Note
This plugin is part of the f5networks.f5_modules collection (version 1.12.0).
You might already have this collection installed if you are using the ansible
package. It is not included in ansible-core
. To check whether it is installed, run ansible-galaxy collection list
.
To install it, use: ansible-galaxy collection install f5networks.f5_modules
.
To use it in a playbook, specify: f5networks.f5_modules.bigip_asm_policy_manage
.
New in version 1.0.0: of f5networks.f5_modules
Parameter | Choices/Defaults | Comments | |
---|---|---|---|
active boolean |
| If yes , will apply and activate the existing inactive policy. If no , it will deactivate the existing active policy. Generally should be yes only in cases where you want to activate new or existing policy.In TMOS v14 and later, deactivating the policy will cause it to be detached from any other associated objects, hence the default option of no has been removed in order to prevent accidental disassociation. | |
apply boolean added in 1.4.0 of f5networks.f5_modules |
| If yes will apply the policy if the policy has pending changes.This parameter supported on TMOS v14.x and above. | |
name string / required | The ASM policy to manage or create. | ||
partition string | Default: "Common" | Device partition to manage resources on. | |
provider dictionary added in 1.0.0 of f5networks.f5_modules | A dict object containing connection details. | ||
auth_provider string | Configures the auth provider for to obtain authentication tokens from the remote device. This option is really used when working with BIG-IQ devices. | ||
no_f5_teem boolean |
| If yes , TEEM telemetry data is not sent to F5.You may omit this option by setting the environment variable F5_TELEMETRY_OFF .Previously used variable F5_TEEM is deprecated as its name was confusing. | |
password string / required | The password for the user account used to connect to the BIG-IP. You may omit this option by setting the environment variable F5_PASSWORD .aliases: pass, pwd | ||
server string / required | The BIG-IP host. You may omit this option by setting the environment variable F5_SERVER . | ||
server_port integer | Default: 443 | The BIG-IP server port. You may omit this option by setting the environment variable F5_SERVER_PORT . | |
timeout integer | Specifies the timeout in seconds for communicating with the network device for either connecting or sending commands. If the timeout is exceeded before the operation is completed, the module will error. | ||
transport string |
| Configures the transport connection to use when connecting to the remote device. | |
user string / required | The username to connect to the BIG-IP with. This user must have administrative privileges on the device. You may omit this option by setting the environment variable F5_USER . | ||
validate_certs boolean |
| If no , SSL certificates are not validated. Use this only on personally controlled sites using self-signed certificates.You may omit this option by setting the environment variable F5_VALIDATE_CERTS . | |
state string |
| When state is present , and the template parameter is provided, a new ASM policy is created from the template with the given policy name .When state is present and no template parameter is provided, a new blank ASM policy is created with the given policy name .When state is absent , ensures the policy is removed, even if it is currently active. | |
template string |
| An ASM policy built-in template. If the template does not exist, an error is raised. Once the policy has been created, this value cannot change. The Comprehensive , Drupal , Fundamental , Joomla , Vulnerability Assessment Baseline , and Wordpress templates are only available on BIG-IP versions >= 13. |
Note
- name: Create ASM policy from template bigip_asm_policy: name: new_sharepoint_policy template: SharePoint 2007 (http) state: present provider: server: lb.mydomain.com user: admin password: secret delegate_to: localhost - name: Create blank ASM policy bigip_asm_policy: name: new_blank_policy state: present provider: server: lb.mydomain.com user: admin password: secret delegate_to: localhost - name: Create blank ASM policy and activate bigip_asm_policy: name: new_blank_policy active: yes state: present provider: server: lb.mydomain.com user: admin password: secret delegate_to: localhost - name: Activate ASM policy bigip_asm_policy: name: inactive_policy active: yes state: present provider: server: lb.mydomain.com user: admin password: secret delegate_to: localhost - name: Deactivate ASM policy bigip_asm_policy_manage: name: active_policy state: present provider: server: lb.mydomain.com user: admin password: secret delegate_to: localhost
Common return values are documented here, the following are the fields unique to this module:
Key | Returned | Description |
---|---|---|
active boolean | changed | Set when activating/deactivating an ASM policy. Sample: True |
apply boolean | changed when target policy has changes pending | Set when applying pending changes to an ASM policy. Sample: True |
name string | changed | Name of the ASM policy to be managed/created. Sample: Asm_APP1_Transparent |
state string | changed | Action performed on the target device. Sample: absent |
template string | changed | Name of the built-in ASM policy template. Sample: OWA Exchange 2007 (https) |
© 2012–2018 Michael DeHaan
© 2018–2021 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/latest/collections/f5networks/f5_modules/bigip_asm_policy_manage_module.html