Skip to content
Permalink
Branch: master
Find file Copy path
Find file Copy path
Fetching contributors…
Cannot retrieve contributors at this time
2683 lines (2682 sloc) 85.1 KB
{
"AWSTemplateFormatVersion": "2010-09-09",
"Conditions": {
"noCustomImageId": {
"Fn::Equals": [
"OPTIONAL",
{
"Ref": "customImageId"
}
]
},
"optin": {
"Fn::Equals": [
"Yes",
{
"Ref": "allowUsageAnalytics"
}
]
}
},
"Description": "Template v4.1.4: AWS CloudFormation Template for creating a Same-AZ cluster of 2NIC BIG-IPs in an existing VPC **WARNING** This template creates Amazon EC2 Instances. You will be billed for the AWS resources used if you create a stack from this template.",
"Mappings": {
"BigipRegionMap": {
"ap-northeast-1": {
"AdvancedWaf1000Mbps": "ami-f52e5318",
"AdvancedWaf200Mbps": "ami-472855aa",
"AdvancedWaf25Mbps": "ami-88334e65",
"Best1000Mbps": "ami-65285588",
"Best200Mbps": "ami-80334e6d",
"Best25Mbps": "ami-7128559c",
"Best5000Mbps": "ami-92334e7f",
"Better1000Mbps": "ami-072f52ea",
"Better200Mbps": "ami-062f52eb",
"Better25Mbps": "ami-e62c510b",
"Better5000Mbps": "ami-8e295463",
"Good1000Mbps": "ami-63334e8e",
"Good200Mbps": "ami-062d50eb",
"Good25Mbps": "ami-b02f525d",
"Good5000Mbps": "ami-0a2d50e7",
"PerAppVeAwaf200Mbps": "ami-88cebc65",
"PerAppVeAwaf25Mbps": "ami-d03f423d",
"PerAppVeLtm200Mbps": "ami-233d40ce",
"PerAppVeLtm25Mbps": "ami-7f3f4292"
},
"ap-northeast-2": {
"AdvancedWaf1000Mbps": "ami-0f05872fb7d0e05d1",
"AdvancedWaf200Mbps": "ami-015506735d78469e2",
"AdvancedWaf25Mbps": "ami-03d536c2a7a88780c",
"Best1000Mbps": "ami-0cd6298b21d16fbd6",
"Best200Mbps": "ami-07308157c1fe8d9b1",
"Best25Mbps": "ami-06a395bec87e3ba14",
"Best5000Mbps": "ami-00d923b96a0132617",
"Better1000Mbps": "ami-031a290010f3945f9",
"Better200Mbps": "ami-08e8dae42e82f9b8f",
"Better25Mbps": "ami-0a85f432114a48d9d",
"Better5000Mbps": "ami-0f24805e4bea33baf",
"Good1000Mbps": "ami-015e42a248ec0c0f9",
"Good200Mbps": "ami-0a8a83f7178dc0a93",
"Good25Mbps": "ami-00382824a02a205d3",
"Good5000Mbps": "ami-0448dda2f2b89f9dc",
"PerAppVeAwaf200Mbps": "ami-028488b0e1d619dff",
"PerAppVeAwaf25Mbps": "ami-059a7e2695556f0c8",
"PerAppVeLtm200Mbps": "ami-0ca5d2bde643f97b4",
"PerAppVeLtm25Mbps": "ami-0ec4d2c661924c1ec"
},
"ap-south-1": {
"AdvancedWaf1000Mbps": "ami-092704717ba9642f2",
"AdvancedWaf200Mbps": "ami-0ca7ad055819c4f56",
"AdvancedWaf25Mbps": "ami-01ccc08f4540f2a1f",
"Best1000Mbps": "ami-096b15790facf0add",
"Best200Mbps": "ami-07666bfa159779467",
"Best25Mbps": "ami-0bac511daeb7c70fd",
"Best5000Mbps": "ami-085aa8769a17eae3b",
"Better1000Mbps": "ami-0b998cecaad826504",
"Better200Mbps": "ami-0f454efb34e3385db",
"Better25Mbps": "ami-0a035d0b15fe39dfb",
"Better5000Mbps": "ami-0c3a5094211ada1bb",
"Good1000Mbps": "ami-068e23dbce66eebe8",
"Good200Mbps": "ami-061b7bbf591698c50",
"Good25Mbps": "ami-0120dc9347de0af96",
"Good5000Mbps": "ami-0a939828ccd330b33",
"PerAppVeAwaf200Mbps": "ami-084a00318d471221f",
"PerAppVeAwaf25Mbps": "ami-0a0c8ddf0de9700c3",
"PerAppVeLtm200Mbps": "ami-0e1225f6ae8441def",
"PerAppVeLtm25Mbps": "ami-094e806e14c448cc6"
},
"ap-southeast-1": {
"AdvancedWaf1000Mbps": "ami-50eeadba",
"AdvancedWaf200Mbps": "ami-dce8ab36",
"AdvancedWaf25Mbps": "ami-7fecaf95",
"Best1000Mbps": "ami-c4e8ab2e",
"Best200Mbps": "ami-ddedae37",
"Best25Mbps": "ami-40eeadaa",
"Best5000Mbps": "ami-63ecaf89",
"Better1000Mbps": "ami-fde9aa17",
"Better200Mbps": "ami-3aefacd0",
"Better25Mbps": "ami-0beface1",
"Better5000Mbps": "ami-e1e8ab0b",
"Good1000Mbps": "ami-0aeface0",
"Good200Mbps": "ami-05efacef",
"Good25Mbps": "ami-96e9aa7c",
"Good5000Mbps": "ami-09eface3",
"PerAppVeAwaf200Mbps": "ami-2ce2a1c6",
"PerAppVeAwaf25Mbps": "ami-0ee5a6e4",
"PerAppVeLtm200Mbps": "ami-59e6a5b3",
"PerAppVeLtm25Mbps": "ami-54e6a5be"
},
"ap-southeast-2": {
"AdvancedWaf1000Mbps": "ami-e2218080",
"AdvancedWaf200Mbps": "ami-e35cfd81",
"AdvancedWaf25Mbps": "ami-e25cfd80",
"Best1000Mbps": "ami-e95ffe8b",
"Best200Mbps": "ami-f357f691",
"Best25Mbps": "ami-f257f690",
"Best5000Mbps": "ami-455eff27",
"Better1000Mbps": "ami-e75cfd85",
"Better200Mbps": "ami-e15ffe83",
"Better25Mbps": "ami-195cfd7b",
"Better5000Mbps": "ami-47208125",
"Good1000Mbps": "ami-2c5cfd4e",
"Good200Mbps": "ami-0a228368",
"Good25Mbps": "ami-185cfd7a",
"Good5000Mbps": "ami-e05ffe82",
"PerAppVeAwaf200Mbps": "ami-095cfd6b",
"PerAppVeAwaf25Mbps": "ami-b65ffed4",
"PerAppVeLtm200Mbps": "ami-085cfd6a",
"PerAppVeLtm25Mbps": "ami-e757f685"
},
"ca-central-1": {
"AdvancedWaf1000Mbps": "ami-8a50ddee",
"AdvancedWaf200Mbps": "ami-1e53de7a",
"AdvancedWaf25Mbps": "ami-8950dded",
"Best1000Mbps": "ami-8e50ddea",
"Best200Mbps": "ami-1c53de78",
"Best25Mbps": "ami-0353de67",
"Best5000Mbps": "ami-8d50dde9",
"Better1000Mbps": "ami-0753de63",
"Better200Mbps": "ami-0053de64",
"Better25Mbps": "ami-3c51dc58",
"Better5000Mbps": "ami-0253de66",
"Good1000Mbps": "ami-0653de62",
"Good200Mbps": "ami-2351dc47",
"Good25Mbps": "ami-0553de61",
"Good5000Mbps": "ami-7353de17",
"PerAppVeAwaf200Mbps": "ami-0853de6c",
"PerAppVeAwaf25Mbps": "ami-0f53de6b",
"PerAppVeLtm200Mbps": "ami-0e53de6a",
"PerAppVeLtm25Mbps": "ami-7053de14"
},
"eu-central-1": {
"AdvancedWaf1000Mbps": "ami-52909cb9",
"AdvancedWaf200Mbps": "ami-16979bfd",
"AdvancedWaf25Mbps": "ami-10979bfb",
"Best1000Mbps": "ami-7e979b95",
"Best200Mbps": "ami-9e9a9675",
"Best25Mbps": "ami-089599e3",
"Best5000Mbps": "ami-989a9673",
"Better1000Mbps": "ami-71969a9a",
"Better200Mbps": "ami-8e9a9665",
"Better25Mbps": "ami-d0979b3b",
"Better5000Mbps": "ami-50979bbb",
"Good1000Mbps": "ami-7e9a9695",
"Good200Mbps": "ami-d1979b3a",
"Good25Mbps": "ami-749a969f",
"Good5000Mbps": "ami-f8949813",
"PerAppVeAwaf200Mbps": "ami-8198946a",
"PerAppVeAwaf25Mbps": "ami-8a989461",
"PerAppVeLtm200Mbps": "ami-8b989460",
"PerAppVeLtm25Mbps": "ami-63999588"
},
"eu-west-1": {
"AdvancedWaf1000Mbps": "ami-9d658470",
"AdvancedWaf200Mbps": "ami-171efffa",
"AdvancedWaf25Mbps": "ami-8662836b",
"Best1000Mbps": "ami-ce658423",
"Best200Mbps": "ami-2718f9ca",
"Best25Mbps": "ami-de17f633",
"Best5000Mbps": "ami-2418f9c9",
"Better1000Mbps": "ami-7c1ffe91",
"Better200Mbps": "ami-3e1effd3",
"Better25Mbps": "ami-396081d4",
"Better5000Mbps": "ami-f765841a",
"Good1000Mbps": "ami-236081ce",
"Good200Mbps": "ami-f061801d",
"Good25Mbps": "ami-ef608102",
"Good5000Mbps": "ami-4d6180a0",
"PerAppVeAwaf200Mbps": "ami-0410f1e9",
"PerAppVeAwaf25Mbps": "ami-8417f669",
"PerAppVeLtm200Mbps": "ami-fe0ced13",
"PerAppVeLtm25Mbps": "ami-ff0ced12"
},
"eu-west-2": {
"AdvancedWaf1000Mbps": "ami-ddb045ba",
"AdvancedWaf200Mbps": "ami-37b04550",
"AdvancedWaf25Mbps": "ami-c9b441ae",
"Best1000Mbps": "ami-cfb441a8",
"Best200Mbps": "ami-dfb045b8",
"Best25Mbps": "ami-c0b441a7",
"Best5000Mbps": "ami-c1b441a6",
"Better1000Mbps": "ami-d3b441b4",
"Better200Mbps": "ami-1db1447a",
"Better25Mbps": "ami-d2b045b5",
"Better5000Mbps": "ami-d0b045b7",
"Good1000Mbps": "ami-d4b045b3",
"Good200Mbps": "ami-d3b045b4",
"Good25Mbps": "ami-e8b4418f",
"Good5000Mbps": "ami-d7b441b0",
"PerAppVeAwaf200Mbps": "ami-f6b44191",
"PerAppVeAwaf25Mbps": "ami-13b14474",
"PerAppVeLtm200Mbps": "ami-14b14473",
"PerAppVeLtm25Mbps": "ami-f5b44192"
},
"eu-west-3": {
"AdvancedWaf1000Mbps": "ami-06f523caaada96986",
"AdvancedWaf200Mbps": "ami-06d28c18892449992",
"AdvancedWaf25Mbps": "ami-0df7c8e1051ea3654",
"Best1000Mbps": "ami-0a3aaf8e9a9fd72aa",
"Best200Mbps": "ami-090f472a40b6170d7",
"Best25Mbps": "ami-05524703a65eacf04",
"Best5000Mbps": "ami-04bdccb3fa209eb92",
"Better1000Mbps": "ami-015776a89599ac3cd",
"Better200Mbps": "ami-0e52644e9f343bb93",
"Better25Mbps": "ami-09ebfe9bc3d5eca70",
"Better5000Mbps": "ami-0935a64813cb872b8",
"Good1000Mbps": "ami-061773f051588a66a",
"Good200Mbps": "ami-0324e55511aac6409",
"Good25Mbps": "ami-07c9a31728f4e7e9f",
"Good5000Mbps": "ami-04bafe20c9cb68cbc",
"PerAppVeAwaf200Mbps": "ami-0962a811e34dbe3fb",
"PerAppVeAwaf25Mbps": "ami-081803a88b9d34978",
"PerAppVeLtm200Mbps": "ami-0a8e6cf7322412e02",
"PerAppVeLtm25Mbps": "ami-0fde48b0c6e01fff9"
},
"sa-east-1": {
"AdvancedWaf1000Mbps": "ami-0751574d54153299e",
"AdvancedWaf200Mbps": "ami-06566af1df98a82fa",
"AdvancedWaf25Mbps": "ami-0211b5fd69ba7d794",
"Best1000Mbps": "ami-019c02254c5f31159",
"Best200Mbps": "ami-035ee0ea4d9c34e63",
"Best25Mbps": "ami-036f313139861da5b",
"Best5000Mbps": "ami-029294634c208d25c",
"Better1000Mbps": "ami-07095455820886dd2",
"Better200Mbps": "ami-03d5909e6fede1ddb",
"Better25Mbps": "ami-09dd865de7145aea5",
"Better5000Mbps": "ami-03fbc8d3280ffe9dd",
"Good1000Mbps": "ami-09a3d15d7720849ea",
"Good200Mbps": "ami-0897f17364db537b4",
