This directory contains the Terraform module to create BIG-IP™ VPC Gen2 instances using variable input from the user.
Use this template to create BIG-IP™ Virtual Edition instances using imported customer VPC images using Terraform or IBM Cloud Schematics. Schematics uses Terraform as the infrastructure-as-code engine. With this template, you can create and manage infrastructure as a single unit as follows. For more information about how to use this template, see the IBM Cloud Schematics documentation.
This template requires that the F5 TMOS™ qcow2 images be patched including the IBM VPC Gen2 cloudinit config and the full complement of tmos-cloudinit modules. The template also requires the f5-declarative-onboarding AT extension version 1.16.0 or greater be included in the patched image.
This Schematics template submits cloudinit user-data which utilizes the F5 Declarative Onboarding extension. Documentation for this extension can be found at:
F5 Cloud Documentation for the F5 Declarative Onboarding Extension
In addition to installing and utilizing the Declarative Onboarding extension, the image onboarding process also installs recent versions of the F5 Application Services 3 and Telemetry Streaming extensions. Documentation of these extensions, and the use of their control plane API endpoints, can be found at:
F5 Cloud Documentation for the F5 Application Services 3 Extension
F5 Cloud Documentation for the F5 Telemetry Services Extension
Once the BIG-IP™ Virtual Edition instance is onboarded through Schematics and the F5 Declarative Onboarding Extension, the extension endpoints can be utilized to orchestrate L4-L7 services and logging, creating a fully functional and declarative ADC. Multiple VNFs can be provisioned using the BIG-IP™ Virtual Edition with declared services.
You're provided free technical support through the IBM Cloud™ community and Stack Overflow, which you can access from the Support Center. The level of support that you select determines the severity that you can assign to support cases and your level of access to the tools available in the Support Center. Choose a Basic, Advanced, or Premium support plan to customize your IBM Cloud™ support experience for your business needs.
Learn more: https://www.ibm.com/cloud/support
- Have access to Gen 2 VPC.
- The given VPC must have at least one subnet with one IP address unassigned (up to 5 are supported)
- The BIG-IP™ image name is the name of a custom VPC image in your region. To import a public F5 BIG-IP image see: BIG-IP public image importer.
- This template uses F5 Automation and Orchestration declaration URL downloads. This is a new feature in tmos-cloudinit. You must be using custom VPC images which are patched with the latest version of tmos-cloudinit modules.
They are supported in the following regions:
- us-south
- us-east
- eu-de
- eu-gb
- eu-es
- jp-tok
- jp-osa
- au-syd
- ca-tor
- br-sao
User variable: tmos_image_name
Values:
Your VPC custom image name
If your regional custom image has the same name as the public image, your custom image will be used.
By default, if no declaration URLs are supplied, the BIG-IP™ Virtual Edition instances created with this template will not be licensed nor have anything but default provisioning performed. To license and declare resources and services, supply declaration URLs to download your F5 Automation and Orchestration declarations in JSON format.
For information on creating custom images for IBM cloud see TMOS Cloudinit
The user should create an SSH key in the IBM cloud region. The SSH key name should be included as a user variable.
User Variable: ssh_key_name
Once the image completes onboarding, SSH access to the root user is available on the defined management Floating IP.
The user should also provide an admin user password.
User Variable: tmos_admin_password
If no tmos_admin_password is provided, a randomized lengthy password will be set. The user can then access the device via SSH authorized key and set the admin password by using passwd admin.
Currently, IBM terraform resources do not provide the ability to obtain VPC subnets by their name. The user will have to know the subnet UUID as input variables.
At least one VPC subnet must be defined:
User Variable: management_subnet_id
If only the management_subnet_id id is defined, the BIG-IP™ will be created as a 1NIC instance. The management UI and APIs can then be reached on port 8443 instead of the standard 443.
Up to five network interfaces can be added to a IBM VPC instnace. If you define additional subnet IDs, these will be mapped to BIG-IP™ data interfaces starting with interface 1.1
User Variables:
cluster_subnet_id
intenral_subnet_id
external_subnet_id
do_declaration_url
as3_declaration_url
ts_declaration_url
When onboarding is complete, including optional licensing and network interface provisioning, the BIG-IP™ can issue an HTTP(s) POST request to an URL specified by the user.
User Variables:
phone_home_url
The POST body will be JSON encoded and supply basic instance information:
{
"status": "SUCCESS",
"product": "BIG-IP",
"version": "15.1.2.0.0.9",
"hostname": "f5-test-ve-01.local",
"id": "27096838-e85f-11ea-ac1c-feff0b2c5217",
"management": "10.243.0.7/24",
"installed_extensions": ["f5-service-discovery", "f5-declarative-onboarding", "f5-appsvcs", "f5-telemetry", "f5-appsvcs-templates"],
"do_enabled": true,
"as3_enabled": false,
"ts_enabled": false,
"metadata": {
"template_source": "/f5devcentral/ibmcloud_schematics_bigip_multinic/tree/master",
"template_version": 20200825,
"zone": "eu-de-1",
"vpc": "r010-e27c516a-22ff-41f5-96b8-e8ea833fd39f",
"app_id": "undefined"
}
}The user can optionally define an app_id variable to tie this instnace for reference.
User Variables:
app_id
Once onboarding is complete, the user can than access the TMOS™ Web UI, use iControl™ REST API endpoints, or utilize the F5 BIG-IP™ Extensibility Extensions installed.
