16-May-2022 09:00 - edited 03-Nov-2022 17:45
The BIG-IP Public Cloud team has developed many solutions over the years to enable customers to easily deploy BIG-IP with a few steps. In the first article of this series, I discussed the differences between the v1 and v2 BIG-IP Cloud Solution Templates for public cloud. In this article, I plan to cover how-to deploy BIG-IP services into a Google Cloud new network stack.
The following section will be a walkthrough with steps to deploy BIG-IP in GCP using the Quickstart example with a new network stack . You can use the same techniques in order to copy the templates, modify as needed, and deploy in your environment. Make sure to review the README for prerequisites.
I will deploy BIG-IP with a new network stack in GCP. The result will be the following:
1. Open a terminal (ex. Visual Studio Code) and clone the repository
git clone https://github.com/F5Networks/f5-google-gdm-templates-v2.git
1. From your terminal, set DEPLOYMENT_NAME, set CONFIG_FILE, and change folders
DEPLOYMENT_NAME="giroux-bigip-new"
CONFIG_FILE="sample_quickstart.yaml"
cd f5-google-gdm-templates-v2/examples/quickstart
git checkout tags/v2.6.0.0
2. Edit the file sample_quickstart.yaml
---
# sample_quickstart.yaml - BIG-IP with new stack
# Note: Commented and some Optional lines were removed from
# the yaml below. This keeps the code block small
# for easier illustration purposes.
imports:
- path: quickstart.py
- path: ../modules/application/application.py
- path: ../modules/bastion/bastion.py
- path: ../modules/bigip-standalone/bigip_standalone.py
- path: ../modules/dag/dag.py
- path: ../modules/network/network.py
resources:
- name: quickstart-py
properties:
bigIpImageName: f5-bigip-16-1-3-2-0-0-4-payg-best-plus-1gbps-220914234533
bigIpRuntimeInitConfig: >-
https://raw.githubusercontent.com/F5Networks/f5-google-gdm-templates-v2/v2.6.0.0/examples/quickstart/bigip-configurations/runtime-init-conf-3nic-payg-with-app.yaml
numNics: 3
owner: giroux
provisionPublicIp: true
region: us-west1
restrictedSrcAddressApp: [0.0.0.0/0]
restrictedSrcAddressMgmt: [0.0.0.0/0]
uniqueString: giroux123
zone: us-west1-a
type: quickstart.py
1. From your terminal, launch the GDM template
gcloud deployment-manager deployments create ${DEPLOYMENT_NAME} --config ${CONFIG_FILE}
# Sample Output
The fingerprint of the deployment is b's2KjL3L6B3NaZl_r0357sQ=='
Waiting for create [operation-1650990003719-5dd9110b30bfc-32269218-fee350de]...done.
Create operation operation-1650990003719-5dd9110b30bfc-32269218-fee350de completed successfully.
NAME TYPE STATE ERRORS INTENT
giroux123-app-int-fw compute.v1.firewall COMPLETED []
giroux123-app-subnet compute.v1.subnetwork COMPLETED []
giroux123-app-vip-fw compute.v1.firewall COMPLETED []
giroux123-application-vm-01 compute.v1.instance COMPLETED []
giroux123-bigip-vm-01-ti compute.v1.targetInstance COMPLETED []
giroux123-bigip-vm-01 compute.v1.instance COMPLETED []
giroux123-ext-network compute.v1.network COMPLETED []
giroux123-ext-subnet compute.v1.subnetwork COMPLETED []
giroux123-fr-01 compute.v1.forwardingRule COMPLETED []
giroux123-http-hc compute.v1.healthCheck COMPLETED []
giroux123-https-hc compute.v1.healthCheck COMPLETED []
giroux123-int-network-02 compute.v1.network COMPLETED []
giroux123-int-subnet-02 compute.v1.subnetwork COMPLETED []
giroux123-mgmt-fw compute.v1.firewall COMPLETED []
giroux123-mgmt-network compute.v1.network COMPLETED []
giroux123-mgmt-subnet compute.v1.subnetwork COMPLETED []
giroux123-public-ip-01 compute.v1.address COMPLETED []
giroux123-tcp-hc compute.v1.healthCheck COMPLETED []
See the "Validating the Deployment" section or the "Further Exploring" section in the Quickstart README file for more validation commands.
1. Retrieve the values for bigIpManagementPublicIp and vip1PublicIp
gcloud deployment-manager manifests describe --deployment=${DEPLOYMENT_NAME} --format="value(layout)" | yq '.resources[0].outputs[] | select(.name | contains("bigIpManagementPublicIp")).finalValue'
# Sample Output "bigIpManagementPublicIp"
35.227.161.180
gcloud deployment-manager manifests describe --deployment=${DEPLOYMENT_NAME} --format="value(layout)" | yq '.resources[0].outputs[] | select(.name | contains("vip1PublicIp")).finalValue'
# Sample Output "vip1PublicIp"
35.197.57.26
1. Access BIG-IP and enter bash mode (value from bigIpManagementPublicIp)
ssh admin@35.227.161.180 -i ~/.ssh/id_rsa
admin@(giroux123-bigip1)(Standalone)(Active)(/Common)(tmos)# bash
[admin@giroux123-bigip1:Active:Standalone] ~ #
2. Review BIG-IP Runtime Init onboard logs
[admin@giroux123-bigip1:Active:Standalone] ~ # cat /var/log/cloud/bigIpRuntimeInit.log
# Sample Output
...snippet...
2022-11-04T00:03:12.178Z [5528]: info: Executing inline shell command: tmsh save sys config
2022-11-04T00:03:18.579Z [5528]: info: Shell command: tmsh save sys config execution completed; response: Saving running configuration...
...snippet...
- saving ...done
2022-11-04T00:03:18.580Z [5528]: info: Initializing telemetryClient
2022-11-04T00:03:19.425Z [5528]: info: ...snippet...
2022-11-04T00:03:19.524Z [5528]: info: Sending f5-teem report
2022-11-04T00:03:19.529Z [5528]: info: All operations finished successfully
The following tests will work if you deploy the BIG-IP with Layer 4-7 settings. For my demo settings, the "new stack" creates an app server and adds a BIG-IP listener with WAF policy. You can still POST an AS3 declaration to the BIG-IP, or you can login manually and create a pool and listener. Check out the F5 AS3 Docs for more example declarations!
1. From your local machine, curl the demo application (value from vip1PublicIp)
curl http://35.197.57.26 -I
# Sample Output
HTTP/1.1 200 OK
...snippet...
Set-Cookie: BIGipServer~Tenant_1~Shared~Shared_Pool=xxxx; path=/; Httponly
Set-Cookie: TS01aa0884=xxxx; Path=/
2. Perform a security violation by sending a disallowed 'method' of DELETE
curl http://35.197.57.26 -sk -X DELETE
# Sample Output
<html><head><title>Request Rejected</title></head><body>The requested URL was rejected. Please consult with your administrator.<br><br>Your support ID is: 9487250596978229314<br><br><a href='javascript:history.back();'>[Go Back]</a></body></html>
1. Delete the deployment
gcloud deployment-manager deployments delete ${DEPLOYMENT_NAME} -q
This article shows you how to use the BIG-IP Cloud Solution Templates to easily deploy services and BIG-IP in Google Cloud. I use sample configurations in this article to deploy a BIG-IP device with a new network stack and a demo application server. I then show you how to validate the deployment, review onboard logs, and test the application. This Quickstart example is an easy way to have your applications protected by BIG-IP and running on Google Cloud. Make sure to check out the other examples in the GitHub repository for scenarios like active/standby or autoscale.