F5 BIG-IQ Centralized Management Lab > BIG-IQ All Labs > Class 1: BIG-IQ Application Management and AS3 > Module 2: BIG-IQ Application Templates & Deployment with AS3 using the API Source | Edit on
Lab 2.1: Application Creation using AS3 through BIG-IQ¶
Note
Estimated time to complete: 25 minutes
Lab environment access¶
If you have not yet visited the page Getting Started, please do so.
Task 1 - HTTP Application Service¶
This declaration will create an HTTP application on BIG-IQ using an HTTP template. This declaration abstracts the complexity of having to configure all the HTTP defaults such as cookies, persistence, etc…
Copy below example of an AS3 Declaration into the IDE (Integrated development environment) available within the lab environment, click on the Access button of the Ubuntu Lamp Server system and select Visual Studio Code.
Note
It is recommended to validate your AS3 declaration against the schema using Microsoft Visual Studio Code.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 | {
"$schema": "https://raw.githubusercontent.com/F5Networks/f5-appsvcs-extension/master/schema/latest/as3-schema.json",
"class": "AS3",
"action": "deploy",
"persist": true,
"declaration": {
"class": "ADC",
"schemaVersion": "3.7.0",
"id": "example-declaration-01",
"label": "Task1",
"remark": "Task 1 - HTTP Application Service",
"target": {
"address": "<BIG-IP ip address>"
},
"Task1": {
"class": "Tenant",
"MyWebApp1http": {
"class": "Application",
"template": "http",
"statsProfile": {
"class": "Analytics_Profile",
"collectClientSideStatistics": true,
"collectOsAndBrowser": false,
"collectMethod": false
},
"serviceMain": {
"class": "Service_HTTP",
"virtualAddresses": [
"<virtual>"
],
"pool": "web_pool",
"profileAnalytics": {
"use": "statsProfile"
}
},
"web_pool": {
"class": "Pool",
"monitors": [
"http"
],
"members": [
{
"servicePort": 80,
"serverAddresses": [
"<node1>",
"<node2>"
],
"shareNodes": true
}
]
}
}
}
}
}
|
Now that the AS3 declaration is validated, modify the Virtual Address to 10.1.10.110 and the serverAddresses to 10.1.20.110 and 10.1.20.111.
Let’s now add the target (BIG-IP device):
"target": { "address": "10.1.1.8" },
In Visual Studio Code, use the Visual Studio code REST client extension and authenticate to BIG-IQ (follow instructions).
Note
Instead of using the Visual Studio Code REST client extension, you can also use F5 vscode extension. See Module 2 Lab 9 to see how to.
Use the BIG-IQ AS3 Declaration call in order to create the service on the BIG-IP through BIG-IQ. The method and URL used will be
POST https://10.1.1.4/mgmt/shared/appsvcs/declare?async=true. Copy/Paste the AS3 declaration to the body under the call using the REST client VS code extension.This will give you an ID which you can query using the BIG-IQ Check AS3 Deployment Task.
Use the BIG-IQ Check AS3 Deployment Task call to ensure that the AS3 deployment is successful without errors:
GET https://10.1.1.4/mgmt/shared/appsvcs/task/<id>
Note
Notice that the app deployment may take a few minutes.
- Login on BOS-vBIGIP01.termmarc.com and verify the application is correctly deployed in partition Task1.
- Login on BIG-IQ as david, go to Applications tab and check the application is displayed and analytics are showing.
Warning
Starting 7.0, BIG-IQ displays AS3 application services created using the AS3 Declare API as Unknown Applications. You can move those application services using the GUI, the Move/Merge API, bigiq_move_app_dashboard F5 Ansible Galaxy role or create it directly into Application in BIG-IQ using the Deploy API to define the BIG-IQ Application name.
Click on your Application, Properties > CONFIGURATION, look at AS3 Declaration.
Task 2 - HTTPS Offload¶
Now we are going to create another service but this time, we will do some SSL offloading.
