The below requirements are needed on the host that executes this module.
| Parameter | Choices/Defaults | Comments | |
|---|---|---|---|
| allow list | Specifies, if you have enabled HTTPD access, the IP address or address range for other systems that can communicate with this system. To specify all addresses, use the value all.IP address can be specified, such as 172.27.1.10. IP ranges can be specified, such as 172.27.*.* or 172.27.0.0/255.255.0.0. | ||
| auth_name string | Sets the BIG-IP authentication realm name. | ||
| auth_pam_dashboard_timeout boolean |
| Sets whether or not the BIG-IP dashboard will timeout. | |
| auth_pam_idle_timeout integer | Sets the GUI timeout for automatic logout, in seconds. | ||
| auth_pam_validate_ip boolean |
| Sets the authPamValidateIp setting. | |
| fast_cgi_timeout integer | Sets the timeout of FastCGI. | ||
| hostname_lookup boolean |
| Sets whether or not to display the hostname, if possible. | |
| log_level string |
| Sets the minimum httpd log level. | |
| max_clients integer | Sets the maximum number of clients that can connect to the GUI at once. | ||
| provider dictionary added in 2.5 | A dict object containing connection details. | ||
| auth_provider string | Configures the auth provider for to obtain authentication tokens from the remote device. This option is really used when working with BIG-IQ devices. | ||
| password string / required | The password for the user account used to connect to the BIG-IP. You may omit this option by setting the environment variable F5_PASSWORD.aliases: pass, pwd | ||
| server string / required | The BIG-IP host. You may omit this option by setting the environment variable F5_SERVER. | ||
| server_port integer | Default: 443 | The BIG-IP server port. You may omit this option by setting the environment variable F5_SERVER_PORT. | |
| ssh_keyfile path | Specifies the SSH keyfile to use to authenticate the connection to the remote device. This argument is only used for cli transports. You may omit this option by setting the environment variable ANSIBLE_NET_SSH_KEYFILE. | ||
| timeout integer | Specifies the timeout in seconds for communicating with the network device for either connecting or sending commands. If the timeout is exceeded before the operation is completed, the module will error. | ||
| transport string |
| Configures the transport connection to use when connecting to the remote device. | |
| user string / required | The username to connect to the BIG-IP with. This user must have administrative privileges on the device. You may omit this option by setting the environment variable F5_USER. | ||
| validate_certs boolean |
| If no, SSL certificates are not validated. Use this only on personally controlled sites using self-signed certificates.You may omit this option by setting the environment variable F5_VALIDATE_CERTS. | |
| redirect_http_to_https boolean |
| Whether or not to redirect http requests to the GUI to https. | |
| ssl_cipher_suite raw added in 2.6 | Specifies the ciphers that the system uses. The values in the suite are separated by colons (:). Can be specified in either a string or list form. The list form is the recommended way to provide the cipher suite. See examples for usage. Use the value default to set the cipher suite to the system default. This value is equivalent to specifying a list of ECDHE-RSA-AES128-GCM-SHA256, ECDHE-RSA-AES256-GCM-SHA384,ECDHE-RSA-AES128-SHA,ECDHE-RSA-AES256-SHA, ECDHE-RSA-AES128-SHA256,ECDHE-RSA-AES256-SHA384,ECDHE-ECDSA-AES128-GCM-SHA256, ECDHE-ECDSA-AES256-GCM-SHA384,ECDHE-ECDSA-AES128-SHA,ECDHE-ECDSA-AES256-SHA, ECDHE-ECDSA-AES128-SHA256,ECDHE-ECDSA-AES256-SHA384,AES128-GCM-SHA256, AES256-GCM-SHA384,AES128-SHA,AES256-SHA,AES128-SHA256,AES256-SHA256, ECDHE-RSA-DES-CBC3-SHA,ECDHE-ECDSA-DES-CBC3-SHA,DES-CBC3-SHA. | ||
| ssl_port integer | The HTTPS port to listen on. | ||
| ssl_protocols raw added in 2.6 | The list of SSL protocols to accept on the management console. A space-separated list of tokens in the format accepted by the Apache mod_ssl SSLProtocol directive. Can be specified in either a string or list form. The list form is the recommended way to provide the cipher suite. See examples for usage. Use the value default to set the SSL protocols to the system default. This value is equivalent to specifying a list of all,-SSLv2,-SSLv3. | ||
Note
pip install requests.- name: Set the BIG-IP authentication realm name
bigip_device_httpd:
auth_name: BIG-IP
provider:
password: secret
server: lb.mydomain.com
user: admin
delegate_to: localhost
- name: Set the auth pam timeout to 3600 seconds
bigip_device_httpd:
auth_pam_idle_timeout: 1200
provider:
password: secret
server: lb.mydomain.com
user: admin
delegate_to: localhost
- name: Set the validate IP settings
bigip_device_httpd:
auth_pam_validate_ip: on
provider:
password: secret
server: lb.mydomain.com
user: admin
delegate_to: localhost
- name: Set SSL cipher suite by list
bigip_device_httpd:
ssl_cipher_suite:
- ECDHE-RSA-AES128-GCM-SHA256
- ECDHE-RSA-AES256-GCM-SHA384
- ECDHE-RSA-AES128-SHA
- AES256-SHA256
provider:
password: secret
server: lb.mydomain.com
user: admin
delegate_to: localhost
- name: Set SSL cipher suite by string
bigip_device_httpd:
ssl_cipher_suite: ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA:AES256-SHA256
provider:
password: secret
server: lb.mydomain.com
user: admin
delegate_to: localhost
- name: Set SSL protocols by list
bigip_device_httpd:
ssl_protocols:
- all
- -SSLv2
- -SSLv3
provider:
password: secret
server: lb.mydomain.com
user: admin
delegate_to: localhost
- name: Set SSL protocols by string
bigip_device_httpd:
ssl_protocols: all -SSLv2 -SSLv3
provider:
password: secret
server: lb.mydomain.com
user: admin
delegate_to: localhost
Common return values are documented here, the following are the fields unique to this module:
| Key | Returned | Description |
|---|---|---|
| auth_name string | changed | The new authentication realm name. Sample: foo |
| auth_pam_dashboard_timeout boolean | changed | Whether or not the BIG-IP dashboard will timeout. |
| auth_pam_idle_timeout string | changed | The new number of seconds for GUI timeout. Sample: 1200 |
| auth_pam_validate_ip boolean | changed | The new authPamValidateIp setting. Sample: True |
| fast_cgi_timeout integer | changed | The new timeout of FastCGI. Sample: 500 |
| hostname_lookup boolean | changed | Whether or not to display the hostname, if possible. Sample: True |
| log_level string | changed | The new minimum httpd log level. Sample: crit |
| max_clients integer | changed | The new maximum number of clients that can connect to the GUI at once. Sample: 20 |
| redirect_http_to_https boolean | changed | Whether or not to redirect http requests to the GUI to https. Sample: True |
| ssl_cipher_suite string | changed | The new ciphers that the system uses. Sample: ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA |
| ssl_cipher_suite_list string | changed | List of the new ciphers that the system uses. Sample: ['ECDHE-RSA-AES256-GCM-SHA384', 'ECDHE-RSA-AES128-SHA'] |
| ssl_port integer | changed | The new HTTPS port to listen on. Sample: 10443 |
| ssl_protocols string | changed | The new list of SSL protocols to accept on the management console. Sample: all -SSLv2 -SSLv3 |
Hint
If you notice any issues in this documentation, you can edit this document to improve it.
© 2012–2018 Michael DeHaan
© 2018–2019 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/2.9/modules/bigip_device_httpd_module.html