Runtime Init controls used for setting logLevel and other Runtime Init settings
Type: object
path: #
Properties
- logLevel
- Type:
string - path: #/properties/logLevel
- The value is restricted to the following:
- "debug"
- "info"
- "silly"
- "warn"
- "error"
- Type:
- logFilename
- Type:
string - path: #/properties/logFilename
- Example values:
- "/var/log/cloud/bigIpRuntimeInit.log"
- Type:
- logToJson
- Type:
boolean - path: #/properties/logToJson
- The value is restricted to the following:
- true
- false
- Type:
- extensionInstallDelayInMs
- Type:
number - path: #/properties/extensionInstallDelayInMs
- Example values:
600001000600
- Type:
controls:
logLevel: silly
logFilename: /var/log/cloud/bigIpRuntimeInit-test.log
logToJson: true
extensionInstallDelayInMs: 60000
Runtime parameters used to render Automation Toolchain declarations.
Type: array
path: #
- Items
- Type:
object - path: #/items
- This schema does not accept additional properties.
- Properties
- name
required- Type:
string - path: #/items/properties/name
- Example values:
- "ADMIN_PASSWORD"
- "HOST_NAME"
- Type:
- type
required- Type:
string - path: #/items/properties/type
- The value is restricted to the following:
- "static"
- "secret"
- "metadata"
- "url"
- "tag"
- "storage"
- Type:
- returnType
- Type:
string - path: #/items/properties/returnType
- The value is restricted to the following:
- "string"
- "number"
- "boolean"
- Type:
- verifyTls
- For enabling secure site verification
- Type:
boolean - path: #/items/properties/verifyTls
- Example values:
- true
- false
- trustedCertBundles
- List of paths to certificate bundles to use for all https requests
- Type:
array - path: #/items/properties/trustedCertBundles
- Example values:
- "/path/to/cert.pem"
- "/path/to/another_cert.pem"
- ipcalc
- Type:
string - path: #/items/properties/ipcalc
- The value is restricted to the following:
- "base"
- "mask"
- "bitmask"
- "hostmask"
- "broadcast"
- "size"
- "first"
- "last"
- "address"
- Type:
- value
- Type:
string - path: #/items/properties/value
- Example values:
- "myValue"
- Type:
- secretProvider
- Type:
object - path: #/items/properties/secretProvider
- This schema does not accept additional properties.
- Properties
- environment
required- Type:
string - path: #/items/properties/secretProvider/properties/environment
- The value is restricted to the following:
- "gcp"
- "aws"
- "azure"
- "hashicorp"
- Type:
- type
required- Type:
string - path: #/items/properties/secretProvider/properties/type
- The value is restricted to the following:
- "SecretsManager"
- "SecretManager"
- "default"
- "KeyVault"
- "Vault"
- Type:
- appRolePath
- URL path of the App Role, if it's unique or if it includes the namespace
- Type:
string - path: #/items/properties/secretProvider/properties/appRolePath
- Example values:
- "/v1/auth/approle/login"
- "/v1/MyNameSpace/auth/approle/login"
- secretId
- ID or name of the secret in the secret manager of the specified environment
- Type:
string - path: #/items/properties/secretProvider/properties/secretId
- Example values:
- "mySecretId"
- "test-document-01"
- secretPath
- Path to secret object in Hashicorp Vault
- Type:
string - path: #/items/properties/secretProvider/properties/secretPath
- Example values:
- "secret/foo"
- version
- Version identifier for the secret to be retrieved
- Type:
string - path: #/items/properties/secretProvider/properties/version
- Example values:
- "AWSCURRENT"
- "1.0"
- "1"
- vaultUrl
- URL of the Azure Key Vault
- Type:
string - path: #/items/properties/secretProvider/properties/vaultUrl
- Example values:
- vaultServer
- URL of the Hashicorp Vault server
- Type:
string - path: #/items/properties/secretProvider/properties/vaultServer
- Example values:
- The value must match this pattern:
^(https?|http?)://[^\s$.?#].[^\s]*$
- secretsEngine
- Hashicorp Vault secrets engine used
- Type:
string - path: #/items/properties/secretProvider/properties/secretsEngine
- The value is restricted to the following:
- "kv2"
- authBackend
- Hashicorp Vault authentication backend used
- Type:
object - path: #/items/properties/secretProvider/properties/authBackend
- Properties
- type
- Hashicorp Vault auth backend type
- Type:
string - path: #/items/properties/secretProvider/properties/authBackend/properties/type
- The value is restricted to the following:
- "approle"
- roleId
- Type:
object - path: #/items/properties/secretProvider/properties/authBackend/properties/roleId
- Properties
- type
- Type:
string - path: #/items/properties/secretProvider/properties/authBackend/properties/roleId/properties/type
- The value is restricted to the following:
- "url"
- "inline"
- Type:
- value
- Hashicorp Vault approle role ID
- Type:
string - path: #/items/properties/secretProvider/properties/authBackend/properties/roleId/properties/value
- Example values:
- "9c9b8014-d2e1-11eb-b8bc-0242ac130003"
- "file:///path/to/role-id"
- type
- Type:
- secretId
- Type:
object - path: #/items/properties/secretProvider/properties/authBackend/properties/secretId
- Properties
- type
- Type:
string - path: #/items/properties/secretProvider/properties/authBackend/properties/secretId/properties/type
- The value is restricted to the following:
- "url"
- "inline"
- Type:
- value
- Hashicorp Vault approle secret ID
- Type:
string - path: #/items/properties/secretProvider/properties/authBackend/properties/secretId/properties/value
- Example values:
- "9c9b84a6-d2e1-11eb-b8bc-0242ac130003"
- "file:///path/to/secret-id"
- "https://path/to/secret-id"
- unwrap
- For unwrapping a wrapped secret ID
- Type:
boolean - path: #/items/properties/secretProvider/properties/authBackend/properties/secretId/properties/unwrap
- Example values:
- true
- false
- type
- Type:
- type
- field
- field name to which secret value is mapped to
- Type:
string - path: #/items/properties/secretProvider/properties/field
- Example values:
- "bigiqPassword"
- "regKey"
- environment
- Type:
- metadataProvider
- Type:
object - path: #/items/properties/metadataProvider
- This schema does not accept additional properties.
