bigiq_device_discovery – Manage BIG-IP devices through BIG-IQ

From Get docs
Ansible/docs/2.8/modules/bigiq device discovery module


bigiq_device_discovery – Manage BIG-IP devices through BIG-IQ

New in version 2.8.


Synopsis

  • Discovers and imports BIG-IP device configuration on the BIG-IQ.

Parameters

Parameter Choices/Defaults Comments

access_conflict_policy

string

  • use_bigiq
  • use_bigip
  • keep_version

Sets the conflict resolution policy for Access module apm objects, only used when apm module is specified.

access_group_first_device

boolean

  • no
  • yes

Specifies if the imported device is the first device in the access group to import shared configuration for that access group.

access_group_name

string

Access group name to import Access configuration for devices, once set it cannot be changed.

conflict_policy

string

  • use_bigiq

  • use_bigip

Sets the conflict resolution policy for shared objects across BIG-IP devices, except LTM profiles and monitors.

device_address

string / required

The IP address of the BIG-IP device to be imported/managed.

device_conflict_policy

string

  • use_bigiq

  • use_bigip

Sets the conflict resolution policy for objects that are specific to a particular to a BIG-IP device and not shared among BIG-IP devices.

device_password

string

The administrator password for the BIG-IP device.

This parameter is only required when adding a new BIG-IP device to be managed.

device_port

integer

Default:

443

The port on which a device trust setup between BIG-IQ and BIG-IP should happen.

device_username

string

The administrator username for the BIG-IP device.

This parameter is only required when adding a new BIG-IP device to be managed.

force

boolean

  • no

  • yes

Forces rediscovery and import of existing modules on the managed BIG-IP

ha_name

string

DSC cluster name of the BIG-IP device to be managed.

This is optional if the managed device is not a part of a cluster group.

When use_bigiq_sync is set to yes then this parameter becomes mandatory.

modules

list

  • ltm
  • asm
  • apm
  • afm
  • dns
  • websafe
  • security_shared

List of modules to be discovered and imported into the device.

These modules must be provisioned on the target device otherwise operation will fail.

The ltm module must always be specified when performing discovery or re-discovery of the the device.

When asm or afm are specified shared_security module needs to also be declared.

password

string / required

The password for the user account used to connect to the BIG-IP.

You may omit this option by setting the environment variable F5_PASSWORD.


aliases: pass, pwd

provider

dictionary

added in 2.5

A dict object containing connection details.

password

string / required

The password for the user account used to connect to the BIG-IP.

You may omit this option by setting the environment variable F5_PASSWORD.


aliases: pass, pwd

server

string / required

The BIG-IP host.

You may omit this option by setting the environment variable F5_SERVER.

server_port

integer

Default:

443

The BIG-IP server port.

You may omit this option by setting the environment variable F5_SERVER_PORT.

ssh_keyfile

path

Specifies the SSH keyfile to use to authenticate the connection to the remote device. This argument is only used for cli transports.

You may omit this option by setting the environment variable ANSIBLE_NET_SSH_KEYFILE.

timeout

integer

Default:

10

Specifies the timeout in seconds for communicating with the network device for either connecting or sending commands. If the timeout is exceeded before the operation is completed, the module will error.

transport

string

  • cli
  • rest

Configures the transport connection to use when connecting to the remote device.

user

string / required

The username to connect to the BIG-IP with. This user must have administrative privileges on the device.

You may omit this option by setting the environment variable F5_USER.

validate_certs

boolean

  • no
  • yes

If no, SSL certificates are not validated. Use this only on personally controlled sites using self-signed certificates.

You may omit this option by setting the environment variable F5_VALIDATE_CERTS.

server

string / required

The BIG-IP host.

You may omit this option by setting the environment variable F5_SERVER.

server_port

integer

added in 2.2

Default:

443

The BIG-IP server port.

You may omit this option by setting the environment variable F5_SERVER_PORT.

state

string

  • absent
  • present

The state of the managed device on the system.

When present, enables new device addition as well as device rediscovery/import.

