sriramgd_111845
May 03, 2011Nimbostratus
F5 and source control - deploy from SCM or get from device?
I got some good advice on how to get our changing F5 configuration into source control:
http://devcentral-sea.f5.com/Community/GroupDetails/tabid/1082223/asg/52/aft/1178703/showtab/groupforums/Default.aspx
Based on this I implemented a job which goes out and gets the F5 configuration every n minutes, compares it with what is in our source control and if it has changed, checks it in, with the diff as the check in comment. This way we have a history of changes done to the F5 via the web or command line.
In a review the question was raised that we should be deploying configuration changes from the SCM instead of pulling the changes.
However I don't see an easy way out for this. Here are two options which came mind:
1. Lock the web and command line interface out to all users and have them change the configuration file in SCM and then have a command to overwrite the configuration file on the F5 through the SCM build process. The problem with this is most users may not be familiar with the configuration file, may make mistakes with it etc.
2. Build a UI which does this and integrates with our SCM. This would take time to build.
We do have an F5 in our test environment which we could use as a 'staging' server - the problem is that it is used for various QA purposes and we cant overwrite the configuration file for staging and testing before deploying to production.
Based on this I still think that just getting the configuration and checking it in if it has changed is the best way to maintain history (and allow for rollbacks) for the F5 configuration.
Any advice on this?
Any examples of how anyone maintain the F5 configuration(s) in source control?
Thanks.