F5 BIG-IQ Centralized Management Lab > BIG-IQ All Labs > Class 1: BIG-IQ Application Management and AS3 > Module 2: BIG-IQ Application Templates & Deployment with AS3 using the API Source | Edit on
Lab 2.3: Deploying AS3 Templates on BIG-IQ¶
Note
Estimated time to complete: 15 minutes
Lab environment access¶
If you have not yet visited the page Getting Started, please do so.
Task 6 - Create custom HTTP AS3 Template on BIG-IQ¶
Warning
AS3 Templates cannot be created through BIG-IQ UI but only using the API in 6.1. Go to Module 3 for more details on how to create a AS3 Template using the UI start BIG-IQ 7.0.
Administrators will employ the BIG-IQ Service Catalog to construct and manage a set of JSON Schema templates. Non-administrative users may be selectively allowed to deploy configurations using these templates according to BIG-IQ RBAC policies. The purpose of the templates is to filter the information being supplied to AS3 in 3 ways:
- Force the inclusion of specific AS3 class objects
- Restrict specific AS3 properties and/or classes
- Override specific AS3 default property values
Note
BIG-IQ 7.0 will bring a User Interface to create and manage the AS3 templates.
The following examples demonstrate how these goals can be met with JSON Schema.
- Enforcing Changes to AS3 Classes
In order to trigger schema enforcement of each class in the template other than Tenant and Application, specify the class name(s) and reference(s) in the application class additionalProperties, like this:
1 2 3 4 5 6 7 8 9 10 11 12 | "additionalProperties": {
"allOf": [
{
"if": {"properties": {"class": {"const": "Service_HTTP"}}},
"then": { "$ref": "#/definitions/Service_HTTP" }
},
{
"if": {"properties": {"class": {"const": "HTTP_Profile"}}},
"then": { "$ref": "#/definitions/HTTP_Profile" }
}
]
}
|
- Overriding an AS3 Default Value
To override a default, specify the property name, type, and new default like this snippet for the HTTP_Profile class:
1 2 3 4 | "xForwardedFor": {
"type": "boolean",
"default": true
}
|
- Setting a Static Value
To force a property to a specific value and accept no other, specify the property name, type, and const. To add the static value when the user omits the property, specify the default as well, like this snippet added to the Service_HTTP class:
1 2 3 4 5 | "virtualPort": {
"type": "integer",
"const": 8080,
"default": 8080
}
|
- Disallowing One or More Properties
To reject a specific property whenever it appears in a declaration, specify that property within dependencies, like this snippet added to the Service_HTTP class:
1 2 3 4 | "dependencies": {
"policyIAM": { "not": {} },
"policyWAF": { "not": {} }
}
|
- Disallowing All Properties Except Those Specified
To act on a handful of properties and reject all others, make sure to include a stub for the “class” property and specify:
1 | "additionalProperties": false
|
- Disallowing One or More Classes
To reject an entire class, specify this not anyOf properties clause within the application class additionalProperties object:
:linenos:
"additionalProperties": {
"not": {
"anyOf": [
{"properties": {"class": {"const": "TCP_Profile"}}},
{"properties": {"class": {"const": "TLS_Client"}}}
]
}
}
- Disallowing All But 1 or 2 Classes
To allow just 1 or 2 classes, use an if-then construct within additionalProperties:
1 2 3 4 5 6 7 8 9 10 | "additionalProperties": {
"if": {
"properties": {"class": {"const": "Service_L4"}}
},
"then": { "$ref": "#/definitions/Service_L4" },
"else": {
"if": { "not": {"properties": {"class": {"const": "Pool"}}}},
"then": false
}
}
|
In this task, we will create a template which require a Service_HTTP object, force the service port to 8080, and prevent WAF (ASM) and IAM (APM) configuration.
- Open Visual Studio Code, then use the Visual Studio code REST client extension and authenticate to BIG-IQ (follow instructions).
