TACKLING BIG-IP BLUE-GREEN DEPLOYMENTS IN PRIVATE CLOUD USING F5 & VMWARE ANSIBLE MODULES

1

Eric McLeroy, Sr. Specialist Solutions Architect,

Ansible by Red Hat

eric.mcleroy@redhat.com

Payal Singh,Principal Solution Engineer,

F5 Networks

payal.singh@f5.com

AGENDA

• Networking automation use cases• F5 BIG-IP: Introduction• Blue green deployment use case• Demo• Playbook walkthrough

3

TOP 3 F5 BIG-IP AND ANSIBLE USE CASES

1) Gather facts

Allows gathering of information about your environment

2) Making changes

Provides the ability to make small changes as needed

3) Scaling out

Provides the ability to launch entire applications stacks

4

BIG-IP INTRODUCTION

5

F5 INTRODUCTION

Load BalancingDDoS Protection

FirewallInternet

Devices

Data Center

LTM

APM

ASM

BIG-IP Local Traffic Manager

BIG-IP Access Policy Manager

BIG-IP Application Security Manager

BIG-IP

6

RECAP

Previous Webinars

• Automate BIG-IP in customer environments using Ansible• Basic F5 playbook• Ansible F5 modules

• Fast application deployment and customer use case with Ansible and F5 BIG-IP• Onboarding• Using iApps to deploy configuration on BIG-IP

• WWT: BUILDING A F5 SOLUTION WITH ANSIBLE TOWER• Using Tower to configure the BIG-IP

7

F5 AND ANSIBLE SOLUTION

Private cloud

F5 Virtual Editions F5

VIPRIONBIG-IP Platform

Public cloud

LTM DNS

Amazon Web Services

Microsoft Azure

Google Cloud Platform

Ansible Host

PlaybooksREST/SOAP API calls

bigsuds, f5-sdk

1

2

3

F5 Ansible Modules officially supported : https://f5.com/support/support-policies

F5 and Ansible Solution

Ansible Versions 2.3 +

TMOS v12.X +

9

BLUE GREEN DEPLOYMENTS

BLUE GREEN DEPLOYMENTS

UsersADC

Blue Environment

Green Environment

100%

USE F5 BIG-IP DNS

BIG-IP

Data Center 1

Devices/Users

Data Center 2

Servers

Servers

Global Load BalancingGeographic load balancingInfrastructure Monitoring

BIG-IP LTM

BIG-IP LTM

LTM VIP visibility into BIG-IP DNS

HOW IT WORKS

Wide IP(my-wide-ip.example.com)

Pool

LTM1 Virtual IP

LTM2 Virtual IP

Members

Users

VIP down OR Pool down

Pool of Servers

Pool of Servers

100%

BIG-IP BIG-IP

LTM

13

DEMO

1) PROVISION AND LICENSE A VIRTUAL BIG-IP ‘LTM2’ IN VMWARE

2) SWITCH TRAFFIC FROM ‘LTM1’ TO ‘LTM2’

Demo Part1

Develop an automated workflow to provision, license and configure a BIG-IP in a VMware environment

Spin up BIG-IP in vCenter * BIG-IP VE template is created on vcenter

Reconfigure the network adaptor settings

Grab the VM IP assigned by DHCP to the BIG-IP VE

License the BIG-IP VEOnboard the BIG-IP (Hostname/NTP/DNS/SSHD)

Network the BIG-IP (VLAN/Self-IP)

Import and activate the ASM policy

Add pool members and pool

Add virtual server and attach the ASM policy to it

Ansible Tower

Playbook

Provision the BIG-IP with ASM module

1

2

vCenter

BIG-IP LTM2

15

DEMO PART1: VIDEO AND PLAYBOOK WALKTHROUGH

Demo Part2

Steps:• Setup connectivity between LTM2 and DNS• Add LTM2 to DNS WideIP pool• For traffic switch: Disable the virtual server on LTM1

