Adoptable Cookbooks List

Looking for a cookbook to adopt? You can now see a list of cookbooks available for adoption!
List of Adoptable Cookbooks

Supermarket Belongs to the Community

Supermarket belongs to the community. While Chef has the responsibility to keep it running and be stewards of its functionality, what it does and how it works is driven by the community. The chef/supermarket repository will continue to be where development of the Supermarket application takes place. Come be part of shaping the direction of Supermarket by opening issues and pull requests or by joining us on the Chef Mailing List.

Select Badges

Select Supported Platforms

Select Status

RSS

f5 (30) Versions 0.3.6

Resources for managing an F5 BigIP load balancer

Policyfile
Berkshelf
Knife
cookbook 'f5', '= 0.3.6', :supermarket
cookbook 'f5', '= 0.3.6'
knife supermarket install f5
knife supermarket download f5
README
Dependencies
Changelog
Quality 43%

f5-cookbook

A set of resources for managing F5 load balancers. Currently a WIP, but it will create VIPs and pools, and add nodes to pools

Requirements

Platforms

  • RHEL/Fedora and derivatives
  • Debian/Ubuntu and derivatives
  • Windows [2012.R2, 2016]

Chef

  • Chef 12.7+

Cookbooks

  • none

Attributes

  • node['f5']['gem_version'] - Sets the version of the gem that will be installed via the resource
  • node['f5']['enabled_status'] - Can take one of three values:
    • :manual - the default, the f5_pool resource does not touch the node's enabled status on load balancer, allowing it to be managed manually on the load balancer
    • :disabled - if a node does not exist or does exist but is enabled, the load balancer will be asked to disable the node
    • :enabled - if a node does not exist or does exist but is disabled, the load balancer will be asked to enable the node

Usage

Your node will also need access to the credentials for the load balancer either in the attributes or a data bag:

If you're using a data bag, call it f5 and the default item is called default.

$ knife data bag show f5 default
Unencrypted data bag detected, ignoring any provided secret options.
host:     lb1.example.com
id:       default
password: TopSecret
username: chef-api

Or, if no data bag is found, attributes are used

default[:f5][:credentials][:default] = {
  host: "lb1.example.com",
  username: "chef-api",
  password: "TopSecret"
}

Resources

In an application's recipe:

# Creates the pool if missing and adds this node to the pool
# (currently using node.ipaddress and node.fqdn for the node)
f5_pool 'mypool' do
  host 'value'
  port 'value'
  lb_method 'method' # LB_METHOD_ROUND_ROBIN default
end

# Creates the VIP if missing
f5_vip 'myvip' do
  address 'vipaddress'
  port 'vipport'
  protocol 'protocol' # TCP default
  pool 'mypool'

  # this is optional; defaults to :manual so won't touch your setting
  #                   unless you specify one of the valid options.
  snat_pool :automap

  # this is optional; defaults to :manual so won't touch your setting
  #                   unless you specify one of the valid options.
  #                   :none disables the firewall_policy,
  #                   anything else is a named firewall_policy
  enforced_firewall_policy

  # this is optional; defaults to :manual so won't touch your setting
  #                   unless you specify one of the valid options.
  #                   :none disables the firewall_policy,
  #                   anything else is a named firewall_policy
  staged_firewall_policy
end

See the documentation for LocalLB::LBMethod and protocol.

Manging node enabled status through node attributes

The f5_pool resource exposes an enabled_status property which allows you to explicitly take control of a node's enabled/disabled status within a pool via chef recipes and attributes.

f5_pool 'mypool' do
  host 'value'
  port 'value'
  enabled_status :disabled
end

Though more commonly this is delegated to an attribute, which is the default behavior when this property is not specified explicitly:

f5_pool 'mypool' do
  host 'value'
  port 'value'
end

is equivalent to

f5_pool 'mypool' do
  host 'value'
  port 'value'
  enabled_status node['f5']['enabled_status']
end

and node['f5']['enabled_status'] defaults to :manual so it won't touch the enabled status of your node in the pool unless you explicitly ask it to.

Managing virtual server client and server ssl profiles

The f5_vip resource exposes a pair or properties which allow you to add client and server SSL profiles to a virtual server.

f5_vip 'myvip' do
  address 'vipaddress'
  port 'vipport'
  protocol 'protocol' # TCP default
  pool 'mypool'
  client_ssl_profile 'client.cert'
  server_ssl_profile 'server.cert'
end

These two properties are optional and only take effect if they are specified.

They will converge to ensure that profile is applied to the given vip, but there is currently no option to remove an SSL profile.

Writing specs for vip and pool resources

This coobkook provides custom chefspec matchers so you can write specs like this:

require 'chefspec'

describe 'example::default' do
  let(:chef_run) { ChefSpec::SoloRunner.new(platform: 'ubuntu', version: '16.04').converge(described_recipe) }

  it 'creates the example_com pool (if needed) and adds this node to it' do
    expect(chef_run).to create_f5_pool('example_com').with(
      ip: '10.0.0.2',
      host: 'examplenode01.internaldomain.com',
      port: 80,
      monitor: 'test-monitor'
    )
  end

  it 'creates the example.com vip' do
    expect(chef_run).to create_f5_vip('example.com').with(
      address: '86.75.30.9',
      port: '80',
      protocol: 'PROTOCOL_TCP',
      pool: 'reallybasic'
    )
  end
end

NOTE: these matches verify only the presence (or absence via expect(chef_run).to_not) of a resource and the configuration of its properties according to hash passed to the optional with method.

The matchers cannot be used to validate whether convergence of an f5_pool or f5_vip resource took place.

Testing this cookbook

Run bundle exec rake test to run the chefspec tests.

bundle exec rake guard starts a guard listener which watches files and auto-runs rspec to provide faster feedback

bundle exec rake lint will run rubocop

License and Authors

Author:: Sean Walberg (sean@ertw.com)

Dependent cookbooks

This cookbook has no specified dependencies.

Contingent cookbooks

There are no cookbooks that are contingent upon this one.

0.2.2

Bugfix for the last version

0.2.1

Supporting credentials in a databag

0.2.0

Still rough around the edges and nowhere near feature complete, but
this cookbook will create the pool and VIP and add the node as a member

0.1.0

Initial release of f5

Collaborator Number Metric
            

0.3.6 failed this metric

Failure: Cookbook has 1 collaborators. A cookbook must have at least 2 collaborators to pass this metric.

Contributing File Metric
            

0.3.6 failed this metric

Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must contain a CONTRIBUTING.md file

Foodcritic Metric
            

0.3.6 passed this metric

License Metric
            

0.3.6 passed this metric

No Binaries Metric
            

0.3.6 passed this metric

Testing File Metric
            

0.3.6 failed this metric

Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must contain a TESTING.md file

Version Tag Metric
            

0.3.6 failed this metric

Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must include a tag that matches this cookbook version number