This is an old revision of the document!
- Local Traffic Manager, directs different types of protocol and application traffic to an appropriate destination server
- WebAccelerator™
- BIGIP+LTM+APM (Local Traffic Manager + Application Security Manager)
TMOS is the f5 operating system: CLI utilities (to configure it)
tmsh bigpipe
PROFILES: every setting we apply to a vip is some kind of profile.
To deploy changes (profiles in this case), we can follow this process:
- Use UI in CP02DEVLB01 to create profile.
- Log into tmos and pull the command defining that profile. We will use this to automate it in Ansible:
(tmos)# list ltm profile client-ssl bondticker_wildcard one-line
ltm profile client-ssl bondticker_wildcard { app-service none cert default.crt cert-key-chain { default { cert default.crt key default.key } } chain none defaults-from mktx_tls_1.2 inherit-certkeychain true key default.key passphrase none }
(create ltm profile ...)
BONDTICKER:
it has 4 profiles. eg: compression .
(tmos)# list ltm virtual dr.bondticker.com profiles
ltm virtual dr.bondticker.com {
profiles {
bondticker_wildcard {
context clientside
}
https_front_end_https_on {
context all
}
mktx_bondticker_compression {
context all
}
oneconnect {
context all
}
tcp {
context all
}
}
}
irules:
weblogging_math : Not sending to local disk but to the remote webloggong server. 10.30.70.53
2 vips in bondticker
80 is redirected to 443
Eg: trn.bondticker.com & trn.bondticker.com_http
This is to see virtual servers with port 80, for instance: https://devcentral.f5.com/questions/how-to-list-virtual-servers-based-on-some-properties-like-destination-pool-profile-used
Redirection is done via an irule. (MKTX_http_to_https_redirect) (tmos)# list ltm virtual trn.bondticker.com_http rules
ltm virtual trn.bondticker.com_http {
rules {
MKTX_http_to_https_redirect # <<<<<<<<<<<
}
}
BONDLINKCS More straightforward: Only has 1 irule for weblogging
policies.
They are processed in order. Example of usage: responder and action
create policy → publicsh policy → go to virtual server and select it.
modify ltm virtual XXXXXX policies add {
—-
In F5 BIG-IP:
ANSIBLE General scheme of folders is as follows:
- inventory — where host information host specific variable
- input — input information where all application specific variables are stored
- playbooks — what you actually put together
- templates — jinja2 file
- roles – function that groups together tasks into one module …
BONDTICKER adding a pool , adding a server to a pool
template_f5_bondticker_pools.yml # this is the playbook. PLAYBOOK geneartes the results in the input file and pool-vars-template.j2 # for any vip. generates the bindings inputs/pools_template_bondticker.yml
The results are created in input folder (as defined in the playbook. see dest: “../inputs/pools_bondticker_item.key.yml” ) Validate this input filr manually. Some of the entries will have to be commented out. In this case (F5). This file is FED IN TO THE API input filer: lists (3) with dictionaries.
then role takes the data from the input file and applied the API. Check the role to see how the api is called. playbook/f5_pool_bt_dvi.yml # «< this is the one really applying it . dvi # dev integration
f5_vip_bt_dvi.yml
inputs]$ vim vip_profile_global.yml –>
with variable in the ansible invocation
f5_pool_vip_bondticker.yml
playbook naming convention anything with L7 deals with the policy. assign is assigning to the vip.
f5_pool : to create node, build pool and make binding
f5_vip : to create a virtual server
