f5networks.f5_modules.bigip_data_group – Manage data groups on a BIG-IP
Note
This plugin is part of the f5networks.f5_modules collection (version 1.7.1).
To install it use: ansible-galaxy collection install f5networks.f5_modules.
To use it in a playbook, specify: f5networks.f5_modules.bigip_data_group.
New in version 1.0.0: of f5networks.f5_modules
Synopsis
- Allows for managing data groups on a BIG-IP. Data groups provide a way to store collections of values on a BIG-IP for later use in things such as LTM rules, iRules, and ASM policies.
Parameters
| Parameter | Choices/Defaults | Comments | |
|---|---|---|---|
| delete_data_group_file boolean |
| When yes, will ensure the remote data group file is deleted.This parameter is only relevant when state is absent and internal is no. | |
| description string | The description of the data group. | ||
| external_file_name string | When creating a new data group, this specifies the file name you want to give an external data group file on the BIG-IP. This parameter is ignored when internal is yes.This parameter can be used to select an existing data group file to use with an existing external data group. If this value is not provided, it will be given the value specified in name and, therefore, match the name of the data group.This value may only contain letters, numbers, underscores, dashes, or a period. | ||
| internal boolean |
| The type of this data group. You should only consider setting this value in cases where you know exactly what you are doing, or, you are working with a pre-existing internal data group. Be aware that if you deliberately force this parameter to yes, and you have a either a large number of records or a large total records size, this large amount of data will be reflected in your BIG-IP configuration. This can lead to long system configuration load times due to parsing and verifying the large configuration.There is a limit of either 4 megabytes or 65,000 records (whichever is more restrictive) for uploads when this parameter is yes.This value cannot be changed once the data group is created. | |
| name string / required | Specifies the name of the data group. | ||
| partition string | Default: "Common" | Device partition to manage resources on. | |
| provider dictionary added in 1.0.0 of f5networks.f5_modules | A dict object containing connection details. | ||
| auth_provider string | Configures the auth provider for to obtain authentication tokens from the remote device. This option is really used when working with BIG-IQ devices. | ||
| no_f5_teem boolean |
| If yes, TEEM telemetry data is not sent to F5.You may omit this option by setting the environment variable F5_TEEM. | |
| password string / required | The password for the user account used to connect to the BIG-IP. You may omit this option by setting the environment variable F5_PASSWORD.aliases: pass, pwd | ||
| server string / required | The BIG-IP host. You may omit this option by setting the environment variable F5_SERVER. | ||
| server_port integer | Default: 443 | The BIG-IP server port. You may omit this option by setting the environment variable F5_SERVER_PORT. | |
| timeout integer | Specifies the timeout in seconds for communicating with the network device for either connecting or sending commands. If the timeout is exceeded before the operation is completed, the module will error. | ||
| transport string |
| Configures the transport connection to use when connecting to the remote device. | |
| user string / required | The username to connect to the BIG-IP with. This user must have administrative privileges on the device. You may omit this option by setting the environment variable F5_USER. | ||
| validate_certs boolean |
| If no, SSL certificates are not validated. Use this only on personally controlled sites using self-signed certificates.You may omit this option by setting the environment variable F5_VALIDATE_CERTS. | |
| records list / elements=raw | Specifies the records you want to add to a data group. If you have a large number of records, we recommend you use records_src instead of typing all those records here.The technical limit of either 1. the number of records, or 2. the total size of all records, varies with the size of the total resources on your system; in particular, RAM. When internal is no, at least one record must be specified in either records or records_src.When type is: ip, address, addr if the addresses use a non-default route domain, they must be explicit about it, meaning they must contain a route domain notation % e.g. 10.10.1.1%11. This is true regardless if the data group resides in a partition or not. | ||
| key string / required | The key describing the record in the data group. The key will be used for validation of the type parameter to this module. | ||
| value raw | The value of the key describing the record in the data group. | ||
| records_src path | Path to a file with records in it. The file should be well-formed. This means that it includes records, one per line, that resemble the following format "key separator value". For example, foo := bar.BIG-IP is strict about this format, but this module is a bit more lax. It will allow you to include arbitrary amounts (including none) of empty space on either side of the separator. For an illustration of this, see the Examples section. Record keys are limited in length to no more than 65520 characters. Values of record keys are limited in length to no more than 65520 characters. The total number of records you can have in your BIG-IP is limited by the memory of the BIG-IP itself. The format of this content is slightly different depending on whether you specify a type of address, integer, or string. See the examples section for examples of the different types of payload formats that are expected in your data group file.When internal is no, at least one record must be specified in either records or records_src. | ||
| separator string | Default: ":=" | When specifying records_src, this is the string of characters that will be used to break apart entries in the records_src into key/value pairs.By default, the value of this parameter is :=.This value cannot be changed once it is set. This parameter is only relevant when internal is no. It will be ignored otherwise. | |
| state string |
| When state is present, ensures the data group exists.When state is absent, ensures the data group is removed.The use of state in this module refers to the entire data group, not its members. | |
| type string |
| The type of records in this data group. This parameter is especially important because it causes BIG-IP to store your data in different ways to optimize access to it. For example, it would be wrong to specify a list of records containing IP addresses, but label them as a string type.This value cannot be changed once the data group is created. | |
Notes
Note
- This module does NOT support atomic updates of data group members in a type
internaldata group. - For more information on using Ansible to manage F5 Networks devices see https://www.ansible.com/integrations/networks/f5.
