Manual Chapter :
Adding and Configuring BIG-IP VE Devices in a VMware
Environment
Applies To:
Show VersionsBIG-IQ Centralized Management
- 7.1.0
Adding and Configuring BIG-IP VE Devices in a VMware
Environment
Managing BIG-IP VE Devices Located in a Third-Party Cloud
Environment
Supported VMware cloud environments
BIG-IQ supports these VMware cloud environments for auto-scaling:
- VMware vCenter version 6.0 (ESXi version 5.5 and 6.0)
- VMware vCenter version 6.5 (ESXi version 6.0 and 6.5)
Preparing a VMware environment for BIG-IP VE devices
You must prepare your VMware environment to create a BIG-IP
VE in it by performing the following tasks:
- Install the vCenter host root certificate onto the BIG-IQ system for secure communication.
- Import the BIG-IP VE OVA for each BIG-IP version you want to use as a VMware template.
- Set the CPU number and amount of memory based on the usage and provisioning you want (for example, you'll need at least 4 CPU and 16GB RAM to provision LTM, AFT, and APM). For details on the resources required for your particular needs, refer toDetermine the resources required for deploymentonsupport.f5.com.
- Deploy the OVA/OVF to your vCenter server.
- Install the VMware tools on the template/clone. For details on how to create a VMware clone, refer toCreate a BIG-IP clone templateonsupport.f5.com.
- Verify the VMware environment is on a Datastore that is available to the ESXi host or cluster.
How do I create and configure BIG-IP VE devices in a VMware
environment?
BIG-IQ Centralized Management makes it easy for you to create,
configure, and manage BIG-IP VE devices in a VMware environment.
To start managing a BIG-IP VE device in a VMware environment, you must
first complete the following tasks.
- Assign user access in your VMware vCenter environment
- Before a user can manage BIG-IP devices, you must add them to a group in your VMware vCenter that includes the following roles:
- Datastore
- Resource
- Virtual machine
- vApp
- Install the vCenter host root certificate onto the BIG-IQ system for secure communication
- From the BIG-IQ command line, copy the root certificate from the vCenter host cert file/etc/vmware-sso/key/ssoserverRoot.crtto the BIG-IQ system's cert directory/config/ssl/ssl.crtthen type the following command to create a symbolic link to this certificate using the certificate's hash:ln -s ssoserverRoot.crt `openssl x509 -hash -noout -in ssoserverRoot.crt`.0Then deletessoserverRoot.crt.
- Create an IP address pool on BIG-IQ
- Create an IP address pool to manage the IP addresses for the self IP or management addresses on the BIG-IP VE devices. This is mandatory for all VMware templates. This step is optional.
- Specify your cloud provider details on BIG-IQ
- Specify the cloud provider's credentials so you can access the cloud environment from BIG-IQ.
- Configure your cloud environment on BIG-IQ
- Configure your cloud environment on BIG-IQ by specifying the cloud-specific properties for that environment.
- Create a BIG-IP VE device
- Create a BIG-IP VE device from BIG-IQ in the cloud environment you configured.
- Onboard your BIG-IP VE device and BIG-IP VE device cluster
- Provide the configuration details for the BIG-IP VE device or BIG-IP VE device cluster, and provision the services you want BIG-IQ to import through the onboarding process. BIG-IQ applies the configuration to the BIG-IP VE devices through a declarative onboarding API call. For more information about declaration onboarding API specific to BIG-IP VE devices, seehttps://github.com/F5Networks/f5-declarative-onboarding
After you save the configuration for the BIG-IP VE devices you created,
BIG-IQ sends an API call to apply that configuration to the targeted BIG-IP VE devices.
After BIG-IQ successfully applies the configuration, it then discovers and imports the
services the device is licensed for. This means you don't have to discover and import
services in a separate step. When the onboarding process is complete, you can start
managing the BIG-IP VE devices from the
screen. Create a BIG-IP VE clone template
This task assumes that you know how
to do routine tasks in the VMware environment. If you need details for
a particular step, refer to the VMware documentation.
