ansible.builtin.bigip_device_trust (v2.5.6) — module

Install Ansible via pip

Install with pip install ansible==2.5.6

Description

Manage the trust relationships between BIG-IPs. Devices, once peered, cannot be updated. If updating is needed, the peer must first be removed before it can be re-added to the trust.

Requirements

• netaddr

Usage examples

Scanned by Steampunk Spotter

• Success
  Steampunk Spotter scan finished with no errors, warnings or hints.

- name: Add trusts for all peer devices to Active device
  bigip_device_trust:
    server: lb.mydomain.com
    user: admin
    password: secret
    peer_server: "{{ item.ansible_host }}"
    peer_hostname: "{{ item.inventory_hostname }}"
    peer_user: "{{ item.bigip_username }}"
    peer_password: "{{ item.bigip_password }}"
  with_items: hostvars
  when: inventory_hostname in groups['master']
  delegate_to: localhost

Inputs

    
type:
    choices:
    - peer
    - subordinate
    default: peer
    description:
    - Specifies whether the device you are adding is a Peer or a Subordinate. The default
      is C(peer).
    - The difference between the two is a matter of mitigating risk of compromise.
    - A subordinate device cannot sign a certificate for another device.
    - In the case where the security of an authority device in a trust domain is compromised,
      the risk of compromise is minimized for any subordinate device.
    - Designating devices as subordinate devices is recommended for device groups with
      a large number of member devices, where the risk of compromise is high.

state:
    choices:
    - absent
    - present
    default: present
    description:
    - When C(present), ensures the specified devices are trusted.
    - When C(absent), removes the device trusts.

provider:
    description:
    - A dict object containing connection details.
    suboptions:
      auth_provider:
        description:
        - Configures the auth provider for to obtain authentication tokens from the remote
          device.
        - This option is really used when working with BIG-IQ devices.
        type: str
      no_f5_teem:
        default: false
        description:
        - If C(yes), TEEM telemetry data is not sent to F5.
        - You may omit this option by setting the environment variable C(F5_TELEMETRY_OFF).
        - Previously used variable C(F5_TEEM) is deprecated as its name was confusing.
        type: bool
      password:
        aliases:
        - pass
        - pwd
        description:
        - The password for the user account used to connect to the BIG-IP or the BIG-IQ.
        - You may omit this option by setting the environment variable C(F5_PASSWORD).
        required: true
        type: str
      server:
        description:
        - The BIG-IP host or the BIG-IQ host.
        - You may omit this option by setting the environment variable C(F5_SERVER).
        required: true
        type: str
      server_port:
        default: 443
        description:
        - The BIG-IP server port.
        - You may omit this option by setting the environment variable C(F5_SERVER_PORT).
        type: int
      timeout:
        description:
        - Specifies the timeout in seconds for communicating with the network device for
          either connecting or sending commands.  If the timeout is exceeded before the
          operation is completed, the module will error.
        type: int
      transport:
        choices:
        - rest
        default: rest
        description:
        - Configures the transport connection to use when connecting to the remote device.
        type: str
      user:
        description:
        - The username to connect to the BIG-IP or the BIG-IQ. This user must have administrative
          privileges on the device.
        - You may omit this option by setting the environment variable C(F5_USER).
        required: true
        type: str
      validate_certs:
        default: true
        description:
        - If C(no), SSL certificates are not validated. Use this only on personally controlled
          sites using self-signed certificates.
        - You may omit this option by setting the environment variable C(F5_VALIDATE_CERTS).
        type: bool
    type: dict
    version_added: 1.0.0
    version_added_collection: f5networks.f5_modules

peer_user:
    description:
    - The API username of the remote peer device that you are trusting. Note that the
      CLI user cannot be used unless it too has an API account. If this value is not specified,
      then the value of C(user), or the environment variable C(F5_USER) will be used.

peer_server:
    description:
    - The peer address to connect to and trust for synchronizing configuration. This is
      typically the management address of the remote device, but may also be a Self IP.
    required: true

peer_hostname:
    description:
    - The hostname that you want to associate with the device. This value will be used
      to easily distinguish this device in BIG-IP configuration. If not specified, the
      value of C(peer_server) will be used as a default.

peer_password:
    description:
    - The password of the API username of the remote peer device that you are trusting.
      If this value is not specified, then the value of C(password), or the environment
      variable C(F5_PASSWORD) will be used.

Outputs

peer_hostname:
  description: The remote hostname used to identify the trusted peer.
  returned: changed
  sample: test-bigip-02.localhost.localdomain
  type: string
peer_server:
  description: The remote IP address of the trusted peer.
  returned: changed
  sample: 10.0.2.15
  type: string