Checksums for F5 Supported Cloud templates on GitHub
Problem this snippet solves: Checksums for F5 supported cloud templates F5 Networks provides checksums for all of our supported Amazon Web Services CloudFormation, Microsoft Azure ARM, Google Deployment Manager, and OpenStack Heat Orchestration templates. See the README files on GitHub for information on individual templates. You can find the templates in the appropriate supported directory on GitHub: Amazon CloudFormation templates: https://github.com/F5Networks/f5-aws-cloudformation/tree/master/supported Microsoft ARM Templates: https://github.com/F5Networks/f5-azure-arm-templates/tree/master/supported Google Templates: https://github.com/F5Networks/f5-google-gdm-templates VMware vCenter Templates: https://github.com/F5Networks/f5-vmware-vcenter-templates OpenStack Heat Orchestration Templates: https://github.com/F5Networks/f5-openstack-hot F5 Ansible Modules: http://docs.ansible.com/ansible/latest/list_of_network_modules.html#f5 Because this page was getting much too long to host all the checksums for all Cloud platforms, we now have individual pages for the checksums: Amazon AWS checksums Microsoft Azure checksums Google Cloud checksums VMware vCenter checksums OpenStack Heat Orchestration checksums F5 Ansible Module checksums Code : You can get a checksum for a particular template by running one of the following commands depending on your operating system: * **Linux**: `sha512sum ` * **Windows using CertUtil**: `CertUtil –hashfile SHA512`AWS S3 Proxy: JavaScript iRuleLX
Problem this snippet solves: Create a secure proxy to AWS S3 via iRule/IRuleLX Related Article: Creating a Secure AWS S3 Proxy with F5 iRulesLX How to use this snippet: Install iRule via iRulesLX Workspace Create iRulesLX plugin Create AWS role or IAM credentials Create FQDN pool to AWS S3 Create Virtual Server Enable OneConnect and WebAcceleration profiles Assign iRule to Virtual Server Code : var f5 = require('f5-nodejs'); var ilx = new f5.ILXServer(); var url = require('url'); var URI = require('urijs'); var AWS = require('aws-sdk'); // optionally use config.json with stored credentials or assign Role when running in AWS //AWS.config.loadFromPath('./config.json'); var s3 = new AWS.S3(); ilx.addMethod('aws_s3_rpc_add_creds', function(req, res) { var path = req.params()[0]; var params = {Bucket:"secure-bucket", Key: path }; var signed_url = s3.getSignedUrl('getObject',params); var parsedUrl = new URI(signed_url); var q = parsedUrl.search(true); var expires = parseInt(q['Expires']); var expire_after = Math.round(expires - (new Date() / 1000)); res.reply([parsedUrl.query(),expires, expire_after]); }); ilx.listen(); Tested this on version: 13.0IPSec Tunnel Endpoint iApp
Problem this snippet solves: This iAPP template creates a complete configuration for establishing an IPSec tunnel between a Windows Azure virtual network and your F5 protected corporate network. Additionally, this iApp may be utilized for establishing site-2-site VPN between any compatible IPSec device. The BIG-IP supports both policy and route-based VPNs. Contributed by: Gregory Coward, Solution Architect Code : 75380 Tested this on version: 12.0AWS S3 Proxy: TCL iRule
Problem this snippet solves: Create a secure proxy to AWS S3 via iRule/IRuleLX Related Article: Creating a Secure AWS S3 Proxy with F5 iRulesLX How to use this snippet: Install iRule via iRulesLX Workspace Create iRulesLX plugin Create AWS role or IAM credentials Create FQDN pool to AWS S3 Create Virtual Server Enable OneConnect and WebAcceleration profiles Assign iRule to Virtual Server Code : when HTTP_REQUEST { set orig_path [string trimleft [HTTP::path] "/"] set key "s3:$orig_path" set data [table lookup -notouch $key] if { $data eq "" } { set RPC_HANDLE [ILX::init aws_s3_rpc_plugin aws_s3_rpc_ext] set rpc_response [ILX::call $RPC_HANDLE aws_s3_rpc_add_creds $orig_path] set qs [ lindex $rpc_response 0] set expires [lindex $rpc_response 1] set time_to_expires [lindex $rpc_response 2] # save value in cache table set $key $qs $time_to_expires $time_to_expires } else { # use cached value set qs $data } } when HTTP_REQUEST_SEND { clientside { HTTP::header replace Host "secure-bucket.s3.amazonaws.com" # specify bucket HTTP::uri "/$orig_path?$qs" #log local0. "https://secure-bucket.s3.amazonaws.com[HTTP::uri]" } } when HTTP_RESPONSE { # remove identifying data HTTP::header remove "Server" HTTP::header remove "x-amz-id-2" HTTP::header remove "x-amz-request-id" if { [HTTP::status] contains "403"} { HTTP::respond 404 content "not found" } } Tested this on version: 13.0
Automating BIG-IP deployments using Ansible
