f5-ansible

  

Table of Contents

• Description
• Installation
  • Run
  • Credentials
• Extensibility
• Playbooks
  • Deploy
  • Teardown
  • Service Template
  • Infrastructure as Code
• Demos
• Help
• License

  

Description

Essential Ansible container(s) with F5 modules, extensible playbooks and Slack notifications.

  

Installation

Run

# Stable
# Ansible v2.5.5, Python v3.6.6
docker run -it artioml/f5-ansible

# Stable, runs as root (for Drone CI/CD)
docker run -it artioml/f5-ansible:su

# Experimental
# Ansible v2.8.0.dev0, Python v3.6.6
docker run -it artioml/f5-ansible:dev

Credentials

The encrypted vault file (creds.yml) contains the BIG-IP credentials and the Slack incoming webhook token (used for notifications).

The vault password is: password

View:

ansible-vault view creds.yml
Vault password: password
bigip_user: "admin"
bigip_pass: "admin"
slack_token: "thetoken/generatedby/slack"

Modify:

ansible-vault edit creds.yml
Vault password: password

  

Extensibility

The container will dynamically pull down (and cd to) whatever GitHub repository is specified in the REPO environment variable. This enables Continuous Delivery of new content every time the container is started and that repository is updated. It also allows you to load and run your own custom Ansible environments.

-e "REPO=<GitHub_Username>/<Repo_Name>"

For example:

docker run -it -e "REPO=jmcalalang/Ansible_Meetups" artioml/f5-ansible

  

Playbooks

Deploy

./runsible.py {playbook_name}

For example:

./runsible.py app
# Which executes:
# ansible-playbook playbooks/app.yml -e @creds.yml --ask-vault-pass

Teardown

./runsible.py -t {playbook_name}

For example:

./runsible.py -t app
# Which executes:
# ansible-playbook playbooks/app.yml -e @creds.yml --ask-vault-pass -e state="absent"

Service Template

./runsible.py {playbook_name} -n [service_name] -i [service_ip] -g [service_group]

For example:

./runsible.py iapp -n iapp_Web1 -i 10.100.115.11
# Which executes:
# ansible-playbook playbooks/iapp.yml -e @creds.yml --ask-vault-pass -e service_name="iapp_Web1" -e service_ip="10.100.115.11"

Infrastructure as Code

./runsible.py --iac

This helper script is using iac/config.yml as the L4-L7 configuration Single Source of Truth to deploy the infrastructure:

---

apps:
  iapp_Web1:
    description: A web app protected by WAF
    ip: 10.100.115.11
    group: prod
    state: true
  iapp_Web2:
    description:
    ip: 10.100.115.12
    group:
    state: false
  iapp_Web3:
    description:
    ip: 10.100.115.13
    group:
    state: false

...

  

Demos

Imperative Playbooks

https://www.youtube.com/watch?v=5QiNgWZeOw0

Declarative Automation

https://www.youtube.com/watch?v=hy7GU2GfsWc

Infrastructure as Code

https://www.youtube.com/watch?v=vGxng8h8S5s

  

--help

./runsible.py --help
usage: runsible.py [-h] [-c] [-d] [-g GROUP] [-i IP] [-n NAME] [-t] [-v]
                   [PLAYBOOK]

Run Ansible playbooks, executing the defined tasks on targeted hosts

positional arguments:
  PLAYBOOK              playbook name (default: iapp)

optional arguments:
  -h, --help            show this help message and exit
  -c, --iac             infrastructure as code build
  -d, --deploy          deploy a playbook (default)
  -g GROUP, --group GROUP
                        inventory group for service nodes
  -i IP, --ip IP        service (VS) IP address
  -n NAME, --name NAME  service template (iApp) name
  -t, --teardown        teardown a playbook state
  -v, --verbose         increase output verbosity

https://github.com/ArtiomL/f5-ansible