"Good25Mbps": "ami-060a44240f04f6832",
"Good5000Mbps": "ami-0d42e60bcfe4cc4eb",
"PerAppVeAwaf200Mbps": "ami-0c8ffc39b3cdc3636",
"PerAppVeAwaf25Mbps": "ami-03881364a9250b56f",
"PerAppVeLtm200Mbps": "ami-03e89294541030bfc",
"PerAppVeLtm25Mbps": "ami-030769c8fe9c7d5a9"
},
"us-east-1": {
"AdvancedWaf1000Mbps": "ami-5efaea21",
"AdvancedWaf200Mbps": "ami-d7f7e7a8",
"AdvancedWaf25Mbps": "ami-abfbebd4",
"Best1000Mbps": "ami-7cf5e503",
"Best200Mbps": "ami-28feee57",
"Best25Mbps": "ami-cff9e9b0",
"Best5000Mbps": "ami-a9faead6",
"Better1000Mbps": "ami-57f7e728",
"Better200Mbps": "ami-d4f4e4ab",
"Better25Mbps": "ami-3ffaea40",
"Better5000Mbps": "ami-b7f8e8c8",
"Good1000Mbps": "ami-19f4e466",
"Good200Mbps": "ami-3efaea41",
"Good25Mbps": "ami-39faea46",
"Good5000Mbps": "ami-a1f6e6de",
"PerAppVeAwaf200Mbps": "ami-31cddd4e",
"PerAppVeAwaf25Mbps": "ami-34cddd4b",
"PerAppVeLtm200Mbps": "ami-36cddd49",
"PerAppVeLtm25Mbps": "ami-2dc2d252"
},
"us-east-2": {
"AdvancedWaf1000Mbps": "ami-70474215",
"AdvancedWaf200Mbps": "ami-b94e4bdc",
"AdvancedWaf25Mbps": "ami-f14f4a94",
"Best1000Mbps": "ami-3e4d485b",
"Best200Mbps": "ami-36434653",
"Best25Mbps": "ami-75474210",
"Best5000Mbps": "ami-d94d48bc",
"Better1000Mbps": "ami-f2474297",
"Better200Mbps": "ami-f54f4a90",
"Better25Mbps": "ami-d14d48b4",
"Better5000Mbps": "ami-ff47429a",
"Good1000Mbps": "ami-f1474294",
"Good200Mbps": "ami-2943464c",
"Good25Mbps": "ami-2843464d",
"Good5000Mbps": "ami-ca4c49af",
"PerAppVeAwaf200Mbps": "ami-2f4e4b4a",
"PerAppVeAwaf25Mbps": "ami-c34c49a6",
"PerAppVeLtm200Mbps": "ami-a94d48cc",
"PerAppVeLtm25Mbps": "ami-994045fc"
},
"us-gov-west-1": {
"AdvancedWaf1000Mbps": "ami-a939a4c8",
"AdvancedWaf200Mbps": "ami-7a4ad71b",
"AdvancedWaf25Mbps": "ami-a13fa2c0",
"Best1000Mbps": "ami-603ea301",
"Best200Mbps": "ami-4d3da02c",
"Best25Mbps": "ami-f1039e90",
"Best5000Mbps": "ami-e23ca183",
"Better1000Mbps": "ami-b6009dd7",
"Better200Mbps": "ami-66039e07",
"Better25Mbps": "ami-454ad724",
"Better5000Mbps": "ami-06148967",
"Good1000Mbps": "ami-76059817",
"Good200Mbps": "ami-434ad722",
"Good25Mbps": "ami-0a09946b",
"Good5000Mbps": "ami-424ad723",
"PerAppVeAwaf200Mbps": "ami-03148962",
"PerAppVeAwaf25Mbps": "ami-404ad721",
"PerAppVeLtm200Mbps": "ami-517ce130",
"PerAppVeLtm25Mbps": "ami-db0a97ba"
},
"us-west-1": {
"AdvancedWaf1000Mbps": "ami-c24ea2a1",
"AdvancedWaf200Mbps": "ami-cf4ea2ac",
"AdvancedWaf25Mbps": "ami-1f4da17c",
"Best1000Mbps": "ami-2b4ea248",
"Best200Mbps": "ami-974ea2f4",
"Best25Mbps": "ami-ba4da1d9",
"Best5000Mbps": "ami-964ea2f5",
"Better1000Mbps": "ami-064da165",
"Better200Mbps": "ami-9f4ea2fc",
"Better25Mbps": "ami-f04ea293",
"Better5000Mbps": "ami-934ea2f0",
"Good1000Mbps": "ami-f34ea290",
"Good200Mbps": "ami-ad4da1ce",
"Good25Mbps": "ami-814ea2e2",
"Good5000Mbps": "ami-864ea2e5",
"PerAppVeAwaf200Mbps": "ami-b14ca0d2",
"PerAppVeAwaf25Mbps": "ami-c84da1ab",
"PerAppVeLtm200Mbps": "ami-464fa325",
"PerAppVeLtm25Mbps": "ami-474fa324"
},
"us-west-2": {
"AdvancedWaf1000Mbps": "ami-ba587dc2",
"AdvancedWaf200Mbps": "ami-22587d5a",
"AdvancedWaf25Mbps": "ami-25587d5d",
"Best1000Mbps": "ami-992306e1",
"Best200Mbps": "ami-33587d4b",
"Best25Mbps": "ami-f1210489",
"Best5000Mbps": "ami-115d7869",
"Better1000Mbps": "ami-a12702d9",
"Better200Mbps": "ami-ab2603d3",
"Better25Mbps": "ami-79230601",
"Better5000Mbps": "ami-3e587d46",
"Good1000Mbps": "ami-275d785f",
"Good200Mbps": "ami-b92603c1",
"Good25Mbps": "ami-ae2702d6",
"Good5000Mbps": "ami-79557001",
"PerAppVeAwaf200Mbps": "ami-235c795b",
"PerAppVeAwaf25Mbps": "ami-a24a6fda",
"PerAppVeLtm200Mbps": "ami-554e6b2d",
"PerAppVeLtm25Mbps": "ami-a14a6fd9"
}
}
},
"Metadata": {
"AWS::CloudFormation::Interface": {
"ParameterGroups": [
{
"Label": {
"default": "NETWORKING CONFIGURATION"
},
"Parameters": [
"Vpc",
"managementSubnetAz1",
"managementSubnetAz2",
"subnet1Az1",
"subnet1Az2",
"subnet2Az1",
"subnet2Az2",
"availabilityZone1",
"availabilityZone2",
"numberOfAdditionalNics",
"additionalNicLocation"
]
},
{
"Label": {
"default": "INSTANCE CONFIGURATION"
},
"Parameters": [
"imageName",
"customImageId",
"instanceType",
"applicationInstanceType",
"licenseKey1",
"licenseKey2",
"managementGuiPort",
"sshKey",
"restrictedSrcAddress",
"restrictedSrcAddressApp",
"ntpServer",
"timezone"
]
},
{
"Label": {
"default": "TAGS"
},
"Parameters": [
"application",
"environment",
"group",
"owner",
"costcenter"
]
},
{},
{
"Label": {
"default": "TEMPLATE ANALYTICS"
},
"Parameters": [
"allowUsageAnalytics"
]
},
{
"Label": {
"default": "VIRTUAL SERVICE CONFIGURATION"
},
"Parameters": [
"declarationUrl"
]
}
],
"ParameterLabels": {
"Vpc": {
"default": "VPC"
},
"additionalNicLocation": {
"default": "Additional NIC Location"
},
"allowUsageAnalytics": {
"default": "Send Anonymous Statistics to F5"
},
"application": {
"default": "Application"
},
"applicationInstanceType": {
"default": "Application Instance Type"
},
"availabilityZone1": {
"default": "Availability Zone 1"
},
"availabilityZone2": {
"default": "Availability Zone 2"
},
"costcenter": {
"default": "Cost Center"
},
"customImageId": {
"default": "Custom Image Id"
},
"declarationUrl": {
"default": "AS3 Declaration URL"
},
"environment": {
"default": "Environment"
},
"group": {
"default": "Group"
},
"imageName": {
"default": "BIG-IP Image Name"
},
"instanceType": {
"default": "AWS Instance Size"
},
"licenseKey1": {
"default": "License Key 1"
},
"licenseKey2": {
"default": "License Key 2"
},
"managementGuiPort": {
"default": "BIG-IP Management Port"
},
"managementSubnetAz1": {
"default": "Management Subnet AZ1"
},
"managementSubnetAz2": {
"default": "Management Subnet AZ2"
},
"ntpServer": {
"default": "NTP Server"
},
"numberOfAdditionalNics": {
"default": "Number Of Additional NICs"
},
"owner": {
"default": "Owner"
},
"restrictedSrcAddress": {
"default": "Source Address(es) for Management Access"
},
"restrictedSrcAddressApp": {
"default": "Source Address(es) for Web Application Access (80/443)"
},
"sshKey": {
"default": "SSH Key"
},
"subnet1Az1": {
"default": "Subnet1 in AZ1"
},
"subnet1Az2": {
"default": "Subnet1 in AZ2"
},
"subnet2Az1": {
"default": "Subnet2 in AZ1"
},
"subnet2Az2": {
"default": "Subnet2 in AZ2"
},
"timezone": {
"default": "Timezone (Olson)"
}
}
},
"Version": "4.1.4"
},
"Outputs": {
"Bigip1ExternalInterfacePrivateIp": {
"Description": "Internally routable IP of the public interface on BIG-IP",
"Value": {
"Fn::GetAtt": [
"Bigip1subnet1Az1Interface",
"PrimaryPrivateIpAddress"
]
}
},
"Bigip1InstanceId": {
"Description": "Instance Id of BIG-IP in Amazon",
"Value": {
"Ref": "Bigip1Instance"
}
},
"Bigip1ManagementEipAddress": {
"Description": "IP address of the management port on BIG-IP",
"Value": {
"Ref": "Bigip1ManagementEipAddress"
}
},
"Bigip1ManagementInterface": {
"Description": "Management interface ID on BIG-IP",
"Value": {
"Ref": "Bigip1ManagementInterface"
}
},
"Bigip1ManagementInterfacePrivateIp": {
"Description": "Internally routable IP of the management interface on BIG-IP",
"Value": {
"Fn::GetAtt": [
"Bigip1ManagementInterface",
"PrimaryPrivateIpAddress"
]
}
},
"Bigip1Url": {
"Description": "BIG-IP Management GUI",
"Value": {
"Fn::Join": [
"",
[
"https://",
{
"Fn::GetAtt": [
"Bigip1Instance",
"PublicIp"
]
}
]
]
}
},
"Bigip1VipEipAddress": {
"Description": "EIP address for VIP",
"Value": {
"Fn::Join": [
"",
[
"http://",
{
"Ref": "Bigip1VipEipAddress"
},
":80"
]
]
}
},
"Bigip1VipPrivateIp": {
"Description": "VIP on External Interface Secondary IP 1",
"Value": {
"Fn::Select": [
"0",
{
"Fn::GetAtt": [
"Bigip1subnet1Az1Interface",
"SecondaryPrivateIpAddresses"
]
}
]
}
},
"Bigip1subnet1Az1Interface": {
"Description": "External interface Id on BIG-IP",
"Value": {
"Ref": "Bigip1subnet1Az1Interface"
}
},
"Bigip1subnet1Az1SelfEipAddress": {
"Description": "IP Address of the External interface attached to BIG-IP",
"Value": {
"Ref": "Bigip1subnet1Az1SelfEipAddress"
}
},
"Bigip2ExternalInterfacePrivateIp": {
"Description": "Internally routable IP of the public interface on BIG-IP",
"Value": {
"Fn::GetAtt": [
"Bigip2subnet1Az1Interface",
"PrimaryPrivateIpAddress"
]
}
},
"Bigip2InstanceId": {
"Description": "Instance Id of BIG-IP in Amazon",
"Value": {
"Ref": "Bigip2Instance"
}
},
"Bigip2ManagementEipAddress": {
"Description": "IP address of the management port on BIG-IP",
"Value": {
"Ref": "Bigip2ManagementEipAddress"
}
},
"Bigip2ManagementInterface": {
"Description": "Management interface ID on BIG-IP",
"Value": {
"Ref": "Bigip2ManagementInterface"
}
},
"Bigip2ManagementInterfacePrivateIp": {
