Manual Chapter :
Adding and Configuring BIG-IP VE Devices in an AWS Cloud
Environment
Applies To:
Show VersionsBIG-IQ Centralized Management
- 8.3.0, 8.2.0, 8.1.0, 8.0.0, 7.1.0
Adding and Configuring BIG-IP VE Devices in an AWS Cloud
Environment
How do I create and configure BIG-IP VE devices in an AWS cloud environment?
BIG-IQ Centralized Management makes it easy for you to create, configure, and manage BIG-IP VE devices on AWS, Azure, and VMware cloud environments.
To start managing a BIG-IP VE device in an cloud environment, you'll need to complete the following tasks:
- Configure your AWS Virtual Private Cloud
- Set up your AWS cloud environment. For this, you'll need a Virtual Private Cloud (VPC). You also need secret keys and a security group to keep the environment safe.
- Specify your cloud provider details
- Specify the cloud provider's credentials so you can access the cloud environment from BIG-IQ.
- Create your cloud environment
- Define your cloud environment by specifying the cloud-specific properties for that environment.
- Create a BIG-IP VE device
- Create a BIG-IP VE device from BIG-IQ in the cloud environment you defined.
- Onboard your BIG-IP VE device
- Provide the details for the BIG-IP VE device's configuration, and provision the services you want BIG-IQ to import through the onboarding process. BIG-IQ applies the configuration to the BIG-IP VE device through a declarative onboarding API call. For more information about declaration onboarding API specific to BIG-IP VE devices, seehttps://github.com/F5Networks/f5-declarative-onboarding
After you save the configuration for the BIG-IP VE device you created, BIG-IQ sends an API call to apply that configuration to the targeted BIG-IP VE device. After BIG-IQ successfully applies the configuration, it then discovers and imports the services the device is licensed for. This means you don't have to discover and import services in a separate step. When the onboarding process is complete, you can start managing the BIG-IP VE device from the
screen. Configure your AWS Virtual Private
Cloud
To deploy BIG-IP VE devices
in an AWS cloud, you need a Virtual Private Cloud
(VPC). You also need secret keys and a security
group to keep the environment safe.
To properly configure your
environment, your account requires full access
permissions for the following AWS resources: Auto
Scale Groups, Instances, SQS, S3, CloudWatch, and
CloudFormation. Additionally, you need list,
create, and delete permissions for the IAM
role/rolePolicy/InstanceProfile
.- If you use the AWS cloud for all of your resources, you install the BIG-IP VE devices and DCDs in the AWS environment. When you use AWS for your BIG-IQ and DCDs, you most likely have already created an AWS environment and deployed the BIG-IP VE devices. If this is the case, be sure to review the AWS requirements here to ensure proper support.
- If you deployed your BIG-IP VE devices and DCDs in a private cloud or on-premises environment, after you create the AWS environment, configure a VPN to support the required communication between the BIG-IP VE devices and the management components.For the most current instructions for creating a VPC, refer to the VPC Documentation web site,https://docs.aws.amazon.com/AmazonVPC/latest/GettingStartedGuide/getting-started-ipv4.html.
- Access your AWS account, and create a virtual private cloud (VPC).As you configure the VPC, make sure it is in the region you want to work in and contains the following elements:
- Name tag
- IPv4 CIDR block
- Only 1 subnet,is supported for BIG-IP VE creation. If you want more subnets, you must configure them manually in your AWS environment after you create your BIG-IP VE.
- Internet gateway attached to this VPC
- Route table that targets the internet gateway (1 for each subnet)
- Create a key pair to allow SSH access.For more information, refer to: ec2-key-pairs.html and id_credentials_access-keys.html#Using_CreateAccessKey
- Create a security group to protect the elastic load balancer (ELB).When you configure the security group for the ELB, you must not specify any ingress rules.