Using Visual Studio Code REST client, use the BIG-IQ AS3 Declaration call in order to create the service on the BIG-IP through BIG-IQ. The method and URL used will be
POST https://10.1.1.4/mgmt/shared/appsvcs/declare?async=true. Copy/Paste the AS3 declaration to the body under the call using the REST client VS code extension.This will give you an ID which you can query using the BIG-IQ Check AS3 Deployment Task.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 | {
"$schema": "https://raw.githubusercontent.com/F5Networks/f5-appsvcs-extension/master/schema/latest/as3-schema.json",
"class": "AS3",
"action": "deploy",
"persist": true,
"declaration": {
"class": "ADC",
"schemaVersion": "3.7.0",
"id": "isc-lab",
"label": "Task2",
"remark": "Task 2 - HTTPS Application Service",
"target": {
"address": "10.1.1.8"
},
"Task2": {
"class": "Tenant",
"MyWebApp2https": {
"class": "Application",
"template": "https",
"statsProfile": {
"class": "Analytics_Profile",
"collectClientSideStatistics": true,
"collectOsAndBrowser": false,
"collectMethod": false
},
"serviceMain": {
"class": "Service_HTTPS",
"virtualAddresses": [
"10.1.10.113"
],
"pool": "web_pool",
"profileAnalytics": {
"use": "statsProfile"
},
"serverTLS": "webtls"
},
"web_pool": {
"class": "Pool",
"monitors": [
"http"
],
"members": [
{
"servicePort": 80,
"serverAddresses": [
"10.1.20.112",
"10.1.20.113"
],
"shareNodes": true
}
]
},
"webtls": {
"class": "TLS_Server",
"certificates": [
{
"certificate": "webcert"
}
]
},
"webcert": {
"class": "Certificate",
"certificate": {
"bigip": "/Common/default.crt"
},
"privateKey": {
"bigip": "/Common/default.key"
}
}
}
}
}
}
|
In Visual Studio Code, use the Visual Studio code REST client extension and authenticate to BIG-IQ (follow instructions).
Use the BIG-IQ Check AS3 Deployment Task call to ensure that the AS3 deployment is successful without errors:
GET https://10.1.1.4/mgmt/shared/appsvcs/task/<id>Login on BIG-IQ as david, go to Applications tab and check the application is displayed and analytics are showing.
Warning
Starting 7.0, BIG-IQ displays AS3 application services created using the AS3 Declare API as Unknown Applications. You can move those application services using the GUI, the Move/Merge API, bigiq_move_app_dashboard F5 Ansible Galaxy role or create it directly into Application in BIG-IQ using the Deploy API to define the BIG-IQ Application name.
Task 3a - HTTPS Application with Web Application Firewall¶
This declaration will create an HTTPS application on BIG-IQ using an HTTPS template, a WAF policy and a security Log Profile.
Note
If the WAF polcy and logging profiles exist in BIG-IQ, but have not yet been deployed to the BIG-IP, you must
deploy the policy and profile before this declaration can reference them.
Attach the policy to the inactive virtual server under the Web Application Security Configuration menu, and then deploy it.
Update the WAF policy section below with the policy available on BIG-IP:
"policyWAF": {
"bigip": "/Common/templates-default"
}
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 | {
"$schema": "https://raw.githubusercontent.com/F5Networks/f5-appsvcs-extension/master/schema/latest/as3-schema.json",
"class": "AS3",
"action": "deploy",
"persist": true,
"declaration": {
"class": "ADC",
"schemaVersion": "3.7.0",
"id": "isc-lab",
"label": "Task3a",
"remark": "Task 3a - HTTPS Application with WAF",
"target": {
"address": "10.1.1.8"
},
"Task3": {
"class": "Tenant",
"MyWebApp3waf": {
"class": "Application",
"template": "https",
"statsProfile": {
"class": "Analytics_Profile",
"collectClientSideStatistics": true,
"collectOsAndBrowser": false,
"collectMethod": false
},
"serviceMain": {
"class": "Service_HTTPS",
"virtualAddresses": [
"10.1.10.123"
],
"pool": "web_pool",
"profileAnalytics": {
"use": "statsProfile"
},
"serverTLS": "webtls",
"policyWAF": {
"bigip": "/Common/<WAF policy>"
},
"securityLogProfiles": [
{
"bigip": "/Common/templates-default"
}
]
},
"web_pool": {
"class": "Pool",
"monitors": [
"http"
],
"members": [
{
"servicePort": 80,
"serverAddresses": [
"10.1.20.122",
"10.1.20.123"
],
"shareNodes": true
}
]
},
"webtls": {
"class": "TLS_Server",
"certificates": [
{
"certificate": "webcert"
}
]
},
"webcert": {
"class": "Certificate",
"certificate": {
"bigip": "/Common/default.crt"
},
"privateKey": {
"bigip": "/Common/default.key"
}
}
}
}
}
}
|
In Visual Studio Code, use the Visual Studio code REST client extension and authenticate to BIG-IQ (follow instructions).
