diff --git a/examples/bigip_aws_3nic_deploy_awaf/DVGATest.tpl b/examples/bigip_aws_3nic_deploy_awaf/DVGATest.tpl new file mode 100644 index 0000000..fa47254 --- /dev/null +++ b/examples/bigip_aws_3nic_deploy_awaf/DVGATest.tpl @@ -0,0 +1,70 @@ +{ + "class": "AS3", + "action": "deploy", + "persist": true, + "declaration": { + "class": "ADC", + "schemaVersion": "3.2.0", + "id": "Test_DVGA_AS3", + "${tenant_name}": { + "class": "Tenant", + "defaultRouteDomain": 0, + "DVGA": { + "class": "Application", + "template": "generic", + "VS_DVGA": { + "class": "Service_HTTPS", + "remark": "Accepts HTTPS/TLS connections on port 443", + "virtualAddresses": [ + "${vs_server}" + ], + "virtualPort": 8084, + "redirect80": false, + "pool": "dvga_app_mem", + "securityLogProfiles": [ + { + "bigip": "/Common/Log all requests" + } + ], + "profileTCP": { + "egress": "wan", + "ingress": { + "use": "TCP_Profile" + } + }, + "profileHTTP": { + "use": "custom_http_profile" + }, + "policyWAF": { + "bigip": "${policy_ref}" + }, + "serverTLS": { + "bigip": "/Common/clientssl" + } + }, + "dvga_app_mem": { + "class": "Pool", + "monitors": [ + "http" + ], + "members": [ + { + "servicePort": ${app_port}, + "serverAddresses": [ + "${app_server}" + ] + } + ] + }, + "custom_http_profile": { + "class": "HTTP_Profile", + "xForwardedFor": true + }, + "TCP_Profile": { + "class": "TCP_Profile", + "idleTimeout": 60 + } + } + } + } +} \ No newline at end of file diff --git a/examples/bigip_aws_3nic_deploy_awaf/DVGATest_nopretect.tpl b/examples/bigip_aws_3nic_deploy_awaf/DVGATest_nopretect.tpl new file mode 100644 index 0000000..2651dd5 --- /dev/null +++ b/examples/bigip_aws_3nic_deploy_awaf/DVGATest_nopretect.tpl @@ -0,0 +1,67 @@ +{ + "class": "AS3", + "action": "deploy", + "persist": true, + "declaration": { + "class": "ADC", + "schemaVersion": "3.2.0", + "id": "Test_DVGA_AS3", + "${tenant_name}": { + "class": "Tenant", + "defaultRouteDomain": 0, + "DVGA": { + "class": "Application", + "template": "generic", + "VS_DVGA": { + "class": "Service_HTTPS", + "remark": "Accepts HTTPS/TLS connections on port 443", + "virtualAddresses": [ + "${vs_server}" + ], + "virtualPort": 8084, + "redirect80": false, + "pool": "dvga_app_mem", + "securityLogProfiles": [ + { + "bigip": "/Common/Log all requests" + } + ], + "profileTCP": { + "egress": "wan", + "ingress": { + "use": "TCP_Profile" + } + }, + "profileHTTP": { + "use": "custom_http_profile" + }, + "serverTLS": { + "bigip": "/Common/clientssl" + } + }, + "dvga_app_mem": { + "class": "Pool", + "monitors": [ + "http" + ], + "members": [ + { + "servicePort": ${app_port}, + "serverAddresses": [ + "${app_server}" + ] + } + ] + }, + "custom_http_profile": { + "class": "HTTP_Profile", + "xForwardedFor": true + }, + "TCP_Profile": { + "class": "TCP_Profile", + "idleTimeout": 60 + } + } + } + } +} \ No newline at end of file diff --git a/examples/bigip_aws_3nic_deploy_awaf/README.md b/examples/bigip_aws_3nic_deploy_awaf/README.md new file mode 100644 index 0000000..1ed2f1c --- /dev/null +++ b/examples/bigip_aws_3nic_deploy_awaf/README.md @@ -0,0 +1,54 @@ +## Deploys F5 BIG-IP AWS Cloud + +This Terraform module example deploys 3-NIC BIG-IP in AWS, deployed BIGIP will be having management/external/internal interface associated with user provided subnet and security-group + +## Steps to clone and use the module example locally + +```shell +git clone https://github.com/f5devcentral/terraform-aws-bigip-module +cd terraform-aws-bigip-module/examples/bigip_aws_3nic_deploy/ +``` + +- Then follow the stated process in Example Usage below + +## Example Usage + +- Modify `terraform.tfvars` according