Manual Chapter :
Adding and Configuring BIG-IP VE Devices in an Azure Cloud
Applies To:
Show VersionsBIG-IQ Centralized Management
- 8.3.0, 8.2.0, 8.1.0, 8.0.0, 7.1.0
Adding and Configuring BIG-IP VE Devices in an Azure Cloud
How do I create and configure BIG-IP VE devices in an Azure environment?
BIG-IQ Centralized Management makes it easy for you to create, configure, and
manage BIG-IP VE devices in an Azure environment.
To start managing a BIG-IP VE device in a cloud environment, you'll need to
complete the following workflows.
- Specify your cloud provider details
- Specify the cloud provider's credentials so you can access the cloud environment from BIG-IQ.
- Configure your Azure cloud environment on BIG-IQ
- Configure your cloud environment on BIG-IQ by specifying the cloud-specific properties for that environment. This consists of completing four tasks: 1) Register the F5 enterprise application on your Azure portal. 2) Create an Azure virtual network (VNet). 3) Specify the credentials BIG-IQ uses to authenticate on the Azure portal.4) Set up Azure Marketplace images for automated deployment.
- Create a BIG-IP VE device
- Create a BIG-IP VE device from BIG-IQ in the cloud environment you configured.
- Onboard your BIG-IP VE device and BIG-IP VE device cluster
- Provide the configuration details for the BIG-IP VE device or BIG-IP VE device cluster, and provision the services you want BIG-IQ to import through the onboarding process. BIG-IQ applies the configuration to the BIG-IP VE devices through a declarative onboarding API call. For more information about declaration onboarding API specific to BIG-IP VE devices, seehttps://github.com/F5Networks/f5-declarative-onboarding
After you save the configuration for the BIG-IP VE devices you
created, BIG-IQ sends an API call to apply that configuration to the targeted
BIG-IP VE devices. After BIG-IQ successfully applies the configuration, it then
discovers and imports the services the device is licensed for. This means you
don't have to discover and import services in a separate step. When the onboarding
process is complete, you can start managing the BIG-IP VE devices from the
screen. Setting up Azure to host BIG-IP VE devices
There are four main tasks to set up Azure to host BIG-IP VE devices deployed from BIG-IQ.
- Register the F5 enterprise application on your Azure portal.
- Create an Azure virtual network (VNet) in the region in which you want to deploy BIG-IP VE devices.
- Specify the credentials BIG-IQ uses to authenticate on the Azure portal. You need the following Azure credentials:
- Enterprise Application ID
- Azure Active Directory ID
- Service Principal Secret
- Set up Azure Marketplace images for automated deployment.
You need these Azure essentials whether you house the BIG-IQ system
and data collection devices (DCDs) in the Azure cloud, or in a private cloud, or
on-premises environment.
- If you use the Azure cloud for all of your resources, you install the BIG-IQ devices and DCDs that manage the BIG-IP VE devices in the Azure VNet. When you use Azure for your BIG-IQ and DCDs, you most likely have already created an Azure VNet and installed the BIG-IQ VE. If this is the case, be sure to review the Azure requirements here to ensure proper support for your BIG-IP VE devices.
- If you install your BIG-IQ devices and DCDs in a private cloud or on-premises environment, after you create the Azure environment, configure a VPN to support the required communication between the Azure VNet and the management components.
Because the BIG-IP VE devices you create will reside
in a VNet, the public or private cloud accommodations you make for that VNet must also
be made for each region in which you operate the BIG-IP VE devices.
Register the F5 enterprise application on your Azure portal
You create and register an
enterprise application, and make sure it has access control, so you can manage BIG-IP VE devices in an Azure cloud.
- Access your Azure Subscription, and use your admin privileges to register a new enterprise application.Make sure the application definition includes this information:FieldContent to enterNameThe name of the application you want to create.Application TypeWeb app/API.Sign-on URLThe URL of the web address you plan to advertise.
- Add additional application owners, if needed.
- Grant access control to your application.
- Access your Azure account, and navigate to.
- Click the name of the subscription that you plan to use to host your BIG-IP VE devices.
