Try SpotterManage general policy configuration on a BIG-IP
| "added in version" 2.5 of ansible.builtin"
Authors: Tim Rupp (@caphrim007)
preview | supported by community
pipInstall with pip install ansible==2.5.6
Manages general policy configuration on a BIG-IP. This module is best used in conjunction with the C(bigip_policy_rule) module. This module can handle general configuration like setting the draft state of the policy, the description, and things unrelated to the policy rules themselves. It is also the first module that should be used when creating rules as the C(bigip_policy_rule) module requires a policy parameter.
- name: Create policy which is immediately published
bigip_policy:
name: Policy-Foo
state: present
delegate_to: localhost
- name: Add a rule to the new policy - Immediately published
bigip_policy_rule:
policy: Policy-Foo
name: ABC
conditions:
- type: http_uri
path_starts_with:
- /ABC
- foo
- bar
path_ends_with:
- baz
actions:
- forward: yes
select: yes
pool: pool-svrs
- name: Add multiple rules to the new policy - Added in the order they are specified
bigip_policy_rule:
policy: Policy-Foo
name: "{{ item.name }}"
conditions: "{{ item.conditions }}"
actions: "{{ item.actions }}"
with_items:
- name: rule1
actions:
- type: forward
pool: pool-svrs
conditions:
- type: http_uri
path_starts_with: /euro
- name: HomePage
actions:
- type: forward
pool: pool-svrs
conditions:
- type: http_uri
path_starts_with: /HomePage/
- name: Create policy specify default rules - Immediately published
bigip_policy:
name: Policy-Bar
state: present
rules:
- rule1
- rule2
- rule3
- name: Create policy specify default rules - Left in a draft
bigip_policy:
name: Policy-Baz
state: draft
rules:
- rule1
- rule2
- rule3
name:
description:
- The name of the policy to create.
required: true
rules:
description:
- Specifies a list of rules that you want associated with this policy. The order of
this list is the order they will be evaluated by BIG-IP. If the specified rules
do not exist (for example when creating a new policy) then they will be created.
- The C(conditions) for a default rule are C(all).
- The C(actions) for a default rule are C(ignore).
- The C(bigip_policy_rule) module can be used to create and edit existing and new
rules.
state:
choices:
- present
- absent
- draft
description:
- When C(state) is C(present), ensures that the policy exists and is published. When
C(state) is C(absent), ensures that the policy is removed, even if it is currently
drafted.
- When C(state) is C(draft), ensures that the policy exists and is drafted. When modifying
rules, it is required that policies first be in a draft.
- Drafting is only supported on versions of BIG-IP >= 12.1.0. On versions prior to
that, specifying a C(state) of C(draft) will raise an error.
provider:
description:
- A dict object containing connection details.
suboptions:
auth_provider:
description:
- Configures the auth provider for to obtain authentication tokens from the remote
device.
- This option is really used when working with BIG-IQ devices.
type: str
no_f5_teem:
default: false
description:
- If C(yes), TEEM telemetry data is not sent to F5.
- You may omit this option by setting the environment variable C(F5_TELEMETRY_OFF).
- Previously used variable C(F5_TEEM) is deprecated as its name was confusing.
type: bool
password:
aliases:
- pass
- pwd
description:
- The password for the user account used to connect to the BIG-IP or the BIG-IQ.
- You may omit this option by setting the environment variable C(F5_PASSWORD).
required: true
type: str
server:
description:
- The BIG-IP host or the BIG-IQ host.
- You may omit this option by setting the environment variable C(F5_SERVER).
required: true
type: str
server_port:
default: 443
description:
- The BIG-IP server port.
- You may omit this option by setting the environment variable C(F5_SERVER_PORT).
type: int
timeout:
description:
- Specifies the timeout in seconds for communicating with the network device for
either connecting or sending commands. If the timeout is exceeded before the
operation is completed, the module will error.
type: int
transport:
choices:
- rest
default: rest
description:
- Configures the transport connection to use when connecting to the remote device.
type: str
user:
description:
- The username to connect to the BIG-IP or the BIG-IQ. This user must have administrative
privileges on the device.
- You may omit this option by setting the environment variable C(F5_USER).
required: true
type: str
validate_certs:
default: true
description:
- If C(no), SSL certificates are not validated. Use this only on personally controlled
sites using self-signed certificates.
- You may omit this option by setting the environment variable C(F5_VALIDATE_CERTS).
type: bool
type: dict
version_added: 1.0.0
version_added_collection: f5networks.f5_modules
strategy:
choices:
- first
- all
- best
description:
- Specifies the method to determine which actions get executed in the case where there
are multiple rules that match. When creating new policies, the default is C(first).
- This module does not allow you to specify the C(best) strategy to use. It will choose
the system default (C(/Common/best-match)) for you instead.
partition:
default: Common
description:
- Device partition to manage resources on.
description:
description:
- The description to attach to the policy.
- This parameter is only supported on versions of BIG-IP >= 12.1.0. On earlier versions
it will simply be ignored.
description: description: - The new description of the policy. - This value is only returned for BIG-IP devices >= 12.1.0. returned: changed and success sample: This is my description type: string rules: description: List of the rules, and their order, applied to the policy. returned: changed and success sample: - /Common/rule1 - /Common/rule2 type: list strategy: description: The new strategy set on the policy. returned: changed and success sample: first-match type: int