Use the BIG-IQ AS3 Declaration call in order to create the service on the BIG-IP through BIG-IQ. The method and URL used will be
POST https://10.1.1.4/mgmt/shared/appsvcs/declare?async=true. Copy/Paste the AS3 declaration from the validator to the body into Visual Studio REST Client (DON’T FORGET TO UPDATE THE WAF Policy).This will give you an ID which you can query using the BIG-IQ Check AS3 Deployment Task.
Use the BIG-IQ Check AS3 Deployment Task call to ensure that the AS3 deployment is successful without errors:
GET https://10.1.1.4/mgmt/shared/appsvcs/task/<id>Login on BIG-IQ as david, go to Applications tab and check the application is displayed and analytics are showing.
Warning
Starting 7.0, BIG-IQ displays AS3 application services created using the AS3 Declare API as Unknown Applications. You can move those application services using the GUI, the Move/Merge API, bigiq_move_app_dashboard F5 Ansible Galaxy role or create it directly into Application in BIG-IQ using the Deploy API to define the BIG-IQ Application name.
Task 4 - Generic Services¶
Note
Note that because this declaration uses the generic template, the service does not have to be named serviceMain
Modify the Generic virtual with something other than <generic_virtual>.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 | {
"$schema": "https://raw.githubusercontent.com/F5Networks/f5-appsvcs-extension/master/schema/latest/as3-schema.json",
"class": "AS3",
"action": "deploy",
"persist": true,
"declaration": {
"class": "ADC",
"schemaVersion": "3.7.0",
"id": "isc-lab",
"label": "Task4",
"remark": "Task 4 - Generic Services",
"target": {
"address": "10.1.1.8"
},
"Task4": {
"class": "Tenant",
"MyWebApp4generic": {
"class": "Application",
"template": "generic",
"statsProfile": {
"class": "Analytics_Profile",
"collectClientSideStatistics": true,
"collectOsAndBrowser": false,
"collectMethod": false
},
"<generic_virtual>": {
"class": "Service_Generic",
"virtualAddresses": [
"10.1.10.127"
],
"virtualPort": 8080,
"pool": "web_pool",
"profileAnalytics": {
"use": "statsProfile"
}
},
"web_pool": {
"class": "Pool",
"monitors": [
"tcp"
],
"members": [
{
"servicePort": 80,
"serverAddresses": [
"10.1.20.126",
"10.1.20.127"
],
"shareNodes": true
}
]
}
}
}
}
}
|
In Visual Studio Code, use the Visual Studio code REST client extension and authenticate to BIG-IQ (follow instructions).
Using Visual Studio Code REST client, use the BIG-IQ AS3 Declaration call in order to create the service on the BIG-IP through BIG-IQ. The method and URL used will be
POST https://10.1.1.4/mgmt/shared/appsvcs/declare?async=true. Copy/Paste the AS3 declaration to the body under the call using the REST client VS code extension.This will give you an ID which you can query using the BIG-IQ Check AS3 Deployment Task.
Use the BIG-IQ Check AS3 Deployment Task call to ensure that the AS3 deployment is successful without errors:
GET https://10.1.1.4/mgmt/shared/appsvcs/task/<id>Login on BIG-IQ as david, go to Applications tab and check the application is displayed and analytics are showing.
Warning
Starting 7.0, BIG-IQ displays AS3 application services created using the AS3 Declare API as Unknown Applications. You can move those application services using the GUI, the Move/Merge API, bigiq_move_app_dashboard F5 Ansible Galaxy role or create it directly into Application in BIG-IQ using the Deploy API to define the BIG-IQ Application name.