There are two reasons to create
a BIG-IP VE clone template. First, when you perform this task, it
starts the VMware tools service in your VMware environment. BIG-IQ and
VMware need this service when you use declarative onboarding (DO) to
create a device or when you create a service scaling group (SSG).
Second, a BIG-IP VE clone is one good way to manage the image that
VMware uses when it creates new BIG-IP VE instances for an SSG or DO
device.
- Create the BIG-IP VE clone template based on the original BIG-IP VE instance.
- Power on the new clone template instance.
- Log in to the command line of the running BIG-IP VE clone template instance.
- Deletef5-rest-device-iddirectory files.To delete these files, type the following command.rm -f /config/f5-rest-device-idThis forces the REST device ID files to be uniquely generated the next time you start the clone.
- Delete the BIG-IP VE clone instance-generated SSH keys.To delete these keys, type the following command:rm -f /config/ssh/ssh_host_*rm -f /shared/ssh/ssh_host_*This forces the SSH keys to be uniquely generated the next time you start the clone.
- Delete thebigip.licensefile.To delete this file, type the following command:rm -f /config/bigip.license
- If your BIG-IP VE instances are version 14.1.0 and later, you need to reset the device administrative account passwords to their default values.To reset these passwords, type the following commands:echo "root:default" | chpasswd echo "admin:admin" | chpasswd
- Power off the BIG-IP VE clone template instance.To power off the instance, type the following command:shutdown -h now
For BIG-IP version 14.1.0 and
later, when you first log in to a BIG-VE, you must change the default
passwords.
Create an IP address pool for new BIG-IP VE devices in VMware environment
You create an IP address pool so that you can control the IP addresses for the management addresses on the BIG-IP VE that BIG-IQ creates.
- At the top of the screen, clickDevicesthen, on the left, clickIP Pools.The screen displays the list of the IP pools defined on this device.
- ClickCreate.The Create New IP Pool screen opens.
- Fill in the details for this IP address pool and then clickSave & Close.This creates a new IP pool that you can be use to assign IP addresses to BIG-IP VE created on VMware.
Specify VMware credentials required to
connect to a vCenter server
Before you can create a VMware cloud provider,
you must know the vCenter host name.
You create a new VMware cloud provider so that you can specify the
VMware credentials required to connect to the vCenter server. You can use this connector
to communicate from BIG-IQ to the VMware cloud environments connected to that
server.
- At the top of the screen, clickApplicationsthen, on the left, click .
- ClickCreate.The New Cloud Provider screen opens.
- After you name this new cloud provider, from theProvider Typelist, selectVMwareand supply the provider details.
To use this provider to create BIG-IP VE devices in, you must now
specify the cloud environment details.
Configure your VMware environment on BIG-IQ
You define a new cloud environment to specify the parameters that the BIG-IQ needs so it
can communicate with vCenter to create and manage the BIG-IP VE devices created and managed
in the VMware cloud environment.
- At the top of the screen, clickApplicationsthen, on the left, click .
- ClickCreate.
- From theCloud Providerlist, select the name of the VMware provider you want to use for this environment.The screen shows the VMware Properties settings.
- Specify the VMware properties.
- ForDeploy To, select an option to identify the VMware destination to which you want new BIG-IP VE devices to deploy:If you identify the destination using a cluster name, the VMware host must have DRS enabled before you try to deploy BIG-IP VE devices, or the deployment will fail. If you use the ESXi hostname, the DRS setting is optional.
- SelectCluster, and type the name of the cluster.
- SelectESXi Hostname, and type either the IP address or the FQDN of the ESXi host.
- If you want to include anAnnotationthat will appear in the notes section of the virtual machine summary for the BIG-IP VE devices, type one in.
- Type the name of the vSphereDatacenterthat houses the VMware resources on which the BIG-IP VE devices will reside.
