Onboard and deploy Application Services to a Tenant using BIG-IQ¶
Overview¶
Now you have created a tenant, you can use Declarative Onboarding (DO) with BIG-IQ to initially configure the BIG-IP with all of the required settings to get up and running.
Once the BIG-IP is ready to accept configure, use Application Services 3 Extension (AS3) to deploy Layer 4-7 Application and Security Services.
Prerequisites¶
Before you can onboard the tenant and deploy application services, refer to the Chassis Partition - Tenant Lifecycle workflow.
Get Authentication Token¶
F5 disables basic authentication for HTTP/HTTPS requests to the BIG-IQ API by default for security enhancement. You can make HTTP/HTTPS requests to the BIG-IQ API while keeping basic authentication disabled by sending the requests to the BIG-IQ and by including a valid BIG-IQ authentication token in the X-Auth-Token header.
Whenever you perform an authenticated login to the BIG-IQ, and request a token using the Auth Token, you receive both an access token and refresh token. You can use the access token to send HTTP/HTTPS requests to BIG-IQ.
Request a new token from the BIG-IQ using an authenticated login. Using your username and password, log into the BIG-IQ.
POST: https://<cbigiq-ip>/mgmt/shared/authn/login
{
"username": "admin",
"password": "secret",
"loginProviderName": "tmos"
}
The value set in the X-Auth-Token
in the response Headers is the access token value to use in subsequent requests header along with the application/yang-data+json
Content-Type.
- Content-Type: application/yang-data+json
- X-Auth-Token: {{ X-Auth-Token }}
Onboard Tenant with Declarative Onboarding¶
Below example will onboard the tenant and provision LTM, AVR, ASM and APM along with NTP, DNS, Self-IPs & Vlans, users & passwords, hostname. More examples and details on how to use DO _here <https://clouddocs.f5.com/products/extensions/f5-declarative-onboarding/latest/>.
Note that once the tenant is successfully onboarded, it will be added as a manage device on BIG-IQ.
POST: https://<bigiq-ip>/mgmt/shared/declarative-onboarding
{
"class": "DO",
"declaration": {
"schemaVersion": "1.18.0",
"class": "Device",
"async": true,
"Common": {
"class": "Tenant",
"myProvision": {
"class": "Provision",
"avr": "nominal",
"ltm": "nominal",
"asm": "nominal",
"apm": "nominal"
},
"myDns": {
"class": "DNS",
"nameServers": [
"8.8.8.8",
"8.8.4.4
]
},
"myNtp": {
"class": "NTP",
"servers": [
"pool.ntp.org"
],
"timezone": "UTC"
},
"internal-self": {
"class": "SelfIp",
"address": "10.10.11.9/24",
"vlan": "vlan-444",
"allowService": "all",
"trafficGroup": "traffic-group-local-only"
},
"external-self": {
"class": "SelfIp",
"address": "10.10.12.9/24",
"vlan": "vlan-555",
"trafficGroup": "traffic-group-local-only",
"allowService": "default"
},
"myDbVariables": {
"class": "DbVariables",
"ui.advisory.enabled": "true",
"ui.advisory.color": "red",
"ui.advisory.text": "Configuration deployed with AS3. Do not make any change directly on the BIG-IP or those changes may be lost."
},
"admin": {
"class": "User",
"userType": "regular",
"shell": "bash",
"partitionAccess": {
"all-partitions": {
"role": "admin"
}
},
"password": "secret-admin"
},
"root": {
"class": "User",
"userType": "root",
"newPassword": "secret-root",
"oldPassword": "secret-admin"
},
"hostname": "tenant1-velos.example.com"
}
},
"targetHost": "<chassis-tenant1-ip>",
"targetUsername": "admin",
"targetPassphrase": "admin",
"bigIqSettings": {
"failImportOnConflict": false,
"conflictPolicy": "USE_BIGIQ",
"deviceConflictPolicy": "USE_BIGIP",
"versionedConflictPolicy": "KEEP_VERSION",
"statsConfig": {
"enabled": true,
"zone": "default"
},
"accessModuleProperties": {
"cm:access:access-group-name": "tenant1-apm-group",
"cm:access:import-shared": true
},
"snapshotWorkingConfig": false
}
}
Deploy Layer 4-7 Application and Security Services using AS3¶
Below example will create a simple HTTP application service using AS3. More examples and details on how to use AS3 _here <https://clouddocs.f5.com/products/extensions/f5-appsvcs-extension/latest/>.
POST: https://<bigiq-ip>/mgmt/shared/appsvcs/declare
{
"class": "AS3",
"action": "deploy",
"persist": true,
"declaration": {
"class": "ADC",
"schemaVersion": "3.0.0",
"id": "urn:uuid:33045210-3ab8-4636-9b2a-c98d22ab915d",
"label": "Sample 1",
"remark": "Simple HTTP application with RR pool",
"target": {
"address": "<chassis-tenant1-ip>"
},
"Sample_01": {
"class": "Tenant",
"A1": {
"class": "Application",
"service": {
"class": "Service_HTTP",
"virtualAddresses": [
"10.0.1.10"
],
"pool": "web_pool"
},
"web_pool": {
"class": "Pool",
"monitors": [
"http"
],
"members": [{
"servicePort": 80,
"serverAddresses": [
"192.0.1.10",
"192.0.1.11"
]
}]
}
}
}
}
}