Thomas A. McGonagle, Sr.

Product Management Engineer

Applications
Flexibility
Programmability
Automation
“Programmability” refers to capabilities that allow a program or script to
control or extend a system’s capabilities (hardware/software).
“
2 Types:
• Programmability Control:
• Allows a program or script to control operational characteristics of F5 systems

• Programmability Extensibility:
• Extends capabilities of both the data- and control-planes of F5 systems

Programmability is a key enabler in the new DevOps world

No humans allowed!
•

•
•
•
•
•
•
•
•
•
•

•
• Modularity
• Services should be small and simple
• Cooperation
• Should foster continuous improvement of design and implementation
• Composability
• Services should be like building blocks
• Extensibility
• Services should be easy to modify, enhance, and improve
• Flexibility
• Unlimited flexibility equals unlimited power
• Declaration
• Specify what we want to do
• Abstraction
• Don’t worry about Implementation Details
• Idempotence
• Action should only be taken once
• Convergence
• Overtime the system should tend towards correctness
DevOps SDK and tools to enable F5 MANOVA and Ecosystems solutions for ADC and Security in Cloud & F5aaS

• Make it faster and easier for customers to deploy and consume BIG-IP
application services

• Deliver automation and orchestration capabilities to simplify and accelerate

application service deployments in multi-cloud environments

• Enable programmable extensibility to empower customers to extend

capabilities, integrate with 3rd-party systems, and solve unforeseen problems
• Automation is a People, Process and Technology Problem
• Automation vs. Autonomous
• Up Front Architecture is Critical
• Practice, Practice, Practice
• Refactor – Refactor - Refactor
• Data Model Hierarchy is Key
• Right Tool for the Right Job
• Embrace Failure
• Improves Speed
• Provision systems and deploy workloads faster.
• Creates Predictability
• Drastically Reduce Risk of human error.
• Provides Management
• Centrally govern and monitor disparate systems and workloads.
• Increases Responsiveness
• Scale readily in pace with demand.
• Fosters Collaboration
• Repeatability
•
• Automation
•
• Agility
•
• Scalability
•
• Reassurance
• Documentation
• Disaster Recovery
• 1 Day to Learn F5’s Modules
• 1 Month to Learn Ansible
• 3-6 Months to Learn Ansible’s Limitations (Right Tool for the Right
Job)
• 6-12 Months to Workout Data Model
• 2 Years to become a Master Automator
• In 2 Years Ansible will be Amazing!!!
Ansible – Radically Simple IT Automation
 Orson Scott Card
Ender’s Game

Ansible allows you to Command and Control all the Starships in your Galaxy
Why Ansible?

SIMPLE POWERFUL AGENTLESS

Human readable automation App deployment Agentless architecture

No special coding skills needed Configuration management Uses OpenSSH & WinRM

Tasks executed in order Workflow orchestration No agents to exploit or update

Get productive quickly Orchestrate the app lifecycle More efficient & more secure
• Playbooks
• Roles
• Inventories
• Hosts and Groups
• Data Model
• Variables
• Conditionals
• Tags
• Vaults
Ansible F5 Partnership
PROGRAMMABLE MANAGEMENT, CONTROL & DATA PLANES

iControl iApps iRule

REST
Services-based, template- Allows complete
driven configurations on programmatic access
Allows light weight, rapid
interaction between user, BIG-IP to application traffic in
script & F5 devices real time
• AFM address lists
• AFM port lists
• ASM policy import
• BIG-IQ license & key pool registration
management
• BIG-IP HA pairing
• Control LX / iApps LX package
deployment
• LTM policy rules
• LTM UDP / HTTP / HTTPS monitors
• Traffic groups
• vCMP guest management
• Client SSL profiles
• BIG-IP partitions
http://docs.ansible.com/ansible/latest/list_of_network_modules.html
https://pypi.python.org/pypi/ansible/2.4.0.0
•
• F5 GitHub repository
•
•
•
pypi.python.org/pypi/ansible

•
•
 F5 Ansible Automation Roadmap

SHIPPING Q4CY17 Q1CY18 Q2CY18 Q3CY18

• Ansible 2.4.0* • Ansible 2.5.0* • Ansible 2.6.0*

• BIG-IP Onboarding • HA Pairing • Expanded GTM Config
• Basic LTM Config • BIG-IQ Licensing • BIG-IP Virtual Server Enhancements
• Basic GTM Config • ASM Policies • iRules Data Groups/ Lists
• AFM Policies

