Try SpotterManage SNAT translations on a BIG-IP
| "added in version" 1.0.0 of f5networks.f5_modules"
Authors: Greg Crosby (@crosbygw), Wojciech Wypior (@wojtek0806)
Install with ansible-galaxy collection install f5networks.f5_modules:==1.28.0
collections:
- name: f5networks.f5_modules
version: 1.28.0Manage SNAT translations on a BIG-IP system.
- name: Create a SNAT translation 'my-snat-translation'
bigip_snat_translation:
name: my-snat-pool
state: present
address: 10.10.10.10
provider:
server: lb.mydomain.com
user: admin
password: secret
delegate_to: localhost
- name: Modify a SNAT translation 'my-snat-translation'
bigip_snat_translation:
name: my-snat-pool
state: present
address: 10.10.10.10
arp: false
connection_limit: 300
ip_idle_timeout: 1800
tcp_idle_timeout: 1800
udp_idle_timeout: 1800
provider:
server: lb.mydomain.com
user: admin
password: secret
delegate_to: localhost
- name: Disable a SNAT translation 'my-snat-translation'
bigip_snat_translation:
name: my-snat-pool
state: disabled
address: 10.10.10.10
arp: false
connection_limit: 300
ip_idle_timeout: 1800
tcp_idle_timeout: 1800
udp_idle_timeout: 1800
provider:
server: lb.mydomain.com
user: admin
password: secret
delegate_to: localhost
- name: Enable a SNAT translation 'my-snat-translation'
bigip_snat_translation:
name: my-snat-pool
state: enabled
address: 10.10.10.10
arp: false
connection_limit: 300
ip_idle_timeout: 1800
tcp_idle_timeout: 1800
udp_idle_timeout: 1800
provider:
server: lb.mydomain.com
user: admin
password: secret
delegate_to: localhost
- name: Create using partition other then /Common on a SNAT translation 'my-new-snat-translation'
bigip_snat_translation:
name: my-new-snat-pool
state: enabled
address: 10.10.10.10
arp: false
connection_limit: 300
ip_idle_timeout: 1800
partition: ansible
tcp_idle_timeout: 1800
udp_idle_timeout: 1800
provider:
server: lb.mydomain.com
user: admin
password: secret
delegate_to: localhost
- name: Modify using traffic group other then /Common/traffic-group-1 on a SNAT translation 'my-new-snat-translation'
bigip_snat_translation:
name: my-new-snat-pool
state: enabled
address: 10.10.10.10
arp: false
connection_limit: 300
ip_idle_timeout: 1800
partition: ansible
tcp_idle_timeout: 1800
traffic_group: /Common/ansible
udp_idle_timeout: 1800
provider:
server: lb.mydomain.com
user: admin
password: secret
delegate_to: localhost
arp:
description:
- If C(true), specifies the NAT sends ARP requests.
type: bool
name:
description:
- The name of SNAT translation.
required: true
type: str
state:
choices:
- present
- absent
- enabled
- disabled
default: present
description:
- The SNAT translation state. If C(absent), deletes the SNAT translation if it exists.
C(present) creates the SNAT translation and enables it. If C(enabled), enables the
SNAT translation if it exists. If C(disabled), creates the SNAT translation if needed,
and sets the state to C(disabled).
type: str
address:
aliases:
- ip
description:
- Specifies the IP address of the SNAT translation. When C(state) is C(present), C(enabled),
or C(disabled), this parameter is required.
- This parameter cannot be updated after it is set.
type: str
provider:
description:
- A dict object containing connection details.
suboptions:
auth_provider:
description:
- Configures the auth provider for to obtain authentication tokens from the remote
device.
- This option is really used when working with BIG-IQ devices.
type: str
no_f5_teem:
default: false
description:
- If C(yes), TEEM telemetry data is not sent to F5.
- You may omit this option by setting the environment variable C(F5_TELEMETRY_OFF).
- Previously used variable C(F5_TEEM) is deprecated as its name was confusing.
type: bool
password:
aliases:
- pass
- pwd
description:
- The password for the user account used to connect to the BIG-IP or the BIG-IQ.
- You may omit this option by setting the environment variable C(F5_PASSWORD).
required: true
type: str
server:
description:
- The BIG-IP host or the BIG-IQ host.
- You may omit this option by setting the environment variable C(F5_SERVER).
required: true
type: str
server_port:
default: 443
description:
- The BIG-IP server port.
- You may omit this option by setting the environment variable C(F5_SERVER_PORT).
type: int
timeout:
description:
- Specifies the timeout in seconds for communicating with the network device for
either connecting or sending commands. If the timeout is exceeded before the
operation is completed, the module will error.
type: int
transport:
choices:
- rest
default: rest
description:
- Configures the transport connection to use when connecting to the remote device.
type: str
user:
description:
- The username to connect to the BIG-IP or the BIG-IQ. This user must have administrative
privileges on the device.
- You may omit this option by setting the environment variable C(F5_USER).
required: true
type: str
validate_certs:
default: true
description:
- If C(no), SSL certificates are not validated. Use this only on personally controlled
sites using self-signed certificates.
- You may omit this option by setting the environment variable C(F5_VALIDATE_CERTS).
type: bool
type: dict
version_added: 1.0.0
version_added_collection: f5networks.f5_modules
partition:
description:
- Device partition to manage resources on.
- Required with state C(absent) when a partition other than Common is used.
type: str
description:
description:
- Description of snat-translation. C(none or '') sets a default description of null.
type: str
traffic_group:
description:
- The traffic group for the snat-translation address. When creating a new address,
if this value is not specified, the default is C(/Common/traffic-group-1).
type: str
ip_idle_timeout:
description:
- Specifies the amount of time connections to an IP address initiated using a SNAT
address are allowed to remain idle before being automatically disconnected. C(indefinite)
prevents the connection from timing out.
- The accepted value range is C(0 - 4294967295) seconds. Specifying C(indefinite)
sets it to the maximum value.
type: str
connection_limit:
description:
- Specifies a limit on the number of connections a translation address must reach
before it no longer initiates a connection. The default value of C(0) indicates
the setting is disabled.
- The accepted value range is C(0 - 65535).
type: int
tcp_idle_timeout:
description:
- Specifies the amount of time that TCP connections initiated using a SNAT address
are allowed to remain idle before being automatically disconnected. C(indefinite)
prevents the connection from timing out.
- The accepted value range is C(0 - 4294967295) seconds. Specifying C(indefinite)
sets it to the maximum value.
type: str
udp_idle_timeout:
description:
- Specifies the amount of time UDP connections initiated using a SNAT address are
allowed to remain idle before being automatically disconnected. C(indefinite) prevents
the connection from timing out.
- The accepted value range is C(0 - 4294967295) seconds. Specifying C(indefinite)
sets it to the maximum value.
type: str
address: description: - IP address used for SNAT translation. returned: changed and success sample: 10.10.10.10 type: str arp: description: Whether snat-translation sends arp requests. returned: changed sample: true type: bool connection_limit: description: The new connection limit of the virtual address. returned: changed sample: 1000 type: int description: description: Description of the snat-translation. returned: changed sample: My snat-translation type: str ip_idle_timeout: description: IP idle timeout value for the snat-translation. returned: changed sample: 300 type: str state: description: The new state of the snat-translation. returned: changed sample: disabled type: str tcp_idle_timeout: description: TCP idle timeout value for the snat-translation. returned: changed sample: 1800 type: str traffic_group: description: Assigned traffic group. returned: changed sample: /Common/traffic-group-1 type: str udp_idle_timeout: description: UDP idle timeout value for the snat-translation. returned: changed sample: indefinite type: str