bigip_sslo_service_layer2 – Manage an SSL Orchestrator Layer 2 security device

New in version 1.6.0.

Synopsis

  • Manage an SSL Orchestrator Layer 2 security device.

Parameters

Parameter Choices/Defaults Configuration Comments
devices
list / elements=dictionary
Specifies the set of network settings for traffic going to the service from the BIG-IP.
Multiple devices are defined as separate list items.
interface_in
string
Defines the interface on the to-service side.
The vlan_in and interface_in and tag_in options are mutually exclusive.
interface_out
string
Defines the interface on the from-service side.
The vlan_out and interface_out and tag_out options are mutually exclusive.
name
string / required
Defines the name of this specific device.
ratio
integer / required
Defines a load balancing ratio setting for this device.
tag_in
integer
Defines the VLAN tag on the to-service side.
tag_out
integer
Defines the VLAN tag on the from-service side (as required).
vlan_in
string
Defines an existing VLAN to attach on the to-service side.
The vlan_in and interface_in and tag_in options are mutually exclusive.
vlan_out
string
Defines an existing VLAN to attach on the from-service side.
The vlan_out and interface_out and tag_out options are mutually exclusive.
dump_json
boolean
    Choices:
  • no ←
  • yes
Sets the module to output a JSON blob for further consumption.
When yes, does not make any changes on the device and always returns changed=False.
The output provided is idempotent in nature, meaning if there are no changes to be made during MODIFY on an existing service no JSON output is generated.
ip_offset
integer
Defines an IP offset integer to be used in the internal IP addressing.
This parameter is required when creating a new L2 service.
Accepted values are in the range of 0 to 30.
This is typically used in a tiered architecture, where a Layer 2 service is shared between multiple standalone SSL Orchestrator instances.
monitor
string
Specifies the monitor attached to the L2 security device pool.
The monitor must already exist on the BIG-IP.
When creating a L2 service, if the parameter is not provided a default of /Common/gateway_icmp is assumed.
name
string / required
Specifies the name of the Layer 2 security service.
The configuration auto-prepends "ssloS_" to the service.
The service name should be less than 14 characters and not contain dashes "-".
port_remap
integer
Defines the port to remap decrypted traffic to.
rules
list / elements=string
Defines a list of iRules to attach to the service.
service_down_action
string
    Choices:
  • ignore
  • reset
  • drop
Specifies the action to take on monitor failure.
Setting to ignore bypasses the security device in the service chain.
Setting to reset or drop resets or drops the connection, respectively if the service monitor fails.
When creating an ICAP service, if the parameter is not provided a default value of ignore is assumed.
state
string
    Choices:
  • present ←
  • absent
When state is present, ensures the object is created or modified.
When state is absent, ensures the service is removed.
timeout
integer
Default:
300
The amount of time to wait for the CREATE or MODIFY task to complete, in seconds.
The accepted value range is between 10 and 1800 seconds.

Examples

- hosts: all
  collections:
    - f5networks.f5_bigip
  connection: httpapi

  vars:
    ansible_host: "lb.mydomain.com"
    ansible_user: "admin"
    ansible_httpapi_password: "secret"
    ansible_network_os: f5networks.f5_bigip.bigip
    ansible_httpapi_use_ssl: yes

  tasks:
    - name: Create SSLO L2 service
      bigip_sslo_service_layer2:
        name: "layer2a"
        devices:
          - name: "FEYE1"
            ratio: 1
            interface_in: "1.1"
            tag_in: 100
            interface_out: "1.1"
            tag_out: 101
        ip_offset: 1
        port_remap: 8283

    - name: Modify SSLO L2 service
      bigip_sslo_service_layer2:
        name: "layer2a"
        devices:
          - name: "FEYE1"
            ratio: 1
            vlan_in: "/Common/L2service_vlan_in"
            interface_out: "1.1"
            tag_out: 101

    - name: Delete SSLO L2 service
      bigip_sslo_service_layer2:
        name: "layer2a"
        state: "absent"

Return Values

The following are the fields unique to this module:

Key Returned Description
devices_ips
list
changed
The list of IP addresses created for each specified device.

Sample:
['hash/dictionary of values']
interfaces
list
changed
The list of interfaces created for each specified device.

Sample:
['hash/dictionary of values']
monitor
string
changed
The monitor attached to the L2 security device pool.

Sample:
/Common/gateway_icmp
networks
list
changed
The list of networks created for each specified device.

Sample:
['hash/dictionary of values']
port_remap
integer
changed
Port remap settings.

Sample:
8080
rules
list
changed
List of iRules attached to the service.

Sample:
['/Common/test-rule-1', '/Common/test-rule-2']
service_down_action
string
changed
The action to take on monitor failure.

Sample:
ignore
service_subnet
dictionary
changed
The service subnet created for L2 inline service

Sample:
['hash/dictionary of values']


Status

Authors

  • Wojciech Wypior (@wojtek0806)
  • Kevin Stewart (@kevingstewart)