f5networks / f5networks.f5_bigip / 1.13.0 / module / bigip_sslo_config_ssl Manage an SSL Orchestrator SSL configuration | "added in version" 1.6.0 of f5networks.f5_bigip" Authors: Wojciech Wypior (@wojtek0806), Kevin Stewart (@kevingstewart)f5networks.f5_bigip.bigip_sslo_config_ssl (1.13.0) — module
Install with ansible-galaxy collection install f5networks.f5_bigip:==1.13.0
collections: - name: f5networks.f5_bigip version: 1.13.0
Manage an SSL Orchestrator SSL configuration.
- hosts: all collections: - f5networks.f5_bigip connection: httpapi vars: ansible_host: "lb.mydomain.com" ansible_user: "admin" ansible_httpapi_password: "secret" ansible_network_os: f5networks.f5_bigip.bigip ansible_httpapi_use_ssl: yes tasks: - name: Create an SSLO SSL config with reverse proxy - output json only bigip_sslo_config_ssl: name: "reverse_foo" client_settings: proxy_type: "reverse" cert: "/Common/sslo_test.crt" key: "/Common/sslo_test.key" dump_json: yes - name: Create an SSLO SSL config with forward proxy bigip_sslo_config_ssl: name: "forward_foo" client_settings: proxy_type: "forward" cipher_type: "group" cipher_group: "/Common/f5-default" ca_cert: "/Common/default.crt" ca_key: "/Common/default.key" alpn: yes server_settings: cipher_type: "group" cipher_group: "/Common/f5-default" bypass_handshake_failure: yes timeout: 400 - name: Modify an SSLO SSL config with forward proxy bigip_sslo_config_ssl: name: "forward_foo" client_settings: proxy_type: "forward" ca_cert: "/Common/sslo_test.crt" ca_key: "/Common/sslo_test.key" - name: Delete an SSLO SSL config bigip_sslo_config_ssl: name: "forward_foo" state: absent
sni: description: - Specifies the SNI settings. suboptions: sni_default: description: - Specify whether it is the default SNI server. type: bool sni_server_name: description: - The SNI server name in FQDN format. type: str type: dict name: description: - Specifies the name of the authentication object. - The configuration auto-prepends C(ssloT_) to the object. - Names should be less than 14 characters and not contain dashes C(-). required: true type: str state: choices: - present - absent default: present description: - When C(state) is C(present), ensures the object is created or modified. - When C(state) is C(absent), ensures the service is removed. type: str timeout: default: 300 description: - The amount of time to wait for the C(CREATE), C(MODIFY) or C(DELETE) task to complete, in seconds. - The accepted value range is between C(10) and C(1800) seconds. type: int dump_json: default: false description: - Sets the module to output a JSON blob for further consumption. - When C(yes), does not make any changes on the device and always returns C(changed=False). - The output provided is idempotent in nature, meaning if there are no changes to be made during C(MODIFY) on an existing service no JSON output is generated. type: bool client_settings: description: - Specifies the client-side SSL settings. suboptions: alpn: description: - Enables or disables ALPN HTTP/2 full proxy. - This parameter can only be used when C(proxy_type) is C(forward). - This parameter is only available in SSLO version 9.0 and later. type: bool ca_cert: description: - Defines the CA certificate applied in the client side settings. - This parameter is required when C(proxy_type) is C(forward), otherwise this setting is ignored. - This parameter is required together with C(ca_key). type: str ca_chain: description: - Defines the CA certificate keychain in the client side settings. - This parameter is required if C(proxy_type) is C(forward), otherwise this setting is ignored. type: str ca_key: description: - Defines the CA private key applied in the client side settings. - This parameter is required when C(proxy_type) is C(forward), otherwise this setting is ignored. - This parameter is required together with C(ca_key). type: str cert: description: - Defines the certificate applied in the client side settings. - This parameter is required together with C(key). type: str chain: description: - Defines the certificate keychain in the client side settings. type: str cipher_group: description: - Defines the existing cipher group. - This parameter is mutually exclusive with C(cipher_string). - This parameter is required when C(cipher_type) is C(group). type: str cipher_string: description: - Defines the string used for cipher strings. - This parameter is mutually exclusive with C(cipher_group). - This parameter is required when C(cipher_type) is C(string). type: str cipher_type: choices: - string - group description: - Defines the type of cipher used. type: str client_ssl_options: description: - The processing options using various TLS and SSL versions. elements: str type: list version_added: 1.12.0 version_added_collection: f5networks.f5_bigip key: description: - Defines the private key applied in the client side settings. - This parameter is required together with C(cert). type: str log_publisher: description: - Defines a specific log publisher to use for client-side SSL-related events. - This parameter is only available in SSLO version 9.0 and later. type: str proxy_type: choices: - forward - reverse description: - Defines the type of proxy to configure. - This parameter is immutable after the object has been created. - This parameter is required when C(state) is C(present). type: str type: dict server_settings: description: - Specifies the server-side SSL settings suboptions: block_expired: choices: - drop - ignore - mask description: - Defines the action to take if an expired remote server certificate is encountered. - For reverse proxy, the default is to ignore expired certificates. - For forward proxy, the default is to drop expired certificates. type: str block_untrusted: choices: - drop - ignore - mask description: - Defines the action to take if an untrusted remote server certificate is encountered, based on the defined C(ca_bundle). - For reverse proxy, the default is to ignore untrusted certificates. - For forward proxy, the default is to drop untrusted certificates. type: str ca_bundle: description: - Defines the certificate authority bundle used to validate remote server certificates. - This setting is most applicable in the forward proxy use case to validate remote server certificates. type: str cipher_group: description: - Defines the existing cipher group. - This parameter is mutually exclusive with C(cipher_string). - This parameter is required when C(cipher_type) is C(group). type: str cipher_string: description: - Defines the string used for cipher strings. - This parameter is mutually exclusive with C(cipher_group). - This parameter is required when C(cipher_type) is C(string). type: str cipher_type: choices: - string - group description: - Defines the type of cipher used. type: str crl: description: - Defines a CRL configuration to use to perform certificate revocation checking against remote server certificates. type: str log_publisher: description: - Defines a specific log publisher to use for server-side SSL-related events. - This parameter is only available in SSLO version 9.0 and above. type: str ocsp: description: - Defines an OCSP configuration to use to perform certificate revocation checking against remote server certificates. type: str server_ssl_options: description: - The processing options using various TLS and SSL versions. elements: str type: list version_added: 1.12.0 version_added_collection: f5networks.f5_bigip type: dict bypass_handshake_failure: description: - Defines the action to take if a server side TLS handshake failure is detected. - A value of C(no) causes the connection to fail. - A value of C(no) shuts down TLS decryption and allows the connection to proceed un-decrypted. type: bool bypass_client_cert_failure: description: - Defines the action to take if a server side TLS handshake client certificate request is detected. - A value of C(no) causes the connection to fail. - A value of C(yes) shuts down TLS decryption and allows the connection to proceed un-decrypted. type: bool
bypass_client_cert_failure: description: - Defines the action to take if a server side TLS handshake client certificate request is detected. returned: changed sample: true type: bool bypass_handshake_failure: description: - Defines the action to take if a server side TLS handshake failure is detected. returned: changed sample: true type: bool client_settings: contains: alpn: description: Enables or disables ALPN HTTP/2 full proxy. sample: true type: bool ca_cert: description: The CA certificate applied in the client side settings. sample: /Common/default.crt type: str ca_chain: description: The CA certificate keychain in the client side settings. sample: /Common/local-ca-chain.crt type: str ca_key: description: The CA private key applied in the client side settings. sample: /Common/default.key type: str cert: description: The certificate applied in the client side settings. sample: /Common/default.crt type: str chain: description: The certificate keychain in the client side settings. sample: /Common/local-ca-chain.crt type: str cipher_group: description: The existing cipher group. sample: /Common/f5-default type: str cipher_string: description: The string used for cipher strings. sample: DEFAULT type: str cipher_type: description: The type of cipher used. sample: string type: str key: description: The private key applied in the client side settings. sample: /Common/default.key type: str log_publisher: description: The log publisher used for client-side SSL-related events. sample: /Common/sys-ssl-publisher type: str proxy_type: description: The type of proxy configured. sample: forward type: str description: Client-side SSL settings. returned: changed type: complex server_settings: contains: block_expired: description: The action to take if an expired remote server certificate is encountered. sample: ignore type: str block_untrusted: description: The action to take if an untrusted remote server certificate is encountered. sample: ignore type: str ca_bundle: description: The certificate authority bundle used to validate remote server certificates sample: /Common/ca-bundle.crt type: str cipher_group: description: The existing cipher group sample: /Common/f5-default type: str cipher_string: description: The string used for cipher strings. sample: DEFAULT type: str cipher_type: description: The type of cipher used. sample: string type: str crl: description: The existing CRL configuration to validate revocation of remote server certificates. sample: /Common/my-crl type: str log_publisher: description: The log publisher used for server-side SSL-related events. sample: /Common/sys-ssl-publisher type: str ocsp: description: Then existing OCSP configuration to validate revocation of remote server certificates. sample: /Common/my-ocsp type: str description: Specifies the server-side SSL settings. returned: changed type: complex