bigip_virtual_server - Manage LTM virtual servers on a BIG-IP
New in version 2.1.
Synopsis
- Manage LTM virtual servers on a BIG-IP.
Requirements
The below requirements are needed on the host that executes this module.
- f5-sdk >= 3.0.9
- netaddr
Parameters
Parameter | Choices/Defaults | Comments | |
---|---|---|---|
default_persistence_profile | Default Profile which manages the session persistence. If you want to remove the existing default persistence profile, specify an empty value; "" . See the documentation for an example. | ||
description | Virtual server description. | ||
destination required | Destination IP of the virtual server. Required when state is present and virtual server does not exist.aliases: address, ip | ||
disabled_vlans (added in 2.5) | List of VLANs to be disabled. If the partition is not specified in the VLAN, then the partition option of this module will be used.This parameter is mutually exclusive with the enabled_vlans parameters. | ||
enabled_vlans (added in 2.2) | List of VLANs to be enabled. When a VLAN named all is used, all VLANs will be allowed. VLANs can be specified with or without the leading partition. If the partition is not specified in the VLAN, then the partition option of this module will be used.This parameter is mutually exclusive with the disabled_vlans parameter. | ||
fallback_persistence_profile (added in 2.3) | Specifies the persistence profile you want the system to use if it cannot use the specified default persistence profile. If you want to remove the existing fallback persistence profile, specify an empty value; "" . See the documentation for an example. | ||
irules (added in 2.2) | List of rules to be applied in priority order. If you want to remove existing iRules, specify a single empty value; "" . See the documentation for an example.aliases: all_rules | ||
metadata (added in 2.5) | Arbitrary key/value pairs that you can attach to a pool. This is useful in situations where you might want to annotate a virtual to me managed by Ansible. Key names will be stored as strings; this includes names that are numbers. Values for all of the keys will be stored as strings; this includes values that are numbers. Data will be persisted, not ephemeral. | ||
name required | Virtual server name. aliases: vs | ||
partition (added in 2.5) | Default: Common | Device partition to manage resources on. | |
password required | The password for the user account used to connect to the BIG-IP. You can omit this option if the environment variable F5_PASSWORD is set.aliases: pass, pwd | ||
policies | Specifies the policies for the virtual server aliases: all_policies | ||
pool | Default pool for the virtual server. If you want to remove the existing pool, specify an empty value; "" . See the documentation for an example. | ||
port | Port of the virtual server. Required when state is present and virtual server does not exist.If you do not want to specify a particular port, use the value 0 . The result is that the virtual server will listen on any port. | ||
profiles | List of profiles (HTTP, ClientSSL, ServerSSL, etc) to apply to both sides of the connection (client-side and server-side). If you only want to apply a particular profile to the client-side of the connection, specify client-side for the profile's context .If you only want to apply a particular profile to the server-side of the connection, specify server-side for the profile's context .If context is not provided, it will default to all .aliases: all_profiles | ||
name | Name of the profile. If this is not specified, then it is assumed that the profile item is only a name of a profile. This must be specified if a context is specified. | ||
context |
| The side of the connection on which the profile should be applied. | |
provider (added in 2.5) | Default: None | A dict object containing connection details. | |
ssh_keyfile | Specifies the SSH keyfile to use to authenticate the connection to the remote device. This argument is only used for cli transports. If the value is not specified in the task, the value of environment variable ANSIBLE_NET_SSH_KEYFILE will be used instead. | ||
timeout | Default: 10 | Specifies the timeout in seconds for communicating with the network device for either connecting or sending commands. If the timeout is exceeded before the operation is completed, the module will error. | |
server required | The BIG-IP host. You can omit this option if the environment variable F5_SERVER is set. | ||
user required | The username to connect to the BIG-IP with. This user must have administrative privileges on the device. You can omit this option if the environment variable F5_USER is set. | ||
server_port | Default: 443 | The BIG-IP server port. You can omit this option if the environment variable F5_SERVER_PORT is set. | |
password required | The password for the user account used to connect to the BIG-IP. You can omit this option if the environment variable F5_PASSWORD is set.aliases: pass, pwd | ||
validate_certs |
| If no , SSL certificates will not be validated. Use this only on personally controlled sites using self-signed certificates. You can omit this option if the environment variable F5_VALIDATE_CERTS is set. | |
transport required |
| Configures the transport connection to use when connecting to the remote device. | |
server required | The BIG-IP host. You can omit this option if the environment variable F5_SERVER is set. | ||
server_port (added in 2.2) | Default: 443 | The BIG-IP server port. You can omit this option if the environment variable F5_SERVER_PORT is set. | |
snat |
| Source network address policy. | |
source (added in 2.5) | Specifies an IP address or network from which the virtual server accepts traffic. The virtual server accepts clients only from one of these IP addresses. For this setting to function effectively, specify a value other than 0.0.0.0/0 or ::/0 (that is, any/0, any6/0). In order to maximize utility of this setting, specify the most specific address prefixes covering all customer addresses and no others. Specify the IP address in Classless Inter-Domain Routing (CIDR) format; address/prefix, where the prefix length is in bits. For example, for IPv4, 10.0.0.1/32 or 10.0.0.0/24, and for IPv6, ffe1::0020/64 or 2001:ed8:77b5:2:10:10:100:42/64. | ||
state |
| The virtual server state. If absent , delete the virtual server if it exists. present creates the virtual server and enable it. If enabled , enable the virtual server if it exists. If disabled , create the virtual server if needed, and set state to disabled . | |
user required | The username to connect to the BIG-IP with. This user must have administrative privileges on the device. You can omit this option if the environment variable F5_USER is set. | ||
validate_certs (added in 2.0) |
| If no , SSL certificates will not be validated. Use this only on personally controlled sites using self-signed certificates. You can omit this option if the environment variable F5_VALIDATE_CERTS is set. |
Notes
Note
- Requires BIG-IP software version >= 11
- Requires the netaddr Python package on the host. This is as easy as pip install netaddr.