- Create a classic elastic load balancer (ELB) using the settings detailed in the table.ELB TypeClassic Load BalancerVPC and subnetsUse the objects created in step 1.Health Checks
- Ping protocol:TCP
- Ping port: 22
- Timeout: 5 seconds
- Interval: 30 seconds
EC2 InstancesCross-Zone Load Balancing enabled and Connection Draining Enabled at 300 seconds.When you configure the ELB, note that you can deploy it as either Internet-facing or internal. Internal is fine if all of the application traffic you support is within your AWS VPC. If not, then make sure you deploy it as Internet-facing.For more information, refer to: VPC_SecurityGroups.html.Additionally, the classic ELB and the BIG-IP VE devices that manage your applications must be in the VPC. If they are not in the same VPC, traffic will not reach the BIG-IP VE devices. - After the ELB is created successfully, edit the ELB listeners to remove the default listener (Load Balancer Protocol and Instance Protocol of HTTP on port 80).
Before AWS can create the BIG-IP VE instances,
you must subscribe and agree to the software terms
for the Amazon machine image (AMI) you plan to
use.
- Navigate to the AWS marketplace.
- Search for the AMI that best fits your needs.
- When you find the AMI you want, select it and then clickContinue to Subscribeand follow the prompts.
Configuration requirements for an AWS VPN
When you manage BIG-IP VE devices running applications in AWS
environment, and use a BIG-IQ and data collection devices that are housed in a private cloud
or on-premises, you need a VPN to facilitate communication. Without a VPN, the devices
cannot send the analytic information you need to manage your applications. Also, if you use
the BYOL licensing option, when new devices are created, they need the VPN so they can
contact the BIQ-IQ acting as a license server.
Requirement | For more information |
---|---|
Both ends of the VPN require a gateway. That is, you need a
gateway between your BIG-IQ/data collection device cluster and the VPN;
and, you need a virtual private gateway between the VPN and the AWS
environment. | Refer to the vendor documentation for the
gateway you use locally. For details on the AWS end, refer to AWS
Managed VPN Connections on
docs.aws.amazon.com . |
You must use a VPN supported by AWS. | For details on the VPN types that AWS supports, refer to
Amazon Virtual Private Cloud Documentation on
docs.aws.amazon.com . |
Subnets on your local network must use a different subnet than
the subnet used by the VPC you create in the AWS environment. There can
be no overlap. | For example, if the BIG-IQ and data collection devices in your
local cloud use a subnet such as 172.16.0.0/16, you could use a subnet
such as 10.1.0.0/16 |
There must be a route from your BIG-IQ/data collection device cluster
to the AWS environment through your gateway. | Create this route by logging in to the BIG-IQ and DCD in your local cloud and running a
set of tmsh commands. For example, if your setup used the subnets listed
in the previous example (AWS network is 10.1.0.0/16 and your gateway
address is 172.16.0.9 , you could run the following sequence of commands:
|
Specify credentials required to connect to an AWS cloud
You create a new AWS cloud provider to tell BIG-IQ
how to connect to your AWS cloud environment.
- At the top of the screen, clickApplicationsthen, on the left, click .
- ClickCreate.The New Provider screen opens.
- Type aNamefor the provider you are creating.
- To help identify this provider when you want to use it later, type a briefDescription.
- From theProvider Typelist, selectAWS.Under Provider Details, the screen display s settings that you use to specify your AWS credentials.
- Type yourAccess Key IDandSecret Access Key, and then clickTestto confirm your connection.
- ClickSave & Close.
The system creates the new AWS provider
account, which is now ready to be used in a cloud environment.
Before you can use
this provider to create a BIG-IP VE device in, you need to create the AWS cloud
environment.
Configure your AWS cloud environment on BIG-IQ
When you create an AWS cloud environment, you specify the parameters that BIG-IQ uses to create BIG-IP VE devices in that environment.
- At the top of the screen, clickApplicationsthen, on the left, click .
- ClickCreate.
