Install BIG-IP Next Central Manager on VMware

This document describes how to install the BIG-IP Next Central Manager on VMware.

Task Overview

Click below to jump to the appropriate section.

1. Download OVA

2. Deploy OVA

3. Launch Console and Change Password

4. Run the Setup Script

5. Setup the Standalone Instance or High Availability (HA) using BIG-IP Next Central Manager GUI

Prerequisites

• MyF5 login and Central Manager OVA image

• VMware vSphere hypervisor version 7.x and credentials

• Hypervisor Resources:

Deployement Type	Resources
Standalone Node	8 vCPUs, 16 GB RAM 350 GB disk
High Availability (3 nodes)	3 × 8 vCPUs, 3 × 16 GB RAM 3 × 350 GB disk

• Network Resources:

  • IP Address, subnet, and hostname

  • NFS or SAMBA network attached storage (NAS) and credentials

  • NTP Server

  • DNS Server

  • Gateway Router

• Review the appropriate Release Notes

Limitation

The BIG-IP Next Central Manager has specific requirements for NFS external storage. These requirements must be met to ensure proper functionality:

• The CM root user must be able to create directories within the external storage directory.

• The CM root user must be able to change ownership of those directories to UID and GID 1000.

• The CM admin user with UID and GID 1000 must be able to create files and directories inside the directories established by the CM root user.

The configuration required to meet these standards can vary depending on the storage vendor. The following configuration has been tested and verified to support these requirements.

• Operating System: Ubuntu 22.04 server

• NFS Export Configuration: Configured using no_root_squash

• Directory Ownership: The exported directory must be owned by the root user and group.

• Directory Permissions: The permissions on the exported directory must be set to 0777.

Procedures

Complete the steps below to install BIG-IP Central Manager.

Download OVA

1. Use your credentials to sign in to my.f5.com

2. Click Downloads.

3. Review the EULA and Program Terms, then click I have read and agreed to the terms of the End User License Agreement and Program Terms., then click Next.

4. Under Group, select BIG-IP_Next.

5. Under Product Line, select Central Manager

6. Under Product Version, select the latest version.

7. Under Select a product container, select the latest version.

8. Under Select a download file, select the OVA file.

9. Under Download locations, select the appropriate region.

10. Click Download.

11. Repeat these steps to download the sha256 or md5 checksum file.

12. Verify the downloaded OVA file using the checksum: linked instructions.

13. Move the verified OVA file to a desired location.

You are now ready to deploy the OVA to create the CM virtual machine.

Deploy OVA

1. Log in to the VMware vSphere Client.

2. In the left hand navigation pane, select an appropriate host or cluster for CM.

3. Click ACTIONS > Deploy OVF Template.

4. Locate the previously downloaded OVA file to use to install a VM:
   

   1. Select Local file and then click UPLOAD FILES.

   2. Select the OVA file, and click Open.
      

5. Click NEXT.
   

6. Type a VM name and select a location. Click NEXT.
   Important: Do not use the plus ( + ) sign in the VM name.

7. Select a location for the compute resource and click NEXT.
   

8. Verify the temmplate details and click NEXT.

9. Select the storage for the configuration and disk files, and click NEXT.

10. Select a Destination Network and click NEXT.

11. Review the settings and click FINISH.

Launch console and change password

1. In left pane, click the icon for the Hosts and Cluster menu.
   

2. Navigate to the BIG-IP Next Central Manager virtual machine location.

3. Open the VM console using the Launch Web Console or Launch Remote Console.
   The console opens.

4. For both the central-manager login and Password, type admin.
   You are required to change your password… displays

5. Change your password. Type:

   • Current password

   • New password

   • Retype new password
     The Welcome information displays.

Run the setup script

Note: This is required if the user wants to configure a static IP address for the VM instance or the DNS server configurationsis is available only during the initial setup. After the CM services are started, adding these conifiguration settings are not available. Follow the instructions below.

1. While still on the CM console, at the $ prompt, type setup
   Welcome… and instructions display.
   

   Note: Message if BIG-IP Next Central Manager is already installed:
   

   BIG-IP Next Central Manager has already been installed.
   Running setup again will destroy all current configuration and data.
   Please run /opt/cm-bundle/cm uninstall -c prior to running setup if you wish to continue.

2. Type inputs

   Example values are shown within parentheses. If there is a default value, it will be shown within square brackets and will automatically be used if no value is entered.
   

