本文主要介绍的第二个F5声明式组件 – Declarative Onboarding
Declarative Onboarding提供了一种声明式的方式来配置F5 BIGIP的L1-L3的配置,包括激活license,底层的系统配置,网络配置,集群配置等。结合AS3(配置L4-L7的策略),帮助用户提供Infrastructure as Code的管理方式,并且可以很方便地与第三方的编排工具进行集成。
使用Declarative Onboarding还是需要一些预备的条件的:
- 必须有一个mgmt的IP地址,DO才可以根据这个地址进行API交换。
- BIG-IP的版本必须是v13.1.0或者以上的版本。
- 如果使用v13.1.x的版本,可以直接使用admin和默认密码进行交互。如果使用v14.x以上的版本,则需要在使用前手动登陆一次设备,重置admin的密码。
DO的API是https://:8443/mgmt/shared/declarative-onboarding
具体的配置是一个json格式的配置文件,在使用DO之前,需要在BIGIP上安装DO的RPM包,才可以正常使用。
以下是一个简单的配置文件:
{
"schemaVersion": "0.1.0",
"class": "Device",
"Common": {
"class": "Tenant",
"hostname": "bigip.example.com",
"myLicense": {
"class": "License",
"licenseType": "regKey",
"regKey": "MMKGX-UPVPI-YIEMK-OAZIS-KQHSNAZ"
},
"myDns": {
"class": "DNS",
"nameServers": [
"8.8.8.8",
"2001:4860:4860::8844"
],
"search": [
"f5.com"
]
},
"myNtp": {
"class": "NTP",
"servers": [
"0.pool.ntp.org",
"1.pool.ntp.org"
],
"timezone": "UTC"
},
"root": {
"class": "User",
"userType": "root",
"oldPassword": "foo",
"newPassword": "bar"
},
"admin": {
"class": "User",
"userType": "regular",
"password": "asdfjkl",
"shell": "bash"
},
"anotherUser": {
"class": "User",
"userType": "regular",
"password": "foobar",
"partitionAccess": {
"Common": {
"role": "guest"
}
}
},
"myVlan": {
"class": "VLAN",
"tag": 1234,
"mtu": 1500,
"interfaces": [
{
"name": "1.1",
"tagged": true
}
]
},
"mySelfIp": {
"class": "SelfIp",
"address": "1.2.3.4/24",
"vlan": "myVlan",
"allowService": "all",
"trafficGroup": "traffic-group-local-only"
},
"myRoute": {
"class": "Route",
"gw": "10.1.20.1",
"network": "0.0.0.0/0"
}
}
更多的例子与说明,可以参考以下链接:
https://clouddocs.f5.com/products/extensions/f5-declarative-onboarding/latest/examples.html
另外如果使用Microsoft Visual Studio Code进行json文件的编辑,可以插入一个额外的scheme来实现智能Validating的功能。
{
"$schema": "https://raw.githubusercontent.com/F5Networks/f5-declarative-onboarding/master/schema/latest/base.schema.json",
具体请参考:
https://clouddocs.f5.com/products/extensions/f5-declarative-onboarding/latest/validate.html