- If you want to specify aResource Pool, type the name of the resource pool the ESXi host uses.
- If you want to specify aFolder, type the name of the shared folder the ESXi host uses.
- Type theUsername andPasswordfor the vCenter user that you configured for this VMware environment.
- Specify how you want VMware to create the virtual machines it uses when it creates a BIG-IP device.
- To use a VMware template, in theVM Imagefield, type the name of the template.
- To use a VM snapshot:
- ForVM Image, type the name of the BIG-IP image used to create the snapshot.
- ForLinked Clone, selectYes, and then type the name of the snapshot you created for this image inSnapshot name for Linked Clone.
When you set up the VM image that you want to create your clone from, it must reside on storage that is accessible to all ESXi hosts for that cluster.Details about creating a virtual machine in your VMware environment are provided in theBIG-IP Virtual Edition 13.1.0 and VMware ESXi: Setupguide onsupport.f5.comThe BIG-IP VE in vCenter must have VMware tools installed on it. After you deploy the BIG-IP VE to vCenter, use the procedure in the article:https://support.f5.com/csp/article/K44134742to install the VMware tools. - In theNetwork Interface Mappingfields, specify the network interface mappings for the BIG-IP VE devices created.The mappings you specify must match the settings that were used when the virtual machine network interfaces were defined as part of the BIG-IP VE deployment to your VMware environment.For additional detail on NIC configuration, refer to theBIG-IP Virtual Edition 13.1.0 and VMware ESXi: Setuponsupport.f5.com.You can click+if you want to specify additional NICs for this environment.
- Leave theIP Pool Alias Mappingentry blank.
- Click theSave & Closebutton at the bottom of the screen.BIG-IQ creates the new cloud environment. This VMware environment is available for you to create BIG-IP VE devices in it from BIG-IQ.
Create a BIG-IP VE device in a VMware cloud environment
You'll need to have a VMware environment configured before you can create a BIG-IP VE device in it.
You create a BIG-IP VE device so you can then configure it and start managing it from BIG-IQ Centralized Management.
- At the top of the screen, clickDevices.
- On the left, clickBIG-IP VE CREATION.
- ClickCreate.
- Type a name for this task
- ForBIG-IP VE Name, type a name to identify the BIG-IP VE you are creating.
- From theCloud Environmentlist, select your VMware environment.
- From theAddresslist, select an option for the type of addresses you want to use for new BIG-IP VE devices.
- In theNumber of BIG-IP VE to Createfield, specify the number of devices you want to create.You can create up to five at a time.
- Click theCreatebutton at the bottom of the screen.
When BIG-IQ successfully completes a BIG-IP VE creation task, the task displays on the BIG-IP VE creation screen. The BIG-IP VE creation process can take up to 10 minutes, depending on the cloud environment and the BIG-IP VE configuration.
You can now configure t
his BIG-IP VE device through the onboarding process.
Configure a BIG-IP VE device in a VMware cloud environment through
onboarding
You must configure your
cloud environment and create BIG-IP VE devices in it before you can configure the BIG-IP VE
devices.
You can configure BIG-IP VE devices through a
process called declarative onboarding (DO), also referred to as just onboarding. When
you
onboard
a BIG-IP VE, you specify all of the
details of its configuration, and discover and import their services in one procedure.
After you onboard BIG-IP VE devices, you can start managing them from the BIG-IQ
screen.- At the top of the screen, clickDevices.
- On the left, clickBIG-IP VE CREATION.Alternatively, you can clickBIG-IP ONBOARDINGon the left and onboard the BIG-IP VE from that screen.
- Select the check box next to the BIG-IP VE Creation task that completed successfully, and click theOnboardbutton to start the onboarding task.
- Type a name and optional description to help you identify this task.
