Try SpotterManage data groups on a BIG-IP
| "added in version" 1.0.0 of f5networks.f5_modules"
Authors: Tim Rupp (@caphrim007), Wojciech Wypior (@wojtek0806), Greg Crosby (@crosbygw)
Install with ansible-galaxy collection install f5networks.f5_modules:==1.28.0
collections:
- name: f5networks.f5_modules
version: 1.28.0Allows for managing data groups on a BIG-IP. Data groups provide a way to store collections of values on a BIG-IP for later use in things such as LTM rules, iRules, and ASM policies.
- name: Create a data group of addresses
bigip_data_group:
name: foo
internal: true
records:
- key: 0.0.0.0/32
value: External_NAT
- key: 10.10.10.10
value: No_NAT
type: address
provider:
password: secret
server: lb.mydomain.com
user: admin
delegate_to: localhost
- name: Create a data group of strings
bigip_data_group:
name: foo
internal: true
records:
- key: caddy
value: ""
- key: cafeteria
value: ""
- key: cactus
value: ""
type: string
provider:
password: secret
server: lb.mydomain.com
user: admin
delegate_to: localhost
- name: Create a data group of IP addresses from a file
bigip_data_group:
name: foo
records_src: /path/to/dg-file
type: address
provider:
password: secret
server: lb.mydomain.com
user: admin
delegate_to: localhost
- name: Update an existing internal data group of strings
bigip_data_group:
name: foo
internal: true
records:
- key: caddy
value: ""
- key: cafeteria
value: ""
- key: cactus
value: ""
provider:
password: secret
server: lb.mydomain.com
user: admin
delegate_to: localhost
- name: Show the data format expected for records_content - address 1
copy:
dest: /path/to/addresses.txt
content: |
network 10.0.0.0 prefixlen 8 := "Network1",
network 172.16.0.0 prefixlen 12 := "Network2",
network 192.168.0.0 prefixlen 16 := "Network3",
network 2402:9400:1000:0:: prefixlen 64 := "Network4",
host 192.168.20.1 := "Host1",
host 172.16.1.1 := "Host2",
host 172.16.1.1 := "Host3",
host 2001:0db8:85a3:0000:0000:8a2e:0370:7334 := "Host4",
host 2001:0db8:85a3:0000:0000:8a2e:0370:7334 := "Host5"
- name: Show the data format expected for records_content - address 2
copy:
dest: /path/to/addresses.txt
content: |
10.0.0.0/8 := "Network1",
172.16.0.0/12 := "Network2",
192.168.0.0/16 := "Network3",
2402:9400:1000:0::/64 := "Network4",
192.168.20.1 := "Host1",
172.16.1.1 := "Host2",
172.16.1.1/32 := "Host3",
2001:0db8:85a3:0000:0000:8a2e:0370:7334 := "Host4",
2001:0db8:85a3:0000:0000:8a2e:0370:7334/128 := "Host5"
- name: Show the data format expected for records_content - string
copy:
dest: /path/to/strings.txt
content: |
a := alpha,
b := bravo,
c := charlie,
x := x-ray,
y := yankee,
z := zulu,
- name: Show the data format expected for records_content - integer
copy:
dest: /path/to/integers.txt
content: |
1 := bar,
2 := baz,
3,
4,
name:
description:
- Specifies the name of the data group.
required: true
type: str
type:
choices:
- address
- addr
- ip
- string
- integer
- int
default: string
description:
- The type of records in this data group.
- This parameter is important because it causes the BIG-IP to store your data in different
ways to optimize access to it. For example, it would be wrong to specify a list
of records containing IP addresses, but label them as a C(string) type.
- This value cannot be changed once the data group is created.
type: str
state:
choices:
- present
- absent
default: present
description:
- When C(state) is C(present), ensures the data group exists.
- When C(state) is C(absent), ensures the data group is removed.
- The use of state in this module refers to the entire data group, not its members.
type: str
records:
description:
- Specifies the records you want to add to a data group.
- If you have a large number of records, we recommend you use C(records_src) instead
of typing all those records here.
- The technical limit of either the number of records, or the total size of all records.
Varies with the size of the total resources on your system; in particular, RAM.
- When C(internal) is C(false), at least one record must be specified in either C(records)
or C(records_src).
- 'When C(type) is: C(ip), C(address), C(addr) if the addresses use a non-default
route domain, they must be explicit about it, meaning they must contain a route
domain notation C(%) e.g. 10.10.1.1%11. This is true regardless if the data group
resides in a partition or not.'
elements: raw
suboptions:
key:
description:
- The key describing the record in the data group.