"Description": "Internally routable IP of the management interface on BIG-IP",
"Value": {
"Fn::GetAtt": [
"Bigip2ManagementInterface",
"PrimaryPrivateIpAddress"
]
}
},
"Bigip2Url": {
"Description": "BIG-IP Management GUI",
"Value": {
"Fn::Join": [
"",
[
"https://",
{
"Fn::GetAtt": [
"Bigip2Instance",
"PublicIp"
]
}
]
]
}
},
"Bigip2subnet1Az1Interface": {
"Description": "External interface Id on BIG-IP",
"Value": {
"Ref": "Bigip2subnet1Az1Interface"
}
},
"Bigip2subnet1Az1SelfEipAddress": {
"Description": "IP Address of the External interface attached to BIG-IP",
"Value": {
"Ref": "Bigip2subnet1Az1SelfEipAddress"
}
},
"availabilityZone1": {
"Description": "Availability Zone",
"Value": {
"Fn::GetAtt": [
"Bigip1Instance",
"AvailabilityZone"
]
}
},
"availabilityZone2": {
"Description": "Availability Zone",
"Value": {
"Fn::GetAtt": [
"Bigip2Instance",
"AvailabilityZone"
]
}
},
"bigipExternalSecurityGroup": {
"Description": "Public or External Security Group",
"Value": {
"Ref": "bigipExternalSecurityGroup"
}
},
"bigipManagementSecurityGroup": {
"Description": "Management Security Group",
"Value": {
"Ref": "bigipManagementSecurityGroup"
}
}
},
"Parameters": {
"Vpc": {
"ConstraintDescription": "This must be an existing VPC within the working region.",
"Type": "AWS::EC2::VPC::Id"
},
"allowUsageAnalytics": {
"AllowedValues": [
"Yes",
"No"
],
"Default": "Yes",
"Description": "This deployment can send anonymous statistics to F5 to help us determine how to improve our solutions. If you select **No** statistics are not sent.",
"Type": "String"
},
"application": {
"Default": "f5app",
"Description": "Name of the Application Tag",
"Type": "String"
},
"costcenter": {
"Default": "f5costcenter",
"Description": "Name of the Cost Center Tag",
"Type": "String"
},
"customImageId": {
"ConstraintDescription": "Must be a valid AMI Id",
"Default": "OPTIONAL",
"Description": "If you would like to deploy using a custom BIG-IP image, provide the AMI Id. **Note**: Unless specifically required, leave the default of **OPTIONAL**",
"MaxLength": 255,
"MinLength": 1,
"Type": "String"
},
"declarationUrl": {
"AllowedPattern": "^(http:\\/\\/|https:\\/\\/)?[a-z0-9]+([\\-\\.]{1}[a-z0-9]+)*\\.[a-z]{2,5}(:[0-9]{1,5})?(\\/.*)?$|^none$",
"Default": "none",
"Description": "URL for the AS3 declaration JSON file to be deployed. Leave as **none** to deploy without a service configuration.",
"Type": "String"
},
"environment": {
"Default": "f5env",
"Description": "Name of the Environment Tag",
"Type": "String"
},
"group": {
"Default": "f5group",
"Description": "Name of the Group Tag",
"Type": "String"
},
"imageName": {
"AllowedValues": [
"Good25Mbps",
"Good200Mbps",
"Good1000Mbps",
"Good5000Mbps",
"Better25Mbps",
"Better200Mbps",
"Better1000Mbps",
"Better5000Mbps",
"Best25Mbps",
"Best200Mbps",
"Best1000Mbps",
"Best5000Mbps",
"AdvancedWaf25Mbps",
"AdvancedWaf200Mbps",
"AdvancedWaf1000Mbps"
],
"ConstraintDescription": "Must be a valid F5 BIG-IP VE image type",
"Default": "Best1000Mbps",
"Description": "F5 BIG-IP Performance Type",
"Type": "String"
},
"instanceType": {
"AllowedValues": [
"m5.xlarge",
"m5.4xlarge",
"m5.large",
"m5.12xlarge",
"m4.xlarge",
"m4.large",
"m4.4xlarge",
"m4.2xlarge",
"m4.16xlarge",
"m4.10xlarge",
"m3.xlarge",
"m3.medium",
"m3.large",
"m3.2xlarge",
"cc2.8xlarge",
"c5.xlarge",
"c5.large",
"c5.4xlarge",
"c5.9xlarge",
"c4.xlarge",
"c4.8xlarge",
"c4.4xlarge",
"c4.2xlarge",
"c3.xlarge",
"c3.8xlarge",
"c3.4xlarge",
"c3.2xlarge"
],
"ConstraintDescription": "Must be a valid EC2 instance type for BIG-IP",
"Default": "m5.xlarge",
"Description": "Size of the F5 BIG-IP Virtual Instance",
"Type": "String"
},
"managementSubnetAz1": {
"ConstraintDescription": "The subnet ID must be within an existing VPC",
"Description": "Management Subnet ID",
"Type": "AWS::EC2::Subnet::Id"
},
"ntpServer": {
"Default": "0.pool.ntp.org",
"Description": "NTP server for this implementation",
"Type": "String"
},
"owner": {
"Default": "f5owner",
"Description": "Name of the Owner Tag",
"Type": "String"
},
"restrictedSrcAddress": {
"AllowedPattern": "(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})/(\\d{1,2})",
"ConstraintDescription": "Must be a valid IP CIDR range of the form x.x.x.x/x.",
"Description": " The IP address range used to SSH and access managment GUI on the EC2 instances",
"MaxLength": "18",
"MinLength": "9",
"Type": "String"
},
"restrictedSrcAddressApp": {
"AllowedPattern": "(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})/(\\d{1,2})",
"ConstraintDescription": "Must be a valid IP CIDR range of the form x.x.x.x/x.",
"Description": " The IP address range that can be used to access web traffic (80/443) to the EC2 instances",
"MaxLength": "18",
"MinLength": "9",
"Type": "String"
},
"sshKey": {
"Description": "EC2 KeyPair to enable SSH access to the BIG-IP instance",
"Type": "AWS::EC2::KeyPair::KeyName"
},
"subnet1Az1": {
"ConstraintDescription": "The subnet ID must be within an existing VPC",
"Description": "Public or External subnet",
"Type": "AWS::EC2::Subnet::Id"
},
"timezone": {
"Default": "UTC",
"Description": "Olson timezone string from /usr/share/zoneinfo",
"Type": "String"
}
},
"Resources": {
"Bigip1Instance": {
"Metadata": {
"AWS::CloudFormation::Init": {
"config": {
"commands": {
"000-disable-1nicautoconfig": {
"command": "/usr/bin/setdb provision.1nicautoconfig disable"
},
"010-install-libs": {
"command": {
"Fn::Join": [
" ",
[
"mkdir -p /var/log/cloud/aws;",
"nohup /config/installCloudLibs.sh",
"&>> /var/log/cloud/aws/install.log < /dev/null &"
]
]
}
},
"020-generate-password": {
"command": {
"Fn::Join": [
"",
[
"nohup /config/waitThenRun.sh",
" f5-rest-node /config/cloud/aws/node_modules/@f5devcentral/f5-cloud-libs/scripts/runScript.js",
" --signal PASSWORD_CREATED",
" --file f5-rest-node",
" --cl-args '/config/cloud/aws/node_modules/@f5devcentral/f5-cloud-libs/scripts/generatePassword --file /config/cloud/aws/.adminPassword --encrypt'",
" --log-level silly",
" -o /var/log/cloud/aws/generatePassword.log",
" &>> /var/log/cloud/aws/install.log < /dev/null",
" &"
]
]
}
},
"030-create-admin-user": {
"command": {
"Fn::Join": [
"",
[
"nohup /config/waitThenRun.sh",
" f5-rest-node /config/cloud/aws/node_modules/@f5devcentral/f5-cloud-libs/scripts/runScript.js",
" --wait-for PASSWORD_CREATED",
" --signal ADMIN_CREATED",
" --file /config/cloud/aws/node_modules/@f5devcentral/f5-cloud-libs/scripts/createUser.sh",
" --cl-args '--user admin",
" --password-file /config/cloud/aws/.adminPassword",
" --password-encrypted",
"'",
" --log-level silly",
" -o /var/log/cloud/aws/createUser.log",
" &>> /var/log/cloud/aws/install.log < /dev/null",
" &"
]
]
}
},
"040-network-config": {
"command": {
"Fn::Join": [
"",
[
"GATEWAY_MAC=`ifconfig eth1 | egrep HWaddr | awk '{print tolower($5)}'`; ",
"GATEWAY_CIDR_BLOCK=`curl -s -f --retry 20 http://169.254.169.254/latest/meta-data/network/interfaces/macs/${GATEWAY_MAC}/subnet-ipv4-cidr-block`; ",
"GATEWAY_NET=${GATEWAY_CIDR_BLOCK%/*}; ",
"GATEWAY_PREFIX=${GATEWAY_CIDR_BLOCK#*/}; ",
"GATEWAY=`echo ${GATEWAY_NET} | awk -F. '{ print $1\".\"$2\".\"$3\".\"$4+1 }'`; ",
"nohup /config/waitThenRun.sh ",
"f5-rest-node /config/cloud/aws/node_modules/@f5devcentral/f5-cloud-libs/scripts/network.js ",
"--host localhost ",
"--user admin ",
"--password-url file:///config/cloud/aws/.adminPassword ",
"--password-encrypted ",
"-o /var/log/cloud/aws/network.log ",
"--log-level silly ",
"--wait-for ADMIN_CREATED ",
"--signal NETWORK_CONFIG_DONE ",
"--vlan name:external,nic:1.1 ",
"--default-gw ${GATEWAY} ",
"--self-ip 'name:external-self,address:",
{
"Fn::GetAtt": [
"Bigip1subnet1Az1Interface",
"PrimaryPrivateIpAddress"
]
},
"/'${GATEWAY_PREFIX}',vlan:external,allow:tcp:4353 udp:1026' ",
"&>> /var/log/cloud/aws/install.log < /dev/null &"
]
]
}
},
"050-onboard-BIG-IP": {
"command": {
"Fn::If": [
"optin",
{
"Fn::Join": [
" ",
[
"REGION=\"",
{
"Ref": "AWS::Region"
},
"\";",
"DEPLOYMENTID=`echo \"",
{
"Ref": "AWS::StackId"
},
"\"|sha512sum|cut -d \" \" -f 1`;",
"CUSTOMERID=`echo \"",
{
"Ref": "AWS::AccountId"
},
"\"|sha512sum|cut -d \" \" -f 1`;",
"NAME_SERVER=`/config/cloud/aws/getNameServer.sh eth1`;",
"nohup /config/waitThenRun.sh",
"f5-rest-node /config/cloud/aws/node_modules/@f5devcentral/f5-cloud-libs/scripts/onboard.js",
"--install-ilx-package file:///config/cloud/f5-appsvcs-3.5.1-5.noarch.rpm",
"--wait-for NETWORK_CONFIG_DONE",
"--signal ONBOARD_DONE",
"-o /var/log/cloud/aws/onboard.log",
"--log-level silly",
"--no-reboot",
