Frequently Asked Questions (FAQ)

The following are frequently asked questions for Declarative Onboarding.

What is Declarative Onboarding?

F5 Declarative Onboarding (DO) is an F5 offering that provides a simple and consistent way to automate BIG-IP onboarding via Declarative REST APIs. A brother to AS3, DO provides a sustainable foundation to enable F5’s Infrastructure as Code (IaC) strategy. DO automates L1-L3 on-boarding for BIG-IP, making BIG-IP available on the network and ready to accept L4-L7 Application Services configurations.

For more information, return to F5 BIG-IP Declarative Onboarding Documentation

Where can I download DO?

The DO Extension is available Release Asset on GitHub. See Downloading and installing the BIG-IP Declarative Onboarding package for instructions.

Is DO supported by F5?

Yes. See the Support Information page on GitHub to see the versions of DO that are currently supported.

What is the “DO Container”? Is it Supported?

The DO Container was a community-supported solution, and was deprecated in DO 1.16. F5 will no longer provide new versions of DO running in a container.

How is DO different from onboarding with Ansible?

• Ansible is part of a large vendor ecosystem to manage and automate configuration of multiple platform types within the data center
• Ansible automates via imperative YAML playbooks which require knowledge of which BIG-IP modules need to be run and in which order
• Ansible is great for templatizing BIG-IP configuration tasks via Playbooks and Roles
• F5 is dependent on Ansible release schedules, whereas F5 controls the DO release schedule, allowing for a more aggressive release cadence
• Note Ansible can be used as a front-end to DO’s declarative API

See the F5 Modules for Ansible documentation for more information.

When is DO a good fit and when it is not?

DO is a good fit where:

• Declarative interface is required to abstract away the complexity of BIG-IP onboarding
• You need to onboard BIG-IP as Infrastructure as Code (IaC) via integration with DevOps pipelines

DO may not be a good fit where:

• You do not want to use a Declarative interface
• You are unwilling or unable to deploy iControl Extension RPM on BIG-IP
• You require the BIG-IP to be the configuration source-of-truth
• You want to continue using imperative interfaces to configure (not just monitor or troubleshoot) BIG-IP:
  • GUI
  • TMSH
  • iControl REST APIs

Which TMOS versions does DO require?

DO requires TMOS 13.1+

Does Declarative Onboarding support hardware platforms?

Declarative Onboarding is intended for use with Cloud and Virtual Edition images, but it will also run on and configure hardware platforms. Features specific to hardware platforms, such as creating vCMP guests and setting TurboFlex profiles are not on the Declarative Onboarding roadmap.

What is a “DO Declaration”?

• DO uses a declarative model, meaning you provide a JSON declaration rather than a set of imperative commands
• The declaration represents the configuration which DO uses to onboard BIG-IP
• The declaration does not need to be sequenced in a specific order; DO will figure out the steps and order of operations for you, making it declarative
• DO is well-defined according to the rules of the JSON Schema, and declarations are validated according to the JSON Schema

What is the VSCode DO Declaration Validator?

This capability enables you to validate an DO declaration against the DO schema using Microsoft Visual Studio Code (VSCode) editor, and is useful when composing a declaration manually or to check the accuracy of a declaration prior to deployment

See Validating a declaration for information.

Where can I find DO declaration examples?

• You can find all DO example declarations, including those for BIG-IQ, here: Example Declarations

Does DO collect any usage data?

The Declarative Onboarding (DO) Extension gathers non-identifiable usage data for the purposes of improving the product as outlined in the end user license agreement for BIG-IP. To opt out of data collection, disable BIG-IP system’s phone home feature as described in K15000.

What is F5’s Automation Toolchain API Contract?

The API Contract for the F5 Automation Toolchain (Declarative Onboarding, AS3 and Telemetry Streaming) is our assurance that we will not make arbitrary breaking changes to our API. We take this commitment seriously. We semantically version our declarative API schemas (“xx.yy.zz”) and do not make breaking changes within a minor (“yy”) or patch (“zz”) releases. For example, early declarations using AS3 schema “3.0.0” are accepted by all subsequent minor releases including “3.16.0.”

As of January 2020, no breaking changes have been made to AS3, Declarative Onboarding, or Telemetry Streaming since inception. None are anticipated at this time. A breaking change, if any, will be noted by a change to the major release number (“xx”). For example, the AS3 schema version would become “4.0.0.”

What are the values I can use for the HTTPD ciphersuite?

Prior to Declarative Onboarding 1.26, HTTPD ciphersuite values were contained in a static list with a limited number from which to choose. In DO 1.26 and later, we removed the enumerated list, and allow you to include any valid ciphersuite value.

For a list of valid ciphersuite values, see https://httpd.apache.org/docs/2.4/mod/mod_ssl.html#sslciphersuite. You can also see https://support.f5.com/csp/article/K86554600 for a list of SSL ciphers supported on BIG-IP platforms.

Where can I find the API documentation?

You can find the API documentation here: API documentation