Network with DHCP

Hostname (example.com): 
['10.145.77.192'] found on the management interface.
Do you want to configure a static IP address (N/y) [N]:  
Primary NTP server address (0.pool.ntp.org) (optional):
Alternate NTP server address (1.pool.ntp.org) (optional):<br>

Network with a management IP address (No DHCP)

Hostname (e.g. example.com): central-manager-server-1
IP address(es) ['10.192.10.136'] found on the management interface.
Do you want to configure a static IP address (N/y) [y]: Y
Management IP Address & Network Mask [192.168.1.245/24]: 10.192.10.139/24
Management Network Default Gateway [192.168.1.1]: 10.192.10.1
Primary DNS nameserver (e.g. 192.168.1.2): 10.196.1.1
Alternate DNS nameserver (e.g. 192.168.1.3) (optional): 10.196.1.1
Primary NTP server address (i.e 0.ubuntu.pool.ntp.org) (optional):
Alternate NTP server address (e.g. 1.ubuntu.pool.ntp.org) (optional):
IPv4 network CIDR to use for service IPs [100.75.0.0/16]:
IPv4 network CIDR to use for pod IPs [100.76.0.0/14]:

Note: About the two inputs for service and pod IPs: the system uses the two internal IP addresses for communication between invidual containers. Make sure the defaults listed do not conflict with the existing IP address space on your network. If they do, choose a different IP range for the service and pod IPs to resolve the conflict.

Summary and Installation

Summary
-------
Hostname: central-manager-server-1
Management Network Already Configured: False
Management IP Address: 10.192.10.139/24
Management Gateway: 10.192.10.1
DNS Servers: 10.196.1.1, 10.196.1.1
IPv4 network CIDR to use for service IPs: 100.75.0.0/16
IPv4 network CIDR to use for pod IPs: 100.76.0.0/14

• Would you like to complete configuration with these parameters (Y/n) [N]:

  Type Y to complete.

Access the BIG-IP Next Central Manager GUI

1. From a web browser, navigate to the address you configured earlier: https://<cm-ip-address-or-hostname/>.

2. Verify that the CM GUI appears.

   Note: The CLI password for admin and the GUI password are not the same. The default GUI password is admin/admin. If you set the CLI password for admin, it does not change the GUI password.

Proceed by creating a BIG-IP Next Instance to secure apps.

Setup the Standalone Node or High Availability (HA) using BIG-IP Next Central Manager

Central Manager GUI

Follow the steps to configure the BIG-IP Next Central Manager using GUI

1. From the web browser, enter the IP address of your Virtual Machine (VM) instance to access the Central Manager GUI.

2. Log in to the Central Manager GUI for the first time using the default admin/admin credentials. You will be prompted to create a new password the first time you log in.

3. Type the Current Password, specify a New Password, re-enter the Confirm New Password, and then click Save. The password must meet the criteria displayed on the screen.

4. You can now use this new password to sign in to BIG-IP Next Central Manager.

5. Click Setup on the BIG-IP Next Central Manager window. Follow the instructions and click Next to proceed.

6. If you want to deploy a BIG-IP Next Central Manager in Standalone Node, skip steps 8–10 and proceed to step 11.

7. If you want to deploy a BIG-IP Next Central Manager in High Availability with three nodes then make sure to change the default credentials for addional two nodes as mentioned in step 3.

8. From the BIG-IP Next Central Manager GUI Setup, click Nodes first, then click the +Add button to add a node to the Central Manager HA setup.

   Note: The +Add option is available only during the initial setup. After the CM services are started, adding more nodes is not possible, and the +Add option is disabled.

   a. Enter the Username, Password, and IP Address of the Virtual Machines (VMs) to be added.

   b. Click Save.

   c. Click Add on the Add Node and Enable Clustering? on the popup window.

   d. Verify the fingerprint of the Node and click Accept in the Continue Connecting? pop-up window.

   When the second node is added to the Central Manager HA setup, the setup needs to be enabled. During this process, the user will be logged out from the Central Manager GUI.

   Note: Wait for up to 15 minutes for Central Manager Services to start and become operational.

9. Repeat step 8 to add more Nodes to the Central Manager HA setup. Verify the status of all Central Manager nodes that have been added as Ready.

10. This step is optional, but setting up external storage (NFS or SAMBA) is highly recommended. Click Next and follow the procedure below to configure it for the BIG-IP Next Central Manager. External storage provides benefits such as storing instance and CM backup files, storing analytics, and preventing CM disk space from filling up.

    Note: The external storage can only be enabled and configured during the BIG-IP Next Central Manager installation and cannot be enabled or modified after installation.

    a. Toggle the Enable external storage for the BIG-IP Next Central Manager System.

    b. From the Select the Storage Type dropdown menu, you can choose either a NFS or SAMBA server.

    c. Enter the Storage Server IP Address.

    d. Enter the Storage Share Directory. This is the source directory in which the backup file will be stored.

    e. Enter the Storage Server Share Path. This is the destination directory from which the restore will be performed.

    f. Set the Username and Password for the Samba Storage Server.

    g. Click Test Connection to verify that the external storage is successfully configured.
    Please wait until you see the Test connection status Success message.

11. Click Start CM services. Wait for up to 15 minutes for Central Manager Services to start and become operational.

12. After installation, log in to BIG-IP Next Central Manager as admin, click the Workspace icon next to the F5 icon, and click System→CM Maintenance then click on Properties screen will display the CM status as Completed.

Central Manager API

Prerequisite

• Make sure that you create three Virtual Machine(VM) instances to configure high availability. It might take 5-10 minutes for each instance to completely boot up.

• Authenticate with the BIG-IP Next Central Manager API. For details refer to How to: Authenticate with the BIG-IP Next Central Manager API

• Change the default Central Manager password for all the three VM instances by using the following API.

  Note: You don’t need to SSH login into the VM. If you do for diagnostic purposes, make sure to change the default SSH password.

  POST  https://{{CM_Node_IP}}/api/change-password
  

  {
      "username": "admin",
      "temp_password": "temppwd",
      "new_password": "password"
  }
  

Create HA group and Start CM Services

1. Login to CM_Node_1 by sending the POST request to /api/login endpoint.

   POST  https://{{/CM_Node_1_IP}}/api/login
   

   {
     "username": "username",
     "password": "password"
   }
   

   Important

   • If you select Node_1 as your first instance, make sure you do all operations on the same node.

2. Optional: Check the node status by sending the GET request to system/infra/nodes endpoint. Identify the fingerprint address to collect the fingerprints.

   GET  https://{{CM_Node_1_IP}}/api/v1/system/infra/nodes
   

   For more information about this request, see OpenAPI documentation.

3. Collect the fingerprints of the nodes by sending a GET request to Node_1 using system/infra/nodes/cert-fingerprint?address=<node_address> endpoint. Modify node_address with corresponding node addresses to get the respective node’s fingerprint.

   GET  https://{{CM_Node_1_IP}}/api/v1/system/infra/nodes/cert-fingerprint?address=<node_address>
   

   For more information about this request, see OpenAPI documentation.

4. Create the 3 nodes group by sending the POST request to system/infra/nodes endpoint on Node 1.

   POST  https://{{CM_Node_1_IP}}/api/v1/system/infra/nodes
   

   For the request payload, use the following example, modifying the values as required.
   node_address is the IP address of the nodes.
   fingerprint is the node fingerprints for the validation of certificate with the node being added.

   [
       {
             "node_address": "{{CM_Node_2_IP}}",
             "username": "user1",
             "password": "password"       ,
             "fingerprint": "{{CM_Node_2_Fingerprint}}"  
       },
         
       {     "node_address": "{{CM_Node_3_IP}}",
             "username": "user2",
             "password": "password",
             "fingerprint": "{{CM_Node_3_Fingerprint}}"  
       }
   ]
   

   For more information about this API request, see OpenAPI documentation.

5. Check the nodes status again by sending the GET request to /system/infra/nodes endpoint, until you see the nodes are in ready state.

   GET  https://{{CM_Node_1_IP}}/api/v1/system/infra/nodes
   

   Note: It might take about 30 seconds for cluster to be in ready state.

6. Optional: Configure the external storage by sending the POST request to /system/infra/external-storage endpoint on Node_1.

   POST https://{{CM_Node_1_IP}}/api/v1/system/infra/external-storage
   

   For the request payload, use the following example, modifying the values as required.

   {
   "storage_type": "NFS",
   "storage_address": "xxx.xxx.xxx.xxx",
   "storage_share_path": "/export/data",
   "storage_share_dir": ""
   }
   

   For more information about configuring external storage using BIG-IP Next Central Manager APIs, see OpenAPI documentation.

7. Optional: Select the configured external storages by sending the GET request to system/infra/external-storage endpoint on Node_1.

   GET https://{{CM_Node_1_IP}}/api/v1/system/infra/external-storage
   

   For more information about this API request, see OpenAPI documentation.

8. Start the CM services by sending the POST request to /system/infra/bootstrap endpoint on Node 1.

   POST  https://{{CM_Node_1_IP}}/api/v1/system/infra/bootstrap
   

9. Check the bootstrap status by sending the GET request to system/infra/bootstrap endpoint on Node 1. Ensure that the bootstrap status is in the completed state.

   GET  https://{{CM_Node_1_IP}}/api/v1/system/infra/bootstrap
   

   Note: The status displays the progress of the Central Manger startup sequence, which takes approximately 15 minutes to complete.

   For more information about checking the bootstrap status using BIG-IP Next Central Manager APIs, see OpenAPI documentation.

10. Delete the node by sending the DELETE request to /system/infra/nodes/{{NODE_NAME}} endpoint.

    DELETE https://{{M_Node_1_IP}}/api/v1/system/infra/nodes/{{NODE_NAME}}
    

    Note: You can delete the node only before bootstrapping the system.

    Fore more information about deleting the nodes using BIG-IP Next Central Manager APIs, see OpenAPI documentation.