F5 Distributed Cloud > F5 Distributed Cloud Automation - NetOps, DevOps, SecOps and Beyond Source | Edit on

Lab 3: Leveraging Terraform¶

The following lab tasks will guide you through using Terraform to deploy and secure a Web based application. Students will start by creating an authentication certificate within Distributed Cloud that Terraform utilizes for authenticating the API calls. Next, a Tfvars file is created to customize the deployment to match the student’s environment. Terraform will then be used to deploy an HTTP Health Check, Origin Pool, and HTTP Load Balancer. Students will then modify and apply the Terraform configuration to add a Web Application Firewall to their existing HTTP Load Balancer. Finally, Terraform will be used to tear down everything it created in this lab.

Expected Lab Time: 20 minutes

Task 1: Deploy a Web Application with Terraform¶

In this task, you will create an API Certificate for Terraform to authneticate to the Distributed Cloud API. Next, you will create a Tfvars file to specify environment variables unique to your environment. After the Tfvars file is created, you will intialize Terraform and then deploy an HTTP Health Check, Origin Pool, and HTTP Load Balancer.

This lab will begin back in the Windows 10 client deployed as part of the UDF.

Create API Certificate from the Distributed Cloud Console
From the Windows 10 client deployed as part of the UDF, open Chrome.
Click on the XC Console bookmark to be taken to the XC Console login.
Enter your e-mail address in the Email form and password in the Password form and click Sign In.
In the top right corner of the Distributed Cloud Console click the User Icon dropdown and select Account Settings.
In the resulting screen click Credentials under the Peronal Management Heading on the left.
Click Add Credentials.
Fill in the resulting form with the following values: Credential Name ID: <namespace>-api-cert Credential Type: Select: API Certificate Password: <some_password> Confirm Password: <some_password> Expiry Date: Select: <date two days in the future of today’s date> Click Download. Note Use a password that you will remember for the certificate, if you don’t remember your API cert password, you will need to generate a new API cert.

Create API Certificate from the Distributed Cloud Console

From the Windows 10 client deployed as part of the UDF, open Chrome.

Click on the XC Console bookmark to be taken to the XC Console login.

Enter your e-mail address in the Email form and password in the Password form and click Sign

In.

In the top right corner of the Distributed Cloud Console click the User Icon dropdown and select

Account Settings.

In the resulting screen click Credentials under the Peronal Management Heading on the left.

Click Add Credentials.

Fill in the resulting form with the following values:
- Credential Name ID: <namespace>-api-cert
- Credential Type: Select: API Certificate
- Password: <some_password>
- Confirm Password: <some_password>
- Expiry Date: Select: <date two days in the future of today’s date>
Click Download.

Note

Use a password that you will remember for the certificate, if you don’t remember your API cert password, you will need to generate a new API cert.

Set Windows Environment Variables for Terraform to Utilize
Minimize the Chrome Browser and double click the Command Prompt icon on the Windows 10 desktop.
Copy the certificate you downloaded to the labuser home folder using the command: copy c:\Users\labuser\Downloads\f5-xc-lab-app.console.ves.volterra.io.api-creds.p12 c:\Users\labuser\xc-api-cert.p12
Set an environment variable for the API certificate password with the following command: setx VES_P12_PASSWORD "<some_password>"
Close the command prompt window.

Set Windows Environment Variables for Terraform to Utilize

Minimize the Chrome Browser and double click the Command Prompt icon on the Windows 10 desktop.

Copy the certificate you downloaded to the labuser home folder using the command:

copy c:\Users\labuser\Downloads\f5-xc-lab-app.console.ves.volterra.io.api-creds.p12 c:\Users\labuser\xc-api-cert.p12

Set an environment variable for the API certificate password with the following command:

setx VES_P12_PASSWORD "<some_password>"

Close the command prompt window.

Open the Pre-Created Terraform Code in Visual Studio Code
Double click the Visual Studio Code icon on the desktop to launch Visual Studio Code.
When Visual Studio Code launches, click File and then Open Folder….
In the resulting window, paste the below text into the location bar, click the arrow to open that location, and then click Select Folder. c:\Users\labuser\appworld-f5xc-automation\Terraform Note You may see a pop up window that says “Do you trust the authors of the files in this folder?” If you see this pop up, click “Yes, I trust the authors”

Open the Pre-Created Terraform Code in Visual Studio Code

Double click the Visual Studio Code icon on the desktop to launch Visual Studio Code.

When Visual Studio Code launches, click File and then Open Folder….

