Skip to content

Latest commit

 

History

History
190 lines (144 loc) · 4.77 KB

README.adoc

File metadata and controls

190 lines (144 loc) · 4.77 KB

Azure Terraform Deploying BIG-IP v15 with 3 nics

If you need the single NIC version of BIG-IP go here: https://github.com/itlinux/azure_big_ip

Important
the BIG-IQ pass is in the terraform.tfvars which you need to create and add your password.

Requirements

It needs Terraform 0.12 since it uses the new variable interpolation

For reference check the link below

"https://www.terraform.io/docs/configuration-0-11/interpolation.html"

Files

This plan is split with every topic

  • firewall

  • BIG-IP

  • output

  • main

  • networks

  • nics

  • banner

  • dpasswd

  • storage

  • ts

  • az

  • variables

  • terraform.tfvars

Pretty much all options are in variables.

terraform refresh  -state=statefilelocation
Important
License Agreement with Microsoft Azure Market

License steps

For the BYOL in Azure to be able to use BIG-IP you much accept the term before you can deploy the BIG-IP / BIG-IQ. Here is the working solution for the BIG-IP.

  • 1 ⇒ install the az CLI

  • 2 ⇒ login into Microsoft Azure cloud from the CLI

  • 3 ⇒ select or set the right account which you want to use to deploy the BIG-IP

  • 4 ⇒ create the RBAC for your subscription

STEPS:

brew install azure-cli  # for mac

Invoke-WebRequest -Uri https://aka.ms/installazurecliwindows -OutFile .\AzureCLI.msi; Start-Process msiexec.exe -Wait -ArgumentList '/I AzureCLI.msi /quiet'; rm .\AzureCLI.msi # Powershell

# For CentOS / RHEL 7
sudo rpm --import https://packages.microsoft.com/keys/microsoft.asc

sudo sh -c 'echo -e "[azure-cli]
name=Azure CLI
baseurl=https://packages.microsoft.com/yumrepos/azure-cli
enabled=1
gpgcheck=1
gpgkey=https://packages.microsoft.com/keys/microsoft.asc" > /etc/yum.repos.d/azure-cli.repo'

sudo yum -y install azure-cli

#Ubuntu use this link
https://docs.microsoft.com/en-us/cli/azure/install-azure-cli-apt?view=azure-cli-latest

Azure Login

az login

This will open a new browser window for you. If you are using a virtual machine it will not work! Once you are done with the browser the cli will show the account like

> az login
You have logged in. Now let us find all the subscriptions to which you have access...
The following tenants don't contain accessible subscriptions. Use 'az login --allow-no-subscriptions' to have tenant level access.
xxxxxxxxxx0-xxxxxxxx
[
  {
    "cloudName": "AzureCloud",
    "homeTenantId": "YOURTENANTNUMBER",
    "id": "YOURACCONTID",
    "isDefault": true,
    "managedByTenants": [
      {
        "tenantId": "YOURTENANTNUMBER"
      }
    ],
    "name": "YOUR SUB NAME",
    "state": "Enabled",
    "tenantId": "YOURTENANTID",
    "user": {
      "name": "[email protected]",
      "type": "user"
    }
  }
]

If you have more than one account set the right account with the set account

SUBSCRIPTION="xxxxxxxxxxx"
az account set -s "${SUBSCRIPTION}"

Run the RBAC command

az vm image terms accept --plan "f5-bigiq-virtual-edition-byol" --offer "f5-big-ip-best" --publisher "f5-networks"

Changes the terraform.tfvars to set to your name and IP subnet/network you want to use and what resource name. In mine it shows like this:

> az group list |grep rm
    "id": "/subscriptions/xxxxxxxxxxxxxxxxxxxxx/resourceGroups/rm_big_iq_rg",
    "name": "rm_big_iq_rg",

Execute the manifest

Set the Plan output

terraform plan -out=tfplan_bigip

Execute the Plan

terraform apply tfplan_bigip

Connecting to BIG-IP

ssh admin@bigipublicipaddress

Password ADMIN has been generated

The TF output will have the password which was generated for the admin user

Access the Web.

https://IPADRESS

DONE!!

BIG-IQ License

It will get a license from the BIG-IQ. Check your BIG-IQ to make sure your BIG-IP has a license

Ansible

It will create a set of creds based on how counts. Terraform will gen the variables for ansible to run. The ansible will set the following:

POOL NODE Virtual Server IP The playbook will use the secondary IP of the Untrust NIC, if you use the Azure LB you will to use the primary NIC and not the secondary.

TO DO

Ansible Playbooks. Setting a specific IP, right now for each BIG-IP on each credsx, this is used for ansible selfIP on the VIP.

Zones

The azs is used to spin up the BIG-IP on each zones. Depending on which Region you may not have more than 1 AZ. West US 2 (example), has 3 zones, so if I spin up 4 BIG-IP it will set the #4 to zone 1 again.

Telemetry

It allows you to get BIG-IP telemetry in Azure Sentinel. You will need to provide workspaceID and SharekeyID.

DNS Name

It will automatically map to the DNS Record of Azure mapping records. Just update the info on the variable file.

Troubleshooting

Login in to the BIG-IP and check the following files in the /var/log folder:

cloud-init.log

cloud-init-output.log

f5-cloud-init.log