Skip to content

Commit

Permalink
Merge pull request #125 from f5devcentral/mmabis-dev-class10
Browse files Browse the repository at this point in the history
class-10 doc updates and usecase added
  • Loading branch information
VDI-Tech-Guy authored Dec 13, 2024
2 parents c82baa8 + 7bc9933 commit d1a718a
Show file tree
Hide file tree
Showing 12 changed files with 162 additions and 51 deletions.
16 changes: 9 additions & 7 deletions docs/class10/AS3/00-Backup-Restore-Role_as3.rst
Original file line number Diff line number Diff line change
Expand Up @@ -12,22 +12,22 @@ Restore-Role.yaml is a templated Ansible play that utilizes an underlying Role t

.. attention::

The restore command will produce an error in some builds of Ansible even though the restoration does complete. It is a known bug.
The restore command will produce an error in some builds of Ansible even though the restoration does complete. It is a known issue due to the reset of the RestAPI services.

RUN THE TEMPLATE
----------------

Running this template assumes that a F5 BIG-IP instance, necessary webservers and Ansible node are available. To deploy a sandbox infrastructure in AWS users can use the `Ansible Workshops <https://github.com/ansible/workshops>`__
Running this template assumes that a F5 BIG-IP instance, necessary webservers and Ansible node are available.

1. Login to the Ansible Host
1. Ensure you are using a terminal from VSCode (UDF --> Ansible-Node --> Access --> Code-Server --> Password: Ansible123! --> Trust --> Terminal --> New Terminal)

2. Change Directory in the Ansible Host to the use-cases repo previously downloaded

.. code:: bash
cd ~/f5-bd-ansible-labs/401-F5-AppWorld-Lab/AS3/00-Backup-Restore-Role/
3. **(Optional)** Edit 'f5_vars.yml' file in the vars folder to customize the existing variables. For example: File-Name: ‘mybackup.ucs'
3. **(Optional)** View 'vars/f5_vars.yml' file in the vars folder to see information about the deployment (i.e. local_folder_location)

4. Run the Ansible Playbook ‘Backup-Role.yaml’:

Expand All @@ -50,7 +50,7 @@ Running this template assumes that a F5 BIG-IP instance, necessary webservers an
.. note::

you might see an error that looks like `fatal: [f5]: FAILED! => {"changed": false, "msg": "{'code': 503, 'message': 'There is an active asynchronous task executing.', 'errorStack': [], 'apiError': 32964609}"}` this can happen and doesnt impact the effect of the restore.
you might see an error that looks like `fatal: [f5 -> localhost]: FAILED! => {"changed": false, "msg": "Expecting value: line 1 column 1 (char 0)"}` this can occurs due to restarting of services and shouldn't impact the effect of the restore.

after the command is run wait up to 5 minutes for the restore to complete.

Expand All @@ -73,7 +73,9 @@ This section is optional and for testing and verification purposes only. It assu

**Ansible Host:**

- Within a terminal window run `ls /tmp/f5/Use-Case-00-backup.ucs` to verify the backup file exists, this is also assuming that the variables file was not changed.
- Within a terminal window run `ls /f5/code-output/` to verify the backup file exists
- This file will be named based on the inventory-hostname-Year-Month-Day-Hour-Minute-Second.ucs `e.g. f5-2024-12-13-03-27-51.ucs`.
- This method was used to ensure date/timestamps of backups on files and prevents overwriting of other backups.


**F5 BIG-IP**
Expand All @@ -82,7 +84,7 @@ This section is optional and for testing and verification purposes only. It assu

- Login to the BIG-IP instance
- Navigate to System --> Archives
- There should be an archive file called "Use-Case-00-backup.ucs"
- There should be an archive file named similarly to `f5-2024-12-13-03-27-51.ucs` based on the date/timestamp

- Login information for the BIG-IP:

Expand Down
8 changes: 6 additions & 2 deletions docs/class10/AS3/01-Deploy-SSL-Enabled-App_Services_as3.rst
Original file line number Diff line number Diff line change
Expand Up @@ -13,8 +13,7 @@ RUN THE TEMPLATE
----------------
Running this template assumes that a F5 BIG-IP instance, necessary webservers and Ansible node are available.


