bigip_data_group - Manage data groups on a BIG-IP

New in version 2.6.

Synopsis
- Requirements
Parameters
Notes
Examples
Status
Maintenance
- Author

Synopsis

Allows for managing data groups on a BIG-IP. Data groups provide a way to store collections of values on a BIG-IP for later use in things such as LTM rules, iRules, and ASM policies.

Requirements

The below requirements are needed on the host that executes this module.

f5-sdk >= 3.0.9

Parameters

Parameter		Choices/Defaults	Comments
delete_data_group_file bool		Choices: no ← yes	When `yes`, will ensure that the remote data group file is deleted. This parameter is only relevant when `state` is `absent` and `internal` is `no`.
external_file_name			When creating a new data group, this specifies the file name that you want to give an external data group file on the BIG-IP. This parameter is ignored when `internal` is `yes`. This parameter can be used to select an existing data group file to use with an existing external data group. If this value is not provided, it will be given the value specified in `name` and, therefore, match the name of the data group. This value may only contain letters, numbers, underscores, dashes, or a period.
internal bool		Choices: no ← yes	The type of this data group. You should only consider setting this value in cases where you know exactly what you're doing, or, you are working with a pre-existing internal data group. Be aware that if you deliberately force this parameter to `yes`, and you have a either a large number of records or a large total records size, this large amount of data will be reflected in your BIG-IP configuration. This can lead to long system configuration load times due to needing to parse and verify the large configuration. There is a limit of either 4 megabytes or 65,000 records (whichever is more restrictive) for uploads when this parameter is `yes`. This value cannot be changed once the data group is created.
name required			Specifies the name of the data group.
partition		Default: "Common"	Device partition to manage resources on.
password required			The password for the user account used to connect to the BIG-IP. You can omit this option if the environment variable `F5_PASSWORD` is set. aliases: pass, pwd
provider (added in 2.5)			A dict object containing connection details.
	password required		The password for the user account used to connect to the BIG-IP. You can omit this option if the environment variable `F5_PASSWORD` is set. aliases: pass, pwd
	server required		The BIG-IP host. You can omit this option if the environment variable `F5_SERVER` is set.
	server_port	Default: 443	The BIG-IP server port. You can omit this option if the environment variable `F5_SERVER_PORT` is set.
	user required		The username to connect to the BIG-IP with. This user must have administrative privileges on the device. You can omit this option if the environment variable `F5_USER` is set.
	validate_certs bool	Choices: no yes ←	If `no`, SSL certificates will not be validated. Use this only on personally controlled sites using self-signed certificates. You can omit this option if the environment variable `F5_VALIDATE_CERTS` is set.
	timeout	Default: 10	Specifies the timeout in seconds for communicating with the network device for either connecting or sending commands. If the timeout is exceeded before the operation is completed, the module will error.
	ssh_keyfile		Specifies the SSH keyfile to use to authenticate the connection to the remote device. This argument is only used for cli transports. If the value is not specified in the task, the value of environment variable `ANSIBLE_NET_SSH_KEYFILE` will be used instead.
	transport required	Choices: rest cli ←	Configures the transport connection to use when connecting to the remote device.
records			Specifies the records that you want to add to a data group. If you have a large number of records, it is recommended that you use `records_content` instead of typing all those records here. The technical limit of either 1. the number of records, or 2. the total size of all records, varies with the size of the total resources on your system; in particular, RAM. When `internal` is `no`, at least one record must be specified in either `records` or `records_content`.
	key required		The key describing the record in the data group. Your key will be used for validation of the `type` parameter to this module.
	value		The value of the key describing the record in the data group.
records_src			Path to a file with records in it. The file should be well-formed. This means that it includes records, one per line, that resemble the following format "key separator value". For example, `foo := bar`. BIG-IP is strict about this format, but this module is a bit more lax. It will allow you to include arbitrary amounts (including none) of empty space on either side of the separator. For an illustration of this, see the Examples section. Record keys are limited in length to no more than 65520 characters. Values of record keys are limited in length to no more than 65520 characters. The total number of records you can have in your BIG-IP is limited by the memory of the BIG-IP. The format of this content is slightly different depending on whether you specify a `type` of `address`, `integer`, or `string`. See the examples section for examples of the different types of payload formats that are expected in your data group file. When `internal` is `no`, at least one record must be specified in either `records` or `records_content`.
separator		Default: ":="	When specifying `records_content`, this is the string of characters that will be used to break apart entries in the `records_content` into key/value pairs. By default, this parameter's value is `:=`. This value cannot be changed once it is set. This parameter is only relevant when `internal` is `no`. It will be ignored otherwise.
server required			The BIG-IP host. You can omit this option if the environment variable `F5_SERVER` is set.
server_port (added in 2.2)		Default: 443	The BIG-IP server port. You can omit this option if the environment variable `F5_SERVER_PORT` is set.
state		Choices: present ← absent	When `state` is `present`, ensures the data group exists. When `state` is `absent`, ensures that the data group is removed.
type		Choices: address addr ip string ← str integer int	The type of records in this data group. This parameter is especially important because it causes BIG-IP to store your data in different ways so-as to optimize access to it. For example, it would be wrong to specify a list of records containing IP addresses, but label them as a `string` type. This value cannot be changed once the data group is created.
user required			The username to connect to the BIG-IP with. This user must have administrative privileges on the device. You can omit this option if the environment variable `F5_USER` is set.
validate_certs bool (added in 2.0)		Choices: no yes ←	If `no`, SSL certificates will not be validated. Use this only on personally controlled sites using self-signed certificates. You can omit this option if the environment variable `F5_VALIDATE_CERTS` is set.

