bigip_virtual_server – Manage LTM virtual servers on a BIG-IP
bigip_virtual_server – Manage LTM virtual servers on a BIG-IP
New in version 2.1.
Synopsis
- Manage LTM virtual servers on a BIG-IP.
Requirements
The below requirements are needed on the host that executes this module.
- f5-sdk >= 3.0.16
Parameters
Parameter | Choices/Defaults | Comments | |
---|---|---|---|
address_translation boolean added in 2.6 |
|
Specifies, when When This option is useful when the system is load balancing devices that have the same IP address. When creating a new virtual server, the default is | |
default_persistence_profile - |
Default Profile which manages the session persistence. If you want to remove the existing default persistence profile, specify an empty value; When | ||
description - |
Virtual server description. | ||
destination - |
Destination IP of the virtual server. Required when When
| ||
disabled_vlans - added in 2.5 |
List of VLANs to be disabled. If the partition is not specified in the VLAN, then the This parameter is mutually exclusive with the | ||
enabled_vlans - added in 2.2 |
List of VLANs to be enabled. When a VLAN named This parameter is mutually exclusive with the | ||
fallback_persistence_profile - added in 2.3 |
Specifies the persistence profile you want the system to use if it cannot use the specified default persistence profile. If you want to remove the existing fallback persistence profile, specify an empty value; When | ||
firewall_enforced_policy - added in 2.6 |
Applies the specify AFM policy to the virtual in an enforcing way. When creating a new virtual, if this parameter is not specified, the enforced policy is disabled. | ||
firewall_staged_policy - added in 2.6 |
Applies the specify AFM policy to the virtual in an enforcing way. A staged policy shows the results of the policy rules in the log, while not actually applying the rules to traffic. When creating a new virtual, if this parameter is not specified, the staged policy is disabled. | ||
ip_protocol - added in 2.6 |
|
Specifies a network protocol name you want the system to use to direct traffic on this virtual server. When creating a new virtual server, if this parameter is not specified, the default is The Protocol setting is not available when you select Performance (HTTP) as the Type. The value of this argument can be specified in either it's numeric value, or, for convenience, in a select number of named values. Refer to For a list of valid IP protocol numbers, refer to this page https://en.wikipedia.org/wiki/List_of_IP_protocol_numbers When | |
irules - added in 2.2 |
List of rules to be applied in priority order. If you want to remove existing iRules, specify a single empty value; When When When When
| ||
metadata - added in 2.5 |
Arbitrary key/value pairs that you can attach to a pool. This is useful in situations where you might want to annotate a virtual to me managed by Ansible. Key names will be stored as strings; this includes names that are numbers. Values for all of the keys will be stored as strings; this includes values that are numbers. Data will be persisted, not ephemeral. | ||
name - / required |
Virtual server name.
| ||
partition - added in 2.5 |
Default: "Common" |
Device partition to manage resources on. | |
password - / required |
The password for the user account used to connect to the BIG-IP. You may omit this option by setting the environment variable
| ||
policies - |
Specifies the policies for the virtual server. When When When
| ||
pool - |
Default pool for the virtual server. If you want to remove the existing pool, specify an empty value; When creating a new virtual server, and If | ||
port - |
Port of the virtual server. Required when If you do not want to specify a particular port, use the value When When In addition to specifying a port number, a select number of service names may also be provided. The string The string The string The string The string The string The string The string The string The string The string The string | ||
port_translation boolean added in 2.6 |
|
Specifies, when When When creating a new virtual server, the default is | |
profiles - |
List of profiles (HTTP, ClientSSL, ServerSSL, etc) to apply to both sides of the connection (client-side and server-side). If you only want to apply a particular profile to the client-side of the connection, specify If you only want to apply a particular profile to the server-side of the connection, specify If If you want to remove a profile from the list of profiles currently active on the virtual, then simply remove it from the If you want to add a profile to the list of profiles currently active on the virtual, then simply add it to the Profiles matter. This module will fail to configure a BIG-IP if you mix up your profiles, or, if you attempt to set an IP protocol which your current, or new, profiles do not support. Both this module, and BIG-IP, will tell you when you are wrong, with an error resembling If you are unsure what correct profile combinations are, then have a BIG-IP available to you in which you can make changes and copy what the correct combinations are.
