on 13-Feb-2018 03:00
BIG-IP v13.1.0.2 introduced support for injecting configuration options into a BIG-IP Virtual Edition (VE) at deployment time. This functionality allows you to specify the management IP, management gateway, and non-default credentials. As a result, you can now perform completely automated deployments of VE in a VMware environment.
Previously, it was not possible to specify the management addressing and root / admin credentials at the time of VE deployment in a VMware environment. This might seem like a small issue, except that some production environments do not offer DHCP leases on their management networks. The prior options for securing a VE at deployment went a bit like this:
In addition, you could not inject non-default credentials for the root / admin users at the time of instantiation. Secure production environments probably used the virtual console or redeployment options.
We have an ongoing project, dare I say driving mission, to perfect our automated deployment options. The goal is to allow for complete automation of the deployment of VE on any of our supported hypervisors. Our approach to improving the VMware deployment process involves open-vm-tools and the handling of custom guest properties within the deployed image. The result is that there are now four properties that can be injected into an OVA / OVF at the time of deployment.
Property | Example | Purpose |
---|---|---|
"net.mgmt.addr" | 10.245.1.11/24 | IPv4 / IPv6 address and netmask of the BIG-IP's management interface. |
"net.mgmt.gw" | 10.245.1.254 | IPv4 / IPv6 address of the management network gateway. |
"user.root.pwd" | Potatoes.1 | Plain text password, or optional SHA-512 hash, for the root account. |
"user.admin.pwd" | Potatoes.1 | Plain text password, or optional SHA-512 hash, for the admin account. |
An important point of order: these empty properties must be injected into the OVA in order to be populated. The default OVA that you download from our public repository does not contain these properties. The empty properties are not in the published image due to ESXi compatibility issues. That said, adding the empty properties to the OVA is quite simple.
The list of tasks:
cot edit-properties source-filename.ova -p net.mgmt.addr=""+string -p net.mgmt.gw=""+string -p user.root.pwd=""+string -p user.admin.pwd=""+string -u -o destination-filename.ova
ovftool \ --sourceType=OVA \ --acceptAllEulas \ --noSSLVerify \ --skipManifestCheck \ --X:logToConsole \ --datastore='my_datastore' \ --name='my_vm_name' \ --vmFolder='my_vm_folder' \ --deploymentOption='(any of the pre-define options in the OVA, such as "dualcpu")' \ --net:'Internal=your_internal_network' \ --net:'External=your_external_network' \ --net:'HA=your_ha_network' \ --net:'Management=your_management_network' \ --X:injectOvfEnv \ --prop:net.mgmt.addr="" \ --prop:net.mgmt.gw="" \ --prop:user.root.pwd="" \ --prop:user.admin.pwd="" \ \ "vi://(your user@domain):(your password)@(your vcenter host)/(your DC)/host/(your cluster)"
The next article of this series will describe a simple Ansible playbook for automating this process, and deploying the VE without any personal involvement. It can be found here.