bigip_sslo_service_http – Manage an SSL Orchestrator HTTP security device

New in version 1.6.0.

Synopsis

  • Manage an SSL Orchestrator HTTP security device.

Parameters

Parameter Choices/Defaults Configuration Comments
auth_offload
boolean
    Choices:
  • no
  • yes
Enables or disables authentication offload to the HTTP service.
When creating an HTTP service, if the parameter is not provided a default of no is assumed.
devices
list / elements=dictionary
Defines a list of service IP addresses and ports.
Use IP only for transparent proxy, and IP and port for explicit proxy.
ip
string
The nominal IP address for this service.
port
integer
The port for this service.
Required when proxy_type is explicit.
devices_from
dictionary
Specifies the set of network settings for traffic going to the BIG-IP from the service.
interface
string
Defines the interface on the from-service side.
Mutually exclusive with vlan.
netmask
string
Defines the from-service self IP netmask.
self_ip
string
Defines the from-service self IP.
tag
integer
Defines the VLAN tag on the from-service side.
Mutually exclusive with vlan.
vlan
string
Defines an existing VLAN to attach on the from-service side.
Mutually exclusive with the tag or interface parameters.
devices_to
dictionary
Specifies the set of network settings for traffic going to the service from the BIG-IP.
interface
string
Defines the interface on the to-service side.
Mutually exclusive with vlan.
netmask
string
Defines the to-service self IP netmask.
self_ip
string
Defines the to-service self IP.
tag
integer
Defines the VLAN tag on the to-service side.
Mutually exclusive with vlan.
vlan
string
Defines an existing VLAN to attach on the to-service side.
Mutually exclusive with tag or interface parameter.
dump_json
boolean
    Choices:
  • no ←
  • yes
Sets the module to output a JSON blob for further consumption.
When yes, does not make any changes on the device and always returns changed=False.
The output provided is idempotent in nature, meaning if there are no changes to be made during MODIFY on an existing service, no JSON output is generated.
ip_family
string
    Choices:
  • ipv4
  • ipv6
Specifies the IP family used for attached HTTP security devices.
When creating an ICAP service, if the parameter is not provided a default of ipv4 is assumed.
monitor
string
Specifies the monitor attached to the HTTP security device pool.
The monitor must already exist on the BIG-IP.
When creating an HTTP service, if the parameter is not provided a default of /Common/gateway_icmp is assumed.
name
string / required
Specifies the name of the HTTP service object.
The configuration auto-prepends ssloS_ to the object.
Names should be less than 14 characters and not contain dashes -.
port_remap
integer
Defines the port to remap decrypted traffic to.
proxy_type
string
    Choices:
  • explicit
  • transparent
Specifies the HTTP service as explicit or transparent.
When creating an HTTP service, if the parameter is not provided a default of transparent is assumed.
rules
list / elements=string
Defines a list of iRules to attach to the service.
service_down_action
string
    Choices:
  • ignore
  • reset
  • drop
Specifies the action to take on monitor failure.
Setting to ignore bypasses the security device in the service chain.
Setting to reset or drop resets or drops the connection, respectively if the service monitor fails.
When creating an ICAP service, if the parameter is not provided a default value of ignore is assumed.
snat
string
    Choices:
  • none
  • automap
  • snatpool
  • snatlist
Defines if and how a SNAT configuration is deployed.
When none no SNAT configuration is performed. This is the default choice when creating HTTP service if the parameter is not provided.
When automap, SNAT automap is configured.
When snatpool, the SNAT configuration points to an existing SNAT Pool defined by the snatpool parameter.
When snatlist, a new SNAT Pool is created from the provided snatlist.
snat_list
list / elements=string
Defines a list of IP addresses to use in a SNAT pool configuration.
This parameter required when snat set to snatlist.
snat_pool
string
Defines an existing SNAT pool.
This parameter is required when snat set to snatpool.
state
string
    Choices:
  • present ←
  • absent
When state is present, ensures the object is created or modified.
When state is absent, ensures the service is removed.
timeout
integer
Default:
300
The amount of time to wait for the CREATE or MODIFY task to complete, in seconds.
The accepted value range is between 10 and 1800 seconds.

Examples

- hosts: all
  collections:
    - f5networks.f5_bigip
  connection: httpapi

  vars:
    ansible_host: "lb.mydomain.com"
    ansible_user: "admin"
    ansible_httpapi_password: "secret"
    ansible_network_os: f5networks.f5_bigip.bigip
    ansible_httpapi_use_ssl: yes

  tasks:
    - name: Create a HTTP service
      bigip_sslo_service_http:
        name: "proxy1a"
        devices_to:
            vlan: "/Common/proxy1a-in-vlan"
            self_ip: "198.19.96.7"
            netmask: "255.255.255.128"
        devices_from:
            interface: "1.1"
            tag: 50
            self_ip: "198.19.96.245"
            netmask: "255.255.255.128"
        devices:
          - ip: "198.19.96.30"
          - ip: "198.19.96.31"
        snat: snatpool
        snat_pool: "/Common/proxy1a-snatpool"
        proxy_type: "transparent"
        auth_offload: true
        ip_family: "ipv4"
        service_down_action: "reset"
        port_remap: 8080

    - name: Modify a HTTP service
      bigip_sslo_service_http:
        name: "proxy1a"
        snat: "snatlist"
        snat_list:
          - "198.19.64.10"
          - "198.19.64.11"

    - name: Delete SSLO HTTP service
      bigip_sslo_service_http:
        name: "proxy1a"
        state: "absent"

Return Values

The following are the fields unique to this module:

Key Returned Description
auth_offload
boolean
changed
Enables or disables authentication offload to the HTTP service.

Sample:
True
devices
complex
changed
The list of service IP addresses and ports.

  ip
string
The nominal IP address for this service.

Sample:
192.168.1.1
  port
string
The port for this service.

Sample:
8455
devices_from
complex
changed
Network settings for for-service configuration.

  interface
string
Defines a from-service interface.

Sample:
1.3
  netmask
string
Defines the from-service VLAN self IP netmask.

Sample:
255.255.255.128
  self_ip
string
Defines the from-service VLAN self IP.

Sample:
198.19.64.245
  tag
integer
Defines a from-service VLAN tag.

Sample:
50
  vlan
string
Defines an existing for-service VLAN.

Sample:
/Common/proxy1a-from-vlan
devices_to
complex
changed
Network settings for to-service configuration.

  interface
string
Defines a to-service interface.

Sample:
1.3
  netmask
string
Defines the to-service VLAN self IP netmask.

Sample:
255.255.255.128
  self_ip
string
Defines the to-service VLAN self IP.

Sample:
198.19.64.7
  tag
integer
Defines a to-service VLAN tag.

Sample:
40
  vlan
string
Defines an existing to-service VLAN.

Sample:
/Common/proxy1a-to-vlan
ip_family
string
changed
The IP family used for attached HTTP security devices.

Sample:
ipv4
monitor
string
changed
The monitor attached to the HTTP security device pool.

Sample:
/Common/gateway_icmp
port_remap
integer
changed
Port remap settings.

Sample:
8080
proxy_type
string
changed
The HTTP service proxy type.

Sample:
transparent
rules
list
changed
List of iRules attached to the service.

Sample:
['/Common/test-rule-1', '/Common/test-rule-2']
service_down_action
string
changed
The action to take on monitor failure.

Sample:
ignore
snat
string
changed
SNAT configuration type.

Sample:
none
snat_pool
string
changed
The name of the existing SNAT pool.

Sample:
/Common/test-snat-pool
snatlist
list
changed
The list of SNAT pool members.

Sample:
['198.19.64.10', '198.19.64.11']


Status

Authors

  • Wojciech Wypior (@wojtek0806)
  • Kevin Stewart (@kevingstewart)