- Properties
- environment
required- Type:
string - path: #/items/properties/metadataProvider/properties/environment
- The value is restricted to the following:
- "aws"
- "azure"
- "gcp"
- Type:
- type
required- Type:
string - path: #/items/properties/metadataProvider/properties/type
- The value is restricted to the following:
- "network"
- "compute"
- "uri"
- Type:
- field
- Type:
string - path: #/items/properties/metadataProvider/properties/field
- Example values:
- "name"
- "hostname"
- "ipv4"
- "local-ipv4s"
- "subnet-ipv4-cidr-block"
- Type:
- value
- Type:
string - path: #/items/properties/metadataProvider/properties/value
- Example values:
- "/latest/dynamic/instance-identity/document"
- "/latest/api/token"
- Type:
- query
- Type:
string - path: #/items/properties/metadataProvider/properties/query
- Example values:
- "region"
- "accountId"
- Type:
- ipcalc
- Type:
string - path: #/items/properties/metadataProvider/properties/ipcalc
- The value is restricted to the following:
- "base"
- "mask"
- "bitmask"
- "hostmask"
- "broadcast"
- "size"
- "first"
- "last"
- "address"
- Type:
- index
- Type:
integer - path: #/items/properties/metadataProvider/properties/index
- Example values:
- "0"
- "1"
- "2"
- Type:
- environment
- Type:
- tagProvider
- Type:
object - path: #/items/properties/tagProvider
- This schema does not accept additional properties.
- Properties
- environment
required- Type:
string - path: #/items/properties/tagProvider/properties/environment
- The value is restricted to the following:
- "gcp"
- "aws"
- "azure"
- Type:
- key
required- Type:
string - path: #/items/properties/tagProvider/properties/key
- Example values:
- "hostname"
- "id"
- "date"
- Type:
- environment
- Type:
- storageProvider
- Type:
object - path: #/items/properties/storageProvider
- This schema does not accept additional properties.
- Properties
- environment
required- Type:
string - path: #/items/properties/storageProvider/properties/environment
- The value is restricted to the following:
- "aws"
- "azure"
- "gcp"
- "private"
- Type:
- source
required- The URL of the AWS, Azure, Google Cloud Storage, or privately hosted source file
- Type:
string - path: #/items/properties/storageProvider/properties/source
- Example values:
- The value must match this pattern:
^(https?|http?|s3?|gs?)://[^\s$.?#].[^\s]*$
- destination
required- The location where the downloaded file will be saved
- Type:
string - path: #/items/properties/storageProvider/properties/destination
- Example values:
- "/var/tmp/file1"
- "/var/config/rest/downloads/file1"
- The value must match this pattern:
^(/var/tmp/|/var/config/rest/downloads/)
- verifyTls
- For enabling secure site verification
- Type:
boolean - path: #/items/properties/storageProvider/properties/verifyTls
- Example values:
- true
- false
- trustedCertBundles
- List of paths to certificate bundles to use for all https requests
- Type:
array - path: #/items/properties/storageProvider/properties/trustedCertBundles
- Example values:
- "/path/to/cert.pem"
- "/path/to/another_cert.pem"
- environment
- Type:
- query
- Type:
string - path: #/items/properties/query
- Example values:
- "region"
- Type:
- headers
- Type:
array - path: #/items/properties/headers
- Type:
- name
aws:
description: AWS Example
controls:
logLevel: silly
logFilename: /var/log/cloud/bigIpRuntimeInit.log
runtime_parameters:
- name: ADMIN_PASS
type: secret
secretProvider:
type: SecretManager
environment: aws
version: AWSCURRENT
secretId: test-document-01
- name: HOST_NAME
type: metadata
metadataProvider:
environment: aws
type: compute
field: hostname
- name: SELF_IP_EXTERNAL
type: metadata
metadataProvider:
environment: aws
type: network
field: local-ipv4s
index: 1
- name: SELF_IP_INTERNAL
type: metadata
metadataProvider:
environment: aws
type: network
field: local-ipv4s
index: 2
- name: DEFAULT_ROUTE
type: metadata
metadataProvider:
environment: aws
type: network
field: subnet-ipv4-cidr-block
index: 1
- name: AWS_FILE_1
type: storage
storageProvider:
environment: aws
source: 'https://mybucket.s3.amazonaws.com/mykey/myfile1'
destination: /var/tmp/myfile1
azure:
description: Azure Example
controls:
logLevel: silly
logFilename: /var/log/cloud/bigIpRuntimeInit.log
runtime_parameters:
- name: AZURE_SERVICE_PRINCIPAL
type: secret
secretProvider:
type: KeyVault
environment: azure
vaultUrl: 'https://my-keyvault.vault.azure.net'
secretId: my_azure_secret
- name: HOST_NAME
type: metadata
metadataProvider:
environment: azure
type: compute
field: name
- name: SELF_IP_INTERNAL
type: metadata
metadataProvider:
environment: azure
type: network
field: ipv4
index: 1
- name: SELF_IP_EXTERNAL
type: metadata
metadataProvider:
environment: azure
type: network
field: ipv4
index: 2
- name: AZURE_FILE_1
type: storage
storageProvider:
environment: azure
source: 'https://mystorageaccount.blob.core.windows.net/mycontainer/myfile1'
destination: /var/tmp/myfile1
gcp:
description: Google Example
controls:
logLevel: silly
logFilename: /var/log/cloud/bigIpRuntimeInit.log
runtime_parameters:
- name: ADMIN_PASS
type: secret
secretProvider:
type: SecretsManager
environment: gcp
version: latest
secretId: my-secret-id-01
- name: ROOT_PASS
type: secret
secretProvider:
type: SecretsManager
environment: gcp
version: latest
secretId: my-secret-id-02
- name: HOST_NAME
type: metadata
metadataProvider:
environment: gcp
type: compute
field: name
- name: GCP_FILE_1
type: storage
storageProvider:
environment: gcp
source: 'https://storage.cloud.google.com/mybucket/mykey/myfile1'
destination: /var/tmp/myfile1
hashicorp:
description: Hashicorp Vault Example
controls:
logLevel: silly
logFilename: /var/log/cloud/bigIpRuntimeInit.log
runtime_parameters:
- name: ADMIN_PASS
type: secret
secretProvider:
type: Vault
environment: hashicorp
vaultServer: 'http://127.0.0.1:8200'
secretsEngine: kv2
secretId: secret/foo
field: password
version: 1
authBackend:
type: approle
roleId:
type: url
value: 'file:///path/to/role-id'
secretId:
type: inline
value: secret-id
unwrap: true
Used to specify commands which will be executed following extension services operations.
