Automating SSL Orchestrator in AWS with the help of Ansible and Terraform

Overview

Learn how to automate the deployment of SSL Orchestrator in Amazon Web Services.  

This article is based on the automation templates available here:

https://github.com/f5devcentral/sslo-cloud-templates

This will deploy SSL Orchestrator with an L3 Inbound Topology and two L3 Services in a Service Chain.

Follow the instructions here: lab-instructions-aws.md

A demo video of this article is available below

Steps Performed:

• Install the Container Environment
• Clone the Repository
• Subscribe to EC2 Instances
• Export your AWS Credentials
• Copy the Terraform variables file and update the values         
• Deploy the Terraform configuration
• Build the SSL Orchestrator Topology using Ansible
• Deploy the Ansible Configuration
• Check the results

Launch the development container environment

Restart the container and attach to the console:

Clone the Repository

Subscribe to EC2 Instances

From a web browser client - subscribe to the following EC2 instances:

• https://aws.amazon.com/marketplace/pp?sku=5e92658b-3fa7-42c1-9a9b-569f009582df
• https://aws.amazon.com/marketplace/pp?sku=78b1d030-4c7d-4ade-b8e6-f8dc86941303
• https://aws.amazon.com/marketplace/pp?sku=a133064f-76e1-4d8a-aa3d-26ef12e6b95a

Export your AWS Credentials

From inside your development environment - export the AWS credentials

• export AWS_ACCESS_KEY_ID="your-aws-access-key-id"
• export AWS_SECRET_ACCESS_KEY="your-aws-secret-access-key"
• export AWS_SESSION_TOKEN="your-aws-session-token"

Copy the Terraform variables file and update the values

From the terraform-aws-sslo folder - Copy the included terraform.tfvars.example file to terraform.tfvars and update the values

It should look like this:

Deploy the Terraform Configuration

From inside your development environment - deploy the Terraform configuration

• terraform init
• terraform validate
• terraform plan
• terraform apply -auto-approve

Build the SSL Orchestrator Topology using Ansible

Edit the ansible.cfg file and add the two lines at the bottom:

[defaults]
host_key_checking	  = False
retry_files_enabled = False
inventory           = ./inventory/hosts
library             = ./library
roles_path          = ./roles
collections_paths   = ./collection
[galaxy]
server = https://old-galaxy.ansible.com

• cd ansible
• ansible-galaxy collection install f5networks.f5_modules f5networks.f5_bigip -f

Deploy the Ansible Configuration

Deploy an Ansible config using the variables file that was created by the accompanying Terraform. This will create an inbound layer 3 SSL Orchestrator topology. From the 'ansible' folder:

cp ../terraform-aws-sslo/ansible_vars.yaml . ansible-playbook -e @ansible_vars.yaml playbooks/config-sslo-inbound-l3-complete.yaml

Check the Results

Login to the BIG-IP GUI and verify SSL Orchestrator has been configured and deployed

Conclusion

You're done!  These templates and configuration files can be cusomized by you and re-used for future SSL Orchestrator deployments in AWS.