Coder Social home page Coder Social logo

artioml / f5-ansible Goto Github PK

View Code? Open in Web Editor NEW
12.0 6.0 9.0 259 KB

:gear: Essential Ansible containers with F5 modules and extensible playbooks

Home Page: https://hub.docker.com/r/artioml/f5-ansible/

License: MIT License

Shell 33.27% Python 40.18% Dockerfile 26.55%
f5networks ansible bigip automation infrastructure-as-code container docker slack drone

f5-ansible's Introduction

   f5-ansible

Build Status Releases Commits Maintenance Issues Docker Hub License Slack Status

  

Table of Contents

  

Description

Essential Ansible container(s) with F5 modules, extensible playbooks and Slack notifications.

  

Installation

Run

# Stable
# Ansible v2.5.5, Python v3.6.6
docker run -it artioml/f5-ansible

# Stable, runs as root (for Drone CI/CD)
docker run -it artioml/f5-ansible:su

# Experimental
# Ansible v2.8.0.dev0, Python v3.6.6
docker run -it artioml/f5-ansible:dev

Credentials

The encrypted vault file (creds.yml) contains the BIG-IP credentials and the Slack incoming webhook token (used for notifications).

The vault password is: password

View:

ansible-vault view creds.yml
Vault password: password
bigip_user: "admin"
bigip_pass: "admin"
slack_token: "thetoken/generatedby/slack"

Modify:

ansible-vault edit creds.yml
Vault password: password

  

Extensibility

The container will dynamically pull down (and cd to) whatever GitHub repository is specified in the REPO environment variable. This enables Continuous Delivery of new content every time the container is started and that repository is updated. It also allows you to load and run your own custom Ansible environments.

-e "REPO=<GitHub_Username>/<Repo_Name>"

For example:

docker run -it -e "REPO=jmcalalang/Ansible_Meetups" artioml/f5-ansible

  

Playbooks

Deploy

./runsible.py {playbook_name}

For example:

./runsible.py app
# Which executes:
# ansible-playbook playbooks/app.yml -e @creds.yml --ask-vault-pass

Teardown

./runsible.py -t {playbook_name}

For example:

./runsible.py -t app
# Which executes:
# ansible-playbook playbooks/app.yml -e @creds.yml --ask-vault-pass -e state="absent"

Service Template

./runsible.py {playbook_name} -n [service_name] -i [service_ip] -g [service_group]

For example:

./runsible.py iapp -n iapp_Web1 -i 10.100.115.11
# Which executes:
# ansible-playbook playbooks/iapp.yml -e @creds.yml --ask-vault-pass -e service_name="iapp_Web1" -e service_ip="10.100.115.11"

Infrastructure as Code

./runsible.py --iac

This helper script is using iac/config.yml as the L4-L7 configuration Single Source of Truth to deploy the infrastructure:

---

apps:
  iapp_Web1:
    description: A web app protected by WAF
    ip: 10.100.115.11
    group: prod
    state: true
  iapp_Web2:
    description:
    ip: 10.100.115.12
    group:
    state: false
  iapp_Web3:
    description:
    ip: 10.100.115.13
    group:
    state: false

...

  

Demos

Imperative Playbooks

https://www.youtube.com/watch?v=5QiNgWZeOw0

Declarative Automation

https://www.youtube.com/watch?v=hy7GU2GfsWc

Infrastructure as Code

https://www.youtube.com/watch?v=vGxng8h8S5s

  

--help

./runsible.py --help
usage: runsible.py [-h] [-c] [-d] [-g GROUP] [-i IP] [-n NAME] [-t] [-v]
                   [PLAYBOOK]

Run Ansible playbooks, executing the defined tasks on targeted hosts

positional arguments:
  PLAYBOOK              playbook name (default: iapp)

optional arguments:
  -h, --help            show this help message and exit
  -c, --iac             infrastructure as code build
  -d, --deploy          deploy a playbook (default)
  -g GROUP, --group GROUP
                        inventory group for service nodes
  -i IP, --ip IP        service (VS) IP address
  -n NAME, --name NAME  service template (iApp) name
  -t, --teardown        teardown a playbook state
  -v, --verbose         increase output verbosity

https://github.com/ArtiomL/f5-ansible

f5-ansible's People

Contributors

artioml avatar

Stargazers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar avatar avatar avatar avatar

Forkers

nsharabi1 mcgonagle tsanghan asafjow paperstreetsoap oteizaa salilah mishranoob techiewarrior

f5-ansible's Issues

Slack Notifications 

---

- name: Slack
  hosts: bigips
  gather_facts: False
  connection: local

  tasks:
    - name: Slack Webhook
      slack:
        token: thetoken/generatedby/slack
        msg: 'I am alive!'
        color: good
        username: 'Ansible'

Service Templates

Deploy an iApp from an Ansible playbook

Themes introduced in the following approach:

Service Templates: F5 Service Templates, branded F5 iApps, automate the configuration of advanced L4-L7 functionality. Migrating the complexity of an F5 iApp into an Ansible playbook would take years. However, deploying an iApp from an Ansible playbook means the Ansible admin can deliver advanced L4-L7 services without the requirement for F5 domain-specific knowledge. This is the power of abstraction when Ansible playbooks and F5 iApps are combined.

