Try SpotterManage APM Network Access resource
| "added in version" 1.0.0 of f5networks.f5_modules"
Authors: Wojciech Wypior (@wojtek0806)
Install with ansible-galaxy collection install f5networks.f5_modules:==1.28.0
collections:
- name: f5networks.f5_modules
version: 1.28.0Manage APM Network Access resource.
- name: Create a split tunnel IPV4 Network Access
bigip_apm_network_access:
name: foobar
ip_version: ipv4
split_tunnel: true
snat_pool: "none"
ipv4_lease_pool: leasefoo
ipv4_address_space:
- subnet: 10.10.1.1
- subnet: 10.10.2.0/24
excluded_ipv4_adresses:
- subnet: 192.168.1.0/24
provider:
password: secret
server: lb.mydomain.com
user: admin
delegate_to: localhost
- name: Modify a split tunnel IPV4 Network Access
bigip_apm_network_access:
name: foobar
snat_pool: /Common/poolsnat
ipv4_address_space:
- subnet: 172.16.23.0/24
excluded_ipv4_adresses:
- subnet: 10.10.2.0/24
allow_local_subnet: true
allow_local_dns: true
provider:
password: secret
server: lb.mydomain.com
user: admin
delegate_to: localhost
- name: Remove Network Access
bigip_apm_network_access:
name: foobar
state: absent
provider:
password: secret
server: lb.mydomain.com
user: admin
delegate_to: localhost
dtls:
description:
- When C(true) the network access connection uses Datagram Transport Level Security
instead of TCP, to provide better throughput for high demand applications like VoIP
or streaming video.
type: bool
name:
description:
- Specifies the name of the APM network access to manage/create.
required: true
type: str
state:
choices:
- present
- absent
default: present
description:
- When C(state) is C(present), ensures the ACL exists.
- When C(state) is C(absent), ensures the ACL is removed.
type: str
provider:
description:
- A dict object containing connection details.
suboptions:
auth_provider:
description:
- Configures the auth provider for to obtain authentication tokens from the remote
device.
- This option is really used when working with BIG-IQ devices.
type: str
no_f5_teem:
default: false
description:
- If C(yes), TEEM telemetry data is not sent to F5.
- You may omit this option by setting the environment variable C(F5_TELEMETRY_OFF).
- Previously used variable C(F5_TEEM) is deprecated as its name was confusing.
type: bool
password:
aliases:
- pass
- pwd
description:
- The password for the user account used to connect to the BIG-IP or the BIG-IQ.
- You may omit this option by setting the environment variable C(F5_PASSWORD).
required: true
type: str
server:
description:
- The BIG-IP host or the BIG-IQ host.
- You may omit this option by setting the environment variable C(F5_SERVER).
required: true
type: str
server_port:
default: 443
description:
- The BIG-IP server port.
- You may omit this option by setting the environment variable C(F5_SERVER_PORT).
type: int
timeout:
description:
- Specifies the timeout in seconds for communicating with the network device for
either connecting or sending commands. If the timeout is exceeded before the
operation is completed, the module will error.
type: int
transport:
choices:
- rest
default: rest
description:
- Configures the transport connection to use when connecting to the remote device.
type: str
user:
description:
- The username to connect to the BIG-IP or the BIG-IQ. This user must have administrative
privileges on the device.
- You may omit this option by setting the environment variable C(F5_USER).
required: true
type: str
validate_certs:
default: true
description:
- If C(no), SSL certificates are not validated. Use this only on personally controlled
sites using self-signed certificates.
- You may omit this option by setting the environment variable C(F5_VALIDATE_CERTS).
type: bool
type: dict
version_added: 1.0.0
version_added_collection: f5networks.f5_modules
dtls_port:
description:
- Specifies the port number the network access resource uses for secure UDP traffic
with DTLS.
type: int
partition:
default: Common
description:
- Device partition to manage resources on.
type: str
snat_pool:
description:
- Specifies the name of a SNAT pool used for implementing selective and intelligent
SNATs.
- When C(none) the system uses no SNAT pool for this network resource.
- When C(automap) the system uses all of the self IP addresses as the translation
addresses for the pool.
type: str
ip_version:
choices:
- ipv4
- ipv4-ipv6
description:
- Supported IP version on the network access resource.
type: str
description:
description:
- User created network access description.
type: str
split_tunnel:
description:
- Specifies that only the traffic targeted to a specified address space is sent over
the network access tunnel.
type: bool
allow_local_dns:
description:
- Enables local access to DNS servers configured on the client prior to establishing
a network access connection.
type: bool
ipv4_lease_pool:
description:
- Specifies the IPV4 lease pool resource to use with network access.
- Referencing a lease pool can be done in the full path format, for example C(/Common/pool_name).
