{
"$schema": "http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json",
"contentVersion": "10.2.0.0",
"parameters": {
"adminUsername": {
"defaultValue": "azureuser",
"metadata": {
"description": "User name for the Virtual Machine."
},
"type": "string"
},
"authenticationType": {
"allowedValues": [
"password",
"sshPublicKey"
],
"defaultValue": "password",
"metadata": {
"description": "Type of authentication to use on the Virtual Machine, password based authentication or key based authentication."
},
"type": "string"
},
"adminPasswordOrKey": {
"metadata": {
"description": "Password or SSH public key to login to the Virtual Machine. Note: There are a number of special characters that you should avoid using for F5 product user accounts. See [K2873](https://support.f5.com/csp/article/K2873) for details. Note: If using key-based authentication, this should be the public key as a string, typically starting with **---- BEGIN SSH2 PUBLIC KEY ----** and ending with **---- END SSH2 PUBLIC KEY ----**."
},
"type": "securestring"
},
"dnsLabel": {
"metadata": {
"description": "Unique DNS Name for the Public IP address used to access the Virtual Machine."
},
"type": "string"
},
"instanceName": {
"defaultValue": "f5vm01",
"metadata": {
"description": "Name of the Virtual Machine."
},
"type": "string"
},
"numberOfExternalIps": {
"allowedValues": [
0,
1,
2,
3,
4,
5,
6,
7,
8,
9,
10,
11,
12,
13,
14,
15,
16,
17,
18,
19,
20
],
"defaultValue": 1,
"metadata": {
"description": "The number of public/private IP addresses you want to deploy for the application traffic (external) NIC on the BIG-IP VE to be used for virtual servers."
},
"type": "int"
},
"instanceType": {
"defaultValue": "Standard_D8s_v4",
"metadata": {
"description": "Instance size of the Virtual Machine."
},
"type": "string"
},
"imageName": {
"allowedValues": [
"LTMTwoBootLocations",
"AllTwoBootLocations"
],
"defaultValue": "AllTwoBootLocations",
"metadata": {
"description": "F5 SKU (image) you want to deploy. Note: The disk size of the VM will be determined based on the option you select. **Important**: If intending to provision multiple modules, ensure the appropriate value is selected, such as ****AllTwoBootLocations or AllOneBootLocation****."
},
"type": "string"
},
"bigIpVersion": {
"defaultValue": "16.1.302000",
"metadata": {
"description": "F5 BIG-IP version you want to use."
},
"type": "string"
},
"bigIpModules": {
"defaultValue": "ltm:nominal",
"metadata": {
"description": "Comma separated list of modules and levels to provision, for example, ltm:nominal,asm:nominal"
},
"type": "string"
},
"licenseKey1": {
"defaultValue": "",
"metadata": {
"description": "The license token for the F5 BIG-IP VE (BYOL)."
},
"type": "string"
},
"licenseKey2": {
"defaultValue": "",
"metadata": {
"description": "The license token for the F5 BIG-IP VE (BYOL). This field is required when deploying two or more devices."
},
"type": "string"
},
"vnetName": {
"metadata": {
"description": "The name of the existing virtual network to which you want to connect the BIG-IP VEs."
},
"type": "string"
},
"vnetResourceGroupName": {
"metadata": {
"description": "The name of the resource group that contains the Virtual Network where the BIG-IP VE will be placed."
},
"type": "string"
},
"mgmtSubnetName": {
"metadata": {
"description": "Name of the existing mgmt subnet - with external access to the Internet. **Important**: The subnet you provide for the mgmt NIC **must** be unique."
},
"type": "string"
},
"mgmtIpAddressRangeStart": {
"defaultValue": "DYNAMIC",
"metadata": {
"description": "The static private IP address you want to assign to the management self IP of the first BIG-IP. The next contiguous address will be used for the second BIG-IP device. Leave the default DYNAMIC to use a dynamically assigned IP address."
},
"type": "string"
},
"externalSubnetName": {
"metadata": {
"description": "Name of the existing external subnet - with external access to Internet. **Important**: The subnet you provide for the external NIC **must** be unique."
},
"type": "string"
},
"externalIpAddressRangeStart": {
"defaultValue": "DYNAMIC",
"metadata": {
"description": "The static private IP address (secondary) you would like to assign to the first shared Azure public IP. An additional private IP address will be assigned for each public IP address you specified in numberOfExternalIps. For example, inputting 10.100.1.50 here and choosing 2 in numberOfExternalIps would result in 10.100.1.50 and 10.100.1.51 being configured as static private IP addresses for external virtual servers. Leave the default DYNAMIC to use a dynamically assigned IP address."
},
"type": "string"
},
"externalIpSelfAddressRangeStart": {
"defaultValue": "DYNAMIC",
"metadata": {
"description": "The static private IP address you want to assign to the external self IP (primary) of the first BIG-IP VE. The next contiguous address will be used for the second BIG-IP device. Leave the default DYNAMIC to use a dynamically assigned IP address."
},
"type": "string"
},
"internalSubnetName": {
"metadata": {
"description": "Name of the existing internal subnet. **Important**: The subnet you provide for the internal NIC **must** be unique."
},
"type": "string"
},
"internalIpAddressRangeStart": {
"defaultValue": "DYNAMIC",
"metadata": {
"description": "The static private IP address you would like to assign to the internal self IP of the first BIG-IP VE. The next contiguous address will be used for the second BIG-IP device. Leave the default DYNAMIC to use a dynamically assigned IP address."
},
"type": "string"
},
"provisionPublicIP": {
"allowedValues": [
"Yes",
"No"
],
"defaultValue": "Yes",
"metadata": {
"description": "Provision Public IP addresses for BIG-IP Management traffic. These addresses will be configured directly on the Azure network interfaces."
},
"type": "string"
},
"declarationUrl": {
"defaultValue": "NOT_SPECIFIED",
"metadata": {
"description": "URL for the AS3 (https://clouddocs.f5.com/products/extensions/f5-appsvcs-extension/latest/) declaration JSON file to be deployed. Leave as **NOT_SPECIFIED** to deploy without a service configuration."
},
"type": "string"
},
"ntpServer": {
"defaultValue": "0.pool.ntp.org",
"metadata": {
"description": "Leave the default NTP server the BIG-IP uses, or replace the default NTP server with the one you want to use."
},
"type": "string"
},
"timeZone": {
"defaultValue": "UTC",
"metadata": {
"description": "If you would like to change the time zone the BIG-IP uses, enter the time zone you want to use. This is based on the tz database found in /usr/share/zoneinfo (see the full list [here](https://github.com/F5Networks/f5-azure-arm-templates/blob/master/azure-timezone-list.md)). Example values: UTC, US/Pacific, US/Eastern, Europe/London or Asia/Singapore."
},
"type": "string"
},
"customImageUrn": {
"defaultValue": "OPTIONAL",
"metadata": {
"description": "If you would like to deploy using a specific image in Azure marketplace, specify the URN of the image. **Note**: Unless specifically required, leave the default of **OPTIONAL**. Example value: f5-networks:f5-big-ip-byol:f5-big-ltm-2slot-byol:16.0.101000. You can find the URNs of F5 marketplace images in the README for this template or by running the command: az vm image list --output yaml --publisher f5-networks --all"
},
"type": "string"
},
"customImage": {
"defaultValue": "OPTIONAL",
"metadata": {
"description": "If you would like to deploy using a local BIG-IP image, provide either the full URL to the VHD in Azure storage **or** the full resource ID to an existing Microsoft.Compute image resource. **Note**: Unless specifically required, leave the default of **OPTIONAL**."
},
"type": "string"
},
"restrictedSrcAddress": {
"metadata": {
"description": "This field restricts management access to a specific network or address. Enter an IP address or address range in CIDR notation. Please do NOT use 0.0.0.0/0. Instead, restrict the IP address range to your client or trusted network, for example 55.55.55.55/32. Production should never expose the BIG-IP Management interface to the Internet. "
},
"type": "string"
},
"tagValues": {
"defaultValue": {
"application": "APP",
"cost": "COST",
"environment": "ENV",
"group": "GROUP",
"owner": "OWNER"
},
"metadata": {
"description": "Default key/value resource tags will be added to the resources in this deployment, if you would like the values to be unique adjust them as needed for each key."
},
"type": "object"
},
"allowUsageAnalytics": {
"allowedValues": [
"Yes",
"No"
],
"defaultValue": "Yes",
"metadata": {
"description": "This deployment can send anonymous template statistics to F5 to help us determine how to improve our solutions. If you select **No** statistics are not sent."
},
"type": "string"
},
"allowPhoneHome": {
"allowedValues": [
"Yes",
"No"
],
"defaultValue": "Yes",
"metadata": {
"description": "This deployment can provide F5 with high-level device use information to optimize development resources. If you select **No** the information is not sent."
},
"type": "string"
},
"numberOfAdditionalNics": {
"allowedValues": [
0,
1,
2,
3,
4,
5
],
"defaultValue": 0,
"metadata": {
"description": "By default this solution deploys the BIG-IP(s) in a 3 NIC configuration, however additional NICs can be added to the BIG-IP(s) using this parameter. **Note**: The default value is 0, additional NICs will only be created if 1 or higher is specified."
},
"type": "int"
},
"additionalNicLocation": {
"defaultValue": "OPTIONAL",
"metadata": {
"description": "This parameter specifies where the additional NICs go, use the default value of **OPTIONAL** if **0** was selected for the parameter **numberOfAdditionalNics**. Otherwise this value must be a semi-colon delimited string of subnets, equal to the number of additional NICs being deployed. For example, for 2 additional NICs you would use: **subnet01;subnet02**. **Note**: Ensure there are no spaces and the correct number of subnets are provided based on the value selected in **numberOfAdditionalNics**. **Important**: The subnet you provide for each additional NIC **must** be unique."
},
"type": "string"
},
"userAssignedManagedIdentity": {
"defaultValue": "NOT_SPECIFIED",
"metadata": {
"description": "The name of the pre-existing user-assigned managed identity in the resource group where the template will be deployed, if applicable. This identity will be configured on the virtual machine resources and must have the Contributor role assigned on both the deployment and virtual network resource groups. Leaving the default of **NOT_SPECIFIED** triggers the creation of a system-assigned managed identity."
