Ansible Automation Case Studies: F5 BIG-IP Landscape Transformations

Transcript

1. ANSIBLE AUTOMATION CASE STUDIES 2 0 2 0 . 1

   1 . 1 1 F5 BIG-IP LANDSCAPE TRANSFORMATIONS

2. AGENDA • I n t ro d u c t

   i o n • M S U – P ro c e s s I m p ro v e m e n t & A u t o m a t i o n • C M U – C o n f i g u ra t i o n a s C o d e • B r i n g i n g i t a l l To g e t h e r • Q & A 2

3. 3 INTRODUCTION W h o a m I ? •

   MTU & CMU Alumnus • ADC Engineer @ MSU • Networking Education • Application Administration Experience 3

4. 4 W h a t i s t h i

   s ? 4 • Axiom: Automation is good for IT • How do we get there? • Specific examples • General Concepts INTRODUCTION

5. MSU P R O C E S S A U

   T O M A T I O N 5

6. 6 6 • Redundant VIPRIONs hosting multiple redundant vCMP pairs

   • Segregation by app tier • 800+ Applications proxied ENVIRONMENT OVERVIEW

7. 7 P R O C E S S I M

   P R O V E M E N T & U S E R E N A B L E M E N T 7 • Frequent API Onboardings • Too much overhead in request & fulfilment processes • Prone to errors PROBLEM 1: API GATEWAY

8. 8 8 • Request Simplification • Ansible Playbook • AWX

   Survey • User Enablement SOLUTION 1: API GATEWAY

9. 9 F U L L P R O C E

   S S A U T O M AT I O N 9 • 800 CA-signed certificates on BIG-IP devices • 15 engineer-minutes to update each certificate • Annual renewals • 5 engineer-weeks/year lost to renewals PROBLEM 2: TLS CERT RENEWAL

10. 10 10 • Fully-Automated • Periodic Execution • ACME •

    Re-usable components SOLUTION 2: TLS CERT RENEWAL

11. CMU C O N F I G U R AT

    I O N A S C O D E 11

12. 12 12 • Major architectural change • Start: 2 LTM+APM

    appliances + 3 non-prod VMs, all on-campus • Finish: • 2 LTM+APM appliances on-campus, 1 off-site • 1 BIG-IP DNS appliance on-campus, 1 off-site • 4 non-prod VMs on-campus, 3 off-site • 225+ Applications supported ENVIRONMENT OVERVIEW

13. 13 13 • New Architecture • Resolve Inconsistencies • Apply

    Best Practices • Prepare for the Future REFACTORING

14. 14 C O N F I G U R AT

    I O N A S C O D E 14 • Too much to configure by hand • Too much risk of inconsistencies • Poor change visibility • Poor implementation and backout processes THE PROBLEMS

15. 15 C O N F I G U R AT

    I O N A S C O D E 15 • Single playbook • Configurations maintained in git repository • Error handling & backout • All problems addressed… THE SOLUTION

16. 16 C O N F I G U R AT

    I O N A S C O D E 16 • Long runtime • Difficult removals • Scaling Issues • No BIG-IP DNS NEW PROBLEMS

17. 17 17 • Based on Ansible roles • Selective execution

    • Straightforward removals • Better scaling • BIG-IP DNS • AWX & IPAM THE REFINEMENT

18. BRINGING IT ALL TOGETHER A U T O M A

    T I O N F O R E V E R Y O N E 18

19. WHICH APPROACH WHEN? Process Automation • Fitting in • Quick

    wins • Smaller time budgets Configuration as Code • Lots of control (new or starting fresh) • Systematic change • Big time investment 19

20. 20 O V E R C O M I N

    G O B S TA C L E S 20 • “Local” buy-in • Time & resources • Peers • Focus on benefit to the organization HURDLES & HOOPS

21. 21 Y O U S H O U L D

    B E A U T O M AT I N G 21 • Time saved • Consistency • Repeatability • Reliability BENEFITS

22. S TA R T I N G Y O U

    R J O U R N E Y Start small, but think big 22

23. THANK YOU Ke n n y B a r n

    t k s b a r n t b a r n t ke n @ m s u . e d u