cancel
Showing results for 
Search instead for 
Did you mean: 
Robert_Haynes
F5 Employee
F5 Employee

Introduction

In my ongoing attempts to both help our customers, and potential customers understand and test all the cool things you can do with a BIG-IP, I thought it was time we built a simple and easy to deploy demo environment.

The aim is to help you create a sandbox with some application servers, a BIG-IP, and some test tools, along with some examples and guidance on how to explore the more advanced traffic management and security services like blue-green deployments and bot detection.

There are plenty of more advanced deployment scenarios and production-ready deployment examples, but this is supposed to be simple deployment that can be run in a limited number of places, and is all about the application services, not about the plumbing.

This guide will take you through some of the very basics of the tools we will be using as we build the lab. If you’re familiar with building cloud infrastructure templates, tools to launch and monitor cloud configs and infrastructure-as-code, then you will probably want to wait for the later parts of this series, because ware starting very simply


So, what are we going to need?

  • Some simple applications
  • A BIG-IP
  • Somewhere to run and manage tests
  • Some documentation


I’m aiming to build an environment that looks a bit like this:



0151T000003dEGGQA2.png

The most obvious thing to build is some kind of Cloud Infrastructure-as-a-Service (Iaas) infrastructure as Code (IaC) template solution and the most obvious place to pilot that is AWS as it’s the most-used cloud IaaS platform with a mature IaC system: CloudFormation.

AWS CloudFormation lets you build and configure a Virtual Private Cloud and populate it with networking and compute infrastructure, all based on a (relatively) simple YAML or JSON file called a Cloud Formation Template (CFT). SDK’s and CLI tools for things like PowerShell and Linux make launching, monitoring and deleting ‘stacks’ created with CFTs fast and mainly intuitive. Deleting a stack deletes all the resources created by it – which is really handy since there is going to be a lot of trial and even more error during the development of this lab.

What tools am I going to use?

  • A text editor – personally I like SublimeText – but whatever floats your boat.
  • The AWS tools for PowerShell – while from a server perspective I’m Unix/Linux all the way, purely due to familiarity, like many, my workstation is Windows and I really want to be able to develop and test the CFT’s without added complexity. Despite a sub-101 knowledge of PowerShell, it’s turning out to be easy to use.
  • An AWS account. Obviously.
  • The F5 CloudFormation Templates collection - these large, full featured, and supported templates will serve as a useful guide to building our simplified, more comprehensible template.
  • Google, just so much google to find out what I’ve done wrong, and to hunt for clues to get it right. 


Prerequisites


  • An AWS account and IAM user – take a look at my recent article for more information on that.
  • Install the AWS CLI tools for PowerShell – you *may* run into PowerShell Constrained Language Mode issues depending on your IT policy, so it might be worth testing you language mode early by using the PS C:\> $ExecutionContext.SessionState.LanguageMode command – you want to be getting FullLanguage as the response. If you are in constrained language mode then you should talk nicely to your IT security team to get that addressed.
  •  Next, configure credentials for your IAM user within PowerShell


Getting to “hello world”

Test your PowerShell Setup:



PS C:\> Get-EC2ImageByName
WINDOWS_2016_BASE
WINDOWS_2016_NANO
WINDOWS_2016_CORE
WINDOWS_2016_CONTAINER

….

Create an S3 Bucket to keep your CFT’s in


PS C:\> New-S3Bucket -BucketName f5cft101 -Region us-west-1
CreationDate          BucketName
------------          ----------
5/3/2019 9:08:15 PM   f5cft101


Deploying infrastructure with CFT – a ‘Hello World’ CFT deployment

So first let’s make the world’s simplest CFT:



Resources:
HelloBucket:
Type: AWS::S3::Bucket


We now need to get it into our S3 bucket – use whatever you feel like but I’ve been using a PowerShell command that looks like this:



PS C:\> Write-S3Object -BucketName as3bkt -File .\HelloWorld.templ


Now we can launch a stack based on our template:



PS C:\>New-CFNStack -StackName HelloWorld -TemplateURL https://s3-us-west-1.amazonaws.com/as3bkt/HelloWorld.tmpl
arn:aws:cloudformation:us-west-1:512883148924:stack/HelloWorld/b838b5d0-736b-11e9-b7af-500cf8ee6099


Calling Get-CFNStack shows:


StackName                                CreationTime         LastUpdatedTime     Capabilities                                  StackStatus      DisableRollback
---------                                ------------         ---------------     ------------                                  -----------      ---------------
HelloWorld                               5/10/2019 2:36:50 PM 1/1/0001 12:00:00 AM {}                                            CREATE_COMPLETE  False


