Se ha denunciado esta presentación.
Utilizamos tu perfil de LinkedIn y tus datos de actividad para personalizar los anuncios y mostrarte publicidad más relevante. Puedes cambiar tus preferencias de publicidad en cualquier momento.

From 70 Networking Tasks to a Single Click by WWT: Building an F5 Solution with Ansible Tower

382 visualizaciones

Publicado el

Automating specific tasks can be easy, but what about when they are part of a larger and more complex solution deployment?

World Wide Technology has partnered with Ansible and F5 Networks to develop an automated workflow to provision, license, and configure a pair of F5 BIG-IP devices via Ansible Tower.

Hear from their experiences while they provide best practices and lessons learned from the project.

Publicado en: Tecnología
  • Sé el primero en comentar

From 70 Networking Tasks to a Single Click by WWT: Building an F5 Solution with Ansible Tower

  1. 1. FROM 70 NETWORKING TASKS TO A SINGLE CLICK BY WWT: BUILDING AN F5 SOLUTION WITH ANSIBLE TOWER 1 Eric McLeroy Solution Architect, Ansible Red Hat eric.mcleroy@redhat.com Payal Singh, Principal Solution Engineer F5 Networks payal.singh@f5.com Joel W. King Principal Architect World Wide Technology, Inc. joel.king@wwt.com
  2. 2. AGENDA • Ansible: Best practices from the field with F5 (5 min) • WWT: Automation in customer environments (30 min) • F5: Ansible modules overview (10 min) • Q & A (15 min)
  3. 3. ANSIBLE BEST PRACTICES • Create an inventory strategy • Use version control for playbooks (like GitHub) • Start small (individual tasks), think big (orchestration) • Entire automation journey • <hint hint, what WWT did> • BTW, it never ends! • (that’s a good thing)
  4. 4. 4
  5. 5. GOAL Develop an automated workflow to provision, license and configure a pair of BIG-IPs ANSIBLE TOWER F5 ANSIBLE MODULES VIRTUAL BIG-IP DEPLOYED LICENSED PROVISIONED WORKFLOW PLAYBOOKS DATA MODEL TRAINING ENABLEMENT
  6. 6. INITIATING THE WORKFLOW THROUGH ANSIBLE TOWER Operations EXPOSE WORKFLOW THRU A SELF SERVICE PORTAL ENCRYPTED CREDENTIALS App Development Team Service Catalog API GUI
  7. 7. CREATE ACTIVE / STANDBY PAIR Create HA Pair License F5 Initial HA Setup PERSONA INPUT WORKFLOW F5 Service Level 4x CPU 8GB Memory BEST License 1x CPU 2GB Memory LTM License Environment GOLD SILVER BRONZE 2x CPU 6GB Memory BETTER License dev01 dev02 test01 INFRASTRUCTURE OPERATIONS ENGINEERING APPLICATION DEVELOPMENT Ansible Tower vCenter F5 BigIPs primary secondary IPAMDATA MODEL Source of Truth
  8. 8. LICENSE ACTIVE / STANDBY PAIR Create HA Pair License F5 Initial HA Setup PERSONA INPUT WORKFLOW F5 Service Level 4x CPU 8GB Memory BEST License 1x CPU 2GB Memory LTM License GOLD SILVER BRONZE 2x CPU 6GB Memory BETTER License Ansible Tower F5 BigIPs 192.0.2.1 192.0.2.2 IPAMDATA MODEL Source of Truth BigIQ License Manager playbook
  9. 9. INITIAL ACTIVE / STANDBY SETUP Create HA Pair License F5 Initial HA Setup PERSONA INPUT WORKFLOW Ansible Tower F5 BigIPs IPAMDATA MODEL Source of Truth playbook Environment dev01 dev02 test01 active standby
  10. 10. RESULT
  11. 11. Service Catalog API Service Catalog Integrations
  12. 12. Service Catalog API SERVICE CATALOG WORKFLOW: CHATOPS
  13. 13. BEST PRACTICES & LESSONS LEARNED Sequencing the configuration of the Active (primary) and Standby (secondary). [iworkflow] f5-iworkflow.sandbox.wwtatc.local [bigips] primary secondary INVENTORY # usage: ansible-playbook ./deploy_vm.yml -f 1 -e "EULA=true work_order_number=WOR9199" # # Setting -f 1, or forks=1 forces the playbook to configure the primary, then secondary.
