doc updates

f5devcentral · Dec 13, 2024 · 7bc9933 · 7bc9933
1 parent 208ee03
commit 7bc9933
Show file tree

Hide file tree

Showing 12 changed files with 162 additions and 51 deletions.
diff --git a/docs/class10/AS3/00-Backup-Restore-Role_as3.rst b/docs/class10/AS3/00-Backup-Restore-Role_as3.rst
@@ -12,22 +12,22 @@ Restore-Role.yaml is a templated Ansible play that utilizes an underlying Role t
 
 .. attention::
 
-   The restore command will produce an error in some builds of Ansible even though the restoration does complete. It is a known bug.
+   The restore command will produce an error in some builds of Ansible even though the restoration does complete. It is a known issue due to the reset of the RestAPI services.
 
 RUN THE TEMPLATE
 ----------------
 
-Running this template assumes that a F5 BIG-IP instance, necessary webservers and Ansible node are available. To deploy a sandbox infrastructure in AWS users can use the `Ansible Workshops <https://github.com/ansible/workshops>`__
+Running this template assumes that a F5 BIG-IP instance, necessary webservers and Ansible node are available.
 
-   1. Login to the Ansible Host
+   1. Ensure you are using a terminal from VSCode (UDF --> Ansible-Node --> Access --> Code-Server --> Password: Ansible123! --> Trust --> Terminal --> New Terminal)
 
    2. Change Directory in the Ansible Host to the use-cases repo previously downloaded
 
       .. code:: bash
       
          cd ~/f5-bd-ansible-labs/401-F5-AppWorld-Lab/AS3/00-Backup-Restore-Role/
 
-   3. **(Optional)** Edit 'f5_vars.yml' file in the vars folder to customize the existing variables. For example: File-Name: ‘mybackup.ucs'
+   3. **(Optional)** View 'vars/f5_vars.yml' file in the vars folder to see information about the deployment (i.e. local_folder_location)
 
    4. Run the Ansible Playbook ‘Backup-Role.yaml’:
 
@@ -50,7 +50,7 @@ Running this template assumes that a F5 BIG-IP instance, necessary webservers an
 
       .. note::
 
-         you might see an error that looks like `fatal: [f5]: FAILED! => {"changed": false, "msg": "{'code': 503, 'message': 'There is an active asynchronous task executing.', 'errorStack': [], 'apiError': 32964609}"}`  this can happen and doesnt impact the effect of the restore.  
+         you might see an error that looks like `fatal: [f5 -> localhost]: FAILED! => {"changed": false, "msg": "Expecting value: line 1 column 1 (char 0)"}`  this can occurs due to restarting of services and shouldn't impact the effect of the restore.  
 
          after the command is run wait up to 5 minutes for the restore to complete.
 
@@ -73,7 +73,9 @@ This section is optional and for testing and verification purposes only. It assu
 
    **Ansible Host:**
 
-   - Within a terminal window run `ls /tmp/f5/Use-Case-00-backup.ucs` to verify the backup file exists, this is also assuming that the variables file was not changed.
+   - Within a terminal window run `ls /f5/code-output/` to verify the backup file exists
+   - This file will be named based on the inventory-hostname-Year-Month-Day-Hour-Minute-Second.ucs `e.g. f5-2024-12-13-03-27-51.ucs`.
+   - This method was used to ensure date/timestamps of backups on files and prevents overwriting of other backups. 
 
 
    **F5 BIG-IP**
@@ -82,7 +84,7 @@ This section is optional and for testing and verification purposes only. It assu
 
       - Login to the BIG-IP instance  
       - Navigate to System --> Archives  
-      - There should be an archive file called "Use-Case-00-backup.ucs"  
+      - There should be an archive file named similarly to `f5-2024-12-13-03-27-51.ucs` based on the date/timestamp
 
    - Login information for the BIG-IP:
 

diff --git a/docs/class10/AS3/01-Deploy-SSL-Enabled-App_Services_as3.rst b/docs/class10/AS3/01-Deploy-SSL-Enabled-App_Services_as3.rst
@@ -13,8 +13,7 @@ RUN THE TEMPLATE
 ----------------
 Running this template assumes that a F5 BIG-IP instance, necessary webservers and Ansible node are available.  
 