Type: array
path: #
- Items
- Type:
object - path: #/items
- Properties
- name
- Type:
string - path: #/items/properties/name
- Example values:
- "my_postonboard_command"
- "example_local_exec"
- Type:
- type
- Type:
string - path: #/items/properties/type
- The value is restricted to the following:
- "inline"
- "file"
- "url"
- Type:
- command
- Type:
array - path: #/items/properties/command
- Items
- Type:
string - path: #/items/properties/command/items
- Example values:
- "/tmp/post_onboard_script.sh"
- "https://the-delivery-location.com/remote_post_onboard.sh"
- Type:
- verifyTls
- For enabling secure site verification
- Type:
boolean - path: #/items/properties/verifyTls
- Example values:
- true
- false
- trustedCertBundles
- List of paths to certificate bundles to use for all https requests
- Type:
array - path: #/items/properties/trustedCertBundles
- Example values:
- "/path/to/cert.pem"
- "/path/to/another_cert.pem"
- name
inline:
description: Runs commands specified inline
post_onboard_enabled:
- name: example_inline_command
type: inline
commands:
- touch /tmp/post_onboard_script.sh
- chmod 777 /tmp/post_onboard_script.sh
- >-
echo "touch /tmp/create_by_autogenerated_post_local" >
/tmp/post_onboard_script.sh
local_exec:
description: Runs commands from a local file
post_onboard_enabled:
- name: example_local_exec
type: file
commands:
- /tmp/post_onboard_script.sh
remote_exec:
description: Runs commands from a URL
post_onboard_enabled:
- name: example_remote_exec
type: url
commands:
- 'https://the-delivery-location.com/remote_post_onboard.sh'
Used to specify commands which will be executed before extension package operations before BIG-IP is ready.
Type: array
path: #
- Items
- Type:
object - path: #/items
- Properties
- name
- Type:
string - path: #/items/properties/name
- Example values:
- "my_preonboard_command"
- "example_local_exec"
- "provision_rest"
- Type:
- type
- Type:
string - path: #/items/properties/type
- The value is restricted to the following:
- "inline"
- "file"
- "url"
- Type:
- command
- Type:
array - path: #/items/properties/command
- Items
- Type:
string - path: #/items/properties/command/items
- Example values:
- "/usr/bin/setdb provision.extramb 500"
- "/usr/bin/setdb restjavad.useextramb true"
- "/tmp/pre_onboard_script.sh"
- Type:
- verifyTls
- For enabling secure site verification
- Type:
boolean - path: #/items/properties/verifyTls
- Example values:
- true
- false
- trustedCertBundles
- List of paths to certificate bundles to use for all https requests
- Type:
array - path: #/items/properties/trustedCertBundles
- Example values:
- "/path/to/cert.pem"
- "/path/to/another_cert.pem"
- name
inline:
description: >-
Runs commands specified inline. For improved performance, F5 recommends
including pre_onboard commands to increase provisioning of the REST
framework, and to pre-provision the ASM module when deploying WAF.
pre_onboard_enabled:
- name: example_inline_command
type: inline
commands:
- touch /tmp/pre_onboard_script.sh
- chmod 777 /tmp/pre_onboard_script.sh
- >-
echo "touch /tmp/create_by_autogenerated_pre_local" >
/tmp/pre_onboard_script.sh
- /usr/bin/setdb provision.extramb 500
- /usr/bin/setdb restjavad.useextramb true
local_exec:
description: Runs commands from a local file
pre_onboard_enabled:
- name: example_local_exec
type: file
commands:
- /tmp/pre_onboard_script.sh
remote_exec:
description: Runs commands from a URL
pre_onboard_enabled:
- name: example_remote_exec
type: url
commands:
- 'https://the-delivery-location.com/remote_pre_onboard.sh'
Used to specify commands which will be executed before extension package operations after BIG-IP and MCPD are up and running.
