Merge pull request #51 from f5devcentral/develop

PR for j-hammer changes
f5devcentral · Jun 26, 2024 · f87ca8f · f87ca8f
2 parents 134befa + 098dd10
commit f87ca8f
Show file tree

Hide file tree

Showing 20 changed files with 69 additions and 76 deletions.
diff --git a/docs/_static/class1/bigip_add.png b/docs/_static/class1/bigip_add.png
diff --git a/docs/_static/class1/dc01_DNS_manager.png b/docs/_static/class1/dc01_DNS_manager.png
diff --git a/docs/_static/class1/dns_sitea_web_shell.png b/docs/_static/class1/dns_sitea_web_shell.png
diff --git a/docs/_static/class1/dns_siteb_web_shell.png b/docs/_static/class1/dns_siteb_web_shell.png
diff --git a/docs/_static/class1/gtm_add.png b/docs/_static/class1/gtm_add.png
diff --git a/docs/_static/class1/gtm_add_finished.png b/docs/_static/class1/gtm_add_finished.png
diff --git a/docs/_static/class1/gtm_add_pword_connect_prompt.png b/docs/_static/class1/gtm_add_pword_connect_prompt.png
diff --git a/docs/_static/class1/gtm_wideip_create.png b/docs/_static/class1/gtm_wideip_create.png
diff --git a/docs/_static/class1/jumpbox_rdp.png b/docs/_static/class1/jumpbox_rdp.png
diff --git a/docs/class1/class1.rst b/docs/class1/class1.rst
@@ -10,7 +10,7 @@ Class 1 - Intro to GSLB
 * Students will add glue records and delegate wip.f5demo.com to the F5 GSLB DNS servers.
 * Convert the A record "www.f5demo.com" to be a CNAME record pointing to *www.wip.f5demo.com*.
 
-At the end of the lab students will have configured F5 GSLB DNS servers to alternately resolve www.example.com to 10.1.10.51 and 10.1.60.51
+At the end of the lab students will have configured F5 GSLB DNS servers to alternately resolve www.f5demo.com to 10.1.10.51 and 10.1.60.51
 
 .. toctree::
    :hidden:

diff --git a/docs/class1/module1/module1.rst b/docs/class1/module1/module1.rst
@@ -6,6 +6,8 @@ Settings
    :maxdepth: 2
    :glob:
 
+.. note::  **It is required to complete the following task only on dns.sitea**
+
 A site specific sync group name will be created, and synchronization will be enabled.
 
 Navigate to: **DNS  ››  Settings : GSLB : General**

diff --git a/docs/class1/module2/lab1.rst b/docs/class1/module2/lab1.rst
@@ -1,37 +1,10 @@
 Logging
 ############################################
 
-Configure DNS query and response logging. Create a "Log Publisher", and a "Logging Profile"
+Configure DNS query and response logging. Create a "Logging Profile"
 
 .. note::  **It is required to complete the following task on both dns.sitea and dns.siteb**
 
-#. Navigate to: **System  ››  Logs : Configuration : Log Publishers**
-
-   .. image:: /_static/class1/system_log_publisher_flyout.png
-      :width: 800
-
-   Create a local syslog publisher according to the table below:
-
-   .. csv-table::
-      :header: "Setting", "Value"
-      :widths: 15, 15
-
-      "Name", "local-syslog-publisher"
-      "Destinations", "local-syslog"
-
-   .. image:: /_static/class1/sys_syslog_publisher_details.png
-      :width: 800
-
-   .. https://gtm1.site1.example.com/tmui/Control/jspmap/tmui/system/log/create_publisher.jsp
-
-   .. https://gtm1.site2.example.com/tmui/Control/jspmap/tmui/system/log/create_publisher.jsp
-
-   On both dns.sitea and dns.siteb run the following command:
-
-   .. admonition:: TMSH
-
-      tmsh create sys log-config publisher local-syslog-publisher { destinations add { local-syslog { } } }
-
 #. Navigate to: **DNS > Delivery > Profiles > Other > DNS Logging: Create**
 
    .. image:: /_static/class1/dns_logging_profile_flyout.png

diff --git a/docs/class1/module3/lab2.rst b/docs/class1/module3/lab2.rst
@@ -6,29 +6,31 @@ A mesh of F5 DNS servers need to exchange keys to establish a trusted mechanism
 .. image:: /_static/class1/establish_trust.png
    :width: 800
 
-Launch WebRDP "Guacomole" and login (username : user password : user)
+Launch Web Shell to Site A DNS
 
-.. image:: /_static/class1/system_webrdp.PNG
+.. image:: /_static/class1/dns_sitea_web_shell.png
    :width: 800
 
-Expand Jumpbox_Windows10_RDP & double-click on Jumpbox_Windows10_RDP
-
-.. image:: /_static/class1/jumpbox_windows10.PNG
-   :width: 800
-
-Launch Putty and login to dns.sitea.f5demo.com (username : root & password : default)
 
 Run the following command:
 
-When prompted for a password use "default".
+Enter 'yes' for any connectivity prompts.  When prompted for a password use "F5demo!!".
 
 .. admonition:: TMSH
 
    bigip_add
 
-.. image:: /_static/class1/putty_gtm1_site1.png
+.. image:: /_static/class1/bigip_add.png
    :width: 800
 
+The 'bigip_add' command pulls the management certificate from the destination BIGIP devices for use during the encrypted iQuery channel setup between GSLB servers in the cluster. When running 'bigip_add' without any options, the command will be run against all BIGIP devices in the GSLB Server list using current username to connect to the endpoints.  You can specifiy a connection username or endpoint IP(s) if needed.
+
+::
+
+   bigip_add <user>@<endpoint_IP>
+   bigip_add <endpoint_IP>
+   bigip_add <endpoint_IP1> <endpoint_IP2>
+
 Navigate to: **DNS  ››  GSLB : Servers : Trusted Server Certificates**
 
 .. https://gtm1.site1.example.com/tmui/Control/jspmap/tmui/locallb/ssl_certificate/properties.jsp?certificate_name=server&store=iquery

diff --git a/docs/class1/module3/lab3.rst b/docs/class1/module3/lab3.rst
@@ -7,19 +7,29 @@ Changes will be automatically replicated across all F5 DNS servers.
 
 Launch WEB SHELL and log in to dns.siteb
 
-Run the following command: Enter the password "default" when prompted.
+.. image:: /_static/class1/dns_siteb_web_shell.png
+   :width: 800
 
-Select "y" to allow the bigip-ip to join the mesh.
+Run the following command: Enter the password "F5demo!!" when prompted.
 
 .. admonition:: TMSH
 
    gtm_add 10.1.10.100
 
-If there are issues run 
+The 'gtm_add' command will pull the configuration from the source device (dns.site1 - 10.1.10.100) overwriting any existing GSLB configuration on the system where the command is run.  Make sure to read the prompts and warnings to confirm that the source/destination is correct.
 
-.. admonition:: TMSH
+.. image:: /_static/class1/gtm_add.png
+   :width: 800
+
+Select "y" to allow dns.siteb to join the GSLB mesh.
 
-   bigstart restart named zrd
+Type 'yes' if prompted to connect.  This will add the endpoint's SSH key to the known_hosts file
 
-.. image:: /_static/class1/putty_gtm1_site2.png
+.. image:: /_static/class1/gtm_add_connect_prompt.png
    :width: 800
+
+Review the command output,  You should see the SSL certs being shared, the config backup, the GTM config pull, the DNS/Zone pull and service restarts.  Check for any errors or warnings.  There shouldn't be any errors or warnings in the lab environment but you may have connectivity/routing related errors outside of the lab - port 22, 443 or 4353 (iQuery port) being blocked by a firewall between F5 DNS systems is common.  If the destination DNS device is not in the GSLB server list of the source DNS device, you will have errors with gtm_add as well.
+
+.. image:: /_static/class1/gtm_add_finished.png
+   :width: 800
+
diff --git a/docs/class1/module4/module4.rst b/docs/class1/module4/module4.rst
@@ -24,8 +24,6 @@ Create a Pool of LTM Virtuals according to the following table:
 .. image:: /_static/class1/create_gtm_pool.png
    :width: 800
 
-TMSH command to run on only dns.sitea:
-
-.. admonition:: TMSH
+.. admonition:: TMSH - Run on only dns.sitea
 
    tmsh create gtm pool a www.f5demo.com_pool { members add { sitea_ltm:/Common/app1_sitea_www.f5demo.com_tcp_https_virtual { member-order 0 } siteb_ltm:/Common/app2_siteb_www.f5demo.com_tcp_https_virtual { member-order 1 } } }
diff --git a/docs/class1/module5/module5.rst b/docs/class1/module5/module5.rst
@@ -1,14 +1,14 @@
 FQDN
 ==============================
 
-F5 refers to an FQDN as a "wide-ip", or "wip".
+F5 refers to an FQDN as a "Wide-IP", or "WIP".
 
 Navigate to: **DNS  ››  GSLB : Wide IPs : Wide IP List**
 
 .. image:: /_static/class1/gtm_wideip_list.png
    :width: 800
 
-Create an F5 "wide IP"
+Create an F5 "Wide IP"
 
 .. csv-table::
    :header: "Setting", "Value"
@@ -23,8 +23,6 @@ Create an F5 "wide IP"
 
 .. https://gtm1.site1.example.com/tmui/Control/jspmap/tmui/globallb/wideip/list.jsp
 
-TMSH command to run on only dns.sitea:
+.. admonition:: TMSH - Run on dns.sitea
 
-.. admonition:: TMSH
-
-   tmsh create gtm wideip a www.wip.f5demo.com {  pools add { www.f5demo.com_pool { order 0 } } aliases add { www.wip.f5demo.com }  load-balancing-decision-log-verbosity { pool-member-selection pool-member-traversal pool-selection pool-traversal} }
+   tmsh create gtm wideip a www.wip.f5demo.com {  pools add { www.f5demo.com_pool { order 0 } } load-balancing-decision-log-verbosity { pool-member-selection pool-member-traversal pool-selection pool-traversal} }
diff --git a/docs/class1/module6/module6.rst b/docs/class1/module6/module6.rst
@@ -1,9 +1,14 @@
 Delegation
 =================================
 
-Log in to the DNS server from the jumpbox (username : Administrator password : 2brJF7ss) , and open the DNS management UI:
+Open an RDP session to the Windows 10 Jumpbox (username : Administrator password : VkEZNEFnnLH).  We will use this session to connect with the Windows 2019 Server, validate DNS resolution and test web applications.
 
-.. image:: /_static/class1/dc01_dns_tools.png
+.. image:: /_static/class1/jumpbox_rdp.png
+   :width: 800
+
+From the Jumpbox, click the DC01 RDP icon on the Desktop to connect to the Windows 2019 Server (username : Administrator password : 2brJF7ss) , and open the DNS management UI from the taskbar icon:
+
+.. image:: /_static/class1/dc01_DNS_manager.png
    :width: 800
 
 .. toctree::

diff --git a/docs/class1/module7/module7.rst b/docs/class1/module7/module7.rst
@@ -1,12 +1,12 @@
 Results
 =================================
 
-#. From the Workstation command prompt type "dig www.f5demo.com"
+#. From the Windows 10 Jumpbox command prompt type "dig www.f5demo.com"
 
    .. image:: /_static/class1/dc01_new_delegation_create_cname_results.png
       :width: 800
 
-#. Observe WIDEIP statistics on dns.sitea: **Statistics  ››  Module Statistics : DNS : GSLB  ››  Wide IPs : www.wip.f5demo.com : A**
+#. Observe Wide-IP statistics on dns.sitea: **Statistics  ››  Module Statistics : DNS : GSLB  ››  Wide IPs : www.wip.f5demo.com : A** (Note: The images show the Wide-IP as www.f5demo.com but you will have www.wip.f5demo.com in the lab.  The TMSH commands reference the correct Wide-IP name)
 
    .. image:: /_static/class1/gtm1_site1_wideip_statistics_flyout.png
       :width: 800
@@ -18,16 +18,14 @@ Results
 
       tmsh show gtm wideip a www.wip.f5demo.com
 
-#. Observe WIDEIP statistics on dns.siteb: **Statistics  ››  Module Statistics : DNS : GSLB  ››  Wide IPs : www.wip.f5demo.com : A**
+#. Observe Wide-IP statistics on dns.siteb: **Statistics  ››  Module Statistics : DNS : GSLB  ››  Wide IPs : www.wip.f5demo.com : A**
 
 #. Disable physical interfaces on dns.siteb:
 
    .. image:: /_static/class1/gtm1_site1_disable_interfaces.png
       :width: 800
 
-   TMSH command to run on only dns.siteb:
-
-   .. admonition:: TMSH
+   .. admonition:: TMSH - run on only dns.siteb
 
       tmsh modify net interface all disabled
 
@@ -36,9 +34,7 @@ Results
 #. Re-enable interfaces on dns.siteb, disable interfaces on dns.sitea.
    Observe statistics on dns.siteb and make sure DNS requests are still resolving.
 
-   TMSH command to run on only dns.siteb:
-
-   .. admonition:: TMSH
+   .. admonition:: TMSH - run on only dns.siteb
 
       tmsh modify net interface all enabled
 
@@ -53,13 +49,11 @@ Results
 
 #. Re-enable interfaces on dns.sitea
 
-   TMSH command to run on only dns.sitea:
-
-   .. admonition:: TMSH
+   .. admonition:: TMSH - run on only dns.sitea
 
       tmsh modify net interface all enabled
 
-#. Using Putty, ssh into dns.sitea and run the following command to watch logs:
+#. Using Putty, ssh into dns.sitea and run the following command to watch logs (use password 'F5demo!!' if prompted:
 
    .. admonition:: TMSH
 

diff --git a/docs/class1/module8/module8.rst b/docs/class1/module8/module8.rst
@@ -26,8 +26,22 @@ Modify the GSLB configuration so that LDNS servers continually receive the same
 
       tmsh modify gtm wideip a www.wip.f5demo.com persistence enabled
 
-#. View Persistence Records
+#. View Persistence Records - There won't be any records at this time
 
    .. admonition:: TMSH
 
       tmsh show gtm persist
+
+#. From the Windows 10 jumpbox, test resolution for www.f5.demo.com multiple times (dig www.f5demo.com).  It will resolve to the same IP each time
+
+#. Recheck Persistence Records - You should see a persistence record for the Windows 2019 Server that is making the query for the Windows 10 client
+
+   .. admonition:: TMSH - Run from either dns.sitea or dns.siteb
+
+      tmsh show gtm persist
+
+#. Disable persistence
+
+   .. admonition:: TMSH - Run from either dns.sitea or dns.siteb
+
+      tmsh modify gtm wideip a www.wip.f5demo.com persistence disabled
diff --git a/docs/class1/module9/module9.rst b/docs/class1/module9/module9.rst
@@ -27,10 +27,8 @@ A network outage can automatically cause DR activation.
 
    .. image:: /_static/class1/router_disable_isp1_site_interface.png
       :width: 800
-
-   TMSH command to run on ltm.sitea to simulate a failure   
-
-   .. admonition:: TMSH
+
+   .. admonition:: TMSH - Run on ltm.sitea
 
       tmsh modify ltm virtual app1_sitea_www.f5demo.com_tcp_https_virtual disabled
 
@@ -48,8 +46,7 @@ A network outage can automatically cause DR activation.
    .. image:: /_static/class1/router_enable_isp1_site_interface.png
       :width: 800
 
-   .. admonition:: TMSH
+   .. admonition:: TMSH - Run on ltm.sitea
 
       tmsh modify ltm virtual app1_sitea_www.f5demo.com_tcp_https_virtual enabled
 
-Note: Even though you re-enabled the primary site1, a persistence record from the previous lab is still in place.