Try SpotterManage an SSL Orchestrator Layer 2 security device
| "added in version" 1.6.0 of f5networks.f5_bigip"
Authors: Wojciech Wypior (@wojtek0806), Kevin Stewart (@kevingstewart)
Install with ansible-galaxy collection install f5networks.f5_bigip:==3.4.0
collections:
- name: f5networks.f5_bigip
version: 3.4.0Manage an SSL Orchestrator Layer 2 security device.
- name: Create SSLO L2 service
bigip_sslo_service_layer2:
name: "layer2a"
devices:
- name: "FEYE1"
ratio: 1
interface_in: "1.1"
tag_in: 100
interface_out: "1.1"
tag_out: 101
ip_offset: 1
port_remap: 8283
- name: Modify SSLO L2 service
bigip_sslo_service_layer2:
name: "layer2a"
devices:
- name: "FEYE1"
ratio: 1
vlan_in: "/Common/L2service_vlan_in"
interface_out: "1.1"
tag_out: 101
- name: Delete SSLO L2 service
bigip_sslo_service_layer2:
name: "layer2a"
state: "absent"
name:
description:
- Specifies the name of the Layer 2 security service.
- The configuration auto-prepends "ssloS_" to the service.
- The service name should be less than 14 characters and not contain dashes "-".
required: true
type: str
rules:
description:
- Defines a list of iRules to attach to the service.
elements: str
type: list
state:
choices:
- present
- absent
default: present
description:
- When C(state) is C(present), ensures the object is created or modified.
- When C(state) is C(absent), ensures the service is removed.
type: str
devices:
description:
- Specifies the set of network settings for traffic going to the service from the
BIG-IP.
- Multiple devices are defined as separate list items.
elements: dict
suboptions:
interface_in:
description:
- Defines the interface on the to-service side.
- The C(vlan_in) and C(interface_in) and C(tag_in) options are mutually exclusive.
type: str
interface_out:
description:
- Defines the interface on the from-service side.
- The C(vlan_out) and C(interface_out) and C(tag_out) options are mutually exclusive.
type: str
name:
description:
- Defines the name of this specific device.
required: true
type: str
ratio:
description:
- Defines a load balancing ratio setting for this device.
required: true
type: int
tag_in:
description:
- Defines the VLAN tag on the to-service side.
type: int
tag_out:
description:
- Defines the VLAN tag on the from-service side (as required).
type: int
vlan_in:
description:
- Defines an existing VLAN to attach on the to-service side.
- The C(vlan_in) and C(interface_in) and C(tag_in) options are mutually exclusive.
type: str
vlan_out:
description:
- Defines an existing VLAN to attach on the from-service side.
- The C(vlan_out) and C(interface_out) and C(tag_out) options are mutually exclusive.
type: str
type: list
monitor:
description:
- Specifies the monitor attached to the L2 security device pool.
- The monitor must already exist on the BIG-IP.
- When creating a L2 service, if the parameter is not provided a default of C(/Common/gateway_icmp)
is assumed.
type: str
timeout:
default: 300
description:
- The amount of time to wait for the C(CREATE) or C(MODIFY) task to complete, in seconds.
- The accepted value range is between C(10) and C(1800) seconds.
type: int
dump_json:
default: false
description:
- Sets the module to output a JSON blob for further consumption.
- When C(true), does not make any changes on the device and always returns C(changed=False).
- The output provided is idempotent in nature, meaning if there are no changes to
be made during C(MODIFY) on an existing service no JSON output is generated.
type: bool
ip_offset:
description:
- Defines an IP offset integer to be used in the internal IP addressing.
- This parameter is required when creating a new L2 service.
- Accepted values are in the range of C(0) to C(30).
- This is typically used in a tiered architecture, where a Layer 2 service is shared
between multiple standalone SSL Orchestrator instances.
type: int
port_remap:
description:
- Defines the port to remap decrypted traffic to.
type: int
vendor_info:
description:
- Specifies the vendor-specific L2 service used. The default is C(Generic Inline Layer
2).
type: str
version_added: 3.3.0
version_added_collection: f5networks.f5_bigip
service_down_action:
choices:
- ignore
- reset
- drop
description:
- Specifies the action to take on monitor failure.
- Setting to C(ignore) bypasses the security device in the service chain.
- Setting to C(reset) or C(drop) resets or drops the connection, respectively if the
service monitor fails.
- When creating an ICAP service, if the parameter is not provided a default value
of C(ignore) is assumed.
type: str
devices_ips: description: - The list of IP addresses created for each specified device. returned: changed sample: - hash/dictionary of values type: list interfaces: description: - The list of interfaces created for each specified device. returned: changed sample: - hash/dictionary of values type: list monitor: description: - The monitor attached to the L2 security device pool. returned: changed sample: /Common/gateway_icmp type: str networks: description: - The list of networks created for each specified device. returned: changed sample: - hash/dictionary of values type: list port_remap: description: - Port remap settings. returned: changed sample: 8080 type: int rules: description: - List of iRules attached to the service. returned: changed sample: - /Common/test-rule-1 - /Common/test-rule-2 type: list service_down_action: description: - The action to take on monitor failure. returned: changed sample: ignore type: str service_subnet: description: - The service subnet created for L2 inline service returned: changed sample: - hash/dictionary of values type: dict