bigip_sslo_service_layer3 – Manage an SSL Orchestrator Layer 3 security device

New in version 1.6.0.

Synopsis

  • Manage an SSL Orchestrator Layer 3 security device

Parameters

Parameter Choices/Defaults Configuration Comments
devices
list / elements=dictionary
Defines a list of service IP addresses and ports.
ip
string
The nominal IP address for this service.
port
integer
The port for this service.
devices_from
dictionary
Specifies the set of network settings for traffic going to the BIG-IP from the service.
interface
string
Defines the interface on the from-service side.
Mutually exclusive with vlan.
netmask
string
Defines the from-service self IP netmask.
self_ip
string
Defines the from-service self IP.
tag
integer
Defines the VLAN tag on the from-service side.
Mutually exclusive with vlan.
vlan
string
Defines an existing VLAN to attach on the from-service side.
Mutually exclusive with tag or interface parameter.
devices_to
dictionary
Specifies the set of network settings for traffic going to the service from the BIG-IP.
interface
string
Defines the interface on the to-service side.
Mutually exclusive with vlan.
netmask
string
Defines the to-service self IP netmask.
self_ip
string
Defines the to-service self IP.
tag
integer
Defines the VLAN tag on the to-service side.
Mutually exclusive with vlan.
vlan
string
Defines an existing VLAN to attach on the to-service side.
Mutually exclusive with the tag or interface parameters.
dump_json
boolean
    Choices:
  • no ←
  • yes
Sets the module to output a JSON blob for further consumption.
When yes, does not make any changes on the device and always returns changed=False.
The output provided is idempotent in nature, meaning if there are no changes to be made during MODIFY on an existing service, no JSON output is generated.
ip_family
string
    Choices:
  • ipv4
  • ipv6
Specifies the IP family used for attached L3 inline security devices.
monitor
string
Specifies the monitor attached to the L3 Inline security device pool.
The monitor must already exist on the BIG-IP.
When creating L3 Inline service if the parameter is not provided a default of /Common/gateway_icmp is assumed.
name
string / required
Specifies the name of the Layer 3 security service.
The configuration auto-prepends ssloS_ to the service.
The service name should be less than 14 characters and not contain dashes -.
port_remap
integer
Defines the port to remap decrypted traffic to.
rules
list / elements=string
Defines a list of iRules to attach to the service.
service_down_action
string
    Choices:
  • ignore
  • reset
  • drop
Specifies the action to take on monitor failure.
Setting to ignore bypasses the security device in the service chain.
Setting to reset or drop resets or drops the connection, respectively, if the service monitor fails.
When creating a L3 Inline service, if the parameter is not provided a default value of ignore is assumed.
snat
string
    Choices:
  • none
  • automap
  • snatpool
  • snatlist
Defines if and how a SNAT configuration is deployed.
When none, no SNAT configuration is performed. This is the default choice when creating a L3 inline service if the parameter is not provided.
When automap, SNAT automap is configured.
When snatpool, the SNAT configuration points to existing SNAT Pool defined by the snatpool parameter.
When snatlist, a new SNAT Pool is created from the provided snatlist.
snat_list
list / elements=string
Defines a list of IP addresses to use in a SNAT pool configuration.
This parameter is required when snat set to snatlist.
snat_pool
string
Defines an existing SNAT pool.
This parameter is required when snat is set to snatpool.
state
string
    Choices:
  • absent
  • present ←
Specifies the present/absent state required.
timeout
integer
Default:
300
The amount of time to wait for the CREATE or MODIFY task to complete, in seconds.
The accepted value range is between 10 and 1800 seconds.

Examples

- hosts: all
  collections:
    - f5networks.f5_bigip
  connection: httpapi

  vars:
    ansible_host: "lb.mydomain.com"
    ansible_user: "admin"
    ansible_httpapi_password: "secret"
    ansible_network_os: f5networks.f5_bigip.bigip
    ansible_httpapi_use_ssl: yes

  tasks:
    - name: SSLO LAYER 3 service using exist vlan
      bigip_sslo_service_layer3:
        name: "layer3_test2"
        devices_to:
          vlan: "/Common/testvlan_in"
          self_ip: "198.19.64.7"
          netmask: "255.255.255.128"
        devices_from:
          vlan: "/Common/testvlan_out"
          self_ip: "198.19.64.245"
          netmask: "255.255.255.128"
        devices:
          - ip: "198.19.64.30"
          - ip: "198.19.64.31"
    - name: SSLO LAYER 3 service using interface and to create Vlan and service
      bigip_sslo_service_layer3:
        name: "layer3a"
        devices_to:
          interface: "1.1"
          tag: 40
          self_ip: "198.19.64.7"
          netmask: "255.255.255.128"
        devices_from:
          interface: "1.1"
          tag: 50
          self_ip: "198.19.64.245"
          netmask: "255.255.255.128"
        devices:
          - ip: "198.19.64.30"
          - ip: "198.19.64.31"
    - name: SSLO LAYER 3 service
      bigip_sslo_service_layer3:
        provider: "{{ provider }}"
        name: "layer3a"
        devices_to:
            vlan: "/Common/layer3-in-vlan"
            selfip: "198.19.64.7"
            netmask: "255.255.255.128"
        devices_from:
            interface: "1.3"
            tag: 50
            selfip: "198.19.64.245"
            netmask: "255.255.255.128"
        devices:
          - ip: "198.19.64.30"
          - ip: "198.19.64.31"
        snat: automap
      delegate_to: localhost

Return Values

The following are the fields unique to this module:

Key Returned Description
devices
complex
changed
The list of service IP addresses and ports.

  ip
string
The nominal IP address for this service.

Sample:
192.168.1.1
  port
string
The port for this service.

Sample:
8455
devices_from
complex
changed
Network settings for for-service configuration.

  interface
string
Defines a from-service interface.

Sample:
1.3
  netmask
string
Defines the from-service VLAN self IP netmask.

Sample:
255.255.255.128
  self_ip
string
Defines the from-service VLAN self IP.

Sample:
198.19.64.245
  tag
integer
Defines a from-service VLAN tag.

Sample:
50
  vlan
string
Defines an existing for-service VLAN.

Sample:
/Common/layer3service-to-vlan
devices_to
complex
changed
Network settings for to-service configuration.

  interface
string
Defines a to-service interface.

Sample:
1.3
  netmask
string
Defines the to-service VLAN self IP netmask.

Sample:
255.255.255.128
  self_ip
string
Defines the to-service VLAN self IP.

Sample:
198.19.64.7
  tag
integer
Defines a to-service VLAN tag.

Sample:
40
  vlan
string
Defines an existing to-service VLAN.

Sample:
/Common/layer3service-to-vlan
ip_family
string
changed
The IP family used for attached HTTP security devices.

Sample:
ipv4
monitor
string
changed
The monitor attached to the HTTP security device pool.

Sample:
/Common/gateway_icmp
port_remap
integer
changed
Port remap settings.

Sample:
8080
rules
list
changed
List of iRules attached to the service.

Sample:
['/Common/test-rule-1', '/Common/test-rule-2']
service_down_action
string
changed
The action to take on monitor failure.

Sample:
ignore
snat
string
changed
SNAT configuration type.

Sample:
none
snat_pool
string
changed
The name of the existing SNAT pool.

Sample:
/Common/test-snat-pool
snatlist
list
changed
The list of SNAT pool members.

Sample:
['198.19.64.10', '198.19.64.11']


Status

Authors

  • Ravinder Reddy(@chinthalapalli)
  • Kevin Stewart (@kevingstewart)