting payloads – Benefits: Still utilizing Ansible’s core functionality Maintain Idempotency • Atomicity • Ansible “Block” compatible • Single API request • Further abstraction • � 21

DEMO 2 
 ANSIBLE AND THE F5 AUTOMATION TOOLCHAIN � 22

DECLARATIVE DEMO FLOW DIAGRAM PB Inv • 1 Pull playbooks and Control Node inventory from git AS3 Apps Declarative • Review / Deploy GSLB 2 Control Node configuration via Declarative APIs Apps AS3 DO Declarative • Review / Deploy GSLB 3 Control Node configuration & Onboarding via Declarative APIs � 23

WHERE DO I BEGIN • Commit to the shift in mindset Ansible Linklight – If a task seems like it should be easier, it probably can be! • Commit to learning new things – Super-NetOps from Super-NetOps F5 – Ansible Linklight • Start with something simple – Focus on the workflow, not the action • Solidify your workflow, � 24 expand your scope

REFERENCES • Get started on your automation journey: – www.f5.com/supernetops • Learn more about solution: (webinars, modules, blogs) – www.ansible.com/f5 • Current F5 modules in Ansible core: – http://docs.ansible.com/ansible/list_of_network_modules.html#f5 • Request feature-enhancements: – https://clouddocs.f5.com/products/extensions/f5-appsvcs-extension/latest/ • Request feature-enhancements: – https://github.com/F5Networks/f5-ansible/issues • Download Current Ansible (2.7): – http://releases.ansible.com/ansible/ • Webinar Demo Repo – https://github.com/f5devcentral/f5-ansible-sandbox 
 � 25

THANK YOU � 26