- When a lease pool is referenced in full path format, the C(partition) parameter
is ignored.
type: str
ipv6_lease_pool:
description:
- Specifies the IPV6 lease pool resource to use with network access.
- Referencing a lease pool can be done in the full path format, for example C(/Common/pool_name).
- When a lease pool is referenced in full path format, the C(partition) parameter
is ignored.
type: str
dns_address_space:
description:
- Specifies a list of domain names describing the target LAN DNS addresses.
elements: str
type: list
allow_local_subnet:
description:
- Enables local subnet access and local access to any host or subnet in routes specified
in the client routing table.
- When C(true) the system does not support integrated IP filtering.
type: bool
ipv4_address_space:
description:
- Specifies a list of IPv4 hosts or networks describing the target LAN.
- This option is mandatory when creating a new resource and C(split_tunnel) is set
to C(true).
elements: dict
suboptions:
subnet:
description:
- The address of subnet in CIDR format, e.g. C(192.168.1.0/24)
- Host addresses can be specified without the CIDR mask notation.
type: str
type: list
ipv6_address_space:
description:
- Specifies a list of IPv6 hosts or networks describing the target LAN.
- This option is mandatory when creating a new resource and C(split_tunnel) is set
to C(true).
elements: dict
suboptions:
subnet:
description:
- The address of subnet in CIDR format, e.g. C(2001:db8:abcd:8000::/52)
- Host addresses can be specified without the CIDR mask notation.
type: str
type: list
excluded_dns_addresses:
description:
- Specifies the DNS address spaces for which traffic is not forced through the tunnel.
elements: str
type: list
excluded_ipv4_adresses:
description:
- Specifies IPV4 address spaces for which traffic is not forced through the tunnel.
elements: dict
suboptions:
subnet:
description:
- The address of subnet in CIDR format, e.g. C(192.168.1.0/24)
- Host addresses can be specified without the CIDR mask notation.
type: str
type: list
excluded_ipv6_adresses:
description:
- Specifies IPV6 address spaces for which traffic is not forced through the tunnel.
elements: dict
suboptions:
subnet:
description:
- The address of a subnet in CIDR format, e.g. C(2001:db8:abcd:8000::/52)
- Host addresses can be specified without the CIDR mask notation.
type: str
type: list
allow_local_dns:
description: Enables local access to DNS servers configured on the client.
returned: changed
sample: true
type: bool
allow_local_subnet:
description: Enables local subnet access.
returned: changed
sample: true
type: bool
description:
description: The new description of Network Access.
returned: changed
sample: My Access
type: str
dns_address_space:
description: Specifies a list of domain names describing the target LAN DNS addresses.
returned: changed
sample:
- internal.net
- '*.engnet.org'
type: list
dtls:
description: Enables use of DTLS by network access.
returned: changed
sample: false
type: bool
dtls_port:
description: Specifies the port number the network access resource uses for DTLS.
returned: changed
sample: 4433
type: int
excluded_dns_addresses:
description: Specifies the DNS address spaces for which traffic is not forced through
the tunnel.
returned: changed
sample:
- foobar.com
- bazbar.org
type: list
excluded_ipv4_adresses:
contains:
subnet:
description: The host or network address.
returned: changed
sample: 192.168.10.1
type: str
description: Specifies IPV4 address spaces for which traffic is not forced through
the tunnel.
returned: changed
sample: hash/dictionary of values
type: complex
excluded_ipv6_adresses:
contains:
subnet:
description: The host or network address.
returned: changed
sample: 2001:DB8:ABCD:0012::0
type: str
description: Specifies IPV6 address spaces for which traffic is not forced through
the tunnel.
returned: changed
sample: hash/dictionary of values
type: complex
ip_version:
description: Supported IP version on the network access resource.
returned: changed
sample: ipv4-ipv6
type: str
ipv4_address_space:
contains:
subnet:
description: The host or network address.
returned: changed
sample: 192.168.10.1
type: str
description: Specifies a list of IPv4 hosts or networks describing the target LAN.
returned: changed
sample: hash/dictionary of values
type: complex
ipv4_lease_pool:
description: Specifies a IPV4 lease pool resource to use with network access.
returned: changed
sample: /Common/leasepoolv4
type: str
ipv6_address_space:
contains:
subnet:
description: The host or network address.
returned: changed
sample: 2001:DB8:ABCD:0012::0
type: str
description: Specifies a list of IPv6 hosts or networks describing the target LAN.
returned: changed
sample: hash/dictionary of values
type: complex
ipv6_lease_pool:
description: Specifies a IPV6 lease pool resource to use with network access.
returned: changed
sample: /Common/leasepoolv6
type: str
snat_pool:
description: The name of a SNAT pool used by the network access resource.
returned: changed
sample: /Common/my-pool
type: str
split_tunnel:
description: Enables split tunnel on the network access resource.
returned: changed
sample: true
type: bool