fully automate application delivery with puppet and f5 - puppetconf 2014

F5 Programmability and Puppet

Colin Walker, Sr. Product Management Engineer

September 2014

Programmability

© F5 Networks, Inc. 3

What is Programmability?

• Custom business logic to solve complex problems

• Glue to hold together deployments

• Turns “Not possible” into “with a little work…”

• Offers the ability to be infinitely tunable

• Leaves no deployment behind

© F5 Networks, Inc. 4

Programmability – Required for App Fluency

© F5 Networks, Inc. 5

What is Programmability at F5?

iRules iControl iApps iCall iSense tmsh

Data Plane Programmability

Programmable Management

API in SOAP and REST

Enterprise Apps,

Orchestration and

BIG-IQ

Event based handlers

Scriptable monitors

On-box Tcl based shell and programming

utility

DevCentral

Automation and Deployment

“© F5 Networks, Inc. 7

“High performing organizations deploy code 30 times more often and 8000 times faster than their peers, deploying multiple times a

day, versus an average of once a month. They also have double the change success

rate and restore service 12 times faster than their peers. The net results are lower business risk and more operational agility.”

—2013 State of DevOps Report,Puppet Labs

© F5 Networks, Inc. 8

Typical Application Deployment

10 mins

Provision VM

1-2 weeks

Request infrastructure services. Back-and-forth definition/clarification

1-2 weeks

Sit in IT queue

2-4 hrs

Infrastructure servicesconfigured

© F5 Networks, Inc. 9

Typical Application Deployment

10 mins

Provision VM

1-2 weeks

Request infrastructure services. Back-and-forth definition/clarification

1-2 weeks

Sit in IT queue

2-4 hrs

Infrastructure servicesconfigured

IT pre-defines catalog of infrastructure services

Time-to-production for all the necessaryinfrastructure services from weeks to minutes

10 mins

Provision VM

10 mins

Select correct infrastructure policy

from catalog

5 mins

Auto-configure infrastructure

services

REST

© F5 Networks, Inc. 11

Why REST? Why Now?

• An application programming interface (API) simply specifies how some software components should interact with each other

• Traditional APIs were SOAP/CRUD based using XMLor JSON – REST APIs are more standards based

API Server

© F5 Networks, Inc. 12

iControl – SOAP to REST

• iControl – The original control plane automation tool from F5• Programmatic access to anything that you can do via the CLI or GUI

• Remote API access

• SOAP/XML based

• iControl REST – A new approach to remote BIG-IP scripting• REST based architecture uses simple, small command structures.

• Tied directly to tmsh commands

• Commands you know, very low bar to entry

• Less barrier to developers promoting functionality via API

• Symmetry between GUI/CLI & API dev/maintenance

• Rapid development and rollout

© F5 Networks, Inc. 13

tmsh:modify ltm pool http-pool members modify { 10.133.20.60:any { session user-

disabled } }

iControl REST:

curl -k -u admin:admin -H "Content-Type: application/json" -X PUT -d '{"session": "user-enabled"}' https://localhost/mgmt/tm/ltm/pool/test_1-pool/members/10.133.20.60:any

tmsh vs iControl REST?

© F5 Networks, Inc. 14

Perl – Create Virtual:# create virtual&create_http_virtual_server($bigip, VS_NAME, VS_ADDRESS, VS_PORT, POOL_NAME);print "created virtual server \"" . VS_NAME . "\" with destination " . VS_ADDRESS . ":" . VS_PORT . "...\n";

sub create_http_virtual_server { my ($bigip, $name, $address, $port, $pool) = @_;

# define virtual properties my %payload; $payload{'kind'} = 'tm:ltm:virtual:virtualstate'; $payload{'name'} = $name; $payload{'description'} = 'A Perl REST::Client test virtual server'; $payload{'destination'} = $address . ':' . $port; $payload{'mask'} = '255.255.255.255'; $payload{'ipProtocol'} = 'tcp'; $payload{'sourceAddressTranslation'} = { 'type' => 'automap' }; $payload{'profiles'} = [ { 'kind' => 'ltm:virtual:profile', 'name' => 'http' }, { 'kind' => 'ltm:virtual:profile', 'name' => 'tcp' } ]; $payload{'pool'} = $pool;

my $json = encode_json \%payload;

$bigip->POST('ltm/virtual', $json);}

More RESTful Examples

Python – Create Virtual:# create virtualcreate_http_virtual(bigip, VS_NAME, VS_ADDRESS, VS_PORT, POOL_NAME)print "created virtual server \"%s\" with destination %s:%s..." % (VS_NAME, VS_ADDRESS, VS_PORT)

def create_http_virtual(bigip, name, address, port, pool):payload = {}

# define test virtualpayload['kind'] = 'tm:ltm:virtual:virtualstate'payload['name'] = namepayload['description'] = 'A Python REST client test virtual server'payload['destination'] = '%s:%s' % (address, port)payload['mask'] = '255.255.255.255'payload['ipProtocol'] = 'tcp'payload['sourceAddressTranslation'] = { 'type' : 'automap' }payload['profiles'] = [

{ 'kind' : 'ltm:virtual:profile', 'name' : 'http' }, { 'kind' : 'ltm:virtual:profile', 'name' : 'tcp' }

]payload['pool'] = pool

bigip.post('%s/ltm/virtual' % BIGIP_URL_BASE, data=json.dumps(payload))

© F5 Networks, Inc. 15

What’s this REST stuff?

