Lab 3: Leveraging Terraform

The following lab tasks will guide you through using Terraform to deploy and secure a Web based application. Students will start by creating an authentication certificate within Distributed Cloud that Terraform utilizes for authenticating the API calls. Next, a Tfvars file is created to customize the deployment to match the student’s environment. Terraform will then be used to deploy an HTTP Health Check, Origin Pool, and HTTP Load Balancer. Students will then modify and apply the Terraform configuration to add a Web Application Firewall to their existing HTTP Load Balancer. Finally, Terraform will be used to tear down everything it created in this lab.

Expected Lab Time: 20 minutes

Task 1: Deploy a Web Application with Terraform

In this task, you will create an API Certificate for Terraform to authneticate to the Distributed Cloud API. Next, you will create a Tfvars file to specify environment variables unique to your environment. After the Tfvars file is created, you will intialize Terraform and then deploy an HTTP Health Check, Origin Pool, and HTTP Load Balancer.

This lab will begin back in the Windows 10 client deployed as part of the UDF.

Create API Certificate from the Distributed Cloud Console

  1. From the Windows 10 client deployed as part of the UDF, open Chrome.

lab1-Chrome

  1. Click on the XC Console bookmark to be taken to the XC Console login.

lab1-XC_Bookmark

  1. Enter your e-mail address in the Email form and password in the Password form and click Sign

    In.

lab1-XC_Signin

  1. In the top right corner of the Distributed Cloud Console click the User Icon dropdown and select

    Account Settings.

lab1-Account_Settings

  1. In the resulting screen click Credentials under the Peronal Management Heading on the left.

lab1-Credentials

  1. Click Add Credentials.

lab1-Add_Credentials

  1. Fill in the resulting form with the following values:

    • Credential Name ID: <namespace>-api-cert

    • Credential Type: Select: API Certificate

    • Password: <some_password>

    • Confirm Password: <some_password>

    • Expiry Date: Select: <date two days in the future of today’s date>

  2. Click Download.

lab3-Terraform_Download_API_Cert

Note

Use a password that you will remember for the certificate, if you don’t remember your API cert password, you will need to generate a new API cert.

Set Windows Environment Variables for Terraform to Utilize

  1. Minimize the Chrome Browser and double click the Command Prompt icon on the Windows 10 desktop.

lab3-Terraform_Cmd_Prompt

  1. Copy the certificate you downloaded to the labuser home folder using the command:

copy c:\Users\labuser\Downloads\f5-xc-lab-app.console.ves.volterra.io.api-creds.p12 c:\Users\labuser\xc-api-cert.p12

lab3-Terraform_Cert_Copy

  1. Set an environment variable for the API certificate password with the following command:

setx VES_P12_PASSWORD "<some_password>"

lab3-Terraform_Cert_Password

  1. Close the command prompt window.

Open the Pre-Created Terraform Code in Visual Studio Code

  1. Double click the Visual Studio Code icon on the desktop to launch Visual Studio Code.

lab3-Terraform_VSC

  1. When Visual Studio Code launches, click File and then Open Folder….

lab3-Terraform_VSC_Folder

  1. In the resulting window, paste the below text into the location bar, click the arrow to open that

    location, and then click Select Folder.

c:\Users\labuser\appworld-f5xc-automation\Terraform

lab3-Terraform_VSC_Folder_Select

Note

You may see a pop up window that says “Do you trust the authors of the files in this folder?” If you see this pop up, click “Yes, I trust the authors”

Create a tfvars File for Specifying Environment Specific Variables

  1. From the EXPLORER frame, click the new file icon next to the TERRAFORM folder, and then enter the name

    terraform.tfvars for the new file that is created and press Enter.

lab3-Terraform_VSC_Tfvars

  1. This will open the terraform.tfvars file in the right frame of Visual Studio Code, enter the following

    values into the file:

api_p12     = "c:/Users/labuser/xc-api-cert.p12"
tenant_name = "f5-xc-lab-app"
namespace   = "<namespace>"

lab3-Terraform_VSC_Tfvars_Values

  1. Click File and Save to save the changes you made to the file.

lab3-Terraform_VSC_Tfvars_Save

Initialize, Plan, and Apply Your Terraform Code

  1. From the Visual Studio Code menu bar, click View, and then click Terminal.

lab3-Terraform_VSC_Terminal

  1. In the Terminal at the bottom of Visual Studio Code, enter the following command and press Enter:

terraform init

lab3-Terraform_VSC_Init

  1. Review the Init Results. You should see a Terraform has been successfully initialized! message.

    DO NOT PROCEED AND ASK A LAB ASSISTANT FOR HELP IF YOU DON’T SEE THE SUCCESSFULLY INITIALIZED MESSAGE.

lab3-Terraform_VSC_Init_Success

  1. In the Terminal, enter the following command and press Enter:

terraform plan

lab3-Terraform_VSC_Plan

  1. Review the Plan results. This shows what Terraform is planning to create.

lab3-Terraform_VSC_Plan_Results

  1. In the Terminal, enter the following command and press Enter:

terraform apply

lab3-Terraform_VSC_Apply

  1. When prompted Do you want to perform these actions?, type yes and press Enter.

lab3-Terraform_VSC_Apply_Yes

  1. Review the Apply results. This shows what Terraform created.

lab3-Terraform_VSC_Apply_Results

Verify the Demo Shop App is Accessible Via a Web Browser

  1. Open a new tab in your Chrome browser and enter the following URL

    http://<namespace>-demoshop.lab-app.f5demos.com

Note

This illustrates that you are able to configure the delivery of an application via the Distributed Cloud API utilizing Terraform.

lab1-Demoshop

Task 2: Create & Attach WAF Policy

In this task, you will modify your Terraform configuration to create and apply an Application Firewall policy with the default settings. Since Terraform tracks state, the apply command is used to modify the required existing objects within Distributed Cloud.

