f5networks.f5_modules.bigip_profile_sip – Manage SIP profiles on a BIG-IP

Note

This plugin is part of the f5networks.f5_modules collection (version 1.9.0).

To install it use: ansible-galaxy collection install f5networks.f5_modules.

To use it in a playbook, specify: f5networks.f5_modules.bigip_profile_sip.

New in version 1.0.0: of f5networks.f5_modules

Synopsis

  • Manage SIP profiles on a BIG-IP system.

Parameters

Parameter Choices/Defaults Comments
community
string
When the dialog_aware is yes and the configuration requires multiple SIP virtual server-profile pairings, this string value indicates whether the pair belongs to the same SIP proxy functional group.
description
string
Description of the profile.
To remove the entry completely, set a value of ''.
dialog_aware
boolean
    Choices:
  • no
  • yes
When yes, the system gathers SIP dialog information and automatically forwards SIP messages belonging to the known SIP dialog.
enable_sip_firewall
boolean
    Choices:
  • no
  • yes
Specifies whether the Advanced Firewall Manager (AFM) policy is enabled.
When yes, the SIP Security settings configured in the DoS Profile in AFM apply to the virtual servers that use this profile.
insert_record_route_header
boolean
    Choices:
  • no
  • yes
When yes, inserts a Record-Route SIP header, which indicates the next hop for the following SIP request messages.
insert_via_header
boolean
    Choices:
  • no
  • yes
When yes, inserts a Via header in the forwarded SIP request.
Via headers indicate the path taken through proxy devices and transports used. The response message uses this routing information.
log_profile
string
Specifies the logging settings the publisher uses to send log messages.
The format of the name can be either be prepended by partition (/Common/foo), or specified just as an object name (foo).
To remove the entry. set a value of '', however the profile log_publisher must also be set as ''.
log_publisher
string
Specifies the publisher defined to log messages.
Format of the name can be either be prepended by partition (/Common/foo), or specified just as an object name (foo).
To remove the entry. set a value of '', however the profile log_profile must also be set as ''.
max_size
integer
Specifies the maximum SIP message size that the BIG-IP system accepts.
The accepted value range is 0 - 4294967295 bytes.
name
string / required
Specifies the name of the SIP profile to manage.
parent
string
Specifies the profile from which this profile inherits settings.
When creating a new profile, if this parameter is not specified, the default is the system-supplied sip profile.
partition
string
Default:
"Common"
Device partition to manage resources on.
provider
dictionary
added in 1.0.0 of f5networks.f5_modules
A dict object containing connection details.
auth_provider
string
Configures the auth provider for to obtain authentication tokens from the remote device.
This option is really used when working with BIG-IQ devices.
no_f5_teem
boolean
    Choices:
  • no
  • yes
If yes, TEEM telemetry data is not sent to F5.
You may omit this option by setting the environment variable F5_TEEM.
password
string / required
The password for the user account used to connect to the BIG-IP.
You may omit this option by setting the environment variable F5_PASSWORD.

