Exercise 1.6: Using the bigip_irule module

Objective

Demonstrate use of the BIG-IP irule module to add iRules to a BIG-IP and then attach the iRules to a virtual server.

Guide

Step 1

Using your text editor of choice create a new file called bigip-irule.yml.

[student1@ansible ~]$ nano bigip-irule.yml

``vim`` and ``nano`` are available on the control node

Step 2

Enter the following play definition into bigip-irule.yml:

- name: BIG-IP SETUP
  hosts: lb
  connection: local
  gather_facts: false

  vars:
   irules: ['irule1','irule2']
  • The --- at the top of the file indicates that this is a YAML file.
  • The hosts: f5, indicates the play is run only on the F5 BIG-IP device
  • connection: local tells the Playbook to run locally (rather than SSHing to itself)
  • gather_facts: no disables facts gathering. We are not using any fact variables for this playbook.

Step 3

Create two dummy irules with the names ‘irule1’ and ‘irule2’

[student1@ansible ~]$ nano irule1

when HTTP_REQUEST {
       log local0. "Accessing iRule1"
}

Save the file

[student1@ansible ~]$ nano irule2

when HTTP_REQUEST {
       log local0. "Accessing iRule2"
}

Save the file

Step 4

Next, add the task. This task will use the bigip-irule to add irules to the BIG-IP.

- name: BIG-IP SETUP
  hosts: lb
  connection: local
  gather_facts: false

  vars:
   irules: ['irule1','irule2']

  tasks:

  - set_fact:
     provider:
      server: "{{private_ip}}"
      user: "{{ansible_user}}"
      password: "{{ansible_ssh_pass}}"
      server_port: 8443
      validate_certs: no

  - name: ADD iRules
    bigip_irule:
      provider: "{{provider}}"
      module: "ltm"
      name: "{{item}}"
      content: "{{lookup('file','{{item}}')}}"
    with_items: "{{irules}}"
  • A variable 'irules' is a list defined with two irules => ‘irule1’ and irule2’
  • name: ADD iRules is a user defined description that will display in the terminal output.
  • bigip_irule: tells the task which module to use.
  • The module: ltm paramters tells the module which BIG-IP module(ltm) the iRule is for
  • The name: "{{item}}" parameter tells the module to create an iRule with the name ‘irule1’ and ‘irule2’
  • The content: "{{lookup('file','{{item}}')}}" parameter tells the module what content to add to the iRule using the lookup plugin
  • loop: tells the task to loop over the provided list. The list in this case is the list of iRules.

Step 5

Next, add the task. This task will use the bigip_virtual_server to add attach the iRules to a Virtual Server on the BIG-IP.

- name: BIG-IP SETUP
  hosts: lb
  connection: local
  gather_facts: false

  vars:
   irules: ['irule1','irule2']

  tasks:

  - set_fact:
     provider:
      server: "{{private_ip}}"
      user: "{{ansible_user}}"
      password: "{{ansible_ssh_pass}}"
      server_port: 8443
      validate_certs: no

  - name: ADD iRules
    bigip_irule:
      provider: "{{provider}}"
      module: "ltm"
      name: "{{item}}"
      content: "{{lookup('file','{{item}}')}}"
    with_items: "{{irules}}"

  - name: ATTACH iRules TO VIRTUAL SERVER
    bigip_virtual_server:
      provider: "{{provider}}"
      name: "vip"
      irules: "{{irules}}"
  • irules: "{{irules}} is a list of irules to be attached to the virtual server ‘irule1’ and ‘irule2’

Details of BIG-IP virtual_Server module or reference Exercise 1.5

Step 6

Run the playbook - exit back into the command line of the control host and execute the following:

[student1@ansible ~]$ ansible-playbook bigip-irule.yml

Playbook Output

[student1@ansible]$ ansible-playbook bigip-irule.yml

PLAY [BIG-IP SETUP] *********************************************************************************************************************************

TASK [ADD iRules] *********************************************************************************************************************************
changed: [f5] => (item=irule1)
changed: [f5] => (item=irule2)

TASK [ATTACH iRules TO VIRTUAL SERVER] **********************************************************************************************************************
changed: [f5]

PLAY RECAP *********************************************************************************************************************************
f5                         : ok=2    changed=2    unreachable=0    failed=0

Solution

The finished Ansible Playbook is provided here for an Answer key. Click here: bigip-irule.yml.

Verifying the Solution

To see the configured iRules and Virtual Server, login to the F5 load balancer with your web browser.

Grab the IP information for the F5 load balancer from the /home/studentX/networking_workshop/lab_inventory/hosts file, and type it in like so: https://X.X.X.X:8443/

Login information for the BIG-IP: - username: admin - password: provided by instructor defaults to ansible

The list of iRules can be found by navigating the menu on the left. Click on Local Traffic-> iRules -> iRules List.

To view the Virtual Server click on Local Traffic-> Virtual Servers, click on the Virtual Server named ‘vip’ then click on the ‘resources’ tab and view the iRules attached to the Virtual Server

You have finished this exercise.