{"id":18798746,"url":"https://github.com/f5networks/f5-bigip-runtime-init","last_synced_at":"2025-06-27T00:03:07.410Z","repository":{"id":45761038,"uuid":"298365359","full_name":"F5Networks/f5-bigip-runtime-init","owner":"F5Networks","description":null,"archived":false,"fork":false,"pushed_at":"2024-07-09T15:21:06.000Z","size":4470,"stargazers_count":14,"open_issues_count":16,"forks_count":16,"subscribers_count":11,"default_branch":"main","last_synced_at":"2025-04-13T17:46:06.790Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"TypeScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/F5Networks.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":"SUPPORT.md","governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2020-09-24T18:38:33.000Z","updated_at":"2025-02-13T14:33:16.000Z","dependencies_parsed_at":"2023-12-22T02:23:57.940Z","dependency_job_id":"07b2a04e-d8a8-49cf-be69-b8c382c2ecf6","html_url":"https://github.com/F5Networks/f5-bigip-runtime-init","commit_stats":null,"previous_names":[],"tags_count":22,"template":false,"template_full_name":null,"purl":"pkg:github/F5Networks/f5-bigip-runtime-init","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/F5Networks%2Ff5-bigip-runtime-init","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/F5Networks%2Ff5-bigip-runtime-init/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/F5Networks%2Ff5-bigip-runtime-init/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/F5Networks%2Ff5-bigip-runtime-init/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/F5Networks","download_url":"https://codeload.github.com/F5Networks/f5-bigip-runtime-init/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/F5Networks%2Ff5-bigip-runtime-init/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":262163810,"owners_count":23268778,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-11-07T22:12:51.845Z","updated_at":"2025-06-27T00:03:07.338Z","avatar_url":"https://github.com/F5Networks.png","language":"TypeScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"# F5 BIG-IP Runtime Init\n\n[![Releases](https://img.shields.io/github/release/f5networks/f5-bigip-runtime-init.svg)](https://github.com/f5networks/f5-bigip-runtime-init/releases)\n[![Issues](https://img.shields.io/github/issues/f5networks/f5-bigip-runtime-init.svg)](https://github.com/f5networks/f5-bigip-runtime-init/issues)\n\n## Contents\n- [F5 BIG-IP Runtime Init](#big-ip-runtime-init)\n - [Contents](#contents)\n - [Introduction](#introduction)\n - [Overview](#overview)\n - [Features](#features)\n - [Prerequisites](#prerequisites)\n - [Caveats and Limitations](#caveats-and-limitations)\n - [Validated BIG-IP versions](#validated-big-ip-versions)\n - [Installer](#installer)\n - [Downloads](#downloads)\n - [Configuration](#configuration)\n - [Configuration Examples and Schema Documentation](#configuration-examples-and-schema-documentation)\n - [controls](#controls)\n - [pre_onboard_enabled](#pre\\_onboard\\_enabled)\n - [runtime_parameters](#runtime\\_parameters)\n - [bigip_ready_enabled](#bigip\\_ready\\_enabled)\n - [extension_packages](#extension\\_packages)\n - [extension_services](#extension\\_services)\n - [post_onboard_enabled](#post\\_onboard\\_enabled)\n - [post_hook](#post\\_hook)\n - [Usage Examples](#usage-examples)\n - [Terraform](#terraform)\n - [Azure snippet](#azure-terraform-snippet)\n - [Azure (ARM Template) snippet](#azure-arm-template-snippet)\n - [Download BIG-IP Runtime Config from a URL](#download-big-ip-runtime-config-from-a-url)\n - [Inline BIG-IP Runtime Config](#inline-big-ip-runtime-config)\n - [Native Template Examples](#native-template-examples)\n - [Using a Proxy Server](#using-a-proxy-server)\n - [Private Environments](#private-environments)\n - [Disable Calls from the Installer](#disable-calls-from-the-installer)\n - [Disable Calls from the Command](#disable-calls-from-the-command)\n - [Troubleshooting](#troubleshooting)\n - [Set Recommended System Database Variables](#set-recommended-system-database-variables)\n - [Log to the Serial Console](#log-to-the-serial-console)\n - [F5 Automation Toolchain Components](#f5-automation-toolchain-components)\n - [Extension metadata file](#extension-metadata-file)\n - [Documentation](#documentation)\n - [Getting Help](#getting-help)\n - [Filing Issues](#filing-issues)\n - [Copyright](#copyright)\n - [License](#license)\n - [Apache V2.0](#apache-v20)\n\n\n## Introduction\n\nF5 BIG-IP Runtime Init is a tool that aims to simplify startup scripts for BIG-IP Virtual Edition. It does this by providing a single convenient YAML (1.2 spec) or JSON-based configuration file, which\n* leverages [F5 Automation Tool Chain](https://www.f5.com/pdf/products/automation-toolchain-overview.pdf) declarations that are easier to author, validate, and maintain as code (vs. bigip.conf files);\n* renders secrets from public cloud vaults; and\n* renders runtime variables from metadata services.\n\nThe result is a complete overlay deployment tool for configuring a BIG-IP instance. This allows us to extend our cloud solutions from native templates to other instance provisioning tools, such as Terraform and Ansible. For more information regarding sending startup scripts to BIG-IP VE, see [VE documentation](https://clouddocs.f5.com/cloud/public/v1/shared/cloudinit.html).\n\n\n![F5 BIG-IP Runtime Init](diagrams/f5_bigip_runtime_init_animated.gif)\n\n \n## Overview\n\nFrom a high-level, using this tool involves three steps:\n\n- **Step 1**: Download and Install BIG-IP Runtime Init using the self-extracting installer: \n ```sh\n curl -o /tmp/f5-bigip-runtime-init-2.0.3-1.gz.run https://cdn.f5.com/product/cloudsolutions/f5-bigip-runtime-init/v2.0.3/dist/f5-bigip-runtime-init-2.0.3-1.gz.run \u0026\u0026 bash /tmp/f5-bigip-runtime-init-2.0.3-1.gz.run -- '--cloud [aws|azure|gcp]'\n ```\n - See [installer](#installer) details and [downloads](#downloads) below.\n\n- **Step 2**: Download OR Render inline a Runtime Init configuration file (runtime-init-conf.yaml).\n ```sh\n curl -o /config/cloud/runtime-init-conf.yaml https://my-source-host/my-repo/bigip-configs/0.0.1/runtime-init-conf.yaml \n ```\n - See [configuration](#configuration) details below.\n\n- **Step 3**: Load the configuration file: \n ```sh\n f5-bigip-runtime-init --config-file /config/cloud/runtime-init-conf.yaml\n ```\n\n - See usage [examples](#usage-examples) below.\n\n## Features\nThis repository includes both the BIG-IP Runtime Init source code and a self-extracting installer script for installing the main package.\n\nThe installer script will do the following:\n\n- Determine the cloud environment where the script is running\n- Extract and verify the appropriate cloud-specific package archive\n- Install the package archive and create a command alias for f5-bigip-runtime-init\n\nBased on the content of the provided YAML or JSON configuration file, BIG-IP Runtime Init will do the following:\n\n- Download, verify, and install F5 Automation Toolchain packages (DO, AS3, FAST, TS, and CFE) from default package metadata, URLs, or local files.\n- Download, verify, and install custom iApp LX packages from URLs or local files.\n- Accept Automation Toolchain declarations from URLs or local files (must be valid JSON or YAML declarations).\n- Get secrets from cloud provider secret management APIs (Azure KeyVault, AWS Secret Manager, GCP Secrets Manager, HashiCorp Vault).\n- Get select attributes from cloud provider instance and network metadata.\n- Render valid Automation Toolchain declarations based on rendered runtime variables (such as secrets and metadata attributes above) and provided declarations.\n- POST rendered declarations to Automation Toolchain endpoints and verify success or failure.\n- Run user-specified pre-onboard and post-onboard commands.\n- Send a webhook with a customizable telemetry data to a user-specified endpoint.\n\n\n## Prerequisites\n- BIG-IP 14.1.4.6 or newer.\n- A mechanism to copy the configuration file to the BIG-IP instance (cloud-init, user data, provider-specific methods).\n- Access to the Internet (or other network location if files are locally hosted) for downloading the self-extracting installer package, RPM files, and SHA256 checksums for package verification.\n- Access to the cloud provider metadata service if you rendering metadata runtime parameters.\n- An IAM identity associated to the BIG-IP instance(s) with sufficient roles/permissions for accessing cloud provider APIs.\n\n\n## Caveats and Limitations\n- If leveraging the `extension_services` parameter to send DO declarations, the declarations cannot contain directives that will trigger a reboot. For example, a reboot would occur for any declaration that:\n - contains a disk_class\n - provisions a module (for example, APM) that creates a disk volume\n\n## Validated BIG-IP versions\nF5 BIG-IP Runtime Init has been tested and validated with the following versions of BIG-IP:\n\n| BIG-IP Version | Build Number |\n| --- | --- |\n| 16.1.3.3 | 0.0.3 |\n| 15.1.8.1 | 0.0.3 |\n| 14.1.5.3 | 0.0.5 |\n\nNewer versions are expected to work but have not been specifically tested. \n\n## Installer\n\nThe self-extracting installer accepts the following parameters:\n\n```\n--cloud | -c : Specifies cloud provider name. Allowed values: (aws, azure or gcp)\n--key | -k : Provides location for GPG key used for verifying signature on RPM file\n--skip-verify : Disables RPM signature verification\n--toolchain-metadata-file-url : Provides overriding delivery URL for toolchain extension metadata file\n--skip-toolchain-metadata-sync : Disables downloading automation toolchain metadata from the Internet\n--telemetry-params : Specifies telemetry parameters as key:value pairs; (key01:value01,key02:value02). For sending F5 additional usage data.\n```\n\n\n*NOTE*: Runtime Init can be installed generically on a cloud or environment not listed above by omitting the ``--cloud | -c`` parameter. For example, it can also be used in a VMware environment to install the F5 Automation Tool Chain packages and declarations. When omitted, Runtime Init's cloud specific integrations (runtime_parameters: ```type: secret``` and ```type: metadata``` ) will be disabled. See [runtime_parameters](#runtime\\_parameters) section for details.\n\n\nThe installer also allows you to configure request retries to make the installation robust and tolerant to network instability. This can be done using the following environment variables:\n\n| Environment variable | Description | Default Value |\n| --- | --- | --- |\n| HTTP_RETRY | Number of retries before script will fail. | 12 |\n| HTTP_RETRY_MAX_TIME | The retry timer (in seconds) is reset before the first transfer attempt. | 60 |\n| HTTP_MAX_TIME | Maximum time (in seconds) that you allow the whole operation to take. | 5 |\n\n\n**Examples:**\n\nUsing `--cloud` parameter for basic Azure install:\n```\n curl https://cdn.f5.com/product/cloudsolutions/f5-bigip-runtime-init/v2.0.3/dist/f5-bigip-runtime-init-2.0.3-1.gz.run -o f5-bigip-runtime-init-2.0.3-1.gz.run \u0026\u0026 bash f5-bigip-runtime-init-2.0.3-1.gz.run -- '--cloud azure'\n```\n\nSee [Private Environments](#private-environments) section below for more install examples.\n\n## Downloads\nSelf-extracting installer, RPMs, and file hashes are available from the following locations:\n\n| Cloud | Type | Location |\n| --- | --- | --- |\n| All | Self-extracting installer | https://cdn.f5.com/product/cloudsolutions/f5-bigip-runtime-init/v2.0.3/dist/f5-bigip-runtime-init-2.0.3-1.gz.run |\n| All | SHA256 | https://github.com/f5networks/f5-bigip-runtime-init/releases/download/2.0.3/f5-bigip-runtime-init-2.0.3-1.gz.run.sha256 |\n| All | RPM | https://cdn.f5.com/product/cloudsolutions/f5-bigip-runtime-init/v2.0.3/dist/rpms/f5-bigip-runtime-init-all-2.0.3-1-signed.noarch.rpm |\n| All | SHA256 | https://cdn.f5.com/product/cloudsolutions/f5-bigip-runtime-init/v2.0.3/dist/rpms/f5-bigip-runtime-init-all-2.0.3-1-signed.noarch.rpm.sha256 |\n| AWS | RPM | https://cdn.f5.com/product/cloudsolutions/f5-bigip-runtime-init/v2.0.3/dist/rpms/f5-bigip-runtime-init-aws-2.0.3-1-signed.noarch.rpm |\n| AWS | SHA256 | https://cdn.f5.com/product/cloudsolutions/f5-bigip-runtime-init/v2.0.3/dist/rpms/f5-bigip-runtime-init-aws-2.0.3-1-signed.noarch.rpm.sha256 |\n| Azure | RPM | https://cdn.f5.com/product/cloudsolutions/f5-bigip-runtime-init/v2.0.3/dist/rpms/f5-bigip-runtime-init-azure-2.0.3-1-signed.noarch.rpm |\n| Azure | SHA256 | https://cdn.f5.com/product/cloudsolutions/f5-bigip-runtime-init/v2.0.3/dist/rpms/f5-bigip-runtime-init-azure-2.0.3-1-signed.noarch.rpm.sha256 |\n| GCP | RPM | https://cdn.f5.com/product/cloudsolutions/f5-bigip-runtime-init/v2.0.3/dist/rpms/f5-bigip-runtime-init-gcp-2.0.3-1-signed.noarch.rpm |\n| GCP | SHA256 | https://cdn.f5.com/product/cloudsolutions/f5-bigip-runtime-init/v2.0.3/dist/rpms/f5-bigip-runtime-init-gcp-2.0.3-1-signed.noarch.rpm.sha256 |\n| None | RPM | https://cdn.f5.com/product/cloudsolutions/f5-bigip-runtime-init/v2.0.3/dist/rpms/f5-bigip-runtime-init-base-2.0.3-1-signed.noarch.rpm |\n| None | SHA256 | https://cdn.f5.com/product/cloudsolutions/f5-bigip-runtime-init/v2.0.3/dist/rpms/f5-bigip-runtime-init-base-2.0.3-1-signed.noarch.rpm.sha256 |\n\n\n## Configuration\n\nThe BIG-IP Runtime Init configuration consists of the following attributes:\n\n| Attribute | Default Value | Required | Description | \n| --- | --- | --- | --- | \n| [controls](#controls) | none | No | List of runtime controls settings. |\n| [pre_onboard_enabled](#pre\\_onboard\\_enabled) | none | No | List of commands to run that do not check if BIG-IP and MCPD are up and running. However, execution before BIG-IP is ready depends on cloud agent/download times/etc. |\n| [runtime_parameters](#runtime\\_parameters) | none | No | List of runtime parameters to gather. |\n| [bigip_ready_enabled](#bigip\\_ready\\_nabled) | none | No | List of commands to run after BIG-IP and MCPD are up and running. Example: TMSH commands, misc optimizations, etc. |\n| [extension_packages](#extension\\_packages) | none | No | List of iControl Lx packages to download and install. |\n| [extension_services](#extension\\_ervices) | none | No | List of iControl Lx declarations to configure. |\n| [post_onboard_enabled](#post\\_onboard\\_enabled) | none | No | List of commands to run after sending iControl LX declarations. |\n| [post_hook](#post\\_hook) | none | No | Webhook to send upon completion. |\n\n#### Configuration Examples and Schema Documentation\n\nA basic Runtime Init configuration file *(YAML)*.\n\n```yaml\ncontrols:\n logLevel: silly\n logFilename: /var/log/cloud/bigIpRuntimeInit.log\nextension_packages:\n install_operations:\n - extensionType: do\n extensionVersion: 1.44.0\n - extensionType: as3\n extensionVersion: 3.51.0\n - extensionType: ts\n extensionVersion: 1.35.0\n - extensionType: fast\n extensionVersion: 1.25.0\n```\n\nSee [SCHEMA.md](https://github.com/F5Networks/f5-bigip-runtime-init/blob/main/SCHEMA.md) for complete schema documentation and [/examples/runtime_configs](examples/runtime_configs/) for additional examples.\n\n### controls\n\nRuntime Init provides a list of controls intended for tuning Runtime Init execution as well as helping with troubleshooting issues: \n\n*NOTE:* These can also be set at runtime using an environment variable. For example:\n\n```bash\nexport F5_BIGIP_RUNTIME_INIT_LOG_LEVEL=silly \u0026\u0026 f5-bigip-runtime-init --config-file /config/cloud/runtime-init-conf.yaml\n```\n\n - **logLevel** \n - *Description:* Defines log level. Allowed values are `error`, `warn`, `info`, `debug` and `silly`. *NOTE: F5 recommends putting Runtime Init in `silly` first. Although this results in large amounts of logs, it is generally more useful for troubleshooting initial deployments / new configurations.*\n - *Default:* `info`. \n - *Environment Variable:* F5_BIGIP_RUNTIME_INIT_LOG_LEVEL (string)\n\n- **logFilename**\n\n - *Description:* Defines the location of Runtime Init's log file. \n - *Default:* `/var/log/cloud/bigIpRuntimeInit.log`\n - *Environment Variable:* F5_BIGIP_RUNTIME_INIT_LOG_FILENAME (string) \n\n\n - **logToJson** \n - *Description:* Defines when log is outputted into JSON format. For example,\n ```json\n {\"message\":\"this is a json message\",\"level\":\"info\",\"timestamp\":\"2020-08-04T00:22:28.069Z\"}\n ```\n - *Default:* `false`\n - *Environment Variable:* F5_BIGIP_RUNTIME_INIT_LOG_TO_JSON (boolean)\n\n\n - **extensionInstallDelayInMs** \n - *Description:* Defines a delay between extensions installations. *NOTE: If not provided and the extension package is already installed, the default delay of 10 seconds is skipped.*\n - *Default:* `10000`\n - *Environment Variable:* F5_BIGIP_RUNTIME_EXTENSION_INSTALL_DELAY_IN_MS (number)\n\n\n***Examples:***\n\n```yaml\ncontrols:\n logLevel: silly\n logFilename: /var/log/cloud/bigIpRuntimeInit.log\n logToJson: true\n extensionInstallDelayInMs: 60000\n```\n\n\n### pre_onboard_enabled\n\n*Description:* A list of commands that run without checking if BIG-IP and MCPD are up and running. Whether these commands are executed before or after BIG-IP is ready depends on external factors like cloud agent status, network latency, etc. For instance, when the Runtime-Init installer and/or other required files are baked directly into the BIG-IP image using the [BIG-IP Image Generator](https://github.com/f5devcentral/f5-bigip-image-generator/), pre_onboard_enabled commands can run sufficiently early. However, in some clouds or scenarios, the files may take too long to download. In that case, these commands may need to be run earlier in the startup script itself to ensure they are applied before BIG-IP is ready.