Copy the below example of an AS3 service template into the BIG-IQ AS3 Template Creation call in Visual Studio REST Client. It will create a new template in BIG-IQ AS3 Service Catalogue:
POST https://10.1.1.4/mgmt/cm/global/appsvcs-templates
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 | {
"description": "Task 6 - Create custom HTTP AS3 Template on BIG-IQ",
"name": "HTTPcustomTemplateTask6",
"published": "true",
"schemaOverlay": {
"type": "object",
"properties": {
"class": {
"type": "string",
"const": "Application"
},
"schemaOverlay": {},
"label": {},
"remark": {},
"template": {},
"enable": {},
"constants": {}
},
"additionalProperties": {
"allOf": [
{
"if": {
"properties": {
"class": {
"const": "Service_HTTP"
}
}
},
"then": {
"$ref": "#/definitions/Service_HTTP"
}
}
],
"not": {
"anyOf": [
{
"properties": {
"class": {
"const": "IAM_Policy"
}
}
},
{
"properties": {
"class": {
"const": "WAF_Policy"
}
}
}
]
}
},
"required": [
"class"
],
"definitions": {
"Service_HTTP": {
"type": "object",
"properties": {
"virtualPort": {
"type": "integer",
"const": 8080,
"default": 8080
}
},
"dependencies": {
"policyIAM": {
"not": {}
},
"policyWAF": {
"not": {}
}
},
"additionalProperties": true
}
}
}
}
|
- Login on BIG-IQ, go to Applications tab, then Application Templates. Look at the custom template created previous through the API.
Note the AS3 Template cannot be created through BIG-IQ UI but only using the API. You can only delete a AS3 templates from the BIG-IQ UI.
You can see the Template in JSON format if you click on it.
Note
For help with JSON Schema, there are lots of resources, but one good place to start is https://json-schema.org/learn.
Task 7 - Admin set RBAC for Oliva on BIG-IQ¶
Let’s update now Oliva’s service catalog.
Login on BIG-IQ as david go to the System tab, Role Management, Roles, CUSTOM ROLES, Application Roles, select Application Creator AS3 and the custom role linked to the custom HTTP template previously created. Remove the default template from the allowed list. Click Save & Close.
Task 8 - Deploy the HTTP Application Service using a Custom Template¶
Now, let’s deploy an application as Oliva using the AS3 template previously created in Task 6. Note in the below declaration, the virtualPort is set to 9090 while in the template, we force the virtualPort to a specific value and accept no other.
Using Visual Studio code REST client extension, find the BIG-IQ Token call to authenticate you on the BIG-IQ and save the token.
Update the body with olivia’s credential as below.
1 2 3 4 5 | {
"username": "olivia",
"password": "olivia",
"loginProviderName": "RadiusServer"
}
|
The method and URL used will be
POST https://10.1.1.4/mgmt/shared/appsvcs/declare?async=true. Copy/Paste the AS3 declaration to the body under the call using the REST client VS code extension.This will give you an ID which you can query using the BIG-IQ Check AS3 Deployment Task.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 | {
"$schema": "https://raw.githubusercontent.com/F5Networks/f5-appsvcs-extension/master/schema/latest/as3-schema.json",
"class": "AS3",
"action": "deploy",
"declaration": {
"class": "ADC",
"schemaVersion": "3.7.0",
"id": "isc-lab",
"label": "Task8",
"target": {
"address": "10.1.1.8"
},
"Task8": {
"class": "Tenant",
"MyWebApp8http": {
"class": "Application",
"schemaOverlay": "HTTPcustomTemplateTask6",
"template": "http",
"statsProfile": {
"class": "Analytics_Profile",
"collectClientSideStatistics": true,
"collectOsAndBrowser": false,
"collectMethod": false
},
"serviceMain": {
"class": "Service_HTTP",
"virtualAddresses": [
"10.1.10.133"
],
"virtualPort": 9090,
"pool": "pool_8",
"profileAnalytics": {
"use": "statsProfile"
}
},
"pool_8": {
"class": "Pool",
"monitors": [
"http"
],
"members": [
{
"servicePort": 80,
"serverAddresses": [
"10.1.20.132",
"10.1.20.133"
],
"shareNodes": true
}
]
}
}
}
}
}
|
Use the BIG-IQ Check AS3 Deployment Task call to ensure that the AS3 deployment is successful without errors:
GET https://10.1.1.4/mgmt/shared/appsvcs/task/<id>As expected, note the error message returned due to the static value set in the template:
"response": "declaration is invalid according to provided schema overlay: data['serviceMain'].virtualPort should be equal to constant", "status": 422
Update the
virtualPortto 8080 and re-send the declaration.Login on BOS-vBIGIP01.termmarc.com and verify the application is correctly deployed in partition Task8.
Login on BIG-IQ as Olivia, go to Applications tab and check the application is displayed and analytics are showing.
Warning
Starting 7.0, BIG-IQ displays AS3 application services created using the AS3 Declare API as Unknown Applications. You can move those application services using the GUI, the Move/Merge API, bigiq_move_app_dashboard F5 Ansible Galaxy role or create it directly into Application in BIG-IQ using the Deploy API to define the BIG-IQ Application name.