* Not a TMOS deliverable

Feature Area Ansible Module Description
GTM bigip_gtm_pool Manages F5 BIG-IP GTM pools
iApps bigip_iapp_service Manages TCL iApp services on a BIG-IP
bigip_iapp_template Manages TCL iApp templates on a BIG-IP
Monitors bigip_monitor_tcp_echo Manages F5 BIG-IP LTM tcp echo monitors
bigip_monitor_tcp_half_open Manages F5 BIG-IP LTM tcp half-open monitors
SNMP bigip_snmp Manipulates general SNMP settings on a BIG-IP
bigip_snmp_trap Manipulates SNMP trap information on a BIG-IP
Misc bigip_config Manages BIG-IP configuration sections.
bigip_configsync_actions Performs different actions related to config-sync
bigip_provision Manages BIG-IP module provisioning
bigip_qkview Manages qkviews on the device
bigip_ucs Manages upload, installation and removal of UCS files
bigip_user Manages user accounts and user attributes on a BIG-IP
bigip_virtual_address Manages LTM virtual addresses on a BIG-IP
bigip_command Runs arbitrary command on F5 devices
Feature Area Ansible Module Description
AFM bigip_security_address_list Manages the AFM address lists on a BIG-IP
bigip_security_port_list Manages the AFM port lists on a BIG-IP
ASM bigip_asm_policy Import ASM policies from file or existing template
BIG-IQ bigiq_regkey_license Manages licenses in a BIG-IQ registration key pool
bigiq_regkey_pool Manages registration key pools on BIG-IQ
HA <bigip_ha> BIG-IP HA Pairing
iApps LX bigip_iapplx_package Deploys iApps LX packages to the BIG-IP
LTM bigip_policy_rule Manages LTM policy rules on a BIG-IP
Monitors bigip_monitor_udp Manages F5 BIG-IP LTM UDP monitors
bigip_monitor_https Manages F5 BIG-IP LTM HTTPS monitors
Misc bigip_traffic_group Manages traffic groups on BIG-IP
bigip_vcmp_guest Manages vCMP guests on a BIG-IP
bigip_profile_client_ssl Manages client SSL profiles on a BIG-IP
Feature Area Ansible Module Description
AFM bigip_security_rule_list Manages AFM rule lists
bigip_security_policy Creates, modifies, deletes AFM policies
ASM bigip_asm_policy Enhancement to create and support custom ASPM policy templates
BIG-IQ bigiq_utility_license_assignment Supports BIG-IQ utility license assignment to BIG-Ips
bigiq_utility_license Supports BIG-IQ utility licenses
bigiq_regkey_license_assignment Supports BIG-IQ regkey license assignment to BIG-Ips
iRules <irules_data_group> Creates, modifies, deletes iRules data groups
LTM bigip_pool_member Manages LTM pool members via iControl REST API
SMTP bigip_smtp Manages SMTP settings on the BIG-IP
<bigip_snmp_communities> Support for SNMP communities
Misc bigip_license Enhancement to enable licensing of systems with no Internet connectivity
bigip_device_httpd ManagesHTTPD related settings on BIG-IP
bigip_virtual_server Enhancement to enable/disable address/port translation
Feature Area Ansible Module Description
GTM bigip_gtm_pool Enhancement to enable/disable pool members
bigip_gtm_virtual_server Manages F5 BIG-IP GTM virtual servers via iControl REST
<gtm_pool_member_monitor> GTM pool member monitor
<bigip_gtm_pool_member_HTTPS_monitor> GTM pool member HTTPS monitor
<bigip_gtm_pool_member_HTTP_monitor> GTM pool member HTTP monitor
<bigip_gtm_pool_member_TCP_monitor> GTM pool member TCP monitor
bigip_gtm_pool Enhancement to add GTM Virtual server to GTM pool
bigip_gtm_virtual_server Enhancement to add virtual server monitor
bigip_gtm_virtual_server Enhancement to add health monitor when creating GTM virtual server
bigip_gtm_pool Enhancement to add health monitor when creating GTM pool
bigip_gtm_wide_ip Enhancement to associate GTM pool with GTM wide-ip
bigip_gtm_pool Enhancement to add pool members option
Solve It. Automate It. Share It.
• Secure way to Store Credentials
• Scheduler
• Programmatically Execute Jobs (API)
• Detailed Auditing
• Role Based Access Control (RBAC)