Exercise 1.5: Using the bigip_virtual_server module

Read this in other languages: uk English, japan 日本語.

Table of Contents

Objective

Demonstrate use of the BIG-IP virtual server module to configure a virtual server on the BIG-IP. Virtual server is a combination of IP:Port.

Guide

Step 1:

Using VSCode create a new file called bigip-virtual-server.yml by clicking the new file icon in the left pane.

picture of create file icon

Step 2:

Ansible playbooks are YAML files. YAML is a structured encoding format that is also extremely human readable (unlike it’s subset - the JSON format).

Enter the following play definition into bigip-virtual-server.yml:

---
- name: BIG-IP SETUP
  hosts: lb
  connection: local
  gather_facts: false

Do not exit the editor yet.

Step 3

Next, append the task to above playbook. This task will use the bigip-virtual-server to configure a virtual server on the BIG-IP

  tasks:
    - name: ADD VIRTUAL SERVER
      f5networks.f5_modules.bigip_virtual_server:
        provider:
          server: "{{private_ip}}"
          user: "{{ansible_user}}"
          password: "{{ansible_password}}"
          server_port: 8443
          validate_certs: false
        name: "vip"
        destination: "{{private_ip}}"
        port: "443"
        enabled_vlans: "all"
        all_profiles: ['http', 'clientssl', 'oneconnect']
        pool: "http_pool"
        snat: "Automap"

A play is a list of tasks. Tasks and modules have a 1:1 correlation. Ansible modules are reusable, standalone scripts that can be used by the Ansible API, or by the ansible or ansible-playbook programs. They return information to ansible by printing a JSON string to stdout before exiting.

Save the file and exit out of editor

Step 4

Run the playbook - Go back to the Terminal on VS Code server and execute the following:

[student1@ansible ~]$ ansible-navigator run bigip-virtual-server.yml --mode stdout

Playbook Output

[student1@ansible]$ ansible-navigator run bigip-virtual-server.yml --mode stdout

PLAY [BIG-IP SETUP] ***********************************************************

TASK [ADD VIRTUAL SERVER] *****************************************************
changed: [f5]

PLAY RECAP ********************************************************************
f5                         : ok=1    changed=1    unreachable=0    failed=0

Solution

The finished Ansible Playbook is provided here for an Answer key. Click here: bigip-virtual-server.yml.

Verifying the Solution

To see the configured Virtual Server, login to the F5 load balancer with your web browser.

Grab the IP information for the F5 load balancer from the /home/studentX/networking_workshop/lab_inventory/hosts file, and type it in like so: https://X.X.X.X:8443/

Login information for the BIG-IP:

The load balancer virtual server can be found by navigating the menu on the left. Click on Local Traffic. then click on Virtual Server. See the screenshot below: f5 vip image

Verifying the web servers

Each RHEL web server actually already has apache running. Exercise 1.1 through 1.5 have successfully setup the load balancer for the pool of web servers. Open up the public IP of the F5 load balancer in your web browser:

This time use port 443 instead of 8443, e.g. https://X.X.X.X:443/

Each time you refresh the host will change between node1 and node2. Here is animation of the host field changing: animation

the animation might not work on certain browsers

Alternate Verification Method

Instead of using a browser window it is also possible to use the command line on the Ansible control node. Use the curl command on the ansible_host to access public IP or private IP address of F5 load balancer in combination with the --insecure and --silent command line arguments. Since the entire website is loaded on the command line it is recommended to | grep for the student number assigned to the respective workbench. (e.g. student5 would | grep student5)

[studentX@ansible ~]$ curl https://172.16.26.136:443 --insecure --silent | grep studentX
    <p>F5TEST-studentX-node1</p>
[studentX@ansible ~]$ curl https://172.16.26.136:443 --insecure --silent | grep studentX
    <p>F5TEST-studentX-node2</p>
[studentX@ansible ~]$ curl https://172.16.26.136:443 --insecure --silent | grep studentX
    <p>F5TEST-studentX-node1</p>

You have finished this exercise. Click here to return to the lab guide