Try SpotterManage LTM virtual servers on a BIG-IP
| "added in version" 1.0.0 of f5networks.f5_modules"
Authors: Tim Rupp (@caphrim007), Wojciech Wypior (@wojtek0806), Nitin Khanna (@nitinthewiz)
Install with ansible-galaxy collection install f5networks.f5_modules:==1.28.0
collections:
- name: f5networks.f5_modules
version: 1.28.0Manage LTM virtual servers on a BIG-IP system.
- name: Modify Port of the Virtual Server
bigip_virtual_server:
state: present
partition: Common
name: my-virtual-server
port: 8080
provider:
server: lb.mydomain.net
user: admin
password: secret
delegate_to: localhost
- name: Delete virtual server
bigip_virtual_server:
state: absent
partition: Common
name: my-virtual-server
provider:
server: lb.mydomain.net
user: admin
password: secret
delegate_to: localhost
- name: Add virtual server
bigip_virtual_server:
state: present
partition: Common
name: my-virtual-server
destination: 10.10.10.10
port: 443
pool: my-pool
snat: Automap
description: Test Virtual Server
profiles:
- http
- fix
- name: clientssl
context: server-side
- name: ilx
context: client-side
policies:
- my-ltm-policy-for-asm
- ltm-uri-policy
- ltm-policy-2
- ltm-policy-3
enabled_vlans:
- /Common/vlan2
provider:
server: lb.mydomain.net
user: admin
password: secret
delegate_to: localhost
- name: Add FastL4 virtual server
bigip_virtual_server:
destination: 1.1.1.1
name: fastl4_vs
port: 80
profiles:
- fastL4
state: present
provider:
server: lb.mydomain.net
user: admin
password: secret
delegate_to: localhost
- name: Add iRules to the Virtual Server
bigip_virtual_server:
name: my-virtual-server
irules:
- irule1
- irule2
provider:
server: lb.mydomain.net
user: admin
password: secret
delegate_to: localhost
- name: Remove one iRule from the Virtual Server
bigip_virtual_server:
name: my-virtual-server
irules:
- irule2
provider:
server: lb.mydomain.net
user: admin
password: secret
delegate_to: localhost
- name: Remove all iRules from the Virtual Server
bigip_virtual_server:
name: my-virtual-server
irules: ""
provider:
server: lb.mydomain.net
user: admin
password: secret
delegate_to: localhost
- name: Remove pool from the Virtual Server
bigip_virtual_server:
name: my-virtual-server
pool: ""
provider:
server: lb.mydomain.net
user: admin
password: secret
delegate_to: localhost
- name: Add metadata to virtual
bigip_virtual_server:
name: my-virtual-server
partition: Common
metadata:
ansible: 2.4
updated_at: 2017-12-20T17:50:46Z
provider:
server: lb.mydomain.com
user: admin
password: secret
delegate_to: localhost
- name: Add virtual with two profiles
bigip_virtual_server:
name: my-virtual-server
partition: Common
profiles:
- http
- tcp
provider:
server: lb.mydomain.com
user: admin
password: secret
delegate_to: localhost
- name: Remove HTTP profile from previous virtual
bigip_virtual_server:
name: my-virtual-server
partition: Common
profiles:
- tcp
provider:
server: lb.mydomain.com
user: admin
password: secret
delegate_to: localhost
- name: Add the HTTP profile back to the previous virtual
bigip_virtual_server:
name: my-virtual-server
partition: Common
profiles:
- http
- tcp
provider:
server: lb.mydomain.com
user: admin
password: secret
delegate_to: localhost
- name: Add virtual server with rate limit
bigip_virtual_server:
state: present
partition: Common
name: my-virtual-server
destination: 10.10.10.10
port: 443
pool: my-pool
snat: Automap
description: Test Virtual Server
profiles:
- http
- fix
- name: clientssl
context: server-side
- name: ilx
context: client-side
policies:
- my-ltm-policy-for-asm
- ltm-uri-policy
- ltm-policy-2
- ltm-policy-3
enabled_vlans:
- /Common/vlan2
rate_limit: 400
rate_limit_mode: destination
rate_limit_dst_mask: 32
provider:
server: lb.mydomain.net
user: admin
password: secret
delegate_to: localhost
- name: Add FastL4 virtual server with clone_pools
bigip_virtual_server:
destination: 1.1.1.1
name: fastl4_vs
port: 80
profiles:
- fastL4
state: present
clone_pools:
- pool_name: FooPool
context: clientside
provider:
server: lb.mydomain.net
user: admin
password: secret
delegate_to: localhost
- name: Add virtual with MRF router option set
bigip_virtual_server:
name: my-virtual-server
destination: 10.10.10.10
port: 443
partition: Common
profiles:
- http
- tcp
- name: noneg-ssl
context: client-side
- name: http2
context: client-side
- name: httprouter
context: all
provider:
server: lb.mydomain.net
user: admin
password: secret
delegate_to: localhost
mask:
description:
- Specifies the destination address network mask. This parameter works with IPv4 and
IPv6 addresses.
- This is an optional parameter which can be specified when creating or updating virtual
server.
- If C(destination) is set in CIDR notation format and C(mask) is provided, the C(mask)
parameter takes precedence.
- If you specify a catchall destination (for example, C(0.0.0.0) for IPv4, C(::) for
IPv6) the mask parameter is set to C(any) or C(any6) respectively.
- When the C(destination) is not in CIDR notation and a C(mask) is not specified,
C(255.255.255.255) or C(ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff) is set for IPv4
and IPv6 addresses respectively.
- When C(destination) is provided in CIDR notation format and a C(mask) is not specified,
the mask parameter is inferred from C(destination).
- When C(destination) is provided as a virtual address name, and a C(mask) is not
specified, the mask will be C(None), allowing device set it with its internal defaults.
type: str
name:
aliases:
- vs
description:
- Virtual server name.
required: true
type: str
pool:
description:
- Default pool for the virtual server.
- If you want to remove the existing pool, specify an empty value; C(""). See the
documentation for an example.
- When creating a new virtual server, and C(type) is C(stateless), this parameter
is required.
- If C(type) is C(stateless), the C(pool) must not have any members which define a
C(rate_limit).
type: str
port:
description:
- Port of the virtual server. Required when C(state) is C(present) and the virtual
server does not exist.
- If you do not want to specify a particular port, use the value C(0). This means
the virtual server listens on any port.
- When C(type) is C(dhcp), this module forces the C(port) parameter to C(67).
- When C(type) is C(internal), this module forces the C(port) parameter to C(0).
- In addition to specifying a port number, a select number of service names may also
be provided.
- The string C(ftp) may be substituted for for port C(21).
- The string C(http) may be substituted for for port C(80).
- The string C(https) may be substituted for for port C(443).
- The string C(telnet) may be substituted for for port C(23).
- The string C(smtp) may be substituted for for port C(25).
- The string C(snmp) may be substituted for for port C(161).
- The string C(snmp-trap) may be substituted for for port C(162).
- The string C(ssh) may be substituted for for port C(22).
- The string C(tftp) may be substituted for for port C(69).
- The string C(isakmp) may be substituted for for port C(500).
- The string C(mqtt) may be substituted for for port C(1883).
- The string C(mqtt-tls) may be substituted for for port C(8883).
type: str
snat:
description:
- Source network address policy.
- When C(type) is C(dhcp), C(reject), or C(internal), this parameter is ignored.
- The name of a SNAT pool (like "/Common/snat_pool_name") can be specified to enable
SNAT with the specific pool.
- To remove SNAT, specify the word C(none).
- To specify automap, use the word C(automap).
type: str
type:
choices:
- standard
- forwarding-l2
- forwarding-ip
- performance-http
- performance-l4
- stateless
- reject
- dhcp
- internal
- message-routing
default: standard
description:
- Specifies the network service provided by this virtual server.
- When creating a new virtual server, if this parameter is not provided, the default
is C(standard).
- This value cannot be changed after it is set.
- When C(standard), specifies a virtual server that directs client traffic to a load
balancing pool, and is the most basic type of virtual server. When you first create
the virtual server, you assign an existing default pool to it. From then on, the
virtual server automatically directs traffic to that default pool.
- When C(forwarding-l2), specifies a virtual server that shares the same IP address
as a node in an associated VLAN.
- When C(forwarding-ip), specifies a virtual server like other virtual servers, except
the virtual server has no pool members to load balance. The virtual server simply
forwards the packet directly to the destination IP address specified in the client
request.
- When C(performance-http), specifies a virtual server with which you associate a
Fast HTTP profile. Together, the virtual server and profile increase the speed at
which the virtual server processes HTTP requests.
- When C(performance-l4), specifies a virtual server with which you associate a Fast
L4 profile. Together, the virtual server and profile increase the speed at which
the virtual server processes layer 4 requests.
- When C(stateless), specifies a virtual server that accepts traffic matching the
virtual server address and load balances the packet to the pool members without
attempting to match the packet to a pre-existing connection in the connection table.
New connections are immediately removed from the connection table. This addresses
the requirement for one-way UDP traffic that needs to be processed at very high
throughput levels, for example, load balancing syslog traffic to a pool of syslog
servers. Stateless virtual servers are not suitable for processing traffic requiring
stateful tracking, such as TCP traffic. Stateless virtual servers do not support
iRules, persistence, connection mirroring, rateshaping, or SNAT automap.
- When C(reject), specifies the BIG-IP system rejects any traffic destined for the
virtual server IP address.
- When C(dhcp), specifies a virtual server that relays Dynamic Host Control Protocol
(DHCP) client requests for an IP address to one or more DHCP servers, and provides
DHCP server responses with an available IP address for the client.
- When C(internal), specifies a virtual server that supports modification of HTTP
requests and responses. Internal virtual servers enable the use of ICAP (Internet
Content Adaptation Protocol) servers to modify HTTP requests and responses by creating
and applying an ICAP profile and adding Request Adapt or Response Adapt profiles
to the virtual server.
- When C(message-routing), specifies a virtual server that uses a SIP application
protocol and functions in accordance with a SIP session profile and SIP router profile.
type: str
state:
choices:
- present
- absent
- enabled
- disabled
default: present
description:
- The virtual server state. If C(absent), deletes the virtual server if it exists.
If C(present), creates the virtual server and enables it. If C(enabled), enables
the virtual server if it exists. If C(disabled), creates the virtual server if needed,
and sets the state to C(disabled).
- Attempting to change C(state) on a virtual server that belongs to an iAPP with strict
updates enabled will result in an error message returned by device, unless C(insert_metadata)
parameter is set to C(no).
type: str
irules:
aliases:
- all_rules
description:
- Specifies a list of rules to be applied in priority order.
- If you want to remove existing iRules, specify a single empty value; C(""). See
the documentation for an example.
- The order in which iRules are specified does matter, so a list that contains the
same list elements but in a different order in the playbook will make changes on
the device.
- When C(type) is C(dhcp), C(stateless), C(reject), or C(internal), this parameter
is ignored.
elements: str
type: list
mirror:
description:
- Specifies the system mirrors connections on each member of a redundant pair.
- When creating a new virtual server, if this parameter is not specified, the default
is C(disabled).
type: bool
source:
description:
- Specifies an IP address or network from which the virtual server accepts traffic.
- The virtual server accepts clients only from one of these IP addresses.
- For this setting to function effectively, specify a value other than 0.0.0.0/0 or
::/0 (that is, any/0, any6/0).
- In order to maximize the utility of this setting, specify the most specific address
prefixes covering all customer addresses and no others.
- Specify the IP address in Classless Inter-Domain Routing (CIDR) format; address/prefix,
where the prefix length is in bits. For example, for IPv4, 10.0.0.1/32 or 10.0.0.0/24,
and for IPv6, ffe1::0020/64 or 2001:ed8:77b5:2:10:10:100:42/64.
type: str
metadata:
description:
- Arbitrary key/value pairs you can attach to a virtual server. This is useful in
situations where you want to annotate a virtual to be managed by Ansible.
- Key names are stored as strings; this includes names that are numbers.
- Values for all of the keys are stored as strings; this includes values that are
numbers.
- Data is persisted, not ephemeral.
type: raw
policies:
aliases:
- all_policies
description:
- Specifies the policies for the virtual server.
- When C(type) is C(dhcp), C(reject), or C(internal), this parameter is ignored.
elements: str
type: list
profiles:
aliases:
- all_profiles
description:
- List of profiles (HTTP, ClientSSL, ServerSSL, etc) to apply to both sides of the
connection (client-side and server-side).
- If you only want to apply a particular profile to the client-side of the connection,
specify C(client-side) for the profile's C(context).
- If you only want to apply a particular profile to the server-side of the connection,
specify C(server-side) for the profile's C(context).
- If C(context) is not provided, it will default to C(all).
- If you want to remove a profile from the list of profiles currently active on the
virtual, simply remove it from the C(profiles) list. See examples for an illustration
of this.
- If you want to add a profile to the list of profiles currently active on the virtual,
simply add it to the C(profiles) list. See examples for an illustration of this.
- B(Profiles are important). This module will fail to configure a BIG-IP if you mix
up your profiles, or if you attempt to set an IP protocol which your current, or
new, profiles do not support. Both this module, and BIG-IP, will report an error
if this is incorrect, resembling C(lists profiles incompatible with its protocol).
- If you are unsure what the correct profile combinations are, we suggest having a
BIG-IP available in which you can make changes and copy what the correct combinations
are.
- To use C(http2) in full proxy to enable C(HTTP MRF Router) option seen in the GUI
you need to assign C(/Common/httprouter) profile with C(context) set to C(all).
See the bottom of examples section below.
suboptions:
context:
choices:
- all
- server-side
- client-side
default: all
description:
- The side of the connection on which the profile should be applied.
type: str
name:
description:
- Name of the profile.
- This must be specified if a context is specified.
- If this is not specified, it is assumed the profile item is only a name of a
profile.
type: str
type: raw
provider:
description:
- A dict object containing connection details.
suboptions:
auth_provider:
description:
- Configures the auth provider for to obtain authentication tokens from the remote
device.
- This option is really used when working with BIG-IQ devices.
type: str
no_f5_teem:
default: false
description:
- If C(yes), TEEM telemetry data is not sent to F5.
- You may omit this option by setting the environment variable C(F5_TELEMETRY_OFF).
- Previously used variable C(F5_TEEM) is deprecated as its name was confusing.
type: bool
password:
aliases:
- pass
- pwd
description:
- The password for the user account used to connect to the BIG-IP or the BIG-IQ.
- You may omit this option by setting the environment variable C(F5_PASSWORD).
required: true
type: str
server:
description:
- The BIG-IP host or the BIG-IQ host.
- You may omit this option by setting the environment variable C(F5_SERVER).
required: true
type: str
server_port:
default: 443
description:
- The BIG-IP server port.
- You may omit this option by setting the environment variable C(F5_SERVER_PORT).
type: int
timeout:
description:
- Specifies the timeout in seconds for communicating with the network device for
either connecting or sending commands. If the timeout is exceeded before the
operation is completed, the module will error.
type: int
transport:
choices:
- rest
default: rest
description:
- Configures the transport connection to use when connecting to the remote device.
type: str
user:
description:
- The username to connect to the BIG-IP or the BIG-IQ. This user must have administrative
privileges on the device.
- You may omit this option by setting the environment variable C(F5_USER).
required: true
type: str
validate_certs:
default: true
description:
- If C(no), SSL certificates are not validated. Use this only on personally controlled
sites using self-signed certificates.
- You may omit this option by setting the environment variable C(F5_VALIDATE_CERTS).
type: bool
type: dict
version_added: 1.0.0
version_added_collection: f5networks.f5_modules
partition:
default: Common
description:
- Device partition to manage resources on.
type: str
rate_limit:
description:
- Virtual server rate limit (connections-per-second). Setting this to C(0) disables
the limit.
- The valid value range is C(0) - C(4294967295).
type: int
clone_pools:
description:
- Specifies a pool or list of pools that the virtual server uses to replicate either
client-side or server-side traffic.
- Typically this option is used for intrusion detection.
elements: dict
suboptions:
context:
choices:
- clientside
- serverside
description:
- The context option for a clone pool to replicate either client-side or server-side
traffic.
required: true
type: str
pool_name:
description:
- The pool name to which the server replicates the traffic.
- Only pools created on the Common partition or on the same partition as the virtual
server can be used.
- Referencing a pool on the Common partition needs to be done in the full path
format, for example, C(/Common/pool_name).
required: true
type: str
type: list
description:
description:
- Virtual server description.
type: str
destination:
aliases:
- address
- ip
description:
- Destination IP of the virtual server.
- Required when C(state) is C(present) and the virtual server does not exist.
- When C(type) is C(internal), this parameter is ignored. For all other types, it
is required.
- Destination can also be specified as a name for an existing Virtual Address.
type: str
ip_protocol:
choices:
- ah
- any
- bna
- esp
- etherip
- gre
- icmp
- ipencap
- ipv6
- ipv6-auth
- ipv6-crypt
- ipv6-icmp
- isp-ip
- mux
- ospf
- sctp
- tcp
- udp
- udplite
description:
- Specifies a network protocol name you want the system to use to direct traffic on
this virtual server.
- When creating a new virtual server, if this parameter is not specified, the default
is C(tcp).
- The Protocol setting is not available when you select Performance (HTTP) as the
C(Type).
- The value of this argument can be specified in either its numeric value, or in a
select number of named values. Refer to C(choices) for examples.
- For a list of valid IP protocol numbers, refer to https://en.wikipedia.org/wiki/List_of_IP_protocol_numbers.
- When C(type) is C(dhcp), this module forces the C(ip_protocol) parameter to C(17)
(UDP).
type: str
source_port:
choices:
- preserve
- preserve-strict
- change
description:
- Specifies whether the system preserves the source port of the connection.
- When creating a new virtual server, if this parameter is not specified, the default
is C(preserve).
type: str
auto_last_hop:
choices:
- default
- enabled
- disabled
description:
- Allows the BIG-IP system to track the source MAC address of incoming connections
and return traffic from pools to the source MAC address, regardless of the routing
table.
type: str
version_added: 1.13.0
version_added_collection: f5networks.f5_modules
enabled_vlans:
description:
- List of VLANs to enable. When a VLAN named C(all) is used, all VLANs will be allowed.
VLANs can be specified with or without the leading partition. If the partition is
not specified in the VLAN, the C(partition) option of this module is used.
- This parameter is mutually exclusive with the C(disabled_vlans) parameter.
elements: str
type: list
check_profiles:
default: true
description:
- Specifies whether the client and server SSL profiles specified by the user should
be verified to be correct against the existing profiles. This is useful in cases
where a large number of profiles are being added at once.
- Not recommended for common use. In case of duplicate profiles, or erroneous profiles,
the BIG-IP throws an error.
type: bool
version_added: 1.2.0
version_added_collection: f5networks.f5_modules
disabled_vlans:
description:
- List of VLANs to be disabled. If the partition is not specified in the VLAN, the
C(partition) option of this module is used.
- This parameter is mutually exclusive with the C(enabled_vlans) parameters.
elements: str
type: list
insert_metadata:
default: true
description:
- When set to C(false), the module does not set metadata on the device.
- Currently there is a limitation that non-admin users cannot set metadata on the
object, despite being able to create and modify virtual server objects. Setting
this option to C(false) allows such users to use this module to manage virtual server
objects on the device.
- Attempting to change C(state) on Virtual Server that belongs to an iAPP with strict
updates enabled will result in error message returned by device, unless C(insert_metadata)
parameter is set to C(false).
type: bool
rate_limit_mode:
choices:
- object
- object-source
- object-destination
- object-source-destination
- destination
- source
- source-destination
default: object
description:
- Indicates whether the rate limit is applied per virtual object, per source address,
per destination address, or some combination thereof.
- The default value is C(object), which does not use the source or destination address
as part of the key.
type: str
port_translation:
description:
- When C(enabled), specifies the system translates the port of the virtual server.
- When C(disabled), specifies the system uses the port without translation. Turning
off port translation for a virtual server is useful if you want to use the virtual
server to load balance connections to any service.
- When creating a new virtual server, the default is C(enabled).
type: bool
address_translation:
description:
- When C(enabled), specifies the system translates the address of the virtual server.
- When C(disabled), specifies the system uses the address without translation.
- This option is useful when the system is load balancing devices that have the same
IP address.
- When creating a new virtual server, the default is C(enabled).
type: bool
rate_limit_dst_mask:
description:
- Specifies a mask, in bits, to be applied to the destination address as part of the
rate limiting.
- The default value is C(0), which is equivalent to using the entire address - C(32)
in IPv4, or C(128) in IPv6.
- The valid value range is C(0) - C(4294967295).
type: int
rate_limit_src_mask:
description:
- Specifies a mask, in bits, to be applied to the source address as part of the rate
limiting.
- The default value is C(0), which is equivalent to using the entire address - C(32)
in IPv4, or C(128) in IPv6.
- The valid value range is C(0) - C(4294967295).
type: int
security_nat_policy:
description:
- Specify the Firewall NAT policies for the virtual server.
- You can specify one or more NAT policies to use.
- The most specific policy is used. For example, if you specify the virtual server
should use the device policy and the route domain policy, the route domain policy
overrides the device policy.
suboptions:
policy:
description:
- Specifies the policy to apply a NAT policy directly to the virtual server.
- The virtual server NAT policy is the most specific, and overrides a route domain
and device policy, if specified.
- To remove the policy, specify an empty string value.
type: str
use_device_policy:
description:
- Specifies the virtual server uses the device NAT policy, as specified in the
Firewall Options.
- The device policy is used if no route domain or virtual server NAT setting is
specified.
type: bool
use_route_domain_policy:
description:
- Specifies the virtual server uses the route domain policy, as specified in the
Route Domain Security settings.
- When specified, the route domain policy overrides the device policy, and is
overridden by a virtual server policy.
type: bool
type: dict
bypass_module_checks:
default: false
description:
- Disables all built-in module verification checks that require BIG-IP device calls.
Using this option cuts down on the number of REST calls made by this module. The
trade off is that most parameters are sent as is, which requires extra care when
defining them.
- The device is the final source of truth for such configurations, usable in cases
where speed is preferred over accuracy.
- If set to C(true), the module ignores the value op C(check_profiles) parameter.
- This parameter can be used when creating new or updating existing resources.
type: bool
version_added: 1.3.0
version_added_collection: f5networks.f5_modules
security_log_profiles:
description:
- Specifies the log profile applied to the virtual server.
- To make use of this feature, the AFM module must be licensed and provisioned.
- The C(Log all requests) and C(Log illegal requests) are mutually exclusive and therefore,
this module raises an error if the two are specified together.
elements: str
type: list
firewall_staged_policy:
description:
- Applies the specified AFM policy to the virtual in an enforcing way.
- A staged policy shows the results of the policy rules in the log, while not actually
applying the rules to traffic.
- When creating a new virtual, if this parameter is not specified, the staged policy
is disabled.
type: str
ip_intelligence_policy:
description:
- Specifies the IP intelligence policy applied to the virtual server.
- This parameter requires a valid BIG-IP security module is provisioned, such as ASM
or AFM.
type: str
firewall_enforced_policy:
description:
- Applies the specified AFM policy to the virtual in an enforcing way.
- When creating a new virtual, if this parameter is not specified, the enforced policy
is disabled.
type: str
default_persistence_profile:
description:
- Default profile which manages the session persistence.
- If you want to remove the existing default persistence profile, specify an empty
value; C(""). See the documentation for an example.
- When C(type) is C(dhcp), this parameter is ignored.
type: str
fallback_persistence_profile:
description:
- Specifies the persistence profile you want the system to use if it cannot use the
specified default persistence profile.
- If you want to remove the existing fallback persistence profile, specify an empty
value; C(""). See the documentation for an example.
- When C(type) is C(dhcp), this parameter is ignored.
type: str
service_down_immediate_action:
choices:
- none
- reset
- drop
description:
- Specifies the immediate action to take upon the receipt of the initial SYN packet
if the availability status of the virtual server is Offline or Unavailable.
- Supported for virtual servers with a Type of C(standard) and Protocol of C(TCP).
type: str
version_added: 1.16.0
version_added_collection: f5networks.f5_modules
address_translation:
description: The new value specifying whether address translation is on or off.
returned: changed
sample: true
type: bool
auto_last_hop:
description: Specifies the autoLasthop value of the virtual server
returned: changed
sample: enabled
type: str
clone_pools:
description: Pools to which virtual server copies traffic.
returned: changed
sample:
- context: clientside
pool_name: /Common/Pool1
type: list
default_persistence_profile:
description: Default persistence profile set on the virtual server.
returned: changed
sample: /Common/dest_addr
type: str
description:
description: New description of the virtual server.
returned: changed
sample: This is my description
type: str
destination:
description: Destination of the virtual server.
returned: changed
sample: 1.1.1.1
type: str
disabled:
description: Whether the virtual server is disabled or not.
returned: changed
sample: true
type: bool
disabled_vlans:
description: List of VLANs that the virtual is disabled for.
returned: changed
sample:
- /Common/vlan1
- /Common/vlan2
type: list
enabled:
description: Whether the virtual server is enabled or not.
returned: changed
sample: false
type: bool
enabled_vlans:
description: List of VLANs that the virtual is enabled for.
returned: changed
sample:
- /Common/vlan5
- /Common/vlan6
type: list
fallback_persistence_profile:
description: Fallback persistence profile set on the virtual server.
returned: changed
sample: /Common/source_addr
type: str
firewall_enforced_policy:
description: The new enforcing firewall policy.
returned: changed
sample: /Common/my-enforced-fw
type: str
firewall_staged_policy:
description: The new staging firewall policy.
returned: changed
sample: /Common/my-staged-fw
type: str
ip_intelligence_policy:
description: The new IP Intelligence Policy assigned to the virtual.
returned: changed
sample: /Common/ip-intelligence
type: str
ip_protocol:
description: The new value of the IP protocol.
returned: changed
sample: 6
type: int
irules:
description: iRules set on the virtual server.
returned: changed
sample:
- /Common/irule1
- /Common/irule2
type: list
metadata:
description: The new value of the virtual.
returned: changed
sample:
key1: foo
key2: bar
type: dict
mirror:
description: Specifies the system mirrors connections on each member of a redundant
pair.
returned: changed
sample: true
type: bool
policies:
description: List of policies attached to the virtual.
returned: changed
sample:
- /Common/policy1
- /Common/policy2
type: list
pool:
description: Pool the virtual server is attached to.
returned: changed
sample: /Common/my-pool
type: str
port:
description: Port the virtual server is configured to listen on.
returned: changed
sample: 80
type: int
port_translation:
description: The new value specifying whether port translation is on or off.
returned: changed
sample: true
type: bool
profiles:
description: List of profiles set on the virtual server.
returned: changed
sample:
- context: server-side
name: tcp
- context: client-side
name: tcp-legacy
type: list
rate_limit:
description: The maximum number of connections per second allowed for a virtual
server.
returned: changed
sample: 5000
type: int
rate_limit_dst_mask:
description: Specifies a mask, in bits, to be applied to the destination address
as part of the rate limiting.
returned: changed
sample: 32
type: int
rate_limit_mode:
description: Sets the type of rate limiting to be used on the virtual server.
returned: changed
sample: object-source
type: str
rate_limit_src_mask:
description: Specifies a mask, in bits, to be applied to the source address as part
of the rate limiting.
returned: changed
sample: 32
type: int
security_log_profiles:
description: The new list of security log profiles.
returned: changed
sample:
- /Common/profile1
- /Common/profile2
type: list
service_down_immediate_action:
description: Action to take upon the receipt of the initial SYN packet if server
is Offline or Unavailable.
returned: changed
sample: drop
type: str
snat:
description: SNAT setting of the virtual server.
returned: changed
sample: Automap
type: str
source:
description: Source address set on the virtual server, in CIDR format.
returned: changed
sample: 1.2.3.4/32
type: str
source_port:
description: Specifies whether the system preserves the source port of the connection.
returned: changed
sample: change
type: str