We are looking into automating our network failover between datacenters using the F5 network modules. http://docs.ansible.com/list_of_network_modules.html.
I’ve been able to do simple things like gather facts, add/delete nodes, add/delete pools but one thing I am missing is being able to disable a node or pool. I don’t necessarily want to delete a node to in essence disable it. I can’t find any documentation stating this is possible. Has anyone come across a way to do this?
Thanks.
As far as I know, the modules don't support that now. Might be a feasible
addition, but keep in mind bigip has an extremely extensive API for every
object, which is not always easy to put into a 1 module.
I'd say, file a feature request, but I dont think it's something the core
team can and will support.
I wrote one of those modules, and Matt Hite most others. Not sure who else
is there to maintain/extend them.
I might have a look at that.
Perhaps file a feature request ticket, and describe in more detail what you
want to do, with which objects.
Perhaps Brian C can assign that ticket to me?
Serge
Thanks for the response. I filled out issue https://github.com/ansible/ansible/issues/10307. Let me know if this unclear. I can take a look at the bigip api and see what I find.
Doesn't this needs to be filed in
https://github.com/ansible/ansible-modules-extras ?
Yes my apologies. Is it possible to move it over or should it just be closed and a new one opened?
This is just a data point from a site that uses Ansible and has F5 load balancers. Our network admin has written playbooks that use ssh and invoke the F5 tmsh command-line utility to do things like add/remove/enable/disable nodes in pools.
Greg,
You'll need to do that manually.
Hi Serge,
Unfortunately, company policy won’t let me share an example. I wanted to indicate the general idea that we set up keys for ssh access to our F5 devices and use the Ansible shell module to run “tmsh” commands in them. It’s not as nice as a full module, but it seemed easier than the other API options available to us.
-Greg
Ah, ok, I thought you intended to provide an example. No problem.
Did you manage to make those ` command: tmsh` somehow idempotent?
I opened a new issue at https://github.com/ansible/ansible-modules-extras/issues/276 in the correct repository.
I took a look at ansible-module-extra\network\f5\bigip_node.py seems like it would make sense to add a couple functions called get/set_node_state. They could be invoked from the else statement that updates the attributes. I haven’t tested this yet but https://devcentral.f5.com/questions/bigsuds-how-to-enable-disable-certain-pool-members looks like it has the necessary code snippet to do this.
I’ll get a PR up soon to address this.
I’ve posted a P.R. which needs some volunteers to test.
BTW, once I can get some testers on this change, I can incorporate a similar one that works on the pool
-member level.
Nice that would be my next request.I can test this out but I’m confused by the table at https://devcentral.f5.com/questions/icontrol-equivalent-call-for-b-node-down
Does that mean even with the session and monitor disabled active connections aren’t broken?
Michael,
My understanding is that setting session state to disabled prevents new connections from being sent to the node UNLESS they match a persistence lookup. If you use simple round robin without a persistence setting for a pool, this shouldn’t matter.
However, if you are making use of client to backend node persistence, setting monitor state to disabled will also prevent persistent connections from continuing to reach said node.
Does that help?
-M
BTW, I’ve greated a P.R. for doing the same on the pool member level:
https://github.com/ansible/ansible-modules-extras/pull/288
Again, could use some testers.
I tested out the 2 pull requests. I successfully was able to set the session/monitor state for pools/nodes, non-existent nodes/pools etc. One thing I noticed is that when a node is set to monitor_state=disabled, session_state=enabled it results in forced offline. Is this intended behavior? That set of parameters isn’t in the table. I need to do more testing to see how this effects open connections but as for my use case I think this fixes my issues.
Has there been any work in looking at a module modifying a GTM?
Thanks,
I think so, although keep in mind that the API doesn’t always map to things in the UI.
Sorry, I realized I answer your first question but not your second.
I have not started work on GTM modules but am open to implementing this for the community. Feel free to share your specific use cases of what you would like to be able to do.