29 July 2020
Automate management of Let's Encrypt certificates on F5 BIG-IPs
by Mark J Menger
IT Industry research, such as Accelerate, shows improving a company’s ability to deliver software is critical to their overall success. The following key practices and design principles are cornerstones to that improvement.
- Version control of code and configuration
- Automation of Deployment
- Automation of Testing and Test Data Management
- “Shifting Left” on Security
- Loosely Coupled Architectures
- Pro-active Notification
What’s the point
The demonstration resources described below show how tools like Git, RedHat Ansible, and F5’s Automation Toolchain can be used to introduce some of the practices listed above to F5 BIG-IPs and the IT services they help deliver. By following along with the README in the demonstration repository and the video walk-throughs listed below, you should be able to run this demonstration and explore the implications for your own environments.
- These repositories use simplifying demonstration shortcuts for password, key, and network security. Production-ready enterprise design patterns and workflows should be used in place of these shortcuts.
DO NOT ASSUME THAT THE CODE AND CONFIGURATION IN THESE REPOSITORIES IS PRODUCTION-READY
- A variety of tools are used in this demonstration. In most cases they are not exclusively required and can be replaced with other similar tools.
Setting up your demonstration automation host
Before running the demonstration code, you’ll need to set up your demonstration environment. Instructions for those steps may be found here
- Fork the repository and open it in Visual Studio Code(1m36s)
Once the tools are installed, you can create your own copy of the repository and open it in your IDE. In the videos, Visual Studio Code is used as the IDE. In order to follow along, you’ll need to create your own repository in order to set up the Terraform Cloud configuration and make your own adjustments to build configuration (e.g. the number of application servers deployed)
If you’ve followed along through the all of the use-cases in the demonstration repository, you’ve see the following:
- Source-controlled build of an application environment
- Managed changes with logging of authoring and approvals
- Automated scaling of application resources and BIG-IP configuration
- Automated updates to BIG-IP WAF policies
If you want to realize the benefits of these practices for your IT service delivery, please reach out to your F5 account team.
tags: big-ip - automation - hashicorp - terraform - devops