Deploy Quickstart BIG-IP with Existing Stack in Google Cloud using v2 Templates
The BIG-IP Public Cloud team has developed many solutions over the years to enable customers to easily deploy BIG-IP with a few steps. In the first article of this series, I discussed the differences between the v1 and v2 BIG-IP Cloud Solution Templates for public cloud. I plan to cover how-to deploy BIG-IP services into a Google Cloud existing network stack.
How-to v2 Quickstart Example: BIG-IP on Google Cloud with Existing Network Stack
The following section will be a walkthrough with steps to deploy BIG-IP in GCP using the Quickstart example with an existing network stack. You can use the same techniques in order to copy the templates, modify as needed, and deploy in your environment. Make sure to review the README for prerequisites.
I will deploy BIG-IP with an existing network stack in GCP. I customize the example Runtime Init YAML file from GitHub and then copy it to my GCP Bucket with public access. This allows the BIG-IP to retrieve it during onboard. The result will be the following:
- Using my existing network stack with 3x VPCs: mgmt, external, internal
- BIG-IP instance, version=16.1.3.2
- 4x CPU, 3-NICs
- Using my customized runtime-init-conf-3nic-payg-jeff.yaml from my GCP Bucket
- BIG-IP system and network settings only
Clone GitHub Repository
1. Open a terminal (ex. Visual Studio Code) and clone the repository
git clone https://github.com/F5Networks/f5-google-gdm-templates-v2.git
Modify Parameters - Existing Stack
1. From your terminal, set DEPLOYMENT_NAME, set CONFIG_FILE, and change folders
DEPLOYMENT_NAME="giroux-bigip-existing"
CONFIG_FILE="sample_quickstart_existing_network.yaml"
cd f5-google-gdm-templates-v2/examples/quickstart
git checkout tags/v2.6.0.0
2. Edit the file sample_quickstart_existing_network.yaml
---
# sample_quickstart_existing_network.yaml - BIG-IP with existing stack
# Note: Commented and some Optional lines were removed from
# the yaml below. This keeps the code block small
# for easier illustration purposes.
imports:
- path: quickstart-existing-network.py
- path: ../modules/bigip-standalone/bigip_standalone.py
- path: ../modules/dag/dag.py
resources:
- name: quickstart-existing-network-py
properties:
bigIpImageName: f5-bigip-16-1-3-2-0-0-4-payg-best-plus-1gbps-220914234533
bigIpRuntimeInitConfig: >-
https://storage.googleapis.com/giroux-public/runtime-init-conf-3nic-payg-jeff.yaml
numNics: 3
networks:
mgmtNetworkName: jgiroux-net-mgmt
externalNetworkName: jgiroux-net-ext
internalNetworkName: jgiroux-net-int
subnets:
mgmtSubnetName: jgiroux-subnet-mgmt
appSubnetName: jgiroux-subnet-ext
internalSubnetName: jgiroux-subnet-int
owner: giroux
provisionPublicIp: true
region: us-west1
restrictedSrcAddressApp: [0.0.0.0/0]
restrictedSrcAddressMgmt: [0.0.0.0/0]
uniqueString: giroux321
zone: us-west1-a
type: quickstart-existing-network.py
3. Edit the runtime-init-conf-3nic-payg.yaml file according to your existing network stack
4. Save file and upload to a location accessible by BIG-IP during onboard
# runtime-init-conf-3nic-payg.yaml - sourced from GitHub examples
# My example change...
app_route:
class: Route
gw: '10.1.20.1'
network: '10.1.0.0/16'
mtu: 1500
Deploy the BIG-IP - Existing Stack
1. From your terminal, launch the GDM template
gcloud deployment-manager deployments create ${DEPLOYMENT_NAME} --config ${CONFIG_FILE}
# Sample Output
The fingerprint of the deployment is b'A3qm7z5mY6q5APP9sEhbJA=='
Waiting for create [operation-1651006616110-5dd94eee003ec-389d2a10-388bd686]...done.
Create operation operation-1651006616110-5dd94eee003ec-389d2a10-388bd686 completed successfully.
