Ansible Adoption at Lockheed Martin: Network Automation of f5 BIG-IP devices with Ansible Tower

 

Ansible’s network automation modules include support for BIG-IP F5 devices. This framework separates the programming/development of the Ansible playbook from the actual execution of the code in the Ansible engine, allowing DevOps and Infrastructure-as-Code (IaC) to span the network stack. Playbook developers can call these modules that leverage the full F5 API. Operations teams can use the playbooks to automatically configure the F5 infrastructure.

At Lockheed Martin Enterprise IT, some common use cases for these Ansible modules include:
- Automated deployment of HTTP and HTTPS applications
- Managing Virtual-Servers, Pools, Monitors and other configuration objects

Intermediate experience level in Ansible is necessary to create and run these playbooks. Creating and maintaining virtual servers and other configuration objects on BIG-IP F5 is a repetitive and mundane process. Using Ansible automation provides a fast, consistent, and repeatable process. The YAML syntax allows the definition of a data dictionary, which supports the abstraction of target data from the playbook, allowing provisioning of a large number of objects. Ansible Tower provides the security controls to limit who can run these playbooks.

Another advantage is the way the network automation modules integrate seamlessly with an engine like Ansible Tower and Git, enabling a true DevOps environment. Authentication and authorization of the Ansible credentials is managed by Cisco Identity Services Engine using a 2 Factor authentication protocol. The resource account for the machine-to-machine API interface is authenticated and authorized based on an Active Directory group membership. No new software or agents need to be installed on the BIG-IP F5 hardware.

The actual presentation will involve a technical deep dive and a demo involving topics such as Network, Security and DevOps. During the demo, the presenter will author a simple playbook and check it into a version control system. This will kick-off an Ansible playbook that will run the playbook against a virtual F5 and provision objects.

The talk, presentation, deep dive and demo will give attendees an overview of the architecture, DevOps and IaC principles. It provides a pathway and a roadmap for Ansible adoption for network automation. A brief walkthrough of the data dictionary, Ansible playbook and use of an Ansible engine during the deep dive and demo will reinforce these concepts.

© 2019 Lockheed Martin Corporation. All Rights Reserved.

Slides here

Presenters:

 

Raj Ganashan, Lockheed Martin