- After you provide aNameand optionalDescriptionfor this cloud environment, from theDevice Templatelist, select the device template you want to use to define the new BIG-IP VE devices.
- From theCloud Providerlist, select the name of the AWS provider you want to use for this environment.The screen displays the AWS Properties settings.
- From theVPClist, select the name of the virtual private cloud you created for this environment.The subnets defined for this VPC are listed under Available.
- ForRestricted Source Address, using the CIDR format, specify the addresses that you want to be able to access the environment.For example12.12.0.0/16.Only addresses that match your entry will have access (IP addresses that use12.12.xxx.xxxin the example above).
- Leave theSSH Key Nameblank.
- ForLicense Type, selectUtility.From your cloud provider marketplace, you'll need to selectF5 BIG-IP Virtual Edition - GOOD (PAYG).
- ForAMI Image, select the AMI you want to use for the devices created in this environment.
- ForInstance Type, select the name of the kind of instance you want to use for the devices created in this environment.
- ClickSave & Close.
This AWS cloud environment is available for you to create BIG-IP VE devices in it from BIG-IQ.
Create a BIG-IP VE device in an AWS cloud environment
You'll need to have an AWS cloud environment
configured before you can create a BIG-IP VE device in it.
You create a BIG-IP VE device so you can then
configure it and start managing it from BIG-IQ Centralized Management.
BIG-IP devices created for
declarative onboarding (DO) are provisioned with a single network interface. To add an
additional network interface, refer to the user documentation for the public cloud to
which you deployed the device.
- At the top of the screen, clickDevices.
- On the left, clickBIG-IP VE CREATION.
- ClickCreate.
- ForTask Name, type a name for this onboarding task.
- ForBIG-IP VE Name, type a name to identify the BIG-IP VE you are creating.
- From theCloud Environmentlist, select your cloud environment where you want this created.
- In theNumber of BIG-IP VE to Createfield, specify the number of BIG-IP VE devices you want to create.You can create up to 5 at a time.
- Click theCreatebutton at the bottom of the screen.
When BIG-IQ successfully completes a BIG-IP VE creation task, the task displays on the BIG-IP VE creation screen. The BIG-IP VE creation process can take up to 10 minutes, depending on the cloud environment and the BIG-IP VE configuration.
You can now configure this BIG-IP VE device
through the onboarding process.
Configure a BIG-IP VE device in an AWS cloud environment through onboarding
You can configure BIG-IP VE devices through a
process called declarative onboarding (DO), also referred to as just onboarding. When
you
onboard
a BIG-IP VE, you specify all of the
details of its configuration, and discover and import their services in one procedure.
After you onboard BIG-IP VE devices, you can start managing them from the BIG-IQ
screen.- At the top of the screen, clickDevices.
- On the left, clickBIG-IP VE CREATION.Alternatively, you can clickBIG-IP ONBOARDINGon the left and onboard the BIG-IP VE from that screen.
- Select the check box next to the BIG-IP VE Creation task that completed successfully, and click theOnboardbutton to start the onboarding task.
- Select the onboarding classes you want to use to configure the BIG-IP VE devices, and when you're done, click theOnboardbutton at the bottom of the screen.Following is a list of the minimally required and highly recommended parameters you should specify for onboarding BIG-IP VE devices. Every environment is different, so, in addition to the classes and parameters here, consider additional configuration options you might need for your network and applications. For example, you might want to set up DNS, or add a route.You can view the API call that BIG-IQ makes to onboard BIG-IP devices at any time by clickingView Sample API Requestat the upper right.
