Try SpotterManage an SSL Orchestrator ICAP security device
| "added in version" 1.6.0 of f5networks.f5_bigip"
Authors: Wojciech Wypior (@wojtek0806), Kevin Stewart (@kevingstewart)
Install with ansible-galaxy collection install f5networks.f5_bigip:==3.4.0
collections:
- name: f5networks.f5_bigip
version: 3.4.0Manage an SSL Orchestrator ICAP security device.
- name: Create SSLO ICAP service
bigip_sslo_service_icap:
name: "icap1"
ip_family: "ipv4"
devices:
- ip: "1.1.1.1"
port: 1344
- ip: "2.2.2.2"
port: 1348
headers:
enable: true
h_from: "foo_from"
host: "foo_host"
user_agent: "foo_ua"
referrer: "foo_referrer"
enable_one_connect: false
preview_length: 2048
service_down_action: "drop"
allow_http10: true
- name: Modify SSLO ICAP service
bigip_sslo_service_icap:
name: "icap1"
request_uri: "/avscan"
response_uri: "/avscan"
preview_length: 1024
headers:
enable: false
- name: Delete SSLO ICAP service
bigip_sslo_service_icap:
name: "icap1"
state: "absent"
name:
description:
- Specifies the name of the ICAP service object.
- The configuration auto-prepends C(ssloS_) to the object.
- Names should be less than 14 characters and not contain dashes C(-).
required: true
type: str
state:
choices:
- present
- absent
default: present
description:
- When C(state) is C(present), ensures the object is created or modified.
- When C(state) is C(absent), ensures the service is removed.
type: str
devices:
description:
- Specifies a list of listening IP:ports for each ICAP security device.
- This parameter is required when creating a new ICAP service object.
elements: dict
suboptions:
ip:
description:
- Specifies the IP address for the ICAP security device.
type: str
port:
description:
- Specifies the port for the ICAP security device.
- Valid value range is from C(0) to C(65535).
type: int
type: list
headers:
description:
- Settings related to custom headers to be inserted to the ICAP server.
suboptions:
enable:
description:
- Enables or disables custom headers to be inserted to the ICAP server.
- If C(true), the C(referrer), C(host), C(user_agent) and C(h_from) parameters
are mandatory when creating a new service object.
- When creating an ICAP service, if the parameter is not provided a default of
value C(false) is assumed.
type: bool
h_from:
description:
- Specifies a From header to pass to the ICAP service.
- Required when creating a new service object with the C(enable) value set to
C(true).
type: str
host:
description:
- Specifies a Host header to pass to the ICAP service.
- Required when creating a new service object with the C(enable) value set to
C(true).
type: str
referrer:
description:
- Specifies a Referrer header to pass to the ICAP service.
- Required when creating a new service object with the C(enable) value set to
C(true).
type: str
user_agent:
description:
- Specifies a User-Agent header to pass to the ICAP service.
- Required when creating a new service object with the C(enable) value set to
C(true).
type: str
type: dict
monitor:
description:
- Specifies the monitor attached the ICAP security device pool. The monitor must already
exist on the BIG-IP.
- When creating an ICAP service, if the parameter is not provided a default of C(/Common/tcp)
is assumed.
type: str
timeout:
default: 300
description:
- The amount of time to wait for the C(CREATE), C(MODIFY) or C(DELETE) task to complete,
in seconds.
- The accepted value range is between C(10) and C(1800) seconds.
type: int
dump_json:
default: false
description:
- Sets the module to output a JSON blob for further consumption.
- When C(true), does not make any changes on the device and always returns C(changed=False).
- The output provided is idempotent in nature, meaning if there are no changes to
be made during C(MODIFY) on an existing service, no JSON output is generated.
type: bool
ip_family:
choices:
- ipv4
- ipv6
- both
description:
- Specifies the IP family used for attaching ICAP security devices.
- When creating an ICAP service, if the parameter is not provided a default of C(ipv4)
is assumed.
type: str
request_uri:
description:
- Specifies the ICAP request URI. This URI must always start with a forward slash
C(/) e.g. C(/avscan).