to the requirement by changing `region` and `AllowedIPs` variables as follows: + + ```hcl + region = "ap-south-1" + AllowedIPs = ["0.0.0.0/0"] + ``` + +- Next, run the following commands to create and destroy your configuration + + ```shell + terraform init + terraform plan + terraform apply + terraform destroy + ``` + +#### Optional Input Variables + +| Name | Description | Type | Default | +|------|-------------|------|---------| +| prefix | Prefix for resources created by this module | `string` | tf-aws-bigip | +| cidr | aws VPC CIDR | `string` | 10.2.0.0/16 | +| availabilityZones | If you want the VM placed in an Availability Zone, and the AWS region you are deploying to supports it, specify the numbers of the existing Availability Zone you want to use | `List` | ["us-east-1a"] | + +#### Output Variables + +| Name | Description | +|------|-------------| +| mgmtPublicIP | The actual ip address allocated for the resource | +| mgmtPublicDNS | fqdn to connect to the first vm provisioned | +| mgmtPort | Mgmt Port | +| f5\_username | BIG-IP username | +| bigip\_password | BIG-IP Password (if dynamic_password is choosen it will be random generated password or if aws_secretmanager_auth is choosen it will be aws_secretsmanager_secret_version secret string ) | +| mgmtPublicURL | Complete url including DNS and port| +| private\_addresses | List of BIG-IP private addresses | +| public\_addresses | List of BIG-IP public addresses | +| vpc\_id | VPC Id where BIG-IP Deployed | + +**NOTE:** A local json file will get generated which contains the DO declaration \ No newline at end of file diff --git a/examples/bigip_aws_3nic_deploy_awaf/bigip.tf b/examples/bigip_aws_3nic_deploy_awaf/bigip.tf new file mode 100644 index 0000000..a36a35a --- /dev/null +++ b/examples/bigip_aws_3nic_deploy_awaf/bigip.tf @@ -0,0 +1,84 @@ +terraform { + required_providers { + bigip = { + source = "F5Networks/bigip" + version = "1.15.0" + } + } +} + +provider "bigip" { + address = format("%s:%s", module.bigip.*.mgmtPublicIP[0], module.bigip.*.mgmtPort[0]) + username = module.bigip.*.f5_username[0] + password = module.bigip.*.bigip_password[0] +} + +resource "bigip_do" "postonboard3nic" { + count = var.instance_count + do_json = module.bigip[count.index].onboard_do + # depends_on = [module.bigip] +} + +resource "time_sleep" "wait_for_onboardbigip" { + depends_on = [bigip_do.postonboard3nic] + create_duration = "100s" +} + +data "bigip_waf_entity_url" "URL" { + name = "/graphql" + protocol = "http" + method = "*" + perform_staging = true + type = "explicit" +} + +resource "bigip_waf_policy" "testgraphql" { + application_language = "utf-8" + name = "testgraphql" + enforcement_mode = "blocking" + template_name = "POLICY_TEMPLATE_GRAPHQL" + type = "security" + policy_builder { + learning_mode = "disabled" + } + signatures_settings { + signature_staging = false + } + graphql_profile { + name = "graphql_profile" + } + file_types { + name = "php" + type = "explicit" + } + urls = [data.bigip_waf_entity_url.URL.json] + signatures = [for k, v in data.bigip_waf_signatures.map : v.json] + depends_on = [time_sleep.wait_for_onboardbigip] + # modifications = [local.modifications] +} + +# ## GRAPHQL NO PRETECT +# ## +# resource "bigip_as3" "as33" { +# as3_json = templatefile("DVGATest_nopretect.tpl", { +# tenant_name = "DVGATest" +# app_server = format("%s",aws_instance.webserver.private_ip) +# app_port = 9005 +# vs_server = format("%s",flatten(module.bigip.