- For more information about all declarative onboarding (DO) parameters and requirements, refer to: https://clouddocs.f5.com/products/extensions/f5-declarative-onboarding/latest/composing-a-declaration.html
- For more information about clustering DO parameters and requirements, refer to: https://clouddocs.f5.com/products/extensions/f5-declarative-onboarding/latest/clustering.htm
- For more information about the BIG-IQ version 7.1.0 API, refer to: https://clouddocs.f5networks.net/products/big-iq/mgmt-api/latest
You can use parameter values written as in-place references to other DO classes only from the API. For example, using a parameter value of "/Common/failoverGroup/members/0" (pointer to a different class in the same declaration) for an address, instead of the actual remote address. Do not use parameters with references to other DO classes in the user interface from the screen; instead, use the actual value for the field.If you use a Fully Qualified Domain Name (FQDN) forDevice Group,Ownerand/orRemote Hosts, you must validate that you can resolve that FQDN with the DNS server.Class and ParameterAPI Parameter ExampleDescriptionNotesDevice:Target Host"targetHost":"{IP address}"IP address of this BIG-IP VE deviceRequired for initial onboarding of new BIG-IP VE devices, as well as changes to existing BIG-IP VE devices.Device:Target Username"targetUsername" : "admin"Admin user name for this BIG-IP VE deviceRequired for initial onboarding of new BIG-IP VE devices, as well as changes to existing BIG-IP VE devices.Device:Target Passphrase"targetPassphrase" : "{password}"Admin password for this BIG-IP VE deviceNot required for BIG-IP VE devices in an AWS cloud environment if you have aTarget Ssh Keyspecified.Device:Target Ssh Key"targetSshKey" : "path" : "{path}"SSH private key for this BIG-IP VE deviceRequired for first-time onboarding of new BIG-IP VE devices in an AWS cloud environment. BIG-IQ automatically populates this field, however, if the field is not populated, navigate to thescreen and onboard that BIG-IP VE device from that screen.We recommend that you do not use theTarget Ssh Keyfor subsequent declarations for BIG-IP VE devices.Device:Hostname"hostname": "{hostname}.domain.com"FDQN for this BIG-IP VE deviceAlthough not required, it's highly recommended that you specify a host name as the FQDN of the BIG-IP VE device so you can properly identify it.Device:License"licenseType":"{license type}","{license key}":"xxx-xxx-xxx-xx"},License typeRequired if the BIG-IP VE has a reg key or pool BYOL license. It is not required if you are using a PAYG VE.If using a pool license when onboarding a BIG-IP VE device running version 14.0 or later, you must supply the BIG-IP admin and user names, same as the ones entered for theUserclass.Subsequent changes to the configuration of same BIG-IP VE devices do not require changes to theLicenseclass.Onboard Class:NTP"myNtp": { "class": "NTP", "servers": [ "{server}" ], "timezone": "{time zone}"NTP server details for this BIG-IP VE deviceAlthough not required, we recommend that you specify an NTP server so BIG-IQ and BIG-IP VE devices are synchronized with the correct time.You must specify a valid time zone specified in the Time Zone Database. For more information, refer to: List_of_tz_database_time_zonesOnboard Class:Provision"name": "{myProvision}", "ltm": "nominal",Licensed services for this BIG-IP VE deviceLTM is required and selected by default for all BIG-IP VE devices onboarded.If you're using analytics, you must provision AVR, which is not selected by default.Select any additional services you want to provision.Onboard Class:User"{name}": { "class": "User", "userType": "root", "newPassword": "{new password}", "oldPassword": "{old password}"User name and password for admin (regular) user with TMSH access and therootuser for this BIG-IP VE deviceRequired only for the first time you onboard BIG-IP VE devices running version 14.0 or later, because you must change the passwords for initial log in. When you change the admin password, that same password is applied as the root password. So if you want the root password to be unique, you'll need to change it. Since the root password is changed to the same password as admin, use that as the "old password" when updating the root password.Onboard Class:VLAN"tag":4093, "mtu":1500, "interfaces":[ { "name":"1.2", "tagged":true}VLAN for this BIG-IP VE device's network configuration.Your cloud provider automatically creates one VLAN. However, most network configurations require that you use two self IP addresses (one for internal and one for external traffic), and each self IP address requires a VLAN. You must specify the VLAN configuration details before you add a self IP address.If you populate theTagfield, you must select true or false from theTaggedlist.Onboard Class:Self IP"internal-self":{ "class":"SelfIp", "address":"{self IP address}", "vlan":"internal", "allowService":"default", "trafficGroup":"traffic-group-local-only"}Self IP addresses for this BIG-IP VE device's network configuration.You must specify the VLAN configuration details before you add a self IP address.Your cloud provider automatically creates one self IP address. However, two self IP addresses are most commonly used for internal and external traffic.BIG-IQ configures the BIG-IP VE device and automatically imports its provisioned services based on theBIG-IQ Settings Onboard Classes. When the BIG-IP VE device is successfully onboarded, the status displays asOnboard Finishedand the BIG-IP VE device displays on the BIG-IP Devices screen where you can start managing them. This onboarding task remains in the list until you delete it. You can use existing onboard tasks for the basis of new onboard tasks.
