bigip_sslo_config_authentication – Manage an SSL Orchestrator authentication object¶
New in version 1.6.0.
Parameters¶
Parameter | Choices/Defaults | Configuration | Comments | |
---|---|---|---|---|
dump_json
boolean
|
|
Sets the module to output a JSON blob for further consumption.
When
true , does not make any changes on the device and always returns changed=False .The output provided is idempotent in nature, meaning if there are no changes to be made during
MODIFY on an existing service, no JSON output is generated. |
||
name
string
/ required
|
Specifies the name of the authentication object.
The configuration auto-prepends
ssloA_ to the object.Names should be less than 14 characters and not contain dashes
- . |
|||
ocsp
dictionary
|
Specifies an OCSP type authentication object
|
|||
dest
string
|
Defines the OCSP authentication service destination IP address. The address must be valid and provided in CIDR notation.
If a route domain is not indicated in the address, a default
%0 is inserted into the address.This parameter is required when creating new OCSP authentication service.
|
|||
existing_ocsp
string
|
Defines an existing OCSP profile to use. Otherwise the OCSP profile is created automatically.
The name of profile must be provided in the
full_path format e.g. /Common/my_ocsp . |
|||
fqdn
string
|
Defines the fully qualified name of the OCSP authentication service.
This parameter is required when creating a new OCSP authentication service.
|
|||
http_profile
string
|
Defines a custom HTTP profile to apply to the OCSP authentication service virtual server.
The name of profile must be provided in the
full_path format, for example /Common/http .When creating the OCSP authentication service, if the parameter is not provided a default of
/Common/http is assumed. |
|||
ocsp_max_age
integer
|
Defines a maximum age value for the OCSP profile (if not using an existing OCSP profile).
When creating an OCSP authentication service, if the parameter is not provided a default of
604800 is assumed. |
|||
ocsp_nonce
boolean
|
|
Enables or disables OCSP nonce (if not using an existing OCSP profile).
When creating an OCSP authentication service, if the parameter is not provided and
existing_ocsp is not set, the default of true is assumed. |
||
port
integer
|
A custom port for the authentication service.
|
|||
source
string
|
Defines a source IP address filter, the address must be valid and provided in CIDR notation.
If a route domain is not indicated in the address, a default
%0 is inserted into the address.When creating an OCSP authentication service, if the parameter is not provided a default of
0.0.0.0%0/0 is assumed. |
|||
ssl_profile
string
|
Defines the existing SSL settings object to reference in the OCSP authentication.
The configuration auto-prepends
ssloT_ to the object.This parameter is required when creating new OCSP authentication service.
|
|||
tcp_settings_client
string
|
Defines a custom client TCP profile.
The name of profile must be provided in the
full_path format e.g. /Common/f5-tcp-wan .When creating an OCSP authentication service, if the parameter is not provided a default of
/Common/f5-tcp-wan is assumed. |
|||
tcp_settings_server
string
|
Defines a custom server TCP profile.
The name of profile must be provided in the
full_path format e.g. /Common/f5-tcp-lan .When creating an OCSP authentication service, if the parameter is not provided a default of
/Common/f5-tcp-lan is assumed. |
|||
vlans
list
/ elements=string
|
Defines the list of client-facing VLANs for the OCSP authentication service.
The names of VLANs must be provided in the
full_path format e.g. /Common/vlan1 .This parameter is required when creating new OCSP authentication service.
|
|||
state
string
|
|
When
state is present , ensures the object is created or modified.When
state is absent , ensures the service is removed. |
||
timeout
integer
|
Default: 300
|
The amount of time to wait for the
CREATE , MODIFY or DELETE task to complete, in seconds.The accepted value range is between
10 and 1800 seconds. |
Examples¶
- name: Create an SSLO authentication service
bigip_sslo_config_authentication:
name: "example_service"
ocsp:
fqdn: "foo.example.com"
dest: "192.168.1.1/32"
source: "10.10.10.0/24"
ssl_profile: "example_sslo"
vlans:
- "/Common/vlan1"
- "/Common/vlan2"
- name: Modify an SSLO authentication service
bigip_sslo_config_authentication:
name: "example_service"
ocsp:
ssl_profile: "example_sslo"
vlans:
- "/Common/client-vlan"
- "/Common/dlp-vlan"
source: "0.0.0.0%0/0"
- name: Create an SSLO authentication service - output json only
bigip_sslo_config_authentication:
name: "example_service"
ocsp:
fqdn: "foo.example.com"
dest: "192.168.1.1/32"
source: "10.10.10.0/24"
ssl_profile: "example_sslo"
vlans:
- "/Common/vlan1"
- "/Common/vlan2"
dump_json: true
- name: Delete an SSLO authentication service
bigip_sslo_config_authentication:
name: "example_service"
state: absent
Return Values¶
The following are the fields unique to this module:
Key | Returned | Description | |
---|---|---|---|
ocsp
complex
|
changed |
Settings used to define an OCP authentication object.
|
|
dest
string
|
The destination IP address.
Sample:
10.1.10.150/32
|
||
existing_ocsp
string
|
An existing OCSP profile to use for the authentication service.
Sample:
/Common/my-ocsp
|
||
fqdn
string
|
The fully qualified name clients use to access the OCSP authentication service.
Sample:
ocsp.f5labs.com
|
||
http_profile
string
|
A custom HTTP profile to use for the authentication service.
Sample:
/Common/http
|
||
ocsp_max_age
integer
|
A max age value for the OCSP profile (if not using an existing OCSP profile).
Sample:
604800
|
||
ocsp_nonce
boolean
|
Enables or disables nonce in the OCSP profile (if not using an existing OCSP profile).
Sample:
True
|
||
port
integer
|
A custom port for the authentication service.
Sample:
80
|
||
source
string
|
The source IP address filter.
Sample:
0.0.0.0%0/0
|
||
ssl_profile
string
|
The SSL settings object the OCSP authentication service monitors for revocation states.
Sample:
ssl_settings_1
|
||
tcp_settings_client
string
|
A custom client TCP profile to use for the authentication service.
Sample:
/Common/f5-tcp-wan
|
||
tcp_settings_Server
string
|
A custom server TCP profile to use for the authentication service.
Sample:
/Common/f5-tcp-lan
|
||
vlans
string
|
The list of client-facing VLANs to listen on.
Sample:
/Common/client-vlan
|