-
Notifications
You must be signed in to change notification settings - Fork 13
/
sample_quickstart_existing_network.yaml
184 lines (181 loc) · 10.6 KB
/
sample_quickstart_existing_network.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
---
# yamllint disable rule:line-length
# Copyright 2021 F5 Networks All rights reserved.
#
# Version 2.7.0.0s
#
# NOTE: When filling out the parameter values for this deployment:
# Deployments leverage .schema files to help enforce requirements/parameter typing and defaults.
# '###' Will be used above each parameter and contain description of values required
# REQUIRED parameters values are left empty and value MUST be entered.
# OPTIONAL parameters contain defaults (same default from schema file).
# However, some are deployment specific and generally should be modified to match your environment.
#
# CAUTION:
# Use single quotes around strings when supplying special characters or list of values.
# Example: applicationPort '443 444 445'.
# Required fields left empty or faulty values (ex. typos, incorrect timezone strings, etc.)
# can result in various classes of failures, from template launch failures to silent BIG-IP deployment failures.
# Use the Troubleshooting section at the bottom of this .yaml to understand if the template
# and BIG-IP deployed correctly.
imports:
- path: quickstart-existing-network.py
- path: ../modules/bigip-standalone/bigip_standalone.py
- path: ../modules/dag/dag.py
resources:
- name: quickstart-existing-network-py
properties:
### (OPTIONAL) This deployment can send anonymous statistics to F5
# to help us determine how to improve our solutions.
# If you select 'false' statistics are not sent.
allowUsageAnalytics: true
### (OPTIONAL) Application label.
application: f5app
### (OPTIONAL) BIG-IP custom image ID.
# Uncomment the parameter below to supply the identifier of a non marketplace custom image
# (for example, clones or those created by the F5 BIG-IP Image Generator),
# starting with the project name. Example value: 'myProjectName/global/images/myImageName'
# bigIpCustomImageId: myProjectName/global/images/myImageName
### (OPTIONAL) Supply the hostname you would like to use for the BIG-IP instance.
# The hostname must contain fewer than 63 characters.
bigIpHostname: bigip01.local
### (OPTIONAL) The name of a public F5 Marketplace image to deploy.
# If you would like to view all available public images, run the following gcloud command:
# gcloud compute images list --project f5-7626-networks-public --filter="name~f5"
bigIpImageName: f5-bigip-17-1-1-0-2-6-payg-best-plus-25mbps-231101130547
### (OPTIONAL) Instance type assigned to BIG-IP, for example 'n1-standard-8'.
bigIpInstanceType: n1-standard-8
### (OPTIONAL) Uncomment the parameter below to supply the F5 BYOL license key for BIG-IP instance.
# Leave this parameter commented out if deploying the PAYG solution.
# bigIpLicenseKey: AAAAA-BBBBB-CCCCC-DDDDD-EEEEEEE
### (OPTIONAL) Supply a URL to the bigip-runtime-init configuration file in YAML or JSON format
bigIpRuntimeInitConfig: >-
https://raw.githubusercontent.com/F5Networks/f5-google-gdm-templates-v2/v2.9.0.0/examples/quickstart/bigip-configurations/runtime-init-conf-3nic-payg.yaml
### (OPTIONAL) Supply a URL for the bigip-runtime-init package
bigIpRuntimeInitPackageUrl: >-
https://cdn.f5.com/product/cloudsolutions/f5-bigip-runtime-init/v2.0.0/dist/f5-bigip-runtime-init-2.0.0-1.gz.run
### (OPTIONAL) BIG-IP service account email.
# Supply an email of an existing service account to be assigned to the BIG-IP instance.
# Uncomment the parameter below and replace 'your-service-account@yourproject' value
# with your existing service account email.
# Note: If left commented and a value is not provided, a service account will not be assigned.
# bigIpServiceAccountEmail: your-service-account@yourproject.iam.gserviceaccount.com
### (OPTIONAL) Cost Center label.
cost: f5cost
### (OPTIONAL) Environment Center label.
environment: f5env
### (OPTIONAL) Group label.
group: f5group
### (REQUIRED) This parameter is used for providing existing networks names.
# For example,
# For a 1 NIC Deployment.
# networks:
# mgmtNetworkName: myuniqstr-mgmt
# For a 2 NIC Deployment
# networks:
# mgmtNetworkName: myuniqstr-mgmt
# externalNetworkName: myuniqstr-external
# For a 3 NIC Deployment
# networks:
# mgmtNetworkName: myuniqstr-mgmt
# externalNetworkName: myuniqstr-external
# internalNetworkName: myuniqstr-internal
# Or when deploying into a shared VPC:
# For a 1 NIC Deployment.
# networks:
# mgmtNetworkName: projects/myVpcProjectName/global/networks/myuniqstr-mgmt
# For a 2 NIC Deployment
# networks:
# mgmtNetworkName: projects/myVpcProjectName/global/networks/myuniqstr-mgmt
# externalNetworkName: projects/myVpcProjectName/global/networks/myuniqstr-external
# For a 3 NIC Deployment
# networks:
# mgmtNetworkName: projects/myVpcProjectName/global/networks/myuniqstr-mgmt
# externalNetworkName: projects/myVpcProjectName/global/networks/myuniqstr-external
# internalNetworkName: projects/myVpcProjectName/global/networks/myuniqstr-internal
networks:
mgmtNetworkName:
externalNetworkName:
internalNetworkName:
