TMOS is the f5 operating system: CLI utilities (to configure it) 

tmsh
bigpipe


Rack and installation:

Activate lldp: (always save /sys config at the end) 

modify net lldp-globals enabled
tcpdump -nni 1.1 ether proto 0x88cc

PROFILES: every setting we apply to a vip is some kind of profile.
To deploy changes (profiles in this case), we can follow this process:

  2. Use UI in CP02DEVLB01 to create profile.
  3. Log into tmos and pull the command defining that profile. We will use this to automate it in Ansible:
  4. we can use data ports for sync/heartbeat
(tmos)# list ltm profile client-ssl bondticker_wildcard one-line
ltm profile client-ssl bondticker_wildcard { app-service none cert default.crt cert-key-chain { default { cert default.crt key default.key } } chain none defaults-from mktx_tls_1.2 inherit-certkeychain true key default.key passphrase none }
(create ltm profile ...)


SELF IP explained

SYSLOGS:
Located in: 

/var/log/ltm

BONDTICKER:
it has 4 profiles. eg: compression . 

(tmos)# list ltm virtual dr.bondticker.com  profiles 


ltm virtual dr.bondticker.com {
    profiles {
        bondticker_wildcard {
            context clientside
        }
        https_front_end_https_on {
            context all
        }
        mktx_bondticker_compression {
            context all
        }
        oneconnect {
            context all
        }
        tcp {
            context all
        }
    }
}

irules:
iRULES ~= TRAFFIC POLICIES 

weblogging_math : Not sending to local disk but to the remote webloggong server. 10.30.70.53


2 vips in bondticker 

80 is redirected to 443

Eg: trn.bondticker.com & trn.bondticker.com_http
This is to see virtual servers with port 80, for instance: https://devcentral.f5.com/questions/how-to-list-virtual-servers-based-on-some-properties-like-destination-pool-profile-used

Redirection is done via an irule. (MKTX_http_to_https_redirect) (tmos)# list ltm virtual trn.bondticker.com_http rules 

ltm virtual trn.bondticker.com_http {
    rules {
        MKTX_http_to_https_redirect # <<<<<<<<<<<
    }
}


BONDLINKCS More straightforward: Only has 1 irule for weblogging

policies.
They are processed in order. Example of usage: responder and action
create policy → publicsh policy → go to virtual server and select it. 

modify ltm virtual XXXXXX policies add {


In F5 BIG-IP:

ANSIBLE General scheme of folders is as follows:

BONDTICKER adding a pool , adding a server to a pool

template_f5_bondticker_pools.yml # this is the playbook. PLAYBOOK geneartes the results in the input file and pool-vars-template.j2 # for any vip. generates the bindings inputs/pools_template_bondticker.yml

The results are created in input folder (as defined in the playbook. see dest: “../inputs/pools_bondticker_item.key.yml” ) Validate this input filr manually. Some of the entries will have to be commented out. In this case (F5). This file is FED IN TO THE API input filer: lists (3) with dictionaries.

then role takes the data from the input file and applied the API. Check the role to see how the api is called. playbook/f5_pool_bt_dvi.yml # «< this is the one really applying it . dvi # dev integration

f5_vip_bt_dvi.yml

inputs]$ vim vip_profile_global.yml –>

with variable in the ansible invocation

f5_pool_vip_bondticker.yml

playbook naming convention anything with L7 deals with the policy. assign is assigning to the vip.

f5_pool : to create node, build pool and make binding

f5_vip : to create a virtual server