Lab 5.1: Onboard BIG-IQ using Ansible Galaxy


Estimated time to complete: 25 minutes

Lab environment access

If you have not yet visited the page Getting Started, please do so.



This lab has steps to reset the BIG-IQ CM and DCD to its factory configuration. Plan accordingly if you need to run other classes/labs.

F5 provides Ansible Galaxy roles to onboard BIG-IQ Centralized Management (CM) and BIG-IQ Data Collection Device (DCD).

This automation scenario is composed of 4 parts:

  1. Erase the current BIG-IQ CM and DCD configuration to default.
  2. Onboard BIG-IQ CM and DCD:
    • bigiq_onboard ansible Role: Performs a basic series of on-boarding steps to bootstrap a BIG-IQ system to the point that it can accept configuration.
    • register_dcd ansible Role: Performs a series of steps needed to register a BIG-IQ provisioned as a Data Collection Device (DCD) to a BIG-IQ provisioned as a Configuration Management (CM) device.
  3. Add BIG-IPs to the BIG-IQ:
  4. Create Application Services:
    • Ansible using AS3 playbook: Use BIG-IQ Ansible and AS3 to deploy application services (see class 1, module 2).


  1. Connect via SSH or Web Shell to the system Ubuntu Lamp Server. (if you use the Web Shell, login as f5student first: su - f5student).
  2. Edit the hosts file and make sure only the and `` are not commented with a ``#.
# cd /home/f5/f5-ansible-bigiq-onboarding
# vi hosts

[f5_bigiq_cm] ansible_host= ... ansible_host=10.1.1.x ...

[f5_bigiq_dcd] ansible_host= ... ansible_host=10.1.1.x ...
  1. Reset both BIG-IQ CM and DCD.

    cd /home/f5/f5-ansible-bigiq-onboarding

    The script will do in this order:

    1. Delete existing applications (BIG-IQ and AS3)
    2. Execute the clear-rest-storage -d command on both BIG-IQ CM and DCD
    3. Reboot
  2. Wait both BIG-IQ CM and DCD come back up.

  3. Execute the script

    cd /home/f5/f5-ansible-bigiq-onboarding


The script will perform in this order:

  1. Exchange the ssh keys between the ubuntu and the BIG-IQ CM and DCD (check Credentials under Documentation tab in lab environment).

  2. Install ansible-galaxy roles

  3. Onboarding BIG-IQ CM and DCD:

    • Using bigiq_onboard role: setup hostname, role, dns, ntp, self-ip, master key, passwords (DCD first, then CM)
    • Using register_dcd role: add DCD to CM, activate necessary services (asm, afm, …)
  4. Add & discover BIG-IPs to BIG-IQ CM using the or Ansible module bigiq_device_discovery.

  5. Create Applications using Ansible playbook (AS3 or none AS3).

Ignore the following errors:

TASK [f5devcentral.bigiq_onboard : Test authentication - old credentials] *********************************************************** fatal: [udf-bigiq-dcd-01]: FAILED! => {"cache_control": "no-store, no-cache, must-revalidate", "changed": false, "connection": "close", "content": "{\"code\":401,\"message\":\"Authentication failed.\",\"originalRequestbody\":\"{\\\"username\\\":\\\"admin\\\",\\\"generation\\\":0,\\\"lastUpdateMicros\\\":0}\",\"restOperationId\":1067315,\"errorStack\":[],\"kind\":\":resterrorresponse\"}", "content_length": "206", "content_type": "application/json; charset=UTF-8", "date": "Mon, 15 Oct 2018 21:15:41 GMT", "expires": "-1", "json": {"code": 401, "errorStack": [], "kind": ":resterrorresponse", "message": "Authentication failed.", "originalRequestbody": "{\"username\":\"admin\",\"generation\":0,\"lastUpdateMicros\":0}", "restOperationId": 1067315}, "msg": "Status code was 401 and not [200]: HTTP Error 401: Unauthorized", "pragma": "no-cache", "redirected": false, "server": "webd", "status": 401, "url": ""} ...ignoring
  1. At the end of the lab, the BIG-IQ CM and DCD should be configured with BIG-IP being managed and few application services deployed.