ANSIBLE AUTOMATION CASE STUDIES 2 0 2 0 . 1 1 . 1 1 F5 BIG-IP LANDSCAPE TRANSFORMATIONS 

AGENDA • I n t ro d u c t i o n • M S U – P ro c e s s I m p ro v e m e n t & A u t o m a t i o n • C M U – C o n f i g u ra t i o n a s C o d e • B r i n g i n g i t a l l To g e t h e r • Q & A 2 

3 INTRODUCTION W h o a m I ? • MTU & CMU Alumnus • ADC Engineer @ MSU • Networking Education • Application Administration Experience 3 

4 W h a t i s t h i s ? 4 • Axiom: Automation is good for IT • How do we get there? • Specific examples • General Concepts INTRODUCTION 

MSU P R O C E S S A U T O M A T I O N 5 

6 6 • Redundant VIPRIONs hosting multiple redundant vCMP pairs • Segregation by app tier • 800+ Applications proxied ENVIRONMENT OVERVIEW 

7 P R O C E S S I M P R O V E M E N T & U S E R E N A B L E M E N T 7 • Frequent API Onboardings • Too much overhead in request & fulfilment processes • Prone to errors PROBLEM 1: API GATEWAY 

8 8 • Request Simplification • Ansible Playbook • AWX Survey • User Enablement SOLUTION 1: API GATEWAY 

9 F U L L P R O C E S S A U T O M AT I O N 9 • 800 CA-signed certificates on BIG-IP devices • 15 engineer-minutes to update each certificate • Annual renewals • 5 engineer-weeks/year lost to renewals PROBLEM 2: TLS CERT RENEWAL 

10 10 • Fully-Automated • Periodic Execution • ACME • Re-usable components SOLUTION 2: TLS CERT RENEWAL 

CMU C O N F I G U R AT I O N A S C O D E 11 

12 12 • Major architectural change • Start: 2 LTM+APM appliances + 3 non-prod VMs, all on-campus • Finish: • 2 LTM+APM appliances on-campus, 1 off-site • 1 BIG-IP DNS appliance on-campus, 1 off-site • 4 non-prod VMs on-campus, 3 off-site • 225+ Applications supported ENVIRONMENT OVERVIEW 

13 13 • New Architecture • Resolve Inconsistencies • Apply Best Practices • Prepare for the Future REFACTORING 

14 C O N F I G U R AT I O N A S C O D E 14 • Too much to configure by hand • Too much risk of inconsistencies • Poor change visibility • Poor implementation and backout processes THE PROBLEMS 

15 C O N F I G U R AT I O N A S C O D E 15 • Single playbook • Configurations maintained in git repository • Error handling & backout • All problems addressed… THE SOLUTION 

16 C O N F I G U R AT I O N A S C O D E 16 • Long runtime • Difficult removals • Scaling Issues • No BIG-IP DNS NEW PROBLEMS 

17 17 • Based on Ansible roles • Selective execution • Straightforward removals • Better scaling • BIG-IP DNS • AWX & IPAM THE REFINEMENT 

BRINGING IT ALL TOGETHER A U T O M A T I O N F O R E V E R Y O N E 18 

WHICH APPROACH WHEN? Process Automation • Fitting in • Quick wins • Smaller time budgets Configuration as Code • Lots of control (new or starting fresh) • Systematic change • Big time investment 19 

20 O V E R C O M I N G O B S TA C L E S 20 • “Local” buy-in • Time & resources • Peers • Focus on benefit to the organization HURDLES & HOOPS 

21 Y O U S H O U L D B E A U T O M AT I N G 21 • Time saved • Consistency • Repeatability • Reliability BENEFITS 

S TA R T I N G Y O U R J O U R N E Y Start small, but think big 22 

THANK YOU Ke n n y B a r n t k s b a r n t b a r n t ke n @ m s u . e d u