f5networks.f5_modules.bigip_device_httpd – Manage HTTPD related settings on a BIG-IP system

Note

This plugin is part of the f5networks.f5_modules collection (version 1.12.0).

You might already have this collection installed if you are using the ansible package. It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it, use: ansible-galaxy collection install f5networks.f5_modules.

To use it in a playbook, specify: f5networks.f5_modules.bigip_device_httpd.

New in version 1.0.0: of f5networks.f5_modules

Synopsis

  • Manages HTTPD related settings on the BIG-IP. These settings are useful when you want to set GUI timeouts and other TMUI related settings.

Requirements

The below requirements are needed on the host that executes this module.

  • requests

Parameters

Parameter Choices/Defaults Comments
allow
list / elements=string
If you have enabled HTTPD access, specifies the IP address or address range for other systems that can communicate with this system.
To specify all addresses, use the value all.
An IP address can be specified, such as 172.27.1.10.
IP ranges can be specified, such as 172.27.*.* or 172.27.0.0/255.255.0.0.
auth_name
string
Sets the BIG-IP authentication realm name.
auth_pam_dashboard_timeout
boolean
    Choices:
  • no
  • yes
Sets whether or not the BIG-IP dashboard will timeout.
auth_pam_idle_timeout
integer
Sets the GUI timeout for automatic logout, in seconds.
auth_pam_validate_ip
boolean
    Choices:
  • no
  • yes
Sets the authPamValidateIp setting.
fast_cgi_timeout
integer
Sets the timeout of FastCGI.
hostname_lookup
boolean
    Choices:
  • no
  • yes
Sets whether or not to display the hostname, if possible.
log_level
string
    Choices:
  • alert
  • crit
  • debug
  • emerg
  • error
  • info
  • notice
  • warn
Sets the minimum HTTPD log level.
max_clients
integer
Sets the maximum number of clients that can connect to the GUI at once.
provider
dictionary
added in 1.0.0 of f5networks.f5_modules
A dict object containing connection details.
auth_provider
string
Configures the auth provider for to obtain authentication tokens from the remote device.
This option is really used when working with BIG-IQ devices.
no_f5_teem
boolean
    Choices:
  • no
  • yes
If yes, TEEM telemetry data is not sent to F5.
You may omit this option by setting the environment variable F5_TELEMETRY_OFF.
Previously used variable F5_TEEM is deprecated as its name was confusing.
password
string / required
The password for the user account used to connect to the BIG-IP.
You may omit this option by setting the environment variable F5_PASSWORD.

aliases: pass, pwd
server
string / required
The BIG-IP host.
You may omit this option by setting the environment variable F5_SERVER.
server_port
integer
Default:
443
The BIG-IP server port.
You may omit this option by setting the environment variable F5_SERVER_PORT.
timeout
integer
Specifies the timeout in seconds for communicating with the network device for either connecting or sending commands. If the timeout is exceeded before the operation is completed, the module will error.
transport
string
    Choices:
  • rest
Configures the transport connection to use when connecting to the remote device.
user
string / required
The username to connect to the BIG-IP with. This user must have administrative privileges on the device.
You may omit this option by setting the environment variable F5_USER.
validate_certs
boolean
    Choices:
  • no
  • yes
If no, SSL certificates are not validated. Use this only on personally controlled sites using self-signed certificates.
You may omit this option by setting the environment variable F5_VALIDATE_CERTS.
redirect_http_to_https
boolean
    Choices:
  • no
  • yes
Whether or not to redirect HTTP requests to the GUI to HTTPS.
ssl_cipher_suite
raw
Specifies the ciphers the system uses.
The values in the suite are separated by colons (:).
Can be specified in either a string or list form. The list form is the recommended way to provide the cipher suite. See examples for usage.
Use the value default to set the cipher suite to the system default. This value is equivalent to specifying a list of ECDHE-RSA-AES128-GCM-SHA256, ECDHE-RSA-AES256-GCM-SHA384,ECDHE-RSA-AES128-SHA,ECDHE-RSA-AES256-SHA, ECDHE-RSA-AES128-SHA256,ECDHE-RSA-AES256-SHA384,ECDHE-ECDSA-AES128-GCM-SHA256, ECDHE-ECDSA-AES256-GCM-SHA384,ECDHE-ECDSA-AES128-SHA,ECDHE-ECDSA-AES256-SHA, ECDHE-ECDSA-AES128-SHA256,ECDHE-ECDSA-AES256-SHA384,AES128-GCM-SHA256, AES256-GCM-SHA384,AES128-SHA,AES256-SHA,AES128-SHA256,AES256-SHA256, ECDHE-RSA-DES-CBC3-SHA,ECDHE-ECDSA-DES-CBC3-SHA,DES-CBC3-SHA.
ssl_port
integer
The HTTPS port on which the system should listen.
ssl_protocols
raw
The list of SSL protocols to accept on the management console.
A space-separated list of tokens in the format accepted by the Apache mod_ssl SSLProtocol directive.
Can be specified in either a string or list form. The list form is the recommended way to provide the cipher suite. See examples for usage.
Use the value default to set the SSL protocols to the system default. This value is equivalent to specifying a list of all,-SSLv2,-SSLv3.

