W3cubDocs

/Ansible

bigip_selfip - Manage Self-IPs on a BIG-IP system

New in version 2.2.

Synopsis
Requirements (on host that executes module)
Options
Examples
Return Values
Notes
This is an Extras Module

Synopsis

Manage Self-IPs on a BIG-IP system

Requirements (on host that executes module)

netaddr
f5-sdk

Options

parameter	required	default	choices	comments
address	no			The IP addresses for the new self IP. This value is ignored upon update as addresses themselves cannot be changed after they are created.
allow_service	no			Configure port lockdown for the Self IP. By default, the Self IP has a "default deny" policy. This can be changed to allow TCP and UDP ports as well as specific protocols. This list should contain `protocol`:`port` values.
name	yes	Value of C(address)		The self IP to create.
netmask	yes			The netmasks for the self IP.
password	yes			The password for the user account used to connect to the BIG-IP.
route_domain (added in 2.3)	no	none		The route domain id of the system. If none, id of the route domain will be "0" (default route domain)
server	yes			The BIG-IP host.
server_port (added in 2.2)	no	443		The BIG-IP server port.
state	no	present	absent present	The state of the variable on the system. When `present`, guarantees that the Self-IP exists with the provided attributes. When `absent`, removes the Self-IP from the system.
traffic_group	no			The traffic group for the self IP addresses in an active-active, redundant load balancer configuration.
user	yes			The username to connect to the BIG-IP with. This user must have administrative privileges on the device.
validate_certs (added in 2.0)	no	True	True False	If `no`, SSL certificates will not be validated. This should only be used on personally controlled sites using self-signed certificates.
vlan	yes			The VLAN that the new self IPs will be on.

Examples

- name: Create Self IP
  bigip_selfip:
      address: "10.10.10.10"
      name: "self1"
      netmask: "255.255.255.0"
      password: "secret"
      server: "lb.mydomain.com"
      user: "admin"
      validate_certs: "no"
      vlan: "vlan1"
  delegate_to: localhost

- name: Create Self IP with a Route Domain
  bigip_selfip:
      server: "lb.mydomain.com"
      user: "admin"
      password: "secret"
      validate_certs: "no"
      name: "self1"
      address: "10.10.10.10"
      netmask: "255.255.255.0"
      vlan: "vlan1"
      route_domain: "10"
      allow_service: "default"
  delegate_to: localhost

- name: Delete Self IP
  bigip_selfip:
      name: "self1"
      password: "secret"
      server: "lb.mydomain.com"
      state: "absent"
      user: "admin"
      validate_certs: "no"
  delegate_to: localhost

- name: Allow management web UI to be accessed on this Self IP
  bigip_selfip:
      name: "self1"
      password: "secret"
      server: "lb.mydomain.com"
      state: "absent"
      user: "admin"
      validate_certs: "no"
      allow_service:
          - "tcp:443"
  delegate_to: localhost

- name: Allow HTTPS and SSH access to this Self IP
  bigip_selfip:
      name: "self1"
      password: "secret"
      server: "lb.mydomain.com"
      state: "absent"
      user: "admin"
      validate_certs: "no"
      allow_service:
          - "tcp:443"
          - "tpc:22"
  delegate_to: localhost

- name: Allow all services access to this Self IP
  bigip_selfip:
      name: "self1"
      password: "secret"
      server: "lb.mydomain.com"
      state: "absent"
      user: "admin"
      validate_certs: "no"
      allow_service:
          - all
  delegate_to: localhost

- name: Allow only GRE and IGMP protocols access to this Self IP
  bigip_selfip:
      name: "self1"
      password: "secret"
      server: "lb.mydomain.com"
      state: "absent"
      user: "admin"
      validate_certs: "no"
      allow_service:
          - gre:0
          - igmp:0
  delegate_to: localhost

- name: Allow all TCP, but no other protocols access to this Self IP
  bigip_selfip:
      name: "self1"
      password: "secret"
      server: "lb.mydomain.com"
      state: "absent"
      user: "admin"
      validate_certs: "no"
      allow_service:
          - tcp:0
  delegate_to: localhost

Return Values

Common return values are documented here Common Return Values, the following are the fields unique to this module:

name	description	returned	type	sample
netmask	The netmask of the Self IP	['changed', 'created']	string	255.255.255.0
name	The name of the Self IP	['created', 'changed', 'deleted']	string	self1
address	The address for the Self IP	created	string	192.0.2.10
traffic_group	The traffic group that the Self IP is a member of		string	traffic-group-local-only
vlan	The VLAN set on the Self IP		string	vlan1
allow_service	Services that allowed via this Self IP	changed	list	['igmp:0', 'tcp:22', 'udp:53']

Notes

Note

Requires the f5-sdk Python package on the host. This is as easy as pip install f5-sdk.

Note

Requires the netaddr Python package on the host.

This is an Extras Module

For more information on what this means please read Extras Modules

For help in developing on modules, should you be so inclined, please read Community Information & Contributing, developing_test_pr and Developing Modules.

© 2012–2016 Michael DeHaan
© 2016 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/bigip_selfip_module.html