Giter VIP home page Giter VIP logo

f5-big-iq's Introduction

BIG-IQ AS3 Template Library

Welcome to the repository for BIG-IQ Application Services 3 Extension (AS3) templates!

If you’re here, that means you want to leverage F5’s declarative technology and automation tools in your use of BIG-IQ Centralized Management to manage your F5 portfolio — which is a great choice! F5 will continue aligning behind declarative frameworks and toolsets — simplifying the process of provisioning and configuring BIG-IP application services. This is because declarative interfaces and APIs require only that you know what you end state configuration requirements are — not the steps to achieve that end state. So, members of your team who don’t have a ton of networking, security, or F5 knowledge can still work with F5 technologies to ensure the protection and performance of their applications.

The AS3 templates listed below are meant to be installed on BIG-IQ and will be used to configure and deploy L4-L7 services on BIG-IPs being managed by your BIG-IQ — similarly to how you would use AS3 on BIG-IP. You can use these templates as is or make custom changes to suit your specific needs.

To use these templates, you’ll need the following components:

  • BIG-IQ Centralized Management
  • Application Services 3 Extensions (AS3) installed on BIG-IQ

In addition to the software components, you’ll need to ensure that you’re running the appropriate versions — this information can be found in the template list below. If you would like more information on AS3, how it works, and how to use it with BIG-IQ, check out this article on CloudDocs: Using AS3 with BIG-IQ.

Not finding the specific template use case you’re looking for? Check out additional, community-submitted AS3 templates for BIG-IQ.

Now, it’s time to get automating!

List of AS3 F5 Default Templates

Templates (schemaOverlay) Version Description Min AS3 version Min BIG-IQ version
AS3-F5-HTTP-lb-template-big-iq-default v1 For load balancing an HTTP application on port 80 with HTTP analytics. 3.12 7.0
AS3-F5-HTTP-lb-traffic-capture-template-big-iq-default v1 For load balancing an HTTP application on port 80 with HTTP traffic capture and HTTP analytics. 3.12 7.0
AS3-F5-HTTPS-offload-lb-PEM-template-big-iq-default v1 For load balancing an HTTPS application on port 443 with SSL offloading on BIG-IP and using a custom HTTP monitor (Certificate and Key in PEM format) with HTTP analytics. 3.12 7.0
AS3-F5-HTTPS-offload-lb-existing-cert-template-big-iq-default v1 For load balancing an HTTPS application on port 443 with SSL offloading on BIG-IP using existing Certificate and Key on BIG-IP with HTTP analytics. 3.12 7.0
AS3-F5-HTTPS-offload-lb-existing-SSL-profile-template-big-iq-default v1 For load balancing an HTTPS application on port 443 with SSL offloading on BIG-IP using existing SSL profile on BIG-IP. 3.18 7.1
AS3-F5-HTTPS-WAF-existing-lb-template-big-iq-default v1 For load balancing an HTTPS application on port 443 with a Web Application Firewall policy & certificates existing on BIG-IP and HTTP analytics. 3.12 7.0
AS3-F5-HTTPS-WAF-external-url-lb-template-big-iq-default v2 For load balancing an HTTPS application on port 443 with a Web Application Firewall (external URL) policy using an OWASP protection settings with minimum false positive (v13.1) and HTTP analytics. Look for other ASM Policies Available on DevCentral 3.18 7.1
AS3-F5-TCP-lb-template-big-iq-default v2 For load balancing a TCP-based application with TCP analytics. 3.18 7.1
AS3-F5-FastL4-TCP-lb-template-big-iq-default v2 For load balancing a TCP-based application with a FastL4 profile and TCP analytics. 3.18 7.1
AS3-F5-UDP-lb-template-big-iq-default v1 For load balancing a UDP-based application. 3.12 7.0
AS3-F5-DNS-FQDN-A-type-template-big-iq-default v1 For global load balancing distribution of DNS name resolution requests A type. 3.12 7.0
AS3-F5-DCD-lb-ASM-request-logging-events-template-big-iq-default v1 For ASM request logging events load balancing to BIG-IQ DCDs. 3.12 7.0

Note: The AS3 naming convention for TLS Server and TLS Client differs from traditional BIG-IP terminology to better comply with industry usage, but may be slightly confusing for long-time BIG-IP users. The AS3 TLS_Server class is for connections arriving to the BIG-IP, which creates a “client SSL profile” object on the BIG-IP. The AS3 TLS_Client class if for connections leaving the BIG-IP, which creates a “server SSL profile” on the BIG-IP. See TLS_Server and TLS_Client in the Schema Reference for more information (more tips and warnings).

There are two methods you can use to download these templates and import then into your BIG-IQ so that you can use them.

  • If you are comfortable logging in to your BIG-IQ via SSH and executing a script, use Importing AS3 templates to your BIG-IQ using a script. This method uses an API call to access a JSON file.
  • If you are more comfortable with an application with a graphical user interface, use Importing AS3 templates to your BIG-IQ using Postman. This method uses an application named Postman to import the templates directly to your BIG-IQ.

Importing AS3 templates to your BIG-IQ using a script

The following steps assume that you have completed the initial setup for your BIG-IQ and have admin permissions to log in to it via SSH. Additionally, for the script to run successfully, the DNS lookup server addresses must be correctly specified.

  1. Open an SSH session to your BIG-IQ, and log in as an admin.

  2. From the command prompt, run the following sequence of commands. (You can copy and paste the entire sequence directly to the command line.)

bash
cd /home/admin;
rm -rf f5-big-iq*.tar.gz f5devcentral-f5-big-iq-*;
curl -L https://github.com/f5devcentral/f5-big-iq/tarball/7.1.0 > f5-big-iq.tar.gz;
tar -xzvf f5-big-iq.tar.gz;
cd f5devcentral-f5-big-iq-*/f5-appsvcs-templates-big-iq/default/json/;

for json in *.json; do 
curl -s -k -H "Content-Type: application/json" -X POST -d @$json http://localhost:8100/cm/global/appsvcs-templates ;
done
  1. Log in to your primary BIG-IQ device and navigate to Applications > APPLICATION TEMPLATES and verify that the templates you imported are listed under AS3 Templates.

bigiq_as3_templates_ui

Note: Before you can use an AS3 template, it must be Published (read-only).

  1. For more information on how to use an AS3 template to deploy an AS3 Application using the BIG-IQ, see BIG-IQ documentation

Importing AS3 templates to your BIG-IQ using Postman

  1. Install the Postman application.

  2. Use the Postman Import feature to import the Postman Collection and Environment. To do this:

    1. Click the Import button.
    2. Click Import From Link.
    3. For the Postman Collection, paste in the following: https://raw.githubusercontent.com/f5devcentral/f5-big-iq/7.1.0/f5-appsvcs-templates-big-iq/default/postman/default-as3-f5-all-templates-big-iq.postman_collection.json and then click Import.
    4. Repeat the last 3 sub-steps, but this time paste in the following for the Postman Environment: https://raw.githubusercontent.com/f5devcentral/f5-big-iq/7.1.0/f5-appsvcs-templates-big-iq/default/postman/default-as3-f5-all-templates-big-iq.postman_environment.json.

postman_collection_import

  1. Set your Primary BIG-IQ CM IP address in the Postman Environment. To do this:
    1. Click the Settings icon to open the Manage Environments screen.
    2. Click default-as3-f5-all-templates-big-iq.
    3. For the bigiq_mgmt variable, type the management IP address of your BIG-IQ in the CURRENT VALUE
    4. Click Update.
    5. Close the Manage Environments screen.

postman_collection_environment

  1. Specify the BIG-IQ device's admin user username & passwordso that Postman can access it. To do this:

    1. Select the POST named Authenticate to BIG-IQ, as shown in the screen shot.
    2. On the Body tab, type:
    >"username": "admin",
>"username": "admin",
>"loginProviderName": "tmos",
    1. Save the collection.

postman_collection_bigiq_auth

  1. Run the Import Collection in this environment. To do this:
    1. Open the Postman Runner.
    2. For the Collection, select default-as3-f5-all-templates-big-iq.
    3. For the Environment, select default-as3-f5-all-templates-big-iq.
    4. Click Run default-as3-f5-all-templates-big-iq.

postman_collection_runner

  1. When the Post Collection finishes, the result should be green status icons and 200 OK for each post.

postman_collection_runner_passed

  1. Log in to your primary BIG-IQ device and navigate to Applications > APPLICATION TEMPLATES and verify that the templates you imported are listed under AS3 Templates.

bigiq_as3_templates_ui

Note: Before you can use an AS3 template, it must be Published (read-only).

  1. For more information on how to use an AS3 template to deploy an AS3 Application using the BIG-IQ, see BIG-IQ documentation

Support

Bugs and enhancements can be made by opening an issue within the GitHub repository.

Because BIG-IQ is has been created and fully tested by F5 Networks, it is fully supported by F5. This means you can get assistance if necessary from F5 Technical Support.

Copyright

Copyright 2014-2021 F5 Networks Inc.

F5 Networks Contributor License Agreement

Before you start contributing to any project sponsored by F5 Networks, Inc. (F5) on GitHub, you will need to sign a Contributor License Agreement (CLA).

If you are signing as an individual, we recommend that you talk to your employer (if applicable) before signing the CLA since some employment agreements may have restrictions on your contributions to other projects. Otherwise by submitting a CLA you represent that you are legally entitled to grant the licenses recited therein.

If your employer has rights to intellectual property that you create, such as your contributions, you represent that you have received permission to make contributions on behalf of that employer, that your employer has waived such rights for your contributions, or that your employer has executed a separate CLA with F5.

If you are signing on behalf of a company, you represent that you are legally entitled to grant the license recited therein. You represent further that each employee of the entity that submits contributions is authorized to submit such contributions on behalf of the entity pursuant to the CLA.

f5-big-iq's People

Contributors

jopakent avatar rjouhann avatar

Stargazers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Forkers

mirzawaqasahmed pascalyung gitmikex liucy1983 sol255 jiangyidigital jparri1 cyberami honghuac quynhlab zilpe786

f5-big-iq's Issues

Burst Handling for BIG-IQ AS3 Templates via API

AS3 Burst Handling has been added starting from v3.23 but only includes support for API "/mgmt/shared/appsvcs/declare" and to improve AS3 support for BIG-IQ it is needed for BIG-IQ AS3 Templates as well which uses API "/cm/global/appsvcs-templates".

In an automated environment it would be common to push multiple BIG-IQ AS3 templates via BIG-IQ to the related BIG-IPs. Not having this feature makes BIG-IQ AS3 templates less useful.
Describe the solution you'd like

BIG-IQ AS3 Templates must have AS3 support for burst handling
Describe alternatives you've considered

There are no alternatives and not having this feature will deliver failed AS3 deployments when declaring two declarations at the same time.
Current behavior using API "/cm/global/appsvcs-templates"

Deploying two BIG-IQ AS3 templates at nearly the same time
BIG-IQ App is not deployed or gets deployed in "Unknown Applications"
BIG-IQ App gets deployed into the right "Global App", but the other gets deployed in "Unknown Applications"
Deploying a 2nd time things getting deployed correctly

BIG-IQ AS Templates support for AS3 Asynchronous mode

BIG-IQ AS3 Templates us a different API endpoint than regular AS3 declarations.
BIG-IQ AS3 Templates use API: /cm/global/appsvcs-templates
AS3 native use API: /mgmt/shared/appsvcs/declare

AS3 Asynchronous mode is supported for the AS3 Native API and not for BIG-IQ AS3 Templates API.
Is your feature request related to a problem? Please describe.

Yes, this feature request goes along with my issued request for supporting AS3 Burst Handling for BIG-IQ AS3 Templates.
Describe the solution you'd like

Support for AS3 Asynchronous mode for BIG-IQ AS3 templates API will make that the performance experienced via automated pipelines will increase and make BIG-IQ a more mature automation tool.

AS3 Asynchronous mode is needed for API, for GUI it is a nice to have.
Additional context

Here is the functionality as described in F5 clouddocs: https://clouddocs.f5.com/products/extensions/f5-appsvcs-extension/latest/userguide/big-iq.html#requirements-for-using-big-ip-as3-with-big-iq

Additionally, we recommend that:

You use BIG-IP AS3’s asynchronous mode (by POSTing with the query parameter ?async=true). BIG-IP AS3 waits for applications to be configured in BIG-IQ, which can result in timeouts when using BIG-IP AS3’s synchronous mode. See Method POST for more information.

IMPORTANT: BIG-IP AS3 3.7.0 introduces new behavior for asynchronous mode. Even if you have asynchronous mode set to false, after 45 seconds BIG-IP AS3 sets asynchronous mode to true (API swap), and returns an async response. This allows you to use GET to poll for status (you should see a 202 status until the declaration is complete). This typically occurs for most declarations to BIG-IQ (and only very large declarations to BIG-IP); if the declaration completes in less than 45 seconds, BIG-IP AS3 does not modify asynchronous mode.

New Template https

Environment

  • Application Services (AS3) Version: 1.25
  • BIG-IQ Version: 7.1
  • BIG-IP Version: 14.1

Summary

A clear and concise description of what this template does.

BIG-IQ AS3 Template

  1. Submit the following template:
{
    "type": "object",
    "required": [
        "class"
    ],
    "properties": {
        "class": {
            "type": "string",
            "const": "Application"
        },
        "label": {},
        "remark": {},
        "template": {},
        "schemaOverlay": {}
    },
    "definitions": {
        "Pool": {
            "type": "object",
            "properties": {
                "class": {},
                "members": {
                    "type": "array",
                    "items": {
                        "type": "object",
                        "properties": {
                            "monitors": {
                                "type": "array",
                                "const": [
                                    "tcp"
                                ],
                                "default": [
                                    "tcp"
                                ]
                            },
                            "adminState": {
                                "type": "string",
                                "default": "enable"
                            },
                            "shareNodes": {
                                "type": "boolean",
                                "const": true,
                                "default": true
                            },
                            "servicePort": {
                                "type": "number",
                                "default": 8081
                            },
                            "serverAddresses": {
                                "type": "array"
                            }
                        }
                    }
                },
                "monitors": {
                    "type": "array",
                    "const": [
                        "tcp"
                    ],
                    "default": [
                        "tcp"
                    ]
                }
            },
            "additionalproperties": false
        },
        "Service_TCP": {
            "type": "object",
            "properties": {
                "pool": {
                    "type": "string",
                    "default": "Pool"
                },
                "class": {},
                "enable": {
                    "type": "boolean",
                    "default": true
                },
                "profileTCP": {
                    "type": "object",
                    "properties": {
                        "use": {
                            "type": "string",
                            "default": "TCP_Profile"
                        }
                    }
                },
                "virtualPort": {
                    "type": "number",
                    "default": 8080
                },
                "virtualAddresses": {
                    "type": "array"
                },
                "profileAnalyticsTcp": {
                    "type": "object",
                    "properties": {
                        "use": {
                            "type": "string",
                            "default": "Analytics_TCP_Profile"
                        }
                    }
                }
            },
            "additionalProperties": false
        },
        "TCP_Profile": {
            "type": "object",
            "properties": {
                "class": {},
                "synMaxRetrans": {
                    "type": "number",
                    "default": 3
                },
                "finWaitTimeout": {
                    "type": "number",
                    "default": 5
                }
            },
            "additionalProperties": false
        },
        "Analytics_TCP_Profile": {
            "type": "object",
            "properties": {
                "class": {},
                "collectCity": {
                    "type": "boolean"
                },
                "collectRegion": {
                    "type": "boolean",
                    "default": true
                },
                "collectCountry": {
                    "type": "boolean",
                    "default": true
                },
                "collectNexthop": {
                    "type": "boolean"
                },
                "collectPostCode": {
                    "type": "boolean"
                },
                "collectContinent": {
                    "type": "boolean",
                    "default": true
                },
                "collectRemoteHostIp": {
                    "type": "boolean"
                },
                "collectedByClientSide": {
                    "type": "boolean",
                    "default": true
                },
                "collectedByServerSide": {
                    "type": "boolean",
                    "default": true
                },
                "collectRemoteHostSubnet": {
                    "type": "boolean",
                    "default": true
                }
            },
            "additionalProperties": false
        }
    },
    "additionalProperties": {
        "allOf": [
            {
                "anyOf": [
                    {
                        "properties": {
                            "class": {
                                "const": "Pool"
                            }
                        }
                    },
                    {
                        "properties": {
                            "class": {
                                "const": "Service_TCP"
                            }
                        }
                    },
                    {
                        "properties": {
                            "class": {
                                "const": "TCP_Profile"
                            }
                        }
                    },
                    {
                        "properties": {
                            "class": {
                                "const": "Analytics_TCP_Profile"
                            }
                        }
                    }
                ]
            },
            {
                "if": {
                    "properties": {
                        "class": {
                            "const": "Analytics_TCP_Profile"
                        }
                    }
                },
                "then": {
                    "$ref": "#/definitions/Analytics_TCP_Profile"
                }
            },
            {
                "if": {
                    "properties": {
                        "class": {
                            "const": "Pool"
                        }
                    }
                },
                "then": {
                    "$ref": "#/definitions/Pool"
                }
            },
            {
                "if": {
                    "properties": {
                        "class": {
                            "const": "Service_TCP"
                        }
                    }
                },
                "then": {
                    "$ref": "#/definitions/Service_TCP"
                }
            },
            {
                "if": {
                    "properties": {
                        "class": {
                            "const": "TCP_Profile"
                        }
                    }
                },
                "then": {
                    "$ref": "#/definitions/TCP_Profile"
                }
            }
        ]
    }
}

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.