In the resulting window, paste the below text into the location bar, click the arrow to open that

location, and then click Select Folder.

c:\Users\labuser\appworld-f5xc-automation\Terraform

Note

You may see a pop up window that says “Do you trust the authors of the files in this folder?” If you see this pop up, click “Yes, I trust the authors”

Create a tfvars File for Specifying Environment Specific Variables
From the EXPLORER frame, click the new file icon next to the TERRAFORM folder, and then enter the name terraform.tfvars for the new file that is created and press Enter.
This will open the terraform.tfvars file in the right frame of Visual Studio Code, enter the following values into the file: api_p12 = "c:/Users/labuser/xc-api-cert.p12" tenant_name = "f5-xc-lab-app" namespace = "<namespace>"
Click File and Save to save the changes you made to the file.

Create a tfvars File for Specifying Environment Specific Variables

From the EXPLORER frame, click the new file icon next to the TERRAFORM folder, and then enter the name

terraform.tfvars for the new file that is created and press Enter.

This will open the terraform.tfvars file in the right frame of Visual Studio Code, enter the following

values into the file:

api_p12     = "c:/Users/labuser/xc-api-cert.p12"
tenant_name = "f5-xc-lab-app"
namespace   = "<namespace>"

Click File and Save to save the changes you made to the file.

Initialize, Plan, and Apply Your Terraform Code
From the Visual Studio Code menu bar, click View, and then click Terminal.
In the Terminal at the bottom of Visual Studio Code, enter the following command and press Enter: terraform init
Review the Init Results. You should see a Terraform has been successfully initialized! message. DO NOT PROCEED AND ASK A LAB ASSISTANT FOR HELP IF YOU DON’T SEE THE SUCCESSFULLY INITIALIZED MESSAGE.
In the Terminal, enter the following command and press Enter: terraform plan
Review the Plan results. This shows what Terraform is planning to create.
In the Terminal, enter the following command and press Enter: terraform apply
When prompted Do you want to perform these actions?, type yes and press Enter.
Review the Apply results. This shows what Terraform created.

Initialize, Plan, and Apply Your Terraform Code

From the Visual Studio Code menu bar, click View, and then click Terminal.

In the Terminal at the bottom of Visual Studio Code, enter the following command and press Enter:

terraform init

Review the Init Results. You should see a Terraform has been successfully initialized! message.

DO NOT PROCEED AND ASK A LAB ASSISTANT FOR HELP IF YOU DON’T SEE THE SUCCESSFULLY INITIALIZED MESSAGE.

In the Terminal, enter the following command and press Enter:

terraform plan

Review the Plan results. This shows what Terraform is planning to create.

In the Terminal, enter the following command and press Enter:

terraform apply

When prompted Do you want to perform these actions?, type yes and press Enter.

Review the Apply results. This shows what Terraform created.

Verify the Demo Shop App is Accessible Via a Web Browser
Open a new tab in your Chrome browser and enter the following URL http://<namespace>-demoshop.lab-app.f5demos.com Note This illustrates that you are able to configure the delivery of an application via the Distributed Cloud API utilizing Terraform.

Task 2: Create & Attach WAF Policy¶

In this task, you will modify your Terraform configuration to create and apply an Application Firewall policy with the default settings. Since Terraform tracks state, the apply command is used to modify the required existing objects within Distributed Cloud.

Edit Your Terraform Code to Create an Application Firewall and Add It to the Load Balancer
From the Visual Studio Code Explorer frame, click main.tf, to open the Terraform configuration.
Scroll down to the bottom of the configuration and paste in the following lines to create the Web Application Firewall policy. # Create WAF Policy resource "volterra_app_firewall" "waf" { name = "${var.namespace}-appfw" namespace = var.namespace allow_all_response_codes = true default_anonymization = true use_default_blocking_page = true default_bot_setting = true default_detection_settings = true use_loadbalancer_setting = true blocking = true }
Locate the Create Load Balancer configuration within main.tf and replace the disable_waf = true line with the following configuration: # WAF Config app_firewall { name = volterra_app_firewall.waf.name namespace = var.namespace } Note The WAF Config should be indented two spaces under the Load Balancer configuration to maintain nesting style conventions.
Click File and Save to save the changes you made to main.tf.

Edit Your Terraform Code to Create an Application Firewall and Add It to the Load Balancer

From the Visual Studio Code Explorer frame, click main.tf, to open the Terraform configuration.

Scroll down to the bottom of the configuration and paste in the following lines to create the Web

Application Firewall policy.

# Create WAF Policy
resource "volterra_app_firewall" "waf" {
  name = "${var.namespace}-appfw"
  namespace = var.namespace
  allow_all_response_codes = true
  default_anonymization = true
  use_default_blocking_page = true
  default_bot_setting = true
  default_detection_settings = true
  use_loadbalancer_setting = true
  blocking = true
}

Locate the Create Load Balancer configuration within main.tf and replace the disable_waf = true

line with the following configuration:

# WAF Config
app_firewall {
  name = volterra_app_firewall.waf.name
  namespace = var.namespace
}

Note

The WAF Config should be indented two spaces under the Load Balancer configuration to maintain nesting style conventions.