\n\nAllowed types are `inline`, `file` and `url`.\n\n***Examples:***\n\n - **inline** \n\n ```yaml\n pre_onboard_enabled:\n - name: example_inline_command\n type: inline\n commands:\n - touch /tmp/pre_onboard_script.sh\n - chmod 777 /tmp/pre_onboard_script.sh\n - echo \"touch /tmp/create_by_autogenerated_pre_local\" \u003e /tmp/pre_onboard_script.sh\n - /usr/bin/setdb provision.extramb 1000 || exit 0\n - /usr/bin/setdb provision.restjavad.extramb 1384 || /usr/bin/setdb restjavad.useextramb true || exit 0\n - /usr/bin/setdb iapplxrpm.timeout 300 || exit 0\n - /usr/bin/setdb icrd.timeout 180 || exit 0\n - /usr/bin/setdb restjavad.timeout 180 || exit 0\n - /usr/bin/setdb restnoded.timeout 180 || exit 0\n ```\n\n - **file** \n\n ```yaml\n pre_onboard_enabled:\n - name: example_local_exec\n type: file\n commands:\n - /tmp/pre_onboard_script.sh\n ```\n\n - **url** \n\n ```yaml\n pre_onboard_enabled:\n - name: example_remote_exec\n type: url\n commands:\n - https://the-delivery-location.com/remote_pre_onboard.sh\n ```\n\n\n*NOTE:* Each command is executed independently from each other. For example, a bash variable in one command cannot be referenced by the following command. See the other command based attributes (ex. [bigip_ready_enabled](#bigip\\_ready\\_enabled), [post_onboard_enabled](#post\\_onboard\\_enabled) for more advanced command examples.\n\n\n### runtime_parameters\n\n*Description:* A list of parameters discovered at run (or deploy) time which are substituted *(using mustache handlebars)* in subsequent eligible runtime attributes: \n* bigip_ready_enabled *(commands)*\n* extension_packages\n* extension_services *(declarations sent to the Tool Chain endpoints)* \n* post_onboard_enabled: *(commands)*\n* post_hook\n\nParameters can be dependent on each other, so one parameter value can be used within another parameter (see examples below for more details).\n\nAllowed types are `storage`, `secret`, `tag`, `metadata`, `url` and `static`.\n\n - **storage**\n\n *Description:* fetches a file from cloud or other storage and renders the result as a parameter value. Storage parameter files are downloaded before other runtime parameters are processed.\n \n The example below demonstrates how to fetch the values for the downloads from Amazon S3, Azure Blob Storage, Google Cloud Storage, or another location.\n\n *NOTE*: Storage provider destinations may ***only*** start with either */var/config/rest/downloads* or */var/tmp*. Large files such as RPMs must be saved in /var/config/rest/downloads. When a file saved in /var/config/rest/downloads is referenced by its parameter name, the parameter value will be rendered as a local file path on the BIG-IP instance. Files saved to /var/tmp will be rendered as a string or JSON, depending on the format of the response.\n\n ***Examples:***\n\n ```yaml\n runtime_parameters:\n - name: AWS_TO_FILE\n type: storage\n storageProvider:\n environment: aws\n source: https://mybucket.s3.amazonaws.com/mykey/f5-appsvcs-3.42.0-5.noarch.rpm\n destination: \"/var/config/rest/downloads/f5-appsvcs-3.42.0-5.noarch.rpm\"\n - name: AWS_TO_FILE_2\n type: storage\n storageProvider:\n environment: aws\n source: s3://mybucket/mykey/asm-policy-v0.0.1.xml\n destination: /var/config/rest/downloads/asm-policy-v0.0.1.xml\n - name: AWS_TO_PARAMETER\n type: storage\n storageProvider:\n environment: aws\n source: s3://mybucket/mykey/myfile\n destination: \"/var/tmp/myfile\"\n - name: AZURE_TO_FILE\n type: storage\n storageProvider:\n environment: azure\n source: https://mystorageaccount.blob.core.windows.net/mycontainer/f5-appsvcs-3.42.0-5.noarch.rpm\n destination: \"/var/config/rest/downloads/f5-appsvcs-3.42.0-5.noarch.rpm\"\n - name: AZURE_TO_PARAMETER\n type: storage\n storageProvider:\n environment: azure\n source: https://mystorageaccount.blob.core.windows.net/mycontainer/myfile\n destination: \"/var/tmp/myfile\"\n - name: GCP_TO_FILE\n type: storage\n storageProvider:\n environment: gcp\n source: https://storage.cloud.google.com/mybucket/mykey/f5-appsvcs-3.42.0-5.noarch.rpm\n destination: \"/var/config/rest/downloads/f5-appsvcs-3.42.0-5.noarch.rpm\"\n - name: GCP_TO_PARAMETER\n type: storage\n storageProvider:\n environment: gcp\n source: gs://mybucket/mykey/myfile\n destination: \"/var/tmp/myfile\"\n - name: PRIVATE_TO_FILE\n type: storage\n storageProvider:\n environment: private\n source: https://github.com/F5Networks/f5-appsvcs-extension/releases/download/v.3.42.0/f5-appsvcs-3.42.0-5.noarch.rpm\n destination: \"/var/config/rest/downloads/f5-appsvcs-3.42.0-5.noarch.rpm\"\n - name: PRIVATE_TO_PARAMETER\n type: storage\n storageProvider:\n environment: private\n source: https://myserver/myfile\n destination: \"/var/tmp/myfile\"\n ```\n\n **Referencing storage provider parameter values - S3**\n \n In this example, the AWS_TO_FILE parameter is renderered as \"/var/config/rest/downloads/f5-appsvcs-3.42.0-5.noarch.rpm\"; to reference this as a local file URL you must prepend \"file://\" to the parameter name:\n ```yaml\n extension_packages:\n install_operations:\n - extensionType: as3\n extensionVersion: 3.42.0\n extensionUrl: 'file://{{{AWS_TO_FILE}}}'\n ```\n\n In this example, the AWS_TO_FILE_2 parameter is renderered as \"/var/config/rest/downloads/asm-policy-v0.0.1.xml\":\n ```yaml\n extension_services:\n service_operations:\n - extensionType: as3\n type: inline\n value:\n class: ADC\n schemaVersion: 3.0.0\n label: Quickstart\n remark: Quickstart\n Tenant_1:\n class: Tenant\n Shared:\n class: Application\n template: shared\n shared_pool:\n class: Pool\n remark: Service 1 shared pool\n members:\n - serverAddresses:\n - 10.0.3.4\n servicePort: 80\n monitors:\n - http\n Custom_HTTP_Profile:\n class: HTTP_Profile\n xForwardedFor: true\n Custom_WAF_Policy:\n class: WAF_Policy\n file: \u003e-\n '{{{AWS_TO_FILE_2}}}'\n enforcementMode: blocking\n ignoreChanges: false\n ```\n\n In this example, the AWS_TO_PARAMETER parameter is renderered as either a string or JSON object, depending on the original file format:\n ```yaml\n post_onboard_enabled:\n - name: echo_downloaded_file\n type: inline\n commands:\n - echo \"Downloaded file parameter is {{{AWS_TO_PARAMETER}}}\" # renders content of s3://mybucket/mykey/myfile\n - echo \"Downloaded JSON parameter is {{{AWS_TO_PARAMETER.key}}}\" # renders value of \"key\" key in s3://mybucket/mykey/myfile\n ```\n\n *NOTE:*\n - In AWS and GCP, both https:// and **global** s3:// and gs:// source URLs are supported.\n - In Azure, only blob storage URLs are supported.\n - The IAM roles/RBAC permissions required for downloading objects from cloud provider storage are listed below. Minimally, these permissions must be scoped to the storage resource.\n\n * AWS:\n ```text\n \"s3:ListBucket\"\n \"s3:GetObject\"\n ```\n * Azure:\n ```text\n \"Microsoft.Authorization/*/read\"\n \"Microsoft.Storage/storageAccounts/read\"\n \"Microsoft.Storage/storageAccounts/blobServices/containers/blobs/read\"\n \"Microsoft.Storage/storageAccounts/listKeys/action\"\n ```\n * GCP (Labels):\n ```text\n \"storage.buckets.get\"\n \"storage.buckets.list\"\n \"storage.objects.get\"\n \"storage.objects.list\"\n ``` \n\n - **secret** \n \n *Description:* Fetches a secret from a provider vault. This type requires the BIG-IP instance to have IAM **READ** permissions for the secrets. See the respective Cloud Provider's official documentation for additional information. For basic examples, see the [Terraform examples](examples/terraform). \n\n Allowed environments are `aws`, `azure`, `gcp` and `hashicorp`.\n\n ***Examples:***\n\n **AWS:**\n\n *Provide secret name (assumes secret is in same region as BIG-IP instance):*\n ```yaml\n runtime_parameters:\n - name: ADMIN_PASS\n type: secret\n secretProvider:\n type: SecretsManager\n environment: aws\n version: AWSCURRENT\n secretId: mysecret\n ```\n\n *Provide secret ARN, including 12 digit account ID and region:*\n ```yaml\n runtime_parameters:\n - name: ADMIN_PASS\n type: secret\n secretProvider:\n type: SecretsManager\n environment: aws\n version: AWSCURRENT\n secretId: arn:aws:secretsmanager:us-east-1:123456789012:secret:mySecretId-a0BCDE\n ```\n \n **IAM Permissions:**\n ```text\n \"secretsmanager:GetSecretValue\",\n \"secretsmanager:DescribeSecret\",\n \"secretsmanager:ListSecretVersionIds\"\n ```\n *For more information, see [AWS documentation](https://docs.aws.amazon.com/mediaconnect/latest/ug/iam-policy-examples-asm-secrets.html).