bigip_snmp_community – Manages SNMP communities on a BIG-IP

New in version 2.6.

Synopsis

• Assists in managing SNMP communities on a BIG-IP. Different SNMP versions are supported by this module. Take note of the different parameters offered by this module, as different parameters work for different versions of SNMP. Typically this becomes an interest if you are mixing versions v2c and 3.

Parameters

Parameter		Choices/Defaults	Comments
access string		Choices: ro rw read-only read-write	Specifies the user's access level to the MIB. When creating a new community, if this parameter is not specified, the default is ro. When ro, specifies that the user can view the MIB, but cannot modify the MIB. When rw, specifies that the user can view and modify the MIB.
community string			Specifies the community string (password) for access to the MIB. This parameter is only relevant when version is v1, or v2c. If version is something else, this parameter is ignored.
ip_version string		Choices: 4 6	Specifies whether the record applies to IPv4 or IPv6 addresses. When creating a new community, if this value is not specified, the default of 4 will be used. This parameter is only relevant when version is v1, or v2c. If version is something else, this parameter is ignored.
name string			Name that identifies the SNMP community. When version is v1 or v2c, this parameter is required. The name public is a reserved name on the BIG-IP. This module handles that name differently than others. Functionally, you should not see a difference however.
oid string			Specifies the object identifier (OID) for the record. When version is v3, this parameter is required. When version is either v1 or v2c, if this value is specified, then source must not be set to all.
partition string		Default: "Common"	Device partition to manage resources on.
password string / required			The password for the user account used to connect to the BIG-IP. You may omit this option by setting the environment variable F5_PASSWORD. aliases: pass, pwd
port integer			Specifies the port for the trap destination. This parameter is only relevant when version is v1, or v2c. If version is something else, this parameter is ignored.
provider dictionary added in 2.5			A dict object containing connection details.
	password string / required		The password for the user account used to connect to the BIG-IP. You may omit this option by setting the environment variable F5_PASSWORD. aliases: pass, pwd
	server string / required		The BIG-IP host. You may omit this option by setting the environment variable F5_SERVER.
	server_port integer	Default: 443	The BIG-IP server port. You may omit this option by setting the environment variable F5_SERVER_PORT.
	ssh_keyfile path		Specifies the SSH keyfile to use to authenticate the connection to the remote device. This argument is only used for cli transports. You may omit this option by setting the environment variable ANSIBLE_NET_SSH_KEYFILE.
	timeout integer	Default: 10	Specifies the timeout in seconds for communicating with the network device for either connecting or sending commands. If the timeout is exceeded before the operation is completed, the module will error.
	transport string	Choices: cli rest ←	Configures the transport connection to use when connecting to the remote device.
	user string / required		The username to connect to the BIG-IP with. This user must have administrative privileges on the device. You may omit this option by setting the environment variable F5_USER.
	validate_certs boolean	Choices: no yes ←	If no, SSL certificates are not validated. Use this only on personally controlled sites using self-signed certificates. You may omit this option by setting the environment variable F5_VALIDATE_CERTS.
server string / required			The BIG-IP host. You may omit this option by setting the environment variable F5_SERVER.
server_port integer added in 2.2		Default: 443	The BIG-IP server port. You may omit this option by setting the environment variable F5_SERVER_PORT.
snmp_auth_password string			Specifies the password for the user. When creating a new SNMP v3 community, this parameter is required. This value must be at least 8 characters long.
snmp_auth_protocol string		Choices: md5 sha none	Specifies the authentication method for the user. When md5, specifies that the system uses the MD5 algorithm to authenticate the user. When sha, specifies that the secure hash algorithm (SHA) to authenticate the user. When none, specifies that user does not require authentication. When creating a new SNMP v3 community, if this parameter is not specified, the default of sha will be used.
snmp_privacy_password string			Specifies the password for the user. When creating a new SNMP v3 community, this parameter is required. This value must be at least 8 characters long.
snmp_privacy_protocol string		Choices: aes des none	Specifies the encryption protocol. When aes, specifies that the system encrypts the user information using AES (Advanced Encryption Standard). When des, specifies that the system encrypts the user information using DES (Data Encryption Standard). When none, specifies that the system does not encrypt the user information. When creating a new SNMP v3 community, if this parameter is not specified, the default of aes will be used.
snmp_username string			Specifies the name of the user for whom you want to grant access to the SNMP v3 MIB. This parameter is only relevant when version is v3. If version is something else, this parameter is ignored. When creating a new SNMP v3 community, this parameter is required. This parameter cannot be changed once it has been set.
source string			Specifies the source address for access to the MIB. This parameter can accept a value of all. If this parameter is not specified, the value all is used. This parameter is only relevant when version is v1, or v2c. If version is something else, this parameter is ignored. If source is set to all, then it is not possible to specify an oid. This will raise an error. This parameter should be provided when state is absent, so that the correct community is removed. To remove the public SNMP community that comes with a BIG-IP, this parameter should be set to default.
state string		Choices: present ← absent	When present, ensures that the address list and entries exists. When absent, ensures the address list is removed.
update_password string		Choices: always ← on_create	always will allow to update passwords if the user chooses to do so. on_create will only set the password for newly created resources.
user string / required			The username to connect to the BIG-IP with. This user must have administrative privileges on the device. You may omit this option by setting the environment variable F5_USER.
validate_certs boolean added in 2.0		Choices: no yes ←	If no, SSL certificates are not validated. Use this only on personally controlled sites using self-signed certificates. You may omit this option by setting the environment variable F5_VALIDATE_CERTS.
version string		Choices: v1 v2c ← v3	Specifies to which Simple Network Management Protocol (SNMP) version the trap destination applies.