- Select the onboarding classes you want to use to configure the BIG-IP VE devices, and when you're done, click theOnboardbutton at the bottom of the screen.Following is a list of the minimally required and highly recommended parameters you should specify for onboarding BIG-IP VE devices. Every environment is different, so, in addition to the classes and parameters here, consider additional configuration options you might need for your network and applications. For example, you might want to set up DNS, or add a route.You can view the API call that BIG-IQ makes to onboard BIG-IP devices at any time by clickingView Sample API Requestat the upper right.
- For more information about all declarative onboarding (DO) parameters and requirements, refer to: https://clouddocs.f5.com/products/extensions/f5-declarative-onboarding/latest/composing-a-declaration.html
- For more information about clustering DO parameters and requirements, refer to: https://clouddocs.f5.com/products/extensions/f5-declarative-onboarding/latest/clustering.htm
- For more information about the BIG-IQ version 7.1.0 API, refer to: https://clouddocs.f5networks.net/products/big-iq/mgmt-api/latest
You can use parameter values written as in-place references to other DO classes only from the API. For example, using a parameter value of "/Common/failoverGroup/members/0" (pointer to a different class in the same declaration) for an address, instead of the actual remote address. Do not use parameters with references to other DO classes in the user interface from the screen; instead, use the actual value for the field.If you use a Fully Qualified Domain Name (FQDN) forDevice Group,Ownerand/orRemote Hosts, you must validate that you can resolve that FQDN with the DNS server.Class and ParameterAPI Parameter ExampleDescriptionNotesDevice:Target Host"targetHost":"{IP address}"IP address of this BIG-IP VE deviceRequired for initial onboarding of new BIG-IP VE devices, as well as changes to existing BIG-IP VE devices.Device:Target Username"targetUsername" : "admin"Admin user name for this BIG-IP VE deviceRequired for initial onboarding of new BIG-IP VE devices, as well as changes to existing BIG-IP VE devices.Device:Target Passphrase"targetPassphrase" : "{password}"Admin password for this BIG-IP VE deviceRequiredYou must have specified aTarget UsernameorTarget Ssh.Device:Hostname"hostname": "{hostname}.domain.com"FDQN for this BIG-IP VE deviceAlthough not required, it's highly recommended that you specify a host name as the FQDN of the BIG-IP VE device so you can properly identify it.Device:License"licenseType":"{license type}","{license key}":"xxx-xxx-xxx-xx"},License typeRequired if the BIG-IP VE has a reg key or pool BYOL license. It is not required if you are using a PAYG VE.If using a pool license when onboarding a BIG-IP VE device running version 14.0 or later, you must supply the BIG-IP admin and user names, same as the ones entered for theUserclass.Subsequent changes to the configuration of same BIG-IP VE devices do not require changes to theLicenseclass.Onboard Class:DNS""myDns": { "class": "DNS", "nameServers": [ "{server}" ], "search": "{domain}"DNS server details for this BIG-IP VE device.Although not required, we recommend that you specify a DNS server.Onboard Class:NTP"myNtp": { "class": "NTP", "servers": [ "{server}" ], "timezone": "{time zone}"NTP server details for this BIG-IP VE deviceAlthough not required, we recommend that you specify an NTP server so BIG-IQ and BIG-IP VE devices are synchronized with the correct time.You must specify a valid time zone specified in the Time Zone Database. For more information, refer to: List_of_tz_database_time_zonesOnboard Class:Provision"name": "{myProvision}", "ltm": "nominal",Licensed services for this BIG-IP VE deviceLTM is required and selected by default for all BIG-IP VE devices onboarded.If you're using analytics, you must provision AVR, which is not selected by default.Select any additional services you want to provision.Onboard Class:User"{name}": { "class": "User", "userType": "root", "newPassword": "{new password}", "oldPassword": "{old password}"User name and password for admin (regular) user with TMSH access and