Try SpotterManage an SSL Orchestrator Topology
| "added in version" 1.7.0 of f5networks.f5_bigip"
Authors: Wojciech Wypior (@wojtek0806), Kevin Stewart (@kevingstewart)
Install with ansible-galaxy collection install f5networks.f5_bigip:==3.4.0
collections:
- name: f5networks.f5_bigip
version: 3.4.0Manage an SSL Orchestrator topology
- name: Create SSLO Topology
bigip_sslo_topology:
name: "l3_topo_out"
topology_type: "outbound_l3"
dest: "192.168.1.4%0/32"
port: 8080
ip_family: "ipv4"
ssl_settings: "foobar"
vlans:
- "/Common/fake1"
- name: Delete SSLO Topology
bigip_sslo_topology:
name: "l3_topo_out"
topology_type: "outbound_l3"
state: "absent"
dest:
description:
- Defines the destination address filter and optional route domain for the topology
listener.
- The address must be specified in CIDR notation, with subnet mask not exceeding 32
bits.
- When creating a new topology object, if dest is not specified, a value of C(0.0.0.0%0/0)
is assumed.
type: str
name:
description:
- Specifies the name of the topology.
- Configuration auto-prepends "sslo_" to the topology.
- Topology name should be less than 14 characters and not contain dashes "-".
required: true
type: str
pool:
description:
- Defines a server pool to use in an application mode inbound topology.
type: str
port:
description:
- Defines the port filter for the topology listener.
- When creating a new topology object, if port is not specified, a value of C(0) is
assumed.
- Valid value range is from C(0) to C(65535).
type: int
snat:
choices:
- none
- automap
- snatpool
- snatlist
description:
- Defines the type egress source NAT used.
- When C(none), no outbound SNAT configuration is configured. This is the default
choice when creating a topology object if the parameter is not provided.
- When C(topology_type) is either set to C(l2_outbound) or C(l2_inbound), a C(snat)
is automatically set to C(none).
- When C(automap), SNAT auto map is configured.
- When C(snatpool), the SNAT configuration points to an existing SNAT pool defined
by the C(snatpool) parameter.
- When C(snatlist), a new SNAT pool is created from the provided C(snatlist).
type: str
state:
choices:
- present
- absent
default: present
description:
- When C(state) is C(present), ensures the object is created or modified.
- When C(state) is C(absent), ensures the object is removed.
type: str
vlans:
description:
- Defines the list of listening VLANs for the topology listener.
- This parameter is required when creating new topology object.
elements: str
type: list
source:
description:
- Defines the source address filter and optional route domain for the topology listener.
- The address must be specified in CIDR notation, with subnet mask not exceeding 32
bits.
- When creating a new topology object, if source is not specified, a value of C(0.0.0.0%0/0)
is assumed.
type: str
gateway:
choices:
- system
- pool
- iplist
description:
- Defines the type of egress gateway to use for egress traffic.
- When C(system) is set, a system-defined gateway route is used. This is the default
choice when a creating topology object if the parameter is not provided.
- When C(topology_type) is either set to C(l2_outbound) or C(l2_inbound), a C(gateway)
is automatically set to C(system).
- When C(pool), the gateway configuration points to an existing gateway pool defined
by the C(gateway_pool) parameter.
- When C(iplist), a new gateway pool is created from the provided C(gateway_list).
type: str
logging:
description:
- Defines the setting of logging characteristics for an SSL Orchestrator topology.
suboptions:
ftp:
choices:
- emergency
- alert
- critical
- warning
- error
- notice
- information
- debug
description:
- Defines the logging facility used for the SSL Orchestrator FTP listener logging.
type: str
imap:
choices:
- emergency
- alert
- critical
- warning
- error
- notice
- information
- debug
description:
- Defines the logging facility used for the SSL Orchestrator IMAP listener logging.
type: str
per_request_policy:
choices:
- emergency
- alert
- critical
- warning
- error
- notice
- information
- debug
description:
- Defines the logging facility used for the SSL Orchestrator security policy logging.
type: str
pop3:
choices:
- emergency
- alert
- critical
- warning
- error
- notice
- information
- debug
description:
- Defines the logging facility used for the SSL Orchestrator POP3 listener logging.
type: str
smtps:
choices:
- emergency
- alert
- critical
- warning
- error
- notice
- information
- debug
description:
- Defines the logging facility used for the SSL Orchestrator SMTPS listener logging.
type: str
sslo:
choices:
- emergency
- alert
- critical
- warning
- error
- notice
- information
- debug
description:
- Defines the logging facility used for the SSL Orchestrator summary logging.
type: str
type: dict
timeout:
default: 300
description:
- The amount of time to wait for the C(CREATE), C(MODIFY) or C(DELETE) task to complete,
in seconds.
- The accepted value range is between C(10) and C(1800) seconds.
type: int
protocol:
choices:
- tcp
- udp
- other
description:
- Defines the topology protocol, either TCP, UDP, or other (non-tcp/non-udp).
- When creating a new topology object, if protocol is not specified, a value of C(tcp)
is assumed.
type: str
proxy_ip:
description:
- Defines the explicit proxy listener IP address.
- This parameter is required when C(topology_type) is is C(outbound_explicit).
- This parameter is mutually exclusive with C(dest) and C(port).
- This parameter must be specified together with C(proxy_port).
type: str
dump_json:
default: false
description:
- Sets the module to output a JSON blob for further consumption.