- When creating an ICAP service, if the parameter is not provided a default value
of C(/) is assumed.
type: str
vendor_info:
description:
- Specifies the vendor-specific service used. The default is C("Generic ICAP Service").
type: str
version_added: 3.4.0
version_added_collection: f5networks.f5_bigip
allow_http10:
description:
- Enables or disables HTTP/1.0 support to ICAP.
- When creating an ICAP service, if the parameter is not provided a default value
of C(false) is assumed.
type: bool
cpm_policies:
description:
- Specify the ICAP Policy. The ICAP policy is defined by the Central Policy Manager
(CPM) policy from BIG-IP LTM.
- Local traffic policies and centralized management interfaces collectively as CPM.
The default value is C("").
- The policy mentioned should be avialable in the Big-IP.
type: str
version_added: 3.4.0
version_added_collection: f5networks.f5_bigip
response_uri:
description:
- Specifies the ICAP response URI. This URI must always start with a forward slash
C(/) e.g. C(/avscan).
- When creating an ICAP service, if the parameter is not provided a default value
of C(/) is assumed.
type: str
preview_length:
description:
- Specifies the ICAP preview length value, in bytes.
- Valid value range is from C(0) to C(51200) bytes.
- When creating an ICAP service, if the parameter is not provided a default value
of C(1024) is assumed.
type: int
enable_one_connect:
description:
- Enables or disables OneConnect optimization to the ICAP server.
- When creating an ICAP service, if the parameter is not provided a default value
of C(true) is assumed.
type: bool
service_down_action:
choices:
- ignore
- reset
- drop
description:
- Specifies the action to take on monitor failure.
- Setting to C(ignore) bypasses the security device in the service chain.
- Setting to C(reset) or C(drop) resets or drops the connection, respectively, if
the service monitor fails.
- When creating an ICAP service, if the parameter is not provided a default value
of C(ignore) is assumed.
type: str
service_entry_ssl_profile:
description:
- Specify the Server SSL profile to be used for re-encrypting the traffic.
- The selected Server SSL profile will be attached to the service virtual server.
The default value is C("").
type: str
version_added: 3.4.0
version_added_collection: f5networks.f5_bigip
allow_http10:
description:
- Enables or disables HTTP/1.0 support to ICAP.
returned: changed
sample: true
type: bool
devices:
contains:
ip:
description: The IP address for the ICAP security device.
returned: changed
sample: 1.1.1.1
type: str
port:
description: The port for the ICAP security device.
returned: changed
sample: 1344
type: int
description:
- A list of listening IP:ports for each ICAP security device.
returned: changed
type: complex
enable_one_connect:
description:
- Enables or disables OneConnect optimization to the ICAP server.
returned: changed
sample: true
type: bool
headers:
contains:
enable:
description: Enables or disables custom headers to be inserted to the ICAP server.
returned: changed
sample: true
type: bool
h_from:
description: The From header to pass to the ICAP service.
returned: changed
sample: my_from
type: str
host:
description: The Host header to pass to the ICAP service.
returned: changed
sample: my_host
type: str
referrer:
description: The Referrer header to pass to the ICAP service.
returned: changed
sample: my_referrer
type: str
user_agent:
description: The User-Agent header to pass to the ICAP service
returned: changed
sample: my_user_agent
type: str
description:
- Settings related to custom headers to be inserted to the ICAP server.
returned: changed
type: complex
ip_family:
description:
- The IP family used for attached ICAP security devices.
returned: changed
sample: ipv4
type: str
monitor:
description:
- The monitor attached the ICAP security device pool.
returned: changed
sample: /Common/tcp
type: str
preview_length:
description:
- The ICAP preview length value, in bytes.
returned: changed
sample: 1024
type: int
request_uri:
description:
- The ICAP request URI.
returned: changed
sample: /avscan
type: str
response_uri:
description:
- The ICAP response URI.
returned: changed
sample: /avscan
type: str
service_down_action:
description:
- The action to take on monitor failure.
returned: changed
sample: ignore
type: str