It took me forever to get this figured out...hope it saves someone time.

Some Tips :

  • The default OS is tmos on an F5 VM. The shell is different; to switch to bash, type bash once you are in
  • To also see all the available shells, type  cat /etc/shells

Declarative vs. Cloud Init Onboarding

The method below uses the older cloud-init modules to onboard and initialize F5 VMs.

Of late, F5 has introduced 'declarative onboarding', which uses a different approach. For some repos on how to use DO for GCP, try these

Shell Script to configure BigIP Instances on the cloud

This would work on AWS EC2 (pass in via EC2 user data or SSM doc), or on GCP (pass in via  metadata_startup_script or metadata key value as shown below. Note the dash in the startup-script inside metadata key value pairs.

# GCP Compute Engine startup scripts passed in via metadata 

resource "google_compute_instance_template" "f5-template" {
  metadata = {
        startup-script = ".\\f5config.sh"
#!/bin/bash

# Script must be non-blocking or run in the background.

echo "Hello World"   > ./test.txt

mkdir -p /config/cloud

cat << 'EOF' > /config/cloud/startup-script.sh

#!/bin/bash

## 1NIC BIG-IP ONBOARD SCRIPT

## IF THIS SCRIPT IS LAUNCHED EARLY IN BOOT (ex. when from cloud-init), YOU NEED TO RUN IT IN THE BACKGROUND TO NOT BLOCK OTHER STARTUP FUNCTIONS

# ex. location of interpolated cloud-init script

#/opt/cloud/instances/i-079ac8a174eb1727a/scripts/part-001

LOG_FILE=/var/log/startup-script.log

if [ ! -e $LOG_FILE ]

then

     touch $LOG_FILE

     exec &>>$LOG_FILE

     # nohup $0 0<&- &>/dev/null &

else

    #if file exists, exit as only want to run once

    exit

fi

### ONBOARD INPUT PARAMS

region=${region}

adminUsername='${admin_username}'

adminPassword='${admin_password}'

hostname=`curl --silent --fail --retry 20 http://169.254.169.254/latest/meta-data/hostname`

dnsServer=${dns_server}

ntpServer=${ntp_server}

timezone=${timezone}

# Management Interface uses DHCP

# v13 uses mgmt for ifconfig & defaults to 8443 for GUI for Single Nic Deployments

if ifconfig mgmt; then managementInterface=mgmt; else managementInterface=eth0; fi

managementAddress=$(egrep -m 1 -A 1 $managementInterface /var/lib/dhclient/dhclient.leases | egrep -o '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}')

managementGuiPort=${management_gui_port}

licenseKey1=${license_key}

### DOWNLOAD ONBOARDING LIBS

# Could be pre-packaged or hosted internally

libs_dir="/config/cloud/gce/node_modules"

mkdir -p $libs_dir

curl -o /config/cloud/f5-cloud-libs.tar.gz --silent --fail --retry 60 -L https://raw.githubusercontent.com/F5Networks/f5-cloud-libs/v3.1.1/dist/f5-cloud-libs.tar.gz

tar xvfz /config/cloud/f5-cloud-libs.tar.gz -C $libs_dir

### BEGIN BASIC ONBOARDING

# WAIT FOR MCPD (DATABASE) TO BE UP TO BEGIN F5 CONFIG

. $libs_dir/f5-cloud-libs/scripts/util.sh

wait_for_bigip

# PASSWORD

# Generate Random Password

#f5-rest-node $libs_dir/f5-cloud-libs/scripts/generatePassword --file /config/cloud/gce/.adminPassword"

#adminPassword=$(/bin/sed -e $'s:[!\\'\"%{};/|#\\x20\\\\\\\\]:\\\\\\\\&:g' < /config/cloud/gce/.adminPassword)     

# Use Password Provided as Input Param

tmsh create auth user $${adminUsername} password $${adminPassword} shell bash partition-access replace-all-with { all-partitions { role admin } }

tmsh save /sys config

# License / Provision

f5-rest-node $libs_dir/f5-cloud-libs/scripts/onboard.js \

-o  /var/log/onboard.log \

--no-reboot \

--port $${managementGuiPort} \

--ssl-port $${managementGuiPort} \

--host localhost \

--user $${adminUsername} \

--password $${adminPassword} \

--hostname $${hostname} \

--global-setting hostname:$${hostname} \

--dns $${dnsServer} \

--ntp $${ntpServer} \

--tz $${timezone} \

--license $${licenseKey1} \

--module ltm:nominal \

--module asm:nominal \

--module avr:nominal \

--ping www.f5.com 30 15 \

Helpful Big IP (tmos) commands

  • Change initial admin password --> modify auth password admin
  • Check System License --> tmsh show /sys license

Helpful git repos for F5 on AWS or GCP