bigip_selfip - Manage Self-IPs on a BIG-IP system

New in version 2.2.

Synopsis

  • Manage Self-IPs on a BIG-IP system

Requirements (on host that executes module)

  • netaddr
  • f5-sdk

Options

parameter required default choices comments
address
no
The IP addresses for the new self IP. This value is ignored upon update as addresses themselves cannot be changed after they are created.
allow_service
no
Configure port lockdown for the Self IP. By default, the Self IP has a "default deny" policy. This can be changed to allow TCP and UDP ports as well as specific protocols. This list should contain protocol:port values.
name
yes Value of C(address)
The self IP to create.
netmask
yes
The netmasks for the self IP.
password
yes
The password for the user account used to connect to the BIG-IP. This option can be omitted if the environment variable F5_PASSWORD is set.
route_domain
(added in 2.3)
no none
The route domain id of the system. If none, id of the route domain will be "0" (default route domain)
server
yes
The BIG-IP host. This option can be omitted if the environment variable F5_SERVER is set.
server_port
(added in 2.2)
no 443
The BIG-IP server port. This option can be omitted if the environment variable F5_SERVER_PORT is set.
state
no present
  • absent
  • present
The state of the variable on the system. When present, guarantees that the Self-IP exists with the provided attributes. When absent, removes the Self-IP from the system.
traffic_group
no
The traffic group for the self IP addresses in an active-active, redundant load balancer configuration.
user
yes
The username to connect to the BIG-IP with. This user must have administrative privileges on the device. This option can be omitted if the environment variable F5_USER is set.
validate_certs
(added in 2.0)
no True
  • True
  • False
If no, SSL certificates will not be validated. This should only be used on personally controlled sites using self-signed certificates. This option can be omitted if the environment variable F5_VALIDATE_CERTS is set.
vlan
yes
The VLAN that the new self IPs will be on.

Examples

- name: Create Self IP
  bigip_selfip:
      address: "10.10.10.10"
      name: "self1"
      netmask: "255.255.255.0"
      password: "secret"
      server: "lb.mydomain.com"
      user: "admin"
      validate_certs: "no"
      vlan: "vlan1"
  delegate_to: localhost

- name: Create Self IP with a Route Domain
  bigip_selfip:
      server: "lb.mydomain.com"
      user: "admin"
      password: "secret"
      validate_certs: "no"
      name: "self1"
      address: "10.10.10.10"
      netmask: "255.255.255.0"
      vlan: "vlan1"
      route_domain: "10"
      allow_service: "default"
  delegate_to: localhost

- name: Delete Self IP
  bigip_selfip:
      name: "self1"
      password: "secret"
      server: "lb.mydomain.com"
      state: "absent"
      user: "admin"
      validate_certs: "no"
  delegate_to: localhost

- name: Allow management web UI to be accessed on this Self IP
  bigip_selfip:
      name: "self1"
      password: "secret"
      server: "lb.mydomain.com"
      state: "absent"
      user: "admin"
      validate_certs: "no"
      allow_service:
          - "tcp:443"
  delegate_to: localhost

- name: Allow HTTPS and SSH access to this Self IP
  bigip_selfip:
      name: "self1"
      password: "secret"
      server: "lb.mydomain.com"
      state: "absent"
      user: "admin"
      validate_certs: "no"
      allow_service:
          - "tcp:443"
          - "tpc:22"
  delegate_to: localhost

- name: Allow all services access to this Self IP
  bigip_selfip:
      name: "self1"
      password: "secret"
      server: "lb.mydomain.com"
      state: "absent"
      user: "admin"
      validate_certs: "no"
      allow_service:
          - all
  delegate_to: localhost

- name: Allow only GRE and IGMP protocols access to this Self IP
  bigip_selfip:
      name: "self1"
      password: "secret"
      server: "lb.mydomain.com"
      state: "absent"
      user: "admin"
      validate_certs: "no"
      allow_service:
          - gre:0
          - igmp:0
  delegate_to: localhost

- name: Allow all TCP, but no other protocols access to this Self IP
  bigip_selfip:
      name: "self1"
      password: "secret"
      server: "lb.mydomain.com"
      state: "absent"
      user: "admin"
      validate_certs: "no"
      allow_service:
          - tcp:0
  delegate_to: localhost

Return Values

Common return values are documented here Return Values, the following are the fields unique to this module:

name description returned type sample
address
The address for the Self IP
created string 192.0.2.10
allow_service
Services that allowed via this Self IP
changed list ['igmp:0', 'tcp:22', 'udp:53']
name
The name of the Self IP
created, changed or deleted string self1
netmask
The netmask of the Self IP
created or changed string 255.255.255.0
traffic_group
The traffic group that the Self IP is a member of
changed or created string traffic-group-local-only
vlan
The VLAN set on the Self IP
created or changed string vlan1

Notes

Note

  • Requires the f5-sdk Python package on the host. This is as easy as pip install f5-sdk.
  • Requires the netaddr Python package on the host.

Status

This module is flagged as preview which means that it is not guaranteed to have a backwards compatible interface.

For help in developing on modules, should you be so inclined, please read Community Information & Contributing, Testing Ansible and Developing Modules.

© 2012–2018 Michael DeHaan
© 2018–2019 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/2.4/bigip_selfip_module.html