When you apply the template, the infrastructure resources that you create incur charges as follows. To clean up the resources, you can delete your Schematics workspace or your instance. Removing the workspace or the instance cannot be undone. Make sure that you back up any data that you must keep before you start the deletion process.
*VPC: VPC charges are incurred for the infrastructure resources within the VPC, as well as network traffic for internet data transfer. For more information, see Pricing for VPC.
Before you can apply the template in IBM Cloud, complete the following steps.
- Ensure that you have the following permissions in IBM Cloud Identity and Access Management:
Managerservice access role for IBM Cloud SchematicsOperatorplatform role for VPC Infrastructure
- Ensure the following resources exist in your VPC Gen 2 environment
- VPC
- SSH Key
- VPC with multiple subnets
Create a schematics workspace and provide the github repository url (https://github.com/f5devcentral/ibmcloud_schematics_bigip_multinic/tree/master) under settings to pull the latest code, so that you can set up your deployment variables from the Create page. Once the template is applied, IBM Cloud Schematics provisions the resources based on the values that were specified for the deployment variables.
Fill in the following values, based on the steps that you completed before you began.
| Key | Definition | Value Example |
|---|---|---|
region |
The VPC region that you want your BIG-IP™ to be provisioned. | us-south |
instance_name |
The name of the VNF instance to be provisioned. | f5-ve-01 |
hostname |
The hostname you want your BIG-IP™ to be provisioned. | f5-ve-01 |
domain |
The domain you want your BIG-IP™ to be provisioned. | local |
tmos_custom_image |
The custom image name for the VNF image. If you define a custom image name, it overrides the public image name. | |
tmos_image_name |
The longest match for a public image for the VNF image | bigip-16-1 |
tmos_type |
The TMOS image type for the VNF image. Can be ltm or all. | all |
instance_profile |
The profile of compute CPU and memory resources to be used when provisioning the BIG-IP™ instance. To list available profiles, run ibmcloud is instance-profiles. |
cx2-4x8 |
ssh_key_name |
The name of your public SSH key to be used. Follow Public SSH Key Doc for creating and managing ssh key. | linux-ssh-key |
management_subnet_id |
The ID of the management subnet where the instance will be deployed. Click on the subnet details in the VPC Subnet Listing to determine this value | 0717-xxxxxx-xxxx-xxxxx-8fae-xxxxx |
external_subnet_id |
The ID of the external subnet where the instance listens for virtual services. Click on the subnet details in the VPC Subnet Listing to determine this value | 0717-xxxxxx-xxxx-xxxxx-8110-xxxxx |
Fill in the following values, based on the steps that you completed before you began.
| Key | Definition | Value Example |
|---|---|---|
tmos_admin_password |
The password to set for the BIG-IP™ admin user. | valid TMOS password |
cluster_subnet_id |
The ID of the management dedicated to configsync operations. Click on the subnet details in the VPC Subnet Listing to determine this value | 0717-xxxxxx-xxxx-xxxxx-8fae-xxxxx |
internal_subnet_id |
The ID of the internal subnet where the instance will communicate to internal resources. Click on the subnet details in the VPC Subnet Listing to determine this value | 0717-xxxxxx-xxxx-xxxxx-8fae-xxxxx |
do_declaration_url |
The URL to retrieve the f5-declarative-onboarding JSON declaration | https://declarations.s3.us-east.cloud-object-storage.appdomain.cloud/do_declaration.json |
as3_declaration_url |
The URL to retrieve the f5-appsvcs-extension JSON declaration | https://declarations.s3.us-east.cloud-object-storage.appdomain.cloud/as3_declaration.json |
ts_declaration_url |
The URL to retrieve the f5-telemetry-streaming JSON declaration | https://declarations.s3.us-east.cloud-object-storage.appdomain.cloud/ts_declaration.json |
phone_home_url |
The URL for post onboarding web hook | https://webhook.site/#!/8c71ed42-da62-48ea-a2a5-265caf420a3b |
tgactive_url |
The URL to POST L3 device configurations when TMOS tgactive script is executed | |
tgstandby_url |
The URL to POST L3 device configurations when TMOS tgstandby script is executed | |
tgrefresh_url |
The URL to POST L3 device configurations when TMOS tgrefresh script is executed | |
app_id |
Application ID used for CI integration | a044b708-66c4-4f50-a5c8-2b54eff5f9b5 |
encryption_key_crn |
The CRN of the encryption key used to encrypt the boot image |
If there is any failure during VPC instance creation, the created resources must be destroyed before attempting to instantiate again. To destroy resources go to Schematics -> Workspaces -> [Your Workspace] -> Actions -> Delete to delete all associated resources.
- From the VPC list, confirm the F5 BIG-IP™ Virtual Edition is powered ON with green button
- From the CLI, run
ssh root@<Management IP>. - Enter 'yes' for continue connecting using ssh your key. This is the ssh key value, you specified in ssh_key variable.
- Use the
tmshshell.
Alternatively, the F5 Declarative Onboading, F5 Application Service 3, and F5 Telemetry Streaming service endpoints are available at:
https://<Management IP>/mgmt/shared/declarative-onboarding
https://<Management IP>/mgmt/shared/appsvcs
https://<Management IP>/mgmt/shared/telemetry
These endpoints provide declarative orchestration of multiple NFV functions including L4-L7 ADC funcationality, network firewalls, web application firewalls, and DNS services.
Troubleshoot and validate declarations by checking the:
/var/log/restnoded/restnoded.log
on the F5 BIG-IP™ Virtual Edition instance.
React
Typescript
Django
Laravel
Facebook
Microsoft
Google
Alibaba
D3
Tencent