Type: array
path: #
- Items
- Type:
object - path: #/items
- Properties
- name
- Type:
string - path: #/items/properties/name
- Example values:
- "my_preonboard_command"
- "example_local_exec"
- "provision_rest"
- Type:
- type
- Type:
string - path: #/items/properties/type
- The value is restricted to the following:
- "inline"
- "file"
- "url"
- Type:
- command
- Type:
array - path: #/items/properties/command
- Items
- Type:
string - path: #/items/properties/command/items
- Example values:
- "tmsh create net vlan external interfaces replace-all-with { 1.1 }"
- "tmsh create sys folder /LOCAL_ONLY device-group none traffic-group traffic-group-local-only"
- "tmsh save sys config"
- Type:
- verifyTls
- For enabling secure site verification
- Type:
boolean - path: #/items/properties/verifyTls
- Example values:
- true
- false
- trustedCertBundles
- List of paths to certificate bundles to use for all https requests
- Type:
array - path: #/items/properties/trustedCertBundles
- Example values:
- "/path/to/cert.pem"
- "/path/to/another_cert.pem"
- name
inline:
description: Runs commands specified inline
bigip_ready_enabled:
- name: set_message_size
type: inline
commands:
- >-
/usr/bin/curl -s -f -u admin: -H "Content-Type: application/json" -d
'{"maxMessageBodySize":134217728}' -X POST
http://localhost:8100/mgmt/shared/server/messaging/settings/8100 | jq
.
local_exec:
description: Runs commands from a local file
bigip_ready_enabled:
- name: example_local_exec
type: file
commands:
- /tmp/bigip_ready_enabled.sh
remote_exec:
description: Runs commands from a URL
bigip_ready_enabled:
- name: example_remote_exec
type: url
commands:
- 'https://the-delivery-location.com/bigip_ready_enabled.sh'
Used to specify Automation Toolchain packages to be installed on device.
Type: object
path: #
This schema does not accept additional properties.
Properties
- install_operations
required- Specify the type, version, location, and endpoint of packages to install
- Type:
array - path: #/properties/install_operations
- Items
- Type:
object - path: #/properties/install_operations/items
- This schema does not accept additional properties.
- Properties
- extensionType
required- Type:
string - path: #/properties/install_operations/items/properties/extensionType
- The value is restricted to the following:
- "do"
- "as3"
- "ts"
- "cf"
- "fast"
- "ilx"
- Type:
- extensionVersion
- Type:
string - path: #/properties/install_operations/items/properties/extensionVersion
- Example values:
- "1.12.0"
- "3.19.1"
- Type:
- extensionHash
- Type:
string - path: #/properties/install_operations/items/properties/extensionHash
- Example values:
- "ba2db6e1c57d2ce6f0ca20876c820555ffc38dd0a714952b4266c4daf959d987"
- "95c2b76fb598bbc36fb93a2808f2e90e6c50f7723d27504f3eb2c2850de1f9e1"
- Type:
- verifyTls
- For enabling secure site verification
- Type:
boolean - path: #/properties/install_operations/items/properties/verifyTls
- Example values:
- true
- false
- trustedCertBundles
- List of paths to certificate bundles to use for all https requests
- Type:
array - path: #/properties/install_operations/items/properties/trustedCertBundles
- Example values:
- "/path/to/cert.pem"
- "/path/to/another_cert.pem"
- extensionUrl
- Type:
string - path: #/properties/install_operations/items/properties/extensionUrl
- Example values:
- "https://github.com/F5Networks/f5-appsvcs-extension/releases/download/v3.20.0/f5-appsvcs-3.20.0-3.noarch.rpm"
- "file:///var/config/rest/downloads/f5-declarative-onboarding-1.10.0-2.noarch.rpm"
- Type:
- extensionVerificationEndpoint
- Type:
string - path: #/properties/install_operations/items/properties/extensionVerificationEndpoint
- Example values:
- "/mgmt/shared/myIlxApp/info"
- Type:
- extensionType
default:
extension_packages:
install_operations:
- extensionType: do
extensionVersion: 1.43.0
- extensionType: as3
extensionVersion: 3.50.2
- extensionType: fast
extensionVersion: 1.25.0
versioned:
extension_packages:
install_operations:
- extensionType: do
extensionVersion: 1.43.0
- extensionType: as3
extensionVersion: 3.50.2
- extensionType: fast
extensionVersion: 1.25.0
hashed:
extension_packages:
install_operations:
- extensionType: do
extensionVersion: 1.43.0
extensionHash: 394f6d97219d016e90016874acb09bd27f7907fda4f1730dea0276900b753a1d
- extensionType: as3
extensionVersion: 3.50.2
extensionHash: 620f441bebfdce0261045e34bc7c34f2793b05c0aca62c7ec8e22bbb3f4f35c3
- extensionType: ts
extensionVersion: 1.35.0
extensionHash: 839698d98a8651a90b3d509cde4b382338461a253878c9fd00c894699ef0e844
- extensionType: fast
extensionVersion: 1.25.0
extensionHash: 434309179af405e6b663e255d4d3c0a1fd45cac9b561370e350bb8dd8b39761f
url:
extension_packages:
install_operations:
- extensionType: do
extensionUrl: >-
https://github.com/F5Networks/f5-declarative-onboarding/releases/download/v1.43.0/f5-declarative-onboarding-1.43.0-5.noarch.rpm
extensionVersion: 1.43.0
- extensionType: as3
extensionUrl: 'file:///var/config/rest/downloads/f5-appsvcs-3.50.2-3.noarch.rpm'
extensionVersion: 3.50.2
- extensionType: fast
extensionUrl: >-
https://github.com/F5Networks/f5-appsvcs-templates/releases/download/v1.25.0/f5-appsvcs-templates-1.25.0-1.noarch.rpm
extensionVersion: 1.25.0
ilx:
extension_packages:
install_operations:
- extensionType: do
extensionVersion: 1.43.0
- extensionType: as3
extensionVersion: 3.50.2
- extensionType: fast
extensionVersion: 1.25.0
- extensionType: ilx
extensionUrl: 'file:///var/config/rest/downloads/myIlxApp.rpm'
extensionVersion: 1.0.0
extensionVerificationEndpoint: /mgmt/shared/myIlxApp/info
Used to specify configuration operations to be performed against specific extensions on device.
Type: object
path: #
This schema does not accept additional properties.
Properties
- service_operations
required- Specify the operations to be performed against the specified services
- Type:
array - path: #/properties/service_operations
- Items
- Type:
object - path: #/properties/service_operations/items
- This schema does not accept additional properties.
