A10 Networks modules - Request for Testing and feedback

Hi All,

I have created 3 modules for managing A10 Networks devices, Thunder / vThunder / AX / SoftAX.
You can find them in my fork: https://github.com/mischapeters/ansible.git

The current modules are:
- a10_server
-- creating / removing a server
-- creating / removing a server port
-- disable / enable the server

- a10_service_group
-- creating / removing a service-group
-- setting the load balancing method
-- adding members to the service-group
-- disable / enable a member

- a10_virtual
-- creating / removing a virtual-server
-- creating / removing virtual-server port
-- adding a service-group
-- disable / enable the virtual-server
-- disable / enable the virtual-server port

Things that I would like to add in the near future:
- creating a source-nat pool
- adding a source-nat pool to the virtual-server port
- adding SSL certificates
- creating a Client-SSL template
- adding the Client-SSL template to the virtual-server port
- creating a health monitor
- adding the health monitor to the server port or service-group

If there is anybody who has A10 Networks in their network please give it a go.
It requires aXAPI 2.1, which got introduced in ACOS release 2.7.1. Which is now at 2.7.1-P5.

Thanx!

Mischa

PS: full disclosure, I work for A10 Networks in EMEA.

Hi,

This is very nice to see, can you perhaps link to a pull request instead so folks can leave comments there?

This is usually an easier way to track review, and IIRC that’s already been submitted.

Examples for people with A10 hardware to try would also we useful, though these could be included in the EXAMPLES section of those modules, I’d think.

Thanks!

–Michael

Hi Michael,

That makes sense. The pull request can be found at:
https://github.com/ansible/ansible/pull/7587

The examples are indeed in the code already. But here theu are:

### Examples for a10_server
# Create a new server
ansible host -m a10_server -a "host=a10adc.example.com username=axapiuser password=axapipass server_name=realserver1 server_ip=192.168.1.23"

# Add a port
ansible host -m a10_server -a "host=a10adc.example.com username=axapiuser password=axapipass server_name=realserver1 server_port=80 server_protocol=tcp"

# Disable a server
ansible host -m a10_server -a "host=a10adc.example.com username=axapiuser password=axapipass server_name=realserver1 server_status=disable"

### Examples for a10_service_group
# Create a new service-group
ansible host -m a10_service_group -a "host=a10adc.example.com username=axapiuser password=axapipass service_group=sg-80-tcp"

# Add a server
ansible host -m a10_service_group -a "host=a10adc.example.com username=axapiuser password=axapipass service_group=sg-80-tcp server_name=realserver1 server_port=80"

# Disable a server
ansible host -m a10_service_group -a "host=a10adc.example.com username=axapiuser password=axapipass service_group=sg-80-tcp server_name=realserver1 server_port=80 status=disable"

### Examples for a10_virtual
# Create a new virtual server
ansible host -m a10_virtual -a "host=a10adc.example.com username=axapiuser password=axapipass virtual_server=vip1 virtual_server_ip=192.168.1.20"

# Add a virtual port
ansible host -m a10_virtual -a "host=a10adc.example.com username=axapiuser password=axapipass virtual_server=vip1 virtual_server_ip=192.168.1.20 virtual_server_port=80 virtual_server_port_type=http service_group=sg-80-tcp"

# Disable a virtual server
ansible host -m a10_virtual -a "host=a10adc.example.com username=axapiuser password=axapipass virtual_server=vip1 status=disable"

# Disable a virtual server port
ansible host -m a10_virtual -a "host=a10adc.example.com username=axapiuser password=axapipass virtual_server=vip1 virtual_server_port=80 virtual_server_port_type=http virtual_server_port_status=disable"

Mischa

I am very new to both Ansible and A10, but it’s interesting to come across an article written 5 years ago of someone who already went down this road.
I’m using the A10 in a network capacity (DDoS appliance) I was curious if there was any way to display or output “get_facts” or show commands. At the moment I’m interesting in retrieving information, and everything I’ve been finding is ways to create/delete/modify configurations. And because I’m paranoid I’d like to know if there were safe “get_facts” to perform.

David

Hi,

We use the A10s. Those modules turned out to be not particularly useful for us, so we ended up using the API extensively to get information (both config and operational) from the devices.

kind regards
Pshem

Gotcha so does that mean you use Python scripts to leverage the A10 API, or do you somehow integrate Ansible with Python?

Hi,

For most of the stuff it’s just using the uri module, with something like this:

name: “execute command: {{ exec.meta.description }}”
uri:
method: “{{ exec.meta.method }}”
url: “https://{{ a10_device_ip }}{{ exec.meta.uri }}”
return_content: true
validate_certs: no
body_format: “{{ exec.payload is defined | ternary(‘json’, omit) }}”
body: “{{ exec.payload is defined | ternary(exec.payload, omit) }}”
headers:
Authorization: “A10 {{ signature }}”
status_code: “{{ exec.meta.status_code| default(200) }}”
timeout: 60
register: exec_result

which is executed from a loop, one call at a time.

kind regards
Pshem

Very cool. Thank you very much.