Automating with Ansible

Ansible is an open source application deployment and configuration management tool used to automate your Layer7 Gateway upgrade. You set up the Ansible controller, configure the inventories with your Gateway environment information, then execute the Ansible playbooks which perform migration tasks to upgrade your Gateway to version 10.0.
The basic building blocks for Ansible are modules. Each module performs a specific operation on the Gateway remotely via ssh and the module's behavior is customizable by providing parameters. A module is invoked by a task. Playbooks can call a number of plays and the plays tie tasks to a host list. Playbooks are written in YAML.  A role is a sequence of tasks to provide self-contained/reusable functionality.  Each role performs one section of the Gateway migration workflow.
The Ansible playbooks can be easily extended.  The following modules are available for use: modules_by_category.  Some of the modules require you to install third-party libraries.  Check each module for their requirements.
GitHub Repository
Files required to perform the steps within the automated expedited upgrade are available from the following GitHub repository:
The repository includes README.md files that explain the contents of each playbook and role in detail.   
Best Practices
  • Use a dedicated computer as the Ansible controller. It should be locked down/hardened. The computer must run Linux or macOS. Microsoft Windows is not supported.
  • Install the latest version of Ansible. Do not use the Gateway to install the Ansible controller. 
  • Each administrator should use their own account when using Ansible to upgrade the Gateways. This will make audit records more meaningful. Any passwords should not be shared between users.
Upgrade Scenarios
As mentioned previously, there are two scenarios covered by the automated expedited upgrade procedure:
Create New and Migrate
Steps
Notes
Perform a pre-upgrade check
Run the pre-upgrade analyzer on the source Gateways.
After reading the resulting pre-upgrade analyzer report, you can decide to extend the automation (customize the playbooks), to better fit your upgrade requirements. 
Running mySQL Checker requires mysql8 shell installed.
Related Role:
gateway_preupgrade_analyzer
Backup the Gateway configuration and assertions
Back up the Gateway and Linux configuration files, plus Gateway assertions using ssgbackup.
Related Role:
gateway_basic_backup
Export the database
Back up and export the source Gateway's database and OTK database (if co-located).
Related Role:
gateway_export_database
Backup PAPIM configuration
Back up the PAPIM configuration files.
Solution kit files are backed up by the gateway_export_database role.
Related Role:
gateway_papim_backup
Auto-provision the  new Gateway
Run the auto-provision playbook on all nodes.
Use the same passwords as the source Gateway.
Related Roles:
gateway_common, gateway_primary_db_node, gateway_processing_node
Import the database and upgrade the database schema
Import the exported source Gateway database and OTK database into the target.
If the OTK database is co-located, uncomment the file to grant mysql permission. 
Related Role:
gateway_import_database
Install the Gateway license
Run the Gateway license installer. Create new SSL certificates with the new hostname.
Related Roles:
gateway_common, gateway_install_license
Install and Restore PAPIM
Installs PAPIM then restores the previously backed up configuration files.
Related Roles:
gateway_papim_install, gateway_papim_restore_backup
Configure Database Replication
Configure replication for the primary gateway MySQL 8 database to provide failover.
Related Role:
gateway_replicate_database
Validate the installation
A manual step. Follow the standard validation instructions.
Cleanup Backup Files on Controller
Used after each cluster upgrade before starting the next. Deletes the backup files to make space on the Controller.
Related Role:
gateway_controller_cleanup
Re-image an Existing VM Instance or Hardware Appliance
Steps
Notes
Perform a pre-upgrade check
Run the pre-upgrade analyzer on the source Gateways.
After reading the resulting pre-upgrade analyzer report, you can decide to extend the automation (customize the playbooks), to better fit your upgrade requirements. 
Running mySQL Checker requires mysql8 shell.
Related Role:
gateway_preupgrade_analyzer
Export the database
Backup and export the source Gateway's database and OTK database (if co-located).
Related Role:
gateway_export_database
Re-image the Gateway VM
Use ISO to rebuild the VM.
Auto-provision the  new Gateway
Run the auto-provision playbook on all nodes.
Use the same passwords as the source Gateway.
Related Roles:
gateway_common, gateway_primary_db, gateway_primary_db_node, gateway_processing_node
Import the database and upgrade the database schema
Import the exported source Gateway database and OTK database into the target.
If the OTK database is co-located, uncomment the file to grant mysql permission. 
Related Role:
gateway_import_database
Install the Gateway license
Run the Gateway license installer. Create new SSL certificates with the new hostname.
Related Roles:
gateway_common, gateway_install_license
Install and Restore PAPIM
Installs PAPIM then restores the previously backed up configuration files.
Related Roles:
gateway_papim_install, gateway_papim_restore_backup
Configure Database Replication
Configure replication for the primary gateway MySQL 8 database to provide failover.
Related Role:
gateway_replicate_database
Validate the installation
Follow the standard installation validation instructions.
Cleanup Backup Files on Controller
Used after each cluster upgrade before starting the next. Deletes the backup files to make space on the Controller.
Related Role:
gateway_controller_cleanup