This is an old revision of the document!
- Local Traffic Manager, directs different types of protocol and application traffic to an appropriate destination server
- WebAccelerator™
- BIGIP+LTM+APM (Local Traffic Manager + Application Security Manager)
TMOS is the f5 operating system: CLI utilities (to configure it)
tmsh bigpipe
PROFILES: every setting we apply to a vip is some kind of profile.
To deploy changes (profiles in this case), we can follow this process:
- Use UI in CP02DEVLB01 to create profile.
- Log into tmos and pull the command defining that profile. We will use this to automate it in Ansible:
(tmos)# list ltm profile client-ssl bondticker_wildcard one-line
ltm profile client-ssl bondticker_wildcard { app-service none cert default.crt cert-key-chain { default { cert default.crt key default.key } } chain none defaults-from mktx_tls_1.2 inherit-certkeychain true key default.key passphrase none }
(create ltm profile ...)
BONDTICKER: it has 4 profiles. eg: compression . (tmos)# list ltm virtual dr.bondticker.com profiles ltm virtual dr.bondticker.com {
profiles {
bondticker_wildcard {
context clientside
}
https_front_end_https_on {
context all
}
mktx_bondticker_compression {
context all
}
oneconnect {
context all
}
tcp {
context all
}
}
}
- irules:
weblogging_math : Not sending to local disk but to the remote webloggong server. 10.30.70.53
2 vips in bondticker
80 is redirected to 443
Eg: trn.bondticker.com & trn.bondticker.com_http (This is to see virtual servers with port 80, for instance:
https://devcentral.f5.com/questions/how-to-list-virtual-servers-based-on-some-properties-like-destination-pool-profile-used)
Redirection is done via an irule. (MKTX_http_to_https_redirect) (tmos)# list ltm virtual trn.bondticker.com_http rules ltm virtual trn.bondticker.com_http {
rules {
MKTX_http_to_https_redirect # <<<<<<<<<<<
}
}
- policies. They are processed in order. Example of usage: responder and action create policy → publicsh policy → go to virtual server and select it. modify ltm virtual XXXXXX policies add { YYYYY}
BONDLINKCS More straighforward Only has 1 irule for weblogging
!———————-
ANSIBLE inventory — where host information host specific variable input — input information where all application specific variables are stored playbooks — what you actually put together templates — jinja2 file roles – function that groups together tasks into one module …
BONDTICKER
adding a pool , adding a server to a pool
template_f5_bondticker_pools.yml # this is the playbook. PLAYBOOK geneartes the results in the input file and pool-vars-template.j2 # for any vip. generates the bindings inputs/pools_template_bondticker.yml
The results are created in input folder (as defined in the playbook. see dest: “../inputs/pools_bondticker_item.key.yml” ) Validate this input filr manually. Some of the entries will have to be commented out. In this case (F5). This file is FED IN TO THE API input filer: lists (3) with dictionaries.
then role takes the data from the input file and applied the API. Check the role to see how the api is called. playbook/f5_pool_bt_dvi.yml # «< this is the one really applying it . dvi # dev integration
f5_vip_bt_dvi.yml
inputs]$ vim vip_profile_global.yml –>
with variable in the ansible invocation
f5_pool_vip_bondticker.yml
playbook naming convention anything with L7 deals with the policy. assign is assigning to the vip.
f5_pool : to create node, build pool and make binding
f5_vip : to create a virtual server