NAME TYPE STATE ERRORS INTENT
giroux321-app-int-fw compute.v1.firewall COMPLETED []
giroux321-app-vip-fw compute.v1.firewall COMPLETED []
giroux321-bigip-vm-01-ti compute.v1.targetInstance COMPLETED []
giroux321-bigip-vm-01 compute.v1.instance COMPLETED []
giroux321-fr-01 compute.v1.forwardingRule COMPLETED []
giroux321-http-hc compute.v1.healthCheck COMPLETED []
giroux321-https-hc compute.v1.healthCheck COMPLETED []
giroux321-mgmt-fw compute.v1.firewall COMPLETED []
giroux321-public-ip-01 compute.v1.address COMPLETED []
giroux321-tcp-hc compute.v1.healthCheck COMPLETED []
Validating the Deployment
See the "Validating the Deployment" section or the "Further Exploring" section in the Quickstart README file for more validation commands.
1. Retrieve the values for bigIpManagementPublicIp and vip1PublicIp
gcloud deployment-manager manifests describe --deployment=${DEPLOYMENT_NAME} --format="value(layout)" | yq '.resources[0].outputs[] | select(.name | contains("bigIpManagementPublicIp")).finalValue'
# Sample Output "bigIpManagementPublicIp"
35.227.161.180
gcloud deployment-manager manifests describe --deployment=${DEPLOYMENT_NAME} --format="value(layout)" | yq '.resources[0].outputs[] | select(.name | contains("vip1PublicIp")).finalValue'
# Sample Output "vip1PublicIp"
35.197.57.26
SSH to BIG-IP and Review Logs
1. Access BIG-IP and enter bash mode (value from bigIpManagementPublicIp)
ssh admin@35.227.161.180 -i ~/.ssh/id_rsa
admin@(giroux123-bigip1)(Standalone)(Active)(/Common)(tmos)# bash
[admin@giroux123-bigip1:Active:Standalone] ~ #
2. Review BIG-IP Runtime Init onboard logs
[admin@giroux123-bigip1:Active:Standalone] ~ # cat /var/log/cloud/bigIpRuntimeInit.log
# Sample Output
...snippet...
2022-11-04T00:03:12.178Z [5528]: info: Executing inline shell command: tmsh save sys config
2022-11-04T00:03:18.579Z [5528]: info: Shell command: tmsh save sys config execution completed; response: Saving running configuration...
...snippet...
- saving ...done
2022-11-04T00:03:18.580Z [5528]: info: Initializing telemetryClient
2022-11-04T00:03:19.425Z [5528]: info: ...snippet...
2022-11-04T00:03:19.524Z [5528]: info: Sending f5-teem report
2022-11-04T00:03:19.529Z [5528]: info: All operations finished successfully
Testing the Application and WAF
The following tests will work if you deploy the BIG-IP with Layer 4-7 settings. For my demo settings, the "existing stack" does not create BIG-IP application objects nor does it create an application server. Fear not! You can still POST an AS3 declaration to the BIG-IP, or you can login manually and create a pool and listener. Check out the F5 AS3 Docs for more example declarations!
1. From your local machine, curl the demo application (value from vip1PublicIp)
curl http://35.197.57.26 -I
# Sample Output
HTTP/1.1 200 OK
...snippet...
Set-Cookie: BIGipServer~Tenant_1~Shared~Shared_Pool=xxxx; path=/; Httponly
Set-Cookie: TS01aa0884=xxxx; Path=/
2. Perform a security violation by sending a disallowed 'method' of DELETE
curl http://35.197.57.26 -sk -X DELETE
# Sample Output
<html><head><title>Request Rejected</title></head><body>The requested URL was rejected. Please consult with your administrator.<br><br>Your support ID is: 9487250596978229314<br><br><a href='javascript:history.back();'>[Go Back]</a></body></html>
Delete and Clean Up
1. Delete the deployment
gcloud deployment-manager deployments delete ${DEPLOYMENT_NAME} -q
Summary
This article shows you how to use the BIG-IP Cloud Solution Templates to easily deploy services and BIG-IP in Google Cloud. I use sample configurations in this article to deploy a BIG-IP device with an existing network stack. I then show you how to validate the deployment and review onboard logs. This Quickstart example is an easy way to have your applications protected by BIG-IP and running on Google Cloud. Make sure to check out the other examples in the GitHub repository for scenarios like active/standby or autoscale.
Resources
Article Series
- New Ways to Deploy Services in Public Cloud with v2 BIG-IP Cloud Solution Templates
- Deploy Quickstart BIG-IP with New Stack in Google Cloud using v2 Templates
- Deploy Quickstart BIG-IP with Existing Stack in Google Cloud using v2 Templates
- Deploy Failover BIG-IP Cluster with New Stack in Google Cloud using v2 Templates
- Deploy Failover BIG-IP Cluster with Existing Stack in Google Cloud using v2 Templates