therootuser for this BIG-IP VE deviceRequired only for the first time you onboard BIG-IP VE devices running version 14.0 or later, because you must change the passwords for initial log in. When you change the admin password, that same password is applied as the root password. So if you want the root password to be unique, you'll need to change it. Since the root password is changed to the same password as admin, use that as the "old password" when updating the root password.Onboard Class:VLAN"tag":4093, "mtu":1500, "interfaces":[ { "name":"1.2", "tagged":true}VLAN for this BIG-IP VE device's network configuration.Most network configurations require a VLAN for each self IP address (two self IP addresses are most commonly used for internal and external traffic).You must specify these VLAN configuration details before adding IP addresses.If you populate theTagfield, you must select true or false from theTaggedlist.Onboard Class:Self IP"internal-self":{ "class":"SelfIp", "address":"{self IP address}", "vlan":"internal", "allowService":"default", "trafficGroup":"traffic-group-local-only"}Self IP addresses for this BIG-IP VE device's network configuration.You must specify the VLAN configuration details before you add a self IP address.Two self IP addresses are most commonly used for internal and external traffic.BIG-IQ configures the BIG-IP VE devices in this cluster and automatically imports its provisioned services based on theBIG-IQ Settings Onboard Classes. When the BIG-IP VE devices are successfully onboarded, the status displays asOnboard Finishedand the BIG-IP VE devices displays on the BIG-IP Devices screen where you can start managing them. This onboarding task remains in the list until you delete it. You can use existing onboard tasks for the basis of new onboard tasks.
API example of onboarding BIG-IP VE device in VMware cloud environment
This is an example of what you'll see when you specify the details for an onboard declaration and click the
View Sample API Request
button from the Create Onboard Declaration screen. API REST URL: /mgmt/shared/declarative-onboarding
For more information about declarative onboarding, refer to the API REST documentation: https://clouddocs.f5.com/products/big-iq/mgmt-api/v7.0.0/ApiReferences/bigiq_public_api_ref/r_do_onboarding.html
If you use a Fully Qualified Domain Name (FQDN) for Device Group
, Owner
and/or Remote Hosts
, you must validate that you can resolve that FQDN with the DNS server{ "class": "DO", "declaration": { "schemaVersion": "1.5.0", "class": "Device", "async": true, "Common": { "class": "Tenant", "myLicense": { "class": "License", "licenseType": "regKey", "regKey": "xxx-xx-xx-xxx" }, "myProvision": { "class": "Provision", "ltm": "nominal" }, "myNtp": { "class": "NTP", "servers": [ "ntp1.ntp.com" ] }, "hostname": "mybigip_no3.mycompany.domain.com" } }, "targetHost": "10.10.75.23", "targetUsername": "admin", "targetPassphrase": "Password", "bigIqSettings": { "failImportOnConflict": false, "conflictPolicy": "USE_BIGIQ", "deviceConflictPolicy": "USE_BIGIP", "versionedConflictPolicy": "KEEP_VERSION" } }
Configure a cluster of BIG-IP VE devices in an VMware cloud
environment through onboarding
You must configure your
cloud environment and create BIG-IP VE devices in it before you can configure the BIG-IP VE
devices.
You can configure BIG-IP VE devices through a
process called
declarative onboarding
(DO), also
referred to as just, onboarding. Onboarding BIG-IP VE clusters makes it easy for you
to configure more than one BIG-IP VE at one time. When you onboard
a cluster of BIG-IP VE devices, you specify all of the details of
their configuration, and discover and import their services in one procedure. After
you onboard the BIG-IP VE devices, you can start managing them from the BIG-IQ
screen.- At the top of the screen, clickDevices.
- On the left, clickBIG-IP VE CREATION.Alternatively, you can clickBIG-IP ONBOARDINGon the left and onboard the BIG-IP VE from that screen.
- Select the check mark next to two or more BIG-IP VE creation tasks that were successful, and then click theOnboard Clusterbutton.BIG-IQ allows you to simultaneously onboard the BIG-IP VE devices you select as a cluster.
