Help
Technical Articles
F5 SMEs share good practice.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Technical Forum Quicklinks: No Replies | Active-Not Solved | Recent Solutions

Automating SSL Orchestrator in AWS with the help of Ansible and Terraform

KevinGallaugher
F5 Employee
F5 Employee

‎11-Jan-2023 05:00 - edited ‎02-Feb-2023 13:44

Overview

Learn how to automate the deployment of SSL Orchestrator in Amazon Web Services.  

This article is based on the automation templates available here:

https://github.com/f5devcentral/sslo-cloud-templates

This will deploy SSL Orchestrator with an L3 Inbound Topology and two L3 Services in a Service Chain.

Follow the instructions here: lab-instructions-aws.md

A demo video of this article is available HERE

Steps Performed:

  • Install the Container Environment
  • Clone the Repository
  • Subscribe to EC2 Instances
  • Export your AWS Credentials
  • Copy the Terraform variables file and update the values         
  • Deploy the Terraform configuration
  • Build the SSL Orchestrator Topology using Ansible
  • Deploy the Ansible Configuration
  • Check the results

Launch the development container environment

Screen Shot 2022-12-30 at 8.40.51 AM.png

Restart the container and attach to the console:

Screen Shot 2022-12-30 at 8.42.48 AM.png

Clone the Repository

Screen Shot 2022-12-30 at 8.46.36 AM.png

Subscribe to EC2 Instances

From a web browser client - subscribe to the following EC2 instances:

Export your AWS Credentials

From inside your development environment - export the AWS credentials

  • export AWS_ACCESS_KEY_ID="your-aws-access-key-id"
  • export AWS_SECRET_ACCESS_KEY="your-aws-secret-access-key"
  • export AWS_SESSION_TOKEN="your-aws-session-token"

Copy the Terraform variables file and update the values

From the terraform-aws-sslo folder - Copy the included terraform.tfvars.example file to terraform.tfvars and update the values

Screen Shot 2022-12-30 at 9.07.48 AM.png

It should look like this:

Screen Shot 2022-12-30 at 10.22.59 AM.png

Deploy the Terraform Configuration

From inside your development environment - deploy the Terraform configuration

  • terraform init
  • terraform validate
  • terraform plan
  • terraform apply -auto-approve

Build the SSL Orchestrator Topology using Ansible

  • cd ansible
  • ansible-galaxy collection install f5networks.f5_modules f5networks.f5_bigip -f

Screen Shot 2022-12-30 at 9.41.43 AM.png

Deploy the Ansible Configuration

Deploy an Ansible config using the variables file that was created by the accompanying Terraform. This will create an inbound layer 3 SSL Orchestrator topology. From the 'ansible' folder:

cp ../terraform-aws-sslo/ansible_vars.yaml . ansible-playbook -e @ansible_vars.yaml playbooks/config-sslo-inbound-l3-complete.yaml

Check the Results

Login to the BIG-IP GUI and verify SSL Orchestrator has been configured and deployed

Screen Shot 2022-12-30 at 10.15.02 AM.png

Conclusion

You're done!  These templates and configuration files can be cusomized by you and re-used for future SSL Orchestrator deployments in AWS.

Labels:
Version history
Last update:
‎02-Feb-2023 13:44
Updated by:
F5 Employee
Contributors
Copyright © 2023 Khoros, LLC