Try SpotterManage cookie persistence profiles on BIG-IP
| "added in version" 1.0.0 of f5networks.f5_modules"
Authors: Tim Rupp (@caphrim007), Wojciech Wypior (@wojtek0806)
Install with ansible-galaxy collection install f5networks.f5_modules:==1.28.0
collections:
- name: f5networks.f5_modules
version: 1.28.0Manage cookie persistence profiles on BIG-IP system.
- name: Create a persistence cookie profile
bigip_profile_persistence_cookie:
name: foo
provider:
password: secret
server: lb.mydomain.com
user: admin
delegate_to: localhost
- name: Create a persistence cookie profile with expiration time
bigip_profile_persistence_cookie:
name: foo
expiration:
days: 7
hours: 12
minutes: 30
provider:
password: secret
server: lb.mydomain.com
user: admin
delegate_to: localhost
name:
description:
- Specifies the name of the profile.
required: true
type: str
state:
choices:
- present
- absent
default: present
description:
- When C(present), ensures the profile exists.
- When C(absent), ensures the profile is removed.
type: str
parent:
default: cookie
description:
- Specifies the profile from which this profile inherits settings.
- When creating a new profile, if this parameter is not specified, the default is
the system-supplied C(cookie) profile.
type: str
secure:
description:
- Specifies whether the secure attribute should be enabled or disabled for the inserted
cookies.
type: bool
provider:
description:
- A dict object containing connection details.
suboptions:
auth_provider:
description:
- Configures the auth provider for to obtain authentication tokens from the remote
device.
- This option is really used when working with BIG-IQ devices.
type: str
no_f5_teem:
default: false
description:
- If C(yes), TEEM telemetry data is not sent to F5.
- You may omit this option by setting the environment variable C(F5_TELEMETRY_OFF).
- Previously used variable C(F5_TEEM) is deprecated as its name was confusing.
type: bool
password:
aliases:
- pass
- pwd
description:
- The password for the user account used to connect to the BIG-IP or the BIG-IQ.
- You may omit this option by setting the environment variable C(F5_PASSWORD).
required: true
type: str
server:
description:
- The BIG-IP host or the BIG-IQ host.
- You may omit this option by setting the environment variable C(F5_SERVER).
required: true
type: str
server_port:
default: 443
description:
- The BIG-IP server port.
- You may omit this option by setting the environment variable C(F5_SERVER_PORT).
type: int
timeout:
description:
- Specifies the timeout in seconds for communicating with the network device for
either connecting or sending commands. If the timeout is exceeded before the
operation is completed, the module will error.
type: int
transport:
choices:
- rest
default: rest
description:
- Configures the transport connection to use when connecting to the remote device.
type: str
user:
description:
- The username to connect to the BIG-IP or the BIG-IQ. This user must have administrative
privileges on the device.
- You may omit this option by setting the environment variable C(F5_USER).
required: true
type: str
validate_certs:
default: true
description:
- If C(no), SSL certificates are not validated. Use this only on personally controlled
sites using self-signed certificates.
- You may omit this option by setting the environment variable C(F5_VALIDATE_CERTS).
type: bool
type: dict
version_added: 1.0.0
version_added_collection: f5networks.f5_modules
http_only:
description:
- Specifies whether the httponly attribute should be enabled or disabled for the inserted
cookies.
type: bool
partition:
default: Common
description:
- Device partition to manage resources on.
type: str
expiration:
description:
- Specifies the expiration time of the cookie. By default the system generates and
uses a session cookie. This cookie expires when the user session expires (when the
browser is closed).
suboptions:
days:
description:
- Cookie expiration time in days. The value must be in range from C(0) to C(24855)
days.
type: int
hours:
description:
- Cookie expiration time in hours. The value must be in the range from C(0) to
C(23) hours.
type: int
minutes:
description:
- Cookie expiration time in minutes. The value must be in the range from C(0)
to C(59) minutes.
type: int
seconds:
default: 0
description:
- Cookie expiration time in seconds. The value must be in the range from C(0)
to C(59) seconds.
type: int
type: dict
always_send:
description:
- Sends the cookie persistence entry on every reply, even if the entry has previously
been supplied to the client.
type: bool
cookie_name:
description:
- Specifies a unique name for the cookie.
type: str
description:
description:
- Description of the profile.
type: str
cookie_method:
choices:
- hash
- insert
- passive
- rewrite
description:
- Specifies the type of cookie processing the system uses.
