Lab 8.3: Device Onboarding with BIG-IQ

Note

Estimated time to complete: 15 minutes

Lab environment access

If you have not yet visited the page Getting Started, please do so.

Tasks

Prerequisites to this module: - A BIG-IP available that you would like to target with F5 Declarative Onboarding - Connectivity to/from the BIG-IQ (CM/DCD) and the BIG-IP if you are going to onboard the BIG-IP into BIG-IQ

  1. From the VE Creation in BIG-IQ, choose Onboard:
image9

Note

Although you can start BIG-IP onboarding from multiple locations, if we select our AWS instance from the VE Create screen, it will automatically populate some needed configuration (like the SSH key location)

  1. Build our Declarative Onboarding configuration

F5 Declarative Onboarding like Application Services 3 utilizes Classes as configuration objects. If you were to build DO without BIG-IQ, you would need to structure the Classes into a payload that is able to be sent at a BIG-IP. From the BIG-IQ Onboard Properties screen, we can see the DO classes available to us, which will form the payload to be sent at a targeted BIG-IP.

The two main differences between DO native and BIG-IQ with DO are the BIG-IQ Settings, and the License classes.
  • The BIG-IQ settings class is used to replace the Discovery and Import process of traditional BIG-IPs into the BIG-IQ platform.
  • The License class can be used to license the BIG-IP VE with a regKey directly or utilizing a licensePool from either the Current BIG-IQ or a different BIG-IQ

Our VE created in the previous lab was a single instance with 1-NIC and a BYOL license. From our perspective, DO doesn’t need many options, BIG-IQ management, ASM / AVR provisioned, User, and a License. Then it will be ready for AS3 or Application Templates.

Check the BIG-IQ Settings and Provision options to add the class to our configuration, our newly created BIG-IP VE has never been configured with any configuration so we can leave the default options for the BIG-IQ Settings class. Add in our demo hostname, under-provisioning make sure that AVR and AWAF are configured with nominal.

Warning

In the License class, you must supply the same BIG-IP admin username and password as the ones entered for the User class. Also the Hypervisor needs to be selected only if reachable = false.

image10 image11 image12 image13

Note

You do not need to have created the BIG-IP VE from BIG-IQ to send Declarative Onboarding payloads. If you did create the VE from BIG-IQ, it would show up in the BIG-IP VE drop-down list; if you did not create it, you would need to specify the Target information.

With the configuration, set click the Onboard button.

Similar to Application Templates and AS3 Templates, Declarative Onboarding has a Sample API request to see what this payload would look like being sent programmatically into the BIG-IQ.

image20

BIG-IQ will gather all the needed pieces from our DO options. These will be sent to the BIG-IP VE target API for configuring our device.

image14

Once onboarding is complete, the BIG-IP VE will be a managed BIG-IP within BIG-IQ and can be used for Application and Service Deployments.

image15

Warning

In case you get following error: “Task Failed: Failed to complete onboarding task: Unexpected response from declartive onboarding: code: 404, message: Please confirm Declartive Onboarding (DO) is running on BIG-IQ. See log for details.”, restart restnoded on the BIG-IQ CM. SSH the BIG-IQ CM server and execute bigstart restart restnoded.