### (OPTIONAL) Enter valid number of network interfaces (1-3) to create on the BIG-IP VE instance.
numNics: 3
### (OPTIONAL) Owner label.
owner: f5owner
### (OPTIONAL) Provision Public IP addresses for the BIG-IP Management interface.
# By default, this is set to true. If set to false, the solution will deploy a bastion host
# instead in order to provide access.
provisionPublicIp: false
### (OPTIONAL) Enter the Google Region in which you want to deploy BIG-IP, for example 'us-west1'.
region: us-west1
### (REQUIRED) This field restricts web application access (ports 80 and 443)
# to a specific network or address. Enter an IP address or address range in CIDR notation.
# For example, '55.55.55.55/32'.
# The network address should be in array format. For example:
# restrictedSrcAddressApp:
# - 0.0.0.0/0
restrictedSrcAddressApp:
### (REQUIRED) This parameter restricts network access to the BIG-IP's management interface.
# Provide a yaml list of addresses or networks in CIDR notation,
# for example, '- 55.55.55.55/32' for a host, '- 10.0.0.0/8' for a network, etc.
# Please restrict the IP address range to your client, for example '- X.X.X.X/32'.
# Production should never expose the BIG-IP Management interface to the Internet.
# NOTE:
# - The VPC CIDR is automatically added for internal use (access via bastion host, clustering, etc.).
# - If using a Bastion Host (when ProvisionPublicIp = false), you must also include the
# Bastion's source network as in the example below (w/ RFC 1918 block).
# restrictedSrcAddressMgmt:
# - 10.0.0.0/24 # Bastion Host on Mgmt Network
# - 55.55.55.55/32 # Client to Bastion Host
restrictedSrcAddressMgmt:
### (REQUIRED) This parameter is used for providing subnets names.
# For example,
# For 1 NIC Deployment
# subnets:
# mgmtSubnetName: myuniqstr-mgmt
# For 2 NIC Deployment
# subnets:
# mgmtSubnetName: myuniqstr-mgmt
# externalSubnetName: myuniqstr-external
# For a 3 NIC Deployment
# subnets:
# mgmtSubnetName: myuniqstr-mgmt
# externalSubnetName: myuniqstr-external
# internalSubnetName: myuniqstr-internal
# Or when deploying into a shared VPC:
# For 1 NIC Deployment
# subnets:
# mgmtSubnetName: projects/myVpcProjectName/regions/us-west1/subnetworks/myuniqstr-mgmt
# For 2 NIC Deployment
# subnets:
# mgmtSubnetName: projects/myVpcProjectName/regions/us-west1/subnetworks/myuniqstr-mgmt
# externalSubnetName: projects/myVpcProjectName/regions/us-west1/subnetworks/myuniqstr-external
# For a 3 NIC Deployment
# subnets:
# mgmtSubnetName: projects/myVpcProjectName/regions/us-west1/subnetworks/myuniqstr-mgmt
# externalSubnetName: projects/myVpcProjectName/regions/us-west1/subnetworks/myuniqstr-external
# internalSubnetName: projects/myVpcProjectName/regions/us-west1/subnetworks/myuniqstr-internal
subnets:
mgmtSubnetName:
externalSubnetName:
internalSubnetName:
### (OPTIONAL) A string that will be used in naming cloud resources.
# Because some resources require globally unique names, we recommend using a unique value.
uniqueString: myuniqstr
### (OPTIONAL) Enter the Google availability zone where you want to deploy the BIG-IP VE instance,
# for example 'us-west1-a'.
zone: us-west1-a
type: quickstart-existing-network.py
# TROUBLESHOOTING:
# * If template did not successfully deploy, go to console.cloud.google.com Navigation Menu -> Deployment Manager -> Your Deployment Name for more details
# TIP: See "Expanded Config" to see what the final template that was rendered/created with python script and parameters you provided
# * If template succeeded, wait ~ 6-10 Minutes (Instance needs to swap management NIC and reboot).
# * Try Logging in via SSH to confirm BIG-IP deployment was successful (for instance, if startup scripts completed as expected on the BIG-IPs)
# To obtain Management IP (eth0 on Single NIC, eth1 on Multi-NIC BIG-IP):
# > Go to Console -> Compute Engine -> VM Instances -> YOUR_INSTANCE_NAME -> Network Interfaces
# > gcloud compute instances describe YOUR_INSTANCE_NAME --zone YOUR_ZONE --format="text(networkInterfaces)"
# Check logs: /var/log/cloud/google/*, /var/log/cloud*, /var/log/restnoded/restnoded.log, etc.
# * If not able to log in, check "Serial port 1 (console)" output for any errors.
# > Go to Console -> Compute Engine -> VM Instances -> YOUR_INSTANCE_NAME -> Logs
# > gcloud compute instances get-serial-port-output YOUR_INSTANCE_NAME --port 1 --zone YOUR_ZONE
# See: https://cloud.google.com/compute/docs/instances/viewing-serial-port-output
# * See README for additional guidance on troubleshooting, filing issues, getting Support, etc.