Edit Your Terraform Code to Create an Application Firewall and Add It to the Load Balancer

  1. From the Visual Studio Code Explorer frame, click main.tf, to open the Terraform configuration.

lab3-Terraform_VSC_Main

  1. Scroll down to the bottom of the configuration and paste in the following lines to create the Web

    Application Firewall policy.

# Create WAF Policy
resource "volterra_app_firewall" "waf" {
  name = "${var.namespace}-appfw"
  namespace = var.namespace
  allow_all_response_codes = true
  default_anonymization = true
  use_default_blocking_page = true
  default_bot_setting = true
  default_detection_settings = true
  use_loadbalancer_setting = true
  blocking = true
}

lab3-Terraform_VSC_Appfw_Create

  1. Locate the Create Load Balancer configuration within main.tf and replace the disable_waf = true

    line with the following configuration:

# WAF Config
app_firewall {
  name = volterra_app_firewall.waf.name
  namespace = var.namespace
}

lab3-Terraform_VSC_Appfw_LB_Disable

lab3-Terraform_VSC_Appfw_LB_Config

Note

The WAF Config should be indented two spaces under the Load Balancer configuration to maintain nesting style conventions.

  1. Click File and Save to save the changes you made to main.tf.

lab3-Terraform_VSC_Main_Save

Plan and Apply Your New Terraform Code to Create an Application Firewall and Associate It to Your LB

  1. In the Terminal, enter the following command and press Enter:

terraform plan

lab3-Terraform_VSC_Appfw_Plan

  1. Review the Plan results. This shows what Terraform is planning to create.

lab3-Terraform_VSC_Appfw_Plan_Results

  1. In the Terminal, enter the following command and press Enter:

terraform apply

lab3-Terraform_VSC_Appfw_Apply

  1. When prompted Do you want to perform these actions?, type yes and press Enter.

lab3-Terraform_VSC_Appfw_Apply_Yes

  1. Review the Apply results. This shows what Terraform created.

lab3-Terraform_VSC_Appfw_Apply_Results

Verify the Application Firewall was Created and Applied Within the Distributed Cloud Console

  1. Switch back to the Chrome Browser that is connected to the Distributed Cloud Console.

  1. Within the Distributed Cloud dashboard, select the Multi-Cloud App Connect tile.

lab1-XC_App_Connect

  1. In the resulting screen, expand the Manage menu and click Load Balancers and then select

    HTTP Load Balancers.

lab1-XC_LB

  1. From the HTTP Load Balancers page, locate the HTTP Load Balancer that you created via Terraform. Click

    the ellipsis under Actions and select Manage Configuration.

lab1-XC_LB_Manage

  1. From the resulting screen, select Web Application Firewall under the HTTP Load Balancer frame to jump

    to the Web Application Firewall configuration section.

lab3-XC_Terraform_WAF

  1. Notice that the Web Application Firewall is now Enabled and the policy you created using Terraform is

    applied.

lab3-XC_Terraform_WAF_Enable

  1. Click Cancel and Exit to close out of the HTTP Load Balancer configuration.

lab3-XC_Terraform_WAF_Cancel

Task 3: Destroy the Terraform Objects

In this task, you will use Terraform to destroy the HTTP Health Check, Origin Pool, HTTP Load Balancer, and Web Application Firewall Policy that was created in Tasks 1 & 2.

Delete Distributed Cloud Objects Utilizing Terraform Destroy

  1. Switch back to the Visual Studio Code application.

  1. In the Visual Studio Code Terminal, enter the following command and press Enter:

terraform destroy

lab3-Terraform_VSC_Destroy

  1. When prompted Do you really want to destroy all resources? type yes and press Enter.

lab3-Terraform_VSC_Destroy_Yes

  1. Review the Destroy results. This shows what Terraform deleted.

lab3-Terraform_VSC_Destroy_Results

End of Lab 3

This concludes Lab 3. In this lab, you learned how to setup Terraform to authenticate to to Distributed Cloud

utilizing an API Certificate. You then created a Tfvars file to customize the deployment to match your

environment. After that, you used Terraform to deploy an HTTP Health Check, Origin Pool, and HTTP Load

Balancer. The Terraform configuration was then modified to create a Web Application Firewall policy and apply

it to the HTTP Load Balancer. Finally, Terraform was used to destroy all of the objects created in this lab. A

brief presentation and demo will be shared prior to the conclusion of this class.

labend