You can now manage the BIG-IP VE.
API example of onboarding a BIG-IP VE device in an AWS cloud environment
This is an example of what you'll see when you specify the details for an onboard declaration and click the
View Sample API Request
button from the Create Onboard Declaration screen. API REST URL: /mgmt/shared/declarative-onboarding
For more information about declarative onboarding, refer to the API REST documentation: https://clouddocs.f5.com/products/big-iq/mgmt-api/v7.0.0/ApiReferences/bigiq_public_api_ref/r_do_onboarding.html
. DNS settings are automatically specified by your cloud environment. If you use a Fully Qualified Domain Name (FQDN) for Device Group
, Owner
and/or Remote Hosts
, you must validate that you can resolve that FQDN with the DNS server. { "class": "DO", "declaration": { "schemaVersion": "1.5.0", "class": "Device", "async": true, "Common": { "class": "Tenant", "myLicense": { "class": "License", "licenseType": "regKey", "regKey": "xxx-xxx-xxx-xx" }, "myProvision": { "class": "Provision", "ltm": "nominal" }, "myNtp": { "class": "NTP", "servers": [ "time.nist.gov" ], "timezone": "UTC" }, "admin": { "class": "User", "userType": "regular", "partitionAccess": { "all-partitions": { "role": "admin" } }, "shell": "tmsh", "password": "adminpassword" }, "root": { "class": "User", "userType": "root", "newPassword": "rootpassword", "oldPassword": "adminpassword" } } }, "targetHost": "54.10.10.10", "targetUsername": "admin", "targetPassphrase": "admin", "targetSshKey": { "path": "/var/ssh/restnoded/privatessh.key" }, "bigIqSettings": { "failImportOnConflict": false, "conflictPolicy": "USE_BIGIQ", "deviceConflictPolicy": "USE_BIGIP", "versionedConflictPolicy": "KEEP_VERSION", "statsConfig": { "enabled": true, "zone": "default" }, "snapshotWorkingConfig": false } }
Configure a cluster of BIG-IP VE devices in an AWS cloud
environment through onboarding
You must configure your
cloud environment and create BIG-IP VE devices in it before you can configure the BIG-IP VE
devices.
You can configure BIG-IP VE devices through a
process called
declarative onboarding
(DO), also
referred to as just, onboarding. Onboarding BIG-IP VE clusters makes it easy for you
to configure more than one BIG-IP VE at one time. When you onboard
a cluster of BIG-IP VE devices, you specify all of the details of
their configuration, and discover and import their services in one procedure. After
you onboard the BIG-IP VE devices, you can start managing them from the BIG-IQ
screen.- At the top of the screen, clickDevices.
- On the left, clickBIG-IP VE CREATION.Alternatively, you can clickBIG-IP ONBOARDINGon the left and onboard the BIG-IP VE from that screen.
- Select the check mark next to two or more BIG-IP VE creation tasks that were successful, and then click theOnboard Clusterbutton.BIG-IQ allows you to simultaneously onboard the BIG-IP VE devices you select as a cluster.
