F5 BIG-IP SSL Orchestrator Training Lab > All SSL Orchestrator Lab Guides > SSLO 301: Automating SSL Orchestrator Deployments in Public Cloud (Agility 2022 | 2 hours) > 4. Automating SSL Orchestrator Topology Configuration with Ansible Source | Edit on
4.6. Review Ansible Playbook¶
Click on playbooks > config-sslo-inbound-l3-complete.yaml to view the playbook. You will use this to deploy an SSL Orchestrator Topology.
This playbook relies on variable values provided by the previously reviewed ansible_vars.yaml file. Variables to be substituted are denoted by {{var_name}}.
The playbook tasks are described below:
Task Name | Module Name | Description |
---|---|---|
Import server cert/key | bigip_ssl_key_cert | Imports application certificate and key files for *.f5labs.com |
Create webapp pool (via as3) | bigip_as3_deploy | Creates an application Pool with an HTTPS monitor using AS3 (declarative API). |
Create an SSLO SSL config with reverse proxy | bigip_sslo_config_ssl | Creates SSL Profile for reverse proxy. |
SSLO LAYER 3 (SNORT1) | bigip_sslo_service_layer3 | Creates inline L3 Service #1 using dmz1 (TO Service) and dmz2 (FROM Service) VLANs. |
SSLO LAYER 3 (SNORT2) | bigip_sslo_service_layer3 | Creates inline L3 Service #2 using dmz3 (TO Service) and dmz4 (FROM Service) VLANs. |
Create SSLO service chain | bigip_sslo_config_service_chain | Creates Service Chain 1 containing only the SNORT1 service. |
Create SSLO service chain | bigip_sslo_config_service_chain | Creates Service Chain 2 containing both the SNORT1 and SNORT2 services. |
SSLO config policy | bigip_sslo_config_policy | Creates a Security Policy with 2 rules. The first rule sends clients from 10.0.0.0/8 to Service Chain #1. The second rule (default rule) sends all other trafic (not matching the first rule) to Service Chain #2. |
Create SSLO Topology | bigip_sslo_config_topology | Creates an Inbound L3 Topology (reverse proxy) with listener address 10.0.2.200/32 and TCP port 443. SNAT Automap is enabled. The Topology references the previously created Pool, SSL Profile, and Security Policy. |