- For more information on using Ansible to manage F5 Networks devices see https://www.ansible.com/integrations/networks/f5.
- Requires the f5-sdk Python package on the host. This is as easy as
pip install f5-sdk
.
Examples
- name: Modify Port of the Virtual Server bigip_virtual_server: server: lb.mydomain.net user: admin password: secret state: present partition: Common name: my-virtual-server port: 8080 delegate_to: localhost - name: Delete virtual server bigip_virtual_server: server: lb.mydomain.net user: admin password: secret state: absent partition: Common name: my-virtual-server delegate_to: localhost - name: Add virtual server bigip_virtual_server: server: lb.mydomain.net user: admin password: secret state: present partition: Common name: my-virtual-server destination: 10.10.10.10 port: 443 pool: my-pool snat: Automap description: Test Virtual Server profiles: - http - fix - name: clientssl context: server-side - name: ilx context: client-side policies: - my-ltm-policy-for-asm - ltm-uri-policy - ltm-policy-2 - ltm-policy-3 enabled_vlans: - /Common/vlan2 delegate_to: localhost - name: Add FastL4 virtual server bigip_virtual_server: destination: 1.1.1.1 name: fastl4_vs port: 80 profiles: - fastL4 state: present - name: Add iRules to the Virtual Server bigip_virtual_server: server: lb.mydomain.net user: admin password: secret name: my-virtual-server irules: - irule1 - irule2 delegate_to: localhost - name: Remove one iRule from the Virtual Server bigip_virtual_server: server: lb.mydomain.net user: admin password: secret name: my-virtual-server irules: - irule2 delegate_to: localhost - name: Remove all iRules from the Virtual Server bigip_virtual_server: server: lb.mydomain.net user: admin password: secret name: my-virtual-server irules: "" delegate_to: localhost - name: Remove pool from the Virtual Server bigip_virtual_server: server: lb.mydomain.net user: admin password: secret name: my-virtual-server pool: "" delegate_to: localhost - name: Add metadata to virtual bigip_pool: server: lb.mydomain.com user: admin password: secret state: absent name: my-pool partition: Common metadata: ansible: 2.4 updated_at: 2017-12-20T17:50:46Z delegate_to: localhost
Return Values
Common return values are documented here, the following are the fields unique to this module:
Key | Returned | Description |
---|---|---|
default_persistence_profile string | changed | Default persistence profile set on the virtual server. Sample: /Common/dest_addr |
description string | changed | New description of the virtual server. Sample: This is my description |
destination string | changed | Destination of the virtual server. Sample: 1.1.1.1 |
disabled bool | changed | Whether the virtual server is disabled, or not. Sample: True |
disabled_vlans list | changed | List of VLANs that the virtual is disabled for. Sample: ['/Common/vlan1', '/Common/vlan2'] |
enabled bool | changed | Whether the virtual server is enabled, or not. |
enabled_vlans list | changed | List of VLANs that the virtual is enabled for. Sample: ['/Common/vlan5', '/Common/vlan6'] |
fallback_persistence_profile string | changed | Fallback persistence profile set on the virtual server. Sample: /Common/source_addr |
irules list | changed | iRules set on the virtual server. Sample: ['/Common/irule1', '/Common/irule2'] |
metadata dict | changed | The new value of the virtual. Sample: {'key2': 'bar', 'key1': 'foo'} |
policies list | changed | List of policies attached to the virtual. Sample: ['/Common/policy1', '/Common/policy2'] |
pool string | changed | Pool that the virtual server is attached to. Sample: /Common/my-pool |
port int | changed | Port that the virtual server is configured to listen on. Sample: 80 |
profiles list | changed | List of profiles set on the virtual server. Sample: [{'name': 'tcp', 'context': 'server-side'}, {'name': 'tcp-legacy', 'context': 'client-side'}] |
snat string | changed | SNAT setting of the virtual server. Sample: Automap |
source string | changed | Source address, in CIDR form, set on the virtual server. Sample: 1.2.3.4/32 |
Status
This module is flagged as preview which means that it is not guaranteed to have a backwards compatible interface.
Author
- Tim Rupp (@caphrim007)
Hint
If you notice any issues in this documentation you can edit this document to improve it.
© 2012–2018 Michael DeHaan
© 2018–2019 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/2.5/modules/bigip_virtual_server_module.html