Check we have actually created the bucket from the CloudFormation template:

 PS C:\> Get-S3Bucket | findstr -i hellobucket

5/10/2019 2:36:56 PM  helloworld-hellobucket-apbufnqznzo3


And then delete the bucket by deleting the stack:

 Remove-CFNStack -StackName HelloWorld –force


And confirm that Get-S3Bucket | findstr -i hellobucket shows that our bucket is gone


Building the Base VPC infrastructure:


The Resources Section of the CFT is where all our components are defined. We’ll start with the VPC, Intnernet gateway, subnet and other networking infrastructure:


AWSTemplateFormatVersion: 2010-09-09
# This CloudFormation template deploys a basic F5 Demo Environment in a VPC
# It is not production ready and is intended for test use only
# No warraty explicit or implied is granted
#   
# Plumbing
#
Resources:
  VPC:
    Type: AWS::EC2::VPC
    Properties:
      CidrBlock: 10.1.0.0/16
      EnableDnsSupport: true
      EnableDnsHostnames: true
      Tags:
      - Key: Name
        Value: !Join ['', [!Ref "AWS::StackName", "-VPC" ]]
  # Our VPC will need internet access:    
  InternetGateway:
    Type: AWS::EC2::InternetGateway
    DependsOn: VPC
    Properties:
      Tags:
      - Key: Name
        Value: !Join ['', [!Ref "AWS::StackName", "-IGW" ]]
  AttachGateway:
    Type: AWS::EC2::VPCGatewayAttachment
    Properties:
      VpcId: !Ref VPC
      InternetGatewayId: !Ref InternetGateway
  PublicSubnet:
    Type: AWS::EC2::Subnet
    Properties:
      VpcId: !Ref VPC
      CidrBlock: 10.1.10.0/24
      AvailabilityZone: !Select [ 0, !GetAZs ]   # Get the first AZ in the list      
      Tags:
      - Key: Name
        Value: !Sub ${AWS::StackName}-Public-SN
  # Route table for subnet:
  PublicRouteTable:
    Type: AWS::EC2::RouteTable
    Properties:
      VpcId: !Ref VPC
      Tags:
      - Key: Name
        Value: !Sub ${AWS::StackName}-Public-RT
  PublicRoute1:  # Public route table has direct routing to IGW:
    Type: AWS::EC2::Route
    DependsOn: AttachGateway
    Properties:
      RouteTableId: !Ref PublicRouteTable
      DestinationCidrBlock: 0.0.0.0/0
      GatewayId: !Ref InternetGateway 
  # A NAT Gateway:
  NATGateway:
    Type: AWS::EC2::NatGateway
    Properties:
      AllocationId: !GetAtt NgElasticIPAddress.AllocationId
      SubnetId: !Ref PublicSubnet
      Tags:
      - Key: Name
        Value: !Sub NAT-${AWS::StackName}
  NgElasticIPAddress:
    Type: AWS::EC2::EIP
    Properties:
      Domain: VPC
  UsElasticIPAddress:
    Type: AWS::EC2::EIP
    Properties:
      Domain: VPC
  # Associate A the public Subnet with the Route Table
  PublicSubnetARouteTableAssociation:
    Type: AWS::EC2::SubnetRouteTableAssociation
    Properties:
      SubnetId: !Ref PublicSubnet
      RouteTableId: !Ref PublicRouteTable


Most of the entries are pretty self-explanatory – but notice the !<command> entries that perform some functions in cloud formation. These are known as Intrinsic Functions and we’ll be using them frequently to make our CFT do ‘stuff’. Notice also there are some Pseudo Parameters like AWS::StackName that are predefined by AWS CloudFormation.


Adding this to our S3 bucket would look something like this:


 New-CFNStack -StackName justPlumbing -TemplateURL https://<your bucket>JustPlumbing.tmpl

Running the CFT


PS C:\ New-CFNStack -StackName justPlumbing -TemplateURL https://s3-us-west-1.amazonaws.com/as3bkt/JustPlumbing.tmpl


Checking the status should (eventually) show us that our stack is created:


PS C:\ Get-CFNStack
StackName                                CreationTime         LastUpdatedTime     Capabilities                                  StackStatus      DisableRollback
---------                                ------------         ---------------     ------------                                  -----------      ---------------
justPlumbing                             5/14/2019 9:29:11 AM 1/1/0001 12:00:00 AM {}                                            CREATE_COMPLETE  False


So there we have a basic empty VPC with a subnet, routing and a gateway.


In part II, we will install some servers, provision them with Docker and then download and run some containers.


Version history
Last update:
‎28-Jun-2019 15:02
Updated by:
Contributors