"--host localhost",
"--user admin",
"--password-url file:///config/cloud/aws/.adminPassword",
"--password-encrypted",
"--hostname `curl -s -f --retry 20 http://169.254.169.254/latest/meta-data/hostname`",
"--ntp ",
{
"Ref": "ntpServer"
},
"--tz ",
{
"Ref": "timezone"
},
"--dns ${NAME_SERVER}",
"--module ltm:nominal",
"--metrics \"cloudName:aws,region:${REGION},bigipVersion:13.1.1-0.0.4,customerId:${CUSTOMERID},deploymentId:${DEPLOYMENTID},templateName:f5-existing-stack-same-az-cluster-payg-2nic-bigip.template,templateVersion:4.1.4,licenseType:hourly\"",
"--ping",
"&>> /var/log/cloud/aws/install.log < /dev/null &"
]
]
},
{
"Fn::Join": [
" ",
[
"NAME_SERVER=`/config/cloud/aws/getNameServer.sh eth1`;",
"nohup /config/waitThenRun.sh",
"f5-rest-node /config/cloud/aws/node_modules/@f5devcentral/f5-cloud-libs/scripts/onboard.js",
"--install-ilx-package file:///config/cloud/f5-appsvcs-3.5.1-5.noarch.rpm",
"--wait-for NETWORK_CONFIG_DONE",
"--signal ONBOARD_DONE",
"-o /var/log/cloud/aws/onboard.log",
"--log-level silly",
"--no-reboot",
"--host localhost",
"--user admin",
"--password-url file:///config/cloud/aws/.adminPassword",
"--password-encrypted",
"--hostname `curl -s -f --retry 20 http://169.254.169.254/latest/meta-data/hostname`",
"--ntp ",
{
"Ref": "ntpServer"
},
"--tz ",
{
"Ref": "timezone"
},
"--dns ${NAME_SERVER}",
"--module ltm:nominal",
"--ping",
"&>> /var/log/cloud/aws/install.log < /dev/null &"
]
]
}
]
}
},
"060-custom-config": {
"command": {
"Fn::Join": [
" ",
[
"nohup /config/waitThenRun.sh",
"f5-rest-node /config/cloud/aws/node_modules/@f5devcentral/f5-cloud-libs/scripts/runScript.js",
"--file /config/cloud/aws/custom-config.sh",
"--cwd /config/cloud/aws",
"-o /var/log/cloud/aws/custom-config.log",
"--log-level silly",
"--wait-for ONBOARD_DONE",
"--signal CUSTOM_CONFIG_DONE",
"&>> /var/log/cloud/aws/install.log < /dev/null &"
]
]
}
},
"065-cluster": {
"command": {
"Fn::Join": [
" ",
[
"HOSTNAME=`curl -s -f --retry 20 http://169.254.169.254/latest/meta-data/hostname`;",
"nohup /config/waitThenRun.sh",
"f5-rest-node /config/cloud/aws/node_modules/@f5devcentral/f5-cloud-libs/scripts/cluster.js",
"--wait-for CUSTOM_CONFIG_DONE",
"--signal CLUSTER_DONE",
"-o /var/log/cloud/aws/cluster.log",
"--log-level silly",
"--host localhost",
"--user admin",
"--password-url file:///config/cloud/aws/.adminPassword",
"--password-encrypted",
"--cloud aws",
"--provider-options 's3Bucket:",
{
"Ref": "S3Bucket"
},
"'",
"--master",
"--config-sync-ip",
{
"Fn::GetAtt": [
"Bigip1subnet1Az1Interface",
"PrimaryPrivateIpAddress"
]
},
"--create-group",
"--device-group across_az_failover_group",
"--sync-type sync-failover",
"--network-failover",
"--device ${HOSTNAME}",
"--auto-sync",
"&>> /var/log/cloud/aws/install.log < /dev/null &"
]
]
}
},
"070-rm-password": {
"command": {
"Fn::Join": [
" ",
[
"nohup /config/waitThenRun.sh",
"f5-rest-node /config/cloud/aws/node_modules/@f5devcentral/f5-cloud-libs/scripts/runScript.js",
"--file /config/cloud/aws/rm-password.sh",
"-o /var/log/cloud/aws/rm-password.log",
"--log-level silly",
"--wait-for CLUSTER_DONE",
"--signal PASSWORD_REMOVED",
"&>> /var/log/cloud/aws/install.log < /dev/null &"
]
]
}
}
},
"files": {
"/config/cloud/aws/custom-config.sh": {
"content": {
"Fn::Join": [
"",
[
"#!/bin/bash\n",
"EXTIP='",
{
"Fn::GetAtt": [
"Bigip1subnet1Az1Interface",
"PrimaryPrivateIpAddress"
]
},
"'\n",
"EXTPRIVIP='",
{
"Fn::Select": [
"0",
{
"Fn::GetAtt": [
"Bigip1subnet1Az1Interface",
"SecondaryPrivateIpAddresses"
]
}
]
},
"'\n",
"HOSTNAME=`curl -s -f --retry 20 http://169.254.169.254/latest/meta-data/hostname`\n",
"PEER_EXTPRIVIP='",
{
"Fn::Select": [
"0",
{
"Fn::GetAtt": [
"Bigip2subnet1Az1Interface",
"SecondaryPrivateIpAddresses"
]
}
]
},
"'\n",
"VIPEIP='",
{
"Ref": "Bigip1VipEipAddress"
},
"'\n",
"PROGNAME=$(basename $0)\n",
"function error_exit {\n",
"echo \"${PROGNAME}: ${1:-\\\"Unknown Error\\\"}\" 1>&2\n",
"exit 1\n",
"}\n",
"declare -a tmsh=()\n",
"echo 'starting custom-config.sh'\n",
"tmsh+=(\n",
"\"tmsh modify sys db dhclient.mgmt { value disable }\"\n",
"\"tmsh modify cm device ${HOSTNAME} unicast-address { { effective-ip ${EXTIP} effective-port 1026 ip ${EXTIP} } }\"\n",
"\"tmsh load sys application template /config/cloud/aws/f5.service_discovery.tmpl\"\n",
"\"tmsh load sys application template /config/cloud/aws/f5.cloud_logger.v1.0.0.tmpl\"\n",
"\"tmsh save /sys config\")\n",
"for CMD in \"${tmsh[@]}\"\n",
"do\n",
" \"/config/cloud/aws/node_modules/@f5devcentral/f5-cloud-libs/scripts/waitForMcp.sh\"\n",
" if $CMD;then\n",
" echo \"command $CMD successfully executed.\"\n",
" else\n",
" error_exit \"$LINENO: An error has occurred while executing $CMD. Aborting!\"\n",
" fi\n",
"done\n",
"date\n",
"### START CUSTOM CONFIGURTION\n",
"source /config/cloud/aws/onboard_config_vars\n",
"deployed=\"no\"\n",
"url_regex=\"(http:\\/\\/|https:\\/\\/)?[a-z0-9]+([\\-\\.]{1}[a-z0-9]+)*\\.[a-z]{2,5}(:[0-9]{1,5})?(\\/.*)?$\"\n",
"file_loc=\"/config/cloud/custom_config\"\n",
"if [[ $declarationUrl =~ $url_regex ]]; then\n",
" response_code=$(/usr/bin/curl -sk -w \"%{http_code}\" $declarationUrl -o $file_loc)\n",
" if [[ $response_code == 200 ]]; then\n",
" echo \"Custom config download complete; checking for valid JSON.\"\n",
" cat $file_loc | jq .class\n",
" if [[ $? == 0 ]]; then\n",
" response_code=$(/usr/bin/curl -skvvu ${adminUsername}:$passwd -w \"%{http_code}\" -X POST -H \"Content-Type: application/json\" https://localhost:${managementGuiPort}/mgmt/shared/appsvcs/declare -d @$file_loc -o /dev/null)\n",
" if [[ $response_code == 200 || $response_code == 502 ]]; then\n",
" echo \"Deployment of custom application succeeded.\"\n",
" deployed=\"yes\"\n",
" else\n",
" echo \"Failed to deploy custom application; continuing...\"\n",
" fi\n",
" else\n",
" echo \"Custom config was not valid JSON, continuing...\"\n",
" fi\n",
" else\n",
" echo \"Failed to download custom config; continuing...\"\n",
" fi\n",
"else\n",
" echo \"Custom config was not a URL, continuing...\"\n",
"fi\n",
"### END CUSTOM CONFIGURATION"
]
]
},
"group": "root",
"mode": "000755",
"owner": "root"
},
"/config/cloud/aws/f5.cloud_logger.v1.0.0.tmpl": {
"group": "root",
"mode": "000755",
"owner": "root",
"source": "https://raw.githubusercontent.com/F5Networks/f5-cloud-iapps/v2.3.2/f5-cloud-logger/f5.cloud_logger.v1.0.0.tmpl"
},
"/config/cloud/aws/f5.service_discovery.tmpl": {
"group": "root",
"mode": "000755",
"owner": "root",
"source": "https://raw.githubusercontent.com/F5Networks/f5-cloud-iapps/v2.3.2/f5-service-discovery/f5.service_discovery.tmpl"
},
"/config/cloud/aws/getNameServer.sh": {
"content": {
"Fn::Join": [
"\n",
[
"INTERFACE=$1",
"INTERFACE_MAC=`ifconfig ${INTERFACE} | egrep HWaddr | awk '{print tolower($5)}'`",
"VPC_CIDR_BLOCK=`curl -s -f --retry 20 http://169.254.169.254/latest/meta-data/network/interfaces/macs/${INTERFACE_MAC}/vpc-ipv4-cidr-block`",
"VPC_NET=${VPC_CIDR_BLOCK%/*}",
"NAME_SERVER=`echo ${VPC_NET} | awk -F. '{ printf \"%d.%d.%d.%d\", $1, $2, $3, $4+2 }'`",
"echo $NAME_SERVER"
]
]
},
"group": "root",
"mode": "000755",
"owner": "root"
},
"/config/cloud/aws/onboard_config_vars": {
"content": {
"Fn::Join": [
"",
[
"",
"#!/bin/bash\n",
"# Generated from 4.1.4\n",
"hostname=`curl http://169.254.169.254/latest/meta-data/hostname`\n",
"region='",
{
"Ref": "AWS::Region"
},
"'\n",
"adminUsername='admin'\n",
"managementGuiPort='443'\n",
"timezone='",
{
"Ref": "timezone"
},
"'\n",
"ntpServer='",
{
"Ref": "ntpServer"
},
"'\n",
"declarationUrl='",
{
"Ref": "declarationUrl"
},
"'\n",
"passwd=$(f5-rest-node /config/cloud/aws/node_modules/@f5devcentral/f5-cloud-libs/scripts/decryptDataFromFile.js --data-file /config/cloud/aws/.adminPassword)\n"
]
]
},
"group": "root",
"mode": "000755",
"owner": "root"
},
"/config/cloud/aws/rm-password.sh": {
"content": {
"Fn::Join": [
"",
[
"#!/bin/bash\n",
"PROGNAME=$(basename $0)\n",
"function error_exit {\n",
"echo \"${PROGNAME}: ${1:-\"Unknown Error\"}\" 1>&2\n",
"exit 1\n",
"}\n",
"date\n",
"echo 'starting rm-password.sh'\n",
"declare -a tmsh=()\n",
"tmsh+=(\"rm /config/cloud/aws/.adminPassword\")\n",
"for CMD in \"${tmsh[@]}\"\n",
"do\n",
" if $CMD;then\n",
" echo \"command $CMD successfully executed.\"\n",
" else\n",
" error_exit \"$LINENO: An error has occurred while executing $CMD. Aborting!\"\n",
" fi\n",
"done\n",
"date\n"
]
]
},
"group": "root",
"mode": "000755",
"owner": "root"
},
"/config/cloud/f5-appsvcs-3.5.1-5.noarch.rpm": {
"group": "root",
"mode": "000755",
