Thomas A. McGonagle, Sr. Product Management Engineer

Applications

Flexibility

Programmability

Automation

“Programmability” refers to capabilities that allow a program or script to control or extend a system’s capabilities (hardware/software).“

2 Types:

Programmability is a key enabler in the new DevOps worldNo humans allowed!

• Programmability Control:

• Allows a program or script to control operational characteristics of F5 systems

• Programmability Extensibility:

• Extends capabilities of both the data- and control-planes of F5 systems

•

•

•

•

•

•

•

•

•

•

•

•

• Modularity• Services should be small and simple

• Cooperation• Should foster continuous improvement of design and implementation

• Composability• Services should be like building blocks

• Extensibility• Services should be easy to modify, enhance, and improve

• Flexibility• Unlimited flexibility equals unlimited power

• Declaration• Specify what we want to do

• Abstraction• Don’t worry about Implementation Details

• Idempotence• Action should only be taken once

• Convergence• Overtime the system should tend towards correctness

• Make it faster and easier for customers to deploy and consume BIG-IP

application services

• Deliver automation and orchestration capabilities to simplify and accelerate

application service deployments in multi-cloud environments

• Enable programmable extensibility to empower customers to extend

capabilities, integrate with 3rd-party systems, and solve unforeseen problems

DevOps SDK and tools to enable F5 MANOVA and Ecosystems solutions for ADC and Security in Cloud & F5aaS

• Automation is a People, Process and Technology Problem• Automation vs. Autonomous

• Up Front Architecture is Critical

• Practice, Practice, Practice• Refactor – Refactor - Refactor

• Data Model Hierarchy is Key

• Right Tool for the Right Job

• Embrace Failure

• Improves Speed• Provision systems and deploy workloads faster.

• Creates Predictability• Drastically Reduce Risk of human error.

• Provides Management• Centrally govern and monitor disparate systems and workloads.

• Increases Responsiveness• Scale readily in pace with demand.

• Fosters Collaboration

• Repeatability•

• Automation•

• Agility•

• Scalability•

• Reassurance• Documentation

• Disaster Recovery

• 1 Day to Learn F5’s Modules

• 1 Month to Learn Ansible

• 3-6 Months to Learn Ansible’s Limitations (Right Tool for the Right Job)

• 6-12 Months to Workout Data Model

• 2 Years to become a Master Automator

• In 2 Years Ansible will be Amazing!!!

Ansible – Radically Simple IT Automation

Orson Scott Card

Ender’s Game

Ansible allows you to Command and Control all the Starships in your Galaxy

Human readable automation

No special coding skills needed

Tasks executed in order

Get productive quickly

SIMPLE POWERFUL

App deployment

Configuration management

Workflow orchestration

Orchestrate the app lifecycle

AGENTLESS

Agentless architecture

Uses OpenSSH & WinRM

No agents to exploit or update

More efficient & more secure

Why Ansible?

• Playbooks

• Roles

• Inventories• Hosts and Groups

• Data Model• Variables

• Conditionals

• Tags

• Vaults

Ansible F5 Partnership

iControl

REST

Allows light weight, rapid

interaction between user,

script & F5 devices

iApps

Services-based, template-

driven configurations on

BIG-IP

PROGRAMMABLE MANAGEMENT, CONTROL & DATA PLANES

iRule

Allows complete

programmatic access

to application traffic in

real time

• AFM address lists

• AFM port lists

• ASM policy import

• BIG-IQ license & key pool registration

management

• BIG-IP HA pairing

• Control LX / iApps LX package

deployment

• LTM policy rules

• LTM UDP / HTTP / HTTPS monitors

• Traffic groups

• vCMP guest management

• Client SSL profiles

• BIG-IP partitions

http://docs.ansible.com/ansible/latest/list_of_network_modules.html

https://pypi.python.org/pypi/ansible/2.4.0.0

•• F5 GitHub repository

•

•

•pypi.python.org/pypi/ansible

••

F5 Ansible Automation Roadmap

• Ansible 2.4.0*

• BIG-IP Onboarding

• Basic LTM Config

• Basic GTM Config

• Ansible 2.5.0*

• HA Pairing

• BIG-IQ Licensing

• ASM Policies

• AFM Policies

• Ansible 2.6.0*

• Expanded GTM Config

• BIG-IP Virtual Server Enhancements

• iRules Data Groups/ Lists

SHIPPING Q4CY17 Q1CY18 Q2CY18 Q3CY18

* Not a TMOS deliverable

Feature Area Ansible Module Description

GTM bigip_gtm_pool Manages F5 BIG-IP GTM pools

iApps bigip_iapp_service Manages TCL iApp services on a BIG-IP

bigip_iapp_template Manages TCL iApp templates on a BIG-IP

Monitors bigip_monitor_tcp_echo Manages F5 BIG-IP LTM tcp echo monitors

bigip_monitor_tcp_half_open Manages F5 BIG-IP LTM tcp half-open monitors

SNMP bigip_snmp Manipulates general SNMP settings on a BIG-IP

bigip_snmp_trap Manipulates SNMP trap information on a BIG-IP

Misc bigip_config Manages BIG-IP configuration sections.

bigip_configsync_actions Performs different actions related to config-sync

bigip_provision Manages BIG-IP module provisioning

bigip_qkview Manages qkviews on the device

bigip_ucs Manages upload, installation and removal of UCS files

bigip_user Manages user accounts and user attributes on a BIG-IP

bigip_virtual_address Manages LTM virtual addresses on a BIG-IP

bigip_command Runs arbitrary command on F5 devices

Feature Area Ansible Module Description

AFM bigip_security_address_list Manages the AFM address lists on a BIG-IP

bigip_security_port_list Manages the AFM port lists on a BIG-IP

ASM bigip_asm_policy Import ASM policies from file or existing template

BIG-IQ bigiq_regkey_license Manages licenses in a BIG-IQ registration key pool

bigiq_regkey_pool Manages registration key pools on BIG-IQ

HA <bigip_ha> BIG-IP HA Pairing

iApps LX bigip_iapplx_package Deploys iApps LX packages to the BIG-IP

LTM bigip_policy_rule Manages LTM policy rules on a BIG-IP

Monitors bigip_monitor_udp Manages F5 BIG-IP LTM UDP monitors

bigip_monitor_https Manages F5 BIG-IP LTM HTTPS monitors

Misc bigip_traffic_group Manages traffic groups on BIG-IP

bigip_vcmp_guest Manages vCMP guests on a BIG-IP

bigip_profile_client_ssl Manages client SSL profiles on a BIG-IP

Feature Area Ansible Module Description

AFM bigip_security_rule_list Manages AFM rule lists

bigip_security_policy Creates, modifies, deletes AFM policies

ASM bigip_asm_policy Enhancement to create and support custom ASPM policy templates

BIG-IQ bigiq_utility_license_assignment Supports BIG-IQ utility license assignment to BIG-Ips

bigiq_utility_license Supports BIG-IQ utility licenses

bigiq_regkey_license_assignment Supports BIG-IQ regkey license assignment to BIG-Ips

iRules <irules_data_group> Creates, modifies, deletes iRules data groups

LTM bigip_pool_member Manages LTM pool members via iControl REST API

SMTP bigip_smtp Manages SMTP settings on the BIG-IP

<bigip_snmp_communities> Support for SNMP communities

Misc bigip_license Enhancement to enable licensing of systems with no Internet connectivity

bigip_device_httpd ManagesHTTPD related settings on BIG-IP

bigip_virtual_server Enhancement to enable/disable address/port translation

Feature Area Ansible Module Description

GTM bigip_gtm_pool Enhancement to enable/disable pool members

bigip_gtm_virtual_server Manages F5 BIG-IP GTM virtual servers via iControl REST

<gtm_pool_member_monitor> GTM pool member monitor

<bigip_gtm_pool_member_HTTPS_monitor> GTM pool member HTTPS monitor

<bigip_gtm_pool_member_HTTP_monitor> GTM pool member HTTP monitor

<bigip_gtm_pool_member_TCP_monitor> GTM pool member TCP monitor

bigip_gtm_pool Enhancement to add GTM Virtual server to GTM pool

bigip_gtm_virtual_server Enhancement to add virtual server monitor

bigip_gtm_virtual_server Enhancement to add health monitor when creating GTM virtual server

bigip_gtm_pool Enhancement to add health monitor when creating GTM pool

bigip_gtm_wide_ip Enhancement to associate GTM pool with GTM wide-ip

bigip_gtm_pool Enhancement to add pool members option

Solve It. Automate It. Share It.

• Secure way to Store Credentials

• Scheduler

• Programmatically Execute Jobs (API)

• Detailed Auditing

• Role Based Access Control (RBAC)