- Properties
- extensionType
- Type:
string - path: #/properties/service_operations/items/properties/extensionType
- The value is restricted to the following:
- "do"
- "as3"
- "ts"
- "fast"
- "cf"
- Type:
- type
- Type:
string - path: #/properties/service_operations/items/properties/type
- Comment
url in case of local file (file:) or remote (https: or http:) and inline in case the declaration is part of the config file - The value is restricted to the following:
- "url"
- "inline"
- Type:
- value
- URL of local or remote file containing the declarations to be applied, or the entire declaration inline as an object
- path: #/properties/service_operations/items/properties/value
- Example values:
- "https://cdn.f5.com/product/cloudsolutions/declarations/template2-0/autoscale-waf/autoscale_do_payg.json"
- "file:///examples/automation_toolchain_declarations/as3.json"
- "class: AS3 action: deploy persist: true declaration: class: ADC schemaVersion: 3.0.0 id: urn:uuid:33045210-3ab8-4636-9b2a-c98d22ab915d label: Sample 1 remark: Simple HTTP Service with Round-Robin Load Balancing Sample_01: class: Tenant A1: class: Application template: http serviceMain: class: Service_HTTP virtualAddresses: - 10.0.1.10 pool: web_pool web_pool: class: Pool monitors: - http members: - servicePort: 80 serverAddresses: - 192.0.1.10 - 192.0.1.11"
- verifyTls
- For enabling secure site verification
- Type:
boolean - path: #/properties/service_operations/items/properties/verifyTls
- Example values:
- true
- false
- trustedCertBundles
- List of paths to certificate bundles to use for all https requests
- Type:
array - path: #/properties/service_operations/items/properties/trustedCertBundles
- Example values:
- "/path/to/cert.pem"
- "/path/to/another_cert.pem"
- extensionType
url:
extension_services:
service_operations:
- extensionType: do
type: url
value: >-
https://cdn.f5.com/product/cloudsolutions/declarations/template2-0/autoscale-waf/autoscale_do_payg.json
verifyTls: false
- extensionType: as3
type: url
value: >-
https://cdn.f5.com/product/cloudsolutions/templates/f5-azure-arm-templates/examples/modules/bigip/autoscale_as3.json
file:
extension_services:
service_operations:
- extensionType: as3
type: url
value: 'file:///examples/automation_toolchain_declarations/as3.json'
inline:
extension_services:
service_operations:
- extensionType: do
type: inline
value:
schemaVersion: 1.0.0
class: Device
label: >-
Quickstart 1NIC BIG-IP declaration for Declarative Onboarding with
BYOL license
async: true
Common:
class: Tenant
My_DbVariables:
class: DbVariables
ui.advisory.enabled: true
ui.advisory.color: blue
ui.advisory.text: BIG-IP Quickstart
My_Provisioning:
class: Provision
asm: nominal
ltm: nominal
My_Ntp:
class: NTP
servers:
- 169.254.169.253
timezone: UTC
My_Dns:
class: DNS
nameServers:
- 169.254.169.253
My_License:
class: License
licenseType: regKey
regKey: AAAAA-BBBBB-CCCCC-DDDDD-EEEEEEE
My_System:
class: System
autoPhonehome: true
hostname: HOST_NAME
quickstart:
class: User
partitionAccess:
all-partitions:
role: admin
password: BIGIP_PASSWORD
shell: bash
userType: regular
- extensionType: as3
type: inline
value:
class: AS3
action: deploy
persist: true
declaration:
class: ADC
schemaVersion: 3.0.0
id: 'urn:uuid:33045210-3ab8-4636-9b2a-c98d22ab915d'
label: Sample 1
remark: Simple HTTP Service with Round-Robin Load Balancing
Sample_01:
class: Tenant
A1:
class: Application
template: http
serviceMain:
class: Service_HTTP
virtualAddresses:
- 10.0.1.10
pool: web_pool
web_pool:
class: Pool
monitors:
- http
members:
- servicePort: 80
serverAddresses:
- 192.0.1.10
- 192.0.1.11
Details of an HTTP request to send when deployment is finished.
Type: array
path: #
webhook:
description: Sends webhook payload to specified URL
post_hook:
- name: example_webhook
type: webhook
url: 'https://webhook.site'
custom_properties:
description: Sends webhook payload with user-specified custom properties
post_hook:
- name: example_webhook
type: webhook
url: 'https://webhook.site'
properties:
optionalKey1: optional_value1
optionalKey2: optional_value2
Automated Toolchain declarations referenced here are available in the examples/automation_toolchain_declarations folder.
example_1:
description: >-
Verifies and installs Automation Toolchain components (DO, AS3, FAST) on a
local BIG-IP and then configures AS3 from a local declaration file.
runtime_config:
controls:
logLevel: silly
logFilename: /var/log/cloud/bigIpRuntimeInit.log
pre_onboard_enabled:
- name: provision_rest
type: inline
commands:
- /usr/bin/setdb provision.extramb 500
- /usr/bin/setdb restjavad.useextramb true
bigip_ready_enabled:
- name: set_message_size
type: inline
commands:
- >-
/usr/bin/curl -s -f -u admin: -H "Content-Type: application/json" -d
'{"maxMessageBodySize":134217728}' -X POST
http://localhost:8100/mgmt/shared/server/messaging/settings/8100 |
jq .
extension_packages:
install_operations:
- extensionType: do
extensionVersion: 1.43.0
extensionHash: 394f6d97219d016e90016874acb09bd27f7907fda4f1730dea0276900b753a1d
- extensionType: as3
extensionVersion: 3.50.2
extensionHash: 620f441bebfdce0261045e34bc7c34f2793b05c0aca62c7ec8e22bbb3f4f35c3
- extensionType: fast
extensionVersion: 1.25.0
extensionHash: 434309179af405e6b663e255d4d3c0a1fd45cac9b561370e350bb8dd8b39761f
extension_services:
service_operations:
- extensionType: as3
type: url
value: 'file:///examples/automation_toolchain_declarations/as3.json'
example_2:
description: >-
Verifies and installs DO and myIlxApp RPMs from local directories and
configures DO from a local declaration file. Install operations with an
extensionUrl value that points to a local file stored on BIG-IP system.
