bigip_sslo_config_authentication – Manage an SSL Orchestrator authentication object

New in version 1.6.0.

Synopsis

  • Manage an SSL Orchestrator authentication object.

Parameters

Parameter Choices/Defaults Configuration Comments
dump_json
boolean
    Choices:
  • no ←
  • yes
Sets the module to output a JSON blob for further consumption.
When yes, does not make any changes on the device and always returns changed=False.
The output provided is idempotent in nature, meaning if there are no changes to be made during MODIFY on an existing service, no JSON output is generated.
name
string / required
Specifies the name of the authentication object.
The configuration auto-prepends ssloA_ to the object.
Names should be less than 14 characters and not contain dashes -.
ocsp
dictionary
Specifies an OCSP type authentication object
dest
string
Defines the OCSP authentication service destination IP address. The address must be valid and provided in CIDR notation.
If a route domain is not indicated in the address, a default %0 is inserted into the address.
This parameter is required when creating new OCSP authentication service.
existing_ocsp
string
Defines an existing OCSP profile to use. Otherwise the OCSP profile is created automatically.
The name of profile must be provided in the full_path format e.g. /Common/my_ocsp.
fqdn
string
Defines the fully qualified name of the OCSP authentication service.
This parameter is required when creating a new OCSP authentication service.
http_profile
string
Defines a custom HTTP profile to apply to the OCSP authentication service virtual server.
The name of profile must be provided in the full_path format, for example /Common/http.
When creating the OCSP authentication service, if the parameter is not provided a default of /Common/http is assumed.
ocsp_max_age
integer
Defines a maximum age value for the OCSP profile (if not using an existing OCSP profile).
When creating an OCSP authentication service, if the parameter is not provided a default of 604800 is assumed.
ocsp_nonce
boolean
    Choices:
  • no
  • yes
Enables or disables OCSP nonce (if not using an existing OCSP profile).
When creating an OCSP authentication service, if the parameter is not provided and existing_ocsp is not set, the default of True is assumed.
port
integer
A custom port for the authentication service.
source
string
Defines a source IP address filter, the address must be valid and provided in CIDR notation.
If a route domain is not indicated in the address, a default %0 is inserted into the address.
When creating an OCSP authentication service, if the parameter is not provided a default of 0.0.0.0%0/0 is assumed.
ssl_profile
string
Defines the existing SSL settings object to reference in the OCSP authentication.
The configuration auto-prepends ssloT_ to the object.
This parameter is required when creating new OCSP authentication service.
tcp_settings_client
string
Defines a custom client TCP profile.
The name of profile must be provided in the full_path format e.g. /Common/f5-tcp-wan.
When creating an OCSP authentication service, if the parameter is not provided a default of /Common/f5-tcp-wan is assumed.
tcp_settings_server
string
Defines a custom server TCP profile.
The name of profile must be provided in the full_path format e.g. /Common/f5-tcp-lan.
When creating an OCSP authentication service, if the parameter is not provided a default of /Common/f5-tcp-lan is assumed.
vlans
list / elements=string
Defines the list of client-facing VLANs for the OCSP authentication service.
The names of VLANs must be provided in the full_path format e.g. /Common/vlan1.
This parameter is required when creating new OCSP authentication service.
state
string
    Choices:
  • present ←
  • absent
When state is present, ensures the object is created or modified.
When state is absent, ensures the service is removed.
timeout
integer
Default:
300
The amount of time to wait for the CREATE, MODIFY or DELETE task to complete, in seconds.
The accepted value range is between 10 and 1800 seconds.

Examples

- hosts: all
  collections:
    - f5networks.f5_bigip
  connection: httpapi

  vars:
    ansible_host: "lb.mydomain.com"
    ansible_user: "admin"
    ansible_httpapi_password: "secret"
    ansible_network_os: f5networks.f5_bigip.bigip
    ansible_httpapi_use_ssl: yes

  tasks:
    - name: Create an SSLO authentication service
      bigip_sslo_config_authentication:
        name: "example_service"
        ocsp:
          fqdn: "foo.example.com"
          dest: "192.168.1.1/32"
          source: "10.10.10.0/24"
          ssl_profile: "example_sslo"
          vlans:
            - "/Common/vlan1"
            - "/Common/vlan2"

    - name: Modify an SSLO authentication service
      bigip_sslo_config_authentication:
        name: "example_service"
        ocsp:
          ssl_profile: "example_sslo"
          vlans:
            - "/Common/client-vlan"
            - "/Common/dlp-vlan"
          source: "0.0.0.0%0/0"

    - name: Create an SSLO authentication service - output json only
      bigip_sslo_config_authentication:
        name: "example_service"
        ocsp:
          fqdn: "foo.example.com"
          dest: "192.168.1.1/32"
          source: "10.10.10.0/24"
          ssl_profile: "example_sslo"
          vlans:
            - "/Common/vlan1"
            - "/Common/vlan2"
        dump_json: yes

    - name: Delete an SSLO authentication service
      bigip_sslo_config_authentication:
        name: "example_service"
        state: absent

Return Values

The following are the fields unique to this module:

Key Returned Description
ocsp
complex
changed
Settings used to define an OCP authentication object.

  dest
string
The destination IP address.

Sample:
10.1.10.150/32
  existing_ocsp
string
An existing OCSP profile to use for the authentication service.

Sample:
/Common/my-ocsp
  fqdn
string
The fully qualified name clients use to access the OCSP authentication service.

Sample:
ocsp.f5labs.com
  http_profile
string
A custom HTTP profile to use for the authentication service.

Sample:
/Common/http
  ocsp_max_age
integer
A max age value for the OCSP profile (if not using an existing OCSP profile).

Sample:
604800
  ocsp_nonce
boolean
Enables or disables nonce in the OCSP profile (if not using an existing OCSP profile).

Sample:
True
  port
integer
A custom port for the authentication service.

Sample:
80
  source
string
The source IP address filter.

Sample:
0.0.0.0%0/0
  ssl_profile
string
The SSL settings object the OCSP authentication service monitors for revocation states.

Sample:
ssl_settings_1
  tcp_settings_client
string
A custom client TCP profile to use for the authentication service.

Sample:
/Common/f5-tcp-wan
  tcp_settings_Server
string
A custom server TCP profile to use for the authentication service.

Sample:
/Common/f5-tcp-lan
  vlans
string
The list of client-facing VLANs to listen on.

Sample:
/Common/client-vlan


Status

Authors

  • Wojciech Wypior (@wojtek0806)
  • Kevin Stewart (@kevingstewart)