Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

F5 Automation Toolchain

331 views

Published on

Prezentace z konference Virtualization Forum 2019
Praha, 3.10.2019
Sál F5 Networks

Published in: Technology
  • Be the first to comment

  • Be the first to like this

F5 Automation Toolchain

  1. 1. | ©2018 F5 NETWORKS1 F5 Automation Toolchain APPLICATION SERVICES 3 EXTENSION Radovan Gibala Senior Systems Engineer gigi@f5.com
  2. 2. | ©2018 F5 NETWORKS2 Automation Concepts
  3. 3. | ©2018 F5 NETWORKS3 | ©2018 F5 NETWORKS3 API noun Computing a set of functions and procedures that allow the creation of applications which access the features or data of an operating system, application, or other service. RESTful API a REST API uses HTTP URIs and Methods (POST, GET, PUT DELETE) to GET to obtain /some/resource POST to modify /some/other/resource
  4. 4. | ©2018 F5 NETWORKS4 | ©2018 F5 NETWORKS4 Create Object A Object A Empty Configuration Create Object A 50x ERROR Object already exists
  5. 5. | ©2018 F5 NETWORKS5 | ©2018 F5 NETWORKS5 Create Object A Object A Empty Configuration Create Object A 200 Success. No change.
  6. 6. | ©2018 F5 NETWORKS6 | ©2018 F5 NETWORKS6 PreparingBegin End Partially Committed Committed AbortedFailed Roll-Back
  7. 7. | ©2018 F5 NETWORKS7 | ©2018 F5 NETWORKS7 Virtual Server Pool Node Node Monitor Client TCP Profile Server TCP Profile Client SSL Profile Server SSL Profile HTTP Profile SNAT Profile Node Certs Key
  8. 8. | ©2018 F5 NETWORKS8 | ©2018 F5 NETWORKS8 Virtual Server You worry about this stuff… I don’t care. Just give me a Virtual Server.
  9. 9. | ©2018 F5 NETWORKS9 Automation Toolchain
  10. 10. | ©2018 F5 NETWORKS10 | ©2018 F5 NETWORKS10 Bootstrap Onboard Deploy App Services Monitoring / Telemetry
  11. 11. | ©2018 F5 NETWORKS11 | ©2018 F5 NETWORKS11 • TMOS independent RPM package installed on BIG-IP* • Provides a single declarative REST API endpoint… https://big-ip/mgmt/shared/appsvcs/declare • Interface for common L4-7 app service use cases • Atomic and idempotent • Multi-tenant • Accepts a single JSON document • Omitted values assume defaults • Guaranteed to be backward compatible • Requires TMOS 12.1+ https://github.com/F5Networks/f5-appsvcs-extension • Free & supported by F5
  12. 12. | ©2018 F5 NETWORKS12 | ©2018 F5 NETWORKS12 Multiple Imperative Commands
  13. 13. | ©2018 F5 NETWORKS13 | ©2018 F5 NETWORKS13 Single Declarative Statement Multiple Imperative Commands
  14. 14. | ©2018 F5 NETWORKS14 | ©2018 F5 NETWORKS14 Declarative - Tell the system WHAT you would like to happen and let it figure out HOW to do it Imperative - Tell the system HOW to do something and as a result WHAT you want to happen Source of Truth
  15. 15. | ©2018 F5 NETWORKS15 | ©2018 F5 NETWORKS15 AS3 Everywhere – Consistent API AS3 Summer 2018 Q1 2019 On BIG-IP In Container On BIG-IQIn Cloud w/Service Discovery BIG-IP SSG BIG-IP Platform BIG-IP Virtual Edition BIG-IP Platform BIG-IP Virtual Edition AS3 AS3 AS3 AS3 Autumn 2018
  16. 16. | ©2018 F5 NETWORKS17 AS3 Declaration
  17. 17. | ©2018 F5 NETWORKS18 | ©2018 F5 NETWORKS18 POST Deploy a configuration: • deploy • dry-run • patch • redeploy • retrieve • remove GET Retrieve previous declaration. Select the data you want by appending to the AS3 path. PATCH Modify existing declaration: • add • remove • replace • move • copy DELETE Remove data for one or more tenants. If no tenant specified, the entire AS3 configuration is removed.
  18. 18. | ©2018 F5 NETWORKS19 | ©2018 F5 NETWORKS19 AS3 Class ADC Class Tenant Class Application Class Service Class Pool Class iRule Class HTTP_Profile Class Controls AS3 execution Controls ADC-Centric Attributes Maps to BIG-IP Partitions Maps to BIG-IP Folders in Partition Maps to BIG-IP Virtual Servers Map to BIG-IP Objects Tenant Class App Class Service Service Pool App Class Service Pool iRule Profile
  19. 19. | ©2018 F5 NETWORKS20 | ©2018 F5 NETWORKS20 • • • • { "class": "AS3", "action": "deploy", "persist": true, "declaration": { "class": "ADC", "schemaVersion": "3.0.0", "id": "example-declaration-01", "label": "Sample 1", "remark": "Simple HTTP application with round robin pool", "updateMode": "selective", "Sample_01": { "class": "Tenant", "defaultRouteDomain": 0, "Application_1": { "class": "Application", "template": "http", "serviceMain": { "class": "Service_HTTP", "virtualAddresses": [ "10.0.1.10" ], "pool": "web_pool" }, "web_pool": { "class": "Pool", "monitors": [ "http" ], "members": [ { "servicePort": 80, "serverAddresses": [ "192.0.1.10", "192.0.1.11" ] } ] } } } } }
  20. 20. | ©2018 F5 NETWORKS21 | ©2018 F5 NETWORKS21 { "class": "AS3", "action": "deploy", "persist": true, "declaration": { "class": "ADC", "schemaVersion": "3.0.0", "id": "example-declaration-01", "label": "Sample 1", "remark": "Simple HTTP application with round robin pool", "updateMode": "selective", "Sample_01": { "class": "Tenant", "defaultRouteDomain": 0, "Application_1": { "class": "Application", "template": "http", "serviceMain": { "class": "Service_HTTP", "virtualAddresses": [ "10.0.1.10" ], "pool": "web_pool" }, "web_pool": { "class": "Pool", "monitors": [ "http" ], "members": [ { "servicePort": 80, "serverAddresses": [ "192.0.1.10", "192.0.1.11" ] } ] } } } } } The AS3 Class class: AS3 # mandatory action: deploy, dry-run, redeploy, retrieve, remove persist: true, false The ADC Class class : ADC # mandatory schemaVersion: 3.0.0, 3.1.0, 3.2.0 Id: arbitrary (suggest using urn::uuid) Label: arbitrary (labels the declaration) updateMode: complete, selective The Tenant Class Sample_01: Tenant name i.e. BIG-IP partition name class: Tenant # mandatory defaultRouteDomain: number IMPORTANT This will remove all tenants that AS3 has created …and replace with this declaration.
  21. 21. | ©2018 F5 NETWORKS22 | ©2018 F5 NETWORKS22 { "class": "AS3", "action": "deploy", "persist": true, "declaration": { "class": "ADC", "schemaVersion": "3.0.0", "id": "example-declaration-01", "label": "Sample 1", "remark": "Simple HTTP application with round robin pool", "updateMode": "selective", "Sample_01": { "class": "Tenant", "defaultRouteDomain": 0, "A1": { "class": "Application", "template": "http", "serviceMain": { "class": "Service_HTTP", "virtualAddresses": [ "10.0.1.10" ], "pool": "web_pool" }, "web_pool": { "class": "Pool", "monitors": [ "http" ], "members": [ { "servicePort": 80, "serverAddresses": [ "192.0.1.10", "192.0.1.11" ] } ] } } } } } The Application Class A1: The application name = TMSH folder in partition. class: Application # mandatory template: http, https, tcp, udp, l4, generic, shared The Service Class class: Service_HTTP, Service_HTTPS, Service_TCP, Service_UDP, Service_L4, generic, shared virtualAddresses: IP Address The Pool Class web_pool: Defines the name of the pool class: pool # mandatory monitors: not mandatory, but highly recommended! members: servicePort, serverAddresses # if serviePort is not included, it will choose a default related to the template e.g. http = 80 Generic: Doesn’t enforce required objects. Allows you to rename serviceMain Shared: Holds objects other applications can use Aside from ‘generic’ and ‘shared’, values for template and virtualAddresses must correlate.
  22. 22. | ©2018 F5 NETWORKS23 | ©2018 F5 NETWORKS23 --- - name: Create VS hosts: bigip gather_facts: false connection: local tasks: - name: URI POST Tenant uri: url: "https://{{ inventory_hostname }}/mgmt/shared/appsvcs/declare" method: POST user: ” {{ username }}" password: ”{{ password }}" validate_certs: no body: { # <AS3 DECLARATION GOES HERE> } body_format: json
  23. 23. | ©2018 F5 NETWORKS24 Automation Workflow Examples
  24. 24. | ©2018 F5 NETWORKS25 API Dev Tool REST API Calls Collections Runner Automated Tests BIG-IP + AS3 + DO TF5 Platform Physical Appliance / Chassis Virtual Edition Cloud Edition / Blue Learning about declarative onboarding and AS3 automation of BIG-IP.
  25. 25. | ©2018 F5 NETWORKS26 BIG-IP + AS3 + DO TF5 Platform Physical Appliance / Chassis Virtual Edition Cloud Edition / Blue API Dev Tool REST API Calls Collections Runner Automated Tests BIG-IQ + AS3 App Services HTTPS Advanced Application Security Analytics HTTP Simple AS3 deployment via the BIG-IQ AS3 proxy to leverage BIG-IQ Analytics.
  26. 26. | ©2018 F5 NETWORKS27 BIG-IP + AS3 + DO TF5 Platform Physical Appliance / Chassis Virtual Edition Cloud Edition / Blue BIG-IQ + AS3 App Services HTTPS Advanced Application Security Analytics HTTP Simple RBAC Job Scheduling Logging & Reporting Input Forms (Survey) Deployment Playbooks Orchestration Configuration Management using Ansible Tower
  27. 27. | ©2018 F5 NETWORKS28 BIG-IP + AS3 + DO TF5 Platform Physical Appliance / Chassis Virtual Edition Cloud Edition / Blue BIG-IQ + AS3 App Services HTTPS Advanced Application Security Analytics HTTP Simple RBAC Job Scheduling Logging & Reporting Input Forms (Survey) Deployment Playbooks OrchestrationSCM Source Code Repo - IaC Revision Control Webhook Infrastructure as Code using a Source Code Management tool
  28. 28. | ©2018 F5 NETWORKS29 BIG-IP + AS3 + DO TF5 Platform Physical Appliance / Chassis Virtual Edition Cloud Edition / Blue BIG-IQ + AS3 App Services HTTPS Advanced Application Security Analytics HTTP Simple RBAC Job Scheduling Logging & Reporting Input Forms (Survey) Deployment Playbooks OrchestrationSCM Source Code Repo - IaC Revision Control Webhook Service Catalogue Request Form Workflow Approvals Create Config Self-service provisioning via a service catalogue.
  29. 29. | ©2018 F5 NETWORKS30 BIG-IP + AS3 (DEV) TF5 Platform Physical Appliance / Chassis Virtual Edition Cloud Edition / Blue BIG-IP + AS3 (UAT) BIG-IP + AS3 (PROD) Service Catalogue Request Form Workflow Approvals Create Config RBAC Job Scheduling Logging & Reporting Input Forms (Survey) Deployment Playbooks OrchestrationSCM Source Code Repo - IaC Revision Control Webhook BIG-IQ + AS3 App Services HTTPS Advanced Application Security Analytics HTTP Simple Automated staging and testing before deploying to production
  30. 30. | ©2018 F5 NETWORKS31 BIG-IP + AS3 (DEV) TF5 Platform Physical Appliance / Chassis Virtual Edition Cloud Edition / Blue BIG-IP + AS3 (UAT) BIG-IP + AS3 (PROD) Service Catalogue Request Form Workflow Approvals Create Config RBAC Job Scheduling Logging & Reporting Input Forms (Survey) Deployment Playbooks OrchestrationSCM Source Code Repo - IaC Revision Control Webhook BIG-IQ + AS3 App Services HTTPS Advanced Application Security Analytics HTTP Simple DevOps CI/CD pipeline integration
  31. 31. | ©2018 F5 NETWORKS32 Documentation
  32. 32. | ©2018 F5 NETWORKS33 | ©2018 F5 NETWORKS33 https://clouddocs.f5.com
  33. 33. | ©2018 F5 NETWORKS34 | ©2018 F5 NETWORKS34 https://f5.com/education/super-netops-training
  34. 34. | ©2018 F5 NETWORKS35 | ©2018 F5 NETWORKS35

×