- SelectAccess control IAMand click+.
- ForRole, selectContributor.
- In theSelectbox, type the name of the application you specified when you registered the application for your BIG-IP VE devices.
- ClickSaveto assign access control to your application.
Create an Azure virtual network
You need to set up the Azure virtual network (VNet) that hosts your BIG-IP VE devices. If you use the public cloud option, this VNet hosts your BIG-IQ, as well.
- Access your Azure Subscription, and create a VNet.For the most current instructions for creating a virtual network in Azure, refer to the Microsoft Quick Start web site, quick-create-portal.
- As you configure the VNet, make sure it is in the location you want to work in and contains this information:
- A matching address space and address range with netmask size of 24
- Resource Group Name
- A management subnet, with a name that indicates what it is and includes a prefix and a body (for example:<prefix>-mgmt-subnet)
- Basic DDos protection
- Service endpoints and Firewall disabled
Locate the credentials for BIG-IQ authentication
You need to gather the credentials required to configure the Azure provider in the BIG-IQ user interface.
- In Azure Active Directory under App registrations, create a key and note the value.The key is used as the Service Principal Secret on the New Cloud Provider screen in the BIG-IQ user interface.
- To find the Subscription ID: Open the Azure portal, navigate toSubscriptionsand make a note of the ID for your subscription.
- To find the Tenant ID: Open the Azure Active Directory, navigate toPropertiesand make a note of the Directory ID.
- Find the Client ID: Open the Azure Active Directory, navigate toApp registrationsand make a note of Application ID.
Set Up Azure Marketplace images for automated
deployment
When the BIG-IQ needs to
deploy a BIG-IP instance to meet the needs of an
application on your BIG-IP VE device, the image
that Azure uses to deploy that instance must be
set up for automated deployment. To set this up,
you enable programmatic deployment in the Azure
environment for the required image types.
- Access your Azure account, and navigate to.
- In theFilterbox, typeF5 BIG-IP, and pressEnter.The screen lists all of the BIG-IP products currently published in Azure.
- Set up each BIG-IP product that is required by the applications you plan to deploy BIG-IP VE devices:
- Click the name of the BIG-IP product.A new panel opens on the Azure user interface and displays details about the selected BIG-IP product.
- At the very bottom of the details panel for the selected BIG-IP product, click the link that says:Want to deploy programmatically? Get started.
- On the Configure Programmatic Deployment page, clickEnableand then clickSave.
Specify credentials required to connect to an Azure cloud
You create a new Azure cloud provider to tell BIG-IQ how to connect to your Azure
environment.
- At the top of the screen, clickApplicationsthen, on the left, click .
- ClickCreate.The New Cloud Provider screen opens.
- Type aNameand optionalDescriptionfor the cloud provider you are creating, to help identify it when you want to use it later.
- From theProvider Typelist, selectAzure.The screen refreshes, and displays settings (under Provider Details) that you use to specify your Azure credentials.
- Type or paste in theTenant ID,Client ID, andService Principal Secretfor your Azure environment.
- ClickTestto confirm that the account details that you just provided are correct.The system checks with the Azure interface to confirm that the credentials and account details you provided are valid, and then fills in theSubscription IDthat Azure uses to track all of the metrics for the account associated with these credentials.
- ClickSave & Close.
The system creates the new provider, which is now
ready to be used in a cloud environment.
Before you can create a
service scaling group, you need to specify the cloud environment details. But if you are going
to use a license pool instead of the Azure marketplace licensing option, you need to activate
a pool of licenses before you can define your cloud environment.
Configure your Azure cloud environment on BIG-IQ
You create a cloud environment that describes the
details of the Azure virtual network in which you want to create BIG-IP VE devices from
BIG-IQ.
- At the top of the screen, clickApplicationsthen, on the left, click .
- ClickCreate.The New Cloud Environment screen opens.
- Leave theDevice Templateoption asNone.You'll be specifying device configuration details when you configure the BIG-IP VE device through the onboarding process.
