Up to this point we have spent a lot of time building our toolchain to create a Declarative Service Catalog. We are now at the point where we can perform a Declarative, Abstracted Service Deployment using the iWorkflow Tenant Service Catalog, Tenant API and optionally the built-in Tenant GUI.
As we did in the previous lab we will explore the first deployment in depth so you can implement a full Service Lifecycle: Create, Read, Update and Delete (CRUD) operations. For the remaining deployments you can just repeat the steps used with the first example.
iWorkflow Tenants allow Consumers to perform Service Lifecycle operations in an
isolated environment. All actions performed prior to this lab have been in
what’s called the Provider
space and, by nature, are masked from Tenants
unless specifically exposed. As a result of the Tenant isolation, each Tenant
maintains its own set of Users and Roles associated with those users, allowing
each Tenant full control of the actions Tenant Users can perform.
During our iWorkflow Onboarding process in Lab 3.1 we created a
Tenant named MyTenant
and an associated Tenant User
with a username of tenant
. Additionally we gave MyTenant
access to
the BIG-IP Connector named BIG-IP A&B Connector
:
This gives the tenant
user the ability to perform CRUD operations on
Service Deployments.
Note
Service Templates can also be assigned to specific Cloud Connectors, allowing you to restrict the use of Templates to a specific Tenant and set of BIG-IP resources.
iWorkflow provides a Tenant UI that can act as a simple self-service portal for Tenants. In this lab we’ll use the Tenant UI to monitor the results of various actions we take via the iWorkflow Tenant API.
Perform the following steps to complete this task:
Open a new Chrome window/tab and connect to https://10.1.1.12
Use the MyTenant
Tenant User credentials to login:
tenant
tenant
You will see a user interface that looks similar to the Provider UI, however, the access is limited to Tenant specific objects. You can see a list of available Service Templates and Clouds with their associated Connectors:
As described above, the Tenant interfaces to iWorkflow maintain their own
access control mechanisms. As a result, when performing operations via the
Tenant API you must authenticate with a Tenant User (tenant
in this case).
Perform the following steps to complete this task:
Lab 3.3 - Deploy L4-7 Services
folder in the
collection.Authenticate and Obtain Token for Tenant User
request and
examine the JSON request Body. Notice that we are sending the
credentials for the Tenant User (tenant
). This request will
automatically populate the iwf_tenant_auth_token
variable in the Postman
environment so it can be used by subsequent requests.Authenticate and Obtain Token for Tenant User
request. Check the
Test Results tab to ensure the token was populated.Set Tenant Authentication Token Timeout
request and click the
Send button. This request will increase the timeout value for
the token so we can complete the lab without having to re-authenticate.In this task we will perform CRUD operations on Service Deployments demonstrating a full Service Lifecycle for a Tenant Service.
Perform the following steps to complete this task:
Click the Deploy example-f5-http-lb Service
request in the folder.
Examine the URI. Notice that the variable iwf_tenant_name
is used to
specify the Tenant we are performing the operation on. In this case
iwf_tenant_name
is set to MyTenant
in the Postman environment:
Examine the JSON Request Body; it contains the following data:
name
f5-http-lb-v1.0
vars
and tables
for the deployment. These
fields were marked Tenant Editable
in the Service TemplateThe data in the list above is highlighted below:
Click the Send button to Create the Service Deployment
Switch to the Chrome iWorkflow Tenant UI window. The example-f5-http-lb
Service is now present in the L4-L7 Services pane. Double
click the Service and examine its properties. You can compare the
values in the UI to the JSON Request Body from the step above.
Open a Chrome window/tab to the BIG-IP A GUI at https://10.1.1.10
and
login with admin/admin
credentials. Navigate to
. Select
example-f5-http-lb
from the list of deployed services and examine the
Components of the deployed service:
Perform the following steps to complete this task:
Click the Modify example-f5-http-lb Service
request in the folder.
We will send a PUT
request to the Resource URI for the existing
deployment and add a Pool Member as shown in the JSON Request
Body:
Click the Send button to Update the Service Deployment.
Update the iWorkflow Tenant UI and notice that the Service has been updated:
Update the BIG-IP GUI and notice that the Components tree has been updated:
Perform the following steps to complete this task:
Click the Get example-f5-http-lb Service
request in the folder.
We will send a GET
request to the Resource URI for the existing
deployment.
Click the Send button to Read the Service Deployment.
Examine the JSON Response Body to see the state of the current Service Deployment:
Perform the following steps to complete this task:
Click the Delete example-f5-http-lb Service
request in the folder.
We will send a DELETE
request to the Resource URI for the existing
deployment.
Click the Send button to Delete the Service Deployment.
Update the iWorkflow Tenant UI and verify that the Service has been deleted:
In the BIG-IP GUI navigate to
and verify the service was deleted.Examples Create requests are included in the
Lab 3.3 - Deploy L4-7 Services
folder. For the remaining services
refer to the table below to see which ones apply most to your specific use
cases. You can repeat the steps in Task 2 for the additional services by
modifying the requests as needed.
Service Name | Description |
---|---|
f5-http-lb |
HTTP Load Balancing to a Single Pool |
f5-https-offload |
HTTPS Offload and Load Balancing to a Single Pool |
f5-fasthttp-lb |
Performance-enhanced HTTP Load Balancing to a Single Pool |
f5-fastl4-tcp-lb |
Generic L4 TCP Load Balancing to a Single Pool |
f5-fastl4-udp-lb |
Generic L4 UDP Load Balancing to a Single Pool |
f5-http-url-routing-lb |
HTTP Load Balancing with URL Based Content Routing to Multiple Pools |
f5-https-waf-lb |
HTTPS Offload, Web Application Firewall Protection and Load Balancing to a Single Pool |