- Type a name and optional description to help you identify this task.
- Select the onboarding classes you want to use to configure the BIG-IP VE devices and when you're done, click theOnboardbutton at the bottom of the screen.Following is a list of the minimally required and highly recommended parameters you should specify for onboarding BIG-IP VE devices. Every environment is different, so, in addition to the classes and parameters here, consider additional configuration options you might need for your network and applications. For example, you might want to set up DNS, or add a route.You can view the API call that BIG-IQ makes to onboard BIG-IP devices at any time by clickingView Sample API Requestat the upper right.
- For more information about all declarative onboarding (DO) parameters and requirements, refer to: https://clouddocs.f5.com/products/extensions/f5-declarative-onboarding/latest/composing-a-declaration.html
- For more information about clustering DO parameters and requirements, refer to: https://clouddocs.f5.com/products/extensions/f5-declarative-onboarding/latest/clustering.htm
- For more information about the BIG-IQ version 7.1.0 API, refer to: https://clouddocs.f5networks.net/products/big-iq/mgmt-api/latest
You can use parameter values written as in-place references to other DO classes only from the API. For example, using a parameter value of "/Common/failoverGroup/members/0" (pointer to a different class in the same declaration) for an address, instead of the actual remote address. Do not use parameters with references to other DO classes in the user interface from the screen; instead, use the actual value for the field.If you use a Fully Qualified Domain Name (FQDN) forDevice Group,Ownerand/orRemote Hosts, you must validate that you can resolve that FQDN with the DNS server.Class and ParameterAPI Parameter ExampleDescriptionNotesOnboard Class:BIG-IQ Settings"bigIqSettings": {"clusterName": "My_cluster_name"}Cluster name.Onboard Class:Device Group"myDeviceGroup": { "class": "DeviceGroup", "type": "sync-only", "members": [ "bigip1.example.com", "bigip2.example.com" ], "owner": "bigip1.example.com", "autoSync": true, "networkFailover": true, "asmSync": true }This is the BIG-IP sync group.These must be the same on every BIG-IP device in the group.For ASM sync, make sure ASM is provisioned on all BIG-IP devices in the cluster.DNS sync groups are not supported in BIG-IP version 7.0.You must selectsync-only. This is the only option supported for a newly-created BIG-IP VE with a single NIC.If you use a Fully Qualified Domain Name (FQDN), you must validate that you can resolve that FQDN with the DNS server.Onboard Class:Device TrustOn BIG-IP1"myDeviceTrust": { "class": "DeviceTrust", "localUsername": "admin1", "localPassword": "Admin1Passwd", "remoteHost": "bigip1.example.com", "remoteUsername": "admin1", "remotePassword": "Admin1Passwd" }On BIG-IP2"myDeviceTrust": { "class": "DeviceTrust", "localUsername": "admin2", "localPassword": "Admin2Passwd", "remoteHost": "bigip1.example.com", "remoteUsername": "admin1", "remotePassword": "Admin1Passwd" }These are the BIG-IP Device Trust settings.TheRemote UserNameandRemote Passwordmust be the same on all BIG-IP devices in the cluster.Onboard Class:Dbvariable“configsync.allowmanagement": "enable"Allow management IP address for config sync.For more information refer to: K17427
BIG-IQ configures the BIG-IP VE devices in
this cluster and automatically imports its provisioned services based on the
BIG-IQ Settings Onboard Classes
. When
the BIG-IP VE devices are successfully onboarded, the status displays as Onboard Finished
and the BIG-IP VE