When absent, completely removes the device from the system.

statistics

-

Specify the statistics collection for discovered device.

enable

boolean

  • no

  • yes

Enables statistics collection on a device

interval

integer

  • 30
  • 60

  • 120
  • 500

Specify the interval in seconds the data is collected from the discovered device.

stat_modules

list

  • device

  • ltm

  • dns

Default:

["device", "ltm"]

Specifies for which modules the data is being collected.

zone

string

Default:

"default"

Specify in which DCD zone is collecting the data from device.

use_bigiq_sync

boolean

  • no

  • yes

When set to true, BIG-IQ will manually synchronize configuration changes between members in a DSC cluster.

user

string / required

The username to connect to the BIG-IP with. This user must have administrative privileges on the device.

You may omit this option by setting the environment variable F5_USER.

validate_certs

boolean

added in 2.0

  • no
  • yes

If no, SSL certificates are not validated. Use this only on personally controlled sites using self-signed certificates.

You may omit this option by setting the environment variable F5_VALIDATE_CERTS.

versioned_conflict_policy

string

  • use_bigiq
  • use_bigip
  • keep_version

Sets the conflict resolution policy for LTM profile and monitor objects that are specific to a BIG-IP software version.



Notes

Note

  • BIG-IQ >= 6.1.0.
  • This module does not support atomic removal of discovered modules on the device.
  • For more information on using Ansible to manage F5 Networks devices see https://www.ansible.com/integrations/networks/f5.
  • Requires BIG-IP software version >= 12.
  • The F5 modules only manipulate the running configuration of the F5 product. To ensure that BIG-IP specific configuration persists to disk, be sure to include at least one task that uses the bigip_config module to save the running configuration. Refer to the module’s documentation for the correct usage of the module to save your running configuration.


Examples

- name: Discover a new device and import config, use default conflict policy.
  bigiq_device_discovery:
    device_address: 192.168.1.1
    device_username: bigipadmin
    device_password: bigipsecret
    modules:
      - ltm
      - afm
      - shared_security
    provider:
      password: secret
      server: lb.mydomain.com
      user: admin
  delegate_to: localhost

- name: Discover a new device and import config, use non- default conflict policy.
  bigiq_device_discovery:
    device_address: 192.168.1.1
    modules:
      - ltm
      - dns
    conflict_policy: use_bigip
    provider:
      password: secret
      server: lb.mydomain.com
      user: admin
  delegate_to: localhost

- name: Force full device rediscovery
  bigiq_device_discovery:
    device_address: 192.168.1.1
    modules:
      - ltm
      - afm
      - dns
      - shared_security
    force: yes
    provider:
      password: secret
      server: lb.mydomain.com
      user: admin
  delegate_to: localhost

- name: Remove discovered device and its config
  bigiq_device_discovery:
    device_address: 192.168.1.1
    state: absent
    provider:
      password: secret
      server: lb.mydomain.com
      user: admin
  delegate_to: localhost

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key Returned Description

access_conflict_policy

string

changed

Sets the conflict resolution policy for Access module apm objects.


Sample:

keep_version

access_group_first_device

boolean

changed

First device in the access group to import shared configuration for that access group.


Sample:

True

access_group_name

string

changed

Access group name to import Access configuration for devices.


Sample:

foo_group

conflict_policy

string

changed

Sets the conflict resolution policy for shared objects across BIG-IP devices.


Sample:

use_bigip

device_address

string

changed

The IP address of the BIG-IP device to be imported/managed.


Sample:

192.168.1.1

device_conflict_policy

string

changed

Sets the conflict resolution policy for objects that are specific to a particular to a BIG-IP device.


Sample:

use_bigip

device_port

integer

changed

The port on which a device trust setup between BIG-IQ and BIG-IP should happen.


Sample:

10443

ha_name

string

changed

DSC cluster name of the BIG-IP device to be managed.


Sample:

GROUP_1

modules

list

changed

List of modules to be discovered and imported into the device.


Sample:

['ltm', 'dns']

use_bigiq_sync

boolean

changed

Indicate if BIG-IQ should manually synchronise DSC configuration.


Sample:

True

versioned_conflict_policy

string

changed

Sets the conflict resolution policy for LTM profile and monitor objects.


Sample:

keep_version




Status

Authors

  • Wojciech Wypior (@wojtek0806)

Hint

If you notice any issues in this documentation you can edit this document to improve it.


© 2012–2018 Michael DeHaan
© 2018–2019 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/2.8/modules/bigiq_device_discovery_module.html