BIG-IP Upgrade | Environment¶

This solution uses AWS services to host the BIG-IPs. The solution can be deployed with F5 UDF or any AWS account with rights to the below resources.

Terraform is used for infrastructure management
Ansible is used for configuration management
AWS is the platform

Prior knowledge of Terraform, Ansible, or AWS is not needed. The solution aims for a smaller learning curve on infrastructure/configuration management (with abstractions) in exchange for more time within BIG-IP.

Terraform is an open-source infrastructure code software tool that provides a consistent CLI workflow to manage hundreds of cloud services. Terraform codifies cloud APIs into declarative configuration files.

Ansible is an open-source software provisioning, configuration management, and application-deployment tool enabling infrastructure as code.

Visual Studio Code is a streamlined code editor supporting development operations like debugging, task running, and version control.

This solution leverages Terraform to create and manage the following products and services. Ansible is used for BIG-IP configuration management after Terraform operations are complete.

Amazon Elastic Compute Cloud (EC2)
Amazon Identity and Access Management (IAM)
Amazon Simple Storage Service (S3)
Terraform
Ansible
VSCode
BIG-IP Build Resources
- Cloud-init (userdata)

Solution Setup¶

For access to a UDF, environment see F5 UDF Environment Access.

Warning

The random BIG-IP password and AWS tokens are stored in cloud-init and the Terraform state file. If this solution is running with any longevity, it is recommended to change the password and tokens.

Warning

Skipping Steps 1-3 will result in a Terraform failure

Accessing AWS

UDF ephemeral accounts have access to subscribe to AWS marketplace images. Unfortunately, there is no way to subscribe to an offering programmatically. Before running this solution, you will need to log in to the aws console and subscribe.

From the UDF environment, locate your Console URL and generated password. Click the URL to log in to the AWS console.

Example:
BIG-IP Marketplace

BIG-IP offerings are licensed by the modules and throughput. For this solution, we will license a BEST PAYG 200mbps on version 14.1. This will allow for all BIG-IP modules and 200mbps of tested traffic with an older version to upgrade.

From the top search bar, search for F5 BIG-IP BEST with IPI and Threat Campaigns (PAYG, 200Mbps) and click

Example:
Subscribe to the BIG-IP 200mbps image and accept the terms

Note

You can choose different offerings by changing the default Terraform variable to a different BIG-IP amazon machine image (AMI) search, default is F5 Networks Licensed Hourly BIGIP-12.1.6*Best*200MBPS*

Example:

Note

Once the subscription is processing you can move on to the next step
Create a working environment

VSCode is our preferred IDE. This allows an editor and terminal within a single pane, open VSCode, and create a new Terminal. In the UDF environment, you can access VSCode through the coder access method on the ubuntuHost resource.

For access to coder in a UDF (course or blueprint) environment, see F5 UDF Environment Access.

Example:
Set or verify environment AWS credentials

Note

AWS Access and Secret keys for the UDF environment are located in the Blueprint or Course Documentation, under section cloud accounts

Warning

The default region in Terraform is us-west-2, if you choose a different credential region, make sure to update Terraform

In the terminal window, copy the below text and paste+enter:
```
aws configure
```
Variables Table for awscli to UDF Cloud Accounts:

Variable Name

Cloud Account Variable Value

AWS Access Key ID

API Key

AWS Secret Access Key

API Secret

Default region name

us-west-2

Default output format

json

Example:
Clone the public repository of solutions

Note

Examples are shown pulling the repositories down to the Desktop folder. If you choose to change the clone location, be aware of the path changes

In the terminal window, copy the below text and paste+enter:
```
git clone -b 'main' --single-branch https://github.com/f5devcentral/f5-digital-customer-engagement-center
```
Example:
Change directory to the F5 Digital Customer Engagement Center repository

In the terminal window, copy the below text and paste+enter:
```
cd /home/ubuntu/Desktop/f5-digital-customer-engagement-center/solutions/delivery/application_delivery_controller/big-ip/upgrade/aws
```
Example:
Run the setup script This will create AWS resource objects

In the terminal window, copy the below text and paste+enter:
```
bash setup.sh
```
Example:
Continue with Terraform when ready

Press enter when requested

Example:
Enter the AWS api credentials for Terraform

The BIG-IP uses the AWS credentials to perform an API failover, moving the secondary IP addresses from one Elastic Network Interface to another. This is used to replicate the failover on-premises from an active BIG-IP to a standby.
Terraform and Ansible Completed

Warning

Terraform is building several services, then Ansible will run. This can take 10-15 minutes to complete

Note

If you need to see the outputs again later and have not saved them, utilize the terraform output command

The outputs from our Terraform run are in green. We will need this information to access our BIG-IPs and testing the virtual service.

Example:
The BIG-IP resources

Terraform created two BIG-IPs. Ansible created the virtual services and the BIG-IP Cluster. Within Terrafroms outputs are the public ip addresses for the management interfaces for both BIG-IPs. Log in to a BIG-IP to see the cluster settings and version of BIG-IP deployed

The Terraform outputs have the management public IP address of our BIG-IPs called f5vm01_mgmt_public_pip and f5vm02_mgmt_public_pip. Since this address is public, it is accessible from anywhere on the internet. Open a browser and browse to the page

Note

The BIG-IP management interfaces use a self-signed certificate. Accept the invalid certificate. If you are using Chrome on the page, you can type thisisunsafe all one word
```
https://(f5vm01_mgmt_public_pip) or https://(f5vm02_mgmt_public_pip)
```
Example:
Log in to the BIG-IP

Log in with user awsuser, and the Terraform generated password found in the outputs generated_password

Example:
Validate the BIG-IP setup

A cluster was created, and the TMOS version of the BIG-IP was created with 12.1.6

Example:
Verify that the test service is available

The test service was created with Ansible, a basic virtual server and an irule for 80 to 443 redirect, and another virtual server with FQDN pool members and an irule that gives back client information in the form of an HTML page.

The Terraform outputs have the public IP address of our testing virtual service called public_vip_pip. Since this address is public, it is accessible from anywhere on the internet. Open a browser and browse to the page

Note

The BIG-IP is performing TLS offload. The certificate is self-signed. Accept the invalid certificate. If you use Chrome, on the page, you can type thisisunsafe all one word
```
https://(public_vip_pip)
```
Example:
The virtual service should be up and available

Note

If the test virtual is not available, failover the BIG-IP cluster

The irule on the virtual server will present some client information to validate that the service is ready

Example:
The environment has been created, and all access has been set

At this point, we can utilize our BIG-IPs and test service for upgrades.

Proceed to BIG-IP Upgrade | Deployments
Destroy the AWS environment and all resources This will destroy AWS resource objects

Note

Destruction of the AWS environment does not need the API token/key these can be blank

In the terminal window, copy the below text and paste+enter:
```
bash cleanup.sh
```
Example:

Variable Name	Cloud Account Variable Value
AWS Access Key ID	API Key
AWS Secret Access Key	API Secret
Default region name	us-west-2
Default output format	json