vRA & SovLabs: BIG-IP F5 load balancer

In a previous life I had to setup a lot of VM’s with Load Balancer connectivity for development, QA testing and production.  This was always a slow painful process because even though I was able to quickly deploy the VM’s, I had to open a ticket with the network team and provided lots of detailed information to create the Pool and VIP entries, and then wait to receive the IP address so that I could ask the AD team to create the DNS entry. Fun times!

With the F5 load balancer SovLabs module, this is no longer the case and you can automatically perform the following tasks, all within the same catalog request for your application through vRA:

  • Create the F5 Pool
    • The Pool name is created with the SovLabs custom naming module, so it can match the current naming standards of your networking team.
  • Add the pool members
    • Automatically add all the vSphere machines within the blueprint as pool members
  • Create the VIP
    • Automatically retrieve the VIP IP Address from your IPAM solution
    • The VIP name is created with the SovLabs custom naming module, so it can match the current naming standards of business and/or application.
    • Automatically create the DNS A-record for the VIP name

Screen Shot 2017-05-17 at 9.52.31 AM.png

The module has many features which can viewed on the website here, but some of the highlights are:

  • First-class citizen design; drag directly into vRA Blueprint Canvas  (This is awesome)
  • Associate machine components by linking to the F5 Virtual component in the vRA Blueprint Canvas
  • Option to reuse an existing F5 BIG-IP virtual server or create a new one
  • Supports nested vRA Blueprints
  • Supports vRA scale in, scale out for deployments
  • SovLabs Restipes can create/delete F5 BIG-IP VIP/Pool/Nodes and assign Nodes to/from Pool
  • Ability to specify F5 BIG-IP VIP name, IP address, and port at request time
  • Option to integrate IPAM and/or DNS for F5 BIG-IP VIP assignment and DNS registration with Infoblox, BlueCat, Microsoft, SolarWinds, Men and Mice, BT Diamond IP at request time
  • Supports multiple DNS domains for optional DNS registration at request time
  • Option to integrate naming standard/sequence definitions for F5 BIG-IP VIPs and Pools at request time
  • When a Catalog item is destroyed, F5 entries will automatically be cleaned up.

 

Prerequisites:

  1. A user account configured in F5 BIG-IP® that has Administrator role/access:
    • Add/Remove F5 BIG-IP Virtual Servers
    • Add/Remove F5 BIG-IP Pools
    • Add/Remove F5 BIG-IP Nodes and Pool node members
    • Optional: Add F5 BIG-IP Virtual Server iRules, Add F5 BIG-IP Server/Client SSL Profiles, Add F5 BIG-IP Pool Health Monitors
  2. Login to the vRA tenant
    1. Add license for F5 module
    2. Validate the following show up on the Catalog page:
      • Add F5 Endpoint
      • F5 Virtual
      • Manage Credential Configurations
      • Manage Restipe Configurations

 

Configuration:

  1. Add F5 Endpoint
    1. Login to vRA Tenant
    2. Select Catalog -> SovLabs vRA Extensibility
    3. Screen Shot 2017-05-11 at 11.21.34 AM.png
    4. Click Request button on “Add F5 Endpoint”
    5. Screen Shot 2017-05-11 at 11.22.02 AM.png
    6. F5 Endpoint
    7. Enter Configuration label
      • Only AlphaNumeric characters, no spaces or special characters except: - and _
    8. Enter hostname
      • FQDN or IP address of the F5 management address
    9. HTTPS = yes
    10. Port = 443
    11. Credential Configuration
    12. Create credentials = yes
      • If you have not setup any yet which is the case for me
    13. Enter Configuration label
      • Only AlphaNumeric characters, no spaces or special characters except: - and _
    14. Enter username and password
      • I am using the build it admin account
    15. Screen Shot 2017-05-11 at 11.27.05 AM.png
    16. Click Submit
  2. Manage Restipe configuration
    1. What is a restipe you might ask, well I had the same question or should I say look on my face?  The documentation states the following ““infrastructure as code” approach for defining the steps used to create, reuse, remove and scale F5 BIG-IP structures, such as VIPs, Pools, and Nodes/Member”
    2. You do not have to create or update a recipe and will be used for specific use case, so for now you can skip this, but I did want to provide information below on how to access it.
    3. Select Catalog -> SovLabs vRA Extensibility
    4. Screen Shot 2017-05-11 at 11.28.44 AM.png
    5. Click Request on Manage Restipe configuration
    6. Screen Shot 2017-05-11 at 11.29.09 AM.png
    7. You can either create a new restipe, or update/delete respites.
      • Screen Shot 2017-05-11 at 11.59.19 AM.png
      •  If you select action = update it will populate the restipe field with the default functional restipe that SovLabs provides.  Bonus!
      • If you do make an update, I would recommend copy out the restipe text and save a file to have a backup.
    8. If you need to create a custom restipe, then read the SovLabs Restipe guide here.