"owner": "root",
"source": "https://raw.githubusercontent.com/F5Networks/f5-appsvcs-extension/v3.6.0/dist/lts/f5-appsvcs-3.5.1-5.noarch.rpm"
},
"/config/cloud/f5-cloud-libs-aws.tar.gz": {
"group": "root",
"mode": "000755",
"owner": "root",
"source": "https://raw.githubusercontent.com/F5Networks/f5-cloud-libs-aws/v2.4.0/dist/f5-cloud-libs-aws.tar.gz"
},
"/config/cloud/f5-cloud-libs.tar.gz": {
"group": "root",
"mode": "000755",
"owner": "root",
"source": "https://raw.githubusercontent.com/F5Networks/f5-cloud-libs/v4.8.1/dist/f5-cloud-libs.tar.gz"
},
"/config/installCloudLibs.sh": {
"content": {
"Fn::Join": [
"\n",
[
"#!/bin/bash",
"echo about to execute",
"checks=0",
"while [ $checks -lt 120 ]; do echo checking mcpd",
" tmsh -a show sys mcp-state field-fmt | grep -q running",
" if [ $? == 0 ]; then",
" echo mcpd ready",
" break",
" fi",
" echo mcpd not ready yet",
" let checks=checks+1",
" sleep 10",
"done",
"echo loading verifyHash script",
"if ! tmsh load sys config merge file /config/verifyHash; then",
" echo cannot validate signature of /config/verifyHash",
" exit",
"fi",
"echo loaded verifyHash",
"declare -a filesToVerify=(\"/config/cloud/f5-cloud-libs.tar.gz\" \"/config/cloud/f5-cloud-libs-aws.tar.gz\" \"/config/cloud/f5-appsvcs-3.5.1-5.noarch.rpm\" \"/config/cloud/aws/f5.service_discovery.tmpl\" \"/config/cloud/aws/f5.cloud_logger.v1.0.0.tmpl\")",
"for fileToVerify in \"${filesToVerify[@]}\"",
"do",
" echo verifying \"$fileToVerify\"",
" if ! tmsh run cli script verifyHash \"$fileToVerify\"; then",
" echo \"$fileToVerify\" is not valid",
" exit 1",
" fi",
" echo verified \"$fileToVerify\"",
"done",
"mkdir -p /config/cloud/aws/node_modules/@f5devcentral",
"echo expanding f5-cloud-libs.tar.gz",
"tar xvfz /config/cloud/f5-cloud-libs.tar.gz -C /config/cloud/aws/node_modules/@f5devcentral",
"echo installing dependencies",
"tar xvfz /config/cloud/f5-cloud-libs-aws.tar.gz -C /config/cloud/aws/node_modules/@f5devcentral",
"echo cloud libs install complete",
"touch /config/cloud/cloudLibsReady"
]
]
},
"group": "root",
"mode": "000755",
"owner": "root"
},
"/config/verifyHash": {
"content": "cli script /Common/verifyHash {\nproc script::run {} {\n if {[catch {\n set hashes(f5-cloud-libs.tar.gz) 18f1d7db0fe52eceb72aa2f2b56152926c126d153f0f65953441fea79a756c3c5ff847da2ed7b70c153da5490ffd54e3f93eaab33e8d6df46619a525b26e3505\n set hashes(f5-cloud-libs-aws.tar.gz) 076c969cbfff12efacce0879820262b7787c98645f1105667cc4927d4acfe2466ed64c777b6d35957f6df7ae266937dde42fef4c8b1f870020a366f7f910ffb5\n set hashes(f5-cloud-libs-azure.tar.gz) 57fae388e8aa028d24a2d3fa2c029776925011a72edb320da47ccd4fb8dc762321c371312f692b7b8f1c84e8261c280f6887ba2e0f841b50547e6e6abc8043ba\n set hashes(f5-cloud-libs-gce.tar.gz) 1677835e69967fd9882ead03cbdd24b426627133b8db9e41f6de5a26fef99c2d7b695978ac189f00f61c0737e6dbb638d42dea43a867ef4c01d9507d0ee1fb2f\n set hashes(f5-cloud-libs-openstack.tar.gz) 5c83fe6a93a6fceb5a2e8437b5ed8cc9faf4c1621bfc9e6a0779f6c2137b45eab8ae0e7ed745c8cf821b9371245ca29749ca0b7e5663949d77496b8728f4b0f9\n set hashes(f5-cloud-libs-consul.tar.gz) 2c6face582064600553f442a67a58bc7c19533923fac72a88edef0a90a845a5b9c45b5ba340184292a27a3319d8b8118364d16ea17f6225d31f7c2e997be9775\n set hashes(asm-policy-linux.tar.gz) 63b5c2a51ca09c43bd89af3773bbab87c71a6e7f6ad9410b229b4e0a1c483d46f1a9fff39d9944041b02ee9260724027414de592e99f4c2475415323e18a72e0\n set hashes(f5.http.v1.2.0rc4.tmpl) 47c19a83ebfc7bd1e9e9c35f3424945ef8694aa437eedd17b6a387788d4db1396fefe445199b497064d76967b0d50238154190ca0bd73941298fc257df4dc034\n set hashes(f5.http.v1.2.0rc6.tmpl) 811b14bffaab5ed0365f0106bb5ce5e4ec22385655ea3ac04de2a39bd9944f51e3714619dae7ca43662c956b5212228858f0592672a2579d4a87769186e2cbfe\n set hashes(f5.http.v1.2.0rc7.tmpl) 21f413342e9a7a281a0f0e1301e745aa86af21a697d2e6fdc21dd279734936631e92f34bf1c2d2504c201f56ccd75c5c13baa2fe7653213689ec3c9e27dff77d\n set hashes(f5.aws_advanced_ha.v1.3.0rc1.tmpl) 9e55149c010c1d395abdae3c3d2cb83ec13d31ed39424695e88680cf3ed5a013d626b326711d3d40ef2df46b72d414b4cb8e4f445ea0738dcbd25c4c843ac39d\n set hashes(f5.aws_advanced_ha.v1.4.0rc1.tmpl) de068455257412a949f1eadccaee8506347e04fd69bfb645001b76f200127668e4a06be2bbb94e10fefc215cfc3665b07945e6d733cbe1a4fa1b88e881590396\n set hashes(f5.aws_advanced_ha.v1.4.0rc2.tmpl) 6ab0bffc426df7d31913f9a474b1a07860435e366b07d77b32064acfb2952c1f207beaed77013a15e44d80d74f3253e7cf9fbbe12a90ec7128de6facd097d68f\n set hashes(f5.aws_advanced_ha.v1.4.0rc3.tmpl) 2f2339b4bc3a23c9cfd42aae2a6de39ba0658366f25985de2ea53410a745f0f18eedc491b20f4a8dba8db48970096e2efdca7b8efffa1a83a78e5aadf218b134\n set hashes(f5.aws_advanced_ha.v1.4.0rc4.tmpl) 2418ac8b1f1884c5c096cbac6a94d4059aaaf05927a6a4508fd1f25b8cc6077498839fbdda8176d2cf2d274a27e6a1dae2a1e3a0a9991bc65fc74fc0d02ce963\n set hashes(asm-policy.tar.gz) 2d39ec60d006d05d8a1567a1d8aae722419e8b062ad77d6d9a31652971e5e67bc4043d81671ba2a8b12dd229ea46d205144f75374ed4cae58cefa8f9ab6533e6\n set hashes(deploy_waf.sh) 1a3a3c6274ab08a7dc2cb73aedc8d2b2a23cd9e0eb06a2e1534b3632f250f1d897056f219d5b35d3eed1207026e89989f754840fd92969c515ae4d829214fb74\n set hashes(f5.policy_creator.tmpl) 06539e08d115efafe55aa507ecb4e443e83bdb1f5825a9514954ef6ca56d240ed00c7b5d67bd8f67b815ee9dd46451984701d058c89dae2434c89715d375a620\n set hashes(f5.service_discovery.tmpl) 4811a95372d1dbdbb4f62f8bcc48d4bc919fa492cda012c81e3a2fe63d7966cc36ba8677ed049a814a930473234f300d3f8bced2b0db63176d52ac99640ce81b\n set hashes(f5.cloud_logger.v1.0.0.tmpl) 64a0ed3b5e32a037ba4e71d460385fe8b5e1aecc27dc0e8514b511863952e419a89f4a2a43326abb543bba9bc34376afa114ceda950d2c3bd08dab735ff5ad20\n set hashes(f5-appsvcs-3.5.1-5.noarch.rpm) ba71c6e1c52d0c7077cdb25a58709b8fb7c37b34418a8338bbf67668339676d208c1a4fef4e5470c152aac84020b4ccb8074ce387de24be339711256c0fa78c8\n\n set file_path [lindex $tmsh::argv 1]\n set file_name [file tail $file_path]\n\n if {![info exists hashes($file_name)]} {\n tmsh::log err \"No hash found for $file_name\"\n exit 1\n }\n\n set expected_hash $hashes($file_name)\n set computed_hash [lindex [exec /usr/bin/openssl dgst -r -sha512 $file_path] 0]\n if { $expected_hash eq $computed_hash } {\n exit 0\n }\n tmsh::log err \"Hash does not match for $file_path\"\n exit 1\n }]} {\n tmsh::log err {Unexpected error in verifyHash}\n exit 1\n }\n }\n script-signature Nbpb2UCK1Rcn2WrsZvPhOlXQ7N6CMLcFtjCm+VnfPVYiAONJvsqEOAv8ohgg7yiTV95sL7uwNUwAfxBwzJ1oSXSHBz4/VSMEopvH0+GmdrvHzHFmWT9VOJYm+OMzd/xngMfFZesFrtWcJ9BwhnBcmqVfEv1ueGOPYbXvbz2NuyT8CTNqy4MizzWYhouYqTX8OeTk1ts+nCd+D6fm31xKhUgChx1bw5H6VnuTntbe2kWw5R+KW+Jk2J45EEk4/5rrzYqH9uJhVNegPEPf0QckniILC5WBUPtvOqKoAHxpLgJntnEVzMDnWQdqYoOvtgAKHzYFDFlWZrcsGq7/ywE4vQ==\n signing-key /Common/f5-irule\n}",
"group": "root",
"mode": "000755",
"owner": "root"
},
"/config/waitThenRun.sh": {
"content": {
"Fn::Join": [
"\n",
[
"#!/bin/bash",
"while true; do echo \"waiting for cloud libs install to complete\"",
" if [ -f /config/cloud/cloudLibsReady ]; then",
" break",
" else",
" sleep 10",
" fi",
"done",
"\"$@\""
]
]
},
"group": "root",
"mode": "000755",
"owner": "root"
}
}
}
}
},
"Properties": {
"BlockDeviceMappings": [
{
"DeviceName": "/dev/xvda",
"Ebs": {
"DeleteOnTermination": "true",
"VolumeType": "gp2"
}
},
{
"DeviceName": "/dev/xvdb",
"NoDevice": {}
}
],
"IamInstanceProfile": {
"Ref": "bigipServiceDiscoveryProfile"
},
"ImageId": {
"Fn::If": [
"noCustomImageId",
{
"Fn::FindInMap": [
"BigipRegionMap",
{
"Ref": "AWS::Region"
},
{
"Ref": "imageName"
}
]
},
{
"Ref": "customImageId"
}
]
},
"InstanceType": {
"Ref": "instanceType"
},
"KeyName": {
"Ref": "sshKey"
},
"NetworkInterfaces": [
{
"Description": "Management Interface",
"DeviceIndex": "0",
"NetworkInterfaceId": {
"Ref": "Bigip1ManagementInterface"
}
},
{
"Description": "Public or External Interface",
"DeviceIndex": "1",
"NetworkInterfaceId": {
"Ref": "Bigip1subnet1Az1Interface"
}
}
],
"Tags": [
{
"Key": "Application",
"Value": {
"Ref": "application"
}
},
{
"Key": "Costcenter",
"Value": {
"Ref": "costcenter"
}
},
{
"Key": "Environment",
"Value": {
"Ref": "environment"
}
},
{
"Key": "Group",
"Value": {
"Ref": "group"
}
},
{
"Key": "Name",
"Value": {
"Fn::Join": [
"",
[
"Big-IP1: ",
{
"Ref": "AWS::StackName"
}
]
]
}
},
{
"Key": "Owner",
"Value": {
"Ref": "owner"
}
}
],
"UserData": {
"Fn::Base64": {
"Fn::Join": [
"",
[
"#!/bin/bash\n",
"/opt/aws/apitools/cfn-init-1.4-0.amzn1/bin/cfn-init -v -s ",
{
"Ref": "AWS::StackId"
},
" -r ",
"Bigip1Instance",
" --region ",
{
"Ref": "AWS::Region"
},
"\n"
]
]
}
}
},
"Type": "AWS::EC2::Instance"
},
