Test your BIG-IPs

Introduction

IT Industry research, such as Accelerate, shows improving a company’s ability to deliver software is critical to their overall success. The following key practices and design principles are cornerstones to that improvement.

• Version control of code and configuration
• Automation of Deployment
• Automation of Testing and Test Data Management
• “Shifting Left” on Security
• Loosely Coupled Architectures
• Pro-active Notification

What’s the point

All too often infrastructure testing takes the form of I-think-its-done-toss-it-over-the-fence-and-see-if-anyone-shouts. This is wasteful in a variety of ways.

• increases the risk of Failure Demand, using resources to redo work in place of creating new features and enhancements.
• increase the risk of gold-plating solutions due to an unclear definition of done
• increases the risk of breaking existing capabilities, (see Failure Demand above)

Rigorous manual testing practices are a step in the right direction. However, there are unintentional, though highly impactful, consequences to these approaches.

• long delays due to labor-intensive activities
• inconsistent results inherent in manual performance of repetitive work
• high cost of maintaining testing environments, especially during non-testing cycles
• shadow delivery processes as work-arounds to avoid testing delays

Testing-focused practices, like TDD, are effective means to improving application and infrastructure development efficiency.
As noted in the Introduction, effective test automation is one of the practices that differentiates high performers from low performers in IT service delivery.

In addition to addressing the negative consequences of minimal testing or primarily manual testing, automation of testing and test data management delivers the following benefits.

• consistent clean-room environment build practices allow you to say valueable things about solution quality over time
• consistent test environment configuration practices allow you to say valueable things about production consequences of change
• executable knowledge in the form of test environment and test data automation manages cognitive load, reducing stress
• executable knowledge contributes to a culture of knowledge sharing, improving productivity

Let’s get started

We’re going to focus on test automation in this article to help you integrate your F5 assets with your CI/CD practices. The demonstration resources described below show how tools like HashiCorp Terraform, Test Kitchen, Chef Inspec and F5’s Automation Toolchain can be used to validate that your BIG-IPs and their configuration are fit for purpose. By following along with the README in the demonstration repository, you should be able to run this demonstration and explore the implications for your own environments.

Caveats

• These repositories use simplifying demonstration shortcuts for password, key, and network security. Production-ready enterprise designs and workflows should be used in place of these shortcuts.
  DO NOT ASSUME THAT THE CODE AND CONFIGURATION IN THESE REPOSITORIES IS PRODUCTION-READY
• A variety of tools are used in this demonstration. In most cases they are not exclusively required and can be replaced with other similar tools.

Requirements

• a linux host for running Terraform and associated tools.
  This may work on OSX. This will likely not work on Windows workstation.

Setup

Install Terraform

You can follow HashiCorp’s instructions to install Terraform, if you choose. I find being able to arbitrarily switch between versions is of use to me. If you’d like that as well you can follow these steps to install tfenv.

# install Terraform
git clone https://github.com/tfutils/tfenv.git ~/.tfenv
sudo ln -s ~/.tfenv/bin/* /usr/local/bin
sudo apt install unzip -y
tfenv install 0.15.5
tfenv use 0.15.5

Prepare to install Ruby, Bundler, and Kitchen

Create a file named Gemfile in your project directory (unless it’s already there in the repository you’ve cloned), with the following content.

ruby '2.7.4'

source "https://rubygems.org/" do
    gem "kitchen-terraform", "~> 5.7"
end

Install Ruby

# install Ruby
sudo apt-get install software-properties-common
sudo apt-add-repository -y ppa:rael-gc/rvm
sudo apt-get update
sudo apt-get install rvm
sudo usermod -a -G rvm $USER

You will likely need to logout and login again in order for the usermod to take effect. Then you can

rvm install ruby

Install bundler

gem install bundler

Install kitchen

Using the contents of the Gemfile you created earlier, Bundler will make certain that the requirements specified are fulfilled. This includes installing Test Kitchen.

bundle install

driver:
  name: terraform
  root_module_directory: test/fixtures/aws
  parallelism: 4
  command_timeout: 1200

provisioner:
  name: terraform

verifier:
  name: terraform
  systems:
    - name: local
      backend: local
      profile_locations:
        - https://github.com/f5devcentral/big-ip-atc-ready.git
        - test/integration/bigip
      controls:
        - bigip-postbuildconfig-do-self
        - bigip-postbuildconfig-do-dns
        - bigip-postbuildconfig-do-vlan
        - bigip-postbuildconfig-do-provision
        - bigip-connectivity        
        - bigip-declarative-onboarding
        - bigip-declarative-onboarding-version
        - bigip-application-services
        - bigip-application-services-version
        - bigip-telemetry-streaming
        - bigip-telemetry-streaming-version
        - bigip-licensed

platforms:
  - name: aws
    
    driver:
      root_module_directory: test/fixtures/aws
      variable_files:
        - test/assets/aws.tfvars

  - name: azure
    lifecycle:
      post_converge:
        - local: echo 'waiting 200 seconds for Azure to stabilize' && sleep 200
    driver:
      root_module_directory: test/fixtures/azure
      variable_files:
        - test/assets/azure.tfvars

the driver field in each platform provides platform specific values for the driver. In the case of this repository, the root_module_directory sets the location of the platform’s Terraform files. You can explore the Terraform used to create the BIG-IPs in AWS and Azure(test/fixtures/azure) in their respective root_module_directory locations. The variable_files field is a list of tfvars files to use as variable input to Terraform.

That’s an overview of the key configuration elements.