Lab 8.5: Deploy BIG-IP in AWS and configure App Services using Ansible, BIG-IQ & Automation Tool Chain

Note

Estimated time to complete: 20 minutes

In this lab, we are going to deploy a new BIG-IP in AWS and deploy an HTTPS offload Application Service using BIG-IQ and Automation Tool Chain.

This lab will be using following F5 Ansible Galaxy roles:

• bigiq_create_ve ansible Role: Create a BIG-IP VE (Virtual Edition) from BIG-IQ in AWS, Azure or VMware.
• atc_deploy ansible Role: Allows AS3 and DO declarations to be sent to automation tool chain service.
• ansible.builtin.uri ansible Module: Interacts with web services, create SSL cert & key on BIG-IQ
• bigiq_pinning_deploy_objects ansible Role: Pin objects (e.g. Cert & Key) on BIG-IQ and deploy it to BIG-IP(s).
• bigiq_move_app_dashboard ansible Role: Move Application Service(s) in BIG-IQ Application Dashboard.

Lab environment access

If you have not yet visited the page Getting Started, please do so.

Workflow

1. Create VPN between F5 Lab and AWS
2. Create BIG-IP VE using bigiq_create_ve
3. Onboard BIG-IP using atc_deploy
4. Create SSL Certificate and Key on BIG-IQ using ansible.builtin.uri
5. Deploy SSL objects to BIG-IP using bigiq_pinning_deploy_objects
6. Create AS3 Application Service HTTPS offload using atc_deploy
7. Organized Application Service in BIG-IQ Application Dashboard using bigiq_move_app_dashboard
8. Your HTTPS offload Application Service is now up and ready to serve traffic

All steps from 2 to 3 are handed in an simple Ansible playbook where creation & deployments of the BIG-IP and its configuration is automated.

Tasks

1. If not already done, run through Lab 8.1 Prepare your AWS Account.

2. Login as david and navigate to Applications > Environments > Cloud Environments

3. Connect via SSH or Web Shell to the system Ubuntu Lamp Server. (if you use the Web Shell, login as f5student first: su - f5student) and

   cd /home/f5/f5-ansible-bigiq-ve-creation-do-demo
   vi bigiq_create_ve_and_app_services_aws.yml
   

   Update Cloud Environment variable in the playbook:

   cloud_environment: "demo-8574-aws-environment_DO"
   

   You also have the option to change few variables such as VE name, VE password, tenant, app service name, Common Name (CN) of the SSL certificate:

   veName: "bigipvm03"
   vePassword: "u7BnD@4f5"
   tenant: "aws"
   appName: "webAppServiceHttp2"
   cn: "webapp-aws"
   

You can look at the details of the Ansible Playbook source on the GitHub repository.

4. build the ansible runner container:

   docker build -t f5-ansible-runner .
   

   Check ansible version and galaxy roles installed:

   ./ansible_helper ansible-playbook --version
   ./ansible_helper ansible-galaxy list
   

5. Now, let’s execute the playbook:

   ./ansible_helper ansible-playbook /ansible/bigiq_create_ve_and_app_services_aws.yml -i /ansible/hosts
   

Note

Add -vvv if you want to get the debug output.

6. Let’s now review everything which was created by the playbook.

Devices > BIG-IP VE Creation

Devices > BIG-IP VE Onboarding

Devices > BIG-IP Devices

Log in to your AWS console to the EC2 Dashboard and look for the VE created.

Configuration > Local Traffic > Certificate Management > Certificates & Keys

Deployments > Evaluate & Deploy > Local Traffic & Network

7. Test the application service by opening a browser and typing the Virtual Server IP address/port https://54.214.186.233. You should see the Hello, World website.

8. Go back on the BIG-IQ application dashboard and look at the HTTP analytics.