*\n \u003c/br\u003e\n\n **Azure:**\n ```yaml\n runtime_parameters:\n - name: AZURE_SERVICE_PRINCIPAL\n type: secret\n secretProvider:\n type: KeyVault\n environment: azure\n vaultUrl: https://my-keyvault.vault.azure.net\n secretId: mysecret\n ```\n **IAM Permissions:**\n ```text\n key_permissions = [\"get\"]\n secret_permissions = [\"get\",\"list\"]\n storage_permissions = [\"get\"]\n ```\n *For more information, see [Azure KeyVault access control policy documentation](https://docs.microsoft.com/en-us/azure/key-vault/secrets/about-secrets#secret-access-control).*\n\n **KeyVault Firewall:**\n If Azure KeyVault Firewall is enabled and the default firewall action is Deny, you must explicitly add either the Azure public management IP address of the BIG-IP instance, or the Azure virtual network and management subnet, to the KeyVault Firewall allow list.\n\n *For more information, see [Azure KeyVault network security documentation](https://learn.microsoft.com/en-us/azure/key-vault/general/network-security).*\n \u003c/br\u003e\n\n **GCP:**\n\n *Provide secret name (assumes secret is in same project as BIG-IP instance):*\n ```yaml\n runtime_parameters:\n - name: ADMIN_PASS\n type: secret\n secretProvider:\n type: SecretsManager\n environment: gcp\n version: latest\n secretId: mysecret\n ```\n\n *Provide fully-qualified secret identifier, including project number and version:*\n ```yaml\n runtime_parameters:\n - name: ADMIN_PASS\n type: secret\n secretProvider:\n type: SecretsManager\n environment: gcp\n secretId: projects/123456789/secrets/mysecret/versions/latest\n ```\n\n **IAM Permissions:**\n ```text\n \"secretmanager.versions.access\"\n \"secretmanager.versions.list\"\n \"secretmanager.versions.get\"\n \"compute.instances.get\"\n ```\n *For more information, see [GCP documentation](https://cloud.google.com/secret-manager/docs/access-control).*\n \u003c/br\u003e \n\n **HashiCorp (using App Role authentication):**\n\n The following example uses the special value **data** in the field attribute to retrieve the entire secret response, which can then be referenced inside mustache handlebars inside the configuration. When referencing multiple secret values from a single response, this limits client requests to the Vault server to a minimum (you may also create a unique runtime parameter for each secret stored in Vault, using the provided examples). \n\n ```yaml\n runtime_parameters:\n - name: ADMIN_PASS\n type: secret\n verifyTls: true\n trustedCertBundles: ['/config/ssl/ssl.crt/my-ca-bundle.crt']\n secretProvider:\n type: Vault\n environment: hashicorp\n vaultServer: https://127.0.0.1:8200\n appRolePath: /v1/auth/approle/login\n secretsEngine: kv2\n secretId: secret/credential\n field: data\n version: 1\n authBackend:\n type: approle\n roleId:\n type: url\n value: file:///path/to/role-id\n secretId:\n type: inline\n value: secret-id\n unwrap: true\n ...\n extension_services:\n service_operations:\n - extensionType: do\n type: inline\n value: \n schemaVersion: 1.0.0\n class: Device\n async: true\n label: my BIG-IP declaration for declarative onboarding\n Common:\n class: Tenant\n hostname: '{{{ HOST_NAME }}}.local'\n foo:\n class: User\n userType: regular\n password: '{{{ ADMIN_PASS.foo_password }}}'\n shell: bash\n partitionAccess:\n all-partitions:\n role: admin\n bar:\n class: User\n userType: regular\n password: '{{{ ADMIN_PASS.bar_password }}}'\n shell: bash\n partitionAccess:\n all-partitions:\n role: admin\n ```\n\n *NOTE*: \n - When the authBackend.secretId.unwrap attribute is set to `true` (recommended), the secretId value must be in the form of a wrapping token. BIG-IP Runtime Init will unwrap this token to retrieve the actual secret ID. This eliminates the need to pass the secret ID in the declaration. For more information, See the [HashiCorp AppRole documentation](https://learn.hashicorp.com/tutorials/vault/approle-best-practices#approle-response-wrapping)\n\n - This example also demonstrates how to use custom PKI certs for https requests to HashiCorp Vault server when verifyTls set to `true`. \n \u003cbr\u003e\n\n *For more information, see [HashiCorp documentation](https://www.vaultproject.io/docs/concepts/policies#policy-syntax).*\n \u003cbr\u003e\n\n ##### Security - Masking Secrets\n\n By default, runtime will mask out (ex. \\\"password\\\":\\\"******\\\") the following common fields in declarations when logging:\n\n ```json\n [\n \"password\",\n \"localPassword\",\n \"remotePassword\",\n \"bigIqPassword\",\n \"bigIpPassword\",\n \"passphrase\",\n \"cookiePassphrase\",\n \"certificate\",\n \"privateKey\",\n \"ciphertext\",\n \"protected\",\n \"secret\",\n \"sharedSecret\",\n \"secretAccessKey\",\n \"apiAccessKey\",\n \"encodedCredentials\",\n \"encodedToken\",\n \"oldPassword\",\n \"newPassword\",\n \"bindPassword\",\n \"checkBindPassword\",\n \"md5SignaturePassphrase\"\n ]\n ```\n However, it is possible to extend this list by providing an additional (***field***) attribute for the Secret object:\n\n ```yaml\n runtime_parameters:\n - name: MY_SECRET\n type: secret\n secretProvider:\n environment: azure\n type: KeyVault\n vaultUrl: https://my-keyvault.vault.azure.net\n secretId: mySecret01\n field: newCustomSecretField\n ``` \n\n This example shows instructing Runtime Init to also mask out the value for ```newCustomSecretField``` seen in any declarations.\n\n - **tag**\n\n *Description:* fetches a tag value from public cloud virtual machine resource. \n \n The example below demonstrates how to fetch the value for the tag, with the key \"CustomTag\", applied to the EC2 instance: \n \n ```yaml\n runtime_parameters:\n - name: TAG_VALUE\n type: tag\n tagProvider:\n environment: aws\n key: CustomTag\n ```\n\n *NOTE:*\n - In Azure, Runtime-Init will gather tags from the metadata service and doesn't require any additional permissions.\n - In AWS and GCP, Runtime-Init will gather them from the Cloud API which requires additional IAM permissions.\n\n\n * AWS:\n\n ```text\n \"ec2:DescribeTags\"\n ```\n * GCP (Labels):\n\n ```text\n \"compute.instances.get\"\n ``` \n * GCP also has several different types of tags (Labels, Network Tags, and Metadata Tags - ad hoc key/value pairs embedded in Metadata). As the Metadata Tags can be fetched using the generic `url` type if needed, this type leverages IAM roles to enable fetching \"Labels\".\n\n - **metadata**\n\n *Description:* Convenience function to grab common onboarding items from the Metadata Service. \n\n Allowed types are `network` and `uri`.\n\n For example, type `network` returns addresses reformatted in CIDR notation so you can use for Self-IPs.\n\n For more examples, see the [examples/runtime_configs](examples/runtime_configs/snippets) directory\n\n ***Examples:***\n\n *AWS Self-IP*\n ```yaml\n runtime_parameters:\n - name: SELF_IP_EXTERNAL\n type: metadata\n metadataProvider:\n type: network\n environment: aws\n field: local-ipv4s\n index: 1\n ```\n\n *Azure Self-IP*\n ```yaml\n runtime_parameters:\n - name: SELF_IP_EXTERNAL\n type: metadata\n metadataProvider:\n type: network\n environment: azure\n field: ipv4\n index: 1\n - name: SELF_IP_EXTERNAL_IPV6\n type: metadata\n metadataProvider:\n type: network\n environment: azure\n field: ipv6\n index: 1\n service_operations:\n - extensionType: do\n value:\n Common:\n class: Tenant\n external-self:\n class: SelfIp\n address: '{{{SELF_IP_EXTERNAL}}}'\n vlan: external\n external-self-ipv6:\n class: SelfIp\n address: '{{{SELF_IP_EXTERNAL_IPV6}}}/64'\n vlan: external\n ```\n\n *GCP Self-IP*\n ```yaml\n runtime_parameters:\n - name: SELF_IP_EXTERNAL\n type: metadata\n metadataProvider:\n environment: gcp\n type: network\n field: ip\n index: 0\n ```\n\n IPv4: Returns the CIDR address (ex. `10.0.0.5/24`) which is required by the Self-IP.\n IPv6: Returns the address (ex. ab:ff:ff::dfd). Must provide the prefix.\n\n The output can be further transformed using ipcalc functionality (IPv4 only):\n\n\n The ipcalc functionality provides the following transformation options: \n - **address** - The provided address without netmask prefix.\n - **base** - The base address of the network block as a string (eg: 216.240.32.0). Base does not give an indication of the size of the network block.\n - **mask** - The netmask as a string (eg: 255.255.255.0).\n - **hostmask** - The host mask which is the opposite of the netmask (eg: 0.0.0.255).\n - **bitmask** - The netmask as a number of bits in the network portion of the address for this block (eg: 24).\n - **size** - The number of IP addresses in a block (eg: 256).\n - **broadcast** - The blocks broadcast address (eg: 192.168.1.0/24 =\u003e 192.168.1.255).\n - **first** - First useable address.\n - **last** - Last useable address.\n\n\n The following example uses ipcalc to get the first useable IPv4 address using the CIDR of the first AWS subnet and resolves it to a runtime parameter named `GATEWAY`.\n\n ```yaml\n runtime_parameters:\n - name: GATEWAY\n type: metadata\n metadataProvider:\n environment: aws\n type: network\n field: local-ipv4s\n index: 0\n ipcalc: first\n ```\n This example returns `10.0.0.1` for the Self-IP `10.0.0.5/24`.\n\n The next example uses ipcalc to get the bitmask using the CIDR of the first AWS subnet and resolves it to a runtime parameter named as BITMASK.\n \n ```yaml\n runtime_parameters:\n - name: BITMASK\n type: metadata\n metadataProvider:\n environment: aws\n type: network\n field: local-ipv4s\n index: 0\n ipcalc: bitmask\n ```\n This example returns `24` for the Self-IP `10.0.0.5/24`.\n \n For fetching **AWS** Metadata, Runtime Init allows you use a custom URI. By default, Runtime Init uses AWS IMDSv2 to get AWS metadata:\n\n ```yaml\n runtime_parameters:\n - name: ACCOUNT_ID\n type: metadata\n metadataProvider:\n environment: aws\n type: uri\n value: /latest/dynamic/instance-identity/document\n query: accountId\n ``` \n\n In the case where JSON response is returned, this type allows you to provide a [JMESPath](https://jmespath.org/) query filter. In example above, the response queries for the `accountId` key. \n\n - **url**\n\n *Description:* Defines a generic URL to fetch a runtime parameter. \n\n This type can be useful when gathering custom metadata not covered in the `metadataProvider` above, data from custom locations, session based URLs, etc.\n\n This type allows you to provide HTTP headers as well as a [JMESPath](https://jmespath.org/) query filter for JSON responses. The headers and query fields are *optional*. \n\n \u003cbr/\u003e\n The following examples demonstrates how to fetch hostnames or virtual machine names for AWS, GCP and Azure:\n\n *AWS Hostname*\n ```yaml\n runtime_parameters:\n - name: HOST_NAME\n type: url\n value: http://169.254.169.254/latest/meta-data/hostname\n ```\n\n *GCP Hostname*\n ```yaml\n runtime_parameters:\n - name: HOST_NAME\n type: url\n value: http://169.254.169.254/computeMetadata/v1/instance/hostname\n headers:\n - name: Metadata-Flavor\n value: Google\n ```\n\n *Azure Virtual Machine Name*\n ```yaml\n runtime_parameters:\n - name: NAME\n type: url\n value: 'http://169.254.169.254/metadata/instance/compute?api-version=2020-09-01'\n query: name\n headers:\n - name: Metadata\n value: true\n ```\n\n The following AWS URL example has been superseded by the metadata `uri` type above but demonstrates linking Runtime Parameters together (to provide a session-based request). It first fetches an AWS Session token and leverages the JMESPath `query` field to filter for the `region` key. \n\n AWS:\n\n ```yaml\n runtime_parameters: \n - name: AWS_SESSION_TOKEN\n type: url\n value: http://169.254.169.254/latest/api/token\n headers:\n - name: Content-Type\n value: json\n - name: User-Agent\n value: some-user-agent\n - name: method\n value: PUT\n - name: X-aws-ec2-metadata-token-ttl-seconds\n value: 21600\n - name: REGION\n type: url\n value: http://169.254.169.254/latest/dynamic/instance-identity/document\n query: region\n headers:\n - name: Content-Type\n value: json\n - name: User-Agent\n value: some-user-agent\n - name: X-aws-ec2-metadata-token\n value: \"{{{AWS_SESSION_TOKEN}}}\"\n ```\n\n The `url` type also allows you to provide a local file location using the \"file://\" schema. The example below demonstrates how to get a parameter value from the /config/cloud/paramter-file.txt file:\n \n ```yaml\n runtime_parameters:\n - name: SOME_PARAM\n type: url\n value: file:///config/cloud/paramter-file.txt \n ``` \n\n\n - **static**\n\n *Description:* defines a static value. \n\n Examples: \n\n This example replaces AVAILABILITY_ZONE token with \"us-west-2a\" string.\n\n ```yaml\n runtime_parameters:\n - name: AVAILABILITY_ZONE\n type: static\n value: us-west-2a\n ```\n\n### bigip_ready_enabled\n\n*Description:* List of commands to run after BIG-IP and MCPD are up and running. Example: TMSH commands, misc optimizations, etc.\n\nAllowed types are `inline`, `file` and `url`.\n\n***Examples:***\n\n - **inline** \n\n ```yaml\n bigip_ready_enabled:\n # Dependent on GUI being up\n - name: icontrol_settings\n type: inline\n commands:\n - '/usr/bin/curl -s -f -u admin: -H \"Content-Type: application/json\" -d ''{\"maxMessageBodySize\":134217728}'' -X POST http://localhost:8100/mgmt/shared/server/messaging/settings/8100 | jq .'\n # Dependent on MCPD being up\n - name: using_runtime_variables\n type: inline\n commands:\n - f5mku -r {{{ ADMIN_PASS }}}\n # Dependent on TMSH / MCPD being up\n - name: using_bash_variables_in_commands\n type: inline\n commands:\n - \"EXT_GW=$(curl -sH 'Metadata-Flavor: Google' http://169.254.169.254/computeMetadata/v1/instance/network-interfaces/0/gateway); tmsh create net route ext_gw_int network $EXT_GW/32 interface external\"\n - \"INT_GW=$(curl -sH 'Metadata-Flavor: Google' http://169.254.169.254/computeMetadata/v1/instance/network-interfaces/2/gateway); tmsh create net route int_gw_int network $INT_GW/32 interface internal\"\n ```\n\n\n*NOTE:* Each command is executed in a separate shell context from each other. For example, a bash variable in one command cannot be referenced by the following command. For instance, in the example above, the command with the `$INT_GW` variable would not be able to render the `$EXT_GW` variable from command above it. For more examples, see the [examples/runtime_configs](examples/runtime_configs/snippets) directory.\n\n\n### extension_packages\n\n*Description:* List of iControl Lx packages to download and install.\n\nAllowed extensionTypes are `do`, `as3`, `ts`, `fast` and `cfe`.\n\n***Examples:***\n\n - *minimal* \n\n ```yaml\n extension_packages:\n install_operations:\n - extensionType: do\n extensionVersion: 1.44.0\n - extensionType: as3\n extensionVersion: 3.51.0\n - extensionType: ts\n extensionVersion: 1.35.0\n - extensionType: fast\n extensionVersion: 1.25.0\n ```\n\n - *with hash checking*\n\n ```yaml\n extension_packages:\n install_operations:\n - extensionType: do\n extensionVersion: 1.44.0\n extensionHash: 3b05d9bcafbcf0b5b625ff81d6bab5ad26ed90c0dd202ded51756af3598a97ec\n - extensionType: as3\n extensionVersion: 3.51.0\n extensionHash: e151a9ccd0fd60c359f31839dc3a70bfcf2b46b9fedb8e1c37e67255ee482c0f\n - extensionType: ts\n extensionVersion: 1.35.0\n extensionHash: 839698d98a8651a90b3d509cde4b382338461a253878c9fd00c894699ef0e844\n - extensionType: fast\n extensionVersion: 1.25.0\n extensionHash: 434309179af405e6b663e255d4d3c0a1fd45cac9b561370e350bb8dd8b39761f\n ```\n\n - *custom from URL*\n\n ```yaml\n extension_packages:\n install_operations:\n - extensionType: do\n extensionUrl: https://github.com/F5Networks/f5-declarative-onboarding/releases/download/v1.44.0/f5-declarative-onboarding-1.44.0-5.noarch.rpm\n extensionVersion: 1.44.0\n - extensionType: as3\n extensionUrl: file:///var/config/rest/downloads/f5-appsvcs-3.51.0-5.noarch.rpm\n extensionVersion: 3.51.0\n - extensionType: fast\n extensionUrl: https://github.com/F5Networks/f5-appsvcs-templates/releases/download/v1.25.0/f5-appsvcs-templates-1.25.0-1.noarch.rpm\n extensionVersion: 1.25.0 \n ```\n\n *NOTE: ```extensionVersion``` is not required when used with the ```extensionUrl``` field.*\n\n\nFor more examples, see the [examples/runtime_configs](examples/runtime_configs/snippets) directory.\n\n\n### extension_services\n\n*Description:* List of iControl Lx declarations to configure. \n\nAllowed extensionTypes are `do`, `as3`, `ts` and `cfe`.\n\nAllowed value types are `inline` and `url`.\n\n***Examples:***\n\n\n - **inline** \n\n ```yaml\n extension_services:\n service_operations:\n - extensionType: do\n type: inline\n value:\n schemaVersion: 1.0.0\n class: Device\n label: \u003e-\n Quickstart 1NIC BIG-IP declaration for Declarative Onboarding with BYOL\n license\n async: true\n Common:\n class: Tenant\n My_DbVariables:\n class: DbVariables\n ui.advisory.enabled: true\n ui.advisory.color: blue\n ui.advisory.text: BIG-IP Quickstart\n My_Provisioning:\n class: Provision\n asm: nominal\n ltm: nominal\n My_Ntp:\n class: NTP\n servers:\n - 169.254.169.253\n timezone: UTC\n My_Dns:\n class: DNS\n nameServers:\n - 169.254.169.253\n My_License:\n class: License\n licenseType: regKey\n regKey: 'AAAAA-BBBBB-CCCCC-DDDDD-EEEEEEE'\n My_System:\n class: System\n autoPhonehome: true\n hostname: bigip.example.com\n quickstart:\n class: User\n partitionAccess:\n all-partitions:\n role: admin\n password: 'BIGIP_PASSWORD'\n shell: bash\n userType: regular\n - extensionType: as3\n type: inline\n value:\n class: AS3\n action: deploy\n persist: true\n declaration:\n class: ADC\n schemaVersion: 3.0.0\n label: Sample 1\n remark: Simple HTTP Service with Round-Robin Load Balancing\n Sample_01:\n class: Tenant\n A1:\n class: Application\n template: http\n serviceMain:\n class: Service_HTTP\n virtualAddresses:\n - 10.0.1.10\n pool: web_pool\n web_pool:\n class: Pool\n monitors:\n - http\n members:\n - servicePort: 80\n serverAddresses:\n - 192.0.1.10\n - 192.0.1.11\n ```\n\n - **url** \n\n ```yaml\n extension_services:\n service_operations:\n - extensionType: do\n type: url\n value: https://cdn.f5.com/product/cloudsolutions/declarations/template2-0/autoscale-waf/autoscale_do_payg.json\n verifyTls: false\n - extensionType: as3\n type: url\n value: file:///examples/automation_toolchain_declarations/as3.json\n ```\n\n*NOTE:* \n - *If using the `url` type, the declarations can be in JSON or YAML format.*\n\nFor more examples, see the [examples/runtime_configs](examples/runtime_configs/snippets) directory.\n\n*TIP*:\n - If creating multiple service extension services, you may need to order them in a particular sequence. For example, if creating a cluster with Declarative Onboarding (DO) and additional extension services, run the first Declarative Onboarding declaration without the device service clustering elements, then run the additional services, and finally, the Declarative Onboarding declaration again with the clustering elements. \n \n For examples, see `failover` solutions in the [Native Template Examples](#native-template-examples).\n\n\n### post_onboard_enabled\n\n*Description:* List of commands to run after sending iControl LX declarations.\n\nAllowed types are `inline`, `file` and `url`.\n\n***Examples:***\n\n - **inline** \n\n ```yaml\n post_onboard_enabled:\n - name: example_inline_command\n type: inline\n commands:\n - touch /tmp/post_onboard_script.sh\n - chmod 777 /tmp/post_onboard_script.sh\n - echo \"touch /tmp/create_by_autogenerated_post_local\" \u003e /tmp/post_onboard_script.sh\n ```\n\n\n*NOTE:* Each command is executed independently from each other. For example, a bash variable in one command cannot be referenced by the following command. For more examples, see the [examples/runtime_configs](examples/runtime_configs/snippets) directory.\n\n### post_hook\n\n*Description:* Webhook to send upon completion.\n\n***Examples:***\n\n```yaml\npost_hook:\n - name: example_webhook\n type: webhook\n url: https://webhook.site\n properties:\n optionalKey1: optional_value1\n optionalKey2: optional_value2\n```\n\nFor more examples, see the [examples/runtime_configs](examples/runtime_configs/snippets) directory.\n\n\n## Usage Examples\n### Terraform\n\nTerraform plans will generally consist of the following:\n\n - a startup_script template (.tpl)\n - passing the rendered startup script to the instance's startup script parameter \n\n\n#### Azure snippet\n\nIn this snippet: \n\n```\nresource \"azurerm_linux_virtual_machine\" \"vm\" {\n name = \"vm-${module.utils.env_unique_id}-bigip\"\n resource_group_name = azurerm_resource_group.rg.name\n location = azurerm_resource_group.rg.location\n size = var.instance_size\n admin_username = var.admin_username\n\n admin_ssh_key {\n username = var.admin_username\n public_key = file(var.f5_ssh_publickey)\n }\n\n os_disk {\n caching = \"ReadWrite\"\n storage_account_type = \"Standard_LRS\"\n }\n\n source_image_reference {\n publisher = var.publisher\n offer = var.offer\n sku = var.sku\n version = var.bigip_version\n }\n\n plan {\n publisher = var.publisher\n product = var.offer\n name = var.sku\n }\n\n boot_diagnostics {\n storage_account_uri = var.boot_diagnostics ? join(\",\", azurerm_storage_account.vm_sa.*.primary_blob_endpoint) : \"\"\n }\n\n network_interface_ids = [\n azurerm_network_interface.nic_mgmt.id, \n azurerm_network_interface.nic_external.id, \n azurerm_network_interface.nic_internal.id\n ]\n\n identity {\n type = \"UserAssigned\"\n identity_ids = [azurerm_user_assigned_identity.user_identity.id]\n }\n\n custom_data = base64encode(templatefile(\"${path.module}/startup-script.tpl\", {\n vault_name: \"key-vault-${module.utils.env_unique_id}-bigip\",\n secret_id: azurerm_key_vault_secret.adminsecret.name,\n package_url: var.bigip_runtime_init_package_url,\n admin_username: var.admin_username,\n }))\n\n tags = merge(var.global_tags, { Name=\"vm-${module.utils.env_unique_id}-bigip\" })\n\n}\n```\n\nThe startup script is templatized in startup-script.tpl and sent using the VM's ```custom_data``` parameter. On BIG-IP versions 15.1+, Cloud-Init will execute this script directly. However, for earlier versions, azurerm_virtual_machine_extension is used to run it. See [BIG-IP Cloud-Init documentation](!https://clouddocs.f5.com/cloud/public/v1/shared/cloudinit.html) for more information.\n\n\nThe Terraform template for the startup script contains the following contents.\n\n```sh\n#!/bin/bash -x\n\n# Send output to log file and serial console\nmkdir -p /var/log/cloud /config/cloud /var/config/rest/downloads\nLOG_FILE=/var/log/cloud/startup-script.log\n[[ ! -f $LOG_FILE ]] \u0026\u0026 touch $LOG_FILE || { echo \"Run Only Once. Exiting\"; exit; }\nnpipe=/tmp/$$.tmp\ntrap \"rm -f $npipe\" EXIT\nmknod $npipe p\ntee \u003c$npipe -a $LOG_FILE /dev/ttyS0 \u0026\nexec 1\u003e\u0026-\nexec 1\u003e$npipe\nexec 2\u003e\u00261\n\n# Download or Render BIG-IP Runtime Init Config\ncat \u003c\u003c 'EOF' \u003e /config/cloud/runtime-init-conf.yaml\n---\ncontrols:\n logLevel: silly\n logFilename: /var/log/cloud/bigIpRuntimeInit.log\npre_onboard_enabled: []\nruntime_parameters:\n - name: ADMIN_PASS\n type: secret\n secretProvider:\n environment: azure\n type: KeyVault\n vaultUrl: 'https://${vault_name}.vault.azure.net'\n secretId: ${secret_id}\n - name: HOST_NAME\n type: metadata\n metadataProvider:\n environment: azure\n type: compute\n field: name\n - name: SELF_IP_EXTERNAL\n type: metadata\n metadataProvider:\n environment: azure\n type: network\n field: ipv4\n index: 1\n - name: SELF_IP_INTERNAL\n type: metadata\n metadataProvider:\n environment: azure\n type: network\n field: ipv4\n index: 2\n - name: DEFAULT_GW\n type: metadata\n metadataProvider:\n environment: azure\n type: network\n field: ipv4\n index: 1\n ipcalc: first\n - name: MGMT_GW\n type: metadata\n metadataProvider:\n environment: azure\n type: network\n field: ipv4\n index: 0\n ipcalc: first\nbigip_ready_enabled: []\nextension_packages:\n install_operations:\n - extensionType: do\n extensionVersion: 1.44.0\n extensionHash: 3b05d9bcafbcf0b5b625ff81d6bab5ad26ed90c0dd202ded51756af3598a97ec\n - extensionType: as3\n extensionVersion: 3.51.0\n extensionHash: e151a9ccd0fd60c359f31839dc3a70bfcf2b46b9fedb8e1c37e67255ee482c0f\n - extensionType: ts\n extensionVersion: 1.35.0\n extensionHash: 839698d98a8651a90b3d509cde4b382338461a253878c9fd00c894699ef0e844\n - extensionType: fast\n extensionVersion: 1.25.0\n extensionHash: 434309179af405e6b663e255d4d3c0a1fd45cac9b561370e350bb8dd8b39761f\nextension_services:\n service_operations:\n - extensionType: do\n type: inline\n value:\n schemaVersion: 1.0.0\n class: Device\n async: true\n label: Example 3NIC BIG-IP with Runtime-Init\n Common:\n class: Tenant\n My_DbVariables:\n class: DbVariables\n provision.extramb: 1000\n restjavad.useextramb: true\n ui.advisory.enabled: true\n ui.advisory.color: blue\n ui.advisory.text: BIG-IP VE Runtime Init Example\n config.allow.rfc3927: enable\n dhclient.mgmt: disable\n My_System:\n class: System\n hostname: '.local'\n cliInactivityTimeout: 1200\n consoleInactivityTimeout: 1200\n autoPhonehome: true\n My_Dns:\n class: DNS\n nameServers:\n - 168.63.129.16\n My_Ntp:\n class: NTP\n servers:\n - 0.pool.ntp.org\n timezone: UTC\n My_Provisioning:\n class: Provision\n ltm: nominal\n admin:\n class: User\n userType: regular\n partitionAccess:\n all-partitions:\n role: admin\n password: '{{{ ADMIN_PASS }}}'\n shell: bash\n ${admin_username}:\n class: User\n userType: regular\n partitionAccess:\n all-partitions:\n role: admin\n password: '{{{ ADMIN_PASS }}}'\n shell: bash\n external:\n class: VLAN\n tag: 4094\n mtu: 1500\n interfaces:\n - name: '1.1'\n tagged: false\n internal:\n class: VLAN\n tag: 4093\n mtu: 1500\n interfaces:\n - name: '1.2'\n tagged: false\n default:\n class: ManagementRoute\n gw: ''\n network: default\n dhclient_route1:\n class: ManagementRoute\n gw: ''\n network: 168.63.129.16/32\n azureMetadata:\n class: ManagementRoute\n gw: ''\n network: 169.254.169.254/32\n external-self:\n class: SelfIp\n address: ''\n vlan: external\n allowService: default\n trafficGroup: traffic-group-local-only\n internal-self:\n class: SelfIp\n address: ''\n vlan: internal\n allowService: default\n trafficGroup: traffic-group-local-only\n defaultRoute:\n class: Route\n gw: ''\n network: default\n mtu: 1500\npost_onboard_enabled: []\n\n\nEOF\n\n\n\n# Download\nfor i in {1..30}; do\n curl -fv --retry 1 --connect-timeout 5 -L \"${package_url}\" -o \"/var/config/rest/downloads/f5-bigip-runtime-init.gz.run\" \u0026\u0026 break || sleep 10\ndone\n# Install\nbash /var/config/rest/downloads/f5-bigip-runtime-init.gz.run -- \"--cloud azure\"\n# Run\nf5-bigip-runtime-init --config-file /config/cloud/runtime-init-conf.yaml\n\n```\n\n*NOTE:* \n - ```--cloud azure``` is passed to the installer to specify the environment.\n - Terraform templates use the `${variable}` syntax for variables. To preserve a bash variable in the rendered script, it uses the escape syntax `$${bash_variable}`.\n - When BIG-IP is launched, Terraform renders the template's `${secret_id}` variable. For example, the rendered file on BIG-IP will contain: \n ```yaml\n runtime_parameters:\n - name: ADMIN_PASS\n type: secret\n secretProvider:\n environment: azure\n type: KeyVault\n vaultUrl: 'https://key-vault-1cqephd9-bigip.vault.azure.net'\n secretId: secret-1cqephd9-bigIpPassword\n ```\n When Runtime Init runs, it will fetch the **value** for that secret named `secret-1cqephd9-bigIpPassword` and set the runtime variable ``ADMIN_PASS``. Runtime Init will then render any tool chain declarations with the mustache variable ```{{{ ADMIN_PASS }}}``` with the secret **value** (i.e. the actual admin password) in its POST payload to the Tool Chain service endpoint. For example:\n ```\n ...\n 2022-03-16T22:19:06.147Z [10306]: info: Creating - do 1.27.0 {\"schemaVersion\":\"1.0.0\",\"class\":\"Device\",\n ...\n \"admin\":{\"class\":\"User\",\"userType\":\"regular\",\"partitionAccess\":{\"all-partitions\":{\"role\":\"admin\"}},\"password\":\"********\",\"shell\":\"bash\"},\n ...\n ```\n\nFor similar **AWS** and **GCP** examples, see the [examples/terraform](examples/terraform) directory.\n\n### Azure (ARM Template) snippet\n#### Download BIG-IP Runtime Config from URL\n```json\n\"commandToExecute\": \"concat('mkdir -p /config/cloud; mkdir -p /var/log/cloud/azure; cp $(ls -v | tail -n1)/runtime-init-conf.yaml /config/cloud/runtime-init-conf.yaml; curl -L https://cdn.f5.com/product/cloudsolutions/f5-bigip-runtime-init/v2.0.3/dist/f5-bigip-runtime-init-2.0.3-1.gz.run -o f5-bigip-runtime-init-2.0.3-1.gz.run \u0026\u0026 bash f5-bigip-runtime-init-2.0.3-1.gz.run -- ', variables('singleQuote'), '--cloud azure', variables('singleQuote'), ' 2\u003e\u00261')\",\n\"fileUris\": [\n \"https://example.com/runtime-init-conf.yaml\"\n]\n```\n#### Inline BIG-IP Runtime Config\n```json\n\"commandToExecute\": \"[concat('mkdir -p /config/cloud; mkdir -p /var/log/cloud/azure; echo -e ', variables('singleQuote'), parameters('runtimeConfig'), variables('singleQuote'), ' \u003e /config/cloud/runtime-init-conf.yaml; curl -L https://cdn.f5.com/product/cloudsolutions/f5-bigip-runtime-init/v2.0.3/dist/f5-bigip-runtime-init-2.0.3-1.gz.run -o f5-bigip-runtime-init-2.0.3-1.gz.run; bash f5-bigip-runtime-init-2.0.3-1.gz.run -- ', variables('singleQuote'), '--cloud azure', variables('singleQuote'), ' 2\u003e\u00261; f5-bigip-runtime-init --config-file /config/cloud/runtime-init-conf.yaml 2\u003e\u00261')]\"\n```\n\n### Native Template Examples\n\nFor more native template examples, see:\n- [Azure ARM Templates](https://github.com/F5Networks/f5-azure-arm-templates-v2/)\n- [AWS CloudFormation Templates](https://github.com/F5Networks/f5-aws-cloudformation-v2)\n- [Google Deployment Manager Templates](https://github.com/F5Networks/f5-google-gdm-templates-v2)\n\nFor example runtime-init configurations, go to the `/bigip-configurations` directory in a solution folder. For example, see `failover` examples in `examples/failover/bigip-configurations`.\n\n## Using a Proxy Server\n\nF5 BIG-IP Runtime Init supports making HTTP/HTTPS requests through a proxy server for most features. It looks at the BIG-IP proxy configuration defined in system db variables. These must be set before installing Runtime Init and can be viewed by running this command: `tmsh list sys db proxy`.\n\n| Feature | Uses Proxy? | Notes |\n| --- | --- | --- |\n| pre_onboard_enabled | Yes* | Must manually specify proxy for inline type commands (curl, etc.) |\n| runtime_parameters | Yes | Metadata type runtime parameters do not use the proxy. |\n| bigip_ready_enabled | Yes* | Must manually specify proxy for inline type commands. |\n| extension_packages | Yes | None |\n| extension_services | Yes* | Resources using external URLs must be dowloaded locally via runtime parameters and referenced as file URLs. |\n| post_onboard_enabled | Yes* | Must manually specify proxy for inline type commands. |\n| post_hook | Yes | None |\n| telemetry | Yes | None |\n\nConfiguring BIG-IP proxy settings via startup script:\n\n```shell\n# Set REST performance variables immediately before MCPD starts\n/usr/bin/setdb provision.extramb 1000 || true\n/usr/bin/setdb provision.restjavad.extramb 1384 || /usr/bin/setdb restjavad.useextramb true || true\n/usr/bin/setdb iapplxrpm.timeout 300 || true\n/usr/bin/setdb icrd.timeout 180 || true\n/usr/bin/setdb restjavad.timeout 180 || true\n/usr/bin/setdb restnoded.timeout 180 || true\n\n# Set proxy variables\n/usr/bin/setdb proxy.host 192.0.2.10\n/usr/bin/setdb proxy.port 3128\n/usr/bin/setdb proxy.username proxyuser\n/usr/bin/setdb proxy.password apassword\n/usr/bin/setdb proxy.protocol https\n\n# Download\nfor i in {1..30}; do\n curl -fv --retry 1 --connect-timeout 5 --proxy https://192.0.2.10:3128 --proxy-user proxyuser:apassword -L \"${package_url}\" -o \"/var/config/rest/downloads/f5-bigip-runtime-init.gz.run\" \u0026\u0026 break || sleep 10\ndone\n\n# Install\nbash /var/config/rest/downloads/f5-bigip-runtime-init.gz.run -- \"--cloud aws --telemetry-params templateName:f5-bigip-runtime-init/examples/terraform/aws/main.tf\"\n\n# Run\nf5-bigip-runtime-init --config-file /config/cloud/runtime-init-conf.yaml\n```\n\n## Private Environments\n\nSome environments may not allow BIG-IPs to have any access to the Internet. In these cases, startup scripts can be customized to download packages and/or config files from locally hosted URLs. By default, the installer makes calls to the Internet to download a [GPG key](https://f5-cft.s3.amazonaws.com/f5-bigip-runtime-init/gpg.key) to verify RPM signatures, find the latest Automation Tool Chain packages, and send usage data. To disable calls to the Internet, you can use the examples below:\n\n#### Disable Internet Calls from the Installer\n\nExample (secure) of hosting the GPG key locally and disabling checking for latest Automation Tool Chain packages.\n```\ncurl https://myprivatehost/f5-bigip-runtime-init-2.0.3-1.gz.run -o f5-bigip-runtime-init-2.0.3-1.gz.run \u0026\u0026 bash f5-bigip-runtime-init-2.0.3-1.gz.run -- '--cloud aws --key https://mylocalhost/gpg.key --skip-toolchain-metadata-sync'\n```\n\nExample (thisisinsecure) of skipping downloading the GPG key entirely and checking for latest Automation Tool Chain packages, using a local copy of the metadata instead. \n```\ncurl https://myprivatehost/f5-bigip-runtime-init-2.0.3-1.gz.run -o f5-bigip-runtime-init-2.0.3-1.gz.run -o f5-bigip-runtime-init-2.0.3-1.gz.run \u0026\u0026 bash f5-bigip-runtime-init-2.0.3-1.gz.run -- '--cloud aws --skip-verify --skip-toolchain-metadata-sync'\n```\n\n#### Disable Internet Calls from the Command\n\nTo disable the f5-bigip-runtime-init command from sending usage reporting, you can include the '--skip-telemetry' parameter.\n```\nf5-bigip-runtime-init -c /config/cloud/runtime-init-conf.yaml --skip-telemetry\n```\n\nIf using the `extension_services` feature to send Declarative Onboarding declarations, you can alternatively set the [autoPhonehome property](https://clouddocs.f5.com/products/extensions/f5-declarative-onboarding/latest/schema-reference.html#system) to disabled. Using the [autoPhonehome property](https://clouddocs.f5.com/products/extensions/f5-declarative-onboarding/latest/schema-reference.html#system) will prevent BIG-IP from sending telemetry data globally. For more information on how to disable Automatic Phone Home, see this [Overview of the Automatic Update Check and Automatic Phone Home features](https://support.f5.com/csp/article/K15000#1).\n\nHere is an example of the payload that is sent by F5 TEEM\n```json\n\n\"telemetryRecords\": [\n {\n \"platform\": \"BIG-IP\",\n \"platformVersion\": \"14.1.4.6\",\n \"nicConfiguration\": \"multi\",\n \"cloudAccountId\": \"\u003cREDACTED\u003e\",\n \"regkey\": \"\u003cREDACTED\u003e\",\n \"platformDetails\": {\n \"platform\": \"BIG-IP\",\n \"platformVersion\": \"14.1.4.6\",\n \"platformId\": \"Z100\",\n \"system\": {\n \"cpuCount\": 4,\n \"memory\": 15753,\n \"diskSize\": 77824\n },\n \"nicCount\": 2,\n \"modules\": {\n \"ltm\": \"nominal\"\n },\n \"packages\": {},\n \"environment\": {\n \"pythonVersion\": \"Python 2.7.5\",\n \"pythonVersionDetailed\": \"2.7.5 (default, Aug 12 2021, 23:00:20) \\n[GCC 4.8.5 20150623 (Red Hat 4.8.5-16)]\",\n \"nodeVersion\": \"v6.9.1\",\n \"libraries\": {\n \"ssh\": \"OpenSSH_7.4p1, OpenSSL 1.0.2s-fips 28 May 2019\"\n }\n }\n },\n \"templateInfo\": {\n \"install\": \"All operations finished successfully\",\n \"templateName\": \"bigip-standalone.yaml\",\n \"templateVersion\": \"v1.1.0.0\",\n \"nicCount\": 2,\n \"cloud\": \"aws\",\n \"region\": \"us-west-2\",\n \"localization\": \"en-US\"\n },\n \"product\": {\n \"version\": \"1.3.2\",\n \"locale\": \"en-US\",\n \"installDate\": \"2021-11-18T19:29:45.486Z\",\n \"installationId\": \"f4573f4e-dcd7-4a91-8a0a-3704fca5255f\",\n \"installedComponents\": {\n \"commander\": \"^4.1.0\",\n \"winston\": \"^3.3.3\",\n \"get-user-locale\": \"^1.4.0\",\n \"uuid\": \"^8.2.0\",\n \"@f5devcentral/f5-teem\": \"^1.4.6\",\n \"js-yaml\": \"^3.13.1\",\n \"mustache\": \"^4.0.0\",\n \"request\": \"^2.88.0\",\n \"jmespath\": \"^0.15.0\",\n \"netmask\": \"^2.0.2\",\n \"lodash.where\": \"^3.1.0\"\n }\n },\n \"operation\": {\n \"clientRequestId\": \"0a1bad90-2feb-4eb8-afd6-c851b3b4ffce\",\n \"rawCommand\": \"f5-runtime-init -c /config/cloud/onboard_config.yaml\",\n \"pre_onboard_enabled\": {\n \"commands\": 1\n },\n \"runtime_params\": {\n \"secrets\": 3,\n \"metadata\": 6\n },\n \"vaults\": {\n \"aws\": 1,\n \"azure\": 0,\n \"gcp\": 0,\n \"hashicorp\": 2\n },\n \"userAgent\": \"f5-bigip-runtime-init/1.3.2\",\n \"extension_packages\": {\n \"do\": \"1.23.0\",\n \"fast\": \"1.11.0\",\n \"ilx\": \"0.1.0\"\n },\n \"extension_services\": {\n \"do\": true,\n \"as3\": true\n },\n \"post_onboard_enabled\": {\n \"commands\": 3,\n \"postHooks\": 0\n },\n \"result\": \"SUCCESS\",\n \"resultSummary\": \"All operations finished successfully\",\n \"startTime\": \"2021-11-18T19:29:43.325Z\",\n \"endTime\": \"2021-11-18T19:29:43.387Z\",\n \"installParams\": [\n {\n \"key\": \"templateName\",\n \"value\": \"v1.1.0.0/examples/modules/bigip-standalone/bigip-standalone.yaml\"\n }\n ]\n }\n }\n ]\n```\n\n\n## Troubleshooting\n\n### Set Recommended System Database Variables\n\nF5 recommends adding the following to the beginning of your startup scripts to ensure that the iControl REST framework has the necessary resources to successfully provision the BIG-IP instance. These settings must be applied as early as possible in the boot process:\n\n```\n/usr/bin/setdb provision.extramb 1000 || true\n/usr/bin/setdb provision.restjavad.extramb 1384 || /usr/bin/setdb restjavad.useextramb true || true\n/usr/bin/setdb iapplxrpm.timeout 300 || true\n/usr/bin/setdb icrd.timeout 180 || true\n/usr/bin/setdb restjavad.timeout 180 || true\n/usr/bin/setdb restnoded.timeout 180 || true\n```\n\nNote: Not all of these settings apply to all versions of BIG-IP, so the examples above will return true if the command is unsuccessful. F5 recommends using the BIG-IP versions listed in the [Validated BIG-IP versions](#validated-big-ip-versions) table above for best results.\n\n### Log to the Serial Console\n\nF5 recommends adding the following to the beginning of your startup scripts to log the Serial Console as well as provide a consistent logging location. \n\n```\nmkdir -p /var/log/cloud\nLOG_FILE=/var/log/cloud/startup-script.log\nnpipe=/tmp/$$.tmp\ntrap \"rm -f $npipe\" EXIT\nmknod $npipe p\ntee \u003c$npipe -a $LOG_FILE /dev/ttyS0 \u0026\nexec 1\u003e\u0026-\nexec 1\u003e$npipe\nexec 2\u003e\u00261\n```\n\nSome environments have additional resource requirements for the instance to enable the Serial Console/Logging. For instance, see this [Azure example](https://github.com/F5Networks/f5-bigip-runtime-init/blob/main/examples/terraform/azure).\n\nIf the BIG-IP or Service is not reachable, first review the console logs (see your cloud provider for details) for any errors.\n\nIf possible, try to log in to the BIG-IP instance via SSH (mgmt interface) to examine the logs. Serial console login may also be possible but only for partial onboarding successes where passwords were configured successfully (ex. with Declarative Onboarding). To verify the BIG-IP deployment, perform the following steps:\n\n- Check the `startup-script` sent to user_data to make sure it was installed/interpolated correctly:\n - AWS:\n - ```cat /opt/cloud/instance/user-data.txt```\n - Azure:\n - ```cat /var/lib/waagent/CustomData | base64 -d```\n - GCP:\n - Option Not Available\n- Check the logs (in order of invocation):\n - waagent logs:\n - */var/log/waagent.log* *(Azure Only)*\n - cloud-init logs:\n - */var/log/boot.log*\n - */var/log/cloud-init.log*\n - */var/log/cloud-init-output.log*\n - runtime-init logs:\n - */var/log/cloud/startup-script.log*: This file contains events that happen prior to execution of f5-bigip-runtime-init. For example, if the Runtime Init package failed to download, the installer failed to download a file, etc.\n - */var/log/cloud/bigIpRuntimeInit.log*: This file contains events logged by the f5-bigip-runtime-init onboarding utility. If the configuration is invalid causing onboarding to fail, you will see those events logged here. If the deployment is successful, you will see an event with the body \"All operations completed successfully\".\n - Automation Tool Chain logs:\n - */var/log/restnoded/restnoded.log*: This file contains events logged by the BIG-IP Automation Toolchain components. If an Automation Toolchain declaration fails to deploy, you will see more details for those events logged here.\n\n- *GENERAL LOG TIP*: Search for the most critical error level errors first (for example, `egrep -i err /var/log/[log name]`).\n\n\n### BIG-IP Automation Toolchain Components\n\nHelp with troubleshooting individual Automation Toolchain components can be found at F5's [Public Cloud Docs](http://clouddocs.f5.com/cloud/public/v1/):\n- DO: https://clouddocs.f5.com/products/extensions/f5-declarative-onboarding/latest/troubleshooting.html\n- AS3: https://clouddocs.f5.com/products/extensions/f5-appsvcs-extension/latest/userguide/troubleshooting.html\n- FAST: https://clouddocs.f5.com/products/extensions/f5-appsvcs-templates/latest/userguide/troubleshooting.html\n- TS: https://clouddocs.f5.com/products/extensions/f5-telemetry-streaming/latest/userguide/troubleshooting.html\n- CFE: https://clouddocs.f5.com/products/extensions/f5-cloud-failover/latest/userguide/troubleshooting.html\n\n### Extension metadata file\nBIG-IP Runtime Init uses the \"extension metadata\" file (JSON document) to identify package delivery URL for each BIG-IP Automation Toolchain extension. Each Runtime Init build includes an extension metadata file and it is stored under the following directory: src/lib/bigip/toolchain/toolchain_metadata.json\n\nThe latest \"extension metadata\" file is published on F5 CDN under the following location: https://cdn.f5.com/product/cloudsolutions/f5-extension-metadata/latest/metadata.json \nAs a part of the installation workflow, by default, Runtime Init will attempt to fetch the latest available version of the extension metadata from the Internet and will replace the built-in file; however, providing `--skip-toolchain-metadata-sync` flag to the Runtime Init installation allows you to skip extension metadata sync and fall back to the built-in extension metadata file. \n\nIn a situation, when custom extension_metadata file needs to be used, Runtime Init installation allows to override delivery URL for the \"extension metadata\" file using the `--toolchain-metadata-file-url` parameter. See the [Installer](#installer) section for more details. \n\n\n\n## Documentation\nFor more information on BIG-IP cloud solutions, including manual configuration procedures for some deployment scenarios, see F5's [Public Cloud Docs](http://clouddocs.f5.com/cloud/public/v1/).\n\n\n## Getting Help\nThe example declarations in this document are intended to provide reference onboarding configurations for BIG-IP Virtual Editions. Read more about [Support Policies](https://www.f5.com/company/policies/support-policies). \n\n### Filing Issues\nIf you find an issue, we would love to hear about it.\n\n- Use the **Issues** link on the GitHub menu bar in this repository for items such as enhancement or feature requests and non-urgent bug fixes. Tell us as much as you can about what you found and how you found it.\n\n\n## Copyright\nCopyright 2014-2022 F5 Networks Inc.\n\n\n## License\n\n#### Apache V2.0\n\nLicensed under the Apache License, Version 2.0 (the \"License\"); you may not use\nthis file except in compliance with the License. You may obtain a copy of the\nLicense at\n\nhttp://www.apache.org/licenses/LICENSE-2.0\n\nUnless required by applicable law or agreed to in writing, software\ndistributed under the License is distributed on an \"AS IS\" BASIS,\nWITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\nSee the License for the specific language governing permissions and limitations\nunder the License.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ff5networks%2Ff5-bigip-runtime-init","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ff5networks%2Ff5-bigip-runtime-init","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ff5networks%2Ff5-bigip-runtime-init/lists"}