In this use-case, we'll explore how to automate the configuration of F5 application services using F5's Per-App AS3 and Terraform. We have templetized the AS3 JSON files using Terraform's templatefile function and along with the TF bigip_as3 resource, these templates are encapsulated within a custom module. This module can be invoked from the root directory (root module) by supplying necessary variables, such as IP Address, Pool Members, SSL certificates, etc. This streamlined approach enhances the deployment process, making it more manageable and scalable for applications configured through Terraform and AS3.
The workflow for this use-case is as follows:
- Users create a new Terraform file configuration (
appX.tf) with the appropriate application variables. - Users execute terraform plan and terraform apply commands localy.
Benefits:
- Ease of use: All application varialbes are stored in a simple
tffile. User just add/modifies/removestffiles to change the configuration on BIGIP - Automation: Automating the creation and management of application services on BIG-IP reduces the manual workload and speeds up the deployment process.
- Consistency: Terraform ensures that the configuration is applied consistently every time, reducing the risk of manual errors.
- Scalability: Terraform’s modular approach allows you to manage complex infrastructure by breaking it down into manageable components.
In the following section, we provide a detailed explanation of the code that forms the foundation of this automation framework. The code is divided into 2 parts. The first part are the custom modules that we create to templatize AS3 declarations and deploy the AS3 resources. For simplicity, we will refer to these as AS3_Modules. In our example, we demonstrate the creation of a single module; however, you can expand this to include multiple modules as needed. The second part is the root module, which is used to invoke the AS3_Modules and manage the creation of the AS3 resources.
The structure of the directory for Terraform looks as follows
.
├── modules
│ ├── as3_http <=== Custom module called as3_http
│ │ ├── as3.tpl
│ │ ├── main.tf
│ │ └── variables.tf
| <=== Start of Root module
├── app1.tf <--- **TF file that calls as3_http module and defines resources for app1 **
├── app2.tf <--- **TF file that calls as3_http module and defines resources for app2 **
├── app3.tf <--- **TF file that calls as3_http module and defines resources for app3 **
├── providers.tf
The primary reason for the AS3_Modules is to templatize AS3 declarations and deploy the AS3 resources. Each module will have a separate name under the modules directory and will contain 3 files. These files are as3.tpl, main.tf, variables.tf
Here is an overview of the files and their roles:
The as3.tpl file is an AS3 Per-App template used to define the Application. This template performs the following tasks:
- Defines an AS3 declaration for an Application.
- Uses variables for tenant, application name, virtual address, service port, and pool members, allowing for flexible and reusable config
{
"${name}": {
"class": "Application",
"service": {
"class": "Service_HTTP",
"virtualAddresses": [
"${virtualIP}"
],
${virtualPort == 0 ? "\"virtualPort\": 80," : "\"virtualPort\": ${virtualPort},"}
"pool": "pool_${name}"
},
"pool_${name}": {
"class": "Pool",
"members": [
{
"servicePort": ${servicePort},
"shareNodes": true,
"serverAddresses": ${jsonencode(serverAddresses)}
}
]
}
}
}The variables.tf defines the variables that will be used by the as3.tpl on this module. The use of variables, allows us to assign default values that the as3.tpl can later use.
########### AS3 Variables ############
variable partition {
description = "Partition that the AS3 will be deployed to"
type = string
}
variable name {
description = "Name of the Virtual Server"
type = string
}
variable virtualIP {
description = "IP for Virtual Server"
type = string
}
variable virtualPort {
description = "Port for Virtual Server"
type = number
default = 0
}
variable serverAddresses {
description = "List of IPs for Pool Members"
type = list(string)
}
variable servicePort {
description = "Port of the Pool Members"
type = number
}
The main.tf file contains the Terraform configuration that creates the HTTP VirtualServer. Below is a detailed breakdown of its contents:
- The first block defines the version of the F5 BIG-IP provider that will be used. It is important to use the version
1.22.2or later - The second block uses the f5bigip_as3 resource to deploy the AS3 Application. The
as3_jsonparameter is populated by a template file (as3.tpl), which is passed variables like tenant, application name, service port, pool members and other variables. - The third block outputs the response from the F5 device after deploying the configuration.