• REST is based on the following simple ideas:

• REST uses URIs to refer to and to access resources

• Uses HTTP methods to change the state of resources:

en.wikipedia.org/wiki/Representational_state_transfer

GET – retrieve details or a list of something

POST – create something on the server side

PUT – update something on the server side

DELETE – delete something on the server side

© F5 Networks, Inc. 16

And Who is this JSON guy?

XML JSON<person><first name>Johnny</firstname><last name>Userguy</lastname></person>

{ "person": {  "firstname": “Johnny",  "lastname": “Userguy" } }

JSON (JavaScript Object Notation) is simply a way of passing data to a web page in a serialized way that is very easy to reconstitute into a javascript object.

{ "name":"bigip-1-1", "protocol":"HTTP", "port": "80"}

JSON classes are built into every major javascript engine, so every browser has JSON encode/decode support.

© F5 Networks, Inc. 17

What does an F5 REST call look like?

iControl REST API

© F5 Networks, Inc. 19

iControl REST API – How to start?

• Starting Point at DevCentral :• https://devcentral.f5.com/wiki/iControlREST.HomePage.ashx

• Download Documentation:• https://

devcentral.f5.com/d/icontrol-rest-user-guide-version-1150?download=true

• Some good examples are available here:• https://devcentral.f5.com/wiki/iControlREST.CodeShare.ashx

© F5 Networks, Inc. 20

iControl REST API – Direct Access

# curl -k -u admin:admin https://172.29.86.62/mgmt/tm/

{"items":[{"link":"https://localhost/mgmt/tm/cloud/ltm/node-addresses"},{"link":"https://localhost/mgmt/tm/cloud/ltm/pool-members"},{"link":"https://localhost/mgmt/tm/cloud/ltm/pools"},{"link":"https://localhost/mgmt/tm/cloud/ltm/virtual-servers"},{"link":"https://localhost/mgmt/tm/cloud/services/iapp/http_Charlie_61/health"},{"link":"https://localhost/mgmt/tm"},{"link":"https://localhost/mgmt/tm/shared/licensing/activation"},{"link":"https://localhost/mgmt/tm/shared/licensing/registration"},{"link":"https://localhost/mgmt/tm/cloud/templates/iapp"},{"link":"https://localhost/mgmt/tm/shared/sys/backup"},{"link":"https://localhost/mgmt/tm/shared/iapp/blocks"},{"link":"https://localhost/mgmt/tm/shared/iapp/health-prefix-map

• cURL

• Web Browser

• Browser Plug-In

© F5 Networks, Inc. 21

REST API example – list selfip# curl -k -u admin:admin https://172.29.86.62/mgmt/tm/net/self/internal_self2 | sed s/,/,\\n/g

{"kind":"tm:net:self:selfstate",

"name":"internal_self2",

"generation":0,

"lastUpdatedMicros":0,

"selfLink":"https://localhost/mgmt/tm/net/self/internal_self2",

"partition":"/Common/",

"address":"10.81.60.2/8",

"floating":"disabled",

"inheritedTrafficGroup":"false",

"trafficGroup":"traffic-group-local-only",

"unit":0,

"vlan":"internal"}

© F5 Networks, Inc. 22

REST API Example – Self IP

© F5 Networks, Inc. 23

REST API – Object Creation

© F5 Networks, Inc. 24

Why Puppet and F5?

• Security

• $$$$ / Budgeting

• Take advantage of virtualization

• Avoid misconfiguration

• Lessened provisioning time

• Replication of efforts

• Strong Partner Integration

“© F5 Networks, Inc. 25

“Puppet Enterprise Supported Modules, for example, are ones that have been fully

tested and validated for use with Puppet Enterprise. A number of such modules are

already available, and new modules for managing Microsoft SQL Server, F5 load

balancers, and Arista networking equipment are coming in the fourth quarter, the

company said.”

-Puppet-wearing devs: There's now an app (or two) for that,

The Register, Setpember, 2014

Next Steps

• Check out the code samples on F5.com and DevCentral

• Read the programmability white paper on DevCentral: http://www.f5.com/pdf/white-papers/the-programmable-network-white-paper.pdf

• Provide your engineers with a starting point with free training from F5 University: https://f5.com/education/training

If I can be of further assistance please contact me:

c.walker@f5.com | @colin_walker