runtime_config:
controls:
logLevel: silly
logFilename: /var/log/cloud/bigIpRuntimeInit.log
pre_onboard_enabled:
- name: provision_rest
type: inline
commands:
- /usr/bin/setdb provision.extramb 500
- /usr/bin/setdb restjavad.useextramb true
extension_packages:
install_operations:
- extensionType: do
extensionUrl: >-
file:///var/config/rest/downloads/f5-declarative-onboarding-1.43.0-5.noarch.rpm
extensionHash: 394f6d97219d016e90016874acb09bd27f7907fda4f1730dea0276900b753a1d
extensionVersion: 1.43.0
- extensionType: ilx
extensionUrl: 'file:///var/config/rest/downloads/myIlxApp.rpm'
extensionVersion: 1.0.0
extensionVerificationEndpoint: /mgmt/shared/myIlxApp/info
extensionHash: de615341b91beaed59195dceefc122932580d517600afce1ba8d3770dfe42d28
extension_services:
service_operations:
- extensionType: do
type: url
value: 'file:///var/config/rest/downloads/do.json'
example_3:
description: >-
Installs DO, AS3, and FAST on a local BIG-IP and renders the Azure service
principal secret into an AS3 declaration downloaded from a URL.
runtime_config:
controls:
logLevel: silly
logFilename: /var/log/cloud/bigIpRuntimeInit.log
runtime_parameters:
- name: AZURE_SERVICE_PRINCIPAL
type: secret
secretProvider:
type: KeyVault
environment: azure
vaultUrl: 'https://my-keyvault.vault.azure.net'
secretId: my_azure_secret
pre_onboard_enabled:
- name: provision_rest
type: inline
commands:
- /usr/bin/setdb provision.extramb 500
- /usr/bin/setdb restjavad.useextramb true
extension_packages:
install_operations:
- extensionType: do
extensionVersion: 1.43.0
- extensionType: as3
extensionVersion: 3.50.2
- extensionType: fast
extensionVersion: 1.25.0
extension_services:
service_operations:
- extensionType: do
type: url
value: >-
https://cdn.f5.com/product/cloudsolutions/templates/f5-azure-arm-templates/examples/modules/bigip/autoscale_do.json
- extensionType: as3
type: url
value: >-
file:///examples/automation_toolchain_declarations/example_3_as3.json
example_4:
description: >-
Renders secret referenced within DO declaration to configure the admin
password on a BIG-IP device in AWS.
runtime_config:
controls:
logLevel: silly
logFilename: /var/log/cloud/bigIpRuntimeInit.log
runtime_parameters:
- name: ADMIN_PASS
type: secret
secretProvider:
type: SecretManager
environment: aws
version: AWSCURRENT
secretId: test-document-01
- name: ROOT_PASS
type: secret
secretProvider:
type: SecretManager
environment: aws
version: AWSCURRENT
secretId: test-document-02
pre_onboard_enabled:
- name: provision_rest
type: inline
commands:
- /usr/bin/setdb provision.extramb 500
- /usr/bin/setdb restjavad.useextramb true
extension_packages:
install_operations:
- extensionType: do
extensionVersion: 1.43.0
- extensionType: as3
extensionVersion: 3.50.2
- extensionType: fast
extensionVersion: 1.25.0
extension_services:
service_operations:
- extensionType: do
type: url
value: 'file:///examples/automation_toolchain_declarations/example_4_do.json'
example_5:
description: >-
Renders secret referenced within DO declaration to configure the admin
password on a BIG-IP device in GCP.
runtime_config:
controls:
logLevel: silly
logFilename: /var/log/cloud/bigIpRuntimeInit.log
runtime_parameters:
- name: ADMIN_PASS
type: secret
secretProvider:
type: SecretsManager
environment: gcp
version: latest
secretId: my-secret-id-01
- name: ROOT_PASS
type: secret
secretProvider:
type: SecretsManager
environment: gcp
version: latest
secretId: my-secret-id-02
pre_onboard_enabled:
- name: provision_rest
type: inline
commands:
- /usr/bin/setdb provision.extramb 500
- /usr/bin/setdb restjavad.useextramb true
extension_packages:
install_operations:
- extensionType: do
extensionVersion: 1.43.0
- extensionType: as3
extensionVersion: 3.50.2
- extensionType: fast
extensionVersion: 1.25.0
extension_services:
service_operations:
- extensionType: do
type: url
value: 'file:///examples/automation_toolchain_declarations/example_5_do.json'
example_6:
description: >-
Replaces variables used within DO and AS3 declarations with properties from
instance metadata to configure hostname, self IP addresses and pool members
on BIG-IP device.
runtime_config:
controls:
logLevel: silly
logFilename: /var/log/cloud/bigIpRuntimeInit.log
runtime_parameters:
- name: HOST_NAME
type: metadata
metadataProvider:
environment: aws
type: compute
field: hostname
- name: SELF_IP_EXTERNAL
type: metadata
metadataProvider:
environment: aws
type: network
field: local-ipv4s
index: 1
- name: SELF_IP_INTERNAL
type: metadata
metadataProvider:
environment: aws
type: network
field: local-ipv4s
index: 2
- name: DEFAULT_ROUTE
type: metadata
metadataProvider:
environment: aws
type: network
field: subnet-ipv4-cidr-block
index: 1
- name: REGION
type: url
value: 'http://169.254.169.254/latest/dynamic/instance-identity/document'
query: region
headers:
- name: Content-type
value: json
- name: User-Agent
value: bigip-ve
pre_onboard_enabled:
- name: provision_rest
type: inline
commands:
- /usr/bin/setdb provision.extramb 500
- /usr/bin/setdb restjavad.useextramb true
extension_packages:
install_operations:
- extensionType: do
extensionVersion: 1.43.0
- extensionType: as3
extensionVersion: 3.50.2
- extensionType: fast
extensionVersion: 1.25.0
extension_services:
service_operations:
- extensionType: do
type: url
value: 'file:///examples/automation_toolchain_declarations/example_6_do.json'
- extensionType: as3
type: url
value: >-
file:///examples/automation_toolchain_declarations/example_7_as3.json
example_7:
description: >-
Installs AS3, DO, and FAST and uses an inline AS3 declaration to setup the
BIG-IP.
