F5 AS3 and DO

[Cowboy Denny]

This topic will discuss two key apps for automation (processing JSON declarations)

• AS3 (Application Services 3 Extension)
• DO (Declarative Onboarding)

Let's first discuss the purpose of each.

Overview

AS3

The F5 BIG-IP Application Services 3 Extension (referred to as BIG-IP AS3) is a flexible, low-overhead mechanism for managing application-specific configurations on a BIG-IP system. BIG-IP AS3 uses a declarative model, meaning you provide a JSON declaration rather than a set of imperative commands. The declaration represents the configuration which BIG-IP AS3 is responsible for creating on a BIG-IP system. BIG-IP AS3 is well-defined according to the rules of JSON Schema, and declarations validate according to JSON Schema. BIG-IP AS3 accepts declaration updates via REST (push), reference (pull), or CLI (flat file editing).

DO

BIG-IP Declarative onboarding (BIG-IP DO) uses a declarative model to initially configure a BIG-IP device with all of the required settings to get up and running. This includes system settings such as licensing and provisioning, network settings such as VLANs and Self IPs, and clustering settings if you are using more than one BIG-IP system.

A declarative model means you provide a JSON declaration rather than a set of imperative commands. The declaration represents the configuration which BIG-IP Declarative Onboarding is responsible for creating on a BIG-IP system. You send a declaration file using a single Rest API call.

 

Verify Version

Now let's discuss how you check what version of each are running.  There are many ways to check for which version is running so let me hit at least some of the ways.

tmsh method

Just run the following command and look for the apps

tmsh list /mgmt shared iapp installed-packages

AS3

mgmt shared iapp installed-packages 5b78671e-01ea-3d87-b255-4f6da6047846 {
    appName "f5-appsvcs"
    arch "noarch"
    generation 6
    id "5b78671e-01ea-3d87-b255-4f6da6047846"
    kind "shared:iapp:installed-packages:installedpackagestate"
    lastUpdateMicros 1671069861931518
    packageName "f5-appsvcs-3.41.0-1.noarch"
    release "1"
    selfLink "https://localhost/mgmt/shared/iapp/installed-packages/5b78671e-01ea-3d87-b255-4f6da6047846"
    status "READY"
    tags {
        "PLUGIN"
    }
    version "3.41.0"
}

DO

mgmt shared iapp installed-packages 316c0f71-a1d2-3fbc-a04c-26c8b3262e1e {
    appName "f5-declarative-onboarding"
    arch "noarch"
    generation 2
    id "316c0f71-a1d2-3fbc-a04c-26c8b3262e1e"
    kind "shared:iapp:installed-packages:installedpackagestate"
    lastUpdateMicros 1671106562224511
    packageName "f5-declarative-onboarding-1.34.0-5.noarch"
    release "5"
    selfLink "https://localhost/mgmt/shared/iapp/installed-packages/316c0f71-a1d2-3fbc-a04c-26c8b3262e1e"
    status "READY"
    tags {
        "PLUGIN"
    }
    version "1.34.0"
}

curl method

AS3

curl http://localhost:8105/shared/appsvcs/info

DO

curl http://localhost:8105/shared/declarative-onboarding/info

 

Install/Upgrade Versions

How do you upgrade each app..  well its easier than you think.  Again, two ways that I know how to upgrade.  Sometimes GUI is easier than cli but I'll show both.  Either way the first step is to download the latest versions for AS3 and DO from F5 gitlab.

NOTE: If your BIG-IQ or BIG-IP environment has high availability (HA) setup, you should upgrade the AS3 on the Standby unit before upgrading the active unit. The BIG-IQ HA systems are required use the same AS3 version.

AS3

GUI method

log into the BIG-IP with admin id

 

CLI method

Use an SCP client to copy the RPM file to the /shared/tmp directory of the BIG-IQ or BIG-IP system.

Log in to the BIG-IQ or BIG-IP command line. 

To remount the /usr file system in read-write mode, enter the following command: mount -o remount,rw /usr

Copy the new RPM file to the to the AS3 packages directory (/usr/lib/dco/packages/f5-appsvcs) by using the following command syntax. The BIG-IQ uses the package in this directory to install or upgrade AS3 on a target BIG-IP system. EXAMPLE: cp /shared/tmp/f5-appsvcs-<X.Y.Z-V>.noarch.rpm /usr/lib/dco/packages/f5-appsvcs/

Important: By default, during an AS3 deployment, the BIG-IQ system installs the latest version of the AS3 RPM package from its /usr/lib/dco/packages/f5-appsvcs directory on the managed BIG-IP system. If you require a specific AS3 version on the managed BIG-IP system instead of the latest AS3 version, you should remove the new AS3 RPM package after installing it on the BIG-IQ system and ensure that only the desired AS3 version RPM package exists in the /usr/lib/dco/packages/f5-appsvcs directory.

To remount the /usr file system in read-only mode, enter the following command: mount -o remount,ro /usr

Upgrade AS3 on the BIG-IQ system itself. Use the following command syntax to install the AS3 package: rpm -Uv /usr/lib/dco/packages/f5-appsvcs/f5-appsvcs-<X.Y.Z-V>.noarch.rpm

Note: If you have previously updated the restjavad configuration (restjavad.properties.json) with the path of an AS3 RPM package (rpmFilePath), you must remove the rpmFilePath entry from the restjavad.properties.json file before proceeding to restart the restjavad service.

Restart the restjavad and restnoded services by entering the following command: tmsh restart /sys service restjavad restnoded

After the services restart, you can confirm the new version is running by using curl to send an HTTP request to the restnoded service by entering the following command: curl http://localhost:8105/shared/appsvcs/info

Optional: If your BIG-IQ environment has high availability (HA) setup, after you upgrade the AS3 on the standby unit, you can repeat this procedure to upgrade the active unit.

DO

GUI method

log into the BIG-IP with admin id

 

CLI method

.