fully automate application delivery with puppet and f5 - puppetconf 2014
DESCRIPTION
Fully Automate Application Delivery with Puppet and F5 - Colin Walker, F5TRANSCRIPT
F5 Programmability and Puppet
Colin Walker, Sr. Product Management Engineer
September 2014
Programmability
© F5 Networks, Inc. 3
What is Programmability?
• Custom business logic to solve complex problems
• Glue to hold together deployments
• Turns “Not possible” into “with a little work…”
• Offers the ability to be infinitely tunable
• Leaves no deployment behind
© F5 Networks, Inc. 4
Programmability – Required for App Fluency
© F5 Networks, Inc. 5
What is Programmability at F5?
iRules iControl iApps iCall iSense tmsh
Data Plane Programmability
Programmable Management
API in SOAP and REST
Enterprise Apps,
Orchestration and
BIG-IQ
Event based handlers
Scriptable monitors
On-box Tcl based shell and programming
utility
DevCentral
Automation and Deployment
“© F5 Networks, Inc. 7
“High performing organizations deploy code 30 times more often and 8000 times faster than their peers, deploying multiple times a
day, versus an average of once a month. They also have double the change success
rate and restore service 12 times faster than their peers. The net results are lower business risk and more operational agility.”
—2013 State of DevOps Report,Puppet Labs
© F5 Networks, Inc. 8
Typical Application Deployment
10 mins
Provision VM
1-2 weeks
Request infrastructure services. Back-and-forth definition/clarification
1-2 weeks
Sit in IT queue
2-4 hrs
Infrastructure servicesconfigured
© F5 Networks, Inc. 9
Typical Application Deployment
10 mins
Provision VM
1-2 weeks
Request infrastructure services. Back-and-forth definition/clarification
1-2 weeks
Sit in IT queue
2-4 hrs
Infrastructure servicesconfigured
IT pre-defines catalog of infrastructure services
Time-to-production for all the necessaryinfrastructure services from weeks to minutes
10 mins
Provision VM
10 mins
Select correct infrastructure policy
from catalog
5 mins
Auto-configure infrastructure
services
REST
© F5 Networks, Inc. 11
Why REST? Why Now?
• An application programming interface (API) simply specifies how some software components should interact with each other
• Traditional APIs were SOAP/CRUD based using XMLor JSON – REST APIs are more standards based
API Server
© F5 Networks, Inc. 12
iControl – SOAP to REST
• iControl – The original control plane automation tool from F5• Programmatic access to anything that you can do via the CLI or GUI
• Remote API access
• SOAP/XML based
• iControl REST – A new approach to remote BIG-IP scripting• REST based architecture uses simple, small command structures.
• Tied directly to tmsh commands
• Commands you know, very low bar to entry
• Less barrier to developers promoting functionality via API
• Symmetry between GUI/CLI & API dev/maintenance
• Rapid development and rollout
© F5 Networks, Inc. 13
tmsh:modify ltm pool http-pool members modify { 10.133.20.60:any { session user-
disabled } }
iControl REST:
curl -k -u admin:admin -H "Content-Type: application/json" -X PUT -d '{"session": "user-enabled"}' https://localhost/mgmt/tm/ltm/pool/test_1-pool/members/10.133.20.60:any
tmsh vs iControl REST?
© F5 Networks, Inc. 14
Perl – Create Virtual:# create virtual&create_http_virtual_server($bigip, VS_NAME, VS_ADDRESS, VS_PORT, POOL_NAME);print "created virtual server \"" . VS_NAME . "\" with destination " . VS_ADDRESS . ":" . VS_PORT . "...\n";
sub create_http_virtual_server { my ($bigip, $name, $address, $port, $pool) = @_;
# define virtual properties my %payload; $payload{'kind'} = 'tm:ltm:virtual:virtualstate'; $payload{'name'} = $name; $payload{'description'} = 'A Perl REST::Client test virtual server'; $payload{'destination'} = $address . ':' . $port; $payload{'mask'} = '255.255.255.255'; $payload{'ipProtocol'} = 'tcp'; $payload{'sourceAddressTranslation'} = { 'type' => 'automap' }; $payload{'profiles'} = [ { 'kind' => 'ltm:virtual:profile', 'name' => 'http' }, { 'kind' => 'ltm:virtual:profile', 'name' => 'tcp' } ]; $payload{'pool'} = $pool;
my $json = encode_json \%payload;
$bigip->POST('ltm/virtual', $json);}
More RESTful Examples
Python – Create Virtual:# create virtualcreate_http_virtual(bigip, VS_NAME, VS_ADDRESS, VS_PORT, POOL_NAME)print "created virtual server \"%s\" with destination %s:%s..." % (VS_NAME, VS_ADDRESS, VS_PORT)
def create_http_virtual(bigip, name, address, port, pool):payload = {}
# define test virtualpayload['kind'] = 'tm:ltm:virtual:virtualstate'payload['name'] = namepayload['description'] = 'A Python REST client test virtual server'payload['destination'] = '%s:%s' % (address, port)payload['mask'] = '255.255.255.255'payload['ipProtocol'] = 'tcp'payload['sourceAddressTranslation'] = { 'type' : 'automap' }payload['profiles'] = [
{ 'kind' : 'ltm:virtual:profile', 'name' : 'http' }, { 'kind' : 'ltm:virtual:profile', 'name' : 'tcp' }
]payload['pool'] = pool
bigip.post('%s/ltm/virtual' % BIGIP_URL_BASE, data=json.dumps(payload))
© F5 Networks, Inc. 15
What’s this REST stuff?
• REST is based on the following simple ideas:
• REST uses URIs to refer to and to access resources
• Uses HTTP methods to change the state of resources:
en.wikipedia.org/wiki/Representational_state_transfer
GET – retrieve details or a list of something
POST – create something on the server side
PUT – update something on the server side
DELETE – delete something on the server side
© F5 Networks, Inc. 16
And Who is this JSON guy?
XML JSON<person><first name>Johnny</firstname><last name>Userguy</lastname></person>
{ "person": { "firstname": “Johnny", "lastname": “Userguy" } }
JSON (JavaScript Object Notation) is simply a way of passing data to a web page in a serialized way that is very easy to reconstitute into a javascript object.
{ "name":"bigip-1-1", "protocol":"HTTP", "port": "80"}
JSON classes are built into every major javascript engine, so every browser has JSON encode/decode support.
© F5 Networks, Inc. 17
What does an F5 REST call look like?
iControl REST API
© F5 Networks, Inc. 19
iControl REST API – How to start?
• Starting Point at DevCentral :• https://devcentral.f5.com/wiki/iControlREST.HomePage.ashx
• Download Documentation:• https://
devcentral.f5.com/d/icontrol-rest-user-guide-version-1150?download=true
• Some good examples are available here:• https://devcentral.f5.com/wiki/iControlREST.CodeShare.ashx
© F5 Networks, Inc. 20
iControl REST API – Direct Access
# curl -k -u admin:admin https://172.29.86.62/mgmt/tm/
{"items":[{"link":"https://localhost/mgmt/tm/cloud/ltm/node-addresses"},{"link":"https://localhost/mgmt/tm/cloud/ltm/pool-members"},{"link":"https://localhost/mgmt/tm/cloud/ltm/pools"},{"link":"https://localhost/mgmt/tm/cloud/ltm/virtual-servers"},{"link":"https://localhost/mgmt/tm/cloud/services/iapp/http_Charlie_61/health"},{"link":"https://localhost/mgmt/tm"},{"link":"https://localhost/mgmt/tm/shared/licensing/activation"},{"link":"https://localhost/mgmt/tm/shared/licensing/registration"},{"link":"https://localhost/mgmt/tm/cloud/templates/iapp"},{"link":"https://localhost/mgmt/tm/shared/sys/backup"},{"link":"https://localhost/mgmt/tm/shared/iapp/blocks"},{"link":"https://localhost/mgmt/tm/shared/iapp/health-prefix-map
• cURL
• Web Browser
• Browser Plug-In
© F5 Networks, Inc. 21
REST API example – list selfip# curl -k -u admin:admin https://172.29.86.62/mgmt/tm/net/self/internal_self2 | sed s/,/,\\n/g
{"kind":"tm:net:self:selfstate",
"name":"internal_self2",
"generation":0,
"lastUpdatedMicros":0,
"selfLink":"https://localhost/mgmt/tm/net/self/internal_self2",
"partition":"/Common/",
"address":"10.81.60.2/8",
"floating":"disabled",
"inheritedTrafficGroup":"false",
"trafficGroup":"traffic-group-local-only",
"unit":0,
"vlan":"internal"}
© F5 Networks, Inc. 22
REST API Example – Self IP
© F5 Networks, Inc. 23
REST API – Object Creation
© F5 Networks, Inc. 24
Why Puppet and F5?
• Security
• $$$$ / Budgeting
• Take advantage of virtualization
• Avoid misconfiguration
• Lessened provisioning time
• Replication of efforts
• Strong Partner Integration
“© F5 Networks, Inc. 25
“Puppet Enterprise Supported Modules, for example, are ones that have been fully
tested and validated for use with Puppet Enterprise. A number of such modules are
already available, and new modules for managing Microsoft SQL Server, F5 load
balancers, and Arista networking equipment are coming in the fourth quarter, the
company said.”
-Puppet-wearing devs: There's now an app (or two) for that,
The Register, Setpember, 2014
Next Steps
• Check out the code samples on F5.com and DevCentral
• Read the programmability white paper on DevCentral: http://www.f5.com/pdf/white-papers/the-programmable-network-white-paper.pdf
• Provide your engineers with a starting point with free training from F5 University: https://f5.com/education/training
If I can be of further assistance please contact me:
[email protected] | @colin_walker