runtime_config:
controls:
logLevel: silly
logFilename: /var/log/cloud/bigIpRuntimeInit.log
pre_onboard_enabled:
- name: provision_rest
type: inline
commands:
- /usr/bin/setdb provision.extramb 500
- /usr/bin/setdb restjavad.useextramb true
extension_packages:
install_operations:
- extensionType: do
extensionVersion: 1.43.0
- extensionType: as3
extensionVersion: 3.50.2
- extensionType: fast
extensionVersion: 1.25.0
extension_services:
service_operations:
- extensionType: as3
type: inline
value:
class: AS3
action: deploy
persist: true
declaration:
class: ADC
schemaVersion: 3.0.0
id: 'urn:uuid:33045210-3ab8-4636-9b2a-c98d22ab915d'
label: Sample 1
remark: Simple HTTP Service with Round-Robin Load Balancing
Sample_01:
class: Tenant
A1:
class: Application
template: http
serviceMain:
class: Service_HTTP
virtualAddresses:
- 10.0.1.10
pool: web_pool
web_pool:
class: Pool
monitors:
- http
members:
- servicePort: 80
serverAddresses:
- 192.0.1.10
- 192.0.1.11
example_8:
description: Using runtime parameters with inline Automation Toolchain declarations.
runtime_config:
controls:
logLevel: silly
logFilename: /var/log/cloud/bigIpRuntimeInit.log
runtime_parameters:
- name: SCHEMA_VERSION
type: static
value: 3.0.0
- name: HOST_NAME
type: static
value: bigip1.example.com
pre_onboard_enabled:
- name: provision_rest
type: inline
commands:
- /usr/bin/setdb provision.extramb 500
- /usr/bin/setdb restjavad.useextramb true
extension_packages:
install_operations:
- extensionType: do
extensionVersion: 1.43.0
- extensionType: as3
extensionVersion: 3.50.2
- extensionType: fast
extensionVersion: 1.25.0
extension_services:
service_operations:
- extensionType: do
type: inline
value:
schemaVersion: '{{{ SCHEMA_VERSION }}}'
class: Device
async: true
label: my BIG-IP declaration for declarative onboarding
Common:
class: Tenant
hostname: '{{{ HOST_NAME }}}'
myDns:
class: DNS
nameServers:
- 8.8.8.8
myNtp:
class: NTP
servers:
- 0.pool.ntp.org
timezone: UTC
myProvisioning:
class: Provision
ltm: nominal
asm: nominal
dbvars:
class: DbVariables
provision.extramb: 500
restjavad.useextramb: true
- extensionType: as3
type: inline
value:
class: AS3
action: deploy
persist: true
declaration:
class: ADC
schemaVersion: '{{{ SCHEMA_VERSION }}}'
label: Sample 1
remark: Simple HTTP Service with Round-Robin Load Balancing
Sample_01:
class: Tenant
A1:
class: Application
template: http
serviceMain:
class: Service_HTTP
virtualAddresses:
- 10.0.1.10
pool: web_pool
web_pool:
class: Pool
monitors:
- http
members:
- servicePort: 80
serverAddresses:
- 192.0.1.10
- 192.0.1.11
example_9:
description: Using custom pre-onboard and post-onboard commands.
runtime_config:
controls:
logLevel: silly
logFilename: /var/log/cloud/bigIpRuntimeInit.log
pre_onboard_enabled:
- name: example_inline_command
type: inline
commands:
- touch /tmp/pre_onboard_script.sh
- chmod 777 /tmp/pre_onboard_script.sh
- >-
echo "touch /tmp/create_by_autogenerated_pre_local" >
/tmp/pre_onboard_script.sh
- name: provision_rest
type: inline
commands:
- /usr/bin/setdb provision.extramb 500
- /usr/bin/setdb restjavad.useextramb true
- name: example_local_exec
type: file
commands:
- /tmp/pre_onboard_script.sh
- name: example_remote_exec
type: url
commands:
- 'https://the-delivery-location.com/remote_pre_onboard.sh'
post_onboard_enabled:
- name: example_inline_command
type: inline
commands:
- touch /tmp/post_onboard_script.sh
- chmod 777 /tmp/post_onboard_script.sh
- >-
echo "touch /tmp/create_by_autogenerated_post_local" >
/tmp/post_onboard_script.sh
- name: example_local_exec
type: file
commands:
- /tmp/post_onboard_script.sh
- name: example_remote_exec
type: url
commands:
- 'https://the-delivery-location.com/remote_post_onboard.sh'
extension_packages:
install_operations:
- extensionType: do
extensionVersion: 1.43.0
- extensionType: as3
extensionVersion: 3.50.2
- extensionType: fast
extensionVersion: 1.25.0
example_10:
description: Sending a customized webhook on completion.
runtime_config:
controls:
logLevel: silly
logFilename: /var/log/cloud/bigIpRuntimeInit.log
pre_onboard_enabled:
- name: provision_rest
type: inline
commands:
- /usr/bin/setdb provision.extramb 500
- /usr/bin/setdb restjavad.useextramb true
extension_packages:
install_operations:
- extensionType: do
extensionVersion: 1.43.0
- extensionType: as3
extensionVersion: 3.50.2
- extensionType: fast
extensionVersion: 1.25.0
post_hook:
- name: example_webhook
type: webhook
url: 'https://webhook.site'
verifyTls: true
properties:
optionalKey1: optional_value1
optionalKey2: optional_value2
example_11:
description: >-
Overrides default certificate validation/verification using the verifyTls
parameter. The following attributes support verifyTls: pre_onboard_enabled,
post_onboard_enabled, extension_packages.install_operations,
extension_services.service_operations, and post_hook.
runtime_config:
controls:
logLevel: silly
logFilename: /var/log/cloud/bigIpRuntimeInit.log
extension_packages:
install_operations:
- extensionType: do
extensionVersion: 1.43.0
extensionHash: 394f6d97219d016e90016874acb09bd27f7907fda4f1730dea0276900b753a1d
- extensionType: as3
extensionUrl: >-
https://github.com/F5Networks/f5-appsvcs-extension/releases/download/v3.50.2/f5-appsvcs-3.50.2-3.noarch.rpm
extensionVersion: 3.50.2
verifyTls: false
- extensionType: ilx
extensionUrl: 'file:///var/config/rest/downloads/myIlxApp.rpm'
extensionVersion: 1.0.0
extensionVerificationEndpoint: /mgmt/shared/myIlxApp/info
extension_services:
service_operations:
- extensionType: do
type: url
value: >-
https://cdn.f5.com/product/cloudsolutions/declarations/autoscale-waf/autoscale_do_payg.json
verifyTls: false
- extensionType: as3
type: url
value: >-
https://cdn.f5.com/product/cloudsolutions/templates/f5-azure-arm-templates/examples/modules/bigip/autoscale_as3.json
post_hook:
- name: example_webhook
type: webhook
url: 'https://postman-echo.com/post'
verifyTls: false
properties:
optionalKey1: optional_value1
optionalKey2: optional_value2
post_onboard_enabled:
- name: example_inline_command
type: inline
commands:
- touch /tmp/post_onboard_script.sh
- chmod 777 /tmp/post_onboard_script.sh
- >-
echo "touch /tmp/created_by_autogenerated_post_local" >
/tmp/post_onboard_script.sh
- name: example_local_exec
type: file
commands:
- /tmp/post_onboard_script.sh
- name: example_remote_exec
type: url
verifyTls: false
commands:
- >-
https://ak-metadata-package-poc.s3.amazonaws.com/remote_post_onboard.sh
- name: example_remote_exec
type: url
commands:
- >-
https://ak-metadata-package-poc.s3.amazonaws.com/remote_post_onboard.sh
pre_onboard_enabled:
- name: example_remote_exec
type: url
commands:
- >-
https://ak-metadata-package-poc.s3.amazonaws.com/remote_pre_onboard.sh
- name: provision_rest
type: inline
commands:
- /usr/bin/setdb provision.extramb 500
- /usr/bin/setdb restjavad.useextramb true
example_12:
description: >-
Licenses BIG-IP device using BIG-IQ utility offering and authenticating with
credentials stored in Azure KeyVault.
runtime_config:
controls:
logLevel: silly
logFilename: /var/log/cloud/bigIpRuntimeInit.log
runtime_parameters:
- name: HOST_NAME
type: metadata
metadataProvider:
environment: azure
type: compute
field: name
- name: BIGIQ_ADMIN_PASS
type: secret
secretProvider:
type: KeyVault
environment: azure
vaultUrl: 'https://my-keyvault.vault.azure.net'
secretId: my_azure_secret
pre_onboard_enabled:
- name: provision_rest
type: inline
commands:
- /usr/bin/setdb provision.extramb 500
- /usr/bin/setdb restjavad.useextramb true
extension_packages:
install_operations:
- extensionType: do
extensionVersion: 1.43.0
- extensionType: as3
extensionVersion: 3.50.2
- extensionType: fast
extensionVersion: 1.25.0
extension_services:
service_operations:
- extensionType: do
type: url
value: 'file:///examples/automation_toolchain_declarations/example_7_do.json'
example_13:
description: Renders the admin password using Hashicorp Vault approle authentication.
runtime_config:
controls:
logLevel: silly
logFilename: /var/log/cloud/bigIpRuntimeInit.log
runtime_parameters:
- name: ADMIN_PASS
type: secret
secretProvider:
type: Vault
environment: hashicorp
vaultServer: 'http://127.0.0.1:8200'
secretsEngine: kv2
secretId: secret/foo
field: password
version: 1
authBackend:
type: approle
roleId:
type: url
value: 'file:///path/to/role-id'
secretId:
type: inline
value: secret-id
unwrap: true
- name: SECOND_PASS
type: secret
secretProvider:
type: Vault
environment: hashicorp
vaultServer: 'http://127.0.0.1:8200'
secretsEngine: kv2
secretId: secret/bar
field: data
version: 1
authBackend:
type: approle
roleId:
type: url
value: 'file:///path/to/role-id'
secretId:
type: inline
value: secret-id
pre_onboard_enabled:
- name: provision_rest
type: inline
commands:
- /usr/bin/setdb provision.extramb 500
- /usr/bin/setdb restjavad.useextramb true
extension_packages:
install_operations:
- extensionType: do
extensionVersion: 1.43.0
- extensionType: as3
extensionVersion: 3.50.2
- extensionType: fast
extensionVersion: 1.25.0
extension_services:
service_operations:
- extensionType: do
type: inline
value:
schemaVersion: 1.0.0
class: Device
async: true
label: my BIG-IP declaration for declarative onboarding
Common:
class: Tenant
hostname: '{{ HOST_NAME }}.local'
admin:
class: User
userType: regular
password: '{{ ADMIN_PASS }}'
shell: bash
admin2:
class: User
userType: regular
password: '{{ SECOND_PASS.admin2_password }}'
shell: bash
partitionAccess:
all-partitions:
role: admin
dbvars:
class: DbVariables
provision.extramb: 500
restjavad.useextramb: true