Skip to content

1 Install

Jump to bottom
Colin Stubbs edited this page Jun 15, 2020 · 4 revisions

Installation of Dehydrated BIG-IP Ansible

Requirements

F5 BIG-IP

You'll need to be running a recent v13.x or later release. We've currently tested up to v15.1.0.2.

The only caveat regarding licensing is that shell based access MUST be permitted to the F5. Certain licenses which disable shell capabilities (so called "appliance mode") mean that even configuration changes made via the iControl REST API may not work.

A user account with iControl API access and advanced shell (bash) access is required. This can be the default 'admin' user or a custom user account.

Ansible

You should install based on the official instructions available here

We are currently utilising 2.9.9, however no specific version is required, however F5 BIG-IP support should be included.

You can also install the latest Ansible collection for F5 BIG-IP from the official F5 Ansible repository

No special configuration is required post install.

lexicon

You should install based on the official instructions available here

We are currently utilising 3.3.24, however no specific version is required.

While you can pass lexicon provider and authentication information as environment variables (set by dehydrated), you should also consider creating /etc/lexicon and /etc/lexicon/lexicon.yml or /etc/lexicon/lexicon_%{PROVIDER}%.yml configuration files to simplify your configuration environment.

dehydrated

Follow the official installation instructions available here and configure as appropriate for your needs.

While dehydrated-bigip-ansible makes use of the dehydrated ${BASEDIR} environment variable, all documentation will make the assumption and describe installation under /etc/dehydrated. Translate as appropriate if you've installed it elsewhere.

Manual CLI based installation

TEMPDIR=`mktemp -d`
cd ${TEMPDIR}
curl -o dehydrated-bigip-ansible-master.zip https://codeload.github.com/EquateTechnologies/dehydrated-bigip-ansible/zip/master
unzip dehydrated-bigip-ansible-master.zip
cp -Rv dehydrated-bigip-ansible-master/etc/dehydrated/ansible /etc/dehydrated/ansible
cp -Rv dehydrated-bigip-ansible-master/etc/dehydrated/lib.d /etc/dehydrated/lib.d
chmod 0600 /etc/dehydrated/ansible/bigip-inventory.ini
chmod 0755 /etc/dehydrated/ansible/hooks/*.sh
cd
rm -rf ${TEMPDIR}

The above will currently install the following files,

/etc/dehydrated/ansible
/etc/dehydrated/ansible/bigip-inventory.ini
/etc/dehydrated/ansible/hooks
/etc/dehydrated/ansible/hooks/bigip-management-dns-01.sh
/etc/dehydrated/ansible/hooks/bigip-management-redeploy.sh
/etc/dehydrated/ansible/hooks/bigip-traffic-dns-01.sh
/etc/dehydrated/ansible/hooks/bigip-traffic-http-01.sh
/etc/dehydrated/ansible/hooks/bigip-traffic-redeploy.sh
/etc/dehydrated/ansible/playbooks
/etc/dehydrated/ansible/playbooks/bigip-clean_challenge.yml
/etc/dehydrated/ansible/playbooks/bigip-configure-acme-http-01.yml
/etc/dehydrated/ansible/playbooks/bigip-configure-lets-encrypt-ocsp-stapling.yml
/etc/dehydrated/ansible/playbooks/bigip-deploy_cert-management.yml
/etc/dehydrated/ansible/playbooks/bigip-deploy_cert-traffic.yml
/etc/dehydrated/ansible/playbooks/bigip-deploy_challenge.yml
/etc/dehydrated/lib.d/
/etc/dehydrated/lib.d/lexicon.sh
/etc/dehydrated/lib.d/nsupdate.sh
Clone this wiki locally