bigip_selfip - Manage Self-IPs on a BIG-IP system

New in version 2.2.

Synopsis
Requirements (on host that executes module)
Options
Examples
Return Values
Notes
- Status

Synopsis

Manage Self-IPs on a BIG-IP system

Requirements (on host that executes module)

netaddr
f5-sdk

Options

parameter	required	default	choices	comments
address	no			The IP addresses for the new self IP. This value is ignored upon update as addresses themselves cannot be changed after they are created.
allow_service	no			Configure port lockdown for the Self IP. By default, the Self IP has a "default deny" policy. This can be changed to allow TCP and UDP ports as well as specific protocols. This list should contain `protocol`:`port` values.
name	yes	Value of C(address)		The self IP to create.
netmask	yes			The netmasks for the self IP.
password	yes			The password for the user account used to connect to the BIG-IP. This option can be omitted if the environment variable `F5_PASSWORD` is set.
route_domain (added in 2.3)	no	none		The route domain id of the system. If none, id of the route domain will be "0" (default route domain)
server	yes			The BIG-IP host. This option can be omitted if the environment variable `F5_SERVER` is set.
server_port (added in 2.2)	no	443		The BIG-IP server port. This option can be omitted if the environment variable `F5_SERVER_PORT` is set.
state	no	present	absent present	The state of the variable on the system. When `present`, guarantees that the Self-IP exists with the provided attributes. When `absent`, removes the Self-IP from the system.
traffic_group	no			The traffic group for the self IP addresses in an active-active, redundant load balancer configuration.
user	yes			The username to connect to the BIG-IP with. This user must have administrative privileges on the device. This option can be omitted if the environment variable `F5_USER` is set.
validate_certs (added in 2.0)	no	True	True False	If `no`, SSL certificates will not be validated. This should only be used on personally controlled sites using self-signed certificates. This option can be omitted if the environment variable `F5_VALIDATE_CERTS` is set.
vlan	yes			The VLAN that the new self IPs will be on.

Examples

- name: Create Self IP
  bigip_selfip:
      address: "10.10.10.10"
      name: "self1"
      netmask: "255.255.255.0"
      password: "secret"
      server: "lb.mydomain.com"
      user: "admin"
      validate_certs: "no"
      vlan: "vlan1"
  delegate_to: localhost

- name: Create Self IP with a Route Domain
  bigip_selfip:
      server: "lb.mydomain.com"
      user: "admin"
      password: "secret"
      validate_certs: "no"
      name: "self1"
      address: "10.10.10.10"
      netmask: "255.255.255.0"
      vlan: "vlan1"
      route_domain: "10"
      allow_service: "default"
  delegate_to: localhost

- name: Delete Self IP
  bigip_selfip:
      name: "self1"
      password: "secret"
      server: "lb.mydomain.com"
      state: "absent"
      user: "admin"
      validate_certs: "no"
  delegate_to: localhost

- name: Allow management web UI to be accessed on this Self IP
  bigip_selfip:
      name: "self1"
      password: "secret"
      server: "lb.mydomain.com"
      state: "absent"
      user: "admin"
      validate_certs: "no"
      allow_service:
          - "tcp:443"
  delegate_to: localhost

- name: Allow HTTPS and SSH access to this Self IP
  bigip_selfip:
      name: "self1"
      password: "secret"
      server: "lb.mydomain.com"
      state: "absent"
      user: "admin"
      validate_certs: "no"
      allow_service:
          - "tcp:443"
          - "tpc:22"
  delegate_to: localhost

- name: Allow all services access to this Self IP
  bigip_selfip:
      name: "self1"
      password: "secret"
      server: "lb.mydomain.com"
      state: "absent"
      user: "admin"
      validate_certs: "no"
      allow_service:
          - all
  delegate_to: localhost

- name: Allow only GRE and IGMP protocols access to this Self IP
  bigip_selfip:
      name: "self1"
      password: "secret"
      server: "lb.mydomain.com"
      state: "absent"
      user: "admin"
      validate_certs: "no"
      allow_service:
          - gre:0
          - igmp:0
  delegate_to: localhost

- name: Allow all TCP, but no other protocols access to this Self IP
  bigip_selfip:
      name: "self1"
      password: "secret"
      server: "lb.mydomain.com"
      state: "absent"
      user: "admin"
      validate_certs: "no"
      allow_service:
          - tcp:0
  delegate_to: localhost

Return Values

Common return values are documented here Return Values, the following are the fields unique to this module:

name	description	returned	type	sample
address	The address for the Self IP	created	string	192.0.2.10
allow_service	Services that allowed via this Self IP	changed	list	['igmp:0', 'tcp:22', 'udp:53']
name	The name of the Self IP	created, changed or deleted	string	self1
netmask	The netmask of the Self IP	created or changed	string	255.255.255.0
traffic_group	The traffic group that the Self IP is a member of	changed or created	string	traffic-group-local-only
vlan	The VLAN set on the Self IP	created or changed	string	vlan1

Notes

Note

Requires the f5-sdk Python package on the host. This is as easy as pip install f5-sdk.
Requires the netaddr Python package on the host.

Status

This module is flagged as preview which means that it is not guaranteed to have a backwards compatible interface.

For help in developing on modules, should you be so inclined, please read Community Information & Contributing, Testing Ansible and Developing Modules.

© 2012–2018 Michael DeHaan
© 2018–2019 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/2.4/bigip_selfip_module.html