aliases: pass, pwd
server
string / required
The BIG-IP host.
You may omit this option by setting the environment variable F5_SERVER.
server_port
integer
Default:
443
The BIG-IP server port.
You may omit this option by setting the environment variable F5_SERVER_PORT.
timeout
integer
Specifies the timeout in seconds for communicating with the network device for either connecting or sending commands. If the timeout is exceeded before the operation is completed, the module will error.
transport
string
    Choices:
  • rest ←
Configures the transport connection to use when connecting to the remote device.
user
string / required
The username to connect to the BIG-IP with. This user must have administrative privileges on the device.
You may omit this option by setting the environment variable F5_USER.
validate_certs
boolean
    Choices:
  • no
  • yes ←
If no, SSL certificates are not validated. Use this only on personally controlled sites using self-signed certificates.
You may omit this option by setting the environment variable F5_VALIDATE_CERTS.
secure_via_header
boolean
    Choices:
  • no
  • yes
When checked (enabled), inserts a secure Via header in the forwarded SIP request.
A secure Via header indicates where the message originated.
This parameter causes the inserted Via header to specify Transport Layer Security. For this option to take effect, insert_via_header must be set to (yes).
security
boolean
    Choices:
  • no
  • yes
When yes. enables the use of enhanced Horizontal Security Layer (HSL) security checking.
state
string
    Choices:
  • present ←
  • absent
When present, ensures the profile exists.
When absent, ensures the profile is removed.
terminate_on_bye
boolean
    Choices:
  • no
  • yes
When yes, closes a connection when a BYE transaction finishes.
A BYE transaction is a message an application sends to another application when it is ready to close the connection between the two.
user_via_header
string
When insert_via_header is yes, specifies the Via value the system inserts as the top Via header in a SIP REQUEST message.
The valid value must include SIP protocol and sent_by settings, for example: SIP/2.0/UDP 10.10.10.10:5060.
To remove the entry completely, set a value of ''.

Notes

Note

  • For more information on using Ansible to manage F5 Networks devices see https://www.ansible.com/integrations/networks/f5.

  • Requires BIG-IP software version >= 12.

  • The F5 modules only manipulate the running configuration of the F5 product. To ensure that BIG-IP specific configuration persists to disk, be sure to include at least one task that uses the f5networks.f5_modules.bigip_config module to save the running configuration. Refer to the module’s documentation for the correct usage of the module to save your running configuration.

Examples

- name: Create a SIP profile
  bigip_profile_sip:
    name: foo
    parent: sip
    log_profile: alg_log
    log_publisher: foo-publisher
    description: this is a new profile
    security: yes
    provider:
      password: secret
      server: lb.mydomain.com
      user: admin
  delegate_to: localhost

- name: Update SIP profile
  bigip_profile_sip:
    name: foo
    insert_record_route_header: yes
    enable_sip_firewall: yes
    insert_via_header: yes
    user_via_header: "SIP/2.0/UDP 10.10.10.10:5060"
    provider:
      password: secret
      server: lb.mydomain.com
      user: admin
  delegate_to: localhost

- name: Delete a SIP profile
  bigip_profile_sip:
    name: foo
    state: absent
    provider:
      password: secret
      server: lb.mydomain.com
      user: admin
  delegate_to: localhost

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key Returned Description
community
string
changed
Indicates whether the pair belongs to the same SIP proxy functional group.

Sample:
foo_community
description
string
changed
Description of the profile.

Sample:
custom description
dialog_aware
boolean
changed
Specifies if the system gathers SIP dialog information.
enable_sip_firewall
boolean
changed
Specifies whether the Advanced Firewall Manager policy is enabled.

Sample:
True
insert_record_route_header
boolean
changed
Specifies if the system will insert a Record-Route SIP header.

Sample:
True
insert_via_header
boolean
changed
Specifies if the system will insert a Via header in the forwarded SIP request.

Sample:
True
log_profile
string
changed
The logging settings the publisher uses to send log messages.

Sample:
/Common/alg_profile
log_publisher
string
changed
The publisher defined to log messages.

Sample:
/Common/foo_publisher
max_size
boolean
changed
Specifies if the system will close a connection when a BYE transaction finishes.
parent
string
changed
Specifies the profile from which this profile inherits settings.

Sample:
/Common/sip
secure_via_header
boolean
changed
Specifies if the system will insert a secure Via header in the forwarded SIP request.
security
boolean
changed
Enables the use of enhanced Horizontal Security Layer security checking.

Sample:
True
terminate_on_bye
boolean
changed
Specifies if the system will close a connection when a BYE transaction finishes.
user_via_header
string
changed
The value the system inserts as the top Via header in a SIP REQUEST message.

Sample:
SIP/2.0/UDP 10.10.10.10:5060


Authors

  • Wojciech Wypior (@wojtek0806)