Click File and Save to save the changes you made to main.tf.

Plan and Apply Your New Terraform Code to Create an Application Firewall and Associate It to Your LB
In the Terminal, enter the following command and press Enter: terraform plan
Review the Plan results. This shows what Terraform is planning to create.
In the Terminal, enter the following command and press Enter: terraform apply
When prompted Do you want to perform these actions?, type yes and press Enter.
Review the Apply results. This shows what Terraform created.

Plan and Apply Your New Terraform Code to Create an Application Firewall and Associate It to Your LB

In the Terminal, enter the following command and press Enter:

terraform plan

Review the Plan results. This shows what Terraform is planning to create.

In the Terminal, enter the following command and press Enter:

terraform apply

When prompted Do you want to perform these actions?, type yes and press Enter.

Review the Apply results. This shows what Terraform created.

Verify the Application Firewall was Created and Applied Within the Distributed Cloud Console
Switch back to the Chrome Browser that is connected to the Distributed Cloud Console.
Within the Distributed Cloud dashboard, select the Multi-Cloud App Connect tile.
In the resulting screen, expand the Manage menu and click Load Balancers and then select HTTP Load Balancers.
From the HTTP Load Balancers page, locate the HTTP Load Balancer that you created via Terraform. Click the ellipsis under Actions and select Manage Configuration.
From the resulting screen, select Web Application Firewall under the HTTP Load Balancer frame to jump to the Web Application Firewall configuration section.
Notice that the Web Application Firewall is now Enabled and the policy you created using Terraform is applied.
Click Cancel and Exit to close out of the HTTP Load Balancer configuration.

Verify the Application Firewall was Created and Applied Within the Distributed Cloud Console

Switch back to the Chrome Browser that is connected to the Distributed Cloud Console.

Within the Distributed Cloud dashboard, select the Multi-Cloud App Connect tile.

In the resulting screen, expand the Manage menu and click Load Balancers and then select

HTTP Load Balancers.

From the HTTP Load Balancers page, locate the HTTP Load Balancer that you created via Terraform. Click

the ellipsis under Actions and select Manage Configuration.

From the resulting screen, select Web Application Firewall under the HTTP Load Balancer frame to jump

to the Web Application Firewall configuration section.

Notice that the Web Application Firewall is now Enabled and the policy you created using Terraform is

applied.

Click Cancel and Exit to close out of the HTTP Load Balancer configuration.

Task 3: Destroy the Terraform Objects¶

In this task, you will use Terraform to destroy the HTTP Health Check, Origin Pool, HTTP Load Balancer, and Web Application Firewall Policy that was created in Tasks 1 & 2.

Delete Distributed Cloud Objects Utilizing Terraform Destroy
Switch back to the Visual Studio Code application.
In the Visual Studio Code Terminal, enter the following command and press Enter: terraform destroy
When prompted Do you really want to destroy all resources? type yes and press Enter.
Review the Destroy results. This shows what Terraform deleted.

Delete Distributed Cloud Objects Utilizing Terraform Destroy

Switch back to the Visual Studio Code application.

In the Visual Studio Code Terminal, enter the following command and press Enter:

terraform destroy

When prompted Do you really want to destroy all resources? type yes and press Enter.

Review the Destroy results. This shows what Terraform deleted.

End of Lab 3
This concludes Lab 3. In this lab, you learned how to setup Terraform to authenticate to to Distributed Cloud utilizing an API Certificate. You then created a Tfvars file to customize the deployment to match your environment. After that, you used Terraform to deploy an HTTP Health Check, Origin Pool, and HTTP Load Balancer. The Terraform configuration was then modified to create a Web Application Firewall policy and apply it to the HTTP Load Balancer. Finally, Terraform was used to destroy all of the objects created in this lab. A brief presentation and demo will be shared prior to the conclusion of this class.

End of Lab 3

This concludes Lab 3. In this lab, you learned how to setup Terraform to authenticate to to Distributed Cloud

utilizing an API Certificate. You then created a Tfvars file to customize the deployment to match your

environment. After that, you used Terraform to deploy an HTTP Health Check, Origin Pool, and HTTP Load

Balancer. The Terraform configuration was then modified to create a Web Application Firewall policy and apply

it to the HTTP Load Balancer. Finally, Terraform was used to destroy all of the objects created in this lab. A

brief presentation and demo will be shared prior to the conclusion of this class.

Previous Next