| ||
context - |
|
The side of the connection on which the profile should be applied. | |
name - |
Name of the profile. If this is not specified, then it is assumed that the profile item is only a name of a profile. This must be specified if a context is specified. | ||
provider - added in 2.5 |
Default: null |
A dict object containing connection details. | |
password - / required |
The password for the user account used to connect to the BIG-IP. You may omit this option by setting the environment variable
| ||
server - / required |
The BIG-IP host. You may omit this option by setting the environment variable | ||
server_port - |
Default: 443 |
The BIG-IP server port. You may omit this option by setting the environment variable | |
ssh_keyfile - |
Specifies the SSH keyfile to use to authenticate the connection to the remote device. This argument is only used for cli transports. You may omit this option by setting the environment variable | ||
timeout - |
Default: 10 |
Specifies the timeout in seconds for communicating with the network device for either connecting or sending commands. If the timeout is exceeded before the operation is completed, the module will error. | |
transport - / required |
|
Configures the transport connection to use when connecting to the remote device. | |
user - / required |
The username to connect to the BIG-IP with. This user must have administrative privileges on the device. You may omit this option by setting the environment variable | ||
validate_certs boolean |
|
If You may omit this option by setting the environment variable | |
security_log_profiles - added in 2.6 |
Specifies the log profile applied to the virtual server. To make use of this feature, the AFM module must be licensed and provisioned. The | ||
security_nat_policy - added in 2.7 |
Specify the Firewall NAT policies for the virtual server. You can specify one or more NAT policies to use. The most specific policy is used. For example, if you specify that the virtual server use the device policy and the route domain policy, the route domain policy overrides the device policy. | ||
policy - |
Policy to apply a NAT policy directly to the virtual server. The virtual server NAT policy is the most specific, and overrides a route domain and device policy, if specified. To remove the policy, specify an empty string value. | ||
use_device_policy boolean |
|
Specify that the virtual server uses the device NAT policy, as specified in the Firewall Options. The device policy is used if no route domain or virtual server NAT setting is specified. | |
use_route_domain_policy boolean |
|
Specify that the virtual server uses the route domain policy, as specified in the Route Domain Security settings. When specified, the route domain policy overrides the device policy, and is overridden by a virtual server policy. | |
server - / required |
The BIG-IP host. You may omit this option by setting the environment variable | ||
server_port - added in 2.2 |
Default: 443 |
The BIG-IP server port. You may omit this option by setting the environment variable | |
snat - |
Source network address policy. When When When The name of a SNAT pool (eg "/Common/snat_pool_name") can be specified to enable SNAT with the specific pool. To remove SNAT, specify the word To specify automap, use the word | ||
source - added in 2.5 |
Specifies an IP address or network from which the virtual server accepts traffic. The virtual server accepts clients only from one of these IP addresses. For this setting to function effectively, specify a value other than 0.0.0.0/0 or ::/0 (that is, any/0, any6/0). In order to maximize utility of this setting, specify the most specific address prefixes covering all customer addresses and no others. Specify the IP address in Classless Inter-Domain Routing (CIDR) format; address/prefix, where the prefix length is in bits. For example, for IPv4, 10.0.0.1/32 or 10.0.0.0/24, and for IPv6, ffe1::0020/64 or 2001:ed8:77b5:2:10:10:100:42/64. | ||
state - |
|
The virtual server state. If | |
type - added in 2.6 |
|
Specifies the network service provided by this virtual server. When creating a new virtual server, if this parameter is not provided, the default will be This value cannot be changed after it is set. When When When When When When When When When When | |
user - / required |
The username to connect to the BIG-IP with. This user must have administrative privileges on the device. You may omit this option by setting the environment variable | ||
validate_certs boolean added in 2.0 |
|
If You may omit this option by setting the environment variable |
Notes
Note
- For more information on using Ansible to manage F5 Networks devices see https://www.ansible.com/integrations/networks/f5.
- Requires the f5-sdk Python package on the host. This is as easy as
pip install f5-sdk
. - Requires BIG-IP software version >= 12.
- The F5 modules only manipulate the running configuration of the F5 product. To ensure that BIG-IP specific configuration persists to disk, be sure to include at least one task that uses the bigip_config module to save the running configuration. Refer to the module’s documentation for the correct usage of the module to save your running configuration.
