F5 BIG-IQ Centralized Management Lab > BIG-IQ All Labs > Class 12: BIG-IQ SSL Orchestrator > Module 3: SSLo Declarative API Source | Edit on
Lab 3.1: SSLo configuration through declarative API¶
Note
Estimated time to complete: 20 minutes
In this lab, Larry will provide to David with a new JSON blob so that David can deploy a SSLo Outbound service with one Declarative API call.
Service creation with one Declarative API call¶
- Connect to
Visual Studio Code
by clicking on the link underAccess
menu onUbuntu
machine (follow instructions).
- VSC will open, and on the left menu, click on file
postman_SSLo.rest
inproject
directory
Now, on the right frame, you can see the different
Postman
calls. We will run them, one by one. It is important to understand each of them- The
first call
is to authenticate against the BIG-IQ, and get a token. Use the first call (line #9). Click onSend Request
You should see on the right frame, the response from BIG-IQ. Now, you have a token, and you can send REST calls to BIG-IQ.
It is time to send our
declarative API call
that will configure our required configuration.The JSON blob (the declarative call) is below. You can notice the different sections (Topology, SSL_Settings, Security Policy, Service_Chain, Service)
{ "template": { "TOPOLOGY": { "name": "sslo_NewTopology_Dec", "ingressNetwork": { "vlans": [ { "name": "/Common/VLAN_TAP" } ] }, "type": "topology_l3_outbound", "sslSetting": "ssloT_NewSsl_Dec", "securityPolicy": "ssloP_NewPolicy_Dec" }, "SSL_SETTINGS": { "name": "ssloT_NewSsl_Dec" }, "SECURITY_POLICY": { "name": "ssloP_NewPolicy_Dec", "rules": [ { "mode": "edit", "name": "Pinners_Rule", "action": "allow", "operation": "AND", "conditions": [ { "type": "SNI Category Lookup", "options": { "category": [ "Pinners" ] } }, { "type": "SSL Check", "options": { "ssl": true } } ], "actionOptions": { "ssl": "bypass", "serviceChain": "ssloSC_NewServiceChain_Dec" } }, { "mode": "edit", "name": "All Traffic", "action": "allow", "isDefault": true, "operation": "AND", "actionOptions": { "ssl": "intercept" } } ] }, "SERVICE_CHAIN": { "ssloSC_NewServiceChain_Declarative": { "name": "ssloSC_NewServiceChain_Dec", "orderedServiceList": [ { "name": "ssloS_ICAP_Dec" } ] } }, "SERVICE": { "ssloS_ICAP_Declarative": { "name": "ssloS_ICAP_Dec", "customService": { "name": "ssloS_ICAP_Dec", "serviceType": "icap", "loadBalancing": { "devices": [ { "ip": "3.3.3.3", "port": "1344" } ] } } } } }, "targetList": [ { "type": "DEVICE", "name": "SEA-vBIGIP01.termmarc.com" } ] }
Click on
Send Request
and check the right frame of the screen.
- Now, let’s check the status. To do so, we will use another REST call.
- Scroll down on the right side and copy the
access-workflow ID
. This ID is the last string inselflink
attribut. In this example the ID isa8d44084-0ace-4cd9-99d0-c9ba789ef128
. You might need to click on the link and then copy it from the URL in the new tab to get it copied.
On the left side scroll down to the section “Check status” and replace the ID by the one you just copied.
For example:
GET https://{{bigiq}}/mgmt/cm/sslo/tasks/api/a8d44084-0ace-4cd9-99d0-c9ba789ef128 HTTP/1.1
Now click on
Send Request
You should see a
200 OK
, andstatus : Finshed
- Connect to BIG-IQ GUI as
david
and double check underSSL Orchestrator
that theTopologies: sslo_NewTopology_Dec
got created.
- The
Note
Congrats, with one call, you deployed a new SSLo Topology including SSL_Settings, Security Policy, Service_Chain and Service