"Bigip1ManagementEipAddress": {
"Properties": {
"Domain": "vpc"
},
"Type": "AWS::EC2::EIP"
},
"Bigip1ManagementEipAssociation": {
"Properties": {
"AllocationId": {
"Fn::GetAtt": [
"Bigip1ManagementEipAddress",
"AllocationId"
]
},
"NetworkInterfaceId": {
"Ref": "Bigip1ManagementInterface"
}
},
"Type": "AWS::EC2::EIPAssociation"
},
"Bigip1ManagementInterface": {
"Properties": {
"Description": "Management Interface for the BIG-IP",
"GroupSet": [
{
"Ref": "bigipManagementSecurityGroup"
}
],
"SubnetId": {
"Ref": "managementSubnetAz1"
}
},
"Type": "AWS::EC2::NetworkInterface"
},
"Bigip1VipEipAddress": {
"Properties": {
"Domain": "vpc"
},
"Type": "AWS::EC2::EIP"
},
"Bigip1VipEipAssociation": {
"Properties": {
"AllocationId": {
"Fn::GetAtt": [
"Bigip1VipEipAddress",
"AllocationId"
]
},
"NetworkInterfaceId": {
"Ref": "Bigip1subnet1Az1Interface"
},
"PrivateIpAddress": {
"Fn::Select": [
"0",
{
"Fn::GetAtt": [
"Bigip1subnet1Az1Interface",
"SecondaryPrivateIpAddresses"
]
}
]
}
},
"Type": "AWS::EC2::EIPAssociation"
},
"Bigip1subnet1Az1Interface": {
"Properties": {
"Description": "Public External Interface for the BIG-IP",
"GroupSet": [
{
"Ref": "bigipExternalSecurityGroup"
}
],
"SecondaryPrivateIpAddressCount": "1",
"SubnetId": {
"Ref": "subnet1Az1"
}
},
"Type": "AWS::EC2::NetworkInterface"
},
"Bigip1subnet1Az1SelfEipAddress": {
"Properties": {
"Domain": "vpc"
},
"Type": "AWS::EC2::EIP"
},
"Bigip1subnet1Az1SelfEipAssociation": {
"Properties": {
"AllocationId": {
"Fn::GetAtt": [
"Bigip1subnet1Az1SelfEipAddress",
"AllocationId"
]
},
"NetworkInterfaceId": {
"Ref": "Bigip1subnet1Az1Interface"
},
"PrivateIpAddress": {
"Fn::GetAtt": [
"Bigip1subnet1Az1Interface",
"PrimaryPrivateIpAddress"
]
}
},
"Type": "AWS::EC2::EIPAssociation"
},
"Bigip2Instance": {
"DependsOn": "Bigip1Instance",
"Metadata": {
"AWS::CloudFormation::Init": {
"config": {
"commands": {
"000-disable-1nicautoconfig": {
"command": "/usr/bin/setdb provision.1nicautoconfig disable"
},
"010-install-libs": {
"command": {
"Fn::Join": [
" ",
[
"mkdir -p /var/log/cloud/aws;",
"nohup /config/installCloudLibs.sh",
"&>> /var/log/cloud/aws/install.log < /dev/null &"
]
]
}
},
"020-generate-password": {
"command": {
"Fn::Join": [
"",
[
"nohup /config/waitThenRun.sh",
" f5-rest-node /config/cloud/aws/node_modules/@f5devcentral/f5-cloud-libs/scripts/runScript.js",
" --signal PASSWORD_CREATED",
" --file f5-rest-node",
" --cl-args '/config/cloud/aws/node_modules/@f5devcentral/f5-cloud-libs/scripts/generatePassword --file /config/cloud/aws/.adminPassword --encrypt'",
" --log-level silly",
" -o /var/log/cloud/aws/generatePassword.log",
" &>> /var/log/cloud/aws/install.log < /dev/null",
" &"
]
]
}
},
"030-create-admin-user": {
"command": {
"Fn::Join": [
"",
[
"nohup /config/waitThenRun.sh",
" f5-rest-node /config/cloud/aws/node_modules/@f5devcentral/f5-cloud-libs/scripts/runScript.js",
" --wait-for PASSWORD_CREATED",
" --signal ADMIN_CREATED",
" --file /config/cloud/aws/node_modules/@f5devcentral/f5-cloud-libs/scripts/createUser.sh",
" --cl-args '--user admin",
" --password-file /config/cloud/aws/.adminPassword",
" --password-encrypted",
"'",
" --log-level silly",
" -o /var/log/cloud/aws/createUser.log",
" &>> /var/log/cloud/aws/install.log < /dev/null",
" &"
]
]
}
},
"040-network-config": {
"command": {
"Fn::Join": [
"",
[
"GATEWAY_MAC=`ifconfig eth1 | egrep HWaddr | awk '{print tolower($5)}'`; ",
"GATEWAY_CIDR_BLOCK=`curl -s -f --retry 20 http://169.254.169.254/latest/meta-data/network/interfaces/macs/${GATEWAY_MAC}/subnet-ipv4-cidr-block`; ",
"GATEWAY_NET=${GATEWAY_CIDR_BLOCK%/*}; ",
"GATEWAY_PREFIX=${GATEWAY_CIDR_BLOCK#*/}; ",
"GATEWAY=`echo ${GATEWAY_NET} | awk -F. '{ print $1\".\"$2\".\"$3\".\"$4+1 }'`; ",
"nohup /config/waitThenRun.sh ",
"f5-rest-node /config/cloud/aws/node_modules/@f5devcentral/f5-cloud-libs/scripts/network.js ",
"--host localhost ",
"--user admin ",
"--password-url file:///config/cloud/aws/.adminPassword ",
"--password-encrypted ",
"-o /var/log/cloud/aws/network.log ",
"--log-level silly ",
"--wait-for ADMIN_CREATED ",
"--signal NETWORK_CONFIG_DONE ",
"--vlan name:external,nic:1.1 ",
"--default-gw ${GATEWAY} ",
"--self-ip 'name:external-self,address:",
{
"Fn::GetAtt": [
"Bigip2subnet1Az1Interface",
"PrimaryPrivateIpAddress"
]
},
"/'${GATEWAY_PREFIX}',vlan:external,allow:tcp:4353 udp:1026' ",
"&>> /var/log/cloud/aws/install.log < /dev/null &"
]
]
}
},
"050-onboard-BIG-IP": {
"command": {
"Fn::If": [
"optin",
{
"Fn::Join": [
" ",
[
"REGION=\"",
{
"Ref": "AWS::Region"
},
"\";",
"DEPLOYMENTID=`echo \"",
{
"Ref": "AWS::StackId"
},
"\"|sha512sum|cut -d \" \" -f 1`;",
"CUSTOMERID=`echo \"",
{
"Ref": "AWS::AccountId"
},
"\"|sha512sum|cut -d \" \" -f 1`;",
"NAME_SERVER=`/config/cloud/aws/getNameServer.sh eth1`;",
"nohup /config/waitThenRun.sh",
"f5-rest-node /config/cloud/aws/node_modules/@f5devcentral/f5-cloud-libs/scripts/onboard.js",
"--install-ilx-package file:///config/cloud/f5-appsvcs-3.5.1-5.noarch.rpm",
"--wait-for NETWORK_CONFIG_DONE",
"--signal ONBOARD_DONE",
"-o /var/log/cloud/aws/onboard.log",
"--log-level silly",
"--no-reboot",
"--host localhost",
"--user admin",
"--password-url file:///config/cloud/aws/.adminPassword",
"--password-encrypted",
"--hostname `curl -s -f --retry 20 http://169.254.169.254/latest/meta-data/hostname`",
"--ntp ",
{
"Ref": "ntpServer"
},
"--tz ",
{
"Ref": "timezone"
},
"--dns ${NAME_SERVER}",
"--module ltm:nominal",
"--metrics \"cloudName:aws,region:${REGION},bigipVersion:13.1.1-0.0.4,customerId:${CUSTOMERID},deploymentId:${DEPLOYMENTID},templateName:f5-existing-stack-same-az-cluster-payg-2nic-bigip.template,templateVersion:4.1.4,licenseType:hourly\"",
"--ping",
"&>> /var/log/cloud/aws/install.log < /dev/null &"
]
]
},
{
"Fn::Join": [
" ",
[
"NAME_SERVER=`/config/cloud/aws/getNameServer.sh eth1`;",
"nohup /config/waitThenRun.sh",
"f5-rest-node /config/cloud/aws/node_modules/@f5devcentral/f5-cloud-libs/scripts/onboard.js",
"--install-ilx-package file:///config/cloud/f5-appsvcs-3.5.1-5.noarch.rpm",
"--wait-for NETWORK_CONFIG_DONE",
"--signal ONBOARD_DONE",
"-o /var/log/cloud/aws/onboard.log",
"--log-level silly",
"--no-reboot",
"--host localhost",
"--user admin",
"--password-url file:///config/cloud/aws/.adminPassword",
"--password-encrypted",
"--hostname `curl -s -f --retry 20 http://169.254.169.254/latest/meta-data/hostname`",
"--ntp ",
{
"Ref": "ntpServer"
},
"--tz ",
{
"Ref": "timezone"
},
"--dns ${NAME_SERVER}",
"--module ltm:nominal",
"--ping",
"&>> /var/log/cloud/aws/install.log < /dev/null &"
]
]
}
]
}
},
"060-custom-config": {
"command": {
"Fn::Join": [
" ",
[
"nohup /config/waitThenRun.sh",
"f5-rest-node /config/cloud/aws/node_modules/@f5devcentral/f5-cloud-libs/scripts/runScript.js",
"--file /config/cloud/aws/custom-config.sh",
"--cwd /config/cloud/aws",
"-o /var/log/cloud/aws/custom-config.log",
"--log-level silly",
"--wait-for ONBOARD_DONE",
"--signal CUSTOM_CONFIG_DONE",
"&>> /var/log/cloud/aws/install.log < /dev/null &"
]
]
}
},
"065-cluster": {
"command": {
"Fn::Join": [
" ",
[
"nohup /config/waitThenRun.sh",
"f5-rest-node /config/cloud/aws/node_modules/@f5devcentral/f5-cloud-libs/scripts/cluster.js",
"--wait-for CUSTOM_CONFIG_DONE",
"--signal CLUSTER_DONE",
"-o /var/log/cloud/aws/cluster.log",
"--log-level silly",
"--host localhost",
"--user admin",
"--password-url file:///config/cloud/aws/.adminPassword",
"--password-encrypted",
"--cloud aws",
"--provider-options 's3Bucket:",
{
"Ref": "S3Bucket"
},
"'",
"--config-sync-ip",
{
"Fn::GetAtt": [
"Bigip2subnet1Az1Interface",
"PrimaryPrivateIpAddress"
]
},
"--join-group",
"--device-group across_az_failover_group",
"--remote-host ",
{
"Fn::GetAtt": [
"Bigip1ManagementInterface",
"PrimaryPrivateIpAddress"
]
},
"&>> /var/log/cloud/aws/install.log < /dev/null &"
]
]
}
},
"070-rm-password": {
"command": {
"Fn::Join": [
" ",
[
"nohup /config/waitThenRun.sh",
"f5-rest-node /config/cloud/aws/node_modules/@f5devcentral/f5-cloud-libs/scripts/runScript.js",
"--file /config/cloud/aws/rm-password.sh",
"-o /var/log/cloud/aws/rm-password.log",
"--log-level silly",
"--wait-for CLUSTER_DONE",
"--signal PASSWORD_REMOVED",
"&>> /var/log/cloud/aws/install.log < /dev/null &"
]
]
}
}
},
"files": {
"/config/cloud/aws/custom-config.sh": {
"content": {
"Fn::Join": [
"",
[
"#!/bin/bash\n",
"EXTIP='",
{
"Fn::GetAtt": [
"Bigip2subnet1Az1Interface",
"PrimaryPrivateIpAddress"
]
},
"'\n",
"EXTPRIVIP='",
{
"Fn::Select": [
"0",
{
"Fn::GetAtt": [
"Bigip2subnet1Az1Interface",
"SecondaryPrivateIpAddresses"
