F5 连接NetOps/SecOps与DevOps」 -- 「4」Declarative Onboarding

「F5 连接NetOps/SecOps与DevOps」 – 「4」Declarative Onboarding

本文主要介绍的第二个F5声明式组件 – Declarative Onboarding

Declarative Onboarding

Declarative Onboarding提供了一种声明式的方式来配置F5 BIGIP的L1-L3的配置,包括激活license,底层的系统配置,网络配置,集群配置等。结合AS3(配置L4-L7的策略),帮助用户提供Infrastructure as Code的管理方式,并且可以很方便地与第三方的编排工具进行集成。

Declarative Onboarding

使用Declarative Onboarding还是需要一些预备的条件的: 1. 必须有一个mgmt的IP地址,DO才可以根据这个地址进行API交换。 2. BIG-IP的版本必须是v13.1.0或者以上的版本。 3. 如果使用v13.1.x的版本,可以直接使用admin和默认密码进行交互。如果使用v14.x以上的版本,则需要在使用前手动登陆一次设备,重置admin的密码。

DO的API是https://:8443/mgmt/shared/declarative-onboarding 具体的配置是一个json格式的配置文件,在使用DO之前,需要在BIGIP上安装DO的RPM包,才可以正常使用。

以下是一个简单的配置文件:

{
"schemaVersion": "0.1.0",
"class": "Device",
"Common": {
    "class": "Tenant",
    "hostname": "bigip.example.com",
    "myLicense": {
        "class": "License",
        "licenseType": "regKey",
        "regKey": "MMKGX-UPVPI-YIEMK-OAZIS-KQHSNAZ"
    },
    "myDns": {
        "class": "DNS",
        "nameServers": [
            "8.8.8.8",
            "2001:4860:4860::8844"
        ],
        "search": [
            "f5.com"
        ]
    },
    "myNtp": {
        "class": "NTP",
        "servers": [
            "0.pool.ntp.org",
            "1.pool.ntp.org"
        ],
        "timezone": "UTC"
    },
    "root": {
        "class": "User",
        "userType": "root",
        "oldPassword": "foo",
        "newPassword": "bar"
    },
    "admin": {
        "class": "User",
        "userType": "regular",
        "password": "asdfjkl",
        "shell": "bash"
    },
    "anotherUser": {
        "class": "User",
        "userType": "regular",
        "password": "foobar",
        "partitionAccess": {
            "Common": {
                "role": "guest"
            }
        }
    },
    "myVlan": {
        "class": "VLAN",
        "tag": 1234,
        "mtu": 1500,
        "interfaces": [
            {
                "name": "1.1",
                "tagged": true
            }
        ]
    },
    "mySelfIp": {
        "class": "SelfIp",
        "address": "1.2.3.4/24",
        "vlan": "myVlan",
        "allowService": "all",
        "trafficGroup": "traffic-group-local-only"
    },
    "myRoute": {
        "class": "Route",
        "gw": "10.1.20.1",
        "network": "0.0.0.0/0"
    }
} 

更多的例子与说明,可以参考以下链接: https://clouddocs.f5.com/products/extensions/f5-declarative-onboarding/latest/examples.html

另外如果使用Microsoft Visual Studio Code进行json文件的编辑,可以插入一个额外的scheme来实现智能Validating的功能。

{
    "$schema": "https://raw.githubusercontent.com/F5Networks/f5-declarative-onboarding/master/schema/latest/base.schema.json",

vali

具体请参考: https://clouddocs.f5.com/products/extensions/f5-declarative-onboarding/latest/validate.html