},
"type": "string"
},
"roleNameGuid": {
"type": "string",
"defaultValue": "[newGuid()]",
"metadata": {
"description": "A new GUID used to identify the role assignment. Keep the field as is. No need to enter any value here as newGuid() is generating a random "
}
}
},
"variables": {
"addtlNicFillerArray": [
"filler01",
"filler02",
"filler03",
"filler04",
"filler05"
],
"addtlNicRefSplit": "[concat(split(parameters('additionalNicLocation'), ';'), variables('addtlNicFillerArray'))]",
"netCmd01": "[concat(' --vlan name:', variables('addtlNicRefSplit')[0], ',nic:1.3')]",
"netCmd02": "[concat(variables('netCmd01'), ' --vlan name:', variables('addtlNicRefSplit')[1], ',nic:1.4')]",
"netCmd03": "[concat(variables('netCmd02'), ' --vlan name:', variables('addtlNicRefSplit')[2], ',nic:1.5')]",
"netCmd04": "[concat(variables('netCmd03'), ' --vlan name:', variables('addtlNicRefSplit')[3], ',nic:1.6')]",
"netCmd05": "[concat(variables('netCmd04'), ' --vlan name:', variables('addtlNicRefSplit')[4], ',nic:1.7')]",
"netCmd": "[variables(concat('netCmd0', parameters('numberOfAdditionalNics')))]",
"selfNicConfigArray": {
"0": [
{
"id": "[resourceId('Microsoft.Network/networkInterfaces', concat(variables('mgmtNicName'), '0'))]",
"properties": {
"primary": true
}
},
{
"id": "[resourceId('Microsoft.Network/networkInterfaces', concat(variables('extNicName'), '0'))]",
"properties": {
"primary": false
}
},
{
"id": "[resourceId('Microsoft.Network/networkInterfaces', concat(variables('intNicName'), '0'))]",
"properties": {
"primary": false
}
}
],
"1": [
{
"id": "[resourceId('Microsoft.Network/networkInterfaces', concat(variables('mgmtNicName'), '1'))]",
"properties": {
"primary": true
}
},
{
"id": "[resourceId('Microsoft.Network/networkInterfaces', concat(variables('extNicName'), '1'))]",
"properties": {
"primary": false
}
},
{
"id": "[resourceId('Microsoft.Network/networkInterfaces', concat(variables('intNicName'), '1'))]",
"properties": {
"primary": false
}
}
]
},
"addtlNicConfigArray": {
"copy": [
{
"count": 5,
"input": {
"id": "[resourceId('Microsoft.Network/networkInterfaces', concat(toLower(parameters('dnsLabel')), '-addtlnic', copyIndex('values0', 1), '0'))]",
"properties": {
"primary": false
}
},
"name": "values0"
},
{
"count": 5,
"input": {
"id": "[resourceId('Microsoft.Network/networkInterfaces', concat(toLower(parameters('dnsLabel')), '-addtlnic', copyIndex('values1', 1), '1'))]",
"properties": {
"primary": false
}
},
"name": "values1"
}
]
},
"roleAssignmentNameForInstance0": "[guid(concat(variables('dnsLabel'), '-', variables('instanceName'), '0-role', parameters('roleNameGuid')))]",
"roleAssignmentNameForInstance1": "[guid(concat(variables('dnsLabel'), '-', variables('instanceName'), '1-role', parameters('roleNameGuid')))]",
"roleAssignementNameForVnet0": "[guid(concat(variables('dnsLabel'), '-', variables('instanceName'), '0-vnet-role', parameters('roleNameGuid')))]",
"roleAssignementNameForVnet1": "[guid(concat(variables('dnsLabel'), '-', variables('instanceName'), '1-vnet-role', parameters('roleNameGuid')))]",
"userAssignedManagedIdentity": "[tolower(parameters('userAssignedManagedIdentity'))]",
"identityType": "[if(equals(parameters('userAssignedManagedIdentity'), 'NOT_SPECIFIED'), 'system', 'user')]",
"identityArray": {
"user": {
"type": "userAssigned",
"identityIds": [
"[resourceID('Microsoft.ManagedIdentity/userAssignedIdentities/', variables('userAssignedManagedIdentity'))]"
]
},
"system": {
"type": "SystemAssigned"
}
},
"netCmd00": "[concat('')]",
"addtlNicName": "[concat(variables('dnsLabel'), '-addtlnic')]",
"authApiVersion": "2018-07-01",
"deployApiVersion": "2017-05-10",
"computeApiVersion": "2017-12-01",
"networkApiVersion": "2018-07-01",
"storageApiVersion": "2017-10-01",
"customImage": "[replace(parameters('customImage'), 'OPTIONAL', '')]",
"useCustomImage": "[not(empty(variables('customImage')))]",
"createNewCustomImage": "[contains(variables('customImage'), 'https://')]",
"newCustomImageName": "[concat(variables('dnsLabel'), 'image')]",
"storageProfileArray": {
"customImage": {
"imageReference": {
"id": "[if(variables('createNewCustomImage'), resourceId('Microsoft.Compute/images', variables('newCustomImageName')), variables('customImage'))]"
}
},
"platformImage": {
"imageReference": "[variables('imageReference')]",
"osDisk": {
"createOption": "FromImage"
}
}
},
"location": "[resourceGroup().location]",
"adminPasswordOrKey": "[replace(parameters('adminPasswordOrKey'),'\\n', '\n')]",
"linuxConfiguration": {
"disablePasswordAuthentication": true,
"ssh": {
"publicKeys": [
{
"keyData": "[variables('adminPasswordOrKey')]",
"path": "[concat('/home/', parameters('adminUsername'), '/.ssh/authorized_keys')]"
}
]
}
},
"subscriptionID": "[subscription().subscriptionId]",
"mgmtSubnetRef": "[concat('/subscriptions/', variables('subscriptionID'), '/resourceGroups/', parameters('vnetResourceGroupName'), '/providers/Microsoft.Network/virtualNetworks/', parameters('vnetName'), '/subnets/', parameters('mgmtSubnetName'))]",
"cfeTag": {
"f5_cloud_failover_label": "[resourceGroup().name]"
},
"cloudFailoverTagValue": "[union(if(empty(variables('tagValues')), json('null'), variables('tagValues')), variables('cfeTag'))]",
"cloudFailoverInitConfig": "[concat(variables('singleQuote'),'{ \"class\": \"Cloud_Failover\", \"environment\": \"azure\", \"externalStorage\": { \"scopingTags\": { \"f5_cloud_failover_label\":\"', resourceGroup().name, '\"} }, \"failoverAddresses\": { \"scopingTags\": { \"f5_cloud_failover_label\":\"', resourceGroup().name,'\"} }, \"failoverRoutes\": { \"enabled\": false, \"scopingTags\": { \"f5_cloud_failover_label\":\"', resourceGroup().name,'\"},\"scopingAddressRanges\": [{\"range\": \"192.168.0.0/32\"}], \"defaultNextHopAddresses\": { \"discoveryType\": \"static\", \"items\":[ \"192.168.0.4\", \"192.168.0.5\"]}}}',variables('singleQuote'))]",
"cloudFailoverInitCmd": "[concat('cfe_file_loc=\"/config/cloud/cfe-init.cfg\"')]",
"f5CloudFailoverTag": "v1.9.0",
"f5CloudFailoverBuild": "f5-cloud-failover-1.9.0-0.noarch.rpm",
"resourceGroupName": "[resourceGroup().name]",
"singleQuote": "'",
"f5CloudLibsTag": "v4.27.1",
"f5CloudLibsAzureTag": "v2.17.1",
"f5NetworksTag": "v10.2.0.0",
"f5RuntimeInitBuild": "f5-bigip-runtime-init-1.5.0-1.gz.run",
"f5RuntimeInitTag": "v1.5.0",
"verifyHash": "[concat(variables('singleQuote'), 'cli script /Common/verifyHash {\nproc script::run {} {\n if {[catch {\n set hashes(f5-cloud-libs.tar.gz) 32dbb0e602b8a9dc8b492e52dcd61b47ba62f4f70cdb2c6162694b8b6bdde6f2684d0747878a89e966dff78dbec02d98b682aa108cba5b024195561189c61c06\n set hashes(f5-cloud-libs-aws.tar.gz) c2eadf04a910e28a52c21e1b9af9015b5a4e5a50501bc0dfbd354d03d08d5a82fe8c0326dd4138b835ff88fc17232e957b8f2d3fb031ed1809fd3d0b973afe09\n set hashes(f5-cloud-libs-azure.tar.gz) 703bae0e774114b16528ca71bb2109db5f36623f8b8698588348677862ffa48559ba9698001d2f245860059a4fec588a15ee924317b967bf338cca66b0de6936\n set hashes(f5-cloud-libs-gce.tar.gz) fd16ab827b3089e76d5c77c713a2eabe685707dba7207cfdf2778db2e96281fc8e3e4424fb20f584c44cb9722b4fbf352e7c364de5fed61a74bd138f974705b2\n set hashes(f5-cloud-libs-openstack.tar.gz) 5c83fe6a93a6fceb5a2e8437b5ed8cc9faf4c1621bfc9e6a0779f6c2137b45eab8ae0e7ed745c8cf821b9371245ca29749ca0b7e5663949d77496b8728f4b0f9\n set hashes(f5-cloud-libs-consul.tar.gz) a32aab397073df92cbbba5067e5823e9b5fafca862a258b60b6b40aa0975c3989d1e110f706177b2ffbe4dde65305a260a5856594ce7ad4ef0c47b694ae4a513\n set hashes(asm-policy-linux.tar.gz) 63b5c2a51ca09c43bd89af3773bbab87c71a6e7f6ad9410b229b4e0a1c483d46f1a9fff39d9944041b02ee9260724027414de592e99f4c2475415323e18a72e0\n set hashes(f5.http.v1.2.0rc4.tmpl) 47c19a83ebfc7bd1e9e9c35f3424945ef8694aa437eedd17b6a387788d4db1396fefe445199b497064d76967b0d50238154190ca0bd73941298fc257df4dc034\n set hashes(f5.http.v1.2.0rc6.tmpl) 811b14bffaab5ed0365f0106bb5ce5e4ec22385655ea3ac04de2a39bd9944f51e3714619dae7ca43662c956b5212228858f0592672a2579d4a87769186e2cbfe\n set hashes(f5.http.v1.2.0rc7.tmpl) 21f413342e9a7a281a0f0e1301e745aa86af21a697d2e6fdc21dd279734936631e92f34bf1c2d2504c201f56ccd75c5c13baa2fe7653213689ec3c9e27dff77d\n set hashes(f5.aws_advanced_ha.v1.3.0rc1.tmpl) 9e55149c010c1d395abdae3c3d2cb83ec13d31ed39424695e88680cf3ed5a013d626b326711d3d40ef2df46b72d414b4cb8e4f445ea0738dcbd25c4c843ac39d\n set hashes(f5.aws_advanced_ha.v1.4.0rc1.tmpl) de068455257412a949f1eadccaee8506347e04fd69bfb645001b76f200127668e4a06be2bbb94e10fefc215cfc3665b07945e6d733cbe1a4fa1b88e881590396\n set hashes(f5.aws_advanced_ha.v1.4.0rc2.tmpl) 6ab0bffc426df7d31913f9a474b1a07860435e366b07d77b32064acfb2952c1f207beaed77013a15e44d80d74f3253e7cf9fbbe12a90ec7128de6facd097d68f\n set hashes(f5.aws_advanced_ha.v1.4.0rc3.tmpl) 2f2339b4bc3a23c9cfd42aae2a6de39ba0658366f25985de2ea53410a745f0f18eedc491b20f4a8dba8db48970096e2efdca7b8efffa1a83a78e5aadf218b134\n set hashes(f5.aws_advanced_ha.v1.4.0rc4.tmpl) 2418ac8b1f1884c5c096cbac6a94d4059aaaf05927a6a4508fd1f25b8cc6077498839fbdda8176d2cf2d274a27e6a1dae2a1e3a0a9991bc65fc74fc0d02ce963\n set hashes(f5.aws_advanced_ha.v1.4.0rc5.tmpl) 5e582187ae1a6323e095d41eddd41151d6bd38eb83c634410d4527a3d0e246a8fc62685ab0849de2ade62b0275f51264d2deaccbc16b773417f847a4a1ea9bc4\n set hashes(asm-policy.tar.gz) 2d39ec60d006d05d8a1567a1d8aae722419e8b062ad77d6d9a31652971e5e67bc4043d81671ba2a8b12dd229ea46d205144f75374ed4cae58cefa8f9ab6533e6\n set hashes(deploy_waf.sh) 1a3a3c6274ab08a7dc2cb73aedc8d2b2a23cd9e0eb06a2e1534b3632f250f1d897056f219d5b35d3eed1207026e89989f754840fd92969c515ae4d829214fb74\n set hashes(f5.policy_creator.tmpl) 06539e08d115efafe55aa507ecb4e443e83bdb1f5825a9514954ef6ca56d240ed00c7b5d67bd8f67b815ee9dd46451984701d058c89dae2434c89715d375a620\n set hashes(f5.service_discovery.tmpl) 4811a95372d1dbdbb4f62f8bcc48d4bc919fa492cda012c81e3a2fe63d7966cc36ba8677ed049a814a930473234f300d3f8bced2b0db63176d52ac99640ce81b\n set hashes(f5.cloud_logger.v1.0.0.tmpl) 