]
}
]
},
"'\n",
"HOSTNAME=`curl -s -f --retry 20 http://169.254.169.254/latest/meta-data/hostname`\n",
"PROGNAME=$(basename $0)\n",
"function error_exit {\n",
"echo \"${PROGNAME}: ${1:-\\\"Unknown Error\\\"}\" 1>&2\n",
"exit 1\n",
"}\n",
"declare -a tmsh=()\n",
"echo 'starting custom-config.sh'\n",
"tmsh+=(\n",
"\"tmsh modify sys db dhclient.mgmt { value disable }\"\n",
"\"tmsh modify cm device ${HOSTNAME} unicast-address { { effective-ip ${EXTIP} effective-port 1026 ip ${EXTIP} } }\"\n",
"\"tmsh save /sys config\")\n",
"for CMD in \"${tmsh[@]}\"\n",
"do\n",
" \"/config/cloud/aws/node_modules/@f5devcentral/f5-cloud-libs/scripts/waitForMcp.sh\"\n",
" if $CMD;then\n",
" echo \"command $CMD successfully executed.\"\n",
" else\n",
" error_exit \"$LINENO: An error has occurred while executing $CMD. Aborting!\"\n",
" fi\n",
"done\n",
"date\n"
]
]
},
"group": "root",
"mode": "000755",
"owner": "root"
},
"/config/cloud/aws/f5.cloud_logger.v1.0.0.tmpl": {
"group": "root",
"mode": "000755",
"owner": "root",
"source": "https://raw.githubusercontent.com/F5Networks/f5-cloud-iapps/v2.3.2/f5-cloud-logger/f5.cloud_logger.v1.0.0.tmpl"
},
"/config/cloud/aws/f5.service_discovery.tmpl": {
"group": "root",
"mode": "000755",
"owner": "root",
"source": "https://raw.githubusercontent.com/F5Networks/f5-cloud-iapps/v2.3.2/f5-service-discovery/f5.service_discovery.tmpl"
},
"/config/cloud/aws/getNameServer.sh": {
"content": {
"Fn::Join": [
"\n",
[
"INTERFACE=$1",
"INTERFACE_MAC=`ifconfig ${INTERFACE} | egrep HWaddr | awk '{print tolower($5)}'`",
"VPC_CIDR_BLOCK=`curl -s -f --retry 20 http://169.254.169.254/latest/meta-data/network/interfaces/macs/${INTERFACE_MAC}/vpc-ipv4-cidr-block`",
"VPC_NET=${VPC_CIDR_BLOCK%/*}",
"NAME_SERVER=`echo ${VPC_NET} | awk -F. '{ printf \"%d.%d.%d.%d\", $1, $2, $3, $4+2 }'`",
"echo $NAME_SERVER"
]
]
},
"group": "root",
"mode": "000755",
"owner": "root"
},
"/config/cloud/aws/onboard_config_vars": {
"content": {
"Fn::Join": [
"",
[
"",
"#!/bin/bash\n",
"# Generated from 4.1.4\n",
"hostname=`curl http://169.254.169.254/latest/meta-data/hostname`\n",
"region='",
{
"Ref": "AWS::Region"
},
"'\n",
"adminUsername='admin'\n",
"managementGuiPort='443'\n",
"timezone='",
{
"Ref": "timezone"
},
"'\n",
"ntpServer='",
{
"Ref": "ntpServer"
},
"'\n",
"declarationUrl='",
{
"Ref": "declarationUrl"
},
"'\n",
"passwd=$(f5-rest-node /config/cloud/aws/node_modules/@f5devcentral/f5-cloud-libs/scripts/decryptDataFromFile.js --data-file /config/cloud/aws/.adminPassword)\n"
]
]
},
"group": "root",
"mode": "000755",
"owner": "root"
},
"/config/cloud/aws/rm-password.sh": {
"content": {
"Fn::Join": [
"",
[
"#!/bin/bash\n",
"PROGNAME=$(basename $0)\n",
"function error_exit {\n",
"echo \"${PROGNAME}: ${1:-\"Unknown Error\"}\" 1>&2\n",
"exit 1\n",
"}\n",
"date\n",
"echo 'starting rm-password.sh'\n",
"declare -a tmsh=()\n",
"tmsh+=(\"rm /config/cloud/aws/.adminPassword\")\n",
"for CMD in \"${tmsh[@]}\"\n",
"do\n",
" if $CMD;then\n",
" echo \"command $CMD successfully executed.\"\n",
" else\n",
" error_exit \"$LINENO: An error has occurred while executing $CMD. Aborting!\"\n",
" fi\n",
"done\n",
"date\n"
]
]
},
"group": "root",
"mode": "000755",
"owner": "root"
},
"/config/cloud/f5-appsvcs-3.5.1-5.noarch.rpm": {
"group": "root",
"mode": "000755",
"owner": "root",
"source": "https://raw.githubusercontent.com/F5Networks/f5-appsvcs-extension/v3.6.0/dist/lts/f5-appsvcs-3.5.1-5.noarch.rpm"
},
"/config/cloud/f5-cloud-libs-aws.tar.gz": {
"group": "root",
"mode": "000755",
"owner": "root",
"source": "https://raw.githubusercontent.com/F5Networks/f5-cloud-libs-aws/v2.4.0/dist/f5-cloud-libs-aws.tar.gz"
},
"/config/cloud/f5-cloud-libs.tar.gz": {
"group": "root",
"mode": "000755",
"owner": "root",
"source": "https://raw.githubusercontent.com/F5Networks/f5-cloud-libs/v4.8.1/dist/f5-cloud-libs.tar.gz"
},
"/config/installCloudLibs.sh": {
"content": {
"Fn::Join": [
"\n",
[
"#!/bin/bash",
"echo about to execute",
"checks=0",
"while [ $checks -lt 120 ]; do echo checking mcpd",
" tmsh -a show sys mcp-state field-fmt | grep -q running",
" if [ $? == 0 ]; then",
" echo mcpd ready",
" break",
" fi",
" echo mcpd not ready yet",
" let checks=checks+1",
" sleep 10",
"done",
"echo loading verifyHash script",
"if ! tmsh load sys config merge file /config/verifyHash; then",
" echo cannot validate signature of /config/verifyHash",
" exit",
"fi",
"echo loaded verifyHash",
"declare -a filesToVerify=(\"/config/cloud/f5-cloud-libs.tar.gz\" \"/config/cloud/f5-cloud-libs-aws.tar.gz\" \"/config/cloud/f5-appsvcs-3.5.1-5.noarch.rpm\" \"/config/cloud/aws/f5.service_discovery.tmpl\" \"/config/cloud/aws/f5.cloud_logger.v1.0.0.tmpl\")",
"for fileToVerify in \"${filesToVerify[@]}\"",
"do",
" echo verifying \"$fileToVerify\"",
" if ! tmsh run cli script verifyHash \"$fileToVerify\"; then",
" echo \"$fileToVerify\" is not valid",
" exit 1",
" fi",
" echo verified \"$fileToVerify\"",
"done",
"mkdir -p /config/cloud/aws/node_modules/@f5devcentral",
"echo expanding f5-cloud-libs.tar.gz",
"tar xvfz /config/cloud/f5-cloud-libs.tar.gz -C /config/cloud/aws/node_modules/@f5devcentral",
"echo installing dependencies",
"tar xvfz /config/cloud/f5-cloud-libs-aws.tar.gz -C /config/cloud/aws/node_modules/@f5devcentral",
"echo cloud libs install complete",
"touch /config/cloud/cloudLibsReady"
]
]
},
"group": "root",
"mode": "000755",
"owner": "root"
},
"/config/verifyHash": {
"content": "cli script /Common/verifyHash {\nproc script::run {} {\n if {[catch {\n set hashes(f5-cloud-libs.tar.gz) 18f1d7db0fe52eceb72aa2f2b56152926c126d153f0f65953441fea79a756c3c5ff847da2ed7b70c153da5490ffd54e3f93eaab33e8d6df46619a525b26e3505\n set hashes(f5-cloud-libs-aws.tar.gz) 076c969cbfff12efacce0879820262b7787c98645f1105667cc4927d4acfe2466ed64c777b6d35957f6df7ae266937dde42fef4c8b1f870020a366f7f910ffb5\n set hashes(f5-cloud-libs-azure.tar.gz) 57fae388e8aa028d24a2d3fa2c029776925011a72edb320da47ccd4fb8dc762321c371312f692b7b8f1c84e8261c280f6887ba2e0f841b50547e6e6abc8043ba\n set hashes(f5-cloud-libs-gce.tar.gz) 1677835e69967fd9882ead03cbdd24b426627133b8db9e41f6de5a26fef99c2d7b695978ac189f00f61c0737e6dbb638d42dea43a867ef4c01d9507d0ee1fb2f\n set hashes(f5-cloud-libs-openstack.tar.gz) 5c83fe6a93a6fceb5a2e8437b5ed8cc9faf4c1621bfc9e6a0779f6c2137b45eab8ae0e7ed745c8cf821b9371245ca29749ca0b7e5663949d77496b8728f4b0f9\n set hashes(f5-cloud-libs-consul.tar.gz) 2c6face582064600553f442a67a58bc7c19533923fac72a88edef0a90a845a5b9c45b5ba340184292a27a3319d8b8118364d16ea17f6225d31f7c2e997be9775\n set hashes(asm-policy-linux.tar.gz) 63b5c2a51ca09c43bd89af3773bbab87c71a6e7f6ad9410b229b4e0a1c483d46f1a9fff39d9944041b02ee9260724027414de592e99f4c2475415323e18a72e0\n set hashes(f5.http.v1.2.0rc4.tmpl) 47c19a83ebfc7bd1e9e9c35f3424945ef8694aa437eedd17b6a387788d4db1396fefe445199b497064d76967b0d50238154190ca0bd73941298fc257df4dc034\n set hashes(f5.http.v1.2.0rc6.tmpl) 811b14bffaab5ed0365f0106bb5ce5e4ec22385655ea3ac04de2a39bd9944f51e3714619dae7ca43662c956b5212228858f0592672a2579d4a87769186e2cbfe\n set hashes(f5.http.v1.2.0rc7.tmpl) 21f413342e9a7a281a0f0e1301e745aa86af21a697d2e6fdc21dd279734936631e92f34bf1c2d2504c201f56ccd75c5c13baa2fe7653213689ec3c9e27dff77d\n set hashes(f5.aws_advanced_ha.v1.3.0rc1.tmpl) 9e55149c010c1d395abdae3c3d2cb83ec13d31ed39424695e88680cf3ed5a013d626b326711d3d40ef2df46b72d414b4cb8e4f445ea0738dcbd25c4c843ac39d\n set hashes(f5.aws_advanced_ha.v1.4.0rc1.tmpl) de068455257412a949f1eadccaee8506347e04fd69bfb645001b76f200127668e4a06be2bbb94e10fefc215cfc3665b07945e6d733cbe1a4fa1b88e881590396\n set hashes(f5.aws_advanced_ha.v1.4.0rc2.tmpl) 6ab0bffc426df7d31913f9a474b1a07860435e366b07d77b32064acfb2952c1f207beaed77013a15e44d80d74f3253e7cf9fbbe12a90ec7128de6facd097d68f\n set hashes(f5.aws_advanced_ha.v1.4.0rc3.tmpl) 2f2339b4bc3a23c9cfd42aae2a6de39ba0658366f25985de2ea53410a745f0f18eedc491b20f4a8dba8db48970096e2efdca7b8efffa1a83a78e5aadf218b134\n set hashes(f5.aws_advanced_ha.v1.4.0rc4.tmpl) 2418ac8b1f1884c5c096cbac6a94d4059aaaf05927a6a4508fd1f25b8cc6077498839fbdda8176d2cf2d274a27e6a1dae2a1e3a0a9991bc65fc74fc0d02ce963\n set hashes(asm-policy.tar.gz) 2d39ec60d006d05d8a1567a1d8aae722419e8b062ad77d6d9a31652971e5e67bc4043d81671ba2a8b12dd229ea46d205144f75374ed4cae58cefa8f9ab6533e6\n set hashes(deploy_waf.sh) 1a3a3c6274ab08a7dc2cb73aedc8d2b2a23cd9e0eb06a2e1534b3632f250f1d897056f219d5b35d3eed1207026e89989f754840fd92969c515ae4d829214fb74\n set hashes(f5.policy_creator.tmpl) 06539e08d115efafe55aa507ecb4e443e83bdb1f5825a9514954ef6ca56d240ed00c7b5d67bd8f67b815ee9dd46451984701d058c89dae2434c89715d375a620\n