Manage F5 BIG-IP FAST with Terraform (Intro)
In this article, i will present a suite of use cases using the F5 BIG-IP Application Services Templates (FAST) Terraform resources introduced on the F5 BIG-IP Terraform Provider on version 1.16.
- Introduction
- Requirements
- Best Practices
- Description
- What is Terraform?
- F5 BIG-IP Application Service Templates
- F5 BIG-IP Application Service Templates resources
- Resources
- Article Series
Introduction
Requirements
- It requires F5 BIG-IP FAST latest version (1.22) because we use the F5 BIG-IP Application Service Templates.
- Terraform version +0.11 (see minimal requirements)
- F5 BIG-IP AS3 installed on F5 BIG-IP device F5 BIG-IP AS3
- F5 BIG-IP FAST installed on F5 BIG-IP device F5 BIG-IP FAST
Best Practices
Increasing the memory allocation for AS3 and increasing the timeout for REST API is recommended F5 BIG-IP AS3 Best Practices You can apply the following steps and/or adapt it to your environment:- tmsh modify sys db provision.extramb value 512
- tmsh modify sys db restjavad.useextramb value true
- tmsh save sys config
- tmsh modify sys db icrd.timeout value 180
- tmsh modify sys db restjavad.timeout value 180
- tmsh modify sys db restnoded.timeout value 180
- tmsh modify sys db icrd.timeout value 180
- tmsh save sys config
- tmsh restart sys service restjavad
- tmsh restart sys service restnoded
Description
The current version is 1.16 and it gives the capability to :- Create an UDP application
- Create a TCP application
- Create a HTTP application
- Create a HTTPS application
- Create multiple applications in the same tenant
- Create an application using existing items on F5 BIG-IP device
- Manage multiple AWAF policies and pools based on HTTP criteria
- Manage Canary testing of AWAF policies
What is Terraform?
“HashiCorp Terraform is an infrastructure as code tool that lets you define both cloud and on-prem resources in human-readable configuration files that you can version, reuse, and share. You can then use a consistent workflow to provision and manage all of your infrastructure throughout its lifecycle. »
https://www.terraform.io/intro
"… but wait! Terraform is not a Configuration Management tool. I should use Ansible for that!”
True.
Terraform is not a config management tool and I would say: “use whatever you feel comfortable and happy working with”… but keep also that in mind:
- We keep a record of the state created in the past and can easily track security changes who did what and when.
- If your underlying infrastructure is Public Cloud, you may already use Terraform for any other cloud services. You may want to reduce automation tool sprawl, to keep a consistent end-to-end state and reduce the learning and adoption curves.
F5 BIG-IP Application Service Templates
F5 BIG-IP Application Services Templates (FAST) provides a way to streamline deployment of applications on F5 BIG-IP using templatized AS3 declarations. FAST enables users to deploy templated AS3-based configurations via a declarative API (with AS3 as the first use-case), as well as via a self-generated forms-based GUI.
The FAST Extension provides a toolset for templating and managing AS3 Applications on BIG-IP.
FAST is:
- A flexible and powerful templating system
- An effective way to deploy applications on the BIG-IP system using AS3
- Seamless integration and insertion into CI/CD pipelines
The documentation of F5 BIG-IP Application Services Templates (FAST) is located here.
F5 BIG-IP Application Service Templates resources
The F5 BIG-IP Terraform resources leverage our F5 BIG-IP Application Service Templates.
- The bigip_fast_udp_app resource will create and manage FAST UDP applications on BIG-IP from provided JSON declaration.
- The bigip_fast_tcp_app resource will create and manage FAST TCP applications on BIG-IP from provided JSON declaration.
- The bigip_fast_http_app resource will create and manage FAST HTTP applications on BIG-IP.
- the bigip_fast_https_app resource will create and manage FAST HTTPS applications on BIG-IP.
F5 BIG-IP Application Service Templates resources allows to create a new item in the virtual server configuration like a pool or a monitor but also to reuse existing items.
Here an example of bigip_fast_https_app resources:
resource "bigip_fast_https_app" "this" {
application = "myApp4"
tenant = "scenario4"
virtual_server {
ip = "10.1.10.224"
port = 443
}
tls_server_profile {
tls_cert_name = "/Common/app4.crt"
tls_key_name = "/Common/app4.key"
}
pool_members {
addresses = ["10.1.10.120", "10.1.10.121", "10.1.10.122"]
port = 80
}
snat_pool_address = ["10.1.10.50", "10.1.10.51", "10.1.10.52"]
load_balancing_mode = "least-connections-member"
monitor {
send_string = "GET / HTTP/1.1\\r\\nHost: example.com\\r\\nConnection: Close\\r\\n\\r\\n"
response = "200 OK"
}
depends_on = [bigip_ssl_certificate.app4crt, bigip_ssl_key.app4key]
}
Resources
Terraform Registry documentation
Article Series
Manage F5 BIG-IP FAST with Terraform (Intro)
Nice!