-
-  1. Login to the Ansible Host
+  1. Ensure you are using a terminal from VSCode (UDF --> Ansible-Node --> Access --> Code-Server --> Password: Ansible123! --> Trust --> Terminal --> New Terminal)
 
   2. Change Directory in the Ansible Host to the use-cases repo previously downloaded
 
@@ -28,6 +27,10 @@ Running this template assumes that a F5 BIG-IP instance, necessary webservers an
     
         ansible-navigator run Deploy-SSL-Enabled-App_Services.yaml --mode stdout
 
+    .. note:: 
+
+        Any errors seen on the screen are expected behavior and can be ignored.
+
 TESTING AND VALIDATION
 -----------------------
 
@@ -59,6 +62,7 @@ This section is optional and for testing and verification purposes only. It assu
 
       * Login to the BIG-IP instance
       * Navigate to Local Traffic --> Virtual Servers
+      * Change the Partition (Top Right Corner) to "WorkshopExample"
       * Ensure there are 2 VIPs with same IP
 
          + One listening on port 443

diff --git a/docs/class10/AS3/02-Replace-Application-Certificates_as3.rst b/docs/class10/AS3/02-Replace-Application-Certificates_as3.rst
@@ -13,15 +13,14 @@ RUNNING THE TEMPLATE
 --------------------
 Running this template assumes that a F5 BIG-IP instance, necessary webservers and Ansible node are available.  
 
-  1. Login to the Ansible host
+  1. Ensure you are using a terminal from VSCode (UDF --> Ansible-Node --> Access --> Code-Server --> Password: Ansible123! --> Trust --> Terminal --> New Terminal)
 
   2. Change Directory in the Ansible Host to the use-cases repo previously downloaded
 
     .. code::
     
         cd ~/f5-bd-ansible-labs/401-F5-AppWorld-Lab/AS3/02-Replace-Application-Certificates-AS3/
 
-
   3. Run the Ansible Playbook ‘Replace-Application-Certificates.yaml’:
 
     .. code::
@@ -99,7 +98,7 @@ In this code we have the two usecases (Use Case 1's code and Use Case 2's code),
             "class": "Application",
             "{{F5_VIP_Name}}": {
                "class": "Service_HTTPS",
-               "virtualPort": 8081,
+               "virtualPort": 8082,
                "virtualAddresses": [
                   "{{ private_ip }}"
                ],
@@ -142,7 +141,7 @@ In this code we have the two usecases (Use Case 1's code and Use Case 2's code),
             }
          }
 
-In this section we focus on Use Case 2 but we wanted to provide an example of how AS3 stacks applications within the template (will be seen in Use Case 3 as well)
+In this section we focus on Use Case 2 but we wanted to provide an example of how AS3 stacks applications within a single template.
 
 TESTING AND VALIDATION
 ----------------------
@@ -154,8 +153,8 @@ TESTING AND VALIDATION
    Using the External Client (UDF --> Components --> External Client --> Access --> Firefox)
 
       - In the Bookmarks bar you can select the ``Ansible Labs`` Folder and goto ``401 - Labs`` and Select ``Use Case 2`` 
-      - OR within the browser you can browse to https://10.1.20.30:8081/
-      - From a client browser, access the VIP on port 8081 to view the new self-signed certificate (https://10.1.20.30:8081)
+      - OR within the browser you can browse to https://10.1.20.30:8082/
+      - From a client browser, access the VIP on port 8081 to view the new self-signed certificate (https://10.1.20.30:8082)
 
 
 **BIG-IP CONFIGURATION VERIFICATION**
@@ -168,7 +167,8 @@ This section is optional and for testing and verification purposes only. It assu
 
       * Login to the BIG-IP instance
       * Navigate to Local Traffic --> Virtual Servers
-      * View the deployed use case access VIP:port (8081)
+      * Change the Partition (Top Right Corner) to "WorkshopExample"
+      * View the deployed use case access VIP:port (8082)
 
    - Login information for the BIG-IP:
 

diff --git a/docs/class10/AS3/03-Application-Maintenance_as3.rst b/docs/class10/AS3/03-Application-Maintenance_as3.rst
@@ -15,7 +15,7 @@ RUNNING THE TEMPLATE
 
 Running this template assumes that a F5 BIG-IP instance, necessary webservers and Ansible node are available. 
 