MGMT IP – 10.192.73.218Self-IP – 10.168.68.10

Virtual IP – 10.168.68.11

BIG-IP

Data Center

BIG-IP LTM1 VE

MGMT IP – 10.192.73.246Self-IP – 10.168.68.5

Virtual IP – 10.168.68.12

MGMT IP – 10.192.73.219Self-IP – 10.168.68.100Listener Virtual IP – 10.168.68.101 (53)

BIG-IP LTM2 VE

Setup complete with DNS Connectivity to be setup with DNS

17

DEMO PART2: VIDEO AND PLAYBOOK WALKTHROUGH

Alternative Solutions

If a Static MGMT IP needs to be assigned to the BIG-IP instead of using DHCP for MGMT IP (BIG-IP Version 13.1+)

1) Edit the OVA file using a tool like COT (Common OVF Tool) cot edit-properties <source filename>.ova -p net.mgmt.addr=""+string -p net.mgmt.gw=""+string –p user.root.pwd=""+string -p user.admin.pwd=""+string -u -o <destination filename>.ova

2) Edit the OVA (template) properties so that when you deploy BIG-IP VE, you can specify values for the management IP address and default passwords. Example snippet

3) Use an Ansible playbook to execute deploying the OVA file (Step 2)https://github.com/f5rstahl/simple-ansible-playbookhttps://github.com/payalsin/f5-ansible/tree/master/playbooks/spinup-demo/static

Alternative Solutions

BIG-IQ to be used for licensing BIG-IP

Ansible Tower

Playbook

BIG-IQ

Private/Public cloud

F5 Virtual Editions F5

VIPRIONBIG-IP Platform

License

Sample Playbookhttps://github.com/payalsin/f5-ansible/tree/master/playbooks/spinup-demo/big-iq

20

GET STARTED

21

Automation is not a tool- It’s a strategy, it’s a journey

Learn automation practices- Super NetOps training courses can

help- Join existing Ansible network

automation communities

Start small…- Create Playbooks that read or check

only- Create simple jobs that eliminate the

annoying network tasks

WHERE DO I BEGIN

22

Please contribute..

Your BIG-IP roles for community!

https://galaxy.ansible.com/list#/roles?page=1&page_size=10&autocomplete=bigiphttps://galaxy.ansible.com/payalsin/bigip-ansible-ha-setup/

BIG-IP on Ansible Galaxy

MORE WORKFLOWS

23

Where can I learn more about Ansible & F5www.ansible.com/f5

What is in the roadmap– “More modules” in general using YOUR inputs:

– https://github.com/F5Networks/f5-ansible/projects

What do I do if I have an issue with an existing F5 module– Open an GitHub issue: https://github.com/F5Networks/f5-ansible/issues

I love it - I want to try out Ansible-Tower– www.ansible.com/tower-trial/

– Email: gettingstarted@ansible.comEmail: devops@f5.com

FAQ

24

Get started on your automation journey:• www.f5.com/supernetopsLearn more about solution: (webinars, modules, blogs)– www.ansible.com/f5Solution Overview: • https://www.f5.com/pdf/solution-center/f5-ansible-overview.pdfWhitepaper: – https://f5.com/Portals/1/PDF/Partners/automating-f5-big-ip-platform-with-ansible.pdfCurrent F5 modules in Ansible core:– http://docs.ansible.com/ansible/list_of_network_modules.html#f5Request feature-enhancements:– https://github.com/F5Networks/f5-ansible/issuesDownload Current Ansible (2.6):– http://releases.ansible.com/ansible/

REFERENCES

25

Blue-Green deployment• https://github.com/payalsin/f5-ansible/tree/master/playbooks/spinup-demo

Static IP assignment • https://devcentral.f5.com/articles/ve-on-vmware-part-1-custom-properties-29787• https://devcentral.f5.com/articles/ve-on-vmware-part-2-ansible-deployment-29790• https://github.com/f5rstahl/simple-ansible-playbook• https://github.com/F5Networks/f5-vmware-vcenter-templates• https://support.f5.com/kb/en-us/products/big-ip_ltm/manuals/product/bigip-ve-setup-vmware-esx

i-13-1-0/3.html

BIG-IQ licensing• https://github.com/payalsin/f5-ansible/tree/master/playbooks/spinup-demo/big-iq

REFERENCES

26

THANK YOU