Documentation

bigip_virtual_server - Manage LTM virtual servers on a BIG-IP

New in version 2.1.

Synopsis

  • Manage LTM virtual servers on a BIG-IP.

Requirements

The below requirements are needed on the host that executes this module.

  • f5-sdk >= 3.0.9
  • netaddr

Parameters

Parameter
Choices/Defaults
Comments
default_persistence_profile
Default Profile which manages the session persistence.
If you want to remove the existing default persistence profile, specify an empty value; "". See the documentation for an example.
description
Virtual server description.
destination
required
Destination IP of the virtual server.
Required when state is present and virtual server does not exist.

aliases: address, ip
disabled_vlans
(added in 2.5)
List of VLANs to be disabled. If the partition is not specified in the VLAN, then the partition option of this module will be used.
This parameter is mutually exclusive with the enabled_vlans parameters.
enabled_vlans
(added in 2.2)
List of VLANs to be enabled. When a VLAN named all is used, all VLANs will be allowed. VLANs can be specified with or without the leading partition. If the partition is not specified in the VLAN, then the partition option of this module will be used.
This parameter is mutually exclusive with the disabled_vlans parameter.
fallback_persistence_profile
(added in 2.3)
Specifies the persistence profile you want the system to use if it cannot use the specified default persistence profile.
If you want to remove the existing fallback persistence profile, specify an empty value; "". See the documentation for an example.
irules
(added in 2.2)
List of rules to be applied in priority order.
If you want to remove existing iRules, specify a single empty value; "". See the documentation for an example.

aliases: all_rules
metadata
(added in 2.5)
Arbitrary key/value pairs that you can attach to a pool. This is useful in situations where you might want to annotate a virtual to me managed by Ansible.
Key names will be stored as strings; this includes names that are numbers.
Values for all of the keys will be stored as strings; this includes values that are numbers.
Data will be persisted, not ephemeral.
name
required
Virtual server name.

aliases: vs
partition
(added in 2.5)
Default:
Common
Device partition to manage resources on.
password
required
The password for the user account used to connect to the BIG-IP. You can omit this option if the environment variable F5_PASSWORD is set.

aliases: pass, pwd
policies
Specifies the policies for the virtual server

aliases: all_policies
pool
Default pool for the virtual server.
If you want to remove the existing pool, specify an empty value; "". See the documentation for an example.
port
Port of the virtual server. Required when state is present and virtual server does not exist.
If you do not want to specify a particular port, use the value 0. The result is that the virtual server will listen on any port.
profiles
List of profiles (HTTP, ClientSSL, ServerSSL, etc) to apply to both sides of the connection (client-side and server-side).
If you only want to apply a particular profile to the client-side of the connection, specify client-side for the profile's context.
If you only want to apply a particular profile to the server-side of the connection, specify server-side for the profile's context.
If context is not provided, it will default to all.

aliases: all_profiles
 
name
Name of the profile.
If this is not specified, then it is assumed that the profile item is only a name of a profile.
This must be specified if a context is specified.
 
context
    Choices:
  • all ←
  • server-side
  • client-side
The side of the connection on which the profile should be applied.
provider
(added in 2.5)
A dict object containing connection details.
 
ssh_keyfile
Specifies the SSH keyfile to use to authenticate the connection to the remote device. This argument is only used for cli transports. If the value is not specified in the task, the value of environment variable ANSIBLE_NET_SSH_KEYFILE will be used instead.
 
timeout
Default:
10
Specifies the timeout in seconds for communicating with the network device for either connecting or sending commands. If the timeout is exceeded before the operation is completed, the module will error.
 
server
required
The BIG-IP host. You can omit this option if the environment variable F5_SERVER is set.
 
user
required
The username to connect to the BIG-IP with. This user must have administrative privileges on the device. You can omit this option if the environment variable F5_USER is set.
 
server_port
Default:
443
The BIG-IP server port. You can omit this option if the environment variable F5_SERVER_PORT is set.
 
password
required
The password for the user account used to connect to the BIG-IP. You can omit this option if the environment variable F5_PASSWORD is set.

aliases: pass, pwd
 
validate_certs
    Choices:
  • no
  • yes ←
If no, SSL certificates will not be validated. Use this only on personally controlled sites using self-signed certificates. You can omit this option if the environment variable F5_VALIDATE_CERTS is set.
 
transport
required
    Choices:
  • rest
  • cli ←
Configures the transport connection to use when connecting to the remote device.
server
required
The BIG-IP host. You can omit this option if the environment variable F5_SERVER is set.
server_port
(added in 2.2)
Default:
443
The BIG-IP server port. You can omit this option if the environment variable F5_SERVER_PORT is set.
snat
    Choices:
  • None
  • Automap
  • Name of a SNAT pool (eg "/Common/snat_pool_name") to enable SNAT with the specific pool
Source network address policy.
source
(added in 2.5)
Specifies an IP address or network from which the virtual server accepts traffic.
The virtual server accepts clients only from one of these IP addresses.
For this setting to function effectively, specify a value other than 0.0.0.0/0 or ::/0 (that is, any/0, any6/0).
In order to maximize utility of this setting, specify the most specific address prefixes covering all customer addresses and no others.
Specify the IP address in Classless Inter-Domain Routing (CIDR) format; address/prefix, where the prefix length is in bits. For example, for IPv4, 10.0.0.1/32 or 10.0.0.0/24, and for IPv6, ffe1::0020/64 or 2001:ed8:77b5:2:10:10:100:42/64.
state
    Choices:
  • present ←
  • absent
  • enabled
  • disabled
The virtual server state. If absent, delete the virtual server if it exists. present creates the virtual server and enable it. If enabled, enable the virtual server if it exists. If disabled, create the virtual server if needed, and set state to disabled.
user
required
The username to connect to the BIG-IP with. This user must have administrative privileges on the device. You can omit this option if the environment variable F5_USER is set.
validate_certs
(added in 2.0)
    Choices:
  • no
  • yes ←
If no, SSL certificates will not be validated. Use this only on personally controlled sites using self-signed certificates. You can omit this option if the environment variable F5_VALIDATE_CERTS is set.

