f5devcentral.bigip_onboard

Panoramica Versioni Approfondimenti

bigip-onboarding

Ansible role to automate the setup of a BIG-IP device. This role will handle the following tasks:

  • Set the hostname of the BIG-IP
  • Configure the SSH banner text for BIG-IP
  • Set the NTP servers
  • Set the DNS servers
  • Provision modules (like ASM/AFM) on the BIG-IP
  • Configure VLANs and Self-IPs

Requirements

  • Requires Ansible version 2.6
  • Necessary packages to install:
    • pip install f5-sdk
    • pip install bigsuds
    • pip install netaddr

Role Variables

You can provide the following variables to this role, along with their descriptions:

username: admin                                     // BIG-IP username
password: admin                                     // BIG-IP password

banner_text: "--Welcome to Onboarding BIGIP--"      // Message shown when someone logs into BIG-IP via SSH

hostname: 'ansibleManaged-bigip.local'              // The hostname of the BIG-IP

ntp_servers:                                        // NTP servers for the BIG-IP
 - '172.27.1.1'
 - '172.27.1.2'

dns_servers:                                        // DNS servers for the BIG-IP
 - '8.8.8.8'
 - '4.4.4.4'

dns_search_domains:                                 // DNS search domains for the BIG-IP
 - 'local'
 - 'localhost'

device_license: 'AAAAA-BBBBB-CCCCC-DDDDD-EEEEEEE'   // BIG-IP license key (only set this if you want licensing done)

ip_version: 4                                       // DNS protocol version used

vlan_information:                                   // VLANs for the BIG-IP
 - name: 'External'                                 // Example: VLAN 'External' with tag 10
   tag: '10'                                       // Tag 10 for interface 1.1. If 'tag' is omitted, it will be untagged
   interface: '1.1'                                 
 - name: 'Internal'                                 // Example: VLAN 'Internal' with tag 11 
   tag: '11'                                       // Tag 11 for interface 1.2. If 'tag' is omitted, it will be untagged
   interface: '1.2'

selfip_information:                                 // Self-IPs for the BIG-IP
 - name: 'External-SelfIP'                                        
   address: '10.168.68.5'                                         
   netmask: '255.255.255.0'
   vlan: 'External'
   allow_service: 'default'
 - name: 'Internal-SelfIP'
   address: '192.168.68.5'
   netmask: '255.255.255.0'
   vlan: 'Internal'
   allow_service: 'default'

module_provisioning:                                 // Provisioning modules on the BIG-IP
 - name: 'asm'                                       // Enable ASM module on the BIG-IP
   level: 'nominal'

Example Playbook

- hosts: bigips
  gather_facts: false
  roles:
  - { role: f5devcentral.bigip-onboarding }

Credential Storage

Since this role requires credentials for accessing your BIG-IP, it is recommended to store these in an encrypted Ansible vault file.

Steps to do this:

  • Save your vault password in a file - ~/.vault_pass.txt
  • Run the playbook as follows - ansible-vault encrypt <<variable_filename>> --vault-password-file ~/.vault_pass.txt

For more details, see: Ansible Vault Documentation

Certificate Validation

To ensure the SSL certificates of the BIG-IP REST API are validated:

  • Set validate_certs: true
  • Create a public-private key pair
  • Upload the public key to BIG-IP (more info here)

Licensing

When licensing a BIG-IP, this role will accept the End User License Agreement (EULA) for you. It won't show the EULA, so please read it here.

Credits

More information can be found at: F5Networks GitHub

Informazioni sul progetto

Performs a basic series of on-boarding steps to bootstrap a BIG-IP system to the point that it can accept configuration.

role bigip f5 networking onboard
Installa
ansible-galaxy install f5devcentral.bigip_onboard
GitHub repository
7 stelle
7 fork
0 problemi aperti
Licenza
apache-2.0
Download
11.5k
Proprietario
F5 DevCentral
Community Supported Repos