-   1. Login to the Ansible host
+   1. Ensure you are using a terminal from VSCode (UDF --> Ansible-Node --> Access --> Code-Server --> Password: Ansible123! --> Trust --> Terminal --> New Terminal)
 
    2. Change Directory in the Ansible Host to the use-cases repo previously downloaded
 
@@ -33,7 +33,7 @@ Running this template assumes that a F5 BIG-IP instance, necessary webservers an
 
          By default a VIP and pool will be created during the execution of the code, then the code will disable a single node in that created pool.
 
-         Modification of the f5_vars.yml file can change the pool, node(s) and state which can be modified within the f5_vars.yml.
+         Modification of the vars/f5_vars.yml file can change the pool, node(s) and state which can be modified within the f5_vars.yml.
 
 TESTING AND VALIDATION
 ----------------------
@@ -59,6 +59,7 @@ This section assumes knowledge of how to operate BIG-IP commands and networking.
 
       - Login to the BIG-IP
       - Navigate to Local Traffic --> Pools
+      - Change the Partition (Top Right Corner) to "WorkshopExample"
       - Click on the pool you selected while running the playbook
       - View the members of the pool and verify their state based on action choosen while running the playbook
 

diff --git a/docs/class10/AS3/04-WAF-Policy-Management_as3.rst b/docs/class10/AS3/04-WAF-Policy-Management_as3.rst
@@ -1,10 +1,10 @@
-Use Case 04: WAF (XML) Policy Management in a Role with AS3
-===========================================================
+Use Case 04: WAF (XML) Policy Management with AS3
+=================================================
 
 OVERVIEW
 --------
 
-WAF-Policy-Management-Role.yaml is a templated Ansible Role to manage blocked IP addresses and URL's on F5 ASM through Ansible automation. 
+WAF-Policy-Management.yaml is a templated Ansible Role to manage blocked IP addresses and URL's on F5 ASM through Ansible automation. 
 
 Web Application Firewalls work to protect web applications by inspecting incoming traffic, blocking bots, SQL injection, Cross Site Scripting and a host of other attacks. This playbook is designed to demonstrate a basic WAF scenario to create and modify an F5 WAF (ASM) policy to block URL(s) or IP address(s) or both. 
 
@@ -15,7 +15,7 @@ RUNNING THE TEMPLATE
 
 Running this template assumes that a F5 BIG-IP instance, necessary webservers and Ansible node are available. 
 
-   1. Login to the Ansible host
+   1. Ensure you are using a terminal from VSCode (UDF --> Ansible-Node --> Access --> Code-Server --> Password: Ansible123! --> Trust --> Terminal --> New Terminal)
 
    2. Change Directory in the Ansible Host to the use-cases repo previously downloaded
 
@@ -49,7 +49,7 @@ TESTING AND VALIDATION
 
       - In the Bookmarks bar you can select the ``Ansible Labs`` Folder and goto ``401 - Labs`` and Select ``Use Case 4`` 
       - OR within the browser you can browse to https://10.1.20.30:8084/ 
-      - Access the URL's present in the f5_vars.yml file to see the WAF policy in action 
+      - Access the URL's present in the vars/f5_vars.yml file to see the WAF policy in action 
 
          - https://10.1.20.30:8084/blocked.html
          - https://10.1.20.30:8084/hacked.html
@@ -66,15 +66,11 @@ This section is optional and for testing and verification purposes only. It assu
 
       - Login to the BIG-IP instance
       - Navigate to Security --> Application Security to view the WAF policy deployed
+      - Change the Partition (Top Right Corner) to "WorkshopExample"
       - Navigate to Local Traffic --> Virtual Servers
       - View the deployed use case access F5-BIG-IP-Public-IP:port (8084)
 
    - Login information for the BIG-IP:
 
