bigip_ssl_certificate - Import/Delete certificates from BIG-IP.
New in version 2.2.
Synopsis
- This module will import/delete SSL certificates on BIG-IP LTM. Certificates can be imported from certificate and key files on the local disk, in PEM format.
Requirements (on host that executes module)
- f5-sdk >= 1.5.0
- BIG-IP >= v12
Options
| parameter | required | default | choices | comments |
|---|---|---|---|---|
| cert_content | no | When used instead of 'cert_src', sets the contents of a certificate directly to the specified value. This is used with lookup plugins or for anything with formatting or templating. Either one of key_src, key_content, cert_src or cert_content must be provided when state is present. | ||
| cert_src | no | This is the local filename of the certificate. Either one of key_src, key_content, cert_src or cert_content must be provided when state is present. | ||
| key_content | no | When used instead of 'key_src', sets the contents of a certificate key directly to the specified value. This is used with lookup plugins or for anything with formatting or templating. Either one of key_src, key_content, cert_src or cert_content must be provided when state is present. | ||
| key_src | no | This is the local filename of the private key. Either one of key_src, key_content, cert_src or cert_content must be provided when state is present. | ||
| name | yes | SSL Certificate Name. This is the cert/key pair name used when importing a certificate/key into the F5. It also determines the filenames of the objects on the LTM (:Partition:name.cer_11111_1 and :Partition_name.key_11111_1). | ||
| passphrase | no | Passphrase on certificate private key | ||
| password | yes | The password for the user account used to connect to the BIG-IP. This option can be omitted if the environment variable F5_PASSWORD is set. | ||
| server | yes | The BIG-IP host. This option can be omitted if the environment variable F5_SERVER is set. | ||
| server_port (added in 2.2)
| no | 443 | The BIG-IP server port. This option can be omitted if the environment variable F5_SERVER_PORT is set. | |
| state | no | present |
| Certificate and key state. This determines if the provided certificate and key is to be made present on the device or absent. |
| user | yes | The username to connect to the BIG-IP with. This user must have administrative privileges on the device. This option can be omitted if the environment variable F5_USER is set. | ||
| validate_certs (added in 2.0)
| no | True |
| If no, SSL certificates will not be validated. This should only be used on personally controlled sites using self-signed certificates. This option can be omitted if the environment variable F5_VALIDATE_CERTS is set. |
Examples
- name: Import PEM Certificate from local disk
bigip_ssl_certificate:
name: "certificate-name"
server: "lb.mydomain.com"
user: "admin"
password: "secret"
state: "present"
cert_src: "/path/to/cert.crt"
key_src: "/path/to/key.key"
delegate_to: localhost
- name: Use a file lookup to import PEM Certificate
bigip_ssl_certificate:
name: "certificate-name"
server: "lb.mydomain.com"
user: "admin"
password: "secret"
state: "present"
cert_content: "{{ lookup('file', '/path/to/cert.crt') }}"
key_content: "{{ lookup('file', '/path/to/key.key') }}"
delegate_to: localhost
- name: "Delete Certificate"
bigip_ssl_certificate:
name: "certificate-name"
server: "lb.mydomain.com"
user: "admin"
password: "secret"
state: "absent"
delegate_to: localhost
Return Values
Common return values are documented here Return Values, the following are the fields unique to this module:
| name | description | returned | type | sample |
|---|---|---|---|---|
| cert_checksum | SHA1 checksum of the cert that was provided. | changed and created | string | f7ff9e8b7bb2e09b70935a5d785e0cc5d9d0abf0 |
| cert_filename | The name of the SSL certificate. The cert_filename and key_filename will be similar to each other, however the cert_filename will have a .crt extension. | created | string | cert1.crt |
| cert_name | The name of the certificate that the user provided | created | string | cert1 |
| cert_source_path | Path on BIG-IP where the source of the certificate is stored. | created | string | /var/config/rest/downloads/cert1.crt |
| key_checksum | SHA1 checksum of the key that was provided. | changed and created | string | cf23df2207d99a74fbe169e3eba035e633b65d94 |
| key_filename | The name of the SSL certificate key. The key_filename and cert_filename will be similar to each other, however the key_filename will have a .key extension. | created | string | cert1.key |
| key_source_path | Path on BIG-IP where the source of the key is stored | created | string | /var/config/rest/downloads/cert1.key |
Notes
Note
- Requires the f5-sdk Python package on the host. This is as easy as pip install f5-sdk.
- This module does not behave like other modules that you might include in roles where referencing files or templates first looks in the role’s files or templates directory. To have it behave that way, use the Ansible file or template lookup (see Examples). The lookups behave as expected in a role context.
Status
This module is flagged as preview which means that it is not guaranteed to have a backwards compatible interface.
For help in developing on modules, should you be so inclined, please read Community Information & Contributing, Testing Ansible and Developing Modules.
© 2012–2018 Michael DeHaan
© 2018–2019 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/2.4/bigip_ssl_certificate_module.html