We've decided to do orchestration&automation of deployment of creation/modify/delete of virtual services,
and we were using iWorkflow. Since F5 does not support anymore iworkflow we are about going to Bigiq 6.0 but we have still the doubt of ANSIBLE since we want to orchestrate other not F5 networking devices.
Last time I used BIG-IQ was 5.0 or 5.1 so cannot base my opinion on BIG-IQ 6.0 but I have been looking into DevOps/NetOps with Ansible.
Here is my opinion based on my experience for far.
BIG-IQ is a centralised management platform which provides centralised analytics, logs and auditing as well as configuration and application templates.
Ansible is a Configuration Management system that allows for configuration to be simplified and shared to create configuration templates as well as the ability to treat this configuration like code, with version control etc. F5 also has very good support for Ansible and a strong development community.
So Ansible by its self is good for automating configuration tasks and ensuring configuration between similar environments but it really comes into it own when used with centralised version control (GitHub/GitLab/Gerrit etc.) and with Continuous Integration/Continuous Delivery (CI/CD) (Jenkins/goCD/GitLab etc.)
Back to BIG-IQ I found the management of F5 devices mostly straight forward as web based and it was very quick to get up and running. I liked the application templates where you could create iApp style services and almost remove the Application configuration from the Device configuration/management however back in 5.0/5.1 had issues keeping it working correctly (hopefully working better these days) and took some time to map them all out. Like Ansible can be used to keep configuration the same between environments. However, configuration is limited to F5 only (as far as I know).
If you already are using iWorkflow I would say you could move over to BIG-IQ without to much difficulty and find the interface you and your team are working with very similar (assuming you're using the web gui) and you get the benefits of central management.
If you are managing your configuration with version control and have CI/CD within your organisation then I would take a look at Ansible as an addition to BIG-IQ or if looking to save license cost instead of BIG-IQ (if configuration management is your sole concern)
In the end I think it comes down to personal preference, why not trial both options, get a trial F5 BIG-IQ license and setup a small Ansible system (a small Linux VM is all you need).
To add on. The answer is Yes. You can use both. The idea behind BIG-IP in CI/CD is to have preconfigured applications, profiles and such. Those can be deployed through BIG-IQ using iControlREST via whatever systems you use.
BIG-IQ's benefit is you can more visibility across multiple BIG-IP systems even if you don't use it as your source of deployment/config.
I am asking F5 dev teams to come up with more examples and code to show how BIG-IQ fits INTO existing CI/CD processes where Ansible is the config deployment.
I'm a little late to the party on this thread, but has anyone here built their environment using Ansible alongside BIG-IQ? Our current direction is to use BIG-IQ to manage the ASM and APM objects for our 10 BIG-IPs and use Ansible to deploy the VIP configurations we have stored in Github.
Managing ASM and APM in BIG-IQ makes perfect sense. However, it seems to me that creating/updating VIP configurations in Github will mean that I'll need to run the discovery and import processes for all of our BIG-IPs to ensure that BIG-IQ has all of the information needed to deploy ASM and/or APM policies to the right places.
If anyone has tackled this architecture, I'd definitely like to hear how you are working within this type of architecture and any problems you might have encountered along the way.