1. Login to the Ansible Host
1. Ensure you are using a terminal from VSCode (UDF --> Ansible-Node --> Access --> Code-Server --> Password: Ansible123! --> Trust --> Terminal --> New Terminal)

2. Change Directory in the Ansible Host to the use-cases repo previously downloaded

Expand All @@ -28,6 +27,10 @@ Running this template assumes that a F5 BIG-IP instance, necessary webservers an
ansible-navigator run Deploy-SSL-Enabled-App_Services.yaml --mode stdout
.. note::

Any errors seen on the screen are expected behavior and can be ignored.

TESTING AND VALIDATION
-----------------------

Expand Down Expand Up @@ -59,6 +62,7 @@ This section is optional and for testing and verification purposes only. It assu

* Login to the BIG-IP instance
* Navigate to Local Traffic --> Virtual Servers
* Change the Partition (Top Right Corner) to "WorkshopExample"
* Ensure there are 2 VIPs with same IP

+ One listening on port 443
Expand Down
14 changes: 7 additions & 7 deletions docs/class10/AS3/02-Replace-Application-Certificates_as3.rst
Original file line number Diff line number Diff line change
Expand Up @@ -13,15 +13,14 @@ RUNNING THE TEMPLATE
--------------------
Running this template assumes that a F5 BIG-IP instance, necessary webservers and Ansible node are available.

1. Login to the Ansible host
1. Ensure you are using a terminal from VSCode (UDF --> Ansible-Node --> Access --> Code-Server --> Password: Ansible123! --> Trust --> Terminal --> New Terminal)

2. Change Directory in the Ansible Host to the use-cases repo previously downloaded

.. code::
cd ~/f5-bd-ansible-labs/401-F5-AppWorld-Lab/AS3/02-Replace-Application-Certificates-AS3/
3. Run the Ansible Playbook ‘Replace-Application-Certificates.yaml’:

.. code::
Expand Down Expand Up @@ -99,7 +98,7 @@ In this code we have the two usecases (Use Case 1's code and Use Case 2's code),
"class": "Application",
"{{F5_VIP_Name}}": {
"class": "Service_HTTPS",
"virtualPort": 8081,
"virtualPort": 8082,
"virtualAddresses": [
"{{ private_ip }}"
],
Expand Down Expand Up @@ -142,7 +141,7 @@ In this code we have the two usecases (Use Case 1's code and Use Case 2's code),
}
}
In this section we focus on Use Case 2 but we wanted to provide an example of how AS3 stacks applications within the template (will be seen in Use Case 3 as well)
In this section we focus on Use Case 2 but we wanted to provide an example of how AS3 stacks applications within a single template.

TESTING AND VALIDATION
----------------------
Expand All @@ -154,8 +153,8 @@ TESTING AND VALIDATION
Using the External Client (UDF --> Components --> External Client --> Access --> Firefox)

- In the Bookmarks bar you can select the ``Ansible Labs`` Folder and goto ``401 - Labs`` and Select ``Use Case 2``
- OR within the browser you can browse to https://10.1.20.30:8081/
- From a client browser, access the VIP on port 8081 to view the new self-signed certificate (https://10.1.20.30:8081)
- OR within the browser you can browse to https://10.1.20.30:8082/
- From a client browser, access the VIP on port 8081 to view the new self-signed certificate (https://10.1.20.30:8082)


**BIG-IP CONFIGURATION VERIFICATION**
Expand All @@ -168,7 +167,8 @@ This section is optional and for testing and verification purposes only. It assu

* Login to the BIG-IP instance
* Navigate to Local Traffic --> Virtual Servers
* View the deployed use case access VIP:port (8081)
* Change the Partition (Top Right Corner) to "WorkshopExample"
* View the deployed use case access VIP:port (8082)

- Login information for the BIG-IP:

Expand Down
5 changes: 3 additions & 2 deletions docs/class10/AS3/03-Application-Maintenance_as3.rst
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@ RUNNING THE TEMPLATE

Running this template assumes that a F5 BIG-IP instance, necessary webservers and Ansible node are available.