- From theCloud Providerlist, select the name of the Azure provider you want to use for this environment.The screen displays the Azure Properties settings.
- From theLocationlist, select the region in which this private cloud you created for this environment resides.
- ForLicense Type, selectUtility.From your cloud provider marketplace, you'll need to selectF5 BIG-IP Virtual Edition - GOOD (PAYG).
- ForServices To Deploy, select the F5 service you want to use for this environment.The Local Traffic and Application Visibility Reporting modules are selected by default. This is the minimum viable configuration for an SSG.
- ForInstance Type, select the Azure instance type that provides the resources needed for this environment.
- ForRestricted Source Address, using the CIDR format, specify the addresses that you want to be able to access the environment.For example12.12.0.0/16.Only addresses that match your entry will have access (IP addresses that use12.12.xxx.xxxin the example above).
- ForVNet Name, select the VNet name that you created in your Azure environment.
- ForManagement Subnet, select the management address you created in your Azure environment.When BIG-IQ deploys a BIG-IP device to an SSG, the device is provisioned with a single network interface. Only devices with a single network interface are supported in an SSG.
- ClickSave & Close.
Create a BIG-IP VE device in an Azure cloud environment
You'll need to have a cloud environment
configured before you can create a BIG-IP VE device in it.
You create a BIG-IP VE device so that you can
then configure it and start managing it from BIG-IQ Centralized Management.
In an Azure cloud environment, you must create only one
BIG-IP VE device at a time.
BIG-IP devices created for
declarative onboarding (DO) are provisioned with a single network interface. To add an
additional network interface, refer to the user documentation for the public cloud to
which you deployed the device.
- At the top of the screen, clickDevices.
- On the left, clickBIG-IP VE CREATION.
- ClickCreate.
- ForTask Name, type a name for this onboarding task.
- ForBIG-IP VE Name, type a name to identify the BIG-IP VE you are creating.
- From theCloud Environmentlist, select your Azure environment.
- Type theAdmin Passwordfor the BIG-IP VE you are creating.
- Click theCreatebutton at the bottom of the screen.
When BIG-IQ successfully completes a BIG-IP VE creation task, the task displays on the BIG-IP VE creation screen. The BIG-IP VE creation process can take up to 10 minutes, depending on the cloud environment and the BIG-IP VE configuration.
You can now configure this BIG-IP VE device
through the onboarding process.
Configure a BIG-IP VE device in an Azure cloud environment through onboarding
You must configure your
cloud environment and create BIG-IP VE devices in it before you can configure the BIG-IP VE
devices.
You can configure BIG-IP VE devices through a
process called declarative onboarding (DO), also referred to as just onboarding. When
you
onboard
a BIG-IP VE, you specify all of the
details of its configuration, and discover and import their services in one procedure.
After you onboard BIG-IP VE devices, you can start managing them from the BIG-IQ
screen.- At the top of the screen, clickDevices.
- On the left, clickBIG-IP VE CREATION.Alternatively, you can clickBIG-IP ONBOARDINGon the left and onboard the BIG-IP VE from that screen.
- Select the check box next to the BIG-IP VE Creation task that completed successfully, and click theOnboardbutton to start the onboarding task.
- Type a name and optional description to help you identify this task.
- Select the onboarding classes you want to use to configure the BIG-IP VE devices, and when you're done, click theOnboardbutton at the bottom of the screen.Following is a list of the minimally required and highly recommended parameters you should specify for onboarding BIG-IP VE devices. Every environment is different, so, in addition to the classes and parameters here, consider additional configuration options you might need for your network and applications. For example, you might want to set up DNS, or add a route.You can view the API call that BIG-IQ makes to onboard BIG-IP devices at any time by clickingView Sample API Requestat the upper right.
