New in version 2.2.
This module will import/delete SSL certificates on BIG-IP LTM. Certificates can be imported from certificate and key files on the local disk, in PEM format.
| parameter | required | default | choices | comments |
|---|---|---|---|---|
| cert_content | no | When used instead of 'cert_src', sets the contents of a certificate directly to the specified value. This is used with lookup plugins or for anything with formatting or templating. Either one of key_src, key_content, cert_src or cert_content must be provided when state is present. |
||
| cert_src | no | This is the local filename of the certificate. Either one of key_src, key_content, cert_src or cert_content must be provided when state is present. |
||
| key_content | no | When used instead of 'key_src', sets the contents of a certificate key directly to the specified value. This is used with lookup plugins or for anything with formatting or templating. Either one of key_src, key_content, cert_src or cert_content must be provided when state is present. |
||
| key_src | no | This is the local filename of the private key. Either one of key_src, key_content, cert_src or cert_content must be provided when state is present. |
||
| name | yes | SSL Certificate Name. This is the cert/key pair name used when importing a certificate/key into the F5. It also determines the filenames of the objects on the LTM (:Partition:name.cer_11111_1 and :Partition_name.key_11111_1). |
||
| partition | no | Common | BIG-IP partition to use when adding/deleting certificate. |
|
| passphrase | no | Passphrase on certificate private key |
||
| password | yes | The password for the user account used to connect to the BIG-IP. |
||
| server | yes | The BIG-IP host. |
||
| server_port (added in 2.2)
| no | 443 | The BIG-IP server port. |
|
| state | yes | present |
| Certificate and key state. This determines if the provided certificate and key is to be made present on the device or absent. |
| user | yes | The username to connect to the BIG-IP with. This user must have administrative privileges on the device. |
||
| validate_certs (added in 2.0)
| no | True |
| If no, SSL certificates will not be validated. This should only be used on personally controlled sites using self-signed certificates. |
- name: Import PEM Certificate from local disk
bigip_ssl_certificate:
name: "certificate-name"
server: "lb.mydomain.com"
user: "admin"
password: "secret"
state: "present"
cert_src: "/path/to/cert.crt"
key_src: "/path/to/key.key"
delegate_to: localhost
- name: Use a file lookup to import PEM Certificate
bigip_ssl_certificate:
name: "certificate-name"
server: "lb.mydomain.com"
user: "admin"
password: "secret"
state: "present"
cert_content: "{{ lookup('file', '/path/to/cert.crt') }}"
key_content: "{{ lookup('file', '/path/to/key.key') }}"
delegate_to: localhost
- name: "Delete Certificate"
bigip_ssl_certificate:
name: "certificate-name"
server: "lb.mydomain.com"
user: "admin"
password: "secret"
state: "absent"
delegate_to: localhost
Common return values are documented here Common Return Values, the following are the fields unique to this module:
| name | description | returned | type | sample |
|---|---|---|---|---|
| cert_checksum | SHA1 checksum of the cert that was provided | string | f7ff9e8b7bb2e09b70935a5d785e0cc5d9d0abf0 | |
| partition | Partition in which the cert/key was created | ['changed', 'created', 'deleted'] | string | Common |
| cert_name | The name of the SSL certificate. The C(cert_name) and C(key_name) will be equal to each other. | ['created', 'changed', 'deleted'] | string | cert1 |
| key_checksum | SHA1 checksum of the key that was provided | string | cf23df2207d99a74fbe169e3eba035e633b65d94 | |
| key_name | The name of the SSL certificate key. The C(key_name) and C(cert_name) will be equal to each other. | ['created', 'changed', 'deleted'] | string | key1 |
Note
Requires the f5-sdk Python package on the host. This is as easy as pip install f5-sdk.
Note
Requires the netaddr Python package on the host.
Note
If you use this module, you will not be able to remove the certificates and keys that are managed, via the web UI. You can only remove them via tmsh or these modules.
For more information on what this means please read Extras Modules
For help in developing on modules, should you be so inclined, please read Community Information & Contributing, developing_test_pr and Developing Modules.
© 2012–2016 Michael DeHaan
© 2016 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/bigip_ssl_certificate_module.html