1. Login to the Ansible host
1. Ensure you are using a terminal from VSCode (UDF --> Ansible-Node --> Access --> Code-Server --> Password: Ansible123! --> Trust --> Terminal --> New Terminal)

2. Change Directory in the Ansible Host to the use-cases repo previously downloaded

Expand All @@ -33,7 +33,7 @@ Running this template assumes that a F5 BIG-IP instance, necessary webservers an

By default a VIP and pool will be created during the execution of the code, then the code will disable a single node in that created pool.

Modification of the f5_vars.yml file can change the pool, node(s) and state which can be modified within the f5_vars.yml.
Modification of the vars/f5_vars.yml file can change the pool, node(s) and state which can be modified within the f5_vars.yml.

TESTING AND VALIDATION
----------------------
Expand All @@ -59,6 +59,7 @@ This section assumes knowledge of how to operate BIG-IP commands and networking.

- Login to the BIG-IP
- Navigate to Local Traffic --> Pools
- Change the Partition (Top Right Corner) to "WorkshopExample"
- Click on the pool you selected while running the playbook
- View the members of the pool and verify their state based on action choosen while running the playbook

Expand Down
16 changes: 6 additions & 10 deletions docs/class10/AS3/04-WAF-Policy-Management_as3.rst
Original file line number Diff line number Diff line change
@@ -1,10 +1,10 @@
Use Case 04: WAF (XML) Policy Management in a Role with AS3
===========================================================
Use Case 04: WAF (XML) Policy Management with AS3
=================================================

OVERVIEW
--------

WAF-Policy-Management-Role.yaml is a templated Ansible Role to manage blocked IP addresses and URL's on F5 ASM through Ansible automation.
WAF-Policy-Management.yaml is a templated Ansible Role to manage blocked IP addresses and URL's on F5 ASM through Ansible automation.

Web Application Firewalls work to protect web applications by inspecting incoming traffic, blocking bots, SQL injection, Cross Site Scripting and a host of other attacks. This playbook is designed to demonstrate a basic WAF scenario to create and modify an F5 WAF (ASM) policy to block URL(s) or IP address(s) or both.

Expand All @@ -15,7 +15,7 @@ RUNNING THE TEMPLATE

Running this template assumes that a F5 BIG-IP instance, necessary webservers and Ansible node are available.

1. Login to the Ansible host
1. Ensure you are using a terminal from VSCode (UDF --> Ansible-Node --> Access --> Code-Server --> Password: Ansible123! --> Trust --> Terminal --> New Terminal)

2. Change Directory in the Ansible Host to the use-cases repo previously downloaded

Expand Down Expand Up @@ -49,7 +49,7 @@ TESTING AND VALIDATION

- In the Bookmarks bar you can select the ``Ansible Labs`` Folder and goto ``401 - Labs`` and Select ``Use Case 4``
- OR within the browser you can browse to https://10.1.20.30:8084/
- Access the URL's present in the f5_vars.yml file to see the WAF policy in action
- Access the URL's present in the vars/f5_vars.yml file to see the WAF policy in action

- https://10.1.20.30:8084/blocked.html
- https://10.1.20.30:8084/hacked.html
Expand All @@ -66,15 +66,11 @@ This section is optional and for testing and verification purposes only. It assu

- Login to the BIG-IP instance
- Navigate to Security --> Application Security to view the WAF policy deployed
- Change the Partition (Top Right Corner) to "WorkshopExample"
- Navigate to Local Traffic --> Virtual Servers
- View the deployed use case access F5-BIG-IP-Public-IP:port (8084)

- Login information for the BIG-IP:

* username: admin
* password: **found in the inventory hosts file**

**UDF Lab Revert**
-------------------------------

Once you have completed this section it is recommended to go back to Use-Case 00 and run the **restore** of the BIG-IP before continuing to test the AS3 Section.
102 changes: 102 additions & 0 deletions docs/class10/AS3/05-Stacking-Declarations_as3.rst
Original file line number Diff line number Diff line change
@@ -0,0 +1,102 @@
Use Case 05: Stacking Declarations with Ansible
===============================================

OVERVIEW
--------

In this usecase we will show how one can templatize each usecase as a separate jinja file, and then be able to utilize ansible to combine all of the applciations in a single declaration.