       * username: admin 
       * password: **found in the inventory hosts file**
-
-**UDF Lab Revert**
--------------------------------
-
-   Once you have completed this section it is recommended to go back to Use-Case 00 and run the **restore** of the BIG-IP before continuing to test the AS3 Section.
diff --git a/docs/class10/AS3/05-Stacking-Declarations_as3.rst b/docs/class10/AS3/05-Stacking-Declarations_as3.rst
@@ -0,0 +1,102 @@
+Use Case 05: Stacking Declarations with Ansible
+===============================================
+
+OVERVIEW
+--------
+
+In this usecase we will show how one can templatize each usecase as a separate jinja file, and then be able to utilize ansible to combine all of the applciations in a single declaration.
+
+This method can be extremely useful when trying to standardize on a template deployment and using VARS files to fill in the blanks, this is also easier to split out a massive single declaration into each usecase for modification and Day 2 delivery.
+
+RUNNING THE TEMPLATE
+--------------------
+
+   .. note::
+
+      Do not run this use-case without running AS3 use-cases 01 thru 04, as this will ensure that services and software is enabled. 
+
+
+Running this template assumes that a F5 BIG-IP instance, necessary webservers and Ansible node are available. 
+
+   1. Ensure you are using a terminal from VSCode (UDF --> Ansible-Node --> Access --> Code-Server --> Password: Ansible123! --> Trust --> Terminal --> New Terminal)
+
+   2. Change Directory in the Ansible Host to the use-cases repo previously downloaded
+
+      .. code:: bash
+      
+         cd ~/f5-bd-ansible-labs/401-F5-AppWorld-Lab/AS3/05-Stacking-Declarations-AS3/
+
+   3. Launch the Ansible playbook 'WAF-Policy-Management-Role.yaml':
+
+      .. code::
+
+         ansible-navigator run Stacking-Declarations.yaml --mode stdout
+
+      .. note::
+
+         This Playbook assumes all modules are already installed, as well as AS3 is deployed on the F5 device.
+         This Playbook also assumes that no modifications of existing declarations are needed (i.e. WAF) and just leverage the existing WAF policies already deployed.
+
+
+AS3 Declarations
+----------------
+
+In this code we have our base template (tennant_base.j2) this code sets up our tenant and fills it in with the variable as3_app_body which is a rendering of all of the `j2/usecase_*.j2` files combined with ansible filling in variable areas.
+
+  .. code::  yaml
+
+      {
+         {
+         "class": "AS3",
+         "action": "deploy",
+         "persist": true,
+         "declaration": {
+            "class": "ADC",
+            "schemaVersion": "3.2.0",
+            "id": "ansibleusecases",
+            "label": "Ansible Workshops",
+            "remark": "Tenant-multi-app",
+            "{{ as3_tenant_name }}":{
+                  "class": "Tenant",
+                  {{ as3_app_body }}
+            }
+         }
+      }
+
+
+This will show how you can create individual template files that can be stacked in a single declaration.
+
+TESTING AND VALIDATION
+----------------------
+
+**VERIFYING WAF POLICY ENFORCEMENT:**
+
+   **Access Using F5 UDF Console:**
+
+   Using the External Client (UDF --> Components --> External Client --> Access --> Firefox)
+
+      - In the Bookmarks bar you can select the ``Ansible Labs`` Folder and goto any of the use-cases previously deployed all will be available. 
+
+
+**BIG-IP CONFIGURATION VERIFICATION:**
+
+This section is optional and for testing and verification purposes only. It assumes knowledge of how to operate BIG-IP commands and networking.
+
+   **Access Using F5 UDF Console:**
+
+   - BIG-IP - (In UDF --> Components --> BIG-IP --> Access --> TMUI)  - This will popup a webpage to access the F5 Login Page
+
+      - Login to the BIG-IP instance
+      - Navigate to Local Traffic --> Virtual Servers
+      - Change the Partition (Top Right Corner) to "WorkshopExample"
+      - View the deployed use cases
+
+   - Login information for the BIG-IP:
+
+      * username: admin 
+      * password: **found in the inventory hosts file**
+
+**UDF Lab Revert**
+-------------------------------
+
+   Once you have completed this section it is recommended to go back to Use-Case 00 and run the **restore** of the BIG-IP before continuing to test the AS3 Section.
diff --git a/docs/class10/Modules/00-Backup-Restore-Role.rst b/docs/class10/Modules/00-Backup-Restore-Role.rst
@@ -12,7 +12,7 @@ Restore-Role.yaml is a templated Ansible play that utilizes an underlying Role t
 
 .. attention::
 
-   The restore command will produce an error in some builds of Ansible even though the restoration does complete. It is a known bug.
+   The restore command will produce an error in some builds of Ansible even though the restoration does complete. It is a known issue due to the reset of the RestAPI services.
 