terraform {
required_providers {
bigip = {
source = "F5Networks/bigip"
version = "1.22.2"
}
}
}
resource "bigip_as3" "as3" {
tenant_name= var.partition
tenant_filter= var.partition
ignore_metadata = true
as3_json = templatefile("${path.module}/as3.tpl", {
name = var.name
virtualIP = var.virtualIP
virtualPort = var.virtualPort
serverAddresses = var.serverAddresses
servicePort = var.servicePort
})
}
output "as3" {
value = bigip_as3.as3
}The main module orchestrates the deployment of the VirtualServer configurations on the F5 device by invoking the respective modules. For each VirtualServer you want to create, you will need to create a separate appX.tf file (or append the relevant configuration on the existing file). Additionally, the main module includes the providers.tf file that defines multiple F5 BIG-IP providers, each corresponding to a single BIGIP device.
This configuration does the following:
- Invokes the AS3 module with the relevant variables to deploy an HTTP application.
- Defines the providers that will deploy this service.
module "appX" {
source = "./modules/as3_http"
name = "appX"
virtualIP = "10.1.120.112"
virtualPort = 80
serverAddresses = ["10.1.20.10", "10.1.20.11"]
servicePort = 80
partition = "test1"
providers = {
bigip = bigip.dmz
}
}The providers.tf file defines the F5 BIG-IP providers, allowing you to manage multiple F5 devices using provider aliases. This enables you to deploy configurations to different devices by specifying the appropriate provider alias.
terraform {
required_providers {
bigip = {
source = "F5Networks/bigip"
version = "1.22.2"
}
}
}
provider "bigip" {
address = "10.1.10.215"
username = "admin"
password = "passwordXYZ"
alias= "dmz"
}
provider "bigip" {
address = "207.1.20.112"
username = "admin"
password = "passwordXYZ"
alias= "azure"
}Important
To run this Demo on the UDF environment, switch to the UDF branch
- Terraform must be installed on your local machine that you will be running the demo. The demo has been tested with Terraform v1.8.1
- BIGIP running version v15 (or higher)
- Installed AS3 version on BIGIP should be 3.50 (or higher)
Note
The instructions provided for this demo will work on macOS and Linux users. However, for Windows users, keep in mind that modifications might be needed before running the code.
On your terminal clone the current repository.
git clone https://github.com/f5devcentral/bigip-automation
Change directory to level-1
cd bigip-automation/level-1
Change the values within the files to reflect your local environment.
On the provider.tf file change the following:
addressto the IP of your BIGIP device.usernameto an admin account from your BIGIP device.passwordfor the admin account that you selected.
Create the configuration to publish the new application and save it as a file called app1.tf.
Please change the values of virtualIP, serverAddresses and servicePort according to your environment.
cat <<EOF > app1.tf
module "app1" {
source = "./modules/as3_http"
name = "app1"
virtualIP = "10.1.10.41"
serverAddresses = ["10.1.20.21"]
servicePort = 30880
partition = "prod"
providers = {
bigip = bigip.dmz
}
}
EOFInitialize Terraform on the working directory, to download the necessary provider plugins (BIGIP) and setup the modules and backend for storing your infrastructure's state
terraform initRun the terraform plan command to create a plan consisting of a set of changes that will make your resources match your configuration.
terraform plan -parallelism=1 -refresh=false -out=tfplanNote
Review the actions Terraform would take to modify your infrastructure before moving to the next step.
Run the terraform apply command to deploy the changes identified from the plan stage.
terraform apply -parallelism=1 tfplanEdit the app1.tf file and change the IP Address configured for this service.
Re-run terrafrom plan command to create the plan and review the suggested changes.
terraform plan -parallelism=1 -refresh=false -out=tfplanTo deploy the suggested changes run the following command.
terraform apply -parallelism=1 "tfplan"Deleting of the apps deployed can take place with 2 methods. One method would be to delete the file app1.tf and re-run terraform plan terraform apply commands as demontrasted before or alternatively you can run the terraform destroy command to delete all TF configuration.
In our case, we will delete the app1.tf file.
rm app1.tf
terraform plan -parallelism=1 -refresh=false -out=tfplanTo deploy the suggested changes run the following command.
terraform apply -parallelism=1 "tfplan"