- Select the onboarding classes you want to use to configure the BIG-IP VE devices and when you're done, click theOnboardbutton at the bottom of the screen.Following is a list of the minimally required and highly recommended parameters you should specify for onboarding BIG-IP VE devices. Every environment is different, so, in addition to the classes and parameters here, consider additional configuration options you might need for your network and applications. For example, you might want to set up DNS, or add a route.You can view the API call that BIG-IQ makes to onboard BIG-IP devices at any time by clickingView Sample API Requestat the upper right.
- For more information about all declarative onboarding (DO) parameters and requirements, refer to: https://clouddocs.f5.com/products/extensions/f5-declarative-onboarding/latest/composing-a-declaration.html
- For more information about clustering DO parameters and requirements, refer to: https://clouddocs.f5.com/products/extensions/f5-declarative-onboarding/latest/clustering.htm
- For more information about the BIG-IQ version 7.1.0 API, refer to: https://clouddocs.f5networks.net/products/big-iq/mgmt-api/latest
You can use parameter values written as in-place references to other DO classes only from the API. For example, using a parameter value of "/Common/failoverGroup/members/0" (pointer to a different class in the same declaration) for an address, instead of the actual remote address. Do not use parameters with references to other DO classes in the user interface from the screen; instead, use the actual value for the field.If you use a Fully Qualified Domain Name (FQDN) forDevice Group,Ownerand/orRemote Hosts, you must validate that you can resolve that FQDN with the DNS server.Class and ParameterAPI Parameter ExampleDescriptionNotesOnboard Class:BIG-IQ Settings"bigIqSettings": {"clusterName": "My_cluster_name"}Cluster name.Onboard Class:Device GroupForTypeyou can specify sync-only:"myDeviceGroup": { "class": "DeviceGroup", "type": "sync-only", "members": [ "bigip1.example.com", "bigip2.example.com" ], "owner": "bigip1.example.com", "autoSync": true, "networkFailover": true, "asmSync": true }Or cluster synch-failover:"myDeviceGroup": { "class": "DeviceGroup", "type": "sync-failover", "members": [ "bigip1.example.com", "bigip2.example.com" ], "owner": "bigip1.example.com", "autoSync": true, "networkFailover": true, "asmSync": true }This is the BIG-IP sync group.These must be the same on every BIG-IP device in the group.For ASM sync, make sure ASM is provisioned on all BIG-IP devices in the cluster.DNS sync groups are not supported in BIG-IP version 7.0.If you use a Fully Qualified Domain Name (FQDN), you must validate that you can resolve that FQDN with the DNS server.Onboard Class:Device TrustOn BIG-IP1"myDeviceTrust": { "class": "DeviceTrust", "localUsername": "admin1", "localPassword": "Admin1Passwd", "remoteHost": "bigip1.example.com", "remoteUsername": "admin1", "remotePassword": "Admin1Passwd" }On BIG-IP2"myDeviceTrust": { "class": "DeviceTrust", "localUsername": "admin2", "localPassword": "Admin2Passwd", "remoteHost": "bigip1.example.com", "remoteUsername": "admin1", "remotePassword": "Admin1Passwd" }These are the BIG-IP Device Trust settings.TheRemote UserNameandRemote Passwordmust be the same on all BIG-IP devices in the cluster.Onboard Class:Dbvariable“configsync.allowmanagement": "enable"Allow management IP address for config sync.For more information refer to: K17427
BIG-IQ configures the BIG-IP VE devices in
this cluster and automatically imports its provisioned services based on the
BIG-IQ Settings Onboard Classes
. When
the BIG-IP VE devices are successfully onboarded, the status displays as Onboard Finished