64a0ed3b5e32a037ba4e71d460385fe8b5e1aecc27dc0e8514b511863952e419a89f4a2a43326abb543bba9bc34376afa114ceda950d2c3bd08dab735ff5ad20\n set hashes(f5-appsvcs-3.5.1-5.noarch.rpm) ba71c6e1c52d0c7077cdb25a58709b8fb7c37b34418a8338bbf67668339676d208c1a4fef4e5470c152aac84020b4ccb8074ce387de24be339711256c0fa78c8\n set hashes(f5-appsvcs-3.18.0-4.noarch.rpm) e72ee8005a27070ac399ab097e8aa507a72aae4721d7491589cfeb821db3ef86cbc979e796ab319ec727bb51400ccda813c4b9eb4a6b3d1220a396b582f8f400\n set hashes(f5-appsvcs-3.20.0-3.noarch.rpm) d4bba8892a2068bb53f88c6090dc65f17707abca35a7ed2fff39980057fe7f7a2ebf710ab2284a1d83d70b7746beabad9df603017c0fd8728f7457661c95ac8d\n set hashes(f5-appsvcs-3.25.0-3.noarch.rpm) 26f19bdaaa81cbe0421b3e08c09987f9dd0c54b05a626d6a21a836b34248d2d9d83095f0daad8e7a4a068e9ef99b89fbcd246ae8b617ac2b2456599157d0e8b3\n set hashes(f5-appsvcs-3.26.1-1.noarch.rpm) b460e11679d38a96549b5041def27b419f1a41c8f788f9f8c7a034aa5cb5a8c9fd151c7c439bebd093fcd85cd8657f1c064551d9337566f9fc7e9506c55dc02c\n set hashes(f5-appsvcs-3.31.0-6.noarch.rpm) 6506fde5d1c2e067662b513387dccda0281d3bbc604fc6dcf8e5740ae563748899f7f335e349006fe3f0e751cd70d4ef8be3701ae45dca305de649f259f090a9\n set hashes(f5-cloud-failover-1.1.0-0.noarch.rpm) 15a440c299f9e4af86a3d0f5b0d75b0054385b95e47c3ef116d2e0bfb0041a26dcbf549028e2a26d2c718ec61446bd657be38fbbcd9db781efe5414c174ac68c\n set hashes(f5-cloud-failover-1.3.0-0.noarch.rpm) 19681eb33d9f910c913f8180199485eb653b4b5ebeaae0b90a6ce8341d7a22fed8d21815b5ba148c468852d20cc26fad4c4242e50ecc184f1f8770dacced6f6a\n set hashes(f5-cloud-failover-1.4.0-0.noarch.rpm) 49e9108a070e0c8713aeb7b330662358542e61b7c53a9d45108d37a9bf5246f9e4aaae10cc61064801dcccd20bfd5108347b0f694510e7ece07f96c45ba683b0\n set hashes(f5-cloud-failover-1.5.0-0.noarch.rpm) 33a7e2d047106bcce681757a65240bfacedd48e13567e05fdb23a4b269d266aa5001f81158c3964dc297f0428db31c9df428002898d190285b349c59422a573b\n set hashes(f5-cloud-failover-1.6.1-1.noarch.rpm) c1b842da21b8d1ba21b6eb63c8598a9ea9986d5daddc21e4d280e1d6b09d3db1de8ac7de5c84edf07b43e4af03daf8fe747a4048f6573d955206352cde2cec65\n set hashes(f5-cloud-failover-1.7.1-1.noarch.rpm) 14ff0cd2bb49780cc0ae3021c4fc8fcc096e3fce2258096a4aa026d6d37de728ca7345bfe3a79031e336e74d25a2b40ff28324c2c752bf0ee71b7fc89b6fc8fe\n set hashes(f5-cloud-failover-1.8.0-0.noarch.rpm) 23086d1cbf3cb24eac7eba2305156c600fa21f1b896321a2fa5225d331d7e41471edb3f5368144d86848a4520b1e005c014485ff451e7da6429053f58bfe8ce4\n set hashes(f5-cloud-failover-1.9.0-0.noarch.rpm) 09c15377389ac18313370635fb99f9aff05970807cc60bff074f80f664023cfc0d9f5b7f2ed7a8f879deb2da84a034bb9fa9f4e95f9806d644af518db32f1425\n\n set file_path [lindex $tmsh::argv 1]\n set file_name [file tail $file_path]\n\n if {![info exists hashes($file_name)]} {\n tmsh::log err \"No hash found for $file_name\"\n exit 1\n }\n\n set expected_hash $hashes($file_name)\n set computed_hash [lindex [exec /usr/bin/openssl dgst -r -sha512 $file_path] 0]\n if { $expected_hash eq $computed_hash } {\n exit 0\n }\n tmsh::log err \"Hash does not match for $file_path\"\n exit 1\n }]} {\n tmsh::log err {Unexpected error in verifyHash}\n exit 1\n }\n }\n script-signature X7djuj51rcPDqOQfTUMmV6Qg8gSjD4UnhrHAMkP0oFDTSDigD+s49RMbK05inVzbq+wqjWC2Rlsz1bfreGy35DzIBQo0k8hCOr2JNXAOXOp45LfVgqq+c1NgjsHo54ogvHRixLxo2wo3QBX9SJzktr3zgj6BTHoU95R76497hmaeJ96EYz+3d78tO64ORbtzizlMV9xfBFYzgW0SPT644Rer65DstCMbQcDNqHv71BnKfshfu5Ta2qXUmn8ZNBOdcdSOng+E05/rURDEFU7NJ0j7mkn3UbY8F9WNKkyL+098FitD/l+gD3VpFaFwFKIOvorz8fWfWT+u4GQF3MvRdg==\n signing-key /Common/f5-irule\n}', variables('singleQuote'))]",
"installCloudLibs": "[concat(variables('singleQuote'), '#!/bin/bash\necho about to execute\nchecks=0\nwhile [ $checks -lt 120 ]; do echo checking mcpd\n/usr/bin/tmsh -a show sys mcp-state field-fmt | grep -q running\nif [ $? == 0 ]; then\necho mcpd ready\nbreak\nfi\necho mcpd not ready yet\nlet checks=checks+1\nsleep 1\ndone\necho loading verifyHash script\n/usr/bin/tmsh load sys config merge file /config/verifyHash\nif [ $? != 0 ]; then\necho cannot validate signature of /config/verifyHash\nexit 1\nfi\necho loaded verifyHash\n\nconfig_loc=\"/config/cloud/\"\nhashed_file_list=\"${config_loc}f5-cloud-libs.tar.gz ${config_loc}f5-cloud-libs-azure.tar.gz\"\nfor file in $hashed_file_list; do\necho \"verifying $file\"\n/usr/bin/tmsh run cli script verifyHash $file\nif [ $? != 0 ]; then\necho \"$file is not valid\"\nexit 1\nfi\necho \"verified $file\"\ndone\necho \"expanding $hashed_file_list\"\ntar xfz /config/cloud/f5-cloud-libs.tar.gz --warning=no-unknown-keyword -C /config/cloud/azure/node_modules/@f5devcentral\ntar xfz /config/cloud/f5-cloud-libs-azure.tar.gz --warning=no-unknown-keyword -C /config/cloud/azure/node_modules/@f5devcentral\ntouch /config/cloud/cloudLibsReady', variables('singleQuote'))]",
"dnsLabel": "[toLower(parameters('dnsLabel'))]",
"imageNameToLower": "[toLower(parameters('imageName'))]",
"customImageUrnArray": "[if(not(equals(parameters('customImageUrn'), 'OPTIONAL')), split(parameters('customImageUrn'), ':'), createArray('OPTIONAL'))]",
"skuToUse": "[if(equals(length(variables('customImageUrnArray')), 4), variables('customImageUrnArray')[2], concat('f5-', variables('imageNameSub'),'-byol'))]",
"offerToUse": "[if(equals(length(variables('customImageUrnArray')), 4), variables('customImageUrnArray')[1], concat('f5-big-ip-', variables('imageNameArray').offerPostfix[variables('imageNameSub')]))]",
"versionToUse": "[if(equals(length(variables('customImageUrnArray')), 4), variables('customImageUrnArray')[3], parameters('bigIpVersion'))]",
"bigIpMajorVersion": "[if(equals(parameters('bigIpVersion'), 'latest'), '16', split(variables('versionToUse'), '.')[0])]",
"bigIpMajorVersionInt": "[int(variables('bigipMajorVersion'))]",
"imagePlan": {
"name": "[variables('skuToUse')]",
"product": "[variables('offerToUse')]",
"publisher": "f5-networks"
},
"imageReference": {
"offer": "[variables('offerToUse')]",
"publisher": "f5-networks",
"sku": "[variables('skuToUse')]",
"version": "[variables('versionToUse')]"
},
"bigIpMgmtPort": "443",
"instanceName": "[toLower(parameters('instanceName'))]",
"failoverCmdArray": {
"16": "tmsh modify sys db failover.selinuxallowscripts value enable",
"15": "tmsh modify sys db failover.selinuxallowscripts value enable",
"14": "tmsh modify sys db failover.selinuxallowscripts value enable",
"13": "tmsh list sys db",
"12": "tmsh list sys db",
"latest": "tmsh modify sys db failover.selinuxallowscripts value enable"
},
"virtualNetworkName": "[parameters('vnetName')]",
"mgmtSubnetName": "[parameters('mgmtSubnetName')]",
"vnetId": "[resourceId(parameters('vnetResourceGroupName'),'Microsoft.Network/virtualNetworks',variables('virtualNetworkName'))]",
"mgmtRouteGw": "`tmsh list sys management-route default gateway | grep gateway | sed 's/gateway //;s/ //g'`",
"mgmtSubnetPrivateAddress": "[parameters('mgmtIpAddressRangeStart')]",
"commandArgs": "[concat('-o ', parameters('declarationUrl'), ' -u svc_user')]",
"appScript": "IyEvYmluL2Jhc2gKZnVuY3Rpb24gcGFzc3dkKCkgewogIGVjaG8gfCBmNS1yZXN0LW5vZGUgL2NvbmZpZy9jbG91ZC9henVyZS9ub2RlX21vZHVsZXMvQGY1ZGV2Y2VudHJhbC9mNS1jbG91ZC1saWJzL3NjcmlwdHMvZGVjcnlwdERhdGFGcm9tRmlsZS5qcyAtLWRhdGEtZmlsZSAvY29uZmlnL2Nsb3VkLy5wYXNzd2QgfCBhd2sgJ3twcmludCAkMX0nCn0KCndoaWxlIGdldG9wdHMgbzp1OmY6IG9wdGlvbgpkbyBjYXNlICIkb3B0aW9uIiAgaW4KICAgICAgICBvKSBkZWNsYXJhdGlvblVybD0kT1BUQVJHOzsKICAgICAgICB1KSB1c2VyPSRPUFRBUkc7OwogICAgICAgIGYpIGlzQXMzPSRPUFRBUkc7OwogICAgZXNhYwpkb25lCgpkZXBsb3llZD0ibm8iCmZpbGVfbG9jPSIvY29uZmlnL2Nsb3VkL2N1c3RvbV9jb25maWciCmRmbF9tZ210X3BvcnQ9YHRtc2ggbGlzdCBzeXMgaHR0cGQgc3NsLXBvcnQgfCBncmVwIHNzbC1wb3J0IHwgc2VkICdzL3NzbC1wb3J0IC8vO3MvIC8vZydgCnVybF9yZWdleD0iKGh0dHA6XC9cL3xodHRwczpcL1wvKT9bYS16MC05XSsoW1wtXC5dezF9W2EtejAtOV0rKSpcLlthLXpdezIsNX0oOlswLTldezEsNX0pPyhcLy4qKT8kIgoKaWYgW1sgJGRlY2xhcmF0aW9uVXJsID1+ICR1cmxfcmVneCAmJiAkaXNBczMgPX4gImRvX2FzIiBdXTsgdGhlbgogICAgcmVzcG9uc2VfY29kZT0kKC91c3IvYmluL2N1cmwgLXNrIC13ICIle2h0dHBfY29kZX0iICRkZWNsYXJhdGlvblVybCAtbyAkZmlsZV9sb2MpCiAgICBpZiBbWyAkcmVzcG9uc2VfY29kZSA9PSAyMDAgXV07IHRoZW4KICAgICAgICAgZWNobyAiQ3VzdG9tIGNvbmZpZyBkb3dubG9hZCBjb21wbGV0ZTsgY2hlY2tpbmcgZm9yIHZhbGlkIEpTT04uIgogICAgICAgICBjYXQgJGZpbGVfbG9jIHwganEgLmNsYXNzCiAgICAgICAgIGlmIFtbICQ/ID09IDAgXV07IHRoZW4KICAgICAgICAgICAgIHJlc3BvbnNlX2NvZGU9JCgvdXNyL2Jpbi9jdXJsIC1za3Z2dSAkdXNlcjokKHBhc3N3ZCkgLXcgIiV7aHR0cF9jb2RlfSIgLVggUE9TVCAtSCAiQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi9qc29uIiAtSCAiRXhwZWN0OiIgaHR0cHM6Ly9sb2NhbGhvc3Q6JGRmbF9tZ210X3BvcnQvbWdtdC9zaGFyZWQvYXBwc3Zjcy9kZWNsYXJlIC1kIEAkZmlsZV9sb2MgLW8gL2Rldi9udWxsKQoKICAgICAgICAgICAgIGlmIFtbICRyZXNwb25zZV9jb2RlID09IDIwMCB8fCAkcmVzcG9uc2VfY29kZSA9PSA1MDIgXV07IHRoZW4KICAgICAgICAgICAgICAgICAgZWNobyAiRGVwbG95bWVudCBvZiBhcHBsaWNhdGlvbiBzdWNjZWVkZWQuIgogICAgICAgICAgICAgICAgICBkZXBsb3llZD0ieWVzIgogICAgICAgICAgICAgZWxzZQogICAgICAgICAgICAgICAgIGVjaG8gIkZhaWxlZCB0byBkZXBsb3kgYXBwbGljYXRpb247IGNvbnRpbnVpbmcgd2l0aCByZXNwb25zZSBjb2RlICciJHJlc3BvbnNlX2NvZGUiJyIKICAgICAgICAgICAgIGZpCiAgICAgICAgIGVsc2UKICAgICAgICAgICAgIGVjaG8gIkN1c3RvbSBjb25maWcgd2FzIG5vdCB2YWxpZCBKU09OLCBjb250aW51aW5nIgogICAgICAgICBmaQogICAgZWxzZQogICAgICAgIGVjaG8gIkZhaWxlZCB0byBkb3dubG9hZCBjdXN0b20gY29uZmlnOyBjb250aW51aW5nIHdpdGggcmVzcG9uc2UgY29kZSAnIiRyZXNwb25zZV9jb2RlIiciCiAgICBmaQplbHNlCiAgICAgZWNobyAiQ3VzdG9tIGNvbmZpZyB3YXMgbm90IGEgVVJMLCBjb250aW51aW5nLiIKZmkKCmlmIFtbICRkZXBsb3llZCA9PSAibm8iICYmICRkZWNsYXJhdGlvblVybCA9PSAiTk9UX1NQRUNJRklFRCIgJiYgICQyICE9ICdza2lwX2FzMycgXV07IHRoZW4KICAgIGVjaG8gIkFwcGxpY2F0aW9uIGRlcGxveW1lbnQgZmFpbGVkIG9yIGN1c3RvbSBVUkwgd2FzIG5vdCBzcGVjaWZpZWQuIgpmaQoKY2ZlX2ZpbGVfbG9jPS9jb25maWcvY2xvdWQvYXp1cmUvY2ZlLWluaXQuY2ZnCmNmZV9yZXNwb25zZV9jb2RlPSQoL3Vzci9iaW4vY3VybCAtc2t2dnUgJHVzZXI6JChwYXNzd2QpIC13ICIle2h0dHBfY29kZX0iIC1YIFBPU1QgLUggIkNvbnRlbnQtVHlwZTphcHBsaWNhdGlvbi9qc29uIiBodHRwczovL2xvY2FsaG9zdDo0NDMvbWdtdC9zaGFyZWQvY2xvdWQtZmFpbG92ZXIvZGVjbGFyZSAtZCBAJGNmZV9maWxlX2xvYykKCmlmIFtbICRjZmVfcmVzcG9uc2VfY29kZSA9PSAyMDAgfHwgJGNmZV9yZXNwb25zZV9jb2RlID09IDUwMiBdXTsgdGhlbgogICAgZWNobyAiRGVwbG95bWVudCBvZiBDRkUgYXBwbGljYXRpb24gc3VjY2VlZGVkLiIKZWxzZQogICAgZWNobyAiRmFpbGVkIHRvIGRlcGxveSBDRkUgYXBwbGljYXRpb24gd2l0aCByZXNwb25zZSBjb2RlICciJGNmZV9yZXNwb25zZV9jb2RlIiciCmZpCgplY2hvICJEZXBsb3ltZW50IGNvbXBsZXRlLiIKZXhpdA==",
"extSubnetPrivateAddressSuffixInt": "[int(variables('extSubnetPrivateAddressPrefixArray')[3])]",
"extSubnetName": "[parameters('externalSubnetName')]",
"extSubnetPrivateAddress": "[parameters('externalIpSelfAddressRangeStart')]",
"extSubnetPrivateAddressPrefix": "[concat(variables('extSubnetPrivateAddressPrefixArray')[0], '.', variables('extSubnetPrivateAddressPrefixArray')[1], '.', variables('extSubnetPrivateAddressPrefixArray')[2], '.')]",
"extNsgID": "[resourceId('Microsoft.Network/networkSecurityGroups/',concat(variables('dnsLabel'),'-ext-nsg'))]",
"extSelfPublicIpAddressNamePrefix": "[concat(variables('dnsLabel'), '-self-pip')]",
"extSelfPublicIpAddressIdPrefix": "[resourceId('Microsoft.Network/publicIPAddresses', variables('extSelfPublicIpAddressNamePrefix'))]",
"extpublicIPAddressNamePrefix": "[concat(variables('dnsLabel'), '-ext-pip')]",
"extPublicIPAddressIdPrefix": "[resourceId('Microsoft.Network/publicIPAddresses', variables('extPublicIPAddressNamePrefix'))]",
"extNicName": "[concat(variables('dnsLabel'), '-ext')]",
"extNicID": "[resourceId('Microsoft.Network/NetworkInterfaces', variables('extNicName'))]",
"extSubnetId": "[concat(variables('vnetId'), '/subnets/', variables('extsubnetName'))]",
"routeCmd": "route",
"intSubnetName": "[parameters('internalSubnetName')]",
"intSubnetPrivateAddress": "[parameters('internalIpAddressRangeStart')]",
"intNicName": "[concat(variables('dnsLabel'), '-int')]",
"intNicID": "[resourceId('Microsoft.Network/NetworkInterfaces', variables('intNicName'))]",
"intSubnetId": "[concat(variables('vnetId'), '/subnets/', variables('intsubnetName'))]",
"mgmtSubnetPrivateAddress1": "[concat(variables('mgmtSubnetPrivateAddressPrefix'), variables('mgmtSubnetPrivateAddressSuffix'))]",
"extSubnetPrivateAddress1": "[concat(variables('extSubnetSelfPrivateAddressPrefix'), variables('extSubnetSelfPrivateAddressSuffix'))]",
"intSubnetPrivateAddress1": "[concat(variables('intSubnetPrivateAddressPrefix'), variables('intSubnetPrivateAddressSuffix'))]",
"availabilitySetName": "[concat(variables('dnsLabel'), '-avset')]",
"zonesAvailable": "[not(empty(pickZones('Microsoft.Compute', 'virtualMachines', variables('location'))))]",
"availabilitySetId": {
"id": "[resourceId('Microsoft.Compute/availabilitySets',variables('availabilitySetName'))]"
},
"extSubnetPrivateAddressPrefixArray": "[if(equals(parameters('externalIpAddressRangeStart'), 'DYNAMIC'), createArray('0','0','0','0'), split(parameters('externalIpAddressRangeStart'), '.'))]",
"extSubnetPrivateAddressSuffix0": "[add(variables('extSubnetPrivateAddressSuffixInt'), 1)]",
"extSubnetPrivateAddressSuffix1": "[add(variables('extSubnetPrivateAddressSuffixInt'), 2)]",
"extSubnetRef": "[concat('/subscriptions/', variables('subscriptionID'), '/resourceGroups/', parameters('vnetResourceGroupName'), '/providers/Microsoft.Network/virtualNetworks/', parameters('vnetName'), '/subnets/', parameters('externalSubnetName'))]",
"intSubnetRef": "[concat('/subscriptions/', variables('subscriptionID'), '/resourceGroups/', parameters('vnetResourceGroupName'), '/providers/Microsoft.Network/virtualNetworks/', parameters('vnetName'), '/subnets/', parameters('internalSubnetName'))]",
"mgmtSubnetPrivateAddressPrefixArray": "[if(equals(parameters('mgmtIpAddressRangeStart'), 'DYNAMIC'), createArray('0','0','0','0'), split(parameters('mgmtIpAddressRangeStart'), '.'))]",
"mgmtSubnetPrivateAddressPrefix": "[concat(variables('mgmtSubnetPrivateAddressPrefixArray')[0], '.', variables('mgmtSubnetPrivateAddressPrefixArray')[1], '.', variables('mgmtSubnetPrivateAddressPrefixArray')[2], '.')]",
"mgmtSubnetPrivateAddressSuffixInt": "[int(variables('mgmtSubnetPrivateAddressPrefixArray')[3])]",
"mgmtSubnetPrivateAddressSuffix": "[add(variables('mgmtSubnetPrivateAddressSuffixInt'), 1)]",
"extSubnetSelfPrivateAddressPrefixArray": "[if(equals(parameters('externalIpSelfAddressRangeStart'), 'DYNAMIC'), createArray('0','0','0','0'), split(parameters('externalIpSelfAddressRangeStart'), '.'))]",
"extSubnetSelfPrivateAddressPrefix": "[concat(variables('extSubnetSelfPrivateAddressPrefixArray')[0], '.', variables('extSubnetSelfPrivateAddressPrefixArray')[1], '.', variables('extSubnetSelfPrivateAddressPrefixArray')[2], '.')]",
"extSubnetSelfPrivateAddressSuffixInt": "[int(variables('extSubnetSelfPrivateAddressPrefixArray')[3])]",
"extSubnetSelfPrivateAddressSuffix": "[add(variables('extSubnetSelfPrivateAddressSuffixInt'), 1)]",
"intSubnetPrivateAddressPrefixArray": "[if(equals(parameters('internalIpAddressRangeStart'), 'DYNAMIC'), createArray('0','0','0','0'), split(parameters('internalIpAddressRangeStart'), '.'))]",
"intSubnetPrivateAddressPrefix": "[concat(variables('intSubnetPrivateAddressPrefixArray')[0], '.', variables('intSubnetPrivateAddressPrefixArray')[1], '.', variables('intSubnetPrivateAddressPrefixArray')[2], '.')]",
"intSubnetPrivateAddressSuffixInt": "[int(variables('intSubnetPrivateAddressPrefixArray')[3])]",
"intSubnetPrivateAddressSuffix": "[add(variables('intSubnetPrivateAddressSuffixInt'), 1)]",
"numberOfExternalIps": "[parameters('numberOfExternalIps')]",
"imageNameSub": "[variables('imageNameArray')[variables('bigIpMajorVersion')][parameters('imageName')]]",
"imageNameArray": {
"16": {
"AllOneBootLocation": "big-all-1slot",
"AllTwoBootLocations": "big-all-2slot",
"LTMOneBootLocation": "big-ltm-1slot",
"LTMTwoBootLocations": "big-ltm-2slot"
},
"15": {
"AllOneBootLocation": "big-all-1slot",
"AllTwoBootLocations": "big-all-2slot",
"LTMOneBootLocation": "big-ltm-1slot",
"LTMTwoBootLocations": "big-ltm-2slot"
},
"14": {
"AllOneBootLocation": "big-all-1slot",
"AllTwoBootLocations": "big-all-2slot",
"LTMOneBootLocation": "big-ltm-1slot",
"LTMTwoBootLocations": "big-ltm-2slot"
},
"13": {
"AllOneBootLocation": "big-all-1slot",
"AllTwoBootLocations": "big-all-2slot",
"LTMOneBootLocation": "big-ltm-1slot",
"LTMTwoBootLocations": "big-ltm-2slot"
},
"12": {
"AllOneBootLocation": "big-all-2slot",
"AllTwoBootLocations": "big-all-2slot",
"LTMOneBootLocation": "big-ltm-2slot",
"LTMTwoBootLocations": "big-ltm-2slot"
},
"latest": {
"AllOneBootLocation": "big-all-2slot",
"AllTwoBootLocations": "big-all-2slot",
"LTMOneBootLocation": "big-ltm-2slot",
"LTMTwoBootLocations": "big-ltm-2slot"
},
"offerPostfix": {
"big-all-1slot": "byol",
"big-all-2slot": "byol",
"big-ltm-1slot": "byol",
"big-ltm-2slot": "byol",
"bigip-virtual-edition-best": "best",
"bigip-virtual-edition-good": "good"
}
},
"publicIPAddressType": "Static",
"mgmtPublicIPAddressName": "[concat(variables('dnsLabel'), '-mgmt-pip')]",
"mgmtPublicIPAddressId": "[resourceId('Microsoft.Network/publicIPAddresses', variables('mgmtPublicIPAddressName'))]",
"mgmtNsgID": "[resourceId('Microsoft.Network/networkSecurityGroups/',concat(variables('dnsLabel'),'-mgmt-nsg'))]",
"mgmtNicName": "[concat(variables('dnsLabel'), '-mgmt')]",
"mgmtNicID": "[resourceId('Microsoft.Network/NetworkInterfaces', variables('mgmtNicName'))]",
"mgmtSubnetId": "[concat(variables('vnetId'), '/subnets/', variables('mgmtSubnetName'))]",
"tagValues": "[parameters('tagValues')]",
"newDataStorageAccountName": "[concat(uniqueString(variables('dnsLabel'), resourceGroup().id, deployment().name), 'data000')]",
"dataStorageAccountType": "Standard_LRS",
"deploymentId": "[concat(variables('subscriptionId'), resourceGroup().id, deployment().name, variables('dnsLabel'))]",
"customConfig": "[concat('### START (INPUT) CUSTOM CONFIGURATION HERE\ntmsh modify cm device-group Sync devices modify { ', variables('instanceName'), '1.', variables('location'), '.cloudapp.azure.com { set-sync-leader } }\ntmsh save sys config\n')]",
"customData": "controls:\n logLevel: info\n logFilename: /var/log/cloud/bigIpRuntimeInit.log\nextension_packages:\n install_operations:\n - extensionType: as3\n extensionVersion: 3.40.0\n extensionHash: 708533815cb8e608b4d28fbb730f0ed34617ce5def53c5462c0ab98bd54730fc\n - extensionType: cf\n extensionVersion: 1.13.0\n extensionHash: 93be496d250838697d8a9aca8bd0e6fe7480549ecd43280279f0a63fc741ab50\n",
"allowUsageAnalytics": {
"No": {
"hashCmd": "echo AllowUsageAnalytics:No",
"metricsCmd": ""
},
"Yes": {
"hashCmd": "[concat('custId=`echo \"', variables('subscriptionId'), '\"|sha512sum|cut -d \" \" -f 1`; deployId=`echo \"', variables('deploymentId'), '\"|sha512sum|cut -d \" \" -f 1`')]",
"metricsCmd": "[concat(' --metrics customerId:${custId},deploymentId:${deployId},templateName:failover_nnic-existing-stack-supported-byol,templateVersion:10.2.0.0,region:', variables('location'), ',bigIpVersion:', parameters('bigIpVersion') ,',licenseType:byol,cloudLibsVersion:', variables('f5CloudLibsTag'), ',cloudName:azure')]"
}
},
"allowPhoneHome": "[if(equals(parameters('allowPhoneHome'), 'Yes'), 'enabled', 'disabled')]",
"osProfiles": {
"password": {
"adminPassword": "[variables('adminPasswordOrKey')]",
"adminUsername": "[parameters('adminUsername')]",
"computerName": "[variables('instanceName')]",
"linuxConfiguration": "[json('null')]"
},
"sshPublicKey": {
"adminUsername": "[parameters('adminUsername')]",
"computerName": "[variables('instanceName')]",
"linuxConfiguration": "[variables('linuxConfiguration')]"
}
},
"installCustomConfig": "[concat(variables('singleQuote'), '#!/bin/bash\n', variables('customConfig'), variables('singleQuote'))]"
},
"resources": [
{
"condition": "[equals(parameters('provisionPublicIP'),'Yes')]",
"apiVersion": "[variables('networkApiVersion')]",
"sku": {
"name": "Standard"
},
"location": "[variables('location')]",
"name": "[concat(variables('mgmtPublicIPAddressName'), '0')]",
"properties": {
"dnsSettings": {
"domainNameLabel": "[concat(variables('dnsLabel'), '-0')]"
},
"idleTimeoutInMinutes": 30,
"publicIPAllocationMethod": "[variables('publicIPAddressType')]"
},
"tags": "[if(empty(variables('tagValues')), json('null'), variables('tagValues'))]",
"type": "Microsoft.Network/publicIPAddresses"
},
{
"condition": "[equals(parameters('provisionPublicIP'),'Yes')]",
"apiVersion": "[variables('networkApiVersion')]",
"sku": {
"name": "Standard"
},
"location": "[variables('location')]",
"name": "[concat(variables('mgmtPublicIPAddressName'), '1')]",
"properties": {
"dnsSettings": {
"domainNameLabel": "[concat(variables('dnsLabel'), '-1')]"
},
"idleTimeoutInMinutes": 30,
"publicIPAllocationMethod": "[variables('publicIPAddressType')]"
},
"tags": "[if(empty(variables('tagValues')), json('null'), variables('tagValues'))]",
"type": "Microsoft.Network/publicIPAddresses"
},
{
"condition": "[equals(parameters('provisionPublicIP'),'Yes')]",
"apiVersion": "[variables('networkApiVersion')]",
"sku": {
"name": "Standard"
},
"location": "[variables('location')]",
"name": "[concat(variables('extSelfPublicIpAddressNamePrefix'), '0')]",
"properties": {
"idleTimeoutInMinutes": 30,
"publicIPAllocationMethod": "[variables('publicIPAddressType')]"
},
"tags": "[if(empty(variables('tagValues')), json('null'), variables('tagValues'))]",
"type": "Microsoft.Network/publicIPAddresses"
},
{
"condition": "[equals(parameters('provisionPublicIP'),'Yes')]",
"apiVersion": "[variables('networkApiVersion')]",
"sku": {
"name": "Standard"
},
"location": "[variables('location')]",
"name": "[concat(variables('extSelfPublicIpAddressNamePrefix'), '1')]",
"properties": {
"idleTimeoutInMinutes": 30,
"publicIPAllocationMethod": "[variables('publicIPAddressType')]"
},
"tags": "[if(empty(variables('tagValues')), json('null'), variables('tagValues'))]",
"type": "Microsoft.Network/publicIPAddresses"
},
{
"condition": "[and(equals(parameters('provisionPublicIP'),'Yes'), not(equals(variables('numberOfExternalIps'),0)))]",
"apiVersion": "[variables('networkApiVersion')]",
"sku": {
"name": "Standard"
},
"copy": {
"count": "[if(not(equals(variables('numberOfExternalIps'), 0)), variables('numberOfExternalIps'), 1)]",
"name": "extpipcopy"
},
"location": "[variables('location')]",
"name": "[concat(variables('extPublicIPAddressNamePrefix'), copyIndex())]",
"properties": {
"dnsSettings": {
"domainNameLabel": "[concat(variables('dnsLabel'), copyIndex(0))]"
},
"idleTimeoutInMinutes": 30,
"publicIPAllocationMethod": "[variables('publicIPAddressType')]"
},
"tags": "[if(empty(variables('tagValues')), json('null'), variables('tagValues'))]",
"type": "Microsoft.Network/publicIPAddresses"
},
{
"apiVersion": "[variables('networkApiVersion')]",
"dependsOn": [
"[variables('mgmtNsgID')]",
"[concat('Microsoft.Network/publicIPAddresses/', variables('mgmtPublicIPAddressName'), '0')]"
],
"location": "[variables('location')]",
"name": "[concat(variables('mgmtNicName'), '0')]",
"properties": {
"ipConfigurations": [
{
"name": "[concat(variables('dnsLabel'), '-mgmt-ipconfig')]",
"properties": {
"PublicIpAddress": "[if(equals(parameters('provisionPublicIP'),'No'), json('null'), json(concat('{\"Id\": \"', variables('mgmtPublicIPAddressId'), '0', '\"}')))]",
"privateIPAddress": "[if(equals(parameters('mgmtIpAddressRangeStart'), 'DYNAMIC'), json('null'), variables('mgmtSubnetPrivateAddress'))]",
"privateIPAllocationMethod": "[if(equals(parameters('mgmtIpAddressRangeStart'), 'DYNAMIC'), 'Dynamic', 'Static')]",
"subnet": {
"id": "[variables('mgmtSubnetId')]"
}
}
}
],
"networkSecurityGroup": {
"id": "[variables('mgmtNsgID')]"
}
},
"tags": "[union(variables('cloudFailoverTagValue'), json(concat('{\"f5_cloud_failover_nic_map\": \"', variables('mgmtNicName'), '\"}')))]",
"type": "Microsoft.Network/networkInterfaces"
},
{
"apiVersion": "[variables('networkApiVersion')]",
"dependsOn": [
"[variables('mgmtNsgID')]",
"[concat('Microsoft.Network/publicIPAddresses/', variables('mgmtPublicIPAddressName'), '1')]"
],
"location": "[variables('location')]",
"name": "[concat(variables('mgmtNicName'), '1')]",
"properties": {
"ipConfigurations": [
{
"name": "[concat(variables('dnsLabel'), '-mgmt-ipconfig')]",
"properties": {
"PublicIpAddress": "[if(equals(parameters('provisionPublicIP'),'No'), json('null'), json(concat('{\"Id\": \"', variables('mgmtPublicIPAddressId'), '1', '\"}')))]",
"privateIPAddress": "[if(equals(parameters('mgmtIpAddressRangeStart'), 'DYNAMIC'), json('null'), variables('mgmtSubnetPrivateAddress1'))]",
"privateIPAllocationMethod": "[if(equals(parameters('mgmtIpAddressRangeStart'), 'DYNAMIC'), 'Dynamic', 'Static')]",
"subnet": {
"id": "[variables('mgmtSubnetId')]"
}
}
}
],
"networkSecurityGroup": {
"id": "[variables('mgmtNsgID')]"
}
},
"tags": "[union(variables('cloudFailoverTagValue'), json(concat('{\"f5_cloud_failover_nic_map\": \"', variables('mgmtNicName'), '\"}')))]",
"type": "Microsoft.Network/networkInterfaces"
},
{
"apiVersion": "[variables('networkApiVersion')]",
"dependsOn": [
"extpipcopy",
"[variables('extNsgID')]",
"[concat('Microsoft.Network/publicIPAddresses/', variables('extSelfPublicIpAddressNamePrefix'), '0')]"
],
"location": "[variables('location')]",
"name": "[concat(variables('extNicName'), '0')]",
"properties": {
"copy": [
{
"count": "[add(variables('numberOfExternalIps'), 1)]",
"input": {
"name": "[if(equals(copyIndex('ipConfigurations'), 0), concat(variables('instanceName'), '-self-ipconfig'), concat(variables('resourceGroupName'), '-ext-ipconfig', sub(copyIndex('ipConfigurations'), 1)))]",
"properties": {
"PublicIpAddress": "[if(equals(parameters('provisionPublicIP'),'No'), json('null'), json(concat('{\"Id\": \"', if(equals(copyIndex('ipConfigurations'), 0), concat(variables('extSelfPublicIpAddressIdPrefix'), '0'), concat(variables('extPublicIPAddressIdPrefix'), sub(copyIndex('ipConfigurations'), 1))), '\"}')))]",
"primary": "[if(equals(copyIndex('ipConfigurations'), 0), 'True', 'False')]",
"privateIPAddress": "[if(equals(parameters('externalIpSelfAddressRangeStart'), 'DYNAMIC'), json('null'), if(equals(copyIndex('ipConfigurations'), 0), variables('extSubnetPrivateAddress'), concat(variables('extSubnetPrivateAddressPrefix'), add(variables('extSubnetPrivateAddressSuffixInt'), sub(copyIndex('ipConfigurations'), 1)))))]",
"privateIPAllocationMethod": "[if(equals(parameters('externalIpSelfAddressRangeStart'), 'DYNAMIC'), 'Dynamic', 'Static')]",
"subnet": {
"id": "[variables('extSubnetId')]"
}
}
},
"name": "ipConfigurations"
}
],
"networkSecurityGroup": {
"id": "[concat(variables('extNsgID'))]"
}
},
"tags": "[union(variables('cloudFailoverTagValue'), json(concat('{\"f5_cloud_failover_nic_map\": \"', variables('extNicName'), '\"}')))]",
"type": "Microsoft.Network/networkInterfaces"
},
{
"apiVersion": "[variables('networkApiVersion')]",
"dependsOn": [
"extpipcopy",
"[variables('extNsgID')]",
"[concat('Microsoft.Network/publicIPAddresses/', variables('extSelfPublicIpAddressNamePrefix'), '1')]"
],
"location": "[variables('location')]",
"name": "[concat(variables('extNicName'), '1')]",
"properties": {
"ipConfigurations": [
{
"name": "[concat(variables('instanceName'), '-self-ipconfig')]",
"properties": {
"PublicIpAddress": "[if(equals(parameters('provisionPublicIP'),'No'), json('null'), json(concat('{\"Id\": \"', concat(variables('extSelfPublicIpAddressIdPrefix'), '1'), '\"}')))]",
"primary": true,
"privateIPAddress": "[if(equals(parameters('externalIpSelfAddressRangeStart'), 'DYNAMIC'), json('null'), variables('extSubnetPrivateAddress1'))]",
"privateIPAllocationMethod": "[if(equals(parameters('externalIpSelfAddressRangeStart'), 'DYNAMIC'), 'Dynamic', 'Static')]",
"subnet": {
"id": "[variables('extSubnetId')]"
}
}
}
],
"networkSecurityGroup": {
"id": "[concat(variables('extNsgID'))]"
}
},
"tags": "[union(variables('cloudFailoverTagValue'), json(concat('{\"f5_cloud_failover_nic_map\": \"', variables('extNicName'), '\"}')))]",
"type": "Microsoft.Network/networkInterfaces"
},
{
"apiVersion": "[variables('networkApiVersion')]",
"dependsOn": [
"extpipcopy",
"[variables('extNsgID')]"
],
"location": "[variables('location')]",
"name": "[concat(variables('intNicName'), '0')]",
"properties": {
"enableIPForwarding": true,
"primary": true,
"ipConfigurations": [
{
"name": "[concat(variables('dnsLabel'), '-int-ipconfig')]",
"properties": {
"privateIPAddress": "[if(equals(parameters('internalIpAddressRangeStart'), 'DYNAMIC'), json('null'), variables('intSubnetPrivateAddress'))]",
"privateIPAllocationMethod": "[if(equals(parameters('internalIpAddressRangeStart'), 'DYNAMIC'), 'Dynamic', 'Static')]",
"subnet": {
"id": "[variables('intSubnetId')]"
}
}
}
]
},
"tags": "[union(variables('cloudFailoverTagValue'), json(concat('{\"f5_cloud_failover_nic_map\": \"', variables('intNicName'), '\"}')))]",
"type": "Microsoft.Network/networkInterfaces"
},
{
"apiVersion": "[variables('networkApiVersion')]",
"dependsOn": [
"extpipcopy",
"[variables('extNsgID')]"
],
"location": "[variables('location')]",
"name": "[concat(variables('intNicName'), '1')]",
"properties": {
"enableIPForwarding": true,
"primary": true,
"ipConfigurations": [
{
"name": "[concat(variables('dnsLabel'), '-int-ipconfig')]",
"properties": {
"privateIPAddress": "[if(equals(parameters('internalIpAddressRangeStart'), 'DYNAMIC'), json('null'), variables('intSubnetPrivateAddress1'))]",
"privateIPAllocationMethod": "[if(equals(parameters('internalIpAddressRangeStart'), 'DYNAMIC'), 'Dynamic', 'Static')]",
"subnet": {
"id": "[variables('intSubnetId')]"
}
}
}
]
},
"tags": "[union(variables('cloudFailoverTagValue'), json(concat('{\"f5_cloud_failover_nic_map\": \"', variables('intNicName'), '\"}')))]",
"type": "Microsoft.Network/networkInterfaces"
},
{
"apiVersion": "[variables('networkApiVersion')]",
"condition": "[greaterOrEquals(parameters('numberOfAdditionalNics'), 1)]",
"copy": {
"count": "[if(greaterOrEquals(parameters('numberOfAdditionalNics'), 1), parameters('numberOfAdditionalNics'), 1)]",
"name": "addtlniccopy0"
},
"dependsOn": [
"[variables('mgmtNsgID')]"
],
"location": "[variables('location')]",
"name": "[concat(variables('addtlNicName'), copyIndex(1), '0')]",
"properties": {
"ipConfigurations": [
{
"name": "ipconfig",
"properties": {
"privateIPAllocationMethod": "Dynamic",
"subnet": {
"id": "[concat(variables('vnetId'), '/subnets/', variables('addtlNicRefSplit')[copyIndex()])]"
}
}
}
]
},
"tags": "[union(variables('cloudFailoverTagValue'), json(concat('{\"f5_cloud_failover_nic_map\": \"', concat(variables('addtlNicName'), copyIndex(1)), '\"}')))]",
"type": "Microsoft.Network/networkInterfaces"
},
{
"apiVersion": "[variables('networkApiVersion')]",
"condition": "[greaterOrEquals(parameters('numberOfAdditionalNics'), 1)]",
"copy": {
"count": "[if(greaterOrEquals(parameters('numberOfAdditionalNics'), 1), parameters('numberOfAdditionalNics'), 1)]",
"name": "addtlniccopy1"
},
"dependsOn": [
"[variables('mgmtNsgID')]"
],
"location": "[variables('location')]",
"name": "[concat(variables('addtlNicName'), copyIndex(1), '1')]",
"properties": {
"ipConfigurations": [
{
"name": "ipconfig",
"properties": {
"privateIPAllocationMethod": "Dynamic",
"subnet": {
"id": "[concat(variables('vnetId'), '/subnets/', variables('addtlNicRefSplit')[copyIndex()])]"
}
}
}
]
},
"tags": "[union(variables('cloudFailoverTagValue'), json(concat('{\"f5_cloud_failover_nic_map\": \"', concat(variables('addtlNicName'), copyIndex(1)), '\"}')))]",
"type": "Microsoft.Network/networkInterfaces"
},
{
"apiVersion": "[variables('networkApiVersion')]",
"location": "[variables('location')]",
"name": "[concat(variables('dnsLabel'), '-mgmt-nsg')]",
"properties": {
"securityRules": [
{
"name": "mgmt_allow_https",
"properties": {
"access": "Allow",
"description": "",
"destinationAddressPrefix": "*",
"destinationPortRange": "[variables('bigIpMgmtPort')]",
"direction": "Inbound",
"priority": 101,
"protocol": "Tcp",
"sourceAddressPrefix": "[parameters('restrictedSrcAddress')]",
"sourcePortRange": "*"
}
},
{
"name": "ssh_allow_22",
"properties": {
"access": "Allow",
"description": "",
"destinationAddressPrefix": "*",
"destinationPortRange": "22",
"direction": "Inbound",
"priority": 102,
"protocol": "Tcp",
"sourceAddressPrefix": "[parameters('restrictedSrcAddress')]",
"sourcePortRange": "*"
}
}
]
},
"tags": "[if(empty(variables('tagValues')), json('null'), variables('tagValues'))]",
"type": "Microsoft.Network/networkSecurityGroups"
},
{
"apiVersion": "[variables('networkApiVersion')]",
"location": "[variables('location')]",
"name": "[concat(variables('dnsLabel'), '-ext-nsg')]",
"properties": {
"securityRules": []
},
"tags": "[if(empty(variables('tagValues')), json('null'), variables('tagValues'))]",
"type": "Microsoft.Network/networkSecurityGroups"
},
{
"apiVersion": "[variables('computeApiVersion')]",
"location": "[variables('location')]",
"name": "[variables('availabilitySetName')]",
"sku": {
"name": "Aligned"
},
"properties": {
"PlatformFaultDomainCount": 2,
"PlatformUpdateDomainCount": 2
},
"condition": "[not(variables('zonesAvailable'))]",
"tags": "[if(empty(variables('tagValues')), json('null'), variables('tagValues'))]",
"type": "Microsoft.Compute/availabilitySets"
},
{
"apiVersion": "[variables('storageApiVersion')]",
"kind": "Storage",
"location": "[variables('location')]",
"name": "[variables('newDataStorageAccountName')]",
"properties": {
"supportsHttpsTrafficOnly": true
},
"sku": {
"name": "[variables('dataStorageAccountType')]",
"tier": "Standard"
},
"tags": "[variables('cloudFailoverTagValue')]",
"type": "Microsoft.Storage/storageAccounts"
},
{
"apiVersion": "[variables('computeApiVersion')]",
"condition": "[and(variables('useCustomImage'), variables('createNewCustomImage'))]",
"location": "[variables('location')]",
"name": "[variables('newCustomImageName')]",
"properties": {
"storageProfile": {
"osDisk": {
"blobUri": "[variables('customImage')]",
"osState": "Generalized",
"osType": "Linux",
"storageAccountType": "[if(contains(parameters('instanceType'), 's_'), 'Premium_LRS', 'Standard_LRS')]"
}
}
},
"tags": "[if(empty(variables('tagValues')), json('null'), variables('tagValues'))]",
"type": "Microsoft.Compute/images"
},
{
"apiVersion": "[variables('computeApiVersion')]",
"dependsOn": [
"[concat('Microsoft.Storage/storageAccounts/', variables('newDataStorageAccountName'))]",
"[concat('Microsoft.Compute/availabilitySets/', variables('availabilitySetName'))]",
"[variables('newCustomImageName')]",
"addtlniccopy0",
"addtlniccopy1",
"[concat('Microsoft.Network/networkInterfaces/', variables('mgmtNicName'), '0')]",
"[concat('Microsoft.Network/networkInterfaces/', variables('extNicName'), '0')]",
"[concat('Microsoft.Network/networkInterfaces/', variables('intNicName'), '0')]"
],
"identity": "[variables('identityArray')[variables('identityType')]]",
"location": "[variables('location')]",
"name": "[concat(variables('dnsLabel'), '-', variables('instanceName'), '0')]",
"plan": "[if(variables('useCustomImage'), json('null'), variables('imagePlan'))]",
"properties": {
"availabilitySet": "[if(not(variables('zonesAvailable')), variables('availabilitySetId'), json('null'))]",
"diagnosticsProfile": {
"bootDiagnostics": {
"enabled": true,
"storageUri": "[reference(concat('Microsoft.Storage/storageAccounts/', variables('newDataStorageAccountName')), providers('Microsoft.Storage', 'storageAccounts').apiVersions[0]).primaryEndpoints.blob]"
}
},
"hardwareProfile": {
"vmSize": "[parameters('instanceType')]"
},
"networkProfile": {
"networkInterfaces": "[concat(take(variables('selfNicConfigArray')['0'], 3), take(variables('addtlNicConfigArray')['values0'], parameters('numberOfAdditionalNics')))]"
},
"osProfile": "[variables('osProfiles')[parameters('authenticationType')]]",
"storageProfile": "[if(variables('useCustomImage'), variables('storageProfileArray').customImage, variables('storageProfileArray').platformImage)]"
},
"tags": "[if(empty(variables('tagValues')), json('null'), variables('tagValues'))]",
"zones": "[if(variables('zonesAvailable'), array(1), json('null'))]",
"type": "Microsoft.Compute/virtualMachines"
},
{
"apiVersion": "[variables('computeApiVersion')]",
"dependsOn": [
"[concat('Microsoft.Storage/storageAccounts/', variables('newDataStorageAccountName'))]",
"[concat('Microsoft.Compute/availabilitySets/', variables('availabilitySetName'))]",
"[variables('newCustomImageName')]",
"addtlniccopy0",
"addtlniccopy1",
"[concat('Microsoft.Network/networkInterfaces/', variables('mgmtNicName'), '1')]",
"[concat('Microsoft.Network/networkInterfaces/', variables('extNicName'), '1')]",
"[concat('Microsoft.Network/networkInterfaces/', variables('intNicName'), '1')]"
],
"identity": "[variables('identityArray')[variables('identityType')]]",
"location": "[variables('location')]",
"name": "[concat(variables('dnsLabel'), '-', variables('instanceName'), '1')]",
"plan": "[if(variables('useCustomImage'), json('null'), variables('imagePlan'))]",
"properties": {
"availabilitySet": "[if(not(variables('zonesAvailable')), variables('availabilitySetId'), json('null'))]",
"diagnosticsProfile": {
"bootDiagnostics": {
"enabled": true,
"storageUri": "[reference(concat('Microsoft.Storage/storageAccounts/', variables('newDataStorageAccountName')), providers('Microsoft.Storage', 'storageAccounts').apiVersions[0]).primaryEndpoints.blob]"
}
},
"hardwareProfile": {
"vmSize": "[parameters('instanceType')]"
},
"networkProfile": {
"networkInterfaces": "[concat(take(variables('selfNicConfigArray')['1'], 3), take(variables('addtlNicConfigArray')['values1'], parameters('numberOfAdditionalNics')))]"
},
"osProfile": "[variables('osProfiles')[parameters('authenticationType')]]",
"storageProfile": "[if(variables('useCustomImage'), variables('storageProfileArray').customImage, variables('storageProfileArray').platformImage)]"
},
"tags": "[if(empty(variables('tagValues')), json('null'), variables('tagValues'))]",
"zones": "[if(variables('zonesAvailable'), array(2), json('null'))]",
"type": "Microsoft.Compute/virtualMachines"
},
{
"apiVersion": "[variables('authApiVersion')]",
"type": "Microsoft.Authorization/roleAssignments",
"condition": "[equals(variables('identityType'), 'system')]",
"name": "[variables('roleAssignmentNameForInstance0')]",
"properties": {
"roleDefinitionId": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Authorization/roleDefinitions/', 'b24988ac-6180-42a0-ab88-20f7382dd24c')]",
"principalId": "[reference(concat('Microsoft.Compute/virtualMachines/', variables('dnsLabel'), '-', variables('instanceName'), '0'), variables('computeApiVersion'), 'Full').identity.principalId]",
"scope": "[resourceGroup().id]"
},
"dependsOn": [
"[concat('Microsoft.Compute/virtualMachines/', variables('dnsLabel'), '-', variables('instanceName'), '0')]"
]
},
{
"apiVersion": "[variables('authApiVersion')]",
"type": "Microsoft.Authorization/roleAssignments",
"condition": "[equals(variables('identityType'), 'system')]",
"name": "[variables('roleAssignmentNameForInstance1')]",
"properties": {
"roleDefinitionId": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Authorization/roleDefinitions/', 'b24988ac-6180-42a0-ab88-20f7382dd24c')]",
"principalId": "[reference(concat('Microsoft.Compute/virtualMachines/', variables('dnsLabel'), '-', variables('instanceName'), '1'), variables('computeApiVersion'), 'Full').identity.principalId]",
"scope": "[resourceGroup().id]"
},
"dependsOn": [
"[concat('Microsoft.Compute/virtualMachines/', variables('dnsLabel'), '-', variables('instanceName'), '1')]"
]
},
{
"type": "Microsoft.Resources/deployments",
"name": "[concat(variables('dnsLabel'), '-', 'template-role')]",
"apiVersion": "[variables('deployApiVersion')]",
"condition": "[and(equals(variables('identityType'), 'system'), not(equals(parameters('vnetResourceGroupName'), resourceGroup().name)))]",
"resourceGroup": "[parameters('vnetResourceGroupName')]",
"dependsOn": [
"[concat('Microsoft.Compute/virtualMachines/', variables('dnsLabel'), '-', variables('instanceName'), '0')]",
"[concat('Microsoft.Compute/virtualMachines/', variables('dnsLabel'), '-', variables('instanceName'), '1')]"
],
"properties": {
"mode": "Incremental",
"template": {
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"resources": [
{
"apiVersion": "[variables('authApiVersion')]",
"type": "Microsoft.Authorization/roleAssignments",
"name": "[variables('roleAssignementNameForVnet0')]",
"properties": {
"roleDefinitionId": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Authorization/roleDefinitions/', 'b24988ac-6180-42a0-ab88-20f7382dd24c')]",
"principalId": "[reference(concat('Microsoft.Compute/virtualMachines/', variables('dnsLabel'), '-', variables('instanceName'), '0'), variables('computeApiVersion'), 'Full').identity.principalId]",
"scope": "[concat('/subscriptions/', variables('subscriptionID'), '/resourcegroups/', parameters('vnetResourceGroupName'))]"
}
},
{
"apiVersion": "[variables('authApiVersion')]",
"type": "Microsoft.Authorization/roleAssignments",
"name": "[variables('roleAssignementNameForVnet1')]",
"properties": {
"roleDefinitionId": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Authorization/roleDefinitions/', 'b24988ac-6180-42a0-ab88-20f7382dd24c')]",
"principalId": "[reference(concat('Microsoft.Compute/virtualMachines/', variables('dnsLabel'), '-', variables('instanceName'), '1'), variables('computeApiVersion'), 'Full').identity.principalId]",
"scope": "[concat('/subscriptions/', variables('subscriptionID'), '/resourcegroups/', parameters('vnetResourceGroupName'))]"
}
}
]
}
}
},
{
"apiVersion": "[variables('computeApiVersion')]",
"dependsOn": [
"[concat('Microsoft.Authorization/roleAssignments/', variables('roleAssignmentNameForInstance0'))]",
"[concat('Microsoft.Resources/deployments/', variables('dnsLabel'), '-', 'template-role')]"
],
"location": "[variables('location')]",
"name": "[concat(variables('dnsLabel'), '-', variables('instanceName'), '0/start')]",
"properties": {
"autoUpgradeMinorVersion": "true",
"protectedSettings": {
"commandToExecute": "[concat('function cp_logs() { cd /var/lib/waagent/custom-script/download && cp `ls -r | head -1`/std* /var/log/cloud/azure; cd /var/log/cloud/azure && cat stdout stderr > install.log; }; CLOUD_LIB_DIR=/config/cloud/azure/node_modules/@f5devcentral; mkdir -p $CLOUD_LIB_DIR && cp f5-cloud-libs*.tar.gz* /config/cloud; mkdir -p /var/config/rest/downloads; mkdir -p /var/log/cloud/azure; /usr/bin/install -m 400 /dev/null /config/cloud/.passwd; /usr/bin/setdb provision.extramb 1000; /usr/bin/setdb restjavad.useextramb true; /usr/bin/curl -s -f -u admin: -H \"Content-Type: application/json\" -d ', variables('singleQuote'), '{\"maxMessageBodySize\":134217728} ', variables('singleQuote'), ' -X POST http://localhost:8100/mgmt/shared/server/messaging/settings/8100 | jq .; for i in {1..30}; do\n /usr/bin/curl -fv --retry 1 --connect-timeout 5 -L https://cdn.f5.com/product/cloudsolutions/f5-bigip-runtime-init/', variables('f5RuntimeInitTag'), '/dist/', variables('f5RuntimeInitBuild'), ' -o ', variables('f5RuntimeInitBuild'), ' && break || sleep 10\n done; echo -e ', variables('singleQuote'), variables('customData'), variables('singleQuote'), ' > /config/cloud/runtime-init-config.yaml; bash ', variables('f5RuntimeInitBuild'), ' -- ', variables('singleQuote'), '--cloud azure', variables('singleQuote'), '; f5-bigip-runtime-init -c /config/cloud/runtime-init-config.yaml --skip-telemetry; /usr/bin/install -m 400 /dev/null /config/cloud/.azCredentials; /usr/bin/install -b -m 755 /dev/null /config/verifyHash; /usr/bin/install -b -m 755 /dev/null /config/installCloudLibs.sh; IFS=', variables('singleQuote'), '%', variables('singleQuote'), '; echo -e ', variables('verifyHash'), ' > /config/verifyHash; echo -e ', variables('installCloudLibs'), ' > /config/installCloudLibs.sh; echo -e ', variables('appScript'), ' | /usr/bin/base64 -d > /config/cloud/deploy_app.sh; chmod +x /config/cloud/deploy_app.sh; echo -e ', variables('installCustomConfig'), ' >> /config/customConfig.sh; unset IFS; bash /config/installCloudLibs.sh; source $CLOUD_LIB_DIR/f5-cloud-libs/scripts/util.sh; encrypt_secret ', variables('singleQuote'), variables('adminPasswordOrKey'), variables('singleQuote'), ' \"/config/cloud/.passwd\" true; $CLOUD_LIB_DIR/f5-cloud-libs/scripts/createUser.sh --user svc_user --password-file /config/cloud/.passwd --password-encrypted; ', variables('allowUsageAnalytics')[parameters('allowUsageAnalytics')].hashCmd, '; /usr/bin/f5-rest-node $CLOUD_LIB_DIR/f5-cloud-libs/scripts/onboard.js --db dhclient.mgmt:disable --no-reboot --output /var/log/cloud/azure/onboard.log --signal ONBOARD_DONE --log-level info --cloud azure --host ', reference(concat(variables('mgmtNicId'), '0')).ipConfigurations[0].properties.privateIPAddress, ' --port ', variables('bigIpMgmtPort'), ' --ssl-port ', variables('bigIpMgmtPort'), ' -u svc_user --password-url file:///config/cloud/.passwd --password-encrypted --hostname ', concat(variables('instanceName'), '0.', variables('location'), '.cloudapp.azure.com'), ' --license ', parameters('licenseKey1'), ' --ntp ', parameters('ntpServer'), ' --tz ', parameters('timeZone'), ' --modules ', parameters('bigIpModules'), ' --db config.allow.rfc3927:enable --db tmm.maxremoteloglength:2048', variables('allowUsageAnalytics')[parameters('allowUsageAnalytics')].metricsCmd, '; tmsh modify sys software update auto-phonehome ', variables('allowPhoneHome'), '; /usr/bin/f5-rest-node $CLOUD_LIB_DIR/f5-cloud-libs/scripts/network.js --output /var/log/cloud/azure/network.log --wait-for ONBOARD_DONE --host ', reference(concat(variables('mgmtNicId'), '0')).ipConfigurations[0].properties.privateIPAddress, ' --port ', variables('bigIpMgmtPort'), ' -u svc_user --password-url file:///config/cloud/.passwd --password-encrypted --default-gw ', concat(take(reference(variables('extSubnetRef'), variables('networkApiVersion')).addressPrefix, add(lastIndexOf(reference(variables('extSubnetRef'), variables('networkApiVersion')).addressPrefix, '.'), 1)), add(int(take(split(reference(variables('extSubnetRef'), variables('networkApiVersion')).addressPrefix, '.')[3], indexOf(split(reference(variables('extSubnetRef'), variables('networkApiVersion')).addressPrefix, '.')[3], '/'))), 1)), ' --vlan name:external,nic:1.1 --mgmt-route name:azureMetadata,gw:', concat(take(reference(variables('mgmtSubnetRef'), variables('networkApiVersion')).addressPrefix, add(lastIndexOf(reference(variables('mgmtSubnetRef'), variables('networkApiVersion')).addressPrefix, '.'), 1)), add(int(take(split(reference(variables('mgmtSubnetRef'), variables('networkApiVersion')).addressPrefix, '.')[3], indexOf(split(reference(variables('mgmtSubnetRef'), variables('networkApiVersion')).addressPrefix, '.')[3], '/'))), 1)) ,',network:169.254.169.254/32 --vlan name:internal,nic:1.2 ', variables('netCmd'), ' --self-ip name:self_2nic,address:', reference(concat(variables('extNicId'), '0')).ipConfigurations[0].properties.privateIPAddress, skip(reference(variables('extSubnetRef'), variables('networkApiVersion')).addressPrefix, indexOf(reference(variables('extSubnetRef'), variables('networkApiVersion')).addressPrefix, '/')), ',vlan:external --self-ip name:self_3nic,address:', reference(concat(variables('intNicId'), '0')).ipConfigurations[0].properties.privateIPAddress, skip(reference(variables('intSubnetRef'), variables('networkApiVersion')).addressPrefix, indexOf(reference(variables('intSubnetRef'), variables('networkApiVersion')).addressPrefix, '/')), ',vlan:internal --log-level info; tmsh modify cm device ', concat(variables('instanceName'), '0.', variables('location'), '.cloudapp.azure.com'), ' unicast-address { { ip ', reference(concat(variables('intNicId'), '0')).ipConfigurations[0].properties.privateIPAddress, ' port 1026 } } mirror-ip ', reference(concat(variables('intNicId'), '0')).ipConfigurations[0].properties.privateIPAddress, '; ', variables('failoverCmdArray')[variables('bigIpMajorVersion')], '; /usr/bin/f5-rest-node $CLOUD_LIB_DIR/f5-cloud-libs/scripts/cluster.js --output /var/log/cloud/azure/cluster.log --log-level info --delete-local-creds --host ', reference(concat(variables('mgmtNicId'), '0')).ipConfigurations[0].properties.privateIPAddress, ' --port ', variables('bigIpMgmtPort'), ' -u svc_user --password-url file:///config/cloud/.passwd --password-encrypted --config-sync-ip ', reference(concat(variables('intNicId'), '0')).ipConfigurations[0].properties.privateIPAddress, ' --create-group --device-group Sync --sync-type sync-failover --device ', concat(variables('instanceName'), '0.', variables('location'), '.cloudapp.azure.com'), ' --network-failover --auto-sync --save-on-auto-sync; echo ', string(variables('cloudFailoverInitConfig')), ' >> /config/cloud/azure/cfe-init.cfg; bash /config/cloud/deploy_app.sh ', variables('commandArgs'), ' -f do_as3 ', '; if [[ $? == 0 ]]; then tmsh list sys application service; base=', reference(concat(variables('extNicId'), '0')).ipConfigurations[0].properties.privateIPAddress, '; f3=$(echo $base | cut -d. -f1-3); list=$(/usr/bin/curl -s -H Metadata:true \"http://169.254.169.254/metadata/instance/network?api-version=2017-08-01\" | jq -r .interface[].ipv4.ipAddress[].privateIpAddress); for address in $list; do address_base=$(echo $address | cut -d. -f1-3); if [[ $address_base == $f3 && $address != $base ]]; then tmsh create ltm virtual-address $address address $address; fi; done; ', variables('routeCmd'), '; echo -e ', variables('routeCmd'), ' >> /config/startup; $(nohup bash /config/failover/tgactive &>/dev/null &); bash /config/customConfig.sh; $(cp_logs); else $(cp_logs); exit 1; fi', '; if grep -i \"PUT failed\" /var/log/waagent.log -q; then echo \"Killing waagent exthandler, daemon should restart it\"; pkill -f \"python -u /usr/sbin/waagent -run-exthandlers\"; fi')]"
},
"publisher": "Microsoft.Azure.Extensions",
"settings": {
"fileUris": [
"[concat('https://cdn.f5.com/product/cloudsolutions/f5-cloud-libs/', variables('f5CloudLibsTag'), '/f5-cloud-libs.tar.gz')]",
"[concat('https://cdn.f5.com/product/cloudsolutions/f5-cloud-libs-azure/', variables('f5CloudLibsAzureTag'), '/f5-cloud-libs-azure.tar.gz')]"
]
},
"type": "CustomScript",
"typeHandlerVersion": "2.0"
},
"tags": "[if(empty(variables('tagValues')), json('null'), variables('tagValues'))]",
"type": "Microsoft.Compute/virtualMachines/extensions"
},
{
"apiVersion": "[variables('computeApiVersion')]",
"dependsOn": [
"[concat('Microsoft.Authorization/roleAssignments/', variables('roleAssignmentNameForInstance1'))]",
"[concat('Microsoft.Resources/deployments/', variables('dnsLabel'), '-', 'template-role')]"
],
"location": "[variables('location')]",
"name": "[concat(variables('dnsLabel'), '-', variables('instanceName'), '1/start')]",
"properties": {
"autoUpgradeMinorVersion": "true",
"protectedSettings": {
"commandToExecute": "[concat('function cp_logs() { cd /var/lib/waagent/custom-script/download && cp `ls -r | head -1`/std* /var/log/cloud/azure; cd /var/log/cloud/azure && cat stdout stderr > install.log; }; CLOUD_LIB_DIR=/config/cloud/azure/node_modules/@f5devcentral; mkdir -p $CLOUD_LIB_DIR && cp f5-cloud-libs*.tar.gz* /config/cloud; mkdir -p /var/config/rest/downloads; mkdir -p /var/log/cloud/azure; /usr/bin/install -m 400 /dev/null /config/cloud/.passwd; /usr/bin/setdb provision.extramb 1000; /usr/bin/setdb restjavad.useextramb true; /usr/bin/curl -s -f -u admin: -H \"Content-Type: application/json\" -d ', variables('singleQuote'), '{\"maxMessageBodySize\":134217728} ', variables('singleQuote'), ' -X POST http://localhost:8100/mgmt/shared/server/messaging/settings/8100 | jq .; for i in {1..30}; do\n /usr/bin/curl -fv --retry 1 --connect-timeout 5 -L https://cdn.f5.com/product/cloudsolutions/f5-bigip-runtime-init/', variables('f5RuntimeInitTag'), '/dist/', variables('f5RuntimeInitBuild'), ' -o ', variables('f5RuntimeInitBuild'), ' && break || sleep 10\n done; echo -e ', variables('singleQuote'), variables('customData'), variables('singleQuote'), ' > /config/cloud/runtime-init-config.yaml; bash ', variables('f5RuntimeInitBuild'), ' -- ', variables('singleQuote'), '--cloud azure', variables('singleQuote'), '; f5-bigip-runtime-init -c /config/cloud/runtime-init-config.yaml --skip-telemetry; /usr/bin/install -m 400 /dev/null /config/cloud/.azCredentials; /usr/bin/install -b -m 755 /dev/null /config/verifyHash; /usr/bin/install -b -m 755 /dev/null /config/installCloudLibs.sh; IFS=', variables('singleQuote'), '%', variables('singleQuote'), '; echo -e ', variables('verifyHash'), ' > /config/verifyHash; echo -e ', variables('installCloudLibs'), ' > /config/installCloudLibs.sh; echo -e ', variables('appScript'), ' | /usr/bin/base64 -d > /config/cloud/deploy_app.sh; chmod +x /config/cloud/deploy_app.sh; echo -e ', variables('installCustomConfig'), ' >> /config/customConfig.sh; unset IFS; bash /config/installCloudLibs.sh; source $CLOUD_LIB_DIR/f5-cloud-libs/scripts/util.sh; encrypt_secret ', variables('singleQuote'), variables('adminPasswordOrKey'), variables('singleQuote'), ' \"/config/cloud/.passwd\" true; $CLOUD_LIB_DIR/f5-cloud-libs/scripts/createUser.sh --user svc_user --password-file /config/cloud/.passwd --password-encrypted; ', variables('allowUsageAnalytics')[parameters('allowUsageAnalytics')].hashCmd, '; /usr/bin/f5-rest-node $CLOUD_LIB_DIR/f5-cloud-libs/scripts/onboard.js --db dhclient.mgmt:disable --no-reboot --output /var/log/cloud/azure/onboard.log --signal ONBOARD_DONE --log-level info --cloud azure --host ', reference(concat(variables('mgmtNicId'), '1')).ipConfigurations[0].properties.privateIPAddress, ' --port ', variables('bigIpMgmtPort'), ' --ssl-port ', variables('bigIpMgmtPort'), ' -u svc_user --password-url file:///config/cloud/.passwd --password-encrypted --hostname ', concat(variables('instanceName'), '1.', variables('location'), '.cloudapp.azure.com'), ' --license ', parameters('licenseKey2'), ' --ntp ', parameters('ntpServer'), ' --tz ', parameters('timeZone'), ' --modules ', parameters('bigIpModules'), ' --db config.allow.rfc3927:enable --db tmm.maxremoteloglength:2048', variables('allowUsageAnalytics')[parameters('allowUsageAnalytics')].metricsCmd, '; tmsh modify sys software update auto-phonehome ', variables('allowPhoneHome'), '; /usr/bin/f5-rest-node $CLOUD_LIB_DIR/f5-cloud-libs/scripts/network.js --output /var/log/cloud/azure/network.log --wait-for ONBOARD_DONE --host ', reference(concat(variables('mgmtNicId'), '1')).ipConfigurations[0].properties.privateIPAddress, ' --port ', variables('bigIpMgmtPort'), ' -u svc_user --password-url file:///config/cloud/.passwd --password-encrypted --default-gw ', concat(take(reference(variables('extSubnetRef'), variables('networkApiVersion')).addressPrefix, add(lastIndexOf(reference(variables('extSubnetRef'), variables('networkApiVersion')).addressPrefix, '.'), 1)), add(int(take(split(reference(variables('extSubnetRef'), variables('networkApiVersion')).addressPrefix, '.')[3], indexOf(split(reference(variables('extSubnetRef'), variables('networkApiVersion')).addressPrefix, '.')[3], '/'))), 1)), ' --vlan name:external,nic:1.1 --mgmt-route name:azureMetadata,gw:', concat(take(reference(variables('mgmtSubnetRef'), variables('networkApiVersion')).addressPrefix, add(lastIndexOf(reference(variables('mgmtSubnetRef'), variables('networkApiVersion')).addressPrefix, '.'), 1)), add(int(take(split(reference(variables('mgmtSubnetRef'), variables('networkApiVersion')).addressPrefix, '.')[3], indexOf(split(reference(variables('mgmtSubnetRef'), variables('networkApiVersion')).addressPrefix, '.')[3], '/'))), 1)) ,',network:169.254.169.254/32 --vlan name:internal,nic:1.2 ', variables('netCmd'), ' --self-ip name:self_2nic,address:', reference(concat(variables('extNicId'), '1')).ipConfigurations[0].properties.privateIPAddress, skip(reference(variables('extSubnetRef'), variables('networkApiVersion')).addressPrefix, indexOf(reference(variables('extSubnetRef'), variables('networkApiVersion')).addressPrefix, '/')), ',vlan:external --self-ip name:self_3nic,address:', reference(concat(variables('intNicId'), '1')).ipConfigurations[0].properties.privateIPAddress, skip(reference(variables('intSubnetRef'), variables('networkApiVersion')).addressPrefix, indexOf(reference(variables('intSubnetRef'), variables('networkApiVersion')).addressPrefix, '/')), ',vlan:internal --log-level info; tmsh modify cm device ', concat(variables('instanceName'), '1.', variables('location'), '.cloudapp.azure.com'), ' unicast-address { { ip ', reference(concat(variables('intNicId'), '1')).ipConfigurations[0].properties.privateIPAddress, ' port 1026 } } mirror-ip ', reference(concat(variables('intNicId'), '1')).ipConfigurations[0].properties.privateIPAddress, '; ', variables('failoverCmdArray')[variables('bigIpMajorVersion')], '; /usr/bin/f5-rest-node $CLOUD_LIB_DIR/f5-cloud-libs/scripts/cluster.js --output /var/log/cloud/azure/cluster.log --log-level info --delete-local-creds --host ', reference(concat(variables('mgmtNicId'), '1')).ipConfigurations[0].properties.privateIPAddress, ' --port ', variables('bigIpMgmtPort'), ' -u svc_user --password-url file:///config/cloud/.passwd --password-encrypted --config-sync-ip ', reference(concat(variables('intNicId'), '1')).ipConfigurations[0].properties.privateIPAddress, ' --join-group --device-group Sync --sync --remote-host ', reference(concat(variables('mgmtNicId'), '0')).ipConfigurations[0].properties.privateIPAddress, ' --remote-user svc_user --remote-password-url file:///config/cloud/.passwd; echo ', string(variables('cloudFailoverInitConfig')), ' >> /config/cloud/azure/cfe-init.cfg; bash /config/cloud/deploy_app.sh ', variables('commandArgs'), ' -f skip_as3 ', '; if [[ $? == 0 ]]; then tmsh list sys application service; base=', reference(concat(variables('extNicId'), '1')).ipConfigurations[0].properties.privateIPAddress, '; f3=$(echo $base | cut -d. -f1-3); list=$(/usr/bin/curl -s -H Metadata:true \"http://169.254.169.254/metadata/instance/network?api-version=2017-08-01\" | jq -r .interface[].ipv4.ipAddress[].privateIpAddress); for address in $list; do address_base=$(echo $address | cut -d. -f1-3); if [[ $address_base == $f3 && $address != $base ]]; then tmsh create ltm virtual-address $address address $address; fi; done; ', variables('routeCmd'), '; echo -e ', variables('routeCmd'), ' >> /config/startup; $(nohup bash /config/failover/tgactive &>/dev/null &); bash /config/customConfig.sh; $(cp_logs); else $(cp_logs); exit 1; fi', '; if grep -i \"PUT failed\" /var/log/waagent.log -q; then echo \"Killing waagent exthandler, daemon should restart it\"; pkill -f \"python -u /usr/sbin/waagent -run-exthandlers\"; fi')]"
},
"publisher": "Microsoft.Azure.Extensions",
"settings": {
"fileUris": [
"[concat('https://cdn.f5.com/product/cloudsolutions/f5-cloud-libs/', variables('f5CloudLibsTag'), '/f5-cloud-libs.tar.gz')]",
"[concat('https://cdn.f5.com/product/cloudsolutions/f5-cloud-libs-azure/', variables('f5CloudLibsAzureTag'), '/f5-cloud-libs-azure.tar.gz')]"
]
},
"type": "CustomScript",
"typeHandlerVersion": "2.0"
},
"tags": "[if(empty(variables('tagValues')), json('null'), variables('tagValues'))]",
"type": "Microsoft.Compute/virtualMachines/extensions"
}
],
"outputs": {
"GUI-URL": {
"type": "string",
"value": "[if(equals(parameters('provisionPublicIP'),'No'), concat('https://',reference(concat(variables('mgmtNicId'), '0')).ipConfigurations[0].properties.privateIPAddress, ':', variables('bigIpMgmtPort')), concat('https://',reference(concat(variables('mgmtPublicIPAddressId'), '0')).dnsSettings.fqdn, ':', variables('bigIpMgmtPort')))]"
},
"SSH-URL": {
"type": "string",
"value": "[if(equals(parameters('provisionPublicIP'),'No'), concat(reference(concat(variables('mgmtNicId'), '0')).ipConfigurations[0].properties.privateIPAddress,' ',22), concat('https://',reference(concat(variables('mgmtPublicIPAddressId'), '0')).dnsSettings.fqdn, ':', variables('bigIpMgmtPort')))]"
}
}
}