devices displays on the BIG-IP Devices screen where you can start managing them. This
onboarding task remains in the list until you delete it. You can use existing onboard
tasks for the basis of new onboard tasks. API example of onboarding a cluster of BIG-IP VE devices
This is an example of what you'll see when you specify the details for an BIG-IP VE cluster onboard declaration for a BIG-IP VE cluster and click the
View Sample API Request
button from the Create Onboard Declaration screen. API REST URL: /mgmt/shared/declarative-onboarding
For more information about declarative onboarding, refer to the API REST documentation: https://clouddocs.f5.com/products/big-iq/mgmt-api/v7.0.0/ApiReferences/bigiq_public_api_ref/r_do_onboarding.html If you use a Fully Qualified Domain Name (FQDN) for Device Group
, Owner
and/or Remote Hosts
, you must validate that you can resolve that FQDN with the DNS serverAPI for BIG-IP 1
{ "class": "DO", "declaration": { "schemaVersion": "1.5.0", "class": "Device", "async": true, "Common": { "class": "Tenant", "myDbVariables": { "class": "DbVariables", "configsync.allowmanagement": "enable" }, "myProvision": { "asm": "nominal", "ltm": "nominal", "class": "Provision" }, "myNtp": { "class": "NTP", "servers": [ "0.pool.ntp.org", "1.pool.ntp.org", "2.pool.ntp.org" ], "timezone": "UTC" }, "admin": { "class": "User", "userType": "regular", "partitionAccess": { "all-partitions": { "role": "admin" } }, "password": "Mypassword2020!" }, "myConfigSync": { "class": "ConfigSync", "configsyncIp": "10.0.0.65" }, "myDeviceGroup": { "type": "sync-only", "class": "DeviceGroup", "owner": "bigip01.example.com", "asmSync": true, "members": [ "bigip01.example.com", "ip-10-0-0-179.ec2.internal" ], "autoSync": true, "networkFailover": true }, "myDeviceTrust": { "class": "DeviceTrust", "remoteHost": "bigip01.example.com", "localUsername": "admin", "remoteUsername": "admin", "localPassword": "Mypassword2020!", "remotePassword": "Mypassword2020!" } } }, "targetUsername": "admin", "targetHost": "54.224.38.217", "targetSshKey": { "path": "/var/ssh/restnoded/joeyawsveF_3_12869.pem" }, "bigIqSettings": { "failImportOnConflict": false, "conflictPolicy": "USE_BIGIQ", "deviceConflictPolicy": "USE_BIGIP", "versionedConflictPolicy": "KEEP_VERSION", "clusterName": "myawscluster" } }
API for BIG-IP 2
{ "class": "DO", "declaration": { "schemaVersion": "1.5.0", "class": "Device", "async": true, "Common": { "class": "Tenant", "myDbVariables": { "class": "DbVariables", "configsync.allowmanagement": "enable" }, "myProvision": { "asm": "nominal", "ltm": "nominal", "class": "Provision" }, "myNtp": { "class": "NTP", "servers": [ "0.pool.ntp.org", "1.pool.ntp.org", "2.pool.ntp.org" ], "timezone": "UTC" }, "admin": { "class": "User", "userType": "regular", "partitionAccess": { "all-partitions": { "role": "admin" } }, "password": "Mypassword2020!" }, "myConfigSync": { "class": "ConfigSync", "configsyncIp": "10.0.0.65" }, "myDeviceGroup": { "type": "sync-only", "class": "DeviceGroup", "owner": "bigip01.example.com", "asmSync": true, "members": [ "bigip01.example.com", "ip-10-0-0-179.ec2.internal" ], "autoSync": true, "networkFailover": true }, "myDeviceTrust": { "class": "DeviceTrust", "remoteHost": "bigip01.example.com", "localUsername": "admin", "remoteUsername": "admin", "localPassword": "Mypassword2020!", "remotePassword": "Mypassword2020!" } } }, "targetUsername": "admin", "targetHost": "54.198.50.34", "targetSshKey": { "path": "/var/ssh/restnoded/joeyawsveF_4_12862.pem" }, "bigIqSettings": { "failImportOnConflict": false, "conflictPolicy": "USE_BIGIQ", "deviceConflictPolicy": "USE_BIGIP", "versionedConflictPolicy": "KEEP_VERSION", "clusterName": "myawscluster" } }