bigip_sslo_service_icap – Manage an SSL Orchestrator ICAP security device

New in version 1.6.0.

Synopsis

  • Manage an SSL Orchestrator ICAP security device.

Parameters

Parameter Choices/Defaults Configuration Comments
allow_http10
boolean
    Choices:
  • no
  • yes
Enables or disables HTTP/1.0 support to ICAP.
When creating an ICAP service, if the parameter is not provided a default value of no is assumed.
devices
list / elements=dictionary
Specifies a list of listening IP:ports for each ICAP security device.
This parameter is required when creating a new ICAP service object.
ip
string
Specifies the IP address for the ICAP security device.
port
integer
Specifies the port for the ICAP security device.
Valid value range is from 0 to 65535.
dump_json
boolean
    Choices:
  • no ←
  • yes
Sets the module to output a JSON blob for further consumption.
When yes, does not make any changes on the device and always returns changed=False.
The output provided is idempotent in nature, meaning if there are no changes to be made during MODIFY on an existing service, no JSON output is generated.
enable_one_connect
boolean
    Choices:
  • no
  • yes
Enables or disables OneConnect optimization to the ICAP server.
When creating an ICAP service, if the parameter is not provided a default value of yes is assumed.
headers
dictionary
Settings related to custom headers to be inserted to the ICAP server.
enable
boolean
    Choices:
  • no
  • yes
Enables or disables custom headers to be inserted to the ICAP server.
If yes, the referrer, host, user_agent and h_from parameters are mandatory when creating a new service object.
When creating an ICAP service, if the parameter is not provided a default of value no is assumed.
h_from
string
Specifies a From header to pass to the ICAP service.
Required when creating a new service object with enable value set to yes.
host
string
Specifies a Host header to pass to the ICAP service.
Required when creating a new service object with enable value set to yes.
referrer
string
Specifies a Referrer header to pass to the ICAP service.
Required when creating a new service object with enable value set to yes.
user_agent
string
Specifies a User-Agent header to pass to the ICAP service.
Required when creating a new service object with enable value set to yes.
ip_family
string
    Choices:
  • ipv4
  • ipv6
  • both
Specifies the IP family used for attaching ICAP security devices.
When creating an ICAP service, if the parameter is not provided a default of ipv4 is assumed.
monitor
string
Specifies the monitor attached the ICAP security device pool. The monitor must already exist on the BIG-IP.
When creating an ICAP service, if the parameter is not provided a default of /Common/tcp is assumed.
name
string / required
Specifies the name of the ICAP service object.
The configuration auto-prepends ssloS_ to the object.
Names should be less than 14 characters and not contain dashes -.
preview_length
integer
Specifies the ICAP preview length value, in bytes.
Valid value range is from 0 to 51200 bytes.
When creating an ICAP service, if the parameter is not provided a default value of 1024 is assumed.
request_uri
string
Specifies the ICAP request URI. This URI must always start with a forward slash / e.g. /avscan.
When creating an ICAP service, if the parameter is not provided a default value of / is assumed.
response_uri
string
Specifies the ICAP response URI. This URI must always start with a forward slash / e.g. /avscan.
When creating an ICAP service, if the parameter is not provided a default value of / is assumed.
service_down_action
string
    Choices:
  • ignore
  • reset
  • drop
Specifies the action to take on monitor failure.
Setting to ignore bypasses the security device in the service chain.
Setting to reset or drop resets or drops the connection, respectively, if the service monitor fails.
When creating an ICAP service, if the parameter is not provided a default value of ignore is assumed.
state
string
    Choices:
  • present ←
  • absent
When state is present, ensures the object is created or modified.
When state is absent, ensures the service is removed.
timeout
integer
Default:
300
The amount of time to wait for the CREATE, MODIFY or DELETE task to complete, in seconds.
The accepted value range is between 10 and 1800 seconds.

Examples

- hosts: all
  collections:
    - f5networks.f5_bigip
  connection: httpapi

  vars:
    ansible_host: "lb.mydomain.com"
    ansible_user: "admin"
    ansible_httpapi_password: "secret"
    ansible_network_os: f5networks.f5_bigip.bigip
    ansible_httpapi_use_ssl: yes

  tasks:
    - name: Create SSLO ICAP service
      bigip_sslo_service_icap:
        name: "icap1"
        ip_family: "ipv4"
        devices:
          - ip: "1.1.1.1"
            port: 1344
          - ip: "2.2.2.2"
            port: 1348
        headers:
          enable: yes
          h_from: "foo_from"
          host: "foo_host"
          user_agent: "foo_ua"
          referrer: "foo_referrer"
        enable_one_connect: no
        preview_length: 2048
        service_down_action: "drop"
        allow_http10: yes

    - name: Modify SSLO ICAP service
      bigip_sslo_service_icap:
        name: "icap1"
        request_uri: "/avscan"
        response_uri: "/avscan"
        preview_length: 1024
        headers:
          enable: no

    - name: Delete SSLO ICAP service
      bigip_sslo_service_icap:
        name: "icap1"
        state: "absent"

Return Values

The following are the fields unique to this module:

Key Returned Description
allow_http10
boolean
changed
Enables or disables HTTP/1.0 support to ICAP.

Sample:
True
devices
complex
changed
A list of listening IP:ports for each ICAP security device.

  ip
string
changed
The IP address for the ICAP security device.

Sample:
1.1.1.1
  port
integer
changed
The port for the ICAP security device.

Sample:
1344
enable_one_connect
boolean
changed
Enables or disables OneConnect optimization to the ICAP server.

Sample:
True
headers
complex
changed
Settings related to custom headers to be inserted to the ICAP server.

  enable
boolean
changed
Enables or disables custom headers to be inserted to the ICAP server.

Sample:
True
  h_from
string
changed
The From header to pass to the ICAP service.

Sample:
my_from
  host
string
changed
The Host header to pass to the ICAP service.

Sample:
my_host
  referrer
string
changed
The Referrer header to pass to the ICAP service.

Sample:
my_referrer
  user_agent
string
changed
The User-Agent header to pass to the ICAP service

Sample:
my_user_agent
ip_family
string
changed
The IP family used for attached ICAP security devices.

Sample:
ipv4
monitor
string
changed
The monitor attached the ICAP security device pool.

Sample:
/Common/tcp
preview_length
integer
changed
The ICAP preview length value, in bytes.

Sample:
1024
request_uri
string
changed
The ICAP request URI.

Sample:
/avscan
response_uri
string
changed
The ICAP response URI.

Sample:
/avscan
service_down_action
string
changed
The action to take on monitor failure.

Sample:
ignore


Status

Authors

  • Wojciech Wypior (@wojtek0806)
  • Kevin Stewart (@kevingstewart)