merps / f5-sslo-demo

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

F5 BIG-IQ/BIG-IP Deployment Example for SSLO Automation

license standard-readme compliant

This document covers the initial setup and configuration of the AWS BIG-IQ/BIG-IP SSLO demonstration deployment.

Table of Contents

Security

This F5 AWS BIG-IP Demo exposes both the BIG-IP & BIG-IQ management interfaces with ElasticIP's to the public internet.

Background

This example comes about based on previous work from F5 Development & Field, to provide automation examples leveraging BIG-IQ Cloud Edition and BIG-IQ VE's Transparent-Proxy deployment model.

Additional Resources

To deploy the Terraform example both BIG-IQ and BIG-IP trial licenses are required. To do this, go to F5 Trial and;

  • Select BIG-IP VE and BIG-IQ

To deploy within AWS using Terraform a valid AWS Subscription is also required, select Subscribe and accept the Terms and Conditions for these F5 products:

NOTE: This architecture deploys two c4.2xlage PAYG BIG-IP Marketplace instances, it is recommended to perform a terraform destroy to not incur excessive usage costs outside of free tier.
BIG-IQ Evaulation/BYOL licenses are required for the externally called terraform-aws-bigiq

Prerequisites

To support this deployment pattern the following components are required:

Installation

This deployment example uses the following external community modules for Terraform;

The deployment pattern that is covered in this example of F5 SSLO Automation is as follows;

SSLO Deployment

To deploy the SSLO example;

a) First, clone the repo:

git clone https://github.com/merps/f5-sslo-demo.git

b) Second, create a tfvars file in the following format to deploy the environment;

Inputs

Name Description Type Default Required
aws_vpc_parameters AWS VPC Input Parameters
object({
cidr = string
region = string
})
{
"cidr": "10.0.0.0/16",
"region": "ap-southeast-2"
}
no
cidr_offsets VPC CIDR Offsets for C Octet
object({
management = number
external = number
internal = number
inspect_in = number
inspect_out = number
})
{
"external": 0,
"inspect_in": 40,
"inspect_out": 50,
"internal": 20,
"management": 10
}
no
ec2_public_key EC2 Keypair for provisioning any n/a yes
licenses BIQ-IQ (CM/DCD) License Keys
object({
cm_key = string
dcd_key = string
})
n/a yes
tags AWS Tags
object({
prefix = string
environment = string
})
{
"environment": "demo",
"prefix": "f5-sslo"
}
no

The minimum required variables are the BIG-IQ (CM/DCD) licenses. This deployment defaults to what is currently defined in variables.tf

c) Third, get and initialise the Terraform deployment as follows:

cd src/
terraform get ; terraform init

This will download the required modules from both GitHub and the Terraform Registry.

d) Validation of the default values and created variables file from the previous step can be performed as such;

terraform validate 

e) Plan the deployment;

terraform plan -var-file=variables.tfvars

this will produce and display the deployment plan using the previously created varibles.tfvars file.

d) Then finally to deploy the successfully plan;

terraform apply -var-file=variables.tfvars --auto-approve

NOTE: This architecture deploys two c4.2xlage PAYG BIG-IP Marketplace instances, it is recommended to perform a terraform destroy to not incur excessive usage costs outside of free tier.

This deployment also covers the provisioning of the additional F5 prerequisite components so required for deployment example covered in the F5 SSLO Demo

Configuration

This example deployment, when successfully, will deploy an example Transparent Proxy deployment of BIG-IP SSLO within AWS leveraging BIG-IQ Centralised Manager.

Further resources on both BIG-IQ and BIG-IP, including an extensive lab guide, are found at these locations:

TODO

List of task to make the process my automated;

  • Workflow improvements for DO/AS3/TS
  • Clear SSLO object errors on BIG-IQ
  • Address automatic onboarding of CM/DCD as per TF Module

Contributing

See the contributing file!

PRs accepted.

Filing issues

If you find an issue, we would love to hear about it. You have a choice when it comes to filing issues:

  • Use the Issues link on the GitHub menu bar in this repository for items such as enhancement or feature requests and non-urgent bug fixes. Tell us as much as you can about what you found and how you found it.

ChangeLog

License

Apache © merps.

About

License:Apache License 2.0


Languages

Language:HCL 66.5%Language:Smarty 33.5%