F5: Difference between revisions
→Enable Internet Access on VMs
(34 intermediate revisions by the same user not shown) | |||
Line 112:
= Deploy F5 in KVM =
* Topology
[client]-------------------------[ F5 ]------------------------[server]
192.168.45.121 192.168.45.21 | 192.168.68.3 192.168.68.108
|
192.168.30.217
|
|
{10.157.146.116}
Host
* Install [https://aman.awiki.org/wiki/Virtualization#KVM_Installation KVM]
Line 120 ⟶ 131:
* Create 3 virtual bridge interfaces:
;virbr0 (Ignore if already existing)
vim virbr0.xml
Line 126 ⟶ 137:
Add bridge details to the file:
<syntaxhighlight lang=ini><network>
<name>
<forward mode='nat'>
<nat>
Line 141 ⟶ 152:
</syntaxhighlight>
sudo virsh net-define
sudo virsh net-start
sudo virsh net-autostart
sudo virsh net-list --all
ip addr show dev virbr0
Line 153 ⟶ 164:
Add bridge details to the file:
<syntaxhighlight lang=ini><network>
<name>
<forward mode='nat'>
<nat>
Line 168 ⟶ 179:
</syntaxhighlight>
sudo virsh net-define
sudo virsh net-start
sudo virsh net-autostart
sudo virsh net-list --all
ip addr show dev virbr1
Line 180 ⟶ 191:
Add bridge details to the file:
<syntaxhighlight lang=ini><network>
<name>
<forward mode='nat'>
<nat>
Line 195 ⟶ 206:
</syntaxhighlight>
sudo virsh net-define
sudo virsh net-start
sudo virsh net-autostart
sudo virsh net-list --all
ip addr show dev virbr2
Line 207 ⟶ 218:
--name=bigip \
--description="BIG-IP Local Traffic Manager (LTM) Virtual Edition (VE)" \
--disk path=/var/lib/libvirt/images/BIGIP-16.1.4.3-0.0.
--disk path=/var/lib/libvirt/images/BIGIP-16.1.4.3-0.0.
--network=bridge=virbr0,model=virtio \
--network=bridge=virbr1,model=virtio \
Line 215 ⟶ 226:
--console pty,target_type=serial \
--vcpus=2 --cpu host --ram=8096 \
--os-type=linux --os-variant=rhel6.0 \
--import --autostart --noautoconsole
Line 236 ⟶ 247:
* Iptables enable Web UI access using NAT from Host VM:
sudo iptables -t nat -I PREROUTING -p tcp -d 10.
sudo iptables -I FORWARD -m state -d 192.168.
* The above rules might not survive reboot of host, hardcoding them:
sudo yum install iptables-services
sudo systemctl start iptables
sudo systemctl enable iptables
sudo service iptables save
* Apply License
Line 247 ⟶ 261:
* Save Config
tmsh save /sys config
* Increase bash Columns
Line 291 ⟶ 304:
* Download Image file:
virt-builder --list
virt-builder centos-7.5 --format qcow2 --size 20G -o centos75-client.qcow2 --root-password password # no root password set
sudo mv centos75-client.qcow2 /var/lib/libvirt/images/
sudo cp /var/lib/libvirt/images/centos75-client.qcow2 /var/lib/libvirt/images/centos75-server.qcow2
=== Install Client ===
Line 303 ⟶ 315:
<syntaxhighlight lang="bash">
sudo virt-install \
--name=client \
--description="Ubuntu Minimal Client" \
--disk path=/var/lib/libvirt/images/
--network=bridge=virbr1,model=virtio \
--graphics none \
--console pty,target_type=serial \
--vcpus=1 --cpu host --ram=1024 \
--os-type=linux \
--os-variant=rhel6.0 \
--import --autostart --noautoconsole
</syntaxhighlight>
* Obtaining Console access:
sudo virsh console client
* Basic config:
sudo vi /etc/hostname # change hostname
sudo yum install httpd
sudo systemctl enable httpd
sudo systemctl start httpd
sudo systemctl status httpd
sudo iptables -F
=== Install WebServer ===
Line 324 ⟶ 345:
<syntaxhighlight lang="bash">
sudo virt-install \
--name=server \
--description="CentOS WebServer" \
--disk path=/var/lib/libvirt/images/
--network=bridge=virbr2,model=virtio \
--graphics none \
Line 338 ⟶ 359:
* Obtaining Console access:
sudo virsh console server
sudo iptables -F
== F5 Configuration ==
=== Manually assign Management IP address ===
tmsh modify sys global-settings mgmt-dhcp disabled
tmsh create sys management-ip 192.168.30.217/24
tmsh create sys management-route default { gateway 192.168.30.1 network default }
=== Create VLAN ===
<pre>
net vlan myVlan {
fwd-mode l3
if-index 128
interfaces {
1.2 { }
}
sflow {
poll-interval-global no
sampling-rate-global no
}
tag 4094
}
</pre>
=== Create SelfIP ===
<pre>
net self SelfIpforPool {
address 192.168.68.3/24
traffic-group traffic-group-local-only
vlan myVlan
}
</pre>
=== Create Pool ===
<pre>
ltm pool myPool {
members {
server1:http {
address 192.168.68.108
logging enabled
session monitor-enabled
state up
}
}
monitor http
}
</pre>
=== Create VS ===
<pre>
ltm snat-translation 192.168.68.7 {
address 192.168.68.7
inherited-traffic-group true
traffic-group traffic-group-1
}
ltm snatpool mySNatIP {
members {
192.168.68.7
}
}
</pre>
<pre>
ltm virtual myVS {
creation-time 2024-04-30:09:50:10
destination 192.168.45.21:http
ip-protocol tcp
last-modified-time 2024-05-01:02:29:35
mask 255.255.255.255
pool myPool
profiles {
tcp { }
}
serverssl-use-sni disabled
source 0.0.0.0/0
source-address-translation {
pool mySNatIP
type snat
}
translate-address enabled
translate-port enabled
vlans {
ExternalVlan
}
vlans-enabled
vs-index 2
}
</pre>
=== Enable Internet Access on VMs ===
; On VMs:
* Add Interface for the common network on host to the VMs:
sudo virsh attach-interface --type bridge --source virbr0 --model virtio client
; On Host:
sudo sysctl -w net.ipv4.ip_forward=1
sudo iptables --table nat --append POSTROUTING --out-interface ens192 -j MASQUERADE # ens192 is default exit interface in Host
sudo iptables --insert FORWARD --in-interface virbr0 -j ACCEPT # virbr0 is newly added interface in VM
== UCS Backup ==
tmsh save sys ucs $(echo $HOSTNAME | cut -d'.' -f1)-$(date +%H%M-%m%d%y)
scp root@192.168.30.217:/var/local/ucs/labdevice-0305-061324.ucs .
|