If you need the single NIC version of BIG-IP go here: https://github.com/itlinux/azure_big_ip
|
Important
|
the BIG-IQ pass is in the terraform.tfvars which you need to create and add your password. |
It needs Terraform 0.12 since it uses the new variable interpolation
For reference check the link below
"https://www.terraform.io/docs/configuration-0-11/interpolation.html"
This plan is split with every topic
-
firewall
-
BIG-IP
-
output
-
main
-
networks
-
nics
-
banner
-
dpasswd
-
storage
-
ts
-
az
-
variables
-
terraform.tfvars
Pretty much all options are in variables.
terraform refresh -state=statefilelocation
|
Important
|
License Agreement with Microsoft Azure Market |
For the BYOL in Azure to be able to use BIG-IP you much accept the term before you can deploy the BIG-IP / BIG-IQ. Here is the working solution for the BIG-IP.
-
1 ⇒ install the az CLI
-
2 ⇒ login into Microsoft Azure cloud from the CLI
-
3 ⇒ select or set the right account which you want to use to deploy the BIG-IP
-
4 ⇒ create the RBAC for your subscription
STEPS:
brew install azure-cli # for mac Invoke-WebRequest -Uri https://aka.ms/installazurecliwindows -OutFile .\AzureCLI.msi; Start-Process msiexec.exe -Wait -ArgumentList '/I AzureCLI.msi /quiet'; rm .\AzureCLI.msi # Powershell # For CentOS / RHEL 7 sudo rpm --import https://packages.microsoft.com/keys/microsoft.asc sudo sh -c 'echo -e "[azure-cli] name=Azure CLI baseurl=https://packages.microsoft.com/yumrepos/azure-cli enabled=1 gpgcheck=1 gpgkey=https://packages.microsoft.com/keys/microsoft.asc" > /etc/yum.repos.d/azure-cli.repo' sudo yum -y install azure-cli #Ubuntu use this link https://docs.microsoft.com/en-us/cli/azure/install-azure-cli-apt?view=azure-cli-latest
Azure Login
az login
This will open a new browser window for you. If you are using a virtual machine it will not work! Once you are done with the browser the cli will show the account like
> az login
You have logged in. Now let us find all the subscriptions to which you have access...
The following tenants don't contain accessible subscriptions. Use 'az login --allow-no-subscriptions' to have tenant level access.
xxxxxxxxxx0-xxxxxxxx
[
{
"cloudName": "AzureCloud",
"homeTenantId": "YOURTENANTNUMBER",
"id": "YOURACCONTID",
"isDefault": true,
"managedByTenants": [
{
"tenantId": "YOURTENANTNUMBER"
}
],
"name": "YOUR SUB NAME",
"state": "Enabled",
"tenantId": "YOURTENANTID",
"user": {
"name": "[email protected]",
"type": "user"
}
}
]
If you have more than one account set the right account with the set account
SUBSCRIPTION="xxxxxxxxxxx"
az account set -s "${SUBSCRIPTION}"
Run the RBAC command
az vm image terms accept --plan "f5-bigiq-virtual-edition-byol" --offer "f5-big-ip-best" --publisher "f5-networks"
Changes the terraform.tfvars to set to your name and IP subnet/network you want to use and what resource name. In mine it shows like this:
> az group list |grep rm
"id": "/subscriptions/xxxxxxxxxxxxxxxxxxxxx/resourceGroups/rm_big_iq_rg",
"name": "rm_big_iq_rg",
Set the Plan output
terraform plan -out=tfplan_bigip
Execute the Plan
terraform apply tfplan_bigip
The TF output will have the password which was generated for the admin user
Access the Web.
https://IPADRESS
DONE!!
It will get a license from the BIG-IQ. Check your BIG-IQ to make sure your BIG-IP has a license
It will create a set of creds based on how counts. Terraform will gen the variables for ansible to run. The ansible will set the following:
POOL NODE Virtual Server IP The playbook will use the secondary IP of the Untrust NIC, if you use the Azure LB you will to use the primary NIC and not the secondary.
Ansible Playbooks. Setting a specific IP, right now for each BIG-IP on each credsx, this is used for ansible selfIP on the VIP.
The azs is used to spin up the BIG-IP on each zones. Depending on which Region you may not have more than 1 AZ. West US 2 (example), has 3 zones, so if I spin up 4 BIG-IP it will set the #4 to zone 1 again.
It allows you to get BIG-IP telemetry in Azure Sentinel. You will need to provide workspaceID and SharekeyID.
It will automatically map to the DNS Record of Azure mapping records. Just update the info on the variable file.