This method can be extremely useful when trying to standardize on a template deployment and using VARS files to fill in the blanks, this is also easier to split out a massive single declaration into each usecase for modification and Day 2 delivery.

RUNNING THE TEMPLATE
--------------------

.. note::

Do not run this use-case without running AS3 use-cases 01 thru 04, as this will ensure that services and software is enabled.


Running this template assumes that a F5 BIG-IP instance, necessary webservers and Ansible node are available.

1. Ensure you are using a terminal from VSCode (UDF --> Ansible-Node --> Access --> Code-Server --> Password: Ansible123! --> Trust --> Terminal --> New Terminal)

2. Change Directory in the Ansible Host to the use-cases repo previously downloaded

.. code:: bash
cd ~/f5-bd-ansible-labs/401-F5-AppWorld-Lab/AS3/05-Stacking-Declarations-AS3/
3. Launch the Ansible playbook 'WAF-Policy-Management-Role.yaml':

.. code::
ansible-navigator run Stacking-Declarations.yaml --mode stdout
.. note::

This Playbook assumes all modules are already installed, as well as AS3 is deployed on the F5 device.
This Playbook also assumes that no modifications of existing declarations are needed (i.e. WAF) and just leverage the existing WAF policies already deployed.


AS3 Declarations
----------------

In this code we have our base template (tennant_base.j2) this code sets up our tenant and fills it in with the variable as3_app_body which is a rendering of all of the `j2/usecase_*.j2` files combined with ansible filling in variable areas.

.. code:: yaml
{
{
"class": "AS3",
"action": "deploy",
"persist": true,
"declaration": {
"class": "ADC",
"schemaVersion": "3.2.0",
"id": "ansibleusecases",
"label": "Ansible Workshops",
"remark": "Tenant-multi-app",
"{{ as3_tenant_name }}":{
"class": "Tenant",
{{ as3_app_body }}
}
}
}
This will show how you can create individual template files that can be stacked in a single declaration.

TESTING AND VALIDATION
----------------------

**VERIFYING WAF POLICY ENFORCEMENT:**

**Access Using F5 UDF Console:**

Using the External Client (UDF --> Components --> External Client --> Access --> Firefox)

- In the Bookmarks bar you can select the ``Ansible Labs`` Folder and goto any of the use-cases previously deployed all will be available.


**BIG-IP CONFIGURATION VERIFICATION:**

This section is optional and for testing and verification purposes only. It assumes knowledge of how to operate BIG-IP commands and networking.

**Access Using F5 UDF Console:**

- BIG-IP - (In UDF --> Components --> BIG-IP --> Access --> TMUI) - This will popup a webpage to access the F5 Login Page

- Login to the BIG-IP instance
- Navigate to Local Traffic --> Virtual Servers
- Change the Partition (Top Right Corner) to "WorkshopExample"
- View the deployed use cases

- Login information for the BIG-IP:

* username: admin
* password: **found in the inventory hosts file**

**UDF Lab Revert**
-------------------------------

Once you have completed this section it is recommended to go back to Use-Case 00 and run the **restore** of the BIG-IP before continuing to test the AS3 Section.
10 changes: 6 additions & 4 deletions docs/class10/Modules/00-Backup-Restore-Role.rst
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@ Restore-Role.yaml is a templated Ansible play that utilizes an underlying Role t

.. attention::

The restore command will produce an error in some builds of Ansible even though the restoration does complete. It is a known bug.
The restore command will produce an error in some builds of Ansible even though the restoration does complete. It is a known issue due to the reset of the RestAPI services.

