search

F5Networks / terraform-azure-bigip-module

Terraform module for Deploying BIG-IP in azure
Apache License 2.0
9 stars 24 forks source link

Ability to not create public IP for secondary IP VIP #44

Closed JeffGiroux closed 1 year ago

JeffGiroux commented 1 year ago

User for the Cloud Failover Extension (CFE) use case wants to deploy two BIG-IP instances, but only have one of the instances get created with an associated public IP address for the secondary IP...the VIP. Why? CFE will only map one public IP to the private IP listener address.

The current bigip module has an option for public_ip but that applies to all interfaces and their public IPs. What I want is a new parameter flag associated with something like "create secondary VIP public IP" or suggested by F5 PD would be "cfe_secondary_vip_disable" new parameter. If true, then the BIG-IP creates public IPs for mgmt and external primary IP but NOT for the external secondary IP on the NIC.

Example...

default value cfe_secondary_vip_disable=false

# Create F5 BIG-IP VMs
module "bigip" {
  source                     = "github.com/F5Networks/terraform-azure-bigip-module?ref=v1.2.5"
  mgmt_subnet_ids            = [{ "subnet_id" = data.azurerm_subnet.mgmt.id, "public_ip" = true, "private_ip_primary" = "" }]
  mgmt_securitygroup_ids     = [data.azurerm_network_security_group.mgmt.id]
  external_subnet_ids        = [{ "subnet_id" = data.azurerm_subnet.external.id, "public_ip" = true, "private_ip_primary" = "", "private_ip_secondary" = "" }]
  external_securitygroup_ids = [data.azurerm_network_security_group.external.id]
  internal_subnet_ids        = [{ "subnet_id" = data.azurerm_subnet.internal.id, "public_ip" = false, "private_ip_primary" = "" }]
  internal_securitygroup_ids = [data.azurerm_network_security_group.internal.id]
}

module "bigip2" {
  source                     = "github.com/F5Networks/terraform-azure-bigip-module?ref=v1.2.5"
  mgmt_subnet_ids            = [{ "subnet_id" = data.azurerm_subnet.mgmt.id, "public_ip" = true, "private_ip_primary" = "" }]
  mgmt_securitygroup_ids     = [data.azurerm_network_security_group.mgmt.id]
  external_subnet_ids        = [{ "subnet_id" = data.azurerm_subnet.external.id, "public_ip" = true, "private_ip_primary" = "", "private_ip_secondary" = "" }]
  external_securitygroup_ids = [data.azurerm_network_security_group.external.id]
  internal_subnet_ids        = [{ "subnet_id" = data.azurerm_subnet.internal.id, "public_ip" = false, "private_ip_primary" = "" }]
  internal_securitygroup_ids = [data.azurerm_network_security_group.internal.id]
  cfe_secondary_vip_disable  = true
}

similar to AWS ticket https://github.com/F5Networks/terraform-aws-bigip-module/issues/38

KrithikaChidambaram commented 1 year ago

Hi, internal ID to track this request is: INFRAANO-1086, thanks!