and the BIG-IP VE
devices displays on the BIG-IP Devices screen where you can start managing them. This
onboarding task remains in the list until you delete it. You can use existing onboard
tasks for the basis of new onboard tasks. API example of onboarding a cluster of BIG-IP VE devices
This is an example of what you'll see when you specify the details for an BIG-IP VE cluster onboard declaration for a BIG-IP VE cluster and click the
View Sample API Request
button from the Create Onboard Declaration screen. API REST URL: /mgmt/shared/declarative-onboarding
For more information about declarative onboarding, refer to the API REST documentation: https://clouddocs.f5.com/products/big-iq/mgmt-api/v7.0.0/ApiReferences/bigiq_public_api_ref/r_do_onboarding.html If you use a Fully Qualified Domain Name (FQDN) for Device Group
, Owner
and/or Remote Hosts
, you must validate that you can resolve that FQDN with the DNS serverAPI for BIG-IP 1
{ "class": "DO", "declaration": { "schemaVersion": "1.5.0", "class": "Device", "async": true, "Common": { "class": "Tenant", "myDbVariables": { "class": "DbVariables", "configsync.allowmanagement": "enable" }, "myProvision": { "asm": "nominal", "ltm": "nominal", "class": "Provision" }, "myNtp": { "class": "NTP", "servers": [ "0.pool.ntp.org", "1.pool.ntp.org", "2.pool.ntp.org" ], "timezone": "UTC" }, "admin": { "class": "User", "userType": "regular", "partitionAccess": { "all-partitions": { "role": "admin" } }, "password": "Mypassword2020!" }, "myConfigSync": { "class": "ConfigSync", "configsyncIp": "10.0.0.65" }, "myDeviceGroup": { "type": "sync-only", "class": "DeviceGroup", "owner": "bigip01.example.com", "asmSync": true, "members": [ "bigip01.example.com", "ip-10-0-0-179.ec2.internal" ], "autoSync": true, "networkFailover": true }, "myDeviceTrust": { "class": "DeviceTrust", "remoteHost": "bigip01.example.com", "localUsername": "admin", "remoteUsername": "admin", "localPassword": "Mypassword2020!", "remotePassword": "Mypassword2020!" } } }, "targetUsername": "admin", "targetHost": "54.224.38.217", "targetSshKey": { "path": "/var/ssh/restnoded/joeyawsveF_3_12869.pem" }, "bigIqSettings": { "failImportOnConflict": false, "conflictPolicy": "USE_BIGIQ", "deviceConflictPolicy": "USE_BIGIP", "versionedConflictPolicy": "KEEP_VERSION", "clusterName": "myawscluster" } }
API for BIG-IP 2
{ "class": "DO", "declaration": { "schemaVersion": "1.5.0", "class": "Device", "async": true, "Common": { "class": "Tenant", "myDbVariables": { "class": "DbVariables", "configsync.allowmanagement": "enable" }, "myProvision": { "asm": "nominal", "ltm": "nominal", "class": "Provision" }, "myNtp": { "class": "NTP", "servers": [ "0.pool.ntp.org", "1.pool.ntp.org", "2.pool.ntp.org" ], "timezone": "UTC" }, "admin": { "class": "User", "userType": "regular", "partitionAccess": { "all-partitions": { "role": "admin" } }, "password": "Mypassword2020!" }, "myConfigSync": { "class": "ConfigSync", "configsyncIp": "10.0.0.65" }, "myDeviceGroup": { "type": "sync-only", "class": "DeviceGroup", "owner": "bigip01.example.com", "asmSync": true, "members": [ "bigip01.example.com", "ip-10-0-0-179.ec2.internal" ], "autoSync": true, "networkFailover": true }, "myDeviceTrust": { "class": "DeviceTrust", "remoteHost": "bigip01.example.com", "localUsername": "admin", "remoteUsername": "admin", "localPassword": "Mypassword2020!", "remotePassword": "Mypassword2020!" } } }, "targetUsername": "admin", "targetHost": "54.198.50.34", "targetSshKey": { "path": "/var/ssh/restnoded/joeyawsveF_4_12862.pem" }, "bigIqSettings": { "failImportOnConflict": false, "conflictPolicy": "USE_BIGIQ", "deviceConflictPolicy": "USE_BIGIP", "versionedConflictPolicy": "KEEP_VERSION", "clusterName": "myawscluster" } }