RUN THE TEMPLATE
----------------
Expand Down Expand Up @@ -50,7 +50,7 @@ Running this template assumes that a F5 BIG-IP instance, necessary webservers an
.. note::

you might see an error that looks like `fatal: [f5]: FAILED! => {"changed": false, "msg": "{'code': 503, 'message': 'There is an active asynchronous task executing.', 'errorStack': [], 'apiError': 32964609}"}` this can happen and doesnt impact the effect of the restore.
you might see an error that looks like `fatal: [f5 -> localhost]: FAILED! => {"changed": false, "msg": "Expecting value: line 1 column 1 (char 0)"}` this can occurs due to restarting of services and shouldn't impact the effect of the restore.

after the command is run wait up to 5 minutes for the restore to complete.

Expand All @@ -73,7 +73,9 @@ This section is optional and for testing and verification purposes only. It assu

**Ansible Host:**

- Within a terminal window run `ls /tmp/f5/Use-Case-00-backup.ucs` to verify the backup file exists, this is also assuming that the variables file was not changed.
- Within a terminal window run `ls /f5/code-output/` to verify the backup file exists
- This file will be named based on the inventory-hostname-Year-Month-Day-Hour-Minute-Second.ucs `e.g. f5-2024-12-13-03-27-51.ucs`.
- This method was used to ensure date/timestamps of backups on files and prevents overwriting of other backups.


**F5 BIG-IP**
Expand All @@ -82,7 +84,7 @@ This section is optional and for testing and verification purposes only. It assu

- Login to the BIG-IP instance
- Navigate to System --> Archives
- There should be an archive file called "Use-Case-00-backup.ucs"
- There should be an archive file named similarly to `f5-2024-12-13-03-27-51.ucs` based on the date/timestamp

- Login information for the BIG-IP:

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@ RUN THE TEMPLATE

Running this template assumes that a F5 BIG-IP instance, necessary webservers and Ansible node are available.

1. Login to the Ansible Host
1. Ensure you are using a terminal from VSCode (UDF --> Ansible-Node --> Access --> Code-Server --> Password: Ansible123! --> Trust --> Terminal --> New Terminal)

2. Change Directory in the Ansible Host to the use-cases repo previously downloaded/cloned:

Expand Down
8 changes: 4 additions & 4 deletions docs/class10/Modules/02-Replace-Application-Certificates.rst
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,7 @@ RUNNING THE TEMPLATE

Running this template assumes that a F5 BIG-IP instance, necessary webservers and Ansible node are available.

1. Login to the Ansible host
1. Ensure you are using a terminal from VSCode (UDF --> Ansible-Node --> Access --> Code-Server --> Password: Ansible123! --> Trust --> Terminal --> New Terminal)

2. Change Directory in the Ansible Host to the use-cases repo previously downloaded

Expand Down Expand Up @@ -51,8 +51,8 @@ TESTING AND VALIDATION
Using the External Client (UDF --> Components --> External Client --> Access --> Firefox)

- In the Bookmarks bar you can select the ``Ansible Labs`` Folder and goto ``401 - Labs`` and Select ``Use Case 2``
- OR within the browser you can browse to https://10.1.20.30:8081/
- From a client browser, access the VIP on port 8081 to view the new self-signed certificate (https://10.1.20.30:8081)
- OR within the browser you can browse to https://10.1.20.30:8082/
- From a client browser, access the VIP on port 8081 to view the new self-signed certificate (https://10.1.20.30:8082)


**BIG-IP CONFIGURATION VERIFICATION**
Expand All @@ -65,7 +65,7 @@ This section is optional and for testing and verification purposes only. It assu

* Login to the BIG-IP instance
* Navigate to Local Traffic --> Virtual Servers
* View the deployed use case access VIP:port (8081)
* View the deployed use case access VIP:port (8082)

- Login information for the BIG-IP:

Expand Down
Loading

0 comments on commit d1a718a

Please sign in to comment.