Help
Technical Articles
F5 SMEs share good practice.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Technical Forum Quicklinks: No Replies | Active-Not Solved | Recent Solutions
Custom Alert Banner

F5 AppWorld 2024 session proposal deadline extended to Friday, December 8th!

Automating SSL Orchestrator in AWS with the help of Ansible and Terraform

KevinGallaugher
F5 Employee
F5 Employee

‎11-Jan-2023 05:00 - edited ‎21-Nov-2023 11:47

Overview

Learn how to automate the deployment of SSL Orchestrator in Amazon Web Services.  

This article is based on the automation templates available here:

https://github.com/f5devcentral/sslo-cloud-templates

This will deploy SSL Orchestrator with an L3 Inbound Topology and two L3 Services in a Service Chain.

Follow the instructions here: lab-instructions-aws.md

A demo video of this article is available HERE

Steps Performed:

  • Install the Container Environment
  • Clone the Repository
  • Subscribe to EC2 Instances
  • Export your AWS Credentials
  • Copy the Terraform variables file and update the values         
  • Deploy the Terraform configuration
  • Build the SSL Orchestrator Topology using Ansible
  • Deploy the Ansible Configuration
  • Check the results

Launch the development container environment

Screen Shot 2022-12-30 at 8.40.51 AM.png

Restart the container and attach to the console:

Screen Shot 2022-12-30 at 8.42.48 AM.png

Clone the Repository

Screen Shot 2022-12-30 at 8.46.36 AM.png

Subscribe to EC2 Instances

From a web browser client - subscribe to the following EC2 instances:

Export your AWS Credentials

From inside your development environment - export the AWS credentials

  • export AWS_ACCESS_KEY_ID="your-aws-access-key-id"
  • export AWS_SECRET_ACCESS_KEY="your-aws-secret-access-key"
  • export AWS_SESSION_TOKEN="your-aws-session-token"

Copy the Terraform variables file and update the values

From the terraform-aws-sslo folder - Copy the included terraform.tfvars.example file to terraform.tfvars and update the values

Screen Shot 2022-12-30 at 9.07.48 AM.png

It should look like this:

Screen Shot 2022-12-30 at 10.22.59 AM.png

Deploy the Terraform Configuration

From inside your development environment - deploy the Terraform configuration

  • terraform init
  • terraform validate
  • terraform plan
  • terraform apply -auto-approve

Build the SSL Orchestrator Topology using Ansible

Edit the ansible.cfg file and add the two lines at the bottom:

[defaults]
host_key_checking	  = False
retry_files_enabled = False
inventory           = ./inventory/hosts
library             = ./library
roles_path          = ./roles
collections_paths   = ./collection
[galaxy]
server = https://old-galaxy.ansible.com
  • cd ansible
  • ansible-galaxy collection install f5networks.f5_modules f5networks.f5_bigip -f

Screen Shot 2022-12-30 at 9.41.43 AM.png

Deploy the Ansible Configuration

Deploy an Ansible config using the variables file that was created by the accompanying Terraform. This will create an inbound layer 3 SSL Orchestrator topology. From the 'ansible' folder:

cp ../terraform-aws-sslo/ansible_vars.yaml . ansible-playbook -e @ansible_vars.yaml playbooks/config-sslo-inbound-l3-complete.yaml

Check the Results

Login to the BIG-IP GUI and verify SSL Orchestrator has been configured and deployed

Screen Shot 2022-12-30 at 10.15.02 AM.png

Conclusion

You're done!  These templates and configuration files can be cusomized by you and re-used for future SSL Orchestrator deployments in AWS.

Labels:
Version history
Last update:
‎21-Nov-2023 11:47
Updated by:
F5 Employee
Contributors
Copyright © 2023 Khoros, LLC