Examples
- name: Modify Port of the Virtual Server
bigip_virtual_server:
server: lb.mydomain.net
user: admin
password: secret
state: present
partition: Common
name: my-virtual-server
port: 8080
delegate_to: localhost
- name: Delete virtual server
bigip_virtual_server:
server: lb.mydomain.net
user: admin
password: secret
state: absent
partition: Common
name: my-virtual-server
delegate_to: localhost
- name: Add virtual server
bigip_virtual_server:
server: lb.mydomain.net
user: admin
password: secret
state: present
partition: Common
name: my-virtual-server
destination: 10.10.10.10
port: 443
pool: my-pool
snat: Automap
description: Test Virtual Server
profiles:
- http
- fix
- name: clientssl
context: server-side
- name: ilx
context: client-side
policies:
- my-ltm-policy-for-asm
- ltm-uri-policy
- ltm-policy-2
- ltm-policy-3
enabled_vlans:
- /Common/vlan2
delegate_to: localhost
- name: Add FastL4 virtual server
bigip_virtual_server:
destination: 1.1.1.1
name: fastl4_vs
port: 80
profiles:
- fastL4
state: present
- name: Add iRules to the Virtual Server
bigip_virtual_server:
server: lb.mydomain.net
user: admin
password: secret
name: my-virtual-server
irules:
- irule1
- irule2
delegate_to: localhost
- name: Remove one iRule from the Virtual Server
bigip_virtual_server:
server: lb.mydomain.net
user: admin
password: secret
name: my-virtual-server
irules:
- irule2
delegate_to: localhost
- name: Remove all iRules from the Virtual Server
bigip_virtual_server:
server: lb.mydomain.net
user: admin
password: secret
name: my-virtual-server
irules: ""
delegate_to: localhost
- name: Remove pool from the Virtual Server
bigip_virtual_server:
server: lb.mydomain.net
user: admin
password: secret
name: my-virtual-server
pool: ""
delegate_to: localhost
- name: Add metadata to virtual
bigip_pool:
server: lb.mydomain.com
user: admin
password: secret
state: absent
name: my-pool
partition: Common
metadata:
ansible: 2.4
updated_at: 2017-12-20T17:50:46Z
delegate_to: localhost
- name: Add virtual with two profiles
bigip_pool:
server: lb.mydomain.com
user: admin
password: secret
state: absent
name: my-pool
partition: Common
profiles:
- http
- tcp
delegate_to: localhost
- name: Remove HTTP profile from previous virtual
bigip_pool:
server: lb.mydomain.com
user: admin
password: secret
state: absent
name: my-pool
partition: Common
profiles:
- tcp
delegate_to: localhost
- name: Add the HTTP profile back to the previous virtual
bigip_pool:
server: lb.mydomain.com
user: admin
password: secret
state: absent
name: my-pool
partition: Common
profiles:
- http
- tcp
delegate_to: localhost
Return Values
Common return values are documented here, the following are the fields unique to this module:
Key | Returned | Description |
---|---|---|
address_translation boolean |
changed |
The new value specifying whether address translation is on or off.
Sample: True |
default_persistence_profile string |
changed |
Default persistence profile set on the virtual server.
Sample: /Common/dest_addr |
description string |
changed |
New description of the virtual server.
Sample: This is my description |
destination string |
changed |
Destination of the virtual server.
Sample: 1.1.1.1 |
disabled boolean |
changed |
Whether the virtual server is disabled, or not.
Sample: True |
disabled_vlans list |
changed |
List of VLANs that the virtual is disabled for.
Sample: ['/Common/vlan1', '/Common/vlan2'] |
enabled boolean |
changed |
Whether the virtual server is enabled, or not.
|
enabled_vlans list |
changed |
List of VLANs that the virtual is enabled for.
Sample: ['/Common/vlan5', '/Common/vlan6'] |
fallback_persistence_profile string |
changed |
Fallback persistence profile set on the virtual server.
Sample: /Common/source_addr |
firewall_enforced_policy string |
changed |
The new enforcing firewall policy.
Sample: /Common/my-enforced-fw |
firewall_staged_policy string |
changed |
The new staging firewall policy.
Sample: /Common/my-staged-fw |
ip_protocol integer |
changed |
The new value of the IP protocol.
Sample: 6 |
irules list |
changed |
iRules set on the virtual server.
Sample: ['/Common/irule1', '/Common/irule2'] |
metadata dictionary |
changed |
The new value of the virtual.
Sample: {'key1': 'foo', 'key2': 'bar'} |
policies list |
changed |
List of policies attached to the virtual.
Sample: ['/Common/policy1', '/Common/policy2'] |
pool string |
changed |
Pool that the virtual server is attached to.
Sample: /Common/my-pool |
port integer |
changed |
Port that the virtual server is configured to listen on.
Sample: 80 |
port_translation boolean |
changed |
The new value specifying whether port translation is on or off.
Sample: True |
profiles list |
changed |
List of profiles set on the virtual server.
Sample: [{'name': 'tcp', 'context': 'server-side'}, {'name': 'tcp-legacy', 'context': 'client-side'}] |
security_log_profiles list |
changed |
The new list of security log profiles.
Sample: ['/Common/profile1', '/Common/profile2'] |
snat string |
changed |
SNAT setting of the virtual server.
Sample: Automap |
source string |
changed |
Source address, in CIDR form, set on the virtual server.
Sample: 1.2.3.4/32 |
Status
- This module is not guaranteed to have a backwards compatible interface. [preview]
- This module is maintained by an Ansible Partner. [certified]
Authors
- Tim Rupp (@caphrim007)
© 2012–2018 Michael DeHaan
© 2018–2019 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/2.7/modules/bigip_virtual_server_module.html