- Requires BIG-IP software version >= 12.
- The F5 modules only manipulate the running configuration of the F5 product. To ensure that BIG-IP specific configuration persists to disk, be sure to include at least one task that uses the f5networks.f5_modules.bigip_config module to save the running configuration. Refer to the module’s documentation for the correct usage of the module to save your running configuration.
Examples
- name: Create a data group of addresses
bigip_data_group:
name: foo
internal: yes
records:
- key: 0.0.0.0/32
value: External_NAT
- key: 10.10.10.10
value: No_NAT
type: address
provider:
password: secret
server: lb.mydomain.com
user: admin
delegate_to: localhost
- name: Create a data group of strings
bigip_data_group:
name: foo
internal: yes
records:
- key: caddy
value: ""
- key: cafeteria
value: ""
- key: cactus
value: ""
type: str
provider:
password: secret
server: lb.mydomain.com
user: admin
delegate_to: localhost
- name: Create a data group of IP addresses from a file
bigip_data_group:
name: foo
records_src: /path/to/dg-file
type: address
provider:
password: secret
server: lb.mydomain.com
user: admin
delegate_to: localhost
- name: Update an existing internal data group of strings
bigip_data_group:
name: foo
internal: yes
records:
- key: caddy
value: ""
- key: cafeteria
value: ""
- key: cactus
value: ""
provider:
password: secret
server: lb.mydomain.com
user: admin
delegate_to: localhost
- name: Show the data format expected for records_content - address 1
copy:
dest: /path/to/addresses.txt
content: |
network 10.0.0.0 prefixlen 8 := "Network1",
network 172.16.0.0 prefixlen 12 := "Network2",
network 192.168.0.0 prefixlen 16 := "Network3",
network 2402:9400:1000:0:: prefixlen 64 := "Network4",
host 192.168.20.1 := "Host1",
host 172.16.1.1 := "Host2",
host 172.16.1.1 := "Host3",
host 2001:0db8:85a3:0000:0000:8a2e:0370:7334 := "Host4",
host 2001:0db8:85a3:0000:0000:8a2e:0370:7334 := "Host5"
- name: Show the data format expected for records_content - address 2
copy:
dest: /path/to/addresses.txt
content: |
10.0.0.0/8 := "Network1",
172.16.0.0/12 := "Network2",
192.168.0.0/16 := "Network3",
2402:9400:1000:0::/64 := "Network4",
192.168.20.1 := "Host1",
172.16.1.1 := "Host2",
172.16.1.1/32 := "Host3",
2001:0db8:85a3:0000:0000:8a2e:0370:7334 := "Host4",
2001:0db8:85a3:0000:0000:8a2e:0370:7334/128 := "Host5"
- name: Show the data format expected for records_content - string
copy:
dest: /path/to/strings.txt
content: |
a := alpha,
b := bravo,
c := charlie,
x := x-ray,
y := yankee,
z := zulu,
- name: Show the data format expected for records_content - integer
copy:
dest: /path/to/integers.txt
content: |
1 := bar,
2 := baz,
3,
4,
Authors
- Tim Rupp (@caphrim007)
- Wojciech Wypior (@wojtek0806)
- Greg Crosby (@crosbygw)
© 2012–2018 Michael DeHaan
© 2018–2021 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/2.11/collections/f5networks/f5_modules/bigip_data_group_module.html