F5 example:

I have a blueprint with 2 x vSphere machine objects.  Each VM has a Puppet Node group assigned which installs Apache through the SovLabs Puppet enterprise module.

Screen Shot 2017-05-17 at 9.54.04 AM.png

  • I created a new Naming standard for the F5 VIP names, which will also be assigned automatically to MS DNS.
  • I created a new Naming standard for the F5 Pool names

 

Enable the module:

The F5 plugin is a first class citizen in vRA which allows for it to be dragged into a blueprint through the design canvas, sweet!   This is a first for SovLabs and makes this plugin very easy to consume.

Screen Shot 2017-05-11 at 12.23.39 PM.png

  1. Login to the vRA tenant
  2. Click on the Design tab > Blueprints
  3. Create a new blueprint or select an existing blueprint name and click Edit
    1. Under Categories (on left pane), click on Other Components
    2. Drag and drop F5 Virtual – SovLabs Modules onto the Design Canvas
    3. Tie the F5 Virtual  VIP canvas item to the vSphere Machine canvas item by dragging the arrow FROM F5 Virtual  VIP TO the vSphere Machine.
    4. Screen Shot 2017-05-17 at 9.52.31 AM.png
    5. Click on the F5_Virtual canvas item and a window pane will appear on the bottom
    6. Click Step tab
    7. Screen Shot 2017-05-17 at 9.56.34 AM.png
    8. Modify fields as desired by setting the default values for fields and other advanced settings and clicking on Apply for each field
      By setting default fields or having advanced settings on the fields, what a requester sees and can select is controlled upon request time of the vRA blueprint

      1. General
      2. Select F5 Endpoint, which we created earlier in this blog
      3. Select the Restipe F5Config-Default.
        • I did not have to make any changes to the default restipe provide by SovLabs.
      4. Virtual Server
      5. Create new VIP = yes
      6. Screen Shot 2017-05-11 at 12.35.05 PM.png
      7. Select Partition
        • In my case I selected Common
      8. Register VIP in DNS using Virtual name and IP = yes
        • So easy with just a checkbox!
      9. Automatically assign Virtual name = yes
        • This requires that you have a naming standard created using the SovLabs custom naming module.
        • Select Naming Standard for Virtual Machine = select custom naming label from drop down box.
      10. Enter domain name for DNS registration
      11. Automatically assign Virtual IP = yes
        • This requires that you have an IPAM profile created using the SovLabs IPAM module.
        • Select IPAM Profile for Virtual IP = select from the drop down box.
      12. Virtual port = 0
      13. Select SSL Profile (Client)
        • This will populate with the SSL profiles that your networking team has configured on the selected F5 endpoint, which means they do not have worry about loosing control of these important configuration.
      14. Select SSL Profile (Server)
        • This will populate with the SSL profiles that your networking team has configured on the selected F5 endpoint, which means they do not have worry about loosing control of these important configuration.
      15. Select Virtual iRules
        • This will populate with the iRules that your networking team has configured on the selected F5 endpoint, which means they do not have worry about loosing control of these important configuration.
      16. Pool
      17. Automatically assign pool name = yes
        • This requires that you have a naming standard created using the SovLabs custom naming module.
      18. Select Naming Standard for Virtual Machine = select custom naming label from drop down box.
      19. Load Balancing method = round-robin
      20. Screen Shot 2017-05-11 at 1.18.18 PM.png
      21. Assign Health Monitors = yes
        • I added http for my test
      22. Health Monitor Availability Requirement
        • Pick if you want a single health monitor to match or multiple.
  4. Click Save
  5. Click Finish