Strict Updates: By default, F5 Service Templates (iApps) enable 'strict updates'. Strict updates prevent modification to BIG-IP objects outside of the service template. For example, if an administrator deployed a configuration using the template Front-end_HTML5_App_Type_1c, the objects created by the template–the virtual servers, pools, profiles, health-check monitors, etc–would only be editable via the template. The administrator cannot directly modify the template-created BIG-IP objects outside of the template. This is important for preserving the source-of-truth in a declarative model.

forked launched from fork and execute is broken 

Unable to find image 'artioml/f5-ansible:latest' locally
latest: Pulling from artioml/f5-ansible
ff3a5c916c92: Pull complete 
6499b57f351d: Pull complete 
5d957d86217a: Pull complete 
cf772da5e7b2: Pull complete 
ec0ecb88b1e2: Pull complete 
d7f4315c990e: Pull complete 
Digest: sha256:63f1ea5c23dacd409f51d6689e0ea30a433fe81d0bbc584c22152f5d8830e97d
Status: Downloaded newer image for artioml/f5-ansible:latest
Cloning into 'f5-ansible'...
remote: Counting objects: 579, done.
remote: Compressing objects: 100% (139/139), done.
remote: Total 579 (delta 77), reused 5 (delta 1), pack-reused 438
Receiving objects: 100% (579/579), 176.90 KiB | 609.00 KiB/s, done.
Resolving deltas: 100% (265/265), done.
/opt/ansible/f5-ansible $ ls
Dockerfile    LICENSE       README.md     ansible.cfg   creds.yml     experimental  img           inventory     playbooks     runsible.py   scripts       test
/opt/ansible/f5-ansible $ ls -lah
total 72
drwxr-xr-x    9 user     user        4.0K Mar  3 07:24 .
drwxr-xr-x    1 user     user        4.0K Mar  3 07:24 ..
-rw-r--r--    1 user     user         185 Mar  3 07:24 .editorconfig
drwxr-xr-x    8 user     user        4.0K Mar  3 07:24 .git
-rw-r--r--    1 user     user        2.7K Mar  3 07:24 .travis.yml
-rw-r--r--    1 user     user         634 Mar  3 07:24 Dockerfile
-rw-r--r--    1 user     user        1.1K Mar  3 07:24 LICENSE
-rw-r--r--    1 user     user        4.1K Mar  3 07:24 README.md
-rw-r--r--    1 user     user          90 Mar  3 07:24 ansible.cfg
-rw-r--r--    1 user     user         743 Mar  3 07:24 creds.yml
drwxr-xr-x    2 user     user        4.0K Mar  3 07:24 experimental
drwxr-xr-x    2 user     user        4.0K Mar  3 07:24 img
drwxr-xr-x    3 user     user        4.0K Mar  3 07:24 inventory
drwxr-xr-x    2 user     user        4.0K Mar  3 07:24 playbooks
-rw-r--r--    1 user     user        1.7K Mar  3 07:24 runsible.py
drwxr-xr-x    2 user     user        4.0K Mar  3 07:24 scripts
drwxr-xr-x    2 user     user        4.0K Mar  3 07:24 test

If i manually change the file with chmod +x runsible.py it runs normally

Delete non-existent iApp

  • Test with runsible.py iapp and runsible.py app

  • Add a task to test if iApp exists on state=absent, and gracefully stop the playbook if it doesn't

  • For CI/CD - the iac/config.yml file will simulate IPAM:

apps:
  iapp_Web1:
    ip: 10.100.115.11
    state: true
  iapp_Web2:
    ip: 10.100.115.12
    state: false

YAML Lint

  • Dockerfile:
    pip3 install --no-cache-dir bigsuds f5-sdk netaddr deepdiff yamllint && \

  • Fix all errors / warnings in .yml files

  • test/run.sh and test/irun.sh:
    yamllint -d "{extends: default, rules: {line-length: {max: 130}}}" */*.yml

  • Move linting into the container

Run a tmsh command 

---

- name: Run a command
  hosts: bigips
  gather_facts: False
  connection: local

  tasks:
    - name: version
      bigip_command:
        commands: show sys version
        server: "{{ inventory_hostname }}"
        user: "{{ bip_user }}"
        password: "{{ bip_pass }}"
        validate_certs: "{{ val_certs }}"
      register: result

    - debug: msg="{{ result.stdout_lines }}"

Add YAML linting test

python -c 'import yaml,sys;yaml.safe_load(sys.stdin)' < config.yml
Add this to test/run.sh

Deploy containers as nodes 

- name: Start containers
  docker_container:
    name: "container{{ item }}"
    image: someuser/anotherappimage
  with_sequence: count=4

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.