- When C(hash), specifies the server provides the cookie, which the system then maps
consistently to a specific node. This persistence type requires a C(cookie_name)
value.
- When C(insert), specifies the system inserts server information, in the form of
a cookie, into the header of the server response.
- When C(passive), specifies the server provides the cookie, formatted with the correct
server information and timeout. This persistence type requires a C(cookie_name)
value.
- When C(rewrite), specifies the system intercepts the BIGipCookie header, sent from
the server, and overwrites the name and value of that cookie.
type: str
update_password:
choices:
- always
- on_create
default: always
description:
- C(always) will allow updating passphrases if the user chooses to do so. C(on_create)
will only set the passphrase for newly created profiles.
type: str
cookie_encryption:
choices:
- disabled
- preferred
- required
description:
- Specifies the way in which the cookie encryption format is used.
- When C(disabled), generates the cookie format unencrypted.
- When C(preferred), generates an encrypted cookie, but accepts both encrypted and
unencrypted formats.
- When C(required), cookie format must be encrypted.
type: str
match_across_pools:
description:
- When C(true), specifies the system can use any pool that contains this persistence
record.
- When creating a new profile, if this parameter is not specified, the default is
provided by the parent profile.
type: bool
encryption_passphrase:
description:
- Specifies a passphrase to be used for cookie encryption.
type: str
match_across_services:
description:
- When C(true), specifies all persistent connections from a client IP address that
go to the same virtual IP address also go to the same node.
- When creating a new profile, if this parameter is not specified, the default is
provided by the parent profile.
type: bool
match_across_virtuals:
description:
- When C(true), specifies all persistent connections from the same client IP address
go to the same node.
- When creating a new profile, if this parameter is not specified, the default is
provided by the parent profile.
type: bool
encrypt_cookie_pool_name:
description:
- Specifies whether the pool-name in the inserted BIG-IP default cookie should be
encrypted.
type: bool
override_connection_limit:
description:
- When C(true), specifies the system allows you to specify that pool member connection
limits will be overridden for persisted clients.
- Per-virtual connection limits remain hard limits and are not overridden.
type: bool
always_send:
description: The new Always Send value.
returned: changed
sample: false
type: bool
cookie_encryption:
description: The new Cookie Encryption type.
returned: changed
sample: preferred
type: str
cookie_method:
description: The new Cookie Method.
returned: changed
sample: insert
type: str
cookie_name:
description: The new Cookie Name value.
returned: changed
sample: cookie1
type: str
description:
description: The new description.
returned: changed
sample: My description
type: str
encrypt_cookie_pool_name:
description: The new Encrypt Cookie Pool Name value.
returned: changed
sample: true
type: bool
expiration:
contains:
days:
description: Cookie expiration time in days.
returned: changed
sample: 125
type: int
hours:
description: Cookie expiration time in hours.
returned: changed
sample: 22
type: int
minutes:
description: Cookie expiration time in minutes.
returned: changed
sample: 58
type: int
seconds:
description: Cookie expiration time in seconds.
returned: changed
sample: 20
type: int
description: The expiration time of the cookie.
returned: changed
sample: hash/dictionary of values
type: complex
http_only:
description: The new HTTP Only value.
returned: changed
sample: true
type: bool
match_across_pools:
description: The new Match Across Pools value.
returned: changed
sample: true
type: bool
match_across_services:
description: The new Match Across Services value.
returned: changed
sample: false
type: bool
match_across_virtuals:
description: The new Match Across Virtuals value.
returned: changed
sample: true
type: bool
override_connection_limit:
description: The new Override Connection Limit value.
returned: changed
sample: false
type: bool
parent:
description: The parent profile.
returned: changed
sample: /Common/cookie
type: str
secure:
description: The new Secure Cookie value.
returned: changed
sample: false
type: bool