  14. 14. BEST PRACTICES & LESSONS LEARNED (CONT.) Check if the BIG-IP device is responds to iControl API calls – a role to pace the execution of the playbooks. iControl is F5’s open, web services-based API that allows complete, dynamic, and programmatic control of F5 configuration objects. > BIGIP_WAIT (/usr/share/ansible/bigip_wait.py) You can wait for BIG-IP to be "ready". By "ready", we mean that BIG-IP is ready to accept configuration. This module can take into account situations where the device is in the middle of rebooting due to a configuration change. OPTIONS (= is mandatory): - delay Number of seconds to wait before starting to poll. [Default: 0] - name: License virtual machines and perform initial HA setup hosts: bigips_dhcp roles: - ansible-f5-include-datamodel - {role: ansible-f5-bigip-check, check_timeout: 120 } - ansible-f5-license - {role: ansible-f5-bigip-check, check_wait: 20 } - ansible-f5-initial-ha-setup
  15. 15. F5 MODULES IN ANSIBLE ENGINE 2.4 15
  16. 16. NEW F5 MODULES IN ANSIBLE ENGINE 2.4 Module Description Feature bigip_configsync_actions Perform different actions related to config sync. HA bigip_gtm_pool Manages F5 BIG-IP GTM pools. GTM bigip_iapp_service Manages TCL iApp services on a BIG-IP. iApp Deployment bigip_iapp_template Manages TCL iApp templates on a BIG-IP. iApp Deployment bigip_monitor_tcp_echo Manages F5 BIG-IP LTM tcp monitors. Monitors bigip_monitor_tcp_half_open Manages F5 BIG-IP LTM tcp monitors. Monitors bigip_provision Manage BIG-IP module provisioning. Initial Configuration bigip_qkview Manage qkviews on the device. BIG-IP Management bigip_snmp Manipulate general SNMP settings on a BIG-IP. BIG-IP Management bigip_snmp_trap Manipulate SNMP trap information on a BIG-IP. BIG-IP Management bigip_ucs Manage upload, installation and removal of UCS files. BIG-IP Management bigip_command Run arbitrary command on F5 devices. BIG-IP Management bigip_virtual_address Manage LTM virtual addresses on a BIG-IP. BIG-IP Management bigip_config Manage BIG-IP configuration sections. BIG-IP Management
  17. 17. F5 NETWORKS FAQ 17 Modules Production : https://github.com/F5Networks/f5-ansible/tree/master/library Development : https://github.com/F5Networks/f5-ansible/tree/devel/library Problem with existing F5 modules https://github.com/F5Networks/f5-ansible/issues Package dependencies https://github.com/F5Networks or pip install bigsuds f5-sdk. Sample playbook https://devcentral.f5.com/articles/dig-deeper-into-ansible-and-f5-integration-25984 https://github.com/payalsin/f5-ansible Other links https://devcentral.f5.com/articles/getting-started-with-ansible https://devcentral.f5.com/articles/existing-ansible-big-ip-modules https://www.ansible.com/blog/automating-f5-big-ip-using-ansible-webinar
  18. 18. CONTACT US! 18 F5 Networks devops@f5.com Red Hat (Ansible) https://www.ansible.com/tower https://www.ansible.com/engine https://www.ansible.com/F5 World Wide Technology F5@wwt.com
  19. 19. KEY TAKE-AWAYS • Orchestration strategy- start with the end-goal in mind. • Ansible Tower exposes the workflow via GUI and API. • Expose user inputs using ‘extra-vars’ or Tower survey. • User input references the appropriate (version controlled) ‘source of truth’.
  20. 20. QUESTIONS? 20

×