® BIG-IP Virtual Edition and Amazon Web Services: Auto Scaling Version 12.1 Table of Contents Table of Contents BIG-IP VE and AWS Auto Scaling..............................................................................................5 About BIG-IP VE and AWS Auto Scaling........................................................................... 5 Checklist: Prepare for Auto Scaling....................................................................................6 Create AWS policies and attach to IAM user.......................................................... 6 Enter IAM user keys in BIG-IP................................................................................ 7 Auto Scaling Application Servers in AWS................................................................................9 Checklist: Auto Scaling application servers in AWS...........................................................9 Define future pool member attributes...................................................................... 9 Set up pool member discovery................................................................................9 Create a launch configuration for pool members.................................................. 10 Create an Auto Scaling group for pool members.................................................. 10 BIG-IP VE and AWS Auto Scaling............................................................................................13 Checklist: Auto Scaling BIG-IP VEs in AWS.................................................................... 13 Set AWS Auto Scaling group name in BIG-IP VE................................................. 13 Make BIG-IP VE communicate metrics to AWS.................................................... 14 Remove licensing and create an AMI....................................................................14 Create a CloudWatch alarm for custom BIG-IP metrics........................................14 Create a BIG-IP VE launch configuration..............................................................15 Create a BIG-IP VE Auto Scaling group................................................................16 Legal Notices............................................................................................................................ 17 Legal notices.................................................................................................................... 17 3 Table of Contents 4 BIG-IP VE and AWS Auto Scaling About BIG-IP VE and AWS Auto Scaling You can use the AWS Auto Scaling service to automatically create or delete either: • • Application servers (pool members used by BIG-IP® VE), or Instances running BIG-IP VE, as well as the related application servers (pool members). New instances are in a logical grouping called an Amazon Auto Scaling group. Instances are added and removed from the group when an AWS CloudWatch alarm indicates that some threshold (for example, CPU utilization or disk storage) has been reached. For pool member scaling, this threshold is based on EC2 metrics tracked by AWS. For BIG-IP VE scaling, the threshold can be based on custom metrics sent from BIG-IP VE to AWS, or the threshold can be based on EC2 metrics tracked by AWS. When new BIG-IP VE instances are created in an Auto Scaling group, the AWS Elastic Load Balancing (ELB) load balancer discovers them. When application servers are created in an Auto Scaling group, BIG-IP VE discovers them and adds them to the pool. A few things to note about Auto Scaling BIG-IP VE instances: • • • You must use an hourly license for BIG-IP VE. Otherwise, you will have to enter licensing information each time a new instance is created. You must use a single NIC setup, which means using a VPC with only one subnet. This is required, because the Amazon Elastic Load Balancer (ELB) will forward traffic only to the first interface on an EC2 instance (in this case, the BIG-IP VE instance). In a multi-NIC configuration, the first interface (eth0) on BIG-IP VE is used for management traffic. The BIG-IP VEs do not communicate with each other. If one instance goes offline, the AWS ELB load balancer continues sending traffic to any other available BIG-IP VE instances. This guide explains how to create a fairly static configuration of BIG-IP VE and application servers for Auto Scaling. After new BIG-IP VE instances are launched, if you want to change the BIG-IP configuration (for example, to add more virtual servers or pools), you must stop the running instances, BIG-IP VE and AWS Auto Scaling effectively stopping traffic to your applications. If you don't stop the running instances, you could have active instances running different configurations of BIG-IP. Other Auto Scaling configurations are available by using CloudFormation templates (CFTs). CFTs are more flexible and allow for more granular customization of your environment. For more information about CFTs provided by F5®, go to https://github.com/F5Networks. Checklist: Prepare for Auto Scaling Before you can configure Auto Scaling, you should have: • • • • An AWS IAM user and the user's keys. An AWS VPC with a single subnet. An application server within the AWS VPC. An instance of BIG-IP VE, also in the AWS VPC; this instance must be hourly if you're going to scale BIG-IP VEs, and can be hourly or BYOL if you're going to scale pool members only. • • For pool member scaling, the BIG-IP must have a pool with no members. As new application server instances are created, they will be added automatically to the pool. • For pool member scaling, a BIG-IP virtual server. • For BIG-IP VE scaling, a BIG-IP wildcard virtual server where the Destination Address/Mask is set to 0.0.0.0/0 or to the subnet, for example 10.0.0.0/24. This allows the AWS ELB to send traffic to any active BIG-IP VE instance. For BIG-IP VE scaling, an AWS Elastic Load Balancer (ELB) that serves traffic to the BIG-IP instance; the ELB is also in the AWS VPC. You should also complete the following tasks, which are detailed in this guide. □ Create AWS policies and attach them to the IAM user An AWS IAM user must have permission to exchange information between AWS and BIG-IP. □ Enter IAM user keys in BIG-IP For AWS and BIG-IP to communicate, you must enter the keys for the IAM user in the BIG-IP Configuration utility. Create AWS policies and attach to IAM user For the AWS IAM user to communicate with BIG-IP VE, the IAM user needs custom policies that provide permission. You must create these policies and attach them to the IAM user. 1. 2. 3. 4. 5. { 6 In the AWS Management Console, from the Services menu at the top of the screen, select IAM. In the Navigation pane, under Details, select Policies. Click Create Policy. By Create Your Own Policy, click Select. For pool member Auto Scaling, enter this text in the Policy Document field. "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "autoscaling:DescribeAutoScalingGroups", "ec2:describeinstances" ], "Resource": "*" BIG-IP Virtual Edition and Amazon Web Services: Auto Scaling } ] } 6. Enter a name for the policy and click Create Policy. 7. If you are going to use Auto Scaling with BIG-IP VE instances, and you want BIG-IP VE to send metrics to AWS, create another policy, using this text. { } "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "cloudwatch:PutMetricData" ], "Resource": "*" } ] 8. Now assign the policies to your IAM user. a) In the Navigation pane, under Details, select Users. b) Click the user you want to assign the policy to. c) Click the user you want to assign the policy to. d) Click Attach Policy. e) Filter to find the policies you created, click the policy and click Attach Policy. The IAM user now has the policies needed to interact with BIG-IP VE. Next you will enter this user's credentials in the BIG-IP Configuration utility. Enter IAM user keys in BIG-IP For BIG-IP VE and AWS to communicate, an IAM user with sufficient permission must exist in AWS. You must enter the keys for this IAM user into BIG-IP VE. BIG-IP VE will use them to communicate. 1. 2. 3. 4. Log in to the BIG-IP Configuration utility. On the Main tab, click System > Configuration > AWS > Global Settings. In the Access Key field, type the access key. In the Secret Key field, type the secret key. 5. Click Update. 7 BIG-IP VE and AWS Auto Scaling 8 Auto Scaling Application Servers in AWS Checklist: Auto Scaling application servers in AWS This checklist summarizes the tasks required for BIG-IP® VE to discover application server (pool member) instances created by the AWS Auto Scaling service. □ In BIG-IP VE, define attributes for future pool members BIG-IP VE needs to know how new pool members should be configured. Use an iApp for this information. □ In BIG-IP VE, set up pool member discovery BIG-IP VE will poll AWS every 10 minutes and update the pool with the latest pool members. You can change this interval. □ In AWS, create an image (AMI) of the application server instance you want to scale You will specify the image when you create the AWS launch configuration. □ In AWS, create the launch configuration, Auto Scaling group, and CloudWatch alarms The name you entered in the BIG-IP VE iApp for the pool member Auto Scaling group must be the name of the pool member Auto Scaling group in AWS. Each time a new application server instance is created, it is added to the BIG-IP pool. Define future pool member attributes You must specify the properties that BIG-IP® VE should use when creating new pool members. 1. 2. 3. 4. Log in to the BIG-IP Configuration utility. On the Main tab, click iApps > AWS. On the Application Service List screen, click Create. In the Name field, type a name for the Auto Scaling template that will be used to configure new instances. 5. From the Template list, select the template f5-iAppLX-aws-autoscale and click Next. 6. In the Pool Name field, type the name of the pool you created in BIG-IP VE. 7. In the AWS AutoScale Group Name field, type the name of the Auto Scaling group. You will use this name in AWS when you create the Auto Scaling group. Important: If you have other Auto Scaling groups in AWS, ensure that this name is not a duplicate of one that already exists. 8. In the Port Number field, type the port number, based on the type of application this pool member serves. 9. Configure remaining settings as needed. 10. At the bottom of the screen, click Deploy to save your changes. Set up pool member discovery Communication must be set up so that BIG-IP® VE can discover application server (pool member) instances created by the AWS Auto Scaling service. 1. Use SSH to log in to the BIG-IP VE as admin. Auto Scaling Application Servers in AWS Ensure you are at the tmsh prompt, not the bash prompt. 2. Load a script that BIG-IP VE uses to poll AWS periodically for the list of active pool members. load sys config merge file /usr/share/aws/autoscale/aws-autoscale-icallconfig 3. Save the changes. save /sys config Polling happens every 10 minutes (600 seconds). To change the interval, run this case-sensitive tmsh command: modify sys icall handler periodic autoscaleHandler interval <number_of_seconds> Now create an image (AMI) of the application server so you can use it for Auto Scaling. Create a launch configuration for pool members Before you can create a launch configuration for a pool member, you must have an Amazon machine image (AMI) of the pool member you want to use for Auto Scaling. A launch configuration is a template that determines how new virtual instances will be launched. Note: Launch configurations cannot be revised after they are created. 1. 2. 3. 4. In the AWS Management Console, from the Services menu at the top of the screen, select EC2. In the Navigation pane, under AUTO SCALING, select Launch Configurations. From the My AMIs list, select the pool member image. Specify settings appropriate for your use. Setting Details Enable CloudWatch detailed monitoring Select this option. Advanced Details > IP Address Type > Assign Select this option to assist with troubleshooting. a public IP address to every instance Advanced Details > User data > As text If you want to use different credentials to launch new instances, enter this text: AWS_ACCESS_KEY,<user_access_key> AWS_SECRET_KEY,<user_secret_key> Configure Security Group Select an existing group that is associated with the VPC. 5. Click Create launch configuration. Create an Auto Scaling group for pool members Auto Scaling groups are a logical grouping of auto scaled instances. In order for AWS to automatically create application servers, you must create an Auto Scaling group with CloudWatch alarms that trigger Auto Scaling. 1. In the AWS Management Console, from the Services menu at the top of the screen, select EC2. 2. In the Navigation pane, under AUTO SCALING, select Auto Scaling groups and Create Auto Scaling group. 3. Specify settings appropriate for your use. 10 BIG-IP Virtual Edition and Amazon Web Services: Auto Scaling Setting Details Group name Type the autoscale-group name you specified when you defined the Auto Scaling resources in the iApp. Network and Subnet Select the virtual private cloud (VPC) and its subnet (10.0.0.0/24). Receive traffic from Elastic Load Balancer(s) Clear this check box. Traffic to the pool members is coming from BIG-IP VE, not the AWS ELB. Use scaling policies to adjust the capacity of this group Select this option, enter the minimum and maximum number of instances, and create alarms that will trigger Auto Scaling. 4. When done, click Create Auto Scaling group. New instances will be created and removed based on the alarms you created. When new instances start, BIG-IP VE will add them to the pool. When instances terminate, they will no longer be active in the pool. 11 Auto Scaling Application Servers in AWS 12 BIG-IP VE and AWS Auto Scaling Checklist: Auto Scaling BIG-IP VEs in AWS This checklist summarizes the tasks required to use Auto Scaling with BIG-IP® VE. □ In BIG-IP VE, specify the Auto Scaling group name you will use in AWS BIG-IP VE needs to know the name you plan to use for the AWS Auto Scaling group. You will create a group with this name later in AWS. • modify sys autoscale-group autoscale-group-id <groupname> □ Optional. In BIG-IP VE, set up communication of metrics to AWS BIG-IP VE can send metrics about its health to AWS; you can use these metrics to trigger Auto Scaling. If you want to use AWS metrics instead, you do not need to perform this task. • load sys config merge file /usr/share/aws/metrics/aws-cloudwatch-icallmetrics-config □ In BIG-IP VE, finalize the instance by removing license files You must remove license files specific to this instance of BIG-IP VE. This ensures that new instances created from the image retrieve new licensing from F5. • run util finalize-custom-ami □ In AWS, create an image of the BIG-IP VE instance you want to scale Shut down BIG-IP VE and create an Amazon machine image (AMI). This image will be used to create new instances. □ In AWS, create a CloudWatch alarm If you want to use BIG-IP metrics to trigger Auto Scaling, create the CloudWatch alarm before creating the launch configuration. If you want to use AWS metrics, you do not need this task; you can create the alarm while creating the Auto Scaling group. □ In AWS, create a launch configuration and Auto Scaling group The name you entered in BIG-IP VE for the Auto Scaling group must be the name of the AWS Auto Scaling group. Each time a new BIG-IP VE instance is created, it is added to the AWS ELB. Set AWS Auto Scaling group name in BIG-IP VE Before you can create an Auto Scaling group for BIG-IP VEs in AWS, you must log in to BIG-IP VE and specify the name that you plan to use for the Auto Scaling group. 1. Use SSH to log in to the BIG-IP VE as admin. Ensure you are at the tmsh prompt, not the bash prompt. 2. Specify a name for the group. Important: If you have other Auto Scaling groups in AWS, ensure that this name is not a duplicate of one that already exists. modify sys autoscale-group autoscale-group-id <group_name> 3. Confirm that the group name was updated successfully. list sys autoscale-group BIG-IP VE and AWS Auto Scaling 4. Save the changes. save /sys config Later you will use this name for the Auto Scaling group in AWS. Make BIG-IP VE communicate metrics to AWS If you plan to use BIG-IP® metrics to trigger Auto Scaling of BIG-IP VE instances, you must enable a script to send the metrics from BIG-IP VE to AWS. 1. Use SSH to log in to the BIG-IP VE as admin. Ensure you are at the tmsh prompt, not the bash prompt. 2. Load a script that BIG-IP VE uses to periodically send metrics to AWS. load sys config merge file /usr/share/aws/metrics/aws-cloudwatch-icallmetrics-config 3. Save the changes. save /sys config When the metrics are being sent to AWS, you can see them in the AWS console in the CloudWatch Metrics area. Note: Communication happens every 10 minutes (600 seconds). To change the interval, run this casesensitive tmsh command: modify sys icall handler periodic metricUploadHandler interval <number_of_seconds> Remove licensing and create an AMI You must remove licensing information from the BIG-IP® VE instance before creating an image of it. This allows new instances to be licensed automatically. 1. Use SSH to log in to the BIG-IP VE as admin. Ensure you are at the tmsh prompt, not the bash prompt. 2. Remove licensing files. run util finalize-custom-ami 3. In AWS, stop the instance and create an image (AMI) by right-clicking the instance and clicking Image > Create Image. The AMI will be used to create new BIG-IP VE instances. Create a CloudWatch alarm for custom BIG-IP metrics CloudWatch alarms are the triggers that determine when Auto Scaling policies are invoked. To auto scale instances of BIG-IP® VE, you can use AWS metrics or metrics provided by BIG-IP. If you want to use metrics provided by BIG-IP, complete the following steps. 1. In the AWS Management Console, from the Services menu, select CloudWatch. 14 BIG-IP Virtual Edition and Amazon Web Services: Auto Scaling 2. In the Navigation pane, under ALARM, select ALARM. 3. Click Create Alarm. 4. In the Custom Metrics area, in the list, click the name of the custom metrics you created earlier. 5. In the BIGIPMetrics > Metrics with no dimensions list, select the metric you want to trigger the alarm. 6. Click Next. 7. Type a name for the alarm and specify where to send the notification. 8. Click Create Alarm. Now you can create an Auto Scaling group that uses this alarm to trigger Auto Scaling. Create a BIG-IP VE launch configuration Before you can create a BIG-IP® VE launch configuration, you must have an Amazon machine image (AMI) of BIG-IP VE that you want to use as the model for AWS to generate new instances. A launch configuration is a template that determines how new instances will be launched. To scale BIGIP VE instances, you must create a launch configuration. Note: Launch configurations cannot be revised after they are created. 1. 2. 3. 4. 5. In the AWS Management Console, from the Services menu at the top of the screen, select EC2. In the Navigation pane, under AUTO SCALING, select Launch Configurations. Click Create launch configuration. From the My AMIs list, select the BIG-IP VE image. Specify settings appropriate for your use. Setting Details Enable CloudWatch detailed monitoring Select this option. Advanced Details > IP Address Type > Assign Select this option. BIG-IP VE must access the a public IP address to every instance internet when it launches, so it can be licensed with F5. Advanced Details > User data > As text If you want to use different credentials to launch new instances, enter this text: AWS_ACCESS_KEY,<user_access_key> AWS_SECRET_KEY,<user_secret_key> Configure Security Group Select an existing group that is associated with the VPC. 6. Click Create launch configuration. 15 BIG-IP VE and AWS Auto Scaling Create a BIG-IP VE Auto Scaling group Auto Scaling groups are a logical grouping of auto scaled instances. In order for AWS to automatically create BIG-IP VE instances, you must create an Auto Scaling group with CloudWatch alarms that trigger Auto Scaling. Important: After you complete this task, any changes to the BIG-IP configuration will require you to stop running instances of BIG-IP VE, effectively stopping traffic to your applications. Be sure BIG-IP is configured properly before proceeding. 1. In the AWS Management Console, from the Services menu at the top of the screen, select EC2. 2. In the Navigation pane, under AUTO SCALING, select Auto Scaling groups. 3. Click Create Auto Scaling group and create an Auto Scaling group associated with your BIG-IP VE launch configuration. 4. Specify settings appropriate for your use. Setting Details Group name Type the name of the Auto Scaling group you created in tmsh. Network and Subnet Select the virtual private cloud (VPC) and its subnet (10.0.0.0/24). Receive traffic from Elastic Load Balancer(s) Select this check box and choose your ELB. This ensures that traffic flows from AWS ELB load balancer to the BIG-IP VE instances. Use scaling policies to adjust the capacity of this group Set the minimum and maximum number of instances and add an alarm. If you want to use BIG-IP metrics to trigger scaling of BIG-IP instances, from the Execute policy when list, select the CloudWatch alarm you created previously. 5. When done, click Create Auto Scaling group. BIG-IP VE instances are created based on the alarms you specified. 16 Legal Notices Legal notices Publication Date This document was published on August 12, 2016. Publication Number MAN-0624-00 Copyright Copyright © 2016, F5 Networks, Inc. All rights reserved. F5 Networks, Inc. (F5) believes the information it furnishes to be accurate and reliable. However, F5 assumes no responsibility for the use of this information, nor any infringement of patents or other rights of third parties which may result from its use. No license is granted by implication or otherwise under any patent, copyright, or other intellectual property right of F5 except as specifically described by applicable user licenses. F5 reserves the right to change specifications at any time without notice. Trademarks For a current list of F5 trademarks and service marks, see http://www.f5.com/about/guidelines-policies/ trademarks/. All other product and company names herein may be trademarks of their respective owners. Patents This product may be protected by one or more patents indicated at: https://f5.com/about-us/policies/ patents Export Regulation Notice This product may include cryptographic software. Under the Export Administration Act, the United States government may consider it a criminal offense to export this product from the United States. Legal Notices 18 Index Index A alarms creating for CloudWatch 14 attaching policies to IAM user 6 auto discovery of pool members 5, 9 Auto Scaling defining pool members 9 Auto Scaling BIG-IP VE 5 Auto Scaling group creating 10, 16 Auto Scaling group for BIG-IP VE setting name 13 Auto Scaling pool members 10 Auto Scaling pool members in AWS checklist 9, 13 Auto Scaling prerequisties 6 B BIG-IP VE creating Auto Scaling group 16 creating launch configuration 15 BIG-IP VE and AWS sending metrics 14 C CloudWatch alarms creating 14 communication between BIG-IP VE and AWS 9 F finalize BIG-IP VE for Auto Scaling 14 P pool member creating Auto Scaling group 10 pool member discovery 9 pool members in AWS 10 19 Index 20