Modern day infrastructure needs automation. Automation definitely brings benefits of increased productivity along with reduced cost. Let me demonstrate an automation technique that is very easy to use and in the same time very productive as well.
Why Ansible ?
- Ansible is one of the configuration management tool which is free to use by anyone.
- Ansible tends to be very consistent and lightweight.
- Doesn't require agent on servers, uses native SSH
- Very easy in compares to other automation management tools
The list of benefits ansible provides can keep going. Let me today demonstrate you guys with a bit of ansible automation making use with an application delivery controller named after BIG-IP F5.
INSTALLING ANSIBLE
There are mainly 3 components when it comes to ansible.
- Managed Hosts
- Controller Hosts
- Playbooks (Although for certain diagnostic Ad-hoc can be used )
We will be using Centos7 as our controller hosts and Big-IP F5 as our managed hosts.
The first and foremost package that require using ansible is extra package for enterprise linux and python.
[root@ansiblemax ~]# yum install epel-release ansible -y[root@ansiblemax ~]# yum update -y
All the files for ansible lies within /etc/ansible/ directory
[root@ansiblemax /]# cd /etc/ansible/
[root@ansiblemax ansible]# ls
ansible.cfg f5.yml hosts
PLAYING WITH ANSIBLE
We will need to first play along with the hosts file which is also known as inventory and simply the mention the IP of the F5.
[root@ansiblemax ~]# vim hosts[f5]
load_balancer ansible_host=10.10.253.220We will need to save the file and exit out from it. Note : We can also create additional things like username , password for the F5 in the hosts file, but in our demonstration we will be calling out in the main playbook itself.
PLAYBOOK
The major component of the ansible and ought to be the most important one as well. IN order to create a playbook we need a file extension with .yml under the same directory . YAML was designed in a way that data structures would be easily readable by humans. Let me create a YAML file name f5.yml
A playbook always starts with --- and the configuration depends on the administrator of how they want to configure it. In my case I have used variable in the playbook itself. I would like to create a pool with a name of max_pool, nodes as well as virtual servers and also with their different properties. We will need to save the file and quit.
---
- hosts: f5
vars:
provider:
password: susjoshi9851
server: 10.10.253.220
user: sushant
validate_certs: no
server_port: 443
tasks:
- name: Create a pool
bigip_pool:
provider: "{{ provider }}"
lb_method: ratio-member
name: max-pool
slow_ramp_time: 5
- name: Add members to pool
bigip_pool_member:
provider: "{{ provider }}"
description: "webserver {{ item.name }}"
host: "{{ item.host }}"
name: "{{ item.name }}"
pool: max-pool
port: 80
with_items:
- host: 10.10.10.10
name: web01
- host: 10.10.10.20
name: web02
- name: Create a VIP
bigip_virtual_server:
provider: "{{ provider }}"
description: max-vip
destination: 172.16.100.100
name: max-vip-1
pool: max-pool
port: 80
snat: Automap
profiles:
- http
- clientsslNote : The most important thing is identation when it comes to creating a playbook and we should never be using tabs and should always be using spaces where required.
We need to now check whether or not any errors will be generated once we try to use of playbook.
[root@ansiblemax ansible]# ansible-playbook --syntax-check f5.yml
playbook: f5.yml There seems to be no issue and now we can push the play and find out whether or not it works.
[root@ansiblemax ansible]# ansible-playbook f5.yml -u sushant -k
SSH password:
PLAY [f5] **************************************************************************************************************************************************************************************
TASK [Gathering Facts] *************************************************************************************************************************************************************************
ok: [load_balancer]
TASK [Create a pool] ***************************************************************************************************************************************************************************
changed: [load_balancer]
TASK [Add members to pool] *********************************************************************************************************************************************************************
changed: [load_balancer] => (item={u'host': u'10.10.10.10', u'name': u'web01'})
changed: [load_balancer] => (item={u'host': u'10.10.10.20', u'name': u'web02'})
TASK [Create a VIP] ****************************************************************************************************************************************************************************
[WARNING]: The value 80 (type int) in a string field was converted to u'80' (type string). If this does not look like what you expect, quote the entire value to ensure it does not change.
changed: [load_balancer]
PLAY RECAP *************************************************************************************************************************************************************************************
load_balancer : ok=4 changed=3 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
Bingo ! We have pushed the configuration and looks like the changes has taken effect. Let me now login inside the virtual F5 that I have loaded and find out whether or not the configuration has been reflected or not.
VERIFYING IN BIG-IP F5
We had created node,pool and virtual server by making use of ansible.
My image looks to be blurry, sorry for that although our objective has been completed. We can also verify it through cli.
sushant@(sushant)(cfg-sync Standalone)(/Common)(tmos)# list /ltm node web01
ltm node web01 {
address 10.10.10.10
}
sushant@(sushant)(cfg-sync Standalone)(/Common)(tmos)# list /ltm pool max-pool
ltm pool max-pool {
load-balancing-mode ratio-member
members {
web01:http {
address 10.10.10.10
description "webserver web01"
}
web02:http {
address 10.10.10.20
description "webserver web02"
}
}
slow-ramp-time 5
}
sushant@(sushant)(cfg-sync Standalone)(/Common)(tmos)# list /ltm virtual max-vip-1
ltm virtual max-vip-1 {
creation-time 2021-06-22:19:10:17
description max-vip
destination 172.16.100.100:http
ip-protocol tcp
last-modified-time 2021-06-22:19:10:17
mask 255.255.255.255
metadata {
f5-ansible.last_modified {
value "2021-06-22 13:25:17.382305"
}
f5-ansible.version {
value 2.9.21
}
}
pool max-pool
profiles {
clientssl {
context clientside
}
http { }
tcp { }
}
serverssl-use-sni disabled
source 0.0.0.0/0
source-address-translation {
type automap
}
translate-address enabled
translate-port enabled
vs-index 5
}
We will be talking more about ansible on the upcoming blogs. Let me end here as it is becoming too lengthy.
it is very helpful and informative sir.
ReplyDelete