Warning: this project is currently work in progress, pending sections are planned features.
The F5 module was written against F5 VE version 10.1.0.3341. F5 have released version 11 with several API changes but currently they have not released any hardware or software running version 11. This provider uses several version 10 API, so it is not expected to work with older F5 devices.
Since we can not directly install a puppet agent on F5, it is managed through an intermediate proxy system running puppet agent similar to cisco devices. The requirement for the proxy system:
- Puppet 2.7.+
- F5 iControl gem
The following puppet manifest will deploy f5 gem on the f5_proxy system and deploy the appropriate config:
node f5_proxy_system {
include f5
f5::config { "f5.puppetlabs.lan":
username => 'admin',
password => 'admin',
url => 'f5.puppetlabs.lan',
target => '/etc/puppetlabs/puppet/device/f5.puppetlabs.lan.conf'
}
cron { "bigip":
command => 'puppet device --deviceconf /etc/puppetlabs/puppet/f5.puppetlabs.lan.conf',
min => fqdn_rand(60),
}
}
-
Create F5 Device configuration file in $confdir/device.conf (typically /etc/puppet/device.conf or /etc/puppetlabs/puppet/device.conf)
[certname] type f5 url https://username:password@address/ -
Create the corresponding node configuration on the puppet master site.pp:
node f5.puppetlabs.lan { f5_rule { 'demo': ensure => 'present', definition => 'when HTTP_REQUEST {}', } } -
Execute puppet device command *:
$ puppet device -
Currently to simplify testing we allow usage of custom puppet fact to query/configure f5 resources against a specific system *:
$ FACTER_url=https://admin:[email protected]/ puppet resource f5_rule
-
puppet agent on the proxy system will only enforce the system catalog, and it will not enforce the network device catalog. Network devices should be scheduled via cron to run puppet device command with the appropriate flags.
-
puppet device will run against all device specified in device.conf. If they should not be applied simultanously, maintain seperate conf files for f5 device and specify --deviceconfig.
-
Because pluginsync only support custom facts/functions #7316, all puppet commands needs the appropriate RUBYLIB path (including puppet master):
export RUBYLIB=/etc/puppet/modules/puppetlabs-f5/lib/
For more information see: http://www.puppetlabs.com/blog/puppet-network-device-management/
Similar to Puppet 2.7 cisco devices, the F5 facts are not collected via facter, so please review $vardir/yaml/facts for F5 system information.
--- !ruby/object:Puppet::Node::Facts
expiration: 2011-08-19 10:26:54.779410 -07:00
name: bigip
values:
clientversion: 2.7.2
environment: production
clientcert: bigip
!ruby/sym _timestamp: 2011-08-19 09:56:55.077534 -07:00
!ruby/sym annunciator_board_part_revision: ""
!ruby/sym annunciator_board_serial: ""
!ruby/sym chassis_serial: b500b9b79397
!ruby/sym disk_free_/: 82 MB
!ruby/sym disk_free_/config: 369 MB
!ruby/sym disk_free_/shared: 1835 MB
!ruby/sym disk_free_/usr: 301 MB
!ruby/sym disk_free_/var/log: 1829 MB
!ruby/sym disk_free_/var: 2219 MB
!ruby/sym disk_size_/: 201 MB
!ruby/sym disk_size_/config: 398 MB
!ruby/sym disk_size_/shared: 2015 MB
!ruby/sym disk_size_/usr: 1007 MB
!ruby/sym disk_size_/var/log: 2015 MB
!ruby/sym disk_size_/var: 2421 MB
!ruby/sym domain: puppetlabs.lan
!ruby/sym fqdn: f5.puppetlabs.lan
!ruby/sym group_id: DefaultGroup
!ruby/sym hardware_cache_size: 3072 KB
!ruby/sym hardware_cores: "1"
!ruby/sym hardware_cpu_mhz: "2654.616"
!ruby/sym hardware_cpus: &id002 cpus
!ruby/sym hardware_cpus_model: *id001
!ruby/sym hardware_cpus_slot: "0"
!ruby/sym hardwaremodel: i686
!ruby/sym host_board_part_revision: ""
!ruby/sym host_board_serial: ""
!ruby/sym hostname: f5
!ruby/sym macaddress: 00:0C:29:B7:93:97
!ruby/sym marketing_name: Z99
!ruby/sym model: &id001 Intel(R) Core(TM)2 Duo CPU P8800 @ 2.66GHz
!ruby/sym name: *id002
!ruby/sym os_release: 2.6.18-164.2.1.el5.1.0.f5app
!ruby/sym os_version: "#1 SMP Sat Feb 6 00:16:40 PST 2010"
!ruby/sym platform: Z99
!ruby/sym product_category: Z99
!ruby/sym pva_version: ""
!ruby/sym slot: "0"
!ruby/sym switch_board_part_revision: ""
!ruby/sym switch_board_serial: ""
!ruby/sym system_id: 568E1D2F-1974-0D1B-F952-4691FBEAE92D
!ruby/sym system_name: Linux
!ruby/sym timezone: PDT
!ruby/sym uptime: 1 days
!ruby/sym uptime_days: "1"
!ruby/sym uptime_hours: "30"
!ruby/sym uptime_seconds: "108141"
!ruby/sym version: BIG-IP_v10.1.0
Sample F5 configuration output gather by puppet resource:
f5_certificate { 'ca-bundle':
ensure => 'present',
}
f5_node { '192.168.1.1':
ensure => 'present',
connection_limit => ['0', '10'],
dynamic_ratio => '1',
ratio => '1',
session_enabled_state => 'STATE_ENABLED',
}
f5_pool { 'webserver':
ensure => 'present',
action_on_service_down => 'SERVICE_DOWN_ACTION_NONE',
allow_nat_state => 'STATE_ENABLED',
allow_snat_state => 'STATE_ENABLED',
client_ip_tos => '65535',
client_link_qos => '65535',
gateway_failsafe_unit_id => '0',
lb_method => 'LB_METHOD_ROUND_ROBIN',
member => ['192.168.1.1:80', '192.168.1.2:80'],
minimum_active_member => '0',
minimum_up_member => '0',
minimum_up_member_action => 'HA_ACTION_FAILOVER',
minimum_up_member_enabled_state => 'STATE_DISABLED',
monitor_association => '#<SOAP::Mapping::Object:0x10443c470>',
server_ip_tos => '65535',
server_link_qos => '65535',
simple_timeout => '0',
slow_ramp_time => '10',
}
f5_rule { 'demo':
ensure => 'present',
definition => 'when HTTP_REQUEST {}',
}
f5_snat { 'nat':
ensure => 'present',
connection_mirror_state => 'STATE_DISABLED',
original_address => ['0.0.0.0', '0.0.0.0'],
source_port_behavior => 'SOURCE_PORT_PRESERVE',
translation_target => ['SNAT_TYPE_TRANSLATION_ADDRESS', '10.10.10.10'],
vlan => ['STATE_DISABLED', ''],
}
f5_snatpool { 'nat_pool':
ensure => 'present',
member => ['1.1.1.1', '1.1.1.2'],
}
f5_snattranslationaddress { '1.1.1.1':
ensure => 'present',
arp_state => 'STATE_ENABLED',
connection_limit => ['0', '0'],
ip_timeout => '4294967295',
tcp_timeout => '4294967295',
udp_timeout => '4294967295',
unit_id => '1',
}
f5_virtualserver { 'www':
ensure => 'present',
availability_status => 'AVAILABILITY_STATUS_BLUE',
enabled_status => 'ENABLED_STATUS_DISABLED',
}