- A pair of BIG-IPs in HA (AWS API)
- BIG-IPs have 3 NICS : mgmt, external, internal
- VS HTTPS with a WAF Policy
- VS HTTP Redirect
- Pool with Service Discovery
- Arcadia Application Servers in an AWS Auto Scale Group and the associated tags for service discovery
- Cloudinit is used for installation of the Tool Chain only
- DO used for preparing the BIGIPs (Vlans, Self-IPs, NTP, Modules, DSC, etc)
- CFE used for BIGIP HA in AWS
- AS3 used for VS configuration
Terraform is used to create the objects into AWS.
Ansible is used to POST the Toolchain Declarations.
F5 Terraform Provider can't be used because BIGIP must be reachable when the Provider inits during the Terraform plan. That will be possible in a next version of Terraform.
- userid
- aws account id
- private aws key
- aws region
- IP addresses
Create a file where you have your password in it : echo "default" > ~/.vault_pass.txt
Create the ansible vault env variable with the command export ANSIBLE_VAULT_PASSWORD_FILE=~/.vault_pass.txt
Add the line vault_password_file=~/.vault_pass.txt into the ansible.cfg file (looks like Terraform doesn't have access to the env variables of Ansible)
Encrypt your bigip password (for instance BIGIPpwd123!) and set it into the vault admin_pwd variable:
ansible-vault encrypt_string 'BIGIPpwd123!' --name 'admin_pwd'
Encrypt the passphrase (for instance default) of your PFX cert and set it into the vault passphrase variable:
ansible-vault encrypt_string 'default' --name 'passphrase'
Replace the names of the vars admin_pwd and passphrase with yours into the Playbooks which use them.