To add additional node level settings during request time:

  1. Click on Design -> Blueprint
  2. Edit Blueprint
  3. Click on the blueprint vSphere machine on the Design Canvas.
  4. Click on the Properties tab
  5. In the Property Groups section:
    •  Check the SovLabs-F5NodeConfigurations property group
  6. Click OK

 

Manage the vRA users ability to make changes to the virtual F5 configuration during request:

By default, when a user requests a blueprint, which has the F5 module added, they will only see blank fields where the Blueprint Architect previously configured the F5 settings.  These settings can then be altered by the user.

Screen Shot 2017-05-17 at 10.31.23 AM.png

But what if you do not want to user to make any changes and just want them to use all the settings of the F5 that was configured in the blueprint.

  1. Click on Design -> Blueprint
  2. Edit Blueprint
  3. Click on the F5_Virtual on the Design Canvas.
  4. Select the Step tab
  5. For any of the configuration settings that you want to set a permanently for this blueprint, or even make invisible, follow these steps
  6. Select the settings field which could either be a dropdown box, text field or check box. This will display additional information on the right hands side.
    1. Screen Shot 2017-05-17 at 10.35.17 AM.png
    2.  Set required yes or no
    3. Set the default value to display.
    4. Click on Advanced settings
      • Screen Shot 2017-05-17 at 10.40.49 AM.png
      • Set required = constant = no
      • Set read only = constant = yes
      • Set visible = constant = no
        1. If you do not want to users to see the field during the request.
    5. Click Apply
  7. Click Save
  8. Click Finish

 

Scale out and Scale in capabilities:

One last cool part is the automatic scale-out and scale-in of your deployed application.  As you can see I have a deployed Catalog item which consists of two CentOS Web servers, which I deployed Apache on through the Puppet Enterprise SovLabs module, as well as the F5 load balancer configuration.

Screen Shot 2017-05-17 at 10.47.14 AM.png

Screen Shot 2017-05-17 at 10.47.38 AM.png

  1. Select on the top level catalog item
  2. Click Actions
  3. Screen Shot 2017-05-17 at 10.49.26 AM.png
  4. Click Scale Out
  5. Screen Shot 2017-05-17 at 10.50.47 AM.png
  6. Select the virtual machine
  7. Screen Shot 2017-05-17 at 10.52.09 AM.png
  8. Select the number of instance that you want to scale out to.
  9. Click Submit.
  10. Click OK to confirm the number of scale out instance and total number of instances.

This request will now automatically perform the following tasks:

  • Add a new VM
    • Pull IP address from SovLabs IPAM endpoint
    • Create custom name from SovLabs custom naming module
    • Add the DNS a-record to MS DNS through SovLabs DNS module
    • Install Apache on the VM through SovLabs Puppet Enterprise module
  • Add server to F5 pool
    • Add the custom name and IP Address associated to the newly created VM object to the F5 pool through the SovLabs F5 module.

Screen Shot 2017-05-17 at 11.47.24 AM.png

Scale out was successful and only took just over 10minutes to complete with an application installation.

Screen Shot 2017-05-17 at 11.07.04 AM.pngScreen Shot 2017-05-17 at 11.07.34 AM.png

The new VM was added to catalog item in vRA as well as to the existing F5 pool.  Awesome, and same can be done for Scale in!

As you can see the configuration of this module is super simple and it provides a big relief from the mundane work of manual provisioning, not just for the VMware admins and application owners but also for the network team, while still keeping control of the F5 configuration.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s