- When C(true) does not make any changes on the device and always returns C(changed=False).
- The output provided is idempotent in nature, meaning if there are no changes to
be made during C(MODIFY) on an existing service, no JSON output is generated.
type: bool
ip_family:
choices:
- ipv4
- ipv6
description:
- Defines the IP family for the topology.
- When creating a new topology object, if ip_family is not specified, a value of C(ipv4)
is assumed.
type: str
ocsp_auth:
description:
- This setting defines an OCSP Authentication profile.
- This parameter is available in SSLO version 9.0 and later.
type: str
snat_list:
description:
- Defines a list of IP addresses to use in a SNAT pool configuration.
- This parameter is required when C(snat) is set to C(snatlist).
elements: str
type: list
snat_pool:
description:
- Defines an existing SNAT pool.
- This parameter required when C(snat) is set to C(snatpool).
type: str
l7_profile:
description:
- Defines the specific HTTP profile if the C(l7_profile_type) is set to C(http).
- When creating a new topology object, if l7_profile is not specified, a value of
C(/Common/http) is assumed.
type: str
proxy_port:
description:
- Defines the explicit proxy listener port.
- This parameter is required when C(topology_type) is is C(outbound_explicit).
- This parameter is mutually exclusive with C(dest) and C(port).
- This parameter must be specified together with C(proxy_ip).
type: int
auth_profile:
description:
- Defines an access profile to use for explicit proxy authentication.
type: str
dns_resolver:
description:
- Defines a per-topology DNS resolver configuration object.
- This parameter is available in SSLO version 9.0 and above.
type: str
gateway_list:
description:
- Defines a list of IP addresses to use in a gateway pool configuration.
- This parameter is required when C(gateway) is set to C(iplist).
elements: dict
suboptions:
ip:
description:
- The IP address of the gateway in pool.
required: true
type: str
ratio:
description:
- The ratio used for load balancing egress traffic in the gateway pool.
- When creating a new topology object, if ratio is not specified, a value of C(1)
is assumed.
- Valid value range is from C(1) to C(65535).
type: int
type: list
gateway_pool:
description:
- Defines an existing gateway pool to use for egress traffic.
- This parameter is required when C(gateway) is set to C(pool).
type: str
ssl_settings:
description:
- Defines the name of the SSL settings object already created.
- Configuration auto-prepends "ssloT_" to provided name if not present.
type: str
profile_scope:
choices:
- public
- named
description:
- Defines the access profile scope.
- This parameter applies to SSLO version 8.2 and later.
type: str
topology_type:
choices:
- outbound_l3
- inbound_l3
- outbound_explicit
- outbound_l2
- inbound_l2
description:
- Defines the type of topology to create.
required: true
type: str
verify_accept:
description:
- Enables TCP Verify Accept proxy through an outbound topology.
- This parameter is available in SSLO version 9.0 and later.
type: bool
access_profile:
description:
- Defines a custom access profile to use.
- When not specified, a topology-defined access profile is created.
- This parameter is mandatory when C(topology_type) is C(outbound_explicit) or when
C(security_policy) is set.
type: str
l7_profile_type:
choices:
- none
- http
description:
- Defines the L7 protocol type, and can either be C(none) for all protocols, or C(http).
- When creating a new topology object, if l7_profile_type is not specified, a value
of C(http) is assumed.
type: str
security_policy:
description:
- Defines the name of the security policy object already created.
- Configuration auto-prepends "ssloP_" to provided name if not present.
- This parameter is mandatory when C(proxy_type) is C(outbound_explicit).
type: str
primary_auth_uri:
description:
- Defines the authentication service (ie. captive portal) to redirect new users to.
- This setting should contain a fully-qualified domain name (ex. https://auth.f5labs.com).
- This parameter applies to SSLO version 8.2 and later.
- Required when the C(profile_scope) option is C(named).
type: str
profile_scope_value:
description:
- Defines a string name shared between the transparent proxy SSL Orchestrator profile
and the captive portal authentication access profile.
- This parameter applies to SSLO version 8.2 and later.
- Required when the C(profile_scope) option is C(named).
type: str
tcp_settings_client:
description:
- Defines a custom client side TCP profile to use.
- This parameter is ignored when C(topology_type) is set to C(outbound_explicit).
- When not specified, the default creation value is set depending on the C(topology_type).
If C(topology_type) is either set to C(l2_inbound) or C(l3_inbound), the value is
set to C(/Common/f5-tcp-wan). If C(topology_type) is either set to C(l2_outbound
or C(l3_outbound), the value is set to C(/Common/f5-tcp-lan).
type: str
tcp_settings_server:
description:
- Defines a custom server side TCP profile to use.
- This parameter is ignored when C(topology_type) is set to C(outbound_explicit).
- When not specified, the default creation value is set depending on the C(topology_type).
If C(topology_type) is either set to C(l2_inbound) or C(l3_inbound) the value is
set to C(/Common/f5-tcp-lan). If C(topology_type) is either set to C(l2_outbound
or C(l3_outbound) the value is set to C(/Common/f5-tcp-wan).
type: str
additional_protocols:
description:
- Defines a list of additional protocols to create listeners for.
- This parameter is only valid when C(protocol) is set to C(tcp).
- 'Accepted values of this list are: C(ftp), C(imap), C(pop3), C(smtps).'
elements: str
type: list