bigip_device_httpd - Manage HTTPD related settings on BIG-IP

Synopsis

  • Manages HTTPD related settings on the BIG-IP. These settings are interesting to change when you want to set GUI timeouts and other TMUI related settings.

Requirements

The below requirements are needed on the host that executes this module.

  • f5-sdk >= 3.0.9
  • requests

Parameters

Parameter Choices/Defaults Comments
allow
Specifies, if you have enabled HTTPD access, the IP address or address range for other systems that can communicate with this system.
To specify all addresses, use the value all.
IP address can be specified, such as 172.27.1.10.
IP rangees can be specified, such as 172.27.*.* or 172.27.0.0/255.255.0.0.
auth_name
Sets the BIG-IP authentication realm name.
auth_pam_dashboard_timeout
bool
    Choices:
  • no
  • yes
Sets whether or not the BIG-IP dashboard will timeout.
auth_pam_idle_timeout
Sets the GUI timeout for automatic logout, in seconds.
auth_pam_validate_ip
bool
    Choices:
  • no
  • yes
Sets the authPamValidateIp setting.
fast_cgi_timeout
Sets the timeout of FastCGI.
hostname_lookup
bool
    Choices:
  • no
  • yes
Sets whether or not to display the hostname, if possible.
log_level
    Choices:
  • alert
  • crit
  • debug
  • emerg
  • error
  • info
  • notice
  • warn
Sets the minimum httpd log level.
max_clients
Sets the maximum number of clients that can connect to the GUI at once.
password
required
The password for the user account used to connect to the BIG-IP. You can omit this option if the environment variable F5_PASSWORD is set.

aliases: pass, pwd
provider
(added in 2.5)
A dict object containing connection details.
password
required
The password for the user account used to connect to the BIG-IP. You can omit this option if the environment variable F5_PASSWORD is set.

aliases: pass, pwd
server
required
The BIG-IP host. You can omit this option if the environment variable F5_SERVER is set.
server_port Default:
443
The BIG-IP server port. You can omit this option if the environment variable F5_SERVER_PORT is set.
user
required
The username to connect to the BIG-IP with. This user must have administrative privileges on the device. You can omit this option if the environment variable F5_USER is set.
validate_certs
bool
    Choices:
  • no
  • yes
If no, SSL certificates will not be validated. Use this only on personally controlled sites using self-signed certificates. You can omit this option if the environment variable F5_VALIDATE_CERTS is set.
timeout Default:
10
Specifies the timeout in seconds for communicating with the network device for either connecting or sending commands. If the timeout is exceeded before the operation is completed, the module will error.
ssh_keyfile
Specifies the SSH keyfile to use to authenticate the connection to the remote device. This argument is only used for cli transports. If the value is not specified in the task, the value of environment variable ANSIBLE_NET_SSH_KEYFILE will be used instead.
transport
required
    Choices:
  • rest
  • cli
Configures the transport connection to use when connecting to the remote device.
redirect_http_to_https
bool
    Choices:
  • no
  • yes
Whether or not to redirect http requests to the GUI to https.
server
required
The BIG-IP host. You can omit this option if the environment variable F5_SERVER is set.
server_port
(added in 2.2)
 Default:
443
The BIG-IP server port. You can omit this option if the environment variable F5_SERVER_PORT is set.
ssl_cipher_suite
(added in 2.6)
Specifies the ciphers that the system uses.
The values in the suite are separated by colons (:).
Can be specified in either a string or list form. The list form is the recommended way to provide the cipher suite. See examples for usage.
Use the value default to set the cipher suite to the system default. This value is equivalent to specifying a list of ECDHE-RSA-AES128-GCM-SHA256, ECDHE-RSA-AES256-GCM-SHA384,ECDHE-RSA-AES128-SHA,ECDHE-RSA-AES256-SHA, ECDHE-RSA-AES128-SHA256,ECDHE-RSA-AES256-SHA384,ECDHE-ECDSA-AES128-GCM-SHA256, ECDHE-ECDSA-AES256-GCM-SHA384,ECDHE-ECDSA-AES128-SHA,ECDHE-ECDSA-AES256-SHA, ECDHE-ECDSA-AES128-SHA256,ECDHE-ECDSA-AES256-SHA384,AES128-GCM-SHA256, AES256-GCM-SHA384,AES128-SHA,AES256-SHA,AES128-SHA256,AES256-SHA256, ECDHE-RSA-DES-CBC3-SHA,ECDHE-ECDSA-DES-CBC3-SHA,DES-CBC3-SHA.
ssl_port
The HTTPS port to listen on.
ssl_protocols
(added in 2.6)
The list of SSL protocols to accept on the management console.
A space-separated list of tokens in the format accepted by the Apache mod_ssl SSLProtocol directive.
Can be specified in either a string or list form. The list form is the recommended way to provide the cipher suite. See examples for usage.
Use the value default to set the SSL protocols to the system default. This value is equivalent to specifying a list of all,-SSLv2,-SSLv3.
user
required
The username to connect to the BIG-IP with. This user must have administrative privileges on the device. You can omit this option if the environment variable F5_USER is set.
validate_certs
bool

