Last updated on: 2024-04-01 03:24:20.
bigip_sslo_service_http – Manage an SSL Orchestrator HTTP security device¶
New in version 1.6.0.
Parameters¶
| Parameter | Choices/Defaults | Configuration | Comments | |
|---|---|---|---|---|
|
auth_offload
boolean
|
|
Enables or disables authentication offload to the HTTP service.
When creating an HTTP service, if the parameter is not provided a default of
false is assumed. |
||
|
auto_manage
boolean
|
|
Enables or disables Internal Service Addressing for HTTP-Proxy service.
When creating an HTTP service, if the parameter is not provided a default of
true is assumed. |
||
|
devices
list
/ elements=dictionary
|
Defines a list of service IP addresses and ports.
Use IP only for transparent proxy, and IP and port for explicit proxy.
|
|||
|
ip
string
|
The nominal IP address for this service.
|
|||
|
port
integer
|
The port for this service.
Required when
proxy_type is explicit. |
|||
|
devices_from
dictionary
|
Specifies the set of network settings for traffic going to the BIG-IP from the service.
|
|||
|
interface
string
|
Defines the interface on the from-service side.
Mutually exclusive with
vlan. |
|||
|
netmask
string
|
Defines the from-service self IP netmask.
|
|||
|
self_ip
string
|
Defines the from-service self IP.
|
|||
|
tag
integer
|
Defines the VLAN tag on the from-service side.
Mutually exclusive with
vlan. |
|||
|
vlan
string
|
Defines an existing VLAN to attach on the from-service side.
Mutually exclusive with the
tag or interface parameters. |
|||
|
devices_to
dictionary
|
Specifies the set of network settings for traffic going to the service from the BIG-IP.
|
|||
|
interface
string
|
Defines the interface on the to-service side.
Mutually exclusive with
vlan. |
|||
|
netmask
string
|
Defines the to-service self IP netmask.
|
|||
|
self_ip
string
|
Defines the to-service self IP.
|
|||
|
tag
integer
|
Defines the VLAN tag on the to-service side.
Mutually exclusive with
vlan. |
|||
|
vlan
string
|
Defines an existing VLAN to attach on the to-service side.
Mutually exclusive with
tag or interface parameter. |
|||
|
dump_json
boolean
|
|
Sets the module to output a JSON blob for further consumption.
When
true, does not make any changes on the device and always returns changed=False.The output provided is idempotent in nature, meaning if there are no changes to be made during
MODIFY on an existing service, no JSON output is generated. |
||
|
ip_family
string
|
|
Specifies the IP family used for attached HTTP security devices.
When creating an ICAP service, if the parameter is not provided a default of
ipv4 is assumed. |
||
|
monitor
string
|
Specifies the monitor attached to the HTTP security device pool.
The monitor must already exist on the BIG-IP.
When creating an HTTP service, if the parameter is not provided a default of
/Common/gateway_icmp is assumed. |
|||
|
name
string
/ required
|
Specifies the name of the HTTP service object.
The configuration auto-prepends
ssloS_ to the object.Names should be less than 14 characters and not contain dashes
-. |
|||
|
port_remap
integer
|
Defines the port to remap decrypted traffic to.
|
|||
|
proxy_type
string
|
|
Specifies the HTTP service as explicit or transparent.
When creating an HTTP service, if the parameter is not provided a default of
transparent is assumed. |
||
|
rules
list
/ elements=string
|
Defines a list of iRules to attach to the service.
|
|||
|
service_down_action
string
|
|
Specifies the action to take on monitor failure.
Setting to
ignore bypasses the security device in the service chain.Setting to
reset or drop resets or drops the connection, respectively if the service monitor fails.When creating an ICAP service, if the parameter is not provided a default value of
ignore is assumed. |
||
|
snat
string
|
|
Defines if and how a SNAT configuration is deployed.
When
none no SNAT configuration is performed. This is the default choice when creating HTTP service if the parameter is not provided.When
automap, SNAT automap is configured.When
snatpool, the SNAT configuration points to an existing SNAT Pool defined by the snatpool parameter.When
snatlist, a new SNAT Pool is created from the provided snatlist. |
||
|
snat_list
list
/ elements=string
|
Defines a list of IP addresses to use in a SNAT pool configuration.
This parameter required when
snat set to snatlist. |
|||
|
snat_pool
string
|
Defines an existing SNAT pool.
This parameter is required when
snat set to snatpool. |
|||
|
state
string
|
|
When
state is present, ensures the object is created or modified.When
state is absent, ensures the service is removed. |
||
|
timeout
integer
|
Default: 300
|
The amount of time to wait for the
CREATE or MODIFY task to complete, in seconds.The accepted value range is between
10 and 1800 seconds. |
||
|
use_exist_selfip
boolean
|
|
Enables using Existing Self-IP addresses to be used for HTTP-Proxy service.
When creating an HTTP service, if the parameter is not provided a default of
false is assumed. |
||
|
vendor_info
string
|
Specifies the vendor-specific HTTP service used. The default is
Generic HTTP Service. |
|||
Examples¶
- name: Create a HTTP service
bigip_sslo_service_http:
name: "proxy1a"
devices_to:
vlan: "/Common/proxy1a-in-vlan"
self_ip: "198.19.96.7"
netmask: "255.255.255.128"
devices_from:
interface: "1.1"
tag: 50
self_ip: "198.19.96.245"
netmask: "255.255.255.128"
devices:
- ip: "198.19.96.30"
- ip: "198.19.96.31"
snat: snatpool
snat_pool: "/Common/proxy1a-snatpool"
proxy_type: "transparent"
auth_offload: true
ip_family: "ipv4"
service_down_action: "reset"
port_remap: 8080
- name: Modify a HTTP service
bigip_sslo_service_http:
name: "proxy1a"
snat: "snatlist"
snat_list:
- "198.19.64.10"
- "198.19.64.11"
- name: Create a HTTP service using exist selfips and exist vlans
bigip_sslo_service_http:
name: "testhttptc02"
proxy_type: "explicit"
use_exist_selfip: true
auto_manage: false
devices_to:
vlan: "/Common/test-vlan"
self_ip: "100.19.101.17"
netmask: "255.255.255.240"
devices_from:
vlan: "/Common/test-vlan2"
self_ip: "100.19.101.18"
netmask: "255.255.255.0"
devices:
- ip: "100.19.101.11"
port: 3128
snat: snatpool
snat_pool: "/Common/proxy1a-snatpool"
auth_offload: true
ip_family: "ipv4"
service_down_action: "reset"
port_remap: 8082
- name: Delete SSLO HTTP service
bigip_sslo_service_http:
name: "proxy1a"
state: "absent"
Return Values¶
The following are the fields unique to this module:
| Key | Returned | Description | |
|---|---|---|---|
|
auth_offload
boolean
|
changed |
Enables or disables authentication offload to the HTTP service.
Sample:
True
|
|
|
devices
complex
|
changed |
The list of service IP addresses and ports.
|
|
|
ip
string
|
The nominal IP address for this service.
Sample:
192.168.1.1
|
||
|
port
string
|
The port for this service.
Sample:
8455
|
||
|
devices_from
complex
|
changed |
Network settings for for-service configuration.
|
|
|
interface
string
|
Defines a from-service interface.
Sample:
1.3
|
||
|
netmask
string
|
Defines the from-service VLAN self IP netmask.
Sample:
255.255.255.128
|
||
|
self_ip
string
|
Defines the from-service VLAN self IP.
Sample:
198.19.64.245
|
||
|
tag
integer
|
Defines a from-service VLAN tag.
Sample:
50
|
||
|
vlan
string
|
Defines an existing for-service VLAN.
Sample:
/Common/proxy1a-from-vlan
|
||
|
devices_to
complex
|
changed |
Network settings for to-service configuration.
|
|
|
interface
string
|
Defines a to-service interface.
Sample:
1.3
|
||
|
netmask
string
|
Defines the to-service VLAN self IP netmask.
Sample:
255.255.255.128
|
||
|
self_ip
string
|
Defines the to-service VLAN self IP.
Sample:
198.19.64.7
|
||
|
tag
integer
|
Defines a to-service VLAN tag.
Sample:
40
|
||
|
vlan
string
|
Defines an existing to-service VLAN.
Sample:
/Common/proxy1a-to-vlan
|
||
|
ip_family
string
|
changed |
The IP family used for attached HTTP security devices.
Sample:
ipv4
|
|
|
monitor
string
|
changed |
The monitor attached to the HTTP security device pool.
Sample:
/Common/gateway_icmp
|
|
|
port_remap
integer
|
changed |
Port remap settings.
Sample:
8080
|
|
|
proxy_type
string
|
changed |
The HTTP service proxy type.
Sample:
transparent
|
|
|
rules
list
|
changed |
List of iRules attached to the service.
Sample:
['/Common/test-rule-1', '/Common/test-rule-2']
|
|
|
service_down_action
string
|
changed |
The action to take on monitor failure.
Sample:
ignore
|
|
|
snat
string
|
changed |
SNAT configuration type.
Sample:
none
|
|
|
snat_pool
string
|
changed |
The name of the existing SNAT pool.
Sample:
/Common/test-snat-pool
|
|
|
snatlist
list
|
changed |
The list of SNAT pool members.
Sample:
['198.19.64.10', '198.19.64.11']
|
|