F5 Programmability Training > Automation Mini Classes > Mini Class 3 - Getting Started with F5 Puppet Source | Edit on
Module 1 – Configuring and Running Puppet BIG-IP Module¶
To start the deployment, install the Puppet master and create a proxy system able to run the Puppet agent. In addition, you must install all the dependencies, including iControl gem and Faraday gem into the Puppet Ruby environment on the proxy host (Puppet agent).
In this lab, the puppet master and proxy have already been installed and provisioned.
ssh to Puppet Master from Jumphost Terminal
ssh scs@10.1.1.101
Task 1 - Download F5 module¶
Note
In this lab, F5 module has already been downloaded with the latest version. You may only perform this step to get the updated version.
Download the F5 module from https://github.com/f5devcentral/f5-puppet.
scs@master:/etc/puppetlabs/code/modules/f5_rest$ ls
CHANGELOG.md examples Gemfile lib LICENSE manifests metadata.json NOTICE pkg Rakefile README.md spec
Task 2 - Create a device.conf File¶
Note
In this lab, you may find the configuration file is already created, and you just have to verify the configuration.
Before you can use the F5 module, you must create a device.conf file in the Puppet configuration directory (/etc/puppetlabs/puppet) on the Puppet proxy:
[bigip1]
type f5
url https://admin:admin@10.1.1.246
In the above example, admin:admin@10.1.1.246 refers to Puppet’s login for the F5
device: <USERNAME>:<PASSWORD>@<IP ADDRESS OF BIGIP>.
Task 3 - Classify Your Nodes on the Puppet Master¶
Next, you enter the configuration in the relevant class statement or node
declaration in your site.pp.
Following is a sample Puppet manifest file (site.pp) for configuring a VLAN
on the BIG-IP platform:
scs@master:/etc/puppetlabs/code/environments/production/manifests$ pwd
/etc/puppetlabs/code/environments/production/manifests
node bigip1 {
f5_vlan { '/Common/test_vlan':
ensure => 'present',
auto_last_hop => 'enabled',
cmp_hash => 'src-ip',
description => 'This is VLAN 10',
fail_safe => 'enabled',
fail_safe_action => 'restart-all',
fail_safe_timeout => '90',
mtu => '1500',
sflow_polling_interval => '3000',
sflow_sampling_rate => '4000',
source_check => 'enabled',
vlan_tag => '10',
}
}
Task 4 - Run puppet device¶
Running the puppet device -v --user=root command will have the device proxy
node generate a certificate and apply your classifications to the F5 device.
As shown below, all the tasks were completed successfully with no failures.
$ sudo puppet device -v --user=root --trace
Info: starting applying configuration to bigip1 at https://10.1.1.246:443
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Caching catalog for bigip1
Info: Applying configuration version '1530306055'
Notice: /Stage[main]/Main/Node[bigip1]/F5_vlan[/Common/test_vlan]/ensure: created
Info: Node[bigip1]: Unscheduling all events on Node[bigip1]
Notice: Applied catalog in 0.57 seconds
Task 5 - Puppet resource to query a F5 device¶
Once you’ve established a basic configuration, you can explore the providers and
their allowed options by running puppet resource <TYPENAME> for each type.
Note
You must have your authentification credentials in FACTER_url
within your command, or puppet resource will not work
$ FACTER_url=https://<USERNAME>:<PASSWORD>@<IP ADDRESS OF BIGIP> puppet resource f5_vlan
$ sudo FACTER_url=https://admin:admin@10.1.1.246 puppet resource f5_vlan
f5_vlan { '/Common/test_vlan':
ensure => 'present',
auto_last_hop => 'enabled',
cmp_hash => 'src-ip',
dag_round_robin => 'disabled',
description => 'This is VLAN 10',
fail_safe => 'enabled',
fail_safe_action => 'restart-all',
fail_safe_timeout => '90',
mtu => '1500',
sflow_polling_interval => '3000',
sflow_sampling_rate => '4000',
source_check => 'enabled',
vlan_tag => '10',
}
Task 6 - Idempotency¶
All the Puppet F5 modules are idempotent, which means that tasks are executed only if the node state doesn’t match the configured or desired state. In other words, if the same manifest is run again, Puppet does not reconfigure these objects.
$ sudo puppet device -v --user=root --trace
Info: starting applying configuration to bigip1 at https://10.1.1.246:443
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Caching catalog for bigip1
Info: Applying configuration version '1530558089'
Notice: Applied catalog in 0.18 seconds
Task 7 - Remove the configuration¶
Next, modify your site.pp to the following:
node bigip1 {
f5_vlan { '/Common/test_vlan':
ensure => 'absent',
}
}
Re-run puppet device to delete the vlan:
$ sudo puppet device -v --user=root --trace
Info: starting applying configuration to bigip1 at https://10.1.1.246:443
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Caching catalog for bigip1
Info: Applying configuration version '1533924613'
Notice: /Stage[main]/Main/Node[bigip1]/F5_vlan[/Common/test_vlan]/ensure: removed
Info: Node[bigip1]: Unscheduling all events on Node[bigip1]
Notice: Applied catalog in 0.75 seconds