 RUN THE TEMPLATE
 ----------------
@@ -50,7 +50,7 @@ Running this template assumes that a F5 BIG-IP instance, necessary webservers an
 
       .. note::
 
-         you might see an error that looks like `fatal: [f5]: FAILED! => {"changed": false, "msg": "{'code': 503, 'message': 'There is an active asynchronous task executing.', 'errorStack': [], 'apiError': 32964609}"}`  this can happen and doesnt impact the effect of the restore.  
+         you might see an error that looks like `fatal: [f5 -> localhost]: FAILED! => {"changed": false, "msg": "Expecting value: line 1 column 1 (char 0)"}`  this can occurs due to restarting of services and shouldn't impact the effect of the restore.  
 
          after the command is run wait up to 5 minutes for the restore to complete.
 
@@ -73,7 +73,9 @@ This section is optional and for testing and verification purposes only. It assu
 
    **Ansible Host:**
 
-   - Within a terminal window run `ls /tmp/f5/Use-Case-00-backup.ucs` to verify the backup file exists, this is also assuming that the variables file was not changed.
+   - Within a terminal window run `ls /f5/code-output/` to verify the backup file exists
+   - This file will be named based on the inventory-hostname-Year-Month-Day-Hour-Minute-Second.ucs `e.g. f5-2024-12-13-03-27-51.ucs`.
+   - This method was used to ensure date/timestamps of backups on files and prevents overwriting of other backups. 
 
 
    **F5 BIG-IP**
@@ -82,7 +84,7 @@ This section is optional and for testing and verification purposes only. It assu
 
       - Login to the BIG-IP instance  
       - Navigate to System --> Archives  
-      - There should be an archive file called "Use-Case-00-backup.ucs"  
+      - There should be an archive file named similarly to `f5-2024-12-13-03-27-51.ucs` based on the date/timestamp
 
    - Login information for the BIG-IP:
 

diff --git a/docs/class10/Modules/01-Deploy-SSL-Enabled-App_Services.rst b/docs/class10/Modules/01-Deploy-SSL-Enabled-App_Services.rst
@@ -15,7 +15,7 @@ RUN THE TEMPLATE
 
 Running this template assumes that a F5 BIG-IP instance, necessary webservers and Ansible node are available. 
 
-   1. Login to the Ansible Host
+   1. Ensure you are using a terminal from VSCode (UDF --> Ansible-Node --> Access --> Code-Server --> Password: Ansible123! --> Trust --> Terminal --> New Terminal)
 
    2. Change Directory in the Ansible Host to the use-cases repo previously downloaded/cloned:
 

diff --git a/docs/class10/Modules/02-Replace-Application-Certificates.rst b/docs/class10/Modules/02-Replace-Application-Certificates.rst
@@ -14,7 +14,7 @@ RUNNING THE TEMPLATE
 
 Running this template assumes that a F5 BIG-IP instance, necessary webservers and Ansible node are available. 
 
-   1. Login to the Ansible host
+   1. Ensure you are using a terminal from VSCode (UDF --> Ansible-Node --> Access --> Code-Server --> Password: Ansible123! --> Trust --> Terminal --> New Terminal)
 
    2. Change Directory in the Ansible Host to the use-cases repo previously downloaded
 
@@ -51,8 +51,8 @@ TESTING AND VALIDATION
    Using the External Client (UDF --> Components --> External Client --> Access --> Firefox)
 
       - In the Bookmarks bar you can select the ``Ansible Labs`` Folder and goto ``401 - Labs`` and Select ``Use Case 2`` 
-      - OR within the browser you can browse to https://10.1.20.30:8081/
-      - From a client browser, access the VIP on port 8081 to view the new self-signed certificate (https://10.1.20.30:8081)
+      - OR within the browser you can browse to https://10.1.20.30:8082/
+      - From a client browser, access the VIP on port 8081 to view the new self-signed certificate (https://10.1.20.30:8082)
 
 
 **BIG-IP CONFIGURATION VERIFICATION**
@@ -65,7 +65,7 @@ This section is optional and for testing and verification purposes only. It assu
 
       * Login to the BIG-IP instance
       * Navigate to Local Traffic --> Virtual Servers
-      * View the deployed use case access VIP:port (8081)
+      * View the deployed use case access VIP:port (8082)
 
    - Login information for the BIG-IP: