F5 BIG-IQ Centralized Management Lab > BIG-IQ All Labs > Class 2: BIG-IQ Deployment with auto-scale on AWS, Azure & VMware > Module 4: Setup a Service scaling group (SSG) in AWS Source | Edit on
Lab 4.2: Deploy your SSG in AWS¶
Since we have already seen the different components needed to deploy a SSG successfuly,
we will automatically deploy it and review its configuration.
Access lab orchestrator (using ansible/bash)¶
To setup BIG-IQ and AWS automatically, open a SSH connection on the system called: Ubuntu Lamp Server
Once connected via SSH, go into the folder: f5-aws-vpn-ssg:
cd f5-aws-vpn-ssg/
We will need to edit the following files:
- config.yml: This file will contains all the information needed to
- deploy the
AWSenvironment successfuly.
- 08a-create-aws-auto-scaling.yml: we will change the setup of the default
SSG - that gets deployed. we want to deploy 2 instances to review how it is setup as
part of a
SSGgroup (OPTIONAL).
- 08a-create-aws-auto-scaling.yml: we will change the setup of the default
Update config.yml¶
Warning
if you are using the UDF Cloud Account, skip this step.
In the case you are NOT using the UDF Cloud account and using your own AWS account:
Edit
000-RUN_ALL.shand comment out the line./01-configure-cloud-udf.shwith a#vi 000-RUN_ALL.shlEdit
config.ymlvi config.yml
Here are the settings you will need to change to deploy everything successfuly:
- AWS_ACCESS_KEY_ID: Use the
AWS Access Keyyou retrieved from the previous lab (IAM section).
- AWS_ACCESS_KEY_ID: Use the
- AWS_SECRET_ACCESS_KEY: Use the
AWS Secret Access Keyyou retrieve from the previous lab (IAM section).
- AWS_SECRET_ACCESS_KEY: Use the
- PREFIX: Specify a
prefixthat will be used on each object automatically created. we will use udf-<your NAME>. For example: udf-MENANT
Warning
DO NOT PUT a
-at the end or your deployment will fail.We need you to put something so that your PREFIX will be UNIQUE to you or it will overlap with other student’s env. If your name is ‘common’, pick something else that should be unique or append your first name to it.
Remember that the PREFIX must be 10 CHARACTERS MAX
- PREFIX: Specify a
- AWS_SSH_KEY: Use the
AWS Key Pairwe created in the previous lab. In our example, it was CE-Lab-MENANT but yours should have a different name.
- AWS_SSH_KEY: Use the
Save the config file.
Here is an example of the updated config.yml file:
##################################################################################################
########################### UPDATE VARIABLE BELOW ###############################
##################################################################################################
AWS_ACCESS_KEY_ID: *****************
AWS_SECRET_ACCESS_KEY: *********************
# A unique searchable prefix to all resources which are created
# Use a prefix w/o spaces or special characters (NO MORE THAN 10 CHARACTERS, no end with - or special characters)
PREFIX: udf-MENANT
# Select on of the region below (default US EST N. Virginia)
DEFAULT_REGION: us-east-1
AWS_AZ_1A: us-east-1a
AWS_AZ_1B: us-east-1b
# Update your SSH AWS KEY (EC2 > NETWORK & SECURITY > Key Pairs)
AWS_SSH_KEY: CE-Lab-MENANT
BYOL_BIGIP_AMI: "ami-58c3d327" # us-east-1 F5 Networks BIGIP-13.1.1-0.0.4 BYOL - All Modules 1 Boot Location
Note
We don’t have to change anything else as long as we use the US-East (N. Virginia) Region
Warning
in your config.yml file, you have the default password that will be used for the admin user
This password will be enforced on all the VEs deployed in your SSG.
# BIG-IQ SSG CONFIG
BIGIP_USER: admin
BIGIP_PWD: **************
MAKE SURE TO NOTE IT SOMEWHERE
In case want to use your own AWS account, comment out the line 01-configure-cloud-udf.sh in 000-RUN_ALL.sh.
Update our SSG configuration (OPTIONAL)¶
Warning
this step is optional, if skipped, the SSG created will have 1 BIG-IP device to start with.
To update configuration pushed by the orchestrator, we will update the file called 08a-create-aws-auto-scaling.yml. Use your favorite editor to update it.
Look for this section in the file:
- include_tasks: ./helpers/post.yml
with_items:
- name: Create service scaling group
url: "{{BIGIQ_URI}}/cm/cloud/service-scaling-groups"
body: >
{
"name": "{{SSG_NAME}}",
"description": "AWS scaling group",
"environmentReference": {
"link": "https://localhost/mgmt/cm/cloud/environments/{{cloud_environment_result.id}}"
},
"minSize": 1,
"maxSize": 3,
"maxSupportedApplications": 3,
"desiredSize": 1,
"postDeviceCreationUserScriptReference": null,
"preDeviceDeletionUserScriptReference": null,
"scalingPolicies": [
{
"name": "scale-out",
"cooldown": 15,
"direction": "ADD",
"type": "ChangeCount",
"value": 1
},
{
"name": "scale-in",
"cooldown": 15,
"direction": "REMOVE",
"type": "ChangeCount",
"value": 1
}]
}
Change the minSize and desiredSize from 1 to 2 :
- include_tasks: ./helpers/post.yml
with_items:
- name: Create service scaling group
url: "{{BIGIQ_URI}}/cm/cloud/service-scaling-groups"
body: >
{
"name": "{{SSG_NAME}}",
"description": "AWS scaling group",
"environmentReference": {
"link": "https://localhost/mgmt/cm/cloud/environments/{{cloud_environment_result.id}}"
},
"minSize": 2,
"maxSize": 3,
"maxSupportedApplications": 3,
"desiredSize": 2,
"providerType": "AWS",
"postDeviceCreationUserScriptReference": null,
"preDeviceDeletionUserScriptReference": null,
"scalingPolicies": [
{
"name": "scale-out",
"cooldown": 15,
"direction": "ADD",
"type": "ChangeCount",
"value": 1
},
{
"name": "scale-in",
"cooldown": 15,
"direction": "REMOVE",
"type": "ChangeCount",
"value": 1
}]
}
Trigger the deployment¶
Now that the relevant files have been updated, we can trigger the deployment.
To trigger the deployment, run the following command from the Ubuntu lamp server:
./000-RUN_ALL.sh ssg
It will ask you to press Enter to confirm that you subscribed and agreed to the EULA in the marketplace. Make sure you subscribed to the F5 BIG-IP VE - ALL BYOL, then press enter to start the deployment.
Warning
If you are using UDF Cloud Accounts, you can also find the AWS console URL, login, password in the lab environment.
You should see something like this:
f5student@xjumpbox:~/f5-aws-vpn-ssg$ ./000-RUN_ALL.sh ssg
Before moving further, subscribed and agreed to the software terms in AWS Marketplace for:
- F5 BIG-IP VE - ALL (BYOL, 1 Boot Location) https://aws.amazon.com/marketplace/pp/B07G5MT2KT/
AWS console Credentials: https://console.aws.amazon.com/
- accountId: "12345678908"
- consoleUsername: "udf"
- consolePassword: "423BeMhe23iLt23weazkas2"
Press [Enter] key to continue... CTRL+C to Cancel
[DEPRECATION WARNING]: [defaults]hostfile option, The key is misleading as it can also be a list of hosts, a directory or a list of paths , use [defaults] inventory=/path/to/file|dir
instead. This feature will be removed in version 2.8. Deprecation warnings can be disabled by setting deprecation_warnings=False in ansible.cfg.
PLAY [Install and configure dependencies and verify environment] ************************************************************************************************************************
TASK [Gathering Facts] ******************************************************************************************************************************************************************
ok: [localhost]
TASK [command] **************************************************************************************************************************************************************************
changed: [localhost]
TASK [command] **************************************************************************************************************************************************************************
changed: [localhost]
TASK [command] **************************************************************************************************************************************************************************
changed: [localhost]
TASK [command] **************************************************************************************************************************************************************************
changed: [localhost]
TASK [command] **************************************************************************************************************************************************************************
changed: [localhost]
PLAY RECAP ******************************************************************************************************************************************************************************
localhost : ok=6 changed=5 unreachable=0 failed=0
[DEPRECATION WARNING]: [defaults]hostfile option, The key is misleading as it can also be a list of hosts, a directory or a list of paths , use [defaults] inventory=/path/to/file|dir
instead. This feature will be removed in version 2.8. Deprecation warnings can be disabled by setting deprecation_warnings=False in ansible.cfg.
PLAY [Deploy prerequisite infrastructure for SSG to AWS] ********************************************************************************************************************************
TASK [Gathering Facts] ******************************************************************************************************************************************************************
ok: [localhost]
TASK [Set AWS Region] *******************************************************************************************************************************************************************
changed: [localhost]
TASK [Retrieve available subnets] *******************************************************************************************************************************************************
ok: [localhost]
TASK [Fail if there aren't enough availability zones] ***********************************************************************************************************************************
skipping: [localhost]
TASK [Build VPC CloudFormation] *********************************************************************************************************************************************************
At this stage, we should start deploying your environment in AWS.
In your AWS Console, go to Services > CloudFormation.
Here we can see that CloudFormation Stacks are being deployed with the prefix
udf-MENANT as mentioned in config.yml file (prefix attribute)
In the next lab, we will review what has been setup on BIG-IQ and what was
deployed in our AWS VPC.