F5 BIG-IQ Centralized Management Lab > BIG-IQ All Labs > Class 12: BIG-IQ SSL Orchestrator > Module 3: SSLo Declarative API Source | Edit on
Lab 3.1: SSLo configuration through declarative API¶
Note
Estimated time to complete: 20 minutes
In this lab, Larry will provide to David with a new JSON blob so that David can deploy a SSLo Outbound service with one Declarative API call.
Service creation with one Declarative API call¶
- Connect to
Visual Studio Codeby clicking on the link underAccessmenu onUbuntumachine (follow instructions).
- VSC will open, and on the left menu, click on file
postman_SSLo.restinprojectdirectory
Now, on the right frame, you can see the different
Postmancalls. We will run them, one by one. It is important to understand each of them- The
first callis to authenticate against the BIG-IQ, and get a token. Use the first call (line #9). Click onSend Request
You should see on the right frame, the response from BIG-IQ. Now, you have a token, and you can send REST calls to BIG-IQ.
It is time to send our
declarative API callthat will configure our required configuration.The JSON blob (the declarative call) is below. You can notice the different sections (Topology, SSL_Settings, Security Policy, Service_Chain, Service)
{ "template": { "TOPOLOGY": { "name": "sslo_NewTopology_Dec", "ingressNetwork": { "vlans": [ { "name": "/Common/VLAN_TAP" } ] }, "type": "topology_l3_outbound", "sslSetting": "ssloT_NewSsl_Dec", "securityPolicy": "ssloP_NewPolicy_Dec" }, "SSL_SETTINGS": { "name": "ssloT_NewSsl_Dec" }, "SECURITY_POLICY": { "name": "ssloP_NewPolicy_Dec", "rules": [ { "mode": "edit", "name": "Pinners_Rule", "action": "allow", "operation": "AND", "conditions": [ { "type": "SNI Category Lookup", "options": { "category": [ "Pinners" ] } }, { "type": "SSL Check", "options": { "ssl": true } } ], "actionOptions": { "ssl": "bypass", "serviceChain": "ssloSC_NewServiceChain_Dec" } }, { "mode": "edit", "name": "All Traffic", "action": "allow", "isDefault": true, "operation": "AND", "actionOptions": { "ssl": "intercept" } } ] }, "SERVICE_CHAIN": { "ssloSC_NewServiceChain_Declarative": { "name": "ssloSC_NewServiceChain_Dec", "orderedServiceList": [ { "name": "ssloS_ICAP_Dec" } ] } }, "SERVICE": { "ssloS_ICAP_Declarative": { "name": "ssloS_ICAP_Dec", "customService": { "name": "ssloS_ICAP_Dec", "serviceType": "icap", "loadBalancing": { "devices": [ { "ip": "3.3.3.3", "port": "1344" } ] } } } } }, "targetList": [ { "type": "DEVICE", "name": "SEA-vBIGIP01.termmarc.com" } ] }
Click on
Send Requestand check the right frame of the screen.
- Now, let’s check the status. To do so, we will use another REST call.
- Scroll down on the right side and copy the
access-workflow ID. This ID is the last string inselflinkattribut. In this example the ID isa8d44084-0ace-4cd9-99d0-c9ba789ef128. You might need to click on the link and then copy it from the URL in the new tab to get it copied.
On the left side scroll down to the section “Check status” and replace the ID by the one you just copied.
For example:
GET https://{{bigiq}}/mgmt/cm/sslo/tasks/api/a8d44084-0ace-4cd9-99d0-c9ba789ef128 HTTP/1.1Now click on
Send RequestYou should see a
200 OK, andstatus : Finshed
- Connect to BIG-IQ GUI as
davidand double check underSSL Orchestratorthat theTopologies: sslo_NewTopology_Decgot created.
- The
Note
Congrats, with one call, you deployed a new SSLo Topology including SSL_Settings, Security Policy, Service_Chain and Service