set hashes(f5.service_discovery.tmpl) 4811a95372d1dbdbb4f62f8bcc48d4bc919fa492cda012c81e3a2fe63d7966cc36ba8677ed049a814a930473234f300d3f8bced2b0db63176d52ac99640ce81b\n set hashes(f5.cloud_logger.v1.0.0.tmpl) 64a0ed3b5e32a037ba4e71d460385fe8b5e1aecc27dc0e8514b511863952e419a89f4a2a43326abb543bba9bc34376afa114ceda950d2c3bd08dab735ff5ad20\n set hashes(f5-appsvcs-3.5.1-5.noarch.rpm) ba71c6e1c52d0c7077cdb25a58709b8fb7c37b34418a8338bbf67668339676d208c1a4fef4e5470c152aac84020b4ccb8074ce387de24be339711256c0fa78c8\n\n set file_path [lindex $tmsh::argv 1]\n set file_name [file tail $file_path]\n\n if {![info exists hashes($file_name)]} {\n tmsh::log err \"No hash found for $file_name\"\n exit 1\n }\n\n set expected_hash $hashes($file_name)\n set computed_hash [lindex [exec /usr/bin/openssl dgst -r -sha512 $file_path] 0]\n if { $expected_hash eq $computed_hash } {\n exit 0\n }\n tmsh::log err \"Hash does not match for $file_path\"\n exit 1\n }]} {\n tmsh::log err {Unexpected error in verifyHash}\n exit 1\n }\n }\n script-signature Nbpb2UCK1Rcn2WrsZvPhOlXQ7N6CMLcFtjCm+VnfPVYiAONJvsqEOAv8ohgg7yiTV95sL7uwNUwAfxBwzJ1oSXSHBz4/VSMEopvH0+GmdrvHzHFmWT9VOJYm+OMzd/xngMfFZesFrtWcJ9BwhnBcmqVfEv1ueGOPYbXvbz2NuyT8CTNqy4MizzWYhouYqTX8OeTk1ts+nCd+D6fm31xKhUgChx1bw5H6VnuTntbe2kWw5R+KW+Jk2J45EEk4/5rrzYqH9uJhVNegPEPf0QckniILC5WBUPtvOqKoAHxpLgJntnEVzMDnWQdqYoOvtgAKHzYFDFlWZrcsGq7/ywE4vQ==\n signing-key /Common/f5-irule\n}",
"group": "root",
"mode": "000755",
"owner": "root"
},
"/config/waitThenRun.sh": {
"content": {
"Fn::Join": [
"\n",
[
"#!/bin/bash",
"while true; do echo \"waiting for cloud libs install to complete\"",
" if [ -f /config/cloud/cloudLibsReady ]; then",
" break",
" else",
" sleep 10",
" fi",
"done",
"\"$@\""
]
]
},
"group": "root",
"mode": "000755",
"owner": "root"
}
}
}
}
},
"Properties": {
"BlockDeviceMappings": [
{
"DeviceName": "/dev/xvda",
"Ebs": {
"DeleteOnTermination": "true",
"VolumeType": "gp2"
}
},
{
"DeviceName": "/dev/xvdb",
"NoDevice": {}
}
],
"IamInstanceProfile": {
"Ref": "bigipServiceDiscoveryProfile"
},
"ImageId": {
"Fn::If": [
"noCustomImageId",
{
"Fn::FindInMap": [
"BigipRegionMap",
{
"Ref": "AWS::Region"
},
{
"Ref": "imageName"
}
]
},
{
"Ref": "customImageId"
}
]
},
"InstanceType": {
"Ref": "instanceType"
},
"KeyName": {
"Ref": "sshKey"
},
"NetworkInterfaces": [
{
"Description": "Management Interface",
"DeviceIndex": "0",
"NetworkInterfaceId": {
"Ref": "Bigip2ManagementInterface"
}
},
{
"Description": "Public or External Interface",
"DeviceIndex": "1",
"NetworkInterfaceId": {
"Ref": "Bigip2subnet1Az1Interface"
}
}
],
"Tags": [
{
"Key": "Application",
"Value": {
"Ref": "application"
}
},
{
"Key": "Costcenter",
"Value": {
"Ref": "costcenter"
}
},
{
"Key": "Environment",
"Value": {
"Ref": "environment"
}
},
{
"Key": "Group",
"Value": {
"Ref": "group"
}
},
{
"Key": "Name",
"Value": {
"Fn::Join": [
"",
[
"Big-IP2: ",
{
"Ref": "AWS::StackName"
}
]
]
}
},
{
"Key": "Owner",
"Value": {
"Ref": "owner"
}
}
],
"UserData": {
"Fn::Base64": {
"Fn::Join": [
"",
[
"#!/bin/bash\n",
"/opt/aws/apitools/cfn-init-1.4-0.amzn1/bin/cfn-init -v -s ",
{
"Ref": "AWS::StackId"
},
" -r ",
"Bigip2Instance",
" --region ",
{
"Ref": "AWS::Region"
},
"\n"
]
]
}
}
},
"Type": "AWS::EC2::Instance"
},
"Bigip2ManagementEipAddress": {
"Properties": {
"Domain": "vpc"
},
"Type": "AWS::EC2::EIP"
},
"Bigip2ManagementEipAssociation": {
"Properties": {
"AllocationId": {
"Fn::GetAtt": [
"Bigip2ManagementEipAddress",
"AllocationId"
]
},
"NetworkInterfaceId": {
"Ref": "Bigip2ManagementInterface"
}
},
"Type": "AWS::EC2::EIPAssociation"
},
"Bigip2ManagementInterface": {
"Properties": {
"Description": "Management Interface for the BIG-IP",
"GroupSet": [
{
"Ref": "bigipManagementSecurityGroup"
}
],
"SubnetId": {
"Ref": "managementSubnetAz1"
}
},
"Type": "AWS::EC2::NetworkInterface"
},
"Bigip2subnet1Az1Interface": {
"Properties": {
"Description": "Public External Interface for the BIG-IP",
"GroupSet": [
{
"Ref": "bigipExternalSecurityGroup"
}
],
"SecondaryPrivateIpAddressCount": "1",
"SubnetId": {
"Ref": "subnet1Az1"
}
},
"Type": "AWS::EC2::NetworkInterface"
},
"Bigip2subnet1Az1SelfEipAddress": {
"Properties": {
"Domain": "vpc"
},
"Type": "AWS::EC2::EIP"
},
"Bigip2subnet1Az1SelfEipAssociation": {
"Properties": {
"AllocationId": {
"Fn::GetAtt": [
"Bigip2subnet1Az1SelfEipAddress",
"AllocationId"
]
},
"NetworkInterfaceId": {
"Ref": "Bigip2subnet1Az1Interface"
},
"PrivateIpAddress": {
"Fn::GetAtt": [
"Bigip2subnet1Az1Interface",
"PrimaryPrivateIpAddress"
]
}
},
"Type": "AWS::EC2::EIPAssociation"
},
"S3Bucket": {
"Properties": {
"AccessControl": "BucketOwnerFullControl"
},
"Type": "AWS::S3::Bucket"
},
"bigipExternalSecurityGroup": {
"Properties": {
"GroupDescription": "Public or external interface rules",
"SecurityGroupIngress": [
{
"CidrIp": {
"Ref": "restrictedSrcAddressApp"
},
"FromPort": "80",
"IpProtocol": "tcp",
"ToPort": "80"
},
{
"CidrIp": {
"Ref": "restrictedSrcAddressApp"
},
"FromPort": "443",
"IpProtocol": "tcp",
"ToPort": "443"
}
],
"Tags": [
{
"Key": "Application",
"Value": {
"Ref": "application"
}
},
{
"Key": "Costcenter",
"Value": {
"Ref": "costcenter"
}
},
{
"Key": "Environment",
"Value": {
"Ref": "environment"
}
},
{
"Key": "Group",
"Value": {
"Ref": "group"
}
},
{
"Key": "Name",
"Value": {
"Fn::Join": [
"",
[
"Bigip External Security Group:",
{
"Ref": "AWS::StackName"
}
]
]
}
},
{
"Key": "Owner",
"Value": {
"Ref": "owner"
}
}
],
"VpcId": {
"Ref": "Vpc"
}
},
"Type": "AWS::EC2::SecurityGroup"
},
"bigipManagementSecurityGroup": {
"Properties": {
"GroupDescription": "BIG-IP management interface policy",
"SecurityGroupIngress": [
{
"CidrIp": {
"Ref": "restrictedSrcAddress"
},
"FromPort": "22",
"IpProtocol": "tcp",
"ToPort": "22"
},
{
"CidrIp": {
"Ref": "restrictedSrcAddress"
},
"FromPort": "443",
"IpProtocol": "tcp",
"ToPort": "443"
}
],
"Tags": [
{
"Key": "Application",
"Value": {
"Ref": "application"
}
},
{
"Key": "Costcenter",
"Value": {
"Ref": "costcenter"
}
},
{
"Key": "Environment",
"Value": {
"Ref": "environment"
}
},
{
"Key": "Group",
"Value": {
"Ref": "group"
}
},
{
"Key": "Name",
"Value": {
"Fn::Join": [
"",
[
"Bigip Management Security Group:",
{
"Ref": "AWS::StackName"
}
]
]
}
},
{
"Key": "Owner",
"Value": {
"Ref": "owner"
}
}
],
"VpcId": {
"Ref": "Vpc"
}
},
"Type": "AWS::EC2::SecurityGroup"
},
"bigipSecurityGroupIngressConfigSync": {
"Properties": {
"FromPort": "4353",
"GroupId": {
"Ref": "bigipExternalSecurityGroup"
},
"IpProtocol": "tcp",
"SourceSecurityGroupId": {
"Ref": "bigipExternalSecurityGroup"
},
"ToPort": "4353"
},
"Type": "AWS::EC2::SecurityGroupIngress"
},
"bigipSecurityGroupIngressHa": {
"Properties": {
"FromPort": "1026",
"GroupId": {
"Ref": "bigipExternalSecurityGroup"
},
"IpProtocol": "udp",
"SourceSecurityGroupId": {
"Ref": "bigipExternalSecurityGroup"
},
"ToPort": "1026"
},
"Type": "AWS::EC2::SecurityGroupIngress"
},
"bigipSecurityGroupIngressManagmentSame": {
"Properties": {
"FromPort": "443",
"GroupId": {
"Ref": "bigipManagementSecurityGroup"
},
"IpProtocol": "tcp",
"SourceSecurityGroupId": {
"Ref": "bigipManagementSecurityGroup"
},
"ToPort": "443"
},
"Type": "AWS::EC2::SecurityGroupIngress"
},
"bigipServiceDiscoveryAccessRole": {
"Properties": {
"AssumeRolePolicyDocument": {
"Statement": [
{
"Action": [
"sts:AssumeRole"
],
"Effect": "Allow",
"Principal": {
"Service": [
"ec2.amazonaws.com"
]
}
}
],
"Version": "2012-10-17"
},
"Path": "/",
"Policies": [
{
"PolicyDocument": {
"Statement": [
{
"Action": [
"ec2:DescribeInstances",
"ec2:DescribeInstanceStatus",
"ec2:DescribeAddresses",
"ec2:AssociateAddress",
"ec2:DisassociateAddress",
"ec2:DescribeNetworkInterfaces",
"ec2:DescribeNetworkInterfaceAttribute",
"ec2:DescribeRouteTables",
"ec2:ReplaceRoute",
"ec2:assignprivateipaddresses",
"sts:AssumeRole"
],
"Effect": "Allow",
"Resource": [
"*"
]
},
{
"Action": [
"s3:ListBucket"
],
"Effect": "Allow",
"Resource": {
"Fn::Join": [
"",
[
"arn:*:s3:::",
{
"Ref": "S3Bucket"
}
]
]
}
},
{
"Action": [
"s3:PutObject",
"s3:GetObject",
"s3:DeleteObject"
],
"Effect": "Allow",
"Resource": {
"Fn::Join": [
"",
[
"arn:*:s3:::",
{
"Ref": "S3Bucket"
},
"/*"
]
]
}
}
],
"Version": "2012-10-17"
},
"PolicyName": "BigipServiceDiscoveryPolicy"
}
]
},
"Type": "AWS::IAM::Role"
},
"bigipServiceDiscoveryProfile": {
"Properties": {
"Path": "/",
"Roles": [
{
"Ref": "bigipServiceDiscoveryAccessRole"
}
]
},
"Type": "AWS::IAM::InstanceProfile"
}
}
}
You can’t perform that action at this time.