- For more information about all declarative onboarding (DO) parameters and requirements, refer to: https://clouddocs.f5.com/products/extensions/f5-declarative-onboarding/latest/composing-a-declaration.html
- For more information about clustering DO parameters and requirements, refer to: https://clouddocs.f5.com/products/extensions/f5-declarative-onboarding/latest/clustering.htm
- For more information about the BIG-IQ version 7.1.0 API, refer to: https://clouddocs.f5networks.net/products/big-iq/mgmt-api/latest
You can use parameter values written as in-place references to other DO classes only from the API. For example, using a parameter value of "/Common/failoverGroup/members/0" (pointer to a different class in the same declaration) for an address, instead of the actual remote address. Do not use parameters with references to other DO classes in the user interface from the screen; instead, use the actual value for the field.If you use a Fully Qualified Domain Name (FQDN) forDevice Group,Ownerand/orRemote Hosts, you must validate that you can resolve that FQDN with the DNS server.Class and ParameterAPI Parameter ExampleDescriptionNotesDevice:Target Host"targetHost":"{IP address}"IP address of this BIG-IP VE deviceRequired for initial onboarding of new BIG-IP VE devices, as well as changes to existing BIG-IP VE devices.Device:Target Username"targetUsername" : "admin"Admin user name for this BIG-IP VE deviceRequired for initial onboarding of new BIG-IP VE devices, as well as changes to existing BIG-IP VE devices.Device:Target Passphrase"targetPassphrase" : "{password}"Admin password for this BIG-IP VE deviceRequiredYou must have specified aTarget UsernameorTarget Ssh.Device:Target Ssh Key"targetSshKey" : "path" : "{path}"SSH private key for this BIG-IP VE deviceTypically not required for Azure cloud environments.We recommend that you do not use theTarget Ssh Keyfor subsequent declarations for BIG-IP VE devices.Device:Hostname"hostname": "{hostname}.domain.com"FDQN for this BIG-IP VE deviceAlthough not required, it's highly recommended that you specify a host name as the FQDN of the BIG-IP VE device so you can properly identify it.Device:License"licenseType":"{license type}","{license key}":"xxx-xxx-xxx-xx"},License typeRequired if the BIG-IP VE has a reg key or pool BYOL license. It is not required if you are using a PAYG VE.If using a pool license when onboarding a BIG-IP VE device running version 14.0 or later, you must supply the BIG-IP admin and user names, same as the ones entered for theUserclass.Subsequent changes to the configuration of same BIG-IP VE devices do not require changes to theLicenseclass.Onboard Class:NTP"myNtp": { "class": "NTP", "servers": [ "{server}" ], "timezone": "{time zone}"NTP server details for this BIG-IP VE deviceAlthough not required, we recommend that you specify an NTP server so BIG-IQ and BIG-IP VE devices are synchronized with the correct time.You must specify a valid time zone specified in the Time Zone Database. For more information, refer to: List_of_tz_database_time_zonesOnboard Class:Provision"name": "{myProvision}", "ltm": "nominal",Licensed services for this BIG-IP VE deviceLTM is required and selected by default for all BIG-IP VE devices onboarded.If you're using analytics, you must provision AVR, which is not selected by default.Select any additional services you want to provision.Onboard Class:User"{name}": { "class": "User", "userType": "root", "newPassword": "{new password}", "oldPassword": "{old password}"User name and password for admin (regular) user with TMSH access and therootuser for this BIG-IP VE deviceRequired only for the first time you onboard BIG-IP VE devices running version 14.0 or later, because you must change the passwords for initial log in. When you change the admin password, that same password is applied as the root password. So if you want the root password to be unique, you'll need to change it. Since the root password is changed to the same password as admin, use that as the "old password" when updating the root password.Onboard Class:VLAN"tag":4093, "mtu":1500, "interfaces":[ { "name":"1.2", "tagged":true}VLAN for this BIG-IP VE device's network configuration.Your cloud provider automatically creates one VLAN. However, most network configurations require that you use two self IP addresses (one for internal and one for external traffic), and each self IP address requires a VLAN. You must specify the VLAN configuration details before you add a self IP address.If you populate theTagfield, you must select true or false from theTaggedlist.Onboard Class:Self IP"internal-self":{ "class":"SelfIp", "address":"{self IP address}", "vlan":"internal", "allowService":"default", "trafficGroup":"traffic-group-local-only"}Self IP addresses for this BIG-IP VE device's network configuration.You must specify the VLAN configuration details before you add a self IP address.Your cloud provider automatically creates one self IP address. However, two self IP addresses are most commonly used for internal and external traffic.
BIG-IQ configures the BIG-IP VE devices in
this cluster and automatically imports its provisioned services based on the
BIG-IQ Settings Onboard Classes
. When
the BIG-IP VE devices are successfully onboarded, the status displays as Onboard Finished
and the BIG-IP VE
devices displays on the BIG-IP Devices screen where you can start managing them. This
onboarding task remains in the list until you delete it. You can use existing onboard
tasks for the basis of new onboard tasks. API example of onboarding a BIG-IP VE device in an Azure cloud environment
This is an example of what you'll see when you specify the details for an onboard declaration and click the
View Sample API Request
button from the Create Onboard Declaration screen. API REST URL: /mgmt/shared/declarative-onboarding
For more information about declarative onboarding, refer to the API REST documentation: https://clouddocs.f5.com/products/big-iq/mgmt-api/v7.0.0/ApiReferences/bigiq_public_api_ref/r_do_onboarding.html
DNS settings are automatically specified by your cloud environment. If you change these settings and you use a Fully Qualified Domain Name (FQDN) for Device Group
, Owner
and/or Remote
Hosts
, you must validate that you can resolve that FQDN with the DNS server{ "class": "DO", "declaration": { "schemaVersion": "1.5.0", "class": "Device", "async": true, "Common": { "class": "Tenant", "myLicense": { "class": "License", "licenseType": "regKey", "regKey": "xxx-xxx-xxx-xx" }, "myProvision": { "class": "Provision", "ltm": "nominal" }, "myNtp": { "class": "NTP", "servers": [ "time.nist.gov" ], "timezone": "UTC" }, "admin": { "class": "User", "userType": "regular", "partitionAccess": { "all-partitions": { "role": "admin" } }, "shell": "tmsh", "password": "adminpassword" }, "root": { "class": "User", "userType": "root", "newPassword": "rootpassword", "oldPassword": "adminpassword" } } }, "targetHost": "54.10.10.10", "targetUsername": "admin", "targetPassphrase": "admin", }, "bigIqSettings": { "failImportOnConflict": false, "conflictPolicy": "USE_BIGIQ", "deviceConflictPolicy": "USE_BIGIP", "versionedConflictPolicy": "KEEP_VERSION", "statsConfig": { "enabled": true, "zone": "default" }, "snapshotWorkingConfig": false } }
Configure a cluster of BIG-IP VE devices in an Azure cloud
environment through onboarding
You must configure your
cloud environment and create BIG-IP VE devices in it before you can configure the BIG-IP VE
devices.
You can configure BIG-IP VE devices through a
process called
declarative onboarding
(DO), also
referred to as just, onboarding. Onboarding BIG-IP VE clusters makes it easy for you
to configure more than one BIG-IP VE at one time. When you onboard
a cluster of BIG-IP VE devices, you specify all of the details of
their configuration, and discover and import their services in one procedure. After
you onboard the BIG-IP VE devices, you can start managing them from the BIG-IQ
screen.Only BIG-IP v14.1 images are supported for new Azure BIG-IP
VE devices with only one NIC.
- At the top of the screen, clickDevices.
- On the left, clickBIG-IP VE CREATION.Alternatively, you can clickBIG-IP ONBOARDINGon the left and onboard the BIG-IP VE from that screen.
- Select the check mark next to two or more BIG-IP VE creation tasks that were successful, and then click theOnboard Clusterbutton.BIG-IQ allows you to simultaneously onboard the BIG-IP VE devices you select as a cluster.
- Type a name and optional description to help you identify this task.
- Select the onboarding classes you want to use to configure the BIG-IP VE devices, and when you're done, click theOnboardbutton at the bottom of the screen.Following is a list of the minimally required and highly recommended parameters you should specify for onboarding BIG-IP VE devices. Every environment is different, so, in addition to the classes and parameters here, consider additional configuration options you might need for your network and applications. For example, you might want to set up DNS, or add a route.You can view the API call that BIG-IQ makes to onboard BIG-IP devices at any time by clickingView Sample API Requestat the upper right.
- For more information about all declarative onboarding (DO) parameters and requirements, refer to: https://clouddocs.f5.com/products/extensions/f5-declarative-onboarding/latest/composing-a-declaration.html
- For more information about clustering DO parameters and requirements, refer to: https://clouddocs.f5.com/products/extensions/f5-declarative-onboarding/latest/clustering.htm
- For more information about the BIG-IQ version 7.1.0 API, refer to: https://clouddocs.f5networks.net/products/big-iq/mgmt-api/latest
You can use parameter values written as in-place references to other DO classes only from the API. For example, using a parameter value of "/Common/failoverGroup/members/0" (pointer to a different class in the same declaration) for an address, instead of the actual remote address. Do not use parameters with references to other DO classes in the user interface from the screen; instead, use the actual value for the field.If you use a Fully Qualified Domain Name (FQDN) forDevice Group,Ownerand/orRemote Hosts, you must validate that you can resolve that FQDN with the DNS server.You can view the API call that BIG-IQ makes to onboard BIG-IP devices at any time by clickingView Sample API Requestat the upper right.- For more information about all declarative onboarding (DO) parameters and requirements, refer to: https://clouddocs.f5.com/products/extensions/f5-declarative-onboarding/latest/composing-a-declaration.html
- For more information about clustering DO parameters and requirements, refer to: https://clouddocs.f5.com/products/extensions/f5-declarative-onboarding/latest/clustering.htm
- For more information about the BIG-IQ version 7.1.0 API, refer to: https://clouddocs.f5networks.net/products/big-iq/mgmt-api/latest
Class and ParameterAPI Parameter ExampleDescriptionNotesOnboard Class:BIG-IQ Settings"bigIqSettings": {"clusterName": "My_cluster_name"}Cluster name.Onboard Class:Device Group"myDeviceGroup": { "class": "DeviceGroup", "type": "sync-only", "members": [ "bigip1.example.com", "bigip2.example.com" ], "owner": "bigip1.example.com", "autoSync": true, "networkFailover": true, "asmSync": true }This is the BIG-IP sync group.These must be the same on every BIG-IP device in the group.For ASM sync, make sure ASM is provisioned on all BIG-IP devices in the cluster.DNS sync groups are not supported in BIG-IP version 7.0.You must selectsync-only. This is the only option supported for a newly-created BIG-IP VE with a single NIC.If you use a Fully Qualified Domain Name (FQDN), you must validate that you can resolve that FQDN with the DNS server.Onboard Class:Device TrustOn BIG-IP1"myDeviceTrust": { "class": "DeviceTrust", "localUsername": "admin1", "localPassword": "Admin1Passwd", "remoteHost": "bigip1.example.com", "remoteUsername": "admin1", "remotePassword": "Admin1Passwd" }On BIG-IP2"myDeviceTrust": { "class": "DeviceTrust", "localUsername": "admin2", "localPassword": "Admin2Passwd", "remoteHost": "bigip1.example.com", "remoteUsername": "admin1", "remotePassword": "Admin1Passwd" }These are the BIG-IP Device Trust settings.TheRemote UserNameandRemote Passwordmust be the same on all BIG-IP devices in the cluster.Onboard Class:Dbvariable“configsync.allowmanagement": "enable"Allow management IP address for config sync.For more information refer to: K17427
BIG-IQ configures the BIG-IP VE devices in
this cluster and automatically imports its provisioned services based on the
BIG-IQ Settings Onboard Classes
. When
the BIG-IP VE devices are successfully onboarded, the status displays as Onboard Finished
and the BIG-IP VE
devices displays on the BIG-IP Devices screen where you can start managing them. This
onboarding task remains in the list until you delete it. You can use existing onboard
tasks for the basis of new onboard tasks. API example of onboarding a cluster of BIG-IP VE devices
This is an example of what you'll see when you specify the details for an BIG-IP VE cluster onboard declaration for a BIG-IP VE cluster and click the
View Sample API Request
button from the Create Onboard Declaration screen. API REST URL: /mgmt/shared/declarative-onboarding
For more information about declarative onboarding, refer to the API REST documentation: https://clouddocs.f5.com/products/big-iq/mgmt-api/v7.0.0/ApiReferences/bigiq_public_api_ref/r_do_onboarding.html If you use a Fully Qualified Domain Name (FQDN) for Device Group
, Owner
and/or Remote Hosts
, you must validate that you can resolve that FQDN with the DNS serverAPI for BIG-IP 1
{ "class": "DO", "declaration": { "schemaVersion": "1.5.0", "class": "Device", "async": true, "Common": { "class": "Tenant", "myDbVariables": { "class": "DbVariables", "configsync.allowmanagement": "enable" }, "myProvision": { "asm": "nominal", "ltm": "nominal", "class": "Provision" }, "myNtp": { "class": "NTP", "servers": [ "0.pool.ntp.org", "1.pool.ntp.org", "2.pool.ntp.org" ], "timezone": "UTC" }, "admin": { "class": "User", "userType": "regular", "partitionAccess": { "all-partitions": { "role": "admin" } }, "password": "Mypassword2020!" }, "myConfigSync": { "class": "ConfigSync", "configsyncIp": "10.0.0.65" }, "myDeviceGroup": { "type": "sync-only", "class": "DeviceGroup", "owner": "bigip01.example.com", "asmSync": true, "members": [ "bigip01.example.com", "ip-10-0-0-179.ec2.internal" ], "autoSync": true, "networkFailover": true }, "myDeviceTrust": { "class": "DeviceTrust", "remoteHost": "bigip01.example.com", "localUsername": "admin", "remoteUsername": "admin", "localPassword": "Mypassword2020!", "remotePassword": "Mypassword2020!" } } }, "targetUsername": "admin", "targetHost": "54.224.38.217", "targetSshKey": { "path": "/var/ssh/restnoded/joeyawsveF_3_12869.pem" }, "bigIqSettings": { "failImportOnConflict": false, "conflictPolicy": "USE_BIGIQ", "deviceConflictPolicy": "USE_BIGIP", "versionedConflictPolicy": "KEEP_VERSION", "clusterName": "myawscluster" } }
API for BIG-IP 2
{ "class": "DO", "declaration": { "schemaVersion": "1.5.0", "class": "Device", "async": true, "Common": { "class": "Tenant", "myDbVariables": { "class": "DbVariables", "configsync.allowmanagement": "enable" }, "myProvision": { "asm": "nominal", "ltm": "nominal", "class": "Provision" }, "myNtp": { "class": "NTP", "servers": [ "0.pool.ntp.org", "1.pool.ntp.org", "2.pool.ntp.org" ], "timezone": "UTC" }, "admin": { "class": "User", "userType": "regular", "partitionAccess": { "all-partitions": { "role": "admin" } }, "password": "Mypassword2020!" }, "myConfigSync": { "class": "ConfigSync", "configsyncIp": "10.0.0.65" }, "myDeviceGroup": { "type": "sync-only", "class": "DeviceGroup", "owner": "bigip01.example.com", "asmSync": true, "members": [ "bigip01.example.com", "ip-10-0-0-179.ec2.internal" ], "autoSync": true, "networkFailover": true }, "myDeviceTrust": { "class": "DeviceTrust", "remoteHost": "bigip01.example.com", "localUsername": "admin", "remoteUsername": "admin", "localPassword": "Mypassword2020!", "remotePassword": "Mypassword2020!" } } }, "targetUsername": "admin", "targetHost": "54.198.50.34", "targetSshKey": { "path": "/var/ssh/restnoded/joeyawsveF_4_12862.pem" }, "bigIqSettings": { "failImportOnConflict": false, "conflictPolicy": "USE_BIGIQ", "deviceConflictPolicy": "USE_BIGIP", "versionedConflictPolicy": "KEEP_VERSION", "clusterName": "myawscluster" } }