(added in 2.0)
    Choices:
  • no
  • yes
If no, SSL certificates will not be validated. Use this only on personally controlled sites using self-signed certificates. You can omit this option if the environment variable F5_VALIDATE_CERTS is set.

Notes

Note

  • Requires the requests Python package on the host. This is as easy as pip install requests.
  • For more information on using Ansible to manage F5 Networks devices see https://www.ansible.com/integrations/networks/f5.
  • Requires the f5-sdk Python package on the host. This is as easy as pip install f5-sdk.

Examples

- name: Set the BIG-IP authentication realm name
  bigip_device_httpd:
    auth_name: BIG-IP
    password: secret
    server: lb.mydomain.com
    user: admin
  delegate_to: localhost

- name: Set the auth pam timeout to 3600 seconds
  bigip_device_httpd:
    auth_pam_idle_timeout: 1200
    password: secret
    server: lb.mydomain.com
    user: admin
  delegate_to: localhost

- name: Set the validate IP settings
  bigip_device_httpd:
    auth_pam_validate_ip: on
    password: secret
    server: lb.mydomain.com
    user: admin
  delegate_to: localhost

- name: Set SSL cipher suite by list
  bigip_device_httpd:
    password: secret
    server: lb.mydomain.com
    user: admin
    ssl_cipher_suite:
      - ECDHE-RSA-AES128-GCM-SHA256
      - ECDHE-RSA-AES256-GCM-SHA384
      - ECDHE-RSA-AES128-SHA
      - AES256-SHA256
  delegate_to: localhost

- name: Set SSL cipher suite by string
  bigip_device_httpd:
    password: secret
    server: lb.mydomain.com
    user: admin
    ssl_cipher_suite: ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA:AES256-SHA256
  delegate_to: localhost

- name: Set SSL protocols by list
  bigip_device_httpd:
    password: secret
    server: lb.mydomain.com
    user: admin
    ssl_protocols:
      - all
      - -SSLv2
      - -SSLv3
  delegate_to: localhost

- name: Set SSL protocols by string
  bigip_device_httpd:
    password: secret
    server: lb.mydomain.com
    user: admin
    ssl_cipher_suite: all -SSLv2 -SSLv3
  delegate_to: localhost

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key Returned Description
auth_name
string
 changed
The new authentication realm name.

Sample:
foo
auth_pam_dashboard_timeout
bool
 changed
Whether or not the BIG-IP dashboard will timeout.
auth_pam_idle_timeout
string
 changed
The new number of seconds for GUI timeout.

Sample:
1200
auth_pam_validate_ip
bool
 changed
The new authPamValidateIp setting.

Sample:
True
fast_cgi_timeout
int
 changed
The new timeout of FastCGI.

Sample:
500
hostname_lookup
bool
 changed
Whether or not to display the hostname, if possible.

Sample:
True
log_level
string
 changed
The new minimum httpd log level.

Sample:
crit
max_clients
int
 changed
The new maximum number of clients that can connect to the GUI at once.

Sample:
20
redirect_http_to_https
bool
 changed
Whether or not to redirect http requests to the GUI to https.

Sample:
True
ssl_cipher_suite
string
 changed
The new ciphers that the system uses.

Sample:
ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA
ssl_port
int
 changed
The new HTTPS port to listen on.

Sample:
10443
ssl_protocols
string
 changed
The new list of SSL protocols to accept on the management console.

Sample:
all -SSLv2 -SSLv3


Status

This module is flagged as stableinterface which means that the maintainers for this module guarantee that no backward incompatible interface changes will be made.

Maintenance

This module is flagged as community which means that it is maintained by the Ansible Community. See Module Maintenance & Support for more info.

For a list of other modules that are also maintained by the Ansible Community, see here.

Author

  • Joe Reifel (@JoeReifel)
  • Tim Rupp (@caphrim007)

Hint

If you notice any issues in this documentation you can edit this document to improve it.

© 2012–2018 Michael DeHaan
© 2018–2019 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/2.6/modules/bigip_device_httpd_module.html