f5networks.f5_modules.bigip_device_httpd – Manage HTTPD related settings on a BIG-IP system
Note
This plugin is part of the f5networks.f5_modules collection (version 1.13.0).
You might already have this collection installed if you are using the ansible
package.
It is not included in ansible-core
.
To check whether it is installed, run ansible-galaxy collection list
.
To install it, use: ansible-galaxy collection install f5networks.f5_modules
.
To use it in a playbook, specify: f5networks.f5_modules.bigip_device_httpd
.
New in version 1.0.0: of f5networks.f5_modules
Synopsis
Manages HTTPD related settings on the BIG-IP. These settings are useful when you want to set GUI timeouts and other TMUI related settings.
Parameters
Parameter |
Comments |
---|---|
If you have enabled HTTPD access, specifies the IP address or address range for other systems that can communicate with this system. To specify all addresses, use the value An IP address can be specified, such as 172.27.1.10. IP ranges can be specified, such as 172.27.*.* or 172.27.0.0/255.255.0.0. |
|
Sets the BIG-IP authentication realm name. |
|
Sets whether or not the BIG-IP dashboard will timeout. Choices:
|
|
Sets the GUI timeout for automatic logout, in seconds. |
|
Sets the authPamValidateIp setting. Choices:
|
|
Sets the timeout of FastCGI. |
|
Sets whether or not to display the hostname, if possible. Choices:
|
|
Sets the minimum HTTPD log level. Choices:
|
|
Sets the maximum number of clients that can connect to the GUI at once. |
|
A dict object containing connection details. |
|
Configures the auth provider for to obtain authentication tokens from the remote device. This option is really used when working with BIG-IQ devices. |
|
If You may omit this option by setting the environment variable Previously used variable Choices:
|
|
The password for the user account used to connect to the BIG-IP. You may omit this option by setting the environment variable |
|
The BIG-IP host. You may omit this option by setting the environment variable |
|
The BIG-IP server port. You may omit this option by setting the environment variable Default: 443 |
|
Specifies the timeout in seconds for communicating with the network device for either connecting or sending commands. If the timeout is exceeded before the operation is completed, the module will error. |
|
Configures the transport connection to use when connecting to the remote device. Choices:
|
|
The username to connect to the BIG-IP with. This user must have administrative privileges on the device. You may omit this option by setting the environment variable |
|
If You may omit this option by setting the environment variable Choices:
|
|
Whether or not to redirect HTTP requests to the GUI to HTTPS. Choices:
|
|
Specifies the ciphers the system uses. The values in the suite are separated by colons (:). Can be specified in either a string or list form. The list form is the recommended way to provide the cipher suite. See examples for usage. Use the value |
|
The HTTPS port on which the system should listen. |
|
The list of SSL protocols to accept on the management console. A space-separated list of tokens in the format accepted by the Apache mod_ssl SSLProtocol directive. Can be specified in either a string or list form. The list form is the recommended way to provide the cipher suite. See examples for usage. Use the value |
Notes
Note
Requires the requests Python package on the host. This is as easy as running
pip install requests
.For more information on using Ansible to manage F5 Networks devices see https://www.ansible.com/integrations/networks/f5.
Requires BIG-IP software version >= 12.
The F5 modules only manipulate the running configuration of the F5 product. To ensure that BIG-IP specific configuration persists to disk, be sure to include at least one task that uses the f5networks.f5_modules.bigip_config module to save the running configuration. Refer to the module’s documentation for the correct usage of the module to save your running configuration.
Examples
- name: Set the BIG-IP authentication realm name
bigip_device_httpd:
auth_name: BIG-IP
provider:
password: secret
server: lb.mydomain.com
user: admin
delegate_to: localhost
- name: Set the auth pam timeout to 3600 seconds
bigip_device_httpd:
auth_pam_idle_timeout: 1200
provider:
password: secret
server: lb.mydomain.com
user: admin
delegate_to: localhost
- name: Set the validate IP settings
bigip_device_httpd:
auth_pam_validate_ip: on
provider:
password: secret
server: lb.mydomain.com
user: admin
delegate_to: localhost
- name: Set SSL cipher suite by list
bigip_device_httpd:
ssl_cipher_suite:
- ECDHE-RSA-AES128-GCM-SHA256
- ECDHE-RSA-AES256-GCM-SHA384
- ECDHE-RSA-AES128-SHA
- AES256-SHA256
provider:
password: secret
server: lb.mydomain.com
user: admin
delegate_to: localhost
- name: Set SSL cipher suite by string
bigip_device_httpd:
ssl_cipher_suite: ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA:AES256-SHA256
provider:
password: secret
server: lb.mydomain.com
user: admin
delegate_to: localhost
- name: Set SSL protocols by list
bigip_device_httpd:
ssl_protocols:
- all
- -SSLv2
- -SSLv3
provider:
password: secret
server: lb.mydomain.com
user: admin
delegate_to: localhost
- name: Set SSL protocols by string
bigip_device_httpd:
ssl_protocols: all -SSLv2 -SSLv3
provider:
password: secret
server: lb.mydomain.com
user: admin
delegate_to: localhost
Return Values
Common return values are documented here, the following are the fields unique to this module:
Key |
Description |
---|---|
The new authentication realm name. Returned: