bigip_selfip - Manage Self-IPs on a BIG-IP system
New in version 2.2.
Synopsis
- Manage Self-IPs on a BIG-IP system
Requirements (on host that executes module)
- netaddr
- f5-sdk
Options
parameter | required | default | choices | comments |
---|---|---|---|---|
address | no | The IP addresses for the new self IP. This value is ignored upon update as addresses themselves cannot be changed after they are created. | ||
allow_service | no | Configure port lockdown for the Self IP. By default, the Self IP has a "default deny" policy. This can be changed to allow TCP and UDP ports as well as specific protocols. This list should contain protocol :port values. | ||
name | yes | Value of C(address) | The self IP to create. | |
netmask | yes | The netmasks for the self IP. | ||
password | yes | The password for the user account used to connect to the BIG-IP. This option can be omitted if the environment variable F5_PASSWORD is set. | ||
route_domain (added in 2.3)
| no | none | The route domain id of the system. If none, id of the route domain will be "0" (default route domain) | |
server | yes | The BIG-IP host. This option can be omitted if the environment variable F5_SERVER is set. | ||
server_port (added in 2.2)
| no | 443 | The BIG-IP server port. This option can be omitted if the environment variable F5_SERVER_PORT is set. | |
state | no | present |
| The state of the variable on the system. When present , guarantees that the Self-IP exists with the provided attributes. When absent , removes the Self-IP from the system. |
traffic_group | no | The traffic group for the self IP addresses in an active-active, redundant load balancer configuration. | ||
user | yes | The username to connect to the BIG-IP with. This user must have administrative privileges on the device. This option can be omitted if the environment variable F5_USER is set. | ||
validate_certs (added in 2.0)
| no | True |
| If no , SSL certificates will not be validated. This should only be used on personally controlled sites using self-signed certificates. This option can be omitted if the environment variable F5_VALIDATE_CERTS is set. |
vlan | yes | The VLAN that the new self IPs will be on. |
Examples
- name: Create Self IP bigip_selfip: address: "10.10.10.10" name: "self1" netmask: "255.255.255.0" password: "secret" server: "lb.mydomain.com" user: "admin" validate_certs: "no" vlan: "vlan1" delegate_to: localhost - name: Create Self IP with a Route Domain bigip_selfip: server: "lb.mydomain.com" user: "admin" password: "secret" validate_certs: "no" name: "self1" address: "10.10.10.10" netmask: "255.255.255.0" vlan: "vlan1" route_domain: "10" allow_service: "default" delegate_to: localhost - name: Delete Self IP bigip_selfip: name: "self1" password: "secret" server: "lb.mydomain.com" state: "absent" user: "admin" validate_certs: "no" delegate_to: localhost - name: Allow management web UI to be accessed on this Self IP bigip_selfip: name: "self1" password: "secret" server: "lb.mydomain.com" state: "absent" user: "admin" validate_certs: "no" allow_service: - "tcp:443" delegate_to: localhost - name: Allow HTTPS and SSH access to this Self IP bigip_selfip: name: "self1" password: "secret" server: "lb.mydomain.com" state: "absent" user: "admin" validate_certs: "no" allow_service: - "tcp:443" - "tpc:22" delegate_to: localhost - name: Allow all services access to this Self IP bigip_selfip: name: "self1" password: "secret" server: "lb.mydomain.com" state: "absent" user: "admin" validate_certs: "no" allow_service: - all delegate_to: localhost - name: Allow only GRE and IGMP protocols access to this Self IP bigip_selfip: name: "self1" password: "secret" server: "lb.mydomain.com" state: "absent" user: "admin" validate_certs: "no" allow_service: - gre:0 - igmp:0 delegate_to: localhost - name: Allow all TCP, but no other protocols access to this Self IP bigip_selfip: name: "self1" password: "secret" server: "lb.mydomain.com" state: "absent" user: "admin" validate_certs: "no" allow_service: - tcp:0 delegate_to: localhost
Return Values
Common return values are documented here Return Values, the following are the fields unique to this module:
name | description | returned | type | sample |
---|---|---|---|---|
address | The address for the Self IP | created | string | 192.0.2.10 |
allow_service | Services that allowed via this Self IP | changed | list | ['igmp:0', 'tcp:22', 'udp:53'] |
name | The name of the Self IP | created, changed or deleted | string | self1 |
netmask | The netmask of the Self IP | created or changed | string | 255.255.255.0 |
traffic_group | The traffic group that the Self IP is a member of | changed or created | string | traffic-group-local-only |
vlan | The VLAN set on the Self IP | created or changed | string | vlan1 |
Notes
Note
- Requires the f5-sdk Python package on the host. This is as easy as pip install f5-sdk.
- Requires the netaddr Python package on the host.
Status
This module is flagged as preview which means that it is not guaranteed to have a backwards compatible interface.
For help in developing on modules, should you be so inclined, please read Community Information & Contributing, Testing Ansible and Developing Modules.
© 2012–2018 Michael DeHaan
© 2018–2019 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/2.4/bigip_selfip_module.html