Notes

Note

For more information on using Ansible to manage F5 Networks devices see https://www.ansible.com/integrations/networks/f5.
Requires the f5-sdk Python package on the host. This is as easy as pip install f5-sdk.

Examples

- name: Create a data group of addresses
  bigip_data_group:
    name: foo
    password: secret
    server: lb.mydomain.com
    state: present
    user: admin
    records:
      - key: 0.0.0.0/32
        value: External_NAT
      - key: 10.10.10.10
        value: No_NAT
    type: address
  delegate_to: localhost

- name: Create a data group of strings
  bigip_data_group:
    name: foo
    password: secret
    server: lb.mydomain.com
    state: present
    user: admin
    records:
      - key: caddy
        value: ""
      - key: cafeteria
        value: ""
      - key: cactus
        value: ""
    type: string
  delegate_to: localhost

- name: Create a data group of IP addresses from a file
  bigip_data_group:
    name: foo
    password: secret
    server: lb.mydomain.com
    state: present
    user: admin
    records_src: /path/to/dg-file
    type: address
  delegate_to: localhost

- name: Update an existing internal data group of strings
  bigip_data_group:
    name: foo
    password: secret
    server: lb.mydomain.com
    state: present
    internal: yes
    user: admin
    records:
      - key: caddy
        value: ""
      - key: cafeteria
        value: ""
      - key: cactus
        value: ""
  delegate_to: localhost

- name: Show the data format expected for records_content - address 1
  copy:
    dest: /path/to/addresses.txt
    content: |
      network 10.0.0.0 prefixlen 8 := "Network1",
      network 172.16.0.0 prefixlen 12 := "Network2",
      network 192.168.0.0 prefixlen 16 := "Network3",
      network 2402:9400:1000:0:: prefixlen 64 := "Network4",
      host 192.168.20.1 := "Host1",
      host 172.16.1.1 := "Host2",
      host 172.16.1.1/32 := "Host3",
      host 2001:0db8:85a3:0000:0000:8a2e:0370:7334 := "Host4",
      host 2001:0db8:85a3:0000:0000:8a2e:0370:7334/128 := "Host5"

- name: Show the data format expected for records_content - address 2
  copy:
    dest: /path/to/addresses.txt
    content: |
      10.0.0.0/8 := "Network1",
      172.16.0.0/12 := "Network2",
      192.168.0.0/16 := "Network3",
      2402:9400:1000:0::/64 := "Network4",
      192.168.20.1 := "Host1",
      172.16.1.1 := "Host2",
      172.16.1.1/32 := "Host3",
      2001:0db8:85a3:0000:0000:8a2e:0370:7334 := "Host4",
      2001:0db8:85a3:0000:0000:8a2e:0370:7334/128 := "Host5"

- name: Show the data format expected for records_content - string
  copy:
    dest: /path/to/strings.txt
    content: |
      a := alpha,
      b := bravo,
      c := charlie,
      x := x-ray,
      y := yankee,
      z := zulu,

- name: Show the data format expected for records_content - integer
  copy:
    dest: /path/to/integers.txt
    content: |
      1 := bar,
      2 := baz,
      3,
      4,

Status

This module is flagged as preview which means that it is not guaranteed to have a backwards compatible interface.

Maintenance

This module is flagged as community which means that it is maintained by the Ansible Community. See Module Maintenance & Support for more info.

For a list of other modules that are also maintained by the Ansible Community, see here.

Author

Tim Rupp (@caphrim007)

Hint

If you notice any issues in this documentation you can edit this document to improve it.

© 2012–2018 Michael DeHaan
© 2018–2019 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/2.6/modules/bigip_data_group_module.html