F5: Difference between revisions

Content added Content deleted
Line 97: Line 97:
= iRule =
= iRule =


* I-rule is a script that direct traffic though BIG IP , based on TCl command language .I rule give controll of inbound and outbound traffic from Big IP.
* iRule is a script that direct traffic though BIG IP , based on TCL command language.
* iRule give control of inbound and outbound traffic from Big IP.
* Irule contains follwing events ( I rule name ,events ,condtion ,action )
* iRule contains following events -> Irule name, events, condition, action

= Deploy F5 in KVM =

[10.170.131.132:8443]---------[Mgmt-192.168.122.109:8443]
[10.170.131.132:443]---------[VIP-192.168.122.110:443]

* Download the Image from F5 Portal:
sudo mv BIGIP-16.1.3-0.0.12.qcow2 /var/lib/libvirt/images/

'''
virt-install --name ubuntu-trusty --ram 256 --disk path=/var/kvm/images/trusty.img,size=3 --vcpus 1 --os-type linux --os-variant ubuntutrusty --graphics none --console pty,target_type=serial --location 'http://fr.archive.ubuntu.com/ubuntu/dists/trusty/main/installer-amd64/' --extra-args 'console=ttyS0,115200n8 serial'


sudo virt-install --name bigip\
--ram 4096\
--disk path=/var/lib/libvirt/images/BIGIP-17.0.0.1-0.0.4.qcow2\
--vcpus 2\
--os-type linux\
--os-variant rhel6\
--graphics spice\
--console pty,target_type=serial\
--network bridge=virbr0\
--noautoconsole\
--import
--extra-args 'console=ttyS0,115200n8 serial'\
sudo virt-install \
--name=F5-BIGIP \
--description="BIG-IP Local Traffic Manager (LTM) Virtual Edition (VE)" \
--disk path=/var/lib/libvirt/images/BIGIP-16.1.3-0.0.12.qcow2,bus=virtio,format=qcow2 \
--disk path=/var/lib/libvirt/images/BIGIP-16.1.3-0.0.12.DATASTOR.ALL.qcow2,size=8,bus=virtio,format=qcow2 \
--network=bridge=virbr0,model=virtio \
--graphics vnc,password=admin123,listen=0.0.0.0,port=5902 \
--serial tcp,host=:2223,mode=bind,protocol=telnet \
--vcpus=2 --cpu host --ram=8096 \
--os-type=linux \
--os-variant=rhel6 \
--import --autostart --noautoconsole
'''

'''
sudo virsh shutdown bigip
sudo virsh destroy bigip
sudo virsh undefine --domain bigip


sudo virsh list --all


sudo virsh net-dhcp-leases default
sudo virsh net-dhcp-leases default

10.170.131.132
192.168.122.109


sudo virsh console bigip

Credentials:
root default

# config -> Assign IP address for management
tmsh show sys management-ip --> notworking
tmsh show running-config



nano /etc/libvirt/hooks/qemu
'''

'''
#!/bin/bash
# Hook to insert NEW rule to allow connection for VMs
# 192.168.122.0/24 is NATed subnet
# virbr0 is networking interface for VM and host
# -----------------------------------------------------------------
# Written by Vivek Gite under GPL v3.x {https://www.cyberciti.biz}
# -----------------------------------------------------------------
# get count
#################################################################
## NOTE replace 192.168.2.0/24 with your public IPv4 sub/net ##
#################################################################
v=$(/sbin/iptables -L FORWARD -n -v | /usr/bin/grep 192.168.122.109/32 | /usr/bin/wc -l)
# avoid duplicate as this hook get called for each VM
[ $v -le 2 ] && /sbin/iptables -I FORWARD 1 -o virbr0 -m state -s 10.170.131.0/24 -d 192.168.122.109/32 --state NEW,RELATED,ESTABLISHED -j ACCEPT
'''

'''
chmod -v +x /etc/libvirt/hooks/qemu

vim /etc/ufw/before.rules

# KVM/libvirt Forward Ports to guests with Iptables (UFW) #
*nat
:PREROUTING ACCEPT [0:0]
-A PREROUTING -d 10.170.131.132 -p tcp --dport 443 -j DNAT --to-destination 192.168.122.109:443 -m comment --comment "Port443 for BigIP"
COMMIT



sudo iptables -t nat -I PREROUTING -p tcp -d 10.170.131.132 --dport 8443 -j DNAT --to-destination 192.168.122.109:8443
sudo iptables -t nat -I PREROUTING -p tcp -d 10.170.131.132 --dport 80 -j DNAT --to-destination 192.168.122.109:80
sudo iptables -I FORWARD -m state -d 192.168.122.0/24 --state NEW,RELATED,ESTABLISHED -j ACCEPT
sudo service netfilter-persistent save



curl -sk -u root:kIr@t#29 -H "Content-Type: application/json" -X GET https://192.168.122.109/mgmt/tm/sys/management-ip | jq -M .


192.168.122.145
root/kIr@t#29

tmsh install /sys license registration-key HOBOF-RKGYF-XKFTJ-HLGHP-KDQXQDS
tmsh install /sys license registration-key CEGMC-JBZNW-LGQZT-GPNOL-WHXDLFL


tmsh
modify /security firewall management-ip-rules rules add { example_mgmt_rule { action accept destination { addresses add { 192.168.122.109 } ports add { 443 } } ip-protocol tcp log yes place-before first source { addresses add { 10.170.131.1-10.170.131.254 } ports none } status enabled uuid auto-generate } }
save /sys config




'''

=== Install CentOS ===

wget https://cloud.centos.org/centos/7/images/CentOS-7-x86_64-GenericCloud.qcow2

virt-customize -a CentOS-7-x86_64-GenericCloud-2111.qcow2 --root-password password:DDYrTXJZTJldOqimb68ZK5KCmRpbdBOe
Now able to login to new guest as root / DDYrTXJZTJldOqimb68ZK5KCmRpbdBOe

'''
sudo virt-install \
--name=CentOS \
--description="CentOS WebServer" \
--disk path=/var/lib/libvirt/images/CentOS-7-x86_64-GenericCloud.qcow2,bus=virtio,format=qcow2 \
--disk path=/var/lib/libvirt/images/CentOS-7-x86_64-GenericCloud.DATASTOR.ALL.qcow2,size=8,bus=virtio,format=qcow2 \
--network=bridge=virbr0,model=virtio \
--graphics none \
--console pty,target_type=serial \
--vcpus=1 --cpu host --ram=2048 \
--os-type=linux \
--os-variant=rhel6 \
--import --autostart --noautoconsole
'''
'''
sudo iptables -t nat -I PREROUTING -p tcp -d 10.170.131.132 --dport 443 -j DNAT --to-destination 192.168.122.98:443
sudo iptables -t nat -I PREROUTING -p tcp -d 10.170.131.132 --dport 80 -j DNAT --to-destination 192.168.122.98:80
sudo iptables -I FORWARD -m state -d 192.168.122.0/24 --state NEW,RELATED,ESTABLISHED -j ACCEPT
'''
Retrieved from "https://aman.awiki.org/wiki/F5"