- The key will be used for validation of the C(type) parameter to this module.
required: true
type: str
value:
description:
- The value of the key describing the record in the data group.
type: raw
type: list
internal:
default: false
description:
- The type of this data group.
- You should only consider setting this value in cases where you know exactly what
you are doing, B(or), you are working with a pre-existing internal data group.
- Be aware that if you deliberately force this parameter to C(true), and you have
a either a large number of records or a large total records size, this large amount
of data will be reflected in your BIG-IP configuration. This can lead to B(long)
system configuration load times due to parsing and verifying the large configuration.
- When this parameter is C(true), there is a limit for uploads of either 4 megabytes
or 65,000 records, whichever is more restrictive.
- This value cannot be changed once the data group is created.
type: bool
provider:
description:
- A dict object containing connection details.
suboptions:
auth_provider:
description:
- Configures the auth provider for to obtain authentication tokens from the remote
device.
- This option is really used when working with BIG-IQ devices.
type: str
no_f5_teem:
default: false
description:
- If C(yes), TEEM telemetry data is not sent to F5.
- You may omit this option by setting the environment variable C(F5_TELEMETRY_OFF).
- Previously used variable C(F5_TEEM) is deprecated as its name was confusing.
type: bool
password:
aliases:
- pass
- pwd
description:
- The password for the user account used to connect to the BIG-IP or the BIG-IQ.
- You may omit this option by setting the environment variable C(F5_PASSWORD).
required: true
type: str
server:
description:
- The BIG-IP host or the BIG-IQ host.
- You may omit this option by setting the environment variable C(F5_SERVER).
required: true
type: str
server_port:
default: 443
description:
- The BIG-IP server port.
- You may omit this option by setting the environment variable C(F5_SERVER_PORT).
type: int
timeout:
description:
- Specifies the timeout in seconds for communicating with the network device for
either connecting or sending commands. If the timeout is exceeded before the
operation is completed, the module will error.
type: int
transport:
choices:
- rest
default: rest
description:
- Configures the transport connection to use when connecting to the remote device.
type: str
user:
description:
- The username to connect to the BIG-IP or the BIG-IQ. This user must have administrative
privileges on the device.
- You may omit this option by setting the environment variable C(F5_USER).
required: true
type: str
validate_certs:
default: true
description:
- If C(no), SSL certificates are not validated. Use this only on personally controlled
sites using self-signed certificates.
- You may omit this option by setting the environment variable C(F5_VALIDATE_CERTS).
type: bool
type: dict
version_added: 1.0.0
version_added_collection: f5networks.f5_modules
partition:
default: Common
description:
- Device partition to manage resources on.
type: str
separator:
default: :=
description:
- When specifying C(records_src), this is the string of characters that will be used
to break apart entries in the C(records_src) into key/value pairs.
- By default, the value of this parameter is C(:=).
- This value cannot be changed once it is set.
- This parameter is only relevant when C(internal) is C(false). It will be ignored
otherwise.
type: str
description:
description:
- The description of the data group.
type: str
records_src:
description:
- Path to a file with records in it.
- The file should be well-formed. This means it includes records, one per line, that
resemble the following format "key separator value". For example, C(foo := bar).
- BIG-IP is strict about this format, but this module is a bit more lax. It will allow
you to include arbitrary amounts (including none) of empty space on either side
of the separator. For an illustration of this, see the Examples section.
- Record keys are limited in length to no more than 65520 characters.
- Values of record keys are limited in length to no more than 65520 characters.
- The total number of records you can have in your BIG-IP is limited by the memory
of the BIG-IP itself.
- The format of this content is slightly different depending on whether you specify
a C(type) of C(address), C(integer), or C(string). See the examples section for
examples of the different types of payload formats that are expected in your data
group file.
- When C(internal) is C(false), at least one record must be specified in either C(records)
or C(records_src).
type: path
external_file_name:
description:
- When creating a new data group, this specifies the file name you want to give an
external data group file on the BIG-IP.
- This parameter is ignored when C(internal) is C(true).
- This parameter can be used to select an existing data group file to use with an
existing external data group.
- If this value is not provided, it will be given the value specified in C(name) and,
therefore, match the name of the data group.
- This value may only contain letters, numbers, underscores, dashes, or a period.
type: str
delete_data_group_file:
default: false
description:
- When C(true), ensures the remote data group file is deleted.
- This parameter is only relevant when C(state) is C(absent) and C(internal) is C(false).
type: bool