Problem this snippet solves: Provides the opportunity to easily test deployment models and use cases of BIG-IP in AWS EC2. While AWS is used to provide a virtual compute and networking infrastructure, best practices shown here may be applicable to other public and private ‘cloud’ environments. Shows how the lifecycle of BIG-IP services can be automated using open-source configuration management and orchestration tools, in conjunction with the APIs provided by the BIG-IP platform. How to use this snippet: See README.md and /docs in the linked Github repository. Code : https://github.com/F5Networks/aws-deployments/ Tested this on version: 11.6
BIGIP VE SR-IOV 10G xml template
Problem this snippet solves: mapping SR-IOV VF to guest can be confusing, especially when using command line like virsh to create BIGIP VE on KVM hypvervisor, following is a snippet example for defining Intel 82599 VF in xml for reference. change the bus, slot, function accordingly in your environment How to use this snippet: virsh define virsh start Code : 69849 Tested this on version: 12.0
Terraform template - AWS VPC
Problem this snippet solves: Terraform template - AWS VPC Code : resource "aws_vpc" "main" { cidr_block = "10.0.0.0/16" enable_dns_support = true enable_dns_hostnames = true tags { Name = "main" } } resource "aws_subnet" "management" { vpc_id = "${aws_vpc.main.id}" cidr_block = "10.0.0.0/24" tags { Name = "management-subnet" } } resource "aws_subnet" "external" { vpc_id = "${aws_vpc.main.id}" cidr_block = "10.0.1.0/24" availability_zone = "${aws_subnet.management.availability_zone}" tags { Name = "external-subnet" } } resource "aws_subnet" "internal" { vpc_id = "${aws_vpc.main.id}" cidr_block = "10.0.2.0/24" availability_zone = "${aws_subnet.management.availability_zone}" tags { Name = "internal-subnet" } } resource "aws_subnet" "ha" { vpc_id = "${aws_vpc.main.id}" cidr_block = "10.0.3.0/24" availability_zone = "${aws_subnet.management.availability_zone}" tags { Name = "ha-subnet" } } resource "aws_internet_gateway" "gw" { vpc_id = "${aws_vpc.main.id}" tags { Name = "internet-gateway" } } resource "aws_route_table" "management" { vpc_id = "${aws_vpc.main.id}" tags { Name = "management route table" } } resource "aws_route_table" "external" { vpc_id = "${aws_vpc.main.id}" route { cidr_block = "0.0.0.0/0" gateway_id = "${aws_internet_gateway.gw.id}" } tags { Name = "external route table" } } resource "aws_route_table" "internal" { vpc_id = "${aws_vpc.main.id}" tags { Name = "internal route table" } } resource "aws_route_table" "ha" { vpc_id = "${aws_vpc.main.id}" tags { Name = "ha route table" } } resource "aws_route" "management-def" { route_table_id = "${aws_route_table.management.id}" destination_cidr_block = "0.0.0.0/0" gateway_id = "${aws_internet_gateway.gw.id}" } #resource "aws_route" "external-def" { # route_table_id = "${aws_route_table.external.id}" # destination_cidr_block = "0.0.0.0/0" # gateway_id = "${aws_internet_gateway.gw.id}" #} resource "aws_route_table_association" "management" { subnet_id = "${aws_subnet.management.id}" route_table_id = "${aws_route_table.management.id}" } resource "aws_route_table_association" "external" { subnet_id = "${aws_subnet.external.id}" route_table_id = "${aws_route_table.external.id}" } resource "aws_route_table_association" "internal" { subnet_id = "${aws_subnet.internal.id}" route_table_id = "${aws_route_table.internal.id}" } resource "aws_route_table_association" "ha" { subnet_id = "${aws_subnet.ha.id}" route_table_id = "${aws_route_table.ha.id}" } resource "aws_security_group" "allow_all" { name = "allow_all" description = "Allow all inbound traffic" vpc_id = "${aws_vpc.main.id}" ingress { from_port = 0 to_port = 0 protocol = "-1" cidr_blocks = ["0.0.0.0/0"] } egress { from_port = 0 to_port = 0 protocol = "-1" cidr_blocks = ["0.0.0.0/0"] } }Terraform template - AWS Cloud-Init
Problem this snippet solves: Terraform template - AWS Cloud-Init Code : #cloud-config # vim: syntax=yaml # # This is the configuration syntax that the write_files module # will know how to understand. encoding can be given b64 or gzip or (gz+b64). # The content will be decoded accordingly and then written to the path that is # provided. # # Note: Content strings here are truncated for example purposes. write_files: - content: | /usr/bin/tmsh modify auth user admin shell bash echo "Executed!" >> /root/example path: /root/example runcmd: - chmod 755 /root/example - /root/example - [ /root/example ]Terraform template - AWS variables
Problem this snippet solves: Terraform template - AWS variables Code : variable "ha_enabled" { default = "0" } variable "region" { default = "us-east-1" } provider "aws" { access_key = "access" secret_key = "secret" region = "${var.region}" } variable "dut-ami" { default = { us-east-1 = "ami-key" } }
