BIG-IP Upgrade | Environment¶
This solution uses AWS services to host the BIG-IPs. The solution can be deployed with F5 UDF or any AWS account with rights to the below resources.
Terraform is used for infrastructure management
Ansible is used for configuration management
AWS is the platform
Prior knowledge of Terraform, Ansible, or AWS is not needed. The solution aims for a smaller learning curve on infrastructure/configuration management (with abstractions) in exchange for more time within BIG-IP.
Terraform is an open-source infrastructure code software tool that provides a consistent CLI workflow to manage hundreds of cloud services. Terraform codifies cloud APIs into declarative configuration files.
Ansible is an open-source software provisioning, configuration management, and application-deployment tool enabling infrastructure as code.
Visual Studio Code is a streamlined code editor supporting development operations like debugging, task running, and version control.
This solution leverages Terraform to create and manage the following products and services. Ansible is used for BIG-IP configuration management after Terraform operations are complete.
Amazon Elastic Compute Cloud (EC2)
Amazon Identity and Access Management (IAM)
Amazon Simple Storage Service (S3)
Terraform
Ansible
VSCode
- BIG-IP Build Resources
Cloud-init (userdata)
Solution Setup¶
For access to a UDF, environment see F5 UDF Environment Access.
Warning
The random BIG-IP password and AWS tokens are stored in cloud-init and the Terraform state file. If this solution is running with any longevity, it is recommended to change the password and tokens.
Warning
Skipping Steps 1-3 will result in a Terraform failure
Accessing AWS
UDF ephemeral accounts have access to subscribe to AWS marketplace images. Unfortunately, there is no way to subscribe to an offering programmatically. Before running this solution, you will need to log in to the aws console and subscribe.
From the UDF environment, locate your Console URL and generated password. Click the URL to log in to the AWS console.
Example:
BIG-IP Marketplace
BIG-IP offerings are licensed by the modules and throughput. For this solution, we will license a BEST PAYG 200mbps on version 14.1. This will allow for all BIG-IP modules and 200mbps of tested traffic with an older version to upgrade.
From the top search bar, search for
F5 BIG-IP BEST with IPI and Threat Campaigns (PAYG, 200Mbps)
and clickExample:
Subscribe to the BIG-IP 200mbps image and accept the terms
Note
You can choose different offerings by changing the default Terraform variable to a different BIG-IP amazon machine image (AMI) search, default is
F5 Networks Licensed Hourly BIGIP-12.1.6*Best*200MBPS*
Example:
Note
Once the subscription is processing you can move on to the next step
Create a working environment
VSCode is our preferred IDE. This allows an editor and terminal within a single pane, open VSCode, and create a new Terminal. In the UDF environment, you can access VSCode through the coder access method on the ubuntuHost resource.
For access to coder in a UDF (course or blueprint) environment, see F5 UDF Environment Access.
Example:
Set or verify environment AWS credentials
Note
AWS Access and Secret keys for the UDF environment are located in the Blueprint or Course Documentation, under section cloud accounts
Warning
The default region in Terraform is
us-west-2
, if you choose a different credential region, make sure to update TerraformIn the terminal window, copy the below text and paste+enter:
aws configure
Variables Table for awscli to UDF Cloud Accounts:
Variable Name
Cloud Account Variable Value
AWS Access Key ID
API Key
AWS Secret Access Key
API Secret
Default region name
us-west-2
Default output format
json
Example:
Clone the public repository of solutions
Note
Examples are shown pulling the repositories down to the Desktop folder. If you choose to change the clone location, be aware of the path changes
In the terminal window, copy the below text and paste+enter:
git clone -b 'main' --single-branch https://github.com/f5devcentral/f5-digital-customer-engagement-center
Example:
Change directory to the F5 Digital Customer Engagement Center repository
In the terminal window, copy the below text and paste+enter:
cd /home/ubuntu/Desktop/f5-digital-customer-engagement-center/solutions/delivery/application_delivery_controller/big-ip/upgrade/aws
Example:
Run the setup script This will create AWS resource objects
In the terminal window, copy the below text and paste+enter:
bash setup.sh
Example:
Continue with Terraform when ready
Press
enter
when requestedExample:
Enter the AWS api credentials for Terraform
The BIG-IP uses the AWS credentials to perform an
API
failover, moving the secondary IP addresses from one Elastic Network Interface to another. This is used to replicate the failover on-premises from an active BIG-IP to a standby.Terraform and Ansible Completed
Warning
Terraform is building several services, then Ansible will run. This can take 10-15 minutes to complete
Note
If you need to see the outputs again later and have not saved them, utilize the
terraform output
commandThe outputs from our Terraform run are in green. We will need this information to access our BIG-IPs and testing the virtual service.
Example:
The BIG-IP resources
Terraform created two BIG-IPs. Ansible created the virtual services and the BIG-IP Cluster. Within Terrafroms outputs are the public ip addresses for the management interfaces for both BIG-IPs. Log in to a BIG-IP to see the cluster settings and version of BIG-IP deployed
The Terraform outputs have the management public IP address of our BIG-IPs called f5vm01_mgmt_public_pip and f5vm02_mgmt_public_pip. Since this address is public, it is accessible from anywhere on the internet. Open a browser and browse to the page
Note
The BIG-IP management interfaces use a self-signed certificate. Accept the invalid certificate. If you are using Chrome on the page, you can type
thisisunsafe
all one wordhttps://(f5vm01_mgmt_public_pip) or https://(f5vm02_mgmt_public_pip)
Example:
Log in to the BIG-IP
Log in with user
awsuser
, and the Terraform generated password found in the outputs generated_passwordExample:
Validate the BIG-IP setup
A cluster was created, and the TMOS version of the BIG-IP was created with 12.1.6
Example:
Verify that the test service is available
The test service was created with Ansible, a basic virtual server and an irule for 80 to 443 redirect, and another virtual server with FQDN pool members and an irule that gives back client information in the form of an HTML page.
The Terraform outputs have the public IP address of our testing virtual service called public_vip_pip. Since this address is public, it is accessible from anywhere on the internet. Open a browser and browse to the page
Note
The BIG-IP is performing TLS offload. The certificate is self-signed. Accept the invalid certificate. If you use Chrome, on the page, you can type
thisisunsafe
all one wordhttps://(public_vip_pip)
Example:
The virtual service should be up and available
Note
If the test virtual is not available, failover the BIG-IP cluster
The irule on the virtual server will present some client information to validate that the service is ready
Example:
The environment has been created, and all access has been set
At this point, we can utilize our BIG-IPs and test service for upgrades.
Proceed to BIG-IP Upgrade | Deployments
Destroy the AWS environment and all resources This will destroy AWS resource objects
Note
Destruction of the AWS environment does not need the API token/key these can be blank
In the terminal window, copy the below text and paste+enter:
bash cleanup.sh
Example: