Skip to content
GitLab
Explore
Sign in
This is an archived project. Repository and other project resources are read-only.
f5labs
Terraform Aws Bigiq
Compare revisions
149989551c4ce2a7762b25c33df1e4571fb9933f to 3f883749b5a8b1786290106db7ff1e726d26a6a8
Commits on Source (3)
added subnets to example
· e1f4ec0c
Michael Kennedy
authored
May 11, 2021
e1f4ec0c
Merge branch 'master' of
https://gitlab.wirelessravens.org/f5labs/terraform-aws-bigiq
· 3a9e7ed6
Michael Kennedy
authored
May 11, 2021
3a9e7ed6
rolled back to onboard.tmpl - commented out null_resources
· 3f883749
Michael Kennedy
authored
May 11, 2021
3f883749
Hide whitespace changes
Inline
Side-by-side
examples/bigiq-cm-dcd-pair/main.tf
View file @
3f883749
...
...
@@ -71,7 +71,7 @@ module "bigiq_mgmt_sg" {
ingress_with_source_security_group_id
=
[
{
rule
=
"all-all"
source_security_group_id
=
module
.
bigiq_mgmt_sg
.
this_
security_group_id
source_security_group_id
=
module
.
bigiq_mgmt_sg
.
security_group_id
}
]
...
...
@@ -96,7 +96,7 @@ module "bigiq_sg" {
ingress_with_source_security_group_id
=
[
{
rule
=
"all-all"
source_security_group_id
=
module
.
bigiq_mgmt_sg
.
this_
security_group_id
source_security_group_id
=
module
.
bigiq_mgmt_sg
.
security_group_id
}
]
...
...
@@ -122,11 +122,12 @@ module "bigiq" {
aws_secretmanager_secret_id
=
aws_secretsmanager_secret
.
bigiq
.
id
mgmt_subnet_security_group_ids
=
[
module
.
bigiq_mgmt_sg
.
this_
security_group_id
module
.
bigiq_mgmt_sg
.
security_group_id
]
private_subnet_security_group_ids
=
[
module
.
bigiq_sg
.
this_
security_group_id
module
.
bigiq_sg
.
security_group_id
]
vpc_private_subnet_ids
=
module
.
vpc
.
private_subnets
vpc_mgmt_subnet_ids
=
module
.
vpc
.
public_subnets
vpc_id
=
module
.
vpc
.
vpc_id
}
\ No newline at end of file
main.tf
View file @
3f883749
...
...
@@ -33,13 +33,13 @@ data "aws_vpc" "selected" {
# BIG-IQ CM Interfaces
#
resource
"aws_network_interface"
"cm_mgmt"
{
count
=
length
(
var
.
vpc_mgmt_subnet_ids
)
count
=
var
.
cm_instance_count
subnet_id
=
var
.
vpc_mgmt_subnet_ids
[
count
.
index
]
security_groups
=
var
.
mgmt_subnet_security_group_ids
}
resource
"aws_network_interface"
"cm_private"
{
count
=
length
(
var
.
vpc_private_subnet_ids
)
count
=
var
.
cm_instance_count
subnet_id
=
var
.
vpc_private_subnet_ids
[
count
.
index
]
security_groups
=
var
.
private_subnet_security_group_ids
}
...
...
@@ -48,13 +48,13 @@ resource "aws_network_interface" "cm_private" {
# BIG-IQ DCD Interfaces
#
resource
"aws_network_interface"
"dcd_mgmt"
{
count
=
length
(
var
.
vpc_mgmt_subnet_ids
)
count
=
var
.
dcd_instance_count
subnet_id
=
var
.
vpc_mgmt_subnet_ids
[
count
.
index
]
security_groups
=
var
.
mgmt_subnet_security_group_ids
}
resource
"aws_network_interface"
"dcd_private"
{
count
=
length
(
var
.
vpc_private_subnet_ids
)
count
=
var
.
dcd_instance_count
subnet_id
=
var
.
vpc_private_subnet_ids
[
count
.
index
]
security_groups
=
var
.
private_subnet_security_group_ids
}
...
...
@@ -220,10 +220,22 @@ resource "aws_instance" "f5_bigiq_cm" {
}
# build user_data file from template
user_data
=
templatefile
(
"
${
path
.
module}
/
setup-cm-backgroun
d.sh.tmpl"
,
user_data
=
templatefile
(
"
${
path
.
module}
/
onboar
d.sh.tmpl"
,
{
admin_name
=
var
.
admin_name
admin_password
=
var
.
admin_password
onboard_log
=
var
.
onboard_log
licensekey
=
var
.
cm_license_keys
[
count
.
index
]
masterkey
=
var
.
masterkey
personality
=
"big_iq"
timezone
=
var
.
timezone
## todo need to update template to reflect passing of lists
ntp_servers
=
var
.
ntp_servers
[
0
]
dns_servers
=
var
.
dns_servers
[
0
]
dns_search_domains
=
var
.
dns_search_domains
[
count
.
index
]
hostname
=
local
.
hostname
management_ip
=
aws_network_interface
.
cm_mgmt
[
count
.
index
].
private_ip
discovery_ip
=
aws_network_interface
.
cm_mgmt
[
count
.
index
].
private_ip
}
)
depends_on
=
[
aws_eip
.
cm_mgmt
]
...
...
@@ -232,7 +244,7 @@ resource "aws_instance" "f5_bigiq_cm" {
Name
=
format
(
"%s-cm-%d"
,
var
.
prefix
,
count
.
index
)
}
}
/*
#
# Hack for remote exec of provisioning
#
...
...
@@ -326,4 +338,5 @@ resource "null_resource" "cm_tst" {
host = aws_eip.cm_mgmt[count.index].public_ip
}
}
}
\ No newline at end of file
}
*/
\ No newline at end of file
onboard.sh.tmpl
View file @
3f883749
#!/bin/bash
LOG_FILE
=
${
onboard
L
og
}
LOG_FILE
=
${
onboard
_l
og
}
if
[
!
-e
$LOG_FILE
]
then
touch
$LOG_FILE
...
...
@@ -42,8 +42,8 @@ while [[ "$checks" -lt 120 ]]; do
done
}
waitMcpd
admin_username
=
'${admin
N
ame}'
admin_password
=
'${admin
P
assword}'
admin_username
=
'${admin
_n
ame}'
admin_password
=
'${admin
_p
assword}'
tmsh create auth user
$admin_username
password
$admin_password
shell bash partition-access add
{
all-partitions
{
role admin
}
}
;
tmsh modify auth user
$admin_username
shell bash partition-access add
{
all-partitions
{
role admin
}
}
;
tmsh list auth user
$admin_username
...
...
@@ -53,21 +53,14 @@ tmsh save sys config
CREDS
=
"
$admin_username
:
$admin_password
"
mkdir
-p
/home/
$admin_username
/.ssh/
cp
/home/admin/.ssh/authorized_keys /home/
$admin_username
/.ssh/authorized_keys
onboard_log
=
"
${
onboardLog
}
"
bigIqLicenseKey
=
"
${
bigIqLicenseKey
}
"
ntpServers
=
"
${
ntpServers
}
"
ntpTimeZone
=
"
${
timeZone
}
"
licensePoolKeys
=
"
${
licensePoolKeys
}
"
regPoolKeys
=
"
${
regPoolKeys
}
"
adminPassword
=
'${adminPassword}'
masterKey
=
'${masterKey}'
f5CloudLibsTag
=
"
${
f5CloudLibsTag
}
"
f5CloudLibsAzureTag
=
"
${
f5CloudLibsAzureTag
}
"
allowUsageAnalytics
=
"
${
allowUsageAnalytics
}
"
location
=
"
${
location
}
"
deploymentId
=
"
${
deploymentId
}
"
dnsSearchDomains
=
"
${
dnsSearchDomains
}
"
dnsServers
=
"
${
dnsServers
}
"
onboard_log
=
"
${
onboard_log
}
"
bigIqLicenseKey
=
"
${
licensekey
}
"
hostName
=
"
${
hostname
}
"
ntpServers
=
"
${
ntp_servers
}
"
ntpTimeZone
=
"
${
timezone
}
"
masterKey
=
'${masterkey}'
dnsSearchDomains
=
"
${
dns_search_domains
}
"
dnsServers
=
"
${
dns_servers
}
"
CURL
=
"/usr/bin/curl"
cloud
=
"aws"
mgmt_port
=
`
tmsh list sys httpd ssl-port |
grep
ssl-port |
sed
's/ssl-port //;s/ //g'
`
...
...
@@ -80,11 +73,8 @@ licenseRegistrationUrl="/mgmt/setup/license"
personalityUrl
=
"/mgmt/setup/personality"
base_url
=
"https://raw.githubusercontent.com/F5Networks"
base_dir
=
"/config/cloud"
base_log_dir
=
"/var/log/cloud/
$$
{cloud}"
base_dependency_dir
=
"
$$
{base_dir}/
$$
{cloud}/node_modules/@f5devcentral"
localHost
=
"https://localhost:"
hostNameUrl
=
"/mgmt/setup/address"
hostName
=
"
${
hostName
}
"
masterKeyUrl
=
"/mgmt/setup/masterkey"
vlanUrl
=
"/mgmt/setup/address/vlan"
selfipUrl
=
"/mgmt/setup/address/self-ip"
...
...
@@ -175,8 +165,8 @@ checkLicense () {
getEulaPayload
()
{
eulaPayload
=
$(
cat
-
<<
EOF
{
"baseRegKey": "
${
bigIqL
icense
K
ey
}
",
"dossier: "
$(
getDossier
${
bigIqL
icense
K
ey
}
)
",
"baseRegKey": "
${
l
icense
k
ey
}
",
"dossier: "
$(
getDossier
${
l
icense
k
ey
}
)
",
"eulaText":
$(
curl
-sk
--header
"
$(
setToken
)
"
--url
$localHost$mgmt_port$licenseUrl
| jq .eulaText
)
}
EOF
...