*.private_addresses[0].public_private.private_ip)[0]) +# policy_ref = format("/%s/%s", bigip_waf_policy.testgraphql.partition, bigip_waf_policy.testgraphql.name) +# }) +# depends_on = [bigip_waf_policy.testgraphql,time_sleep.wait_for_onboardbigip] +# } + +# GRAPHQL PRETECT +# +resource "bigip_as3" "as33" { + as3_json = templatefile("DVGATest.tpl", { + tenant_name = "DVGATest" + app_server = format("%s", aws_instance.webserver.private_ip) + app_port = 9005 + vs_server = format("%s", flatten(module.bigip.*.private_addresses[0].public_private.private_ip)[0]) + policy_ref = format("/%s/%s", bigip_waf_policy.testgraphql.partition, bigip_waf_policy.testgraphql.name) + }) + depends_on = [bigip_waf_policy.testgraphql, time_sleep.wait_for_onboardbigip] +} diff --git a/examples/bigip_aws_3nic_deploy_awaf/init.sh b/examples/bigip_aws_3nic_deploy_awaf/init.sh new file mode 100644 index 0000000..85d2bd0 --- /dev/null +++ b/examples/bigip_aws_3nic_deploy_awaf/init.sh @@ -0,0 +1,12 @@ +#!/bin/bash +sudo rm -rf /var/lib/cloud/* +sudo apt upgrade -y +sudo apt update -y +sudo apt install docker.io -y +sudo service docker start +sudo usermod -a -G docker $USER +sudo docker run --name docker-nginx -dit -p 9004:80 nginx:latest +sudo docker run --name juice-shop -dit -p 9000:3000 registry.hub.docker.com/bkimminich/juice-shop +sudo docker run --name web-dvwa -dit -p 9001:80 registry.hub.docker.com/vulnerables/web-dvwa +sudo docker run --name hackazon -dit -p 9002:80 registry.hub.docker.com/ianwijaya/hackazon +sudo docker run --name graphql -dit -p 9005:5013 -e WEB_HOST=0.0.0.0 dolevf/dvga \ No newline at end of file diff --git a/examples/bigip_aws_3nic_deploy_awaf/main.tf b/examples/bigip_aws_3nic_deploy_awaf/main.tf new file mode 100644 index 0000000..6daf5d2 --- /dev/null +++ b/examples/bigip_aws_3nic_deploy_awaf/main.tf @@ -0,0 +1,252 @@ +provider "aws" { + region = var.region +} + +# +# Create a random id +# +resource "random_id" "id" { + byte_length = 2 +} + +# +# Create random password for BIG-IP +# +resource "random_string" "password" { + length = 16 + min_upper = 1 + min_lower = 1 + min_numeric = 1 + special = false +} + +# +# Create Secret Store and Store BIG-IP Password +# +resource "aws_secretsmanager_secret" "bigip" { + name = format("%s-bigip-secret-%s", var.prefix, random_id.id.hex) +} +resource "aws_secretsmanager_secret_version" "bigip-pwd" { + secret_id = aws_secretsmanager_secret.bigip.id + secret_string = random_string.password.result +} + +# +# Create the VPC +# +module "vpc" { + source = "terraform-aws-modules/vpc/aws" + + name = format("%s-vpc-%s", var.prefix, random_id.id.hex) + cidr = var.cidr + enable_dns_hostnames = true + enable_dns_support = true + + azs = var.availabilityZones + + tags = { + Name = format("%s-vpc-%s", var.prefix, random_id.id.hex) + Terraform = "true" + Environment = "dev" + } +} + +resource "aws_internet_gateway" "gw" { + vpc_id = module.vpc.vpc_id + + tags = { + Name = "default" + } +} +resource "aws_route_table" "internet-gw" { + vpc_id = module.vpc.vpc_id + route { + cidr_block = "0.0.0.0/0" + gateway_id = aws_internet_gateway.gw.id + } +} + +resource "aws_subnet" "mgmt" { + vpc_id = module.vpc.vpc_id + cidr_block = cidrsubnet(var.cidr, 8, 1) + availability_zone = format("%sa", var.region) + + tags = { + Name = "management" + } +} +resource "aws_subnet" "external-public" { + vpc_id = module.vpc.vpc_id + cidr_block = cidrsubnet(var.cidr, 8, 2) + availability_zone = format("%sa", var.region) + + tags = { + Name = "external" + } +} +resource "aws_subnet" "internal" { + vpc_id = module.vpc.vpc_id + cidr_block = cidrsubnet(var.cidr, 8, 3) + availability_zone = format("%sa", var.region) + + tags = { + Name = "internal" + } +} + +resource "aws_route_table_association" "route_table_mgmt" { + subnet_id = aws_subnet.mgmt.id + route_table_id = aws_route_table.internet-gw.id +} + +resource "aws_route_table_association" "route_table_external" { + subnet_id = aws_subnet.external-public.id + route_table_id = aws_route_table.internet-gw.id +} + +resource "aws_route_table_association" "route_table_internal" { + subnet_id = aws_subnet.internal.id + route_table_id = aws_route_table.internet-gw.id +} + +# +# Create a security group for BIG-IP +# +module "external-network-security-group-public" { + source = "terraform-aws-modules/security-group/aws" + + name = format("%s-external-public-nsg-%s", var.prefix, random_id.id.hex) + description = "Security group for BIG-IP " + vpc_id = module.vpc.vpc_id + + ingress_cidr_blocks = var.AllowedIPs + ingress_rules = ["http-80-tcp", "https-443-tcp"] + ingress_with_cidr_blocks = [ + { + from_port = 0 + to_port = 0 + protocol = -1 + description = "User-service ports" + cidr_blocks = "0.0.0.0/0" + } + ] + + # Allow ec2 instances outbound Internet connectivity + egress_cidr_blocks = ["0.0.0.0/0"] + egress_rules = ["all-all"] + +} + +# +# Create a security group for BIG-IP Management +# +module "mgmt-network-security-group" { + source = "terraform-aws-modules/security-group/aws" + + name = format("%s-mgmt-nsg-%s", var.prefix, random_id.id.hex) + description = "Security group for BIG-IP Management" + vpc_id = module.vpc.vpc_id + + ingress_cidr_blocks = var.AllowedIPs + ingress_rules = ["https-443-tcp", "https-8443-tcp", "ssh-tcp"] + + # Allow ec2 instances outbound Internet connectivity + egress_cidr_blocks = ["0.0.0.0/0"] + egress_rules = ["all-all"] + +} + +# +# Create a security group for BIG-IP +# +module "internal-network-security-group-public" { + source = "terraform-aws-modules/security-group/aws" + + name = format("%s-internal-nsg-%s", var.prefix, random_id.id.hex) + description = "Security group for BIG-IP " + vpc_id = module.vpc.vpc_id + + ingress_cidr_blocks = ["0.0.0.0/0"] + ingress_rules = ["all-all"] + + # Allow ec2 instances outbound Internet connectivity + egress_cidr_blocks = ["0.0.0.0/0"] + egress_rules = ["all-all"] + +} +resource "tls_private_key" "example" { + algorithm = "RSA" + rsa_bits = 4096 +} + +resource "aws_key_pair" "generated_key" { + key_name = format("%s-%s-%s", var.prefix, var.ec2_key_name, random_id.id.hex) + public_key = tls_private_key.example.public_key_openssh +} + +# +# Create BIG-IP +# +module "bigip" { + source = "../../" + count = var.instance_count + prefix = format("%s-3nic", var.prefix) + ec2_key_name = aws_key_pair.generated_key.key_name + f5_ami_search_name = var.f5_ami_search_name + mgmt_subnet_ids = [{ "subnet_id" = aws_subnet.mgmt.id, "public_ip" = true, "private_ip_primary" = "" }] + mgmt_securitygroup_ids = [module.mgmt-network-security-group.security_group_id] + external_securitygroup_ids = [module.external-network-security-group-public.security_group_id] + internal_securitygroup_ids = [module.internal-network-security-group-public.security_group_id] + external_subnet_ids = [{ "subnet_id" = aws_subnet.external-public.id, "public_ip" = true, "private_ip_primary" = "", "private_ip_secondary" = "" }] + internal_subnet_ids = [{ "subnet_id" = aws_subnet.internal.id, "public_ip" = false, "private_ip_primary" = "" }] + sleep_time = "1000s" + depends_on = [aws_route_table_association.route_table_mgmt, aws_route_table_association.route_table_external, + aws_route_table_association.route_table_internal, module.external-network-security-group-public, + module.internal-network-security-group-public, module.mgmt-network-security-group] +} + +resource "aws_instance" "webserver" { + instance_type = "t2.large" + ami = "ami-0f9cf087c1f27d9b1" + key_name = aws_key_pair.generated_key.key_name + associate_public_ip_address = true + vpc_security_group_ids = [ + module.internal-network-security-group-public.security_group_id + ] + subnet_id = aws_subnet.internal.id + user_data = file("init.sh") + tags = { + Name = "Webserver" + } +} + +resource "null_resource" "clusterDO" { + count = var.instance_count + provisioner "local-exec" { + command = "cat > DO_3nic-instance${count.index}.json < 0 ? [for i in range(var.instance_count) : format("https://%s:%s", module.bigip[i].mgmtPublicDNS, module.bigip[i].mgmtPort)] : tolist([]) +} + +# VPC ID used for BIG-IP Deploy +output "vpc_id" { + value = module.vpc.vpc_id +} + +output "private_addresses" { + description = "List of BIG-IP private addresses" + value = flatten(module.bigip.*.private_addresses[0].public_private.private_ip)[0] +} + +output "public_addresses" { + description = "List of BIG-IP public addresses" + value = module.bigip.*.public_addresses +} + +output "app_server" { + description = "app server address" + value = aws_instance.webserver.private_ip +} \ No newline at end of file diff --git a/examples/bigip_aws_3nic_deploy_awaf/runtests.sh b/examples/bigip_aws_3nic_deploy_awaf/runtests.sh new file mode 100755 index 0000000..d958c7c --- /dev/null +++ b/examples/bigip_aws_3nic_deploy_awaf/runtests.sh @@ -0,0 +1,10 @@ +#!/bin/bash + +# extract the BIG-IP details from the Terraform output +export BIGIP_MGMT_IP=`terraform output --json | jq -cr '.mgmtPublicIP.value[]'[]` +export BIGIP_USER=`terraform output --json | jq -cr '.f5_username.value[]'` +export BIGIP_PASSWORD=`terraform output --json | jq -cr '.bigip_password.value[]'` +export BIGIP_MGMT_PORT=`terraform output --json | jq -cr '.mgmtPort.value[]'` + +#Run InSpect tests from the Jumphost +inspec exec ../inspec/bigip-ready --input bigip_address=$BIGIP_MGMT_IP bigip_port=$BIGIP_MGMT_PORT user=$BIGIP_USER password=$BIGIP_PASSWORD diff --git a/examples/bigip_aws_3nic_deploy_awaf/signatures.tf b/examples/bigip_aws_3nic_deploy_awaf/signatures.tf new file mode 100644 index 0000000..faf98af --- /dev/null +++ b/examples/bigip_aws_3nic_deploy_awaf/signatures.tf @@ -0,0 +1,17 @@ +variable "signatures" { + type = map(object({ + signature_id = number + enabled = bool + perform_staging = bool + description = string + })) +} + +data "bigip_waf_signatures" "map" { + for_each = var.signatures + signature_id = each.value["signature_id"] + description = each.value["description"] + enabled = each.value["enabled"] + perform_staging = each.value["perform_staging"] + depends_on = [module.bigip] +} \ No newline at end of file diff --git a/examples/bigip_aws_3nic_deploy_awaf/variables.tf b/examples/bigip_aws_3nic_deploy_awaf/variables.tf new file mode 100644 index 0000000..15e99bb --- /dev/null +++ b/examples/bigip_aws_3nic_deploy_awaf/variables.tf @@ -0,0 +1,34 @@ +variable "ec2_key_name" { + description = "AWS EC2 Key name for SSH access" + type = string + default = "tf-demo-key" +} + +variable "prefix" { + description = "Prefix for resources created by this module" + type = string + default = "tf-aws-bigip" +} +variable "region" {} + +variable "f5_ami_search_name" {} + +variable "cidr" { + description = "aws VPC CIDR" + type = string + default = "10.0.0.0/16" +} + + +variable "availabilityZones" { + description = "If you want the VM placed in an AWS Availability Zone, and the AWS region you are deploying to supports it, specify the numbers of the existing Availability Zone you want to use." + type = list(any) + default = ["us-east-1a", "us-east-1b"] +} +variable "AllowedIPs" {} + +variable "instance_count" { + description = "Number of Bigip instances to create( From terraform 0.13, module supports count feature to spin mutliple instances )" + type = number + default = 1 +} diff --git a/main.tf b/main.tf index e618732..28be984 100644 --- a/main.tf +++ b/main.tf @@ -122,10 +122,10 @@ resource "aws_network_interface" "public1" { #This resource is for static primary and secondary private ips resource "aws_network_interface" "external_private" { - count = length(compact(local.external_private_ip_primary)) > 0 ? length(local.external_private_subnet_id) : 0 - subnet_id = local.external_private_subnet_id[count.index] - security_groups = var.external_securitygroup_ids - private_ips = [local.external_private_ip_primary[count.index], local.external_private_ip_secondary[count.index]] + count = length(compact(local.external_private_ip_primary)) > 0 ? length(local.external_private_subnet_id) : 0 + subnet_id = local.external_private_subnet_id[count.index] + security_groups = var.external_securitygroup_ids + private_ips = [local.external_private_ip_primary[count.index], local.external_private_ip_secondary[count.index]] source_dest_check = var.external_source_dest_check tags = merge(local.tags, { Name = format("%s-%d", "BIGIP-External-Private-Interface", count.index) diff --git a/templates/f5_onboard.tmpl b/templates/f5_onboard.tmpl index 09510d1..b824f4c 100644 --- a/templates/f5_onboard.tmpl +++ b/templates/f5_onboard.tmpl @@ -12,6 +12,10 @@ exec 1>&- exec 1>$npipe exec 2>&1 +# Run Immediately Before MCPD starts +/usr/bin/setdb provision.extramb 1000 +/usr/bin/setdb restjavad.useextramb true + # # create user # tmsh create auth user ${bigip_username} password ${bigip_password} shell tmsh partition-access replace-all-with { all-partitions { role admin } } @@ -48,18 +52,14 @@ then type: SecretsManager version: AWSCURRENT secretId: ${bigip_password} +pre_onboard_enabled: [] EOF else cat << 'EOF' >> /config/cloud/runtime-init-conf.yaml - name: ADMIN_PASS type: static value: ${bigip_password} -pre_onboard_enabled: - - name: provision_rest - type: inline - commands: - - /usr/bin/setdb provision.extramb 500 - - /usr/bin/setdb restjavad.useextramb true +pre_onboard_enabled: [] EOF fi @@ -98,12 +98,16 @@ extension_services: myNtp: class: NTP servers: - - 0.pool.ntp.org + - 169.254.169.253 timezone: UTC myDns: class: DNS nameServers: - 169.254.169.253 + myProvisioning: + class: Provision + asm: nominal + ltm: nominal admin: class: User partitionAccess: @@ -142,12 +146,15 @@ extension_services: myNtp: class: NTP servers: - - 0.pool.ntp.org + - 169.254.169.253 timezone: UTC myDns: class: DNS nameServers: - 169.254.169.253 + myProvisioning: + class: Provision + ltm: nominal admin: class: User partitionAccess: @@ -186,4 +193,4 @@ f5-bigip-runtime-init --config-file /config/cloud/runtime-init-conf.yaml sleep 5 -f5-bigip-runtime-init --config-file /config/cloud/runtime-init-conf-backup.yaml +f5-bigip-runtime-init --config-file /config/cloud/runtime-init-conf-backup.yaml \ No newline at end of file diff --git a/variables.tf b/variables.tf index 7ea0a5f..f97bb74 100644 --- a/variables.tf +++ b/variables.tf @@ -24,14 +24,12 @@ variable "f5_ami_search_name" { description = "BIG-IP AMI name to search for" type = string default = "F5 BIGIP-16.1.2.2* PAYG-Best Plus 25Mbps*" - #default = "F5 Networks BIGIP-14.0.1-0.0.14 PAYG - Best 1Gbps - 20190817094829-929ca0d8-c2d7-4068-8f9a-eb75a677afed-ami-047292a9177e2e328.4" } variable "ec2_instance_type" { description = "AWS EC2 instance type" type = string default = "m5.xlarge" - #default = "c4.xlarge" } variable "ec2_key_name" { @@ -120,14 +118,14 @@ variable "internal_securitygroup_ids" { variable "DO_URL" { description = "URL to download the BIG-IP Declarative Onboarding module" type = string - default = "https://github.com/F5Networks/f5-declarative-onboarding/releases/download/v1.27.0/f5-declarative-onboarding-1.27.0-6.noarch.rpm" + default = "https://github.com/F5Networks/f5-declarative-onboarding/releases/download/v1.31.0/f5-declarative-onboarding-1.31.0-6.noarch.rpm" } ## Please check and update the latest AS3 URL from https://github.com/F5Networks/f5-appsvcs-extension/releases/latest # always point to a specific version in order to avoid inadvertent configuration inconsistency variable "AS3_URL" { description = "URL to download the BIG-IP Application Service Extension 3 (AS3) module" type = string - default = "https://github.com/F5Networks/f5-appsvcs-extension/releases/download/v3.34.0/f5-appsvcs-3.34.0-4.noarch.rpm" + default = "https://github.com/F5Networks/f5-appsvcs-extension/releases/download/v3.38.0/f5-appsvcs-3.38.0-4.noarch.rpm" } ## Please check and update the latest TS URL from https://github.com/F5Networks/f5-telemetry-streaming/releases/latest @@ -135,7 +133,7 @@ variable "AS3_URL" { variable "TS_URL" { description = "URL to download the BIG-IP Telemetry Streaming module" type = string - default = "https://github.com/F5Networks/f5-telemetry-streaming/releases/download/v1.26.0/f5-telemetry-1.26.0-3.noarch.rpm" + default = "https://github.com/F5Networks/f5-telemetry-streaming/releases/download/v1.30.0/f5-telemetry-1.30.0-1.noarch.rpm" } ## Please check and update the latest Failover Extension URL from https://github.com/F5Networks/f5-cloud-failover-extension/releases/latest @@ -143,7 +141,7 @@ variable "TS_URL" { variable "CFE_URL" { description = "URL to download the BIG-IP Cloud Failover Extension module" type = string - default = "https://github.com/F5Networks/f5-cloud-failover-extension/releases/download/v1.10.0/f5-cloud-failover-1.10.0-0.noarch.rpm" + default = "https://github.com/F5Networks/f5-cloud-failover-extension/releases/download/v1.11.0/f5-cloud-failover-1.11.0-0.noarch.rpm" } ## Please check and update the latest FAST URL from https://github.com/F5Networks/f5-appsvcs-templates/releases/latest @@ -151,15 +149,14 @@ variable "CFE_URL" { variable "FAST_URL" { description = "URL to download the BIG-IP FAST module" type = string - default = "https://github.com/F5Networks/f5-appsvcs-templates/releases/download/v1.15.0/f5-appsvcs-templates-1.15.0-1.noarch.rpm" + default = "https://github.com/F5Networks/f5-appsvcs-templates/releases/download/v1.18.0/f5-appsvcs-templates-1.18.0-1.noarch.rpm" } - ## Please check and update the latest runtime init URL from https://github.com/F5Networks/f5-bigip-runtime-init/releases/latest # always point to a specific version in order to avoid inadvertent configuration inconsistency variable "INIT_URL" { description = "URL to download the BIG-IP runtime init" type = string - default = "https://cdn.f5.com/product/cloudsolutions/f5-bigip-runtime-init/v1.4.1/dist/f5-bigip-runtime-init-1.4.1-1.gz.run" + default = "https://cdn.f5.com/product/cloudsolutions/f5-bigip-runtime-init/v1.5.1/dist/f5-bigip-runtime-init-1.5.1-1.gz.run" } variable "libs_dir" { description = "Directory on the BIG-IP to download the A&O Toolchain into" @@ -187,6 +184,6 @@ variable "tags" { variable "sleep_time" { type = string - default = "300s" + default = "600s" description = "The number of seconds/minutes of delay to build into creation of BIG-IP VMs; default is 250. BIG-IP requires a few minutes to complete the onboarding process and this value can be used to delay the processing of dependent Terraform resources." }