Partner Guide - Consul NIA, Terraform, and F5 BIG-IP
In a previous tutorial, we demonstrated how to integrate the Consul catalog with an F5 BIG-IP load balancer by deploying applications with the Application Services 3 (AS3) extensions.
In a Day2+ scenario, F5 BIG-IP's automation tool chain can be used to automate the configuration of an F5 BIG-IP load balancer using F5 Application Services Templates (FAST) to deploy and manage Application Services 3 (AS3) applications.
HashiCorp and F5 collaborated on a strategy for this using HashiCorp's Network Infrastructure Automation (NIA).
This tutorial provides step-by-step instructions on how to automate the configuration update process for an AS3 application using Terraform and Consul. You can use the workflow presented as a blueprint to get familiar with the pattern and accelerate your networking infrastructure management.
Prerequisites
To complete this tutorial, you will need previous experience with F5 BIG-IP and Consul. You can either manually deploy the necessary infrastructure, or use the Terraform demo code.
To complete the steps listed in this tutorial you should configure the following infrastructure.
A single Consul datacenter with server and client nodes, and the configuration directory for Consul agents at
/etc/consul.d/
.A running instance of the F5 BIG-IP platform. If you don’t already have one you can use a hosted AWS instance for this tutorial.
The AS3 package version 3.7.0 installed on your F5 BIG-IP platform.
Standard web server running on a node, listening on HTTP port 80. You will use NGINX in this tutorial.
You can set up the prerequisites on your own, or use the Terraform configuration in this repository to set up the entire tutorial environment.
The tutorial will provide the detailed steps to setup the environment using the Terraform code provided in the repository.
Terraform
0.13.x
- To use the Terraform configuration in the repository, you need to have theterraform
binary installed on your test machine.Consul-Terraform-Sync
0.2.0+
.
Watch the video - Optional
Consul's integration with F5 was demonstrated in a webinar. If you want to learn about the integration but aren't ready to try it out, you can watch the webinar recording to see the integration in action.
Deploy the demo environment using Terraform - Optional
The tutorial provides an example scenario that can be deployed on AWS using Terraform.
First, clone the repository.
Next, navigate to the repository's root folder.
The demo code uses AWS to deploy the datacenter infrastructure, as well as the instance of the F5 BIG-IP platform. To continue with the deploy, configure AWS credentials for your environment so that Terraform can authenticate with AWS and create resources.
To do this with IAM user authentication, set your AWS access key ID as an environment variable.
Now set your secret key.
If you have temporary AWS credentials, you must also add your
AWS_SESSION_TOKEN
as an environment variable. See the AWS Provider
Documentation
for more details.
Tip
If you don't have access to IAM user credentials, use another authentication method described in the AWS provider documentation.
Deploy Consul datacenter and F5 BIG-IP
The Terraform code for deploying the Consul datacenter and the BIG-IP instance
is under the terraform
folder.
Move into the folder.
Generate a random password for your F5 BIG-IP instance.
Use the terraform.tfvars.example
template file to create a terraform.tfvars
file. The example file is in the terraform
folder.
Edit the file to specify a prefix for the resources being created and an IP address to access the environment once deployed.
Once the configuration is complete, you can deploy the infrastructure with Terraform.
First, initialize Terraform.
Note
If terraform init
fails with Error: Failed to install provider
issue the command again.
Then, use terraform plan
to check the resources that are going to be created.
Finally, apply the changes.
The final part of the Terraform output provides you with the information to access your infrastructure.
You can access your Consul datacenter UI using the address specified by the
Consul_UI
value.
From the Consul UI you can verify the datacenter contains two instances of NGINX running on two different nodes.
By opening your browser at the URL specified by the F5_UI
variable, you can
access your F5 BIG-IP instance GUI.
After the device finishes booting, use the F5_Username
and F5_Password
values to login.
Deploy FAST template
F5 Application Services Templates (FAST) are an easy and effective way to deploy applications on the BIG-IP system using AS3.
The FAST Extension provides a toolset for templating and managing AS3 Applications on BIG-IP.
To deploy the FAST template, you can use the code under the fast
folder of the
example scenario code.
The code contains a working template example that defines an AS3 application representing an NGINX instance.
Move into the folder.
First, initialize Terraform.
Note
Issue the command again if terraform init
fails with Error: Failed to install provider
.
Then, use terraform plan
to check the resources that are going to be created.
Finally, apply the changes.
Once the terraform command terminates, you can verify that the FAST template deployed on your F5 instance.
The URL provided by app_url
in the output is the public endpoint that will
grant you access to the services once consul-terraform-sync
is started.
Network Infrastructure Automation
Once all infrastructure is deployed, you can use Consul-Terraform-Sync to monitor the changes in your NGINX instances and modify your F5 BigIP configuration accordingly, without the need for a network operator.
First, move into the nia
directory in the repository.
Next, you will configure Consul-Terraform-Sync.
If you deployed the infrastructure using the provided scripts, the configuration
file is produced automatically for you under the nia
folder.
Finally, you can start Consul-Terraform-Sync.
Open the URL provided by app_url
and verify that load balancing works.
Test automation
To verify the integration is working, add more NGINX instances by editing the AWS Auto Scaling group configuration.
Edit the nginx.tf
file inside the terraform
folder to change the desired
capacity from 2 to 4.
Then, use terraform plan
to check the resources that are going to be changed.
Finally, apply the changes.
Once the changes are applied on AWS, Consul will show the new instances on the Services tab.
Consul-Terraform-Sync will pick the change from the Consul catalog and modify the BIG-IP configuration to reflect the new NGINX instances.
Refresh the page to verify the traffic is being balanced across the four NGINX instances.
Clean your environment
Once you have completed the tutorial, you can clean up your environment by stopping
consul-terraform-sync
and using terraform destroy
from each of the folders
you deployed from.
Stop Consul-Terraform-Sync
You can stop Consul-Terraform-Sync by either using CTRL+C
in the shell running
the daemon or by sending the SIGINT signal to the process.
Before stopping, the daemon will log the requested shutdown.
Destroy resources
Clean your repository
Finally, you can clean the Git repository to remove files created by the runs.
Next steps
In this tutorial, you learned how to automate the configuration of your F5 BIG-IP load balancer using Consul-Terraform-Sync and F5 Application Services Templates (FAST).
To learn more about Network Infrastructure Automation with Consul-Terraform-Sync, check the full documentation on the Consul website.
You can review the Secure Consul-Terraform-Sync for Production tutorial to learn how to secure the Consul-Terraform-Sync instance and other best practices to integrate it into a production environment.
For more info on F5 Application Services Templates (FAST) refer to the official documentation.