Notes

Note

• For more information on using Ansible to manage F5 Networks devices see https://www.ansible.com/integrations/networks/f5.

• Requires BIG-IP software version >= 12.

• The F5 modules only manipulate the running configuration of the F5 product. To ensure that BIG-IP specific configuration persists to disk, be sure to include at least one task that uses the bigip_config module to save the running configuration. Refer to the module’s documentation for the correct usage of the module to save your running configuration.

Examples

- name: Create an SMNP v2c read-only community
  bigip_snmp_community:
    name: foo
    version: v2c
    source: all
    oid: .1
    access: ro
    provider:
      password: secret
      server: lb.mydomain.com
      user: admin
  delegate_to: localhost

- name: Create an SMNP v3 read-write community
  bigip_snmp_community:
    name: foo
    version: v3
    snmp_username: foo
    snmp_auth_protocol: sha
    snmp_auth_password: secret
    snmp_privacy_protocol: aes
    snmp_privacy_password: secret
    oid: .1
    access: rw
    provider:
      password: secret
      server: lb.mydomain.com
      user: admin
  delegate_to: localhost

- name: Remove the default 'public' SNMP community
  bigip_snmp_community:
    name: public
    source: default
    state: absent
    provider:
      password: secret
      server: lb.mydomain.com
      user: admin
  delegate_to: localhost

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key	Returned	Description
access string	changed	The new access level for the MIB. Sample: ro
community string	changed	The new community value. Sample: community1
ip_version string	changed	The new IP version value. Sample: 0.1
oid string	changed	The new OID value. Sample: 0.1
snmp_auth_password string	changed	The new password of the given snmp_username. Sample: secret1
snmp_auth_protocol string	changed	The new SNMP auth protocol. Sample: sha
snmp_privacy_password string	changed	The new password of the given snmp_username. Sample: secret2
snmp_privacy_protocol string	changed	The new SNMP privacy protocol. Sample: aes
snmp_username string	changed	The new SNMP username. Sample: user1
source string	changed	The new source address to access the MIB. Sample: 1.1.1.1

Status

• This module is not guaranteed to have a backwards compatible interface. [preview]

• This module is maintained by an Ansible Partner. [certified]

Authors

• Tim Rupp (@caphrim007)

• Wojciech Wypior (@wojtek0806)

Hint

If you notice any issues in this documentation you can edit this document to improve it.