The BIG-IP Public Cloud team has developed many solutions over the years to enable customers to easily deploy BIG-IP with a few steps. In the first article of this series, I discussed the differences between the v1 and v2 BIG-IP Cloud Solution Templates for public cloud. In this article, I plan to cover how-to deploy BIG-IP services into a Google Cloud new network stack.
- How-to v2 Quickstart Example: BIG-IP on Google Cloud with New Network Stack
- Clone GitHub Repository
- Modify Parameters - New Stack
- Deploy the BIG-IP - New Stack
- Validating the Deployment
- SSH to BIG-IP and Review Logs
- Testing the Application and WAF
- Delete and Clean Up
- Summary
- Resources
- Article Series
How-to v2 Quickstart Example: BIG-IP on Google Cloud with New Network Stack
The following section will be a walkthrough with steps to deploy BIG-IP in GCP using the Quickstart example with a new network stack . You can use the same techniques in order to copy the templates, modify as needed, and deploy in your environment. Make sure to review the README for prerequisites.
I will deploy BIG-IP with a new network stack in GCP. The result will be the following:
- 4x New VPCs: mgmt, external, internal, app (and related components)
- Application instance running docker, container=f5devcentral/f5-demo-app:latest
- BIG-IP instance, version=16.1.3.2
- 4x CPU, 3-NICs
- Using runtime-init-conf-3nic-payg-with-app.yaml from examples in F5 GitHub repo
- BIG-IP system, network, application, and WAF configurations
Clone GitHub Repository
1. Open a terminal (ex. Visual Studio Code) and clone the repository
git clone https://github.com/F5Networks/f5-google-gdm-templates-v2.gitModify Parameters - New Stack
1. From your terminal, set DEPLOYMENT_NAME, set CONFIG_FILE, and change folders
DEPLOYMENT_NAME="giroux-bigip-new"
CONFIG_FILE="sample_quickstart.yaml"
cd f5-google-gdm-templates-v2/examples/quickstart
git checkout tags/v2.6.0.02. Edit the file sample_quickstart.yaml
---
# sample_quickstart.yaml - BIG-IP with new stack
# Note: Commented and some Optional lines were removed from
# the yaml below. This keeps the code block small
# for easier illustration purposes.
imports:
- path: quickstart.py
- path: ../modules/application/application.py
- path: ../modules/bastion/bastion.py
- path: ../modules/bigip-standalone/bigip_standalone.py
- path: ../modules/dag/dag.py
- path: ../modules/network/network.py
resources:
- name: quickstart-py
properties:
bigIpImageName: f5-bigip-16-1-3-2-0-0-4-payg-best-plus-1gbps-220914234533
bigIpRuntimeInitConfig: >-
https://raw.githubusercontent.com/F5Networks/f5-google-gdm-templates-v2/v2.6.0.0/examples/quickstart/bigip-configurations/runtime-init-conf-3nic-payg-with-app.yaml
numNics: 3
owner: giroux
provisionPublicIp: true
region: us-west1
restrictedSrcAddressApp: [0.0.0.0/0]
restrictedSrcAddressMgmt: [0.0.0.0/0]
uniqueString: giroux123
zone: us-west1-a
type: quickstart.pyDeploy the BIG-IP - New Stack
1. From your terminal, launch the GDM template
gcloud deployment-manager deployments create ${DEPLOYMENT_NAME} --config ${CONFIG_FILE}# Sample Output
The fingerprint of the deployment is b's2KjL3L6B3NaZl_r0357sQ=='
Waiting for create [operation-1650990003719-5dd9110b30bfc-32269218-fee350de]...done.
Create operation operation-1650990003719-5dd9110b30bfc-32269218-fee350de completed successfully.
NAME TYPE STATE ERRORS INTENT
giroux123-app-int-fw compute.v1.firewall COMPLETED []
giroux123-app-subnet compute.v1.subnetwork COMPLETED []
giroux123-app-vip-fw compute.v1.firewall COMPLETED []
giroux123-application-vm-01 compute.v1.instance COMPLETED []
giroux123-bigip-vm-01-ti compute.v1.targetInstance COMPLETED []
giroux123-bigip-vm-01 compute.v1.instance COMPLETED []
giroux123-ext-network compute.v1.network COMPLETED []
giroux123-ext-subnet compute.v1.subnetwork COMPLETED []
giroux123-fr-01 compute.v1.forwardingRule COMPLETED []
giroux123-http-hc compute.v1.healthCheck COMPLETED []
giroux123-https-hc compute.v1.healthCheck COMPLETED []
giroux123-int-network-02 compute.v1.network COMPLETED []
giroux123-int-subnet-02 compute.v1.subnetwork COMPLETED []
giroux123-mgmt-fw compute.v1.firewall COMPLETED []
giroux123-mgmt-network compute.v1.network COMPLETED []
giroux123-mgmt-subnet compute.v1.subnetwork COMPLETED []
giroux123-public-ip-01 compute.v1.address COMPLETED []
giroux123-tcp-hc compute.v1.healthCheck COMPLETED []Validating the Deployment
See the "Validating the Deployment" section or the "Further Exploring" section in the Quickstart README file for more validation commands.
1. Retrieve the values for bigIpManagementPublicIp and vip1PublicIp
gcloud deployment-manager manifests describe --deployment=${DEPLOYMENT_NAME} --format="value(layout)" | yq '.resources[0].outputs[] | select(.name | contains("bigIpManagementPublicIp")).finalValue'
# Sample Output "bigIpManagementPublicIp"
35.227.161.180
gcloud deployment-manager manifests describe --deployment=${DEPLOYMENT_NAME} --format="value(layout)" | yq '.resources[0].outputs[] | select(.name | contains("vip1PublicIp")).finalValue'
# Sample Output "vip1PublicIp"
35.197.57.26SSH to BIG-IP and Review Logs
1. Access BIG-IP and enter bash mode (value from bigIpManagementPublicIp)
ssh admin@35.227.161.180 -i ~/.ssh/id_rsa
admin@(giroux123-bigip1)(Standalone)(Active)(/Common)(tmos)# bash
[admin@giroux123-bigip1:Active:Standalone] ~ #2. Review BIG-IP Runtime Init onboard logs
[admin@giroux123-bigip1:Active:Standalone] ~ # cat /var/log/cloud/bigIpRuntimeInit.log
# Sample Output
...snippet...
2022-11-04T00:03:12.178Z [5528]: info: Executing inline shell command: tmsh save sys config
2022-11-04T00:03:18.579Z [5528]: info: Shell command: tmsh save sys config execution completed; response: Saving running configuration...
...snippet...
- saving ...done
2022-11-04T00:03:18.580Z [5528]: info: Initializing telemetryClient
2022-11-04T00:03:19.425Z [5528]: info: ...snippet...
2022-11-04T00:03:19.524Z [5528]: info: Sending f5-teem report
2022-11-04T00:03:19.529Z [5528]: info: All operations finished successfullyTesting the Application and WAF
The following tests will work if you deploy the BIG-IP with Layer 4-7 settings. For my demo settings, the "new stack" creates an app server and adds a BIG-IP listener with WAF policy. You can still POST an AS3 declaration to the BIG-IP, or you can login manually and create a pool and listener. Check out the F5 AS3 Docs for more example declarations!
1. From your local machine, curl the demo application (value from vip1PublicIp)
curl http://35.197.57.26 -I# Sample Output
HTTP/1.1 200 OK
...snippet...
Set-Cookie: BIGipServer~Tenant_1~Shared~Shared_Pool=xxxx; path=/; Httponly
Set-Cookie: TS01aa0884=xxxx; Path=/2. Perform a security violation by sending a disallowed 'method' of DELETE
curl http://35.197.57.26 -sk -X DELETE# Sample Output
<html><head><title>Request Rejected</title></head><body>The requested URL was rejected. Please consult with your administrator.<br><br>Your support ID is: 9487250596978229314<br><br><a href='javascript:history.back();'>[Go Back]</a></body></html>Delete and Clean Up
1. Delete the deployment
gcloud deployment-manager deployments delete ${DEPLOYMENT_NAME} -qSummary
This article shows you how to use the BIG-IP Cloud Solution Templates to easily deploy services and BIG-IP in Google Cloud. I use sample configurations in this article to deploy a BIG-IP device with a new network stack and a demo application server. I then show you how to validate the deployment, review onboard logs, and test the application. This Quickstart example is an easy way to have your applications protected by BIG-IP and running on Google Cloud. Make sure to check out the other examples in the GitHub repository for scenarios like active/standby or autoscale.
Resources
Article Series
- New Ways to Deploy Services in Public Cloud with v2 BIG-IP Cloud Solution Templates
- Deploy Quickstart BIG-IP with New Stack in Google Cloud using v2 Templates
- Deploy Quickstart BIG-IP with Existing Stack in Google Cloud using v2 Templates
- Deploy Failover BIG-IP Cluster with New Stack in Google Cloud using v2 Templates
- Deploy Failover BIG-IP Cluster with Existing Stack in Google Cloud using v2 Templates