...
@@ -289,14 +279,14 @@ EOF
)
discoveryPayload
=
$(
cat
-
<<
EOF
{
"discoveryAddress": "
${
discovery
Address
}
"
"discoveryAddress": "
${
discovery
_ip
}
"
}
EOF
)
selfIpPayload
=
$(
cat
-
<<
EOF
{
"name": "self_discovery",
"address": "
${
discovery
AddressSelf
ip
}
",
"address": "
${
discovery
_
ip
}
",
"vlan": "/Common/discovery"
}
EOF
...
...
@@ -320,7 +310,7 @@ credsPayload=$(cat -<<EOF
}
EOF
)
if
[
"
$
bigIqL
icense
K
ey
"
==
""
]
;
then
if
[
"
$
l
icense
k
ey
"
==
""
]
;
then
licensePayload
=
$(
cat
-
<<
EOF
{
"licenseText": "skipLicense:true"
...
...
@@ -330,7 +320,7 @@ EOF
else
licensePayload
=
$(
cat
-
<<
EOF
{
"baseRegKey": "
${
bigIqL
icense
K
ey
}
",
"baseRegKey": "
${
l
icense
k
ey
}
",
"addOnKeys": [],
"activationMethod": "AUTOMATIC"
}
...
...
@@ -339,29 +329,19 @@ EOF
fi
personality
=
$(
cat
-
<<
EOF
{
"systemPersonality": "
logging_node
"
"systemPersonality": "
${
personality
}
"
}
EOF
)
waitMcpd
check_internet_connection
dependencies
=(
"
$$
{base_url}/f5-cloud-libs/
$$
{f5CloudLibsTag}/dist/f5-cloud-libs.tar.gz"
)
dependencies+
=(
"
$$
{base_url}/f5-cloud-libs-
$$
{cloud}/
$$
{f5CloudLibsAzureTag}/dist/f5-cloud-libs-
$$
{cloud}.tar.gz"
)
dependencies+
=(
"
$$
{base_url}/f5-cloud-libs/
$$
{f5CloudLibsTag}/dist/verifyHash"
)
for
i
in
$$
{
dependencies[@]
}
;
do
log
"Downloading dependency:
$i
"
f
=
$(
basename
$i
)
safe_download
$$
{
base_dir
}
/
$f
$i
# $CURL -ksf --retry 10 --retry-delay 5 --retry-max-time 240 -o $${base_dir}/$f $i
done
if
[[
"
$(
waitIq
)
"
==
"ready"
]]
;
then
echo
"ready"
else
echo
"failed IQ status not ready"
exit
fi
if
[
"
$
bigIqL
icense
K
ey
"
==
""
]
;
then
if
[
"
$
l
icense
k
ey
"
==
""
]
;
then
echo
"bigiq-license manager"
licenseRegistration
"
$licensePayload
"
else
...
...
@@ -376,7 +356,7 @@ else
echo
"send eula"
fi
if
[[
"
$(
checkLicense
)
"
==
"failed"
]]
;
then
if
[
"
$
bigIqL
icense
K
ey
"
==
""
]
;
then
if
[
"
$
l
icense
k
ey
"
==
""
]
;
then
licenseRegistration
"
$licensePayload
"
else
echo
"check license key"
...
...
variables.tf
View file @
3f883749
variable
"prefix"
{
description
=
"Prefix for resources created by this module"
type
=
string
default
=
"t
erraform
-aws-bigiq
-demo
"
default
=
"t
f
-aws-bigiq"
}
variable
"f5_ami_search_name"
{
...
...
@@ -13,13 +13,13 @@ variable "f5_ami_search_name" {
variable
"dcd_instance_count"
{
description
=
"Number of BIG-IPs to deploy"
type
=
number
default
=
1
default
=
1
}
variable
"cm_instance_count"
{
description
=
"Number of BIG-IPs to deploy"
type
=
number
default
=
1
default
=
1
}
variable
"ec2_instance_type"
{
...
...
@@ -80,7 +80,7 @@ variable "onboard_log" {
variable
"admin_name"
{
description
=
"Admin user on the BIG-IQ"
type
=
string
default
=
"admin"
default
=
"admin"
}
variable
"admin_password"
{
...
...
@@ -115,7 +115,7 @@ variable "dns_servers" {
variable
"dns_search_domains"
{
description
=
"BIG-IQ DNS Search Domains"
type
=
list
(
string
)
default
=
[
"
test
.local"
]
default
=
[
"
example
.local"
]
}
variable
"personality"
{
...
...
@@ -128,13 +128,10 @@ variable "personality" {
variable
"hostname"
{
description
=
"BIG-IQ Hostname"
type
=
string
default
=
"b
uggered-thing-already
"
default
=
"b
igiq
"
}
# admin
variable
"adminName"
{
description
=
"admin account name"
default
=
"admin"
}
variable
"masterkey"
{
description
=
"bigiq master key"
default
=
"ThisIsIt%1234"
...
...