Notes

Note

  • Requires BIG-IP software version >= 11
  • Requires the netaddr Python package on the host. This is as easy as pip install netaddr.
  • For more information on using Ansible to manage F5 Networks devices see https://www.ansible.com/integrations/networks/f5.
  • Requires the f5-sdk Python package on the host. This is as easy as pip install f5-sdk.

Examples

- name: Modify Port of the Virtual Server
  bigip_virtual_server:
    server: lb.mydomain.net
    user: admin
    password: secret
    state: present
    partition: Common
    name: my-virtual-server
    port: 8080
  delegate_to: localhost

- name: Delete virtual server
  bigip_virtual_server:
    server: lb.mydomain.net
    user: admin
    password: secret
    state: absent
    partition: Common
    name: my-virtual-server
  delegate_to: localhost

- name: Add virtual server
  bigip_virtual_server:
    server: lb.mydomain.net
    user: admin
    password: secret
    state: present
    partition: Common
    name: my-virtual-server
    destination: 10.10.10.10
    port: 443
    pool: my-pool
    snat: Automap
    description: Test Virtual Server
    profiles:
      - http
      - fix
      - name: clientssl
        context: server-side
      - name: ilx
        context: client-side
    policies:
      - my-ltm-policy-for-asm
      - ltm-uri-policy
      - ltm-policy-2
      - ltm-policy-3
    enabled_vlans:
      - /Common/vlan2
  delegate_to: localhost

- name: Add FastL4 virtual server
  bigip_virtual_server:
    destination: 1.1.1.1
    name: fastl4_vs
    port: 80
    profiles:
      - fastL4
    state: present

- name: Add iRules to the Virtual Server
  bigip_virtual_server:
    server: lb.mydomain.net
    user: admin
    password: secret
    name: my-virtual-server
    irules:
      - irule1
      - irule2
  delegate_to: localhost

- name: Remove one iRule from the Virtual Server
  bigip_virtual_server:
    server: lb.mydomain.net
    user: admin
    password: secret
    name: my-virtual-server
    irules:
      - irule2
  delegate_to: localhost

- name: Remove all iRules from the Virtual Server
  bigip_virtual_server:
    server: lb.mydomain.net
    user: admin
    password: secret
    name: my-virtual-server
    irules: ""
  delegate_to: localhost

- name: Remove pool from the Virtual Server
  bigip_virtual_server:
    server: lb.mydomain.net
    user: admin
    password: secret
    name: my-virtual-server
    pool: ""
  delegate_to: localhost

- name: Add metadata to virtual
  bigip_pool:
    server: lb.mydomain.com
    user: admin
    password: secret
    state: absent
    name: my-pool
    partition: Common
    metadata:
      ansible: 2.4
      updated_at: 2017-12-20T17:50:46Z
  delegate_to: localhost

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key
Returned
Description
default_persistence_profile
string
changed
Default persistence profile set on the virtual server.

Sample:
/Common/dest_addr
description
string
changed
New description of the virtual server.

Sample:
This is my description
destination
string
changed
Destination of the virtual server.

Sample:
1.1.1.1
disabled
bool
changed
Whether the virtual server is disabled, or not.

Sample:
True
disabled_vlans
list
changed
List of VLANs that the virtual is disabled for.

Sample:
['/Common/vlan1', '/Common/vlan2']
enabled
bool
changed
Whether the virtual server is enabled, or not.

enabled_vlans
list
changed
List of VLANs that the virtual is enabled for.

Sample:
['/Common/vlan5', '/Common/vlan6']
fallback_persistence_profile
string
changed
Fallback persistence profile set on the virtual server.

Sample:
/Common/source_addr
irules
list
changed
iRules set on the virtual server.

Sample:
['/Common/irule1', '/Common/irule2']
metadata
dict
changed
The new value of the virtual.

Sample:
{'key2': 'bar', 'key1': 'foo'}
policies
list
changed
List of policies attached to the virtual.

Sample:
['/Common/policy1', '/Common/policy2']
pool
string
changed
Pool that the virtual server is attached to.

Sample:
/Common/my-pool
port
int
changed
Port that the virtual server is configured to listen on.

Sample:
80
profiles
list
changed
List of profiles set on the virtual server.

Sample:
[{'name': 'tcp', 'context': 'server-side'}, {'name': 'tcp-legacy', 'context': 'client-side'}]
snat
string
changed
SNAT setting of the virtual server.

Sample:
Automap
source
string
changed
Source address, in CIDR form, set on the virtual server.

Sample:
1.2.3.4/32


Status

This module is flagged as preview which means that it is not guaranteed to have a backwards compatible interface.

Author

  • Tim Rupp (@caphrim007)

Hint

If you notice any issues in this documentation you can edit this document to improve it.