on 09-Jun-2021 08:01
IT Industry research, such as Accelerate, shows improving a company's ability to deliver software is critical to their overall success. The following key practices and design principles are cornerstones to that improvement.
F5 has published Terraform modules on GitHub.com to help customers adopt deployment automation practices, focused on streamlining instantiation of BIG-IPs on AWS, Azure, and Google. Using these modules allows F5 customers to leverage their embedded knowledge and expertise.
Not all customer Terraform automation hosts running the CLI or enterprise products are able to access public internet resources like GitHub.com and the Terraform Registry. The following steps describe how to create and maintain a private air-gapped copy of F5's modules for these secured customer environments.
This example uses a personal GitHub account as an analog for air-gapped targets. So, we can't use the fork feature of github.com to create the copy.
For this approach, we're assuming a workstation that has access to both the source repository host and the target repository host. So, not truly fully air-gapped. We'll show a workflow using git bundle
in the future.
export MODULEGITHUBURL="git@github.com:f5devcentral/terraform-aws-bigip-module.git"
Note: The air-gapped repository is still empty at this point.
Note: The example is using github.com, your real-world use will be using your internal git host
export MODULEAIRGAPURL="git@github.com:myteamsaccount/localmodulerepo.git"
git clone $MODULEGITHUBURL
Again, we're using F5's AWS module as an example. We're using the remote url exported as MODULEAIRGAPURL
to create the additional git repository remote.
cd terraform-aws-bigip-module git remote add airgap $MODULEAIRGAPURL
Note: In the example below we're pushing the main
branch. In some older repositories, the primary repository branch may still be named master
.
Note: Pushing the tags into the airgap repository is critical to version management of the modules.
# get the latest from the origin repository git fetch origin # push any changes to the airgap repository git push airgap main # push all repository tags to the airgap repository git push --tags airgap
This lists all of the tags available in the repository.
git tag
e.g.
0.9.2 v0.9 v0.9.1 v0.9.3 v0.9.4 v0.9.5
At this point, your organization should perform any acceptance testing of the new tags prior to using them in production environments.
git::
followed by the remote URL of the airgap repository, followed by ?ref=
, finally followed by the tag identified in the previous step.Note: We are referencing the airgap repository, NOT the origin repository.
Note: It is highly recommended to include the version reference in the URL. If the reference is not included in the URL, the latest commit to the default branch will be used at apply time. This means that the results of an apply will be non-deterministic, causing unexpected results, possibly service disruptions.
module "bigip" { source = "git::https://github.com/myteamsaccount/localmodulerepo.git?ref=v0.9.3" ... }
Check out Terraform for more detailed configuration requirements
Source reference in Terraform module using a private Terraform registry
If you have an instance of Terraform Enterprise it's possible to connect the private git repository created above to the [private module registry(https://www.terraform.io/docs/enterprise/admin/module-sharing.html)] available in Terraform Enterprise.
module "bigip" { source = "privateregistry/modulereference" version = "v0.9.3" ... }
# get the latest from the origin repository git fetch origin # push any changes to the airgap repository git push airgap main # push all repository tags to the airgap repository git push --tags airgap
Installing and running iControl extensions in isolated GCP VPCs