Try SpotterManage general policy configuration on a BIG-IP
| "added in version" 1.0.0 of f5networks.f5_modules"
Authors: Tim Rupp (@caphrim007), Wojciech Wypior (@wojtek0806)
Install with ansible-galaxy collection install f5networks.f5_modules:==1.28.0
collections:
- name: f5networks.f5_modules
version: 1.28.0Manages general policy configuration on a BIG-IP. This module is best used in conjunction with the C(bigip_policy_rule) module. This module can handle general configuration, like setting the draft state of the policy, the description, and items unrelated to the policy rules themselves. It is also the first module that should be used when creating rules, as the C(bigip_policy_rule) module requires a policy parameter.
- name: Create policy which is immediately published
bigip_policy:
name: Policy-Foo
state: present
provider:
server: lb.mydomain.com
user: admin
password: secret
delegate_to: localhost
- name: Add a rule to the new policy - Immediately published
bigip_policy_rule:
policy: Policy-Foo
name: ABC
conditions:
- type: http_uri
path_starts_with:
- /ABC
- foo
- bar
path_ends_with:
- baz
actions:
- forward: true
select: true
pool: pool-svrs
provider:
server: lb.mydomain.com
user: admin
password: secret
delegate_to: localhost
- name: Add multiple rules to the new policy - Added in the order they are specified
bigip_policy_rule:
policy: Policy-Foo
name: "{{ item.name }}"
conditions: "{{ item.conditions }}"
actions: "{{ item.actions }}"
provider:
server: lb.mydomain.com
user: admin
password: secret
delegate_to: localhost
loop:
- name: rule1
actions:
- type: forward
pool: pool-svrs
conditions:
- type: http_uri
path_starts_with: /euro
- name: HomePage
actions:
- type: forward
pool: pool-svrs
conditions:
- type: http_uri
path_starts_with: /HomePage/
- name: Create policy specify default rules - Immediately published
bigip_policy:
name: Policy-Bar
state: present
rules:
- rule1
- rule2
- rule3
provider:
server: lb.mydomain.com
user: admin
password: secret
delegate_to: localhost
- name: Create policy specify default rules - Left in a draft
bigip_policy:
name: Policy-Baz
state: draft
rules:
- rule1
- rule2
- rule3
provider:
server: lb.mydomain.com
user: admin
password: secret
delegate_to: localhost
name:
description:
- The name of the policy to create.
required: true
type: str
rules:
description:
- Specifies a list of rules you want associated with this policy. The order of this
list is the order they will be evaluated by BIG-IP. If the specified rules do not
exist (for example when creating a new policy) they will be created.
- The C(conditions) for a default rule are C(all).
- The C(actions) for a default rule are C(ignore).
- The C(bigip_policy_rule) module can be used to create and edit existing and new
rules.
elements: str
type: list
state:
choices:
- present
- absent
- draft
default: present
description:
- When C(state) is C(present), ensures the policy exists and is published. When C(state)
is C(absent), ensures the policy is removed, even if it is currently drafted.
- When C(state) is C(draft), ensures the policy exists and is drafted. When modifying
rules, it is required that policies first be in a draft.
- Drafting is only supported on versions of BIG-IP >= 12.1.0. On versions prior to
that, specifying a C(state) of C(draft) will raise an error.
type: str
provider:
description:
- A dict object containing connection details.
suboptions:
auth_provider:
description:
- Configures the auth provider for to obtain authentication tokens from the remote
device.
- This option is really used when working with BIG-IQ devices.
type: str
no_f5_teem:
default: false
description:
- If C(yes), TEEM telemetry data is not sent to F5.
- You may omit this option by setting the environment variable C(F5_TELEMETRY_OFF).
- Previously used variable C(F5_TEEM) is deprecated as its name was confusing.
type: bool
password:
aliases:
- pass
- pwd
description:
- The password for the user account used to connect to the BIG-IP or the BIG-IQ.
- You may omit this option by setting the environment variable C(F5_PASSWORD).
required: true
type: str
server:
description:
- The BIG-IP host or the BIG-IQ host.
- You may omit this option by setting the environment variable C(F5_SERVER).
required: true
type: str
server_port:
default: 443
description:
- The BIG-IP server port.
- You may omit this option by setting the environment variable C(F5_SERVER_PORT).
type: int
timeout:
description:
- Specifies the timeout in seconds for communicating with the network device for
either connecting or sending commands. If the timeout is exceeded before the
operation is completed, the module will error.
type: int
transport:
choices:
- rest
default: rest
description:
- Configures the transport connection to use when connecting to the remote device.
type: str
user:
description:
- The username to connect to the BIG-IP or the BIG-IQ. This user must have administrative
privileges on the device.
- You may omit this option by setting the environment variable C(F5_USER).
required: true
type: str
validate_certs:
default: true
description:
- If C(no), SSL certificates are not validated. Use this only on personally controlled
sites using self-signed certificates.
- You may omit this option by setting the environment variable C(F5_VALIDATE_CERTS).
type: bool
type: dict
version_added: 1.0.0
version_added_collection: f5networks.f5_modules
strategy:
choices:
- first
- all
- best
description:
- Specifies the method to determine which actions get executed when there are multiple
rules that match. When creating new policies, the default is C(first).
- This module does not allow you to specify the C(best) strategy to use. It will choose
the system default (C(/Common/best-match)) instead.
type: str
partition:
default: Common
description:
- Device partition to manage resources on.
type: str
description:
description:
- The description to attach to the policy.
- This parameter is only supported on versions of BIG-IP >= 12.1.0. On earlier versions
it is simply ignored.
type: str
description: description: - The new description of the policy. - This value is only returned for BIG-IP devices >= 12.1.0. returned: changed and success sample: This is my description type: str rules: description: List of the rules, and their order, applied to the policy. returned: changed and success sample: - /Common/rule1 - /Common/rule2 type: list strategy: description: The new strategy set on the policy. returned: changed and success sample: first-match type: int