Notes

Note

  • Requires the requests Python package on the host. This is as easy as running pip install requests.
  • For more information on using Ansible to manage F5 Networks devices see https://www.ansible.com/integrations/networks/f5.
  • Requires BIG-IP software version >= 12.
  • The F5 modules only manipulate the running configuration of the F5 product. To ensure that BIG-IP specific configuration persists to disk, be sure to include at least one task that uses the f5networks.f5_modules.bigip_config module to save the running configuration. Refer to the module’s documentation for the correct usage of the module to save your running configuration.

Examples

- name: Set the BIG-IP authentication realm name
  bigip_device_httpd:
    auth_name: BIG-IP
    provider:
      password: secret
      server: lb.mydomain.com
      user: admin
  delegate_to: localhost

- name: Set the auth pam timeout to 3600 seconds
  bigip_device_httpd:
    auth_pam_idle_timeout: 1200
    provider:
      password: secret
      server: lb.mydomain.com
      user: admin
  delegate_to: localhost

- name: Set the validate IP settings
  bigip_device_httpd:
    auth_pam_validate_ip: on
    provider:
      password: secret
      server: lb.mydomain.com
      user: admin
  delegate_to: localhost

- name: Set SSL cipher suite by list
  bigip_device_httpd:
    ssl_cipher_suite:
      - ECDHE-RSA-AES128-GCM-SHA256
      - ECDHE-RSA-AES256-GCM-SHA384
      - ECDHE-RSA-AES128-SHA
      - AES256-SHA256
    provider:
      password: secret
      server: lb.mydomain.com
      user: admin
  delegate_to: localhost

- name: Set SSL cipher suite by string
  bigip_device_httpd:
    ssl_cipher_suite: ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA:AES256-SHA256
    provider:
      password: secret
      server: lb.mydomain.com
      user: admin
  delegate_to: localhost

- name: Set SSL protocols by list
  bigip_device_httpd:
    ssl_protocols:
      - all
      - -SSLv2
      - -SSLv3
    provider:
      password: secret
      server: lb.mydomain.com
      user: admin
  delegate_to: localhost

- name: Set SSL protocols by string
  bigip_device_httpd:
    ssl_protocols: all -SSLv2 -SSLv3
    provider:
      password: secret
      server: lb.mydomain.com
      user: admin
  delegate_to: localhost

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key Returned Description
auth_name
string
changed
The new authentication realm name.

Sample:
foo
auth_pam_dashboard_timeout
boolean
changed
Whether or not the BIG-IP dashboard will timeout.

auth_pam_idle_timeout
string
changed
The new number of seconds for GUI timeout.

Sample:
1200
auth_pam_validate_ip
boolean
changed
The new authPamValidateIp setting.

Sample:
True
fast_cgi_timeout
integer
changed
The new timeout of FastCGI.

Sample:
500
hostname_lookup
boolean
changed
Whether or not to display the hostname, if possible.

Sample:
True
log_level
string
changed
The new minimum HTTPD log level.

Sample:
crit
max_clients
integer
changed
The new maximum number of clients that can connect to the GUI at once.

Sample:
20
redirect_http_to_https
boolean
changed
Whether or not to redirect HTTP requests to the GUI to HTTPS.

Sample:
True
ssl_cipher_suite
string
changed
The new ciphers the system uses.

Sample:
ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA
ssl_cipher_suite_list
string
changed
List of the new ciphers the system uses.

Sample:
['ECDHE-RSA-AES256-GCM-SHA384', 'ECDHE-RSA-AES128-SHA']
ssl_port
integer
changed
The new HTTPS port to listen on.

Sample:
10443
ssl_protocols
string
changed
The new list of SSL protocols to accept on the management console.

Sample:
all -SSLv2 -SSLv3


Authors

  • Joe Reifel (@JoeReifel)
  • Tim Rupp (@caphrim007)

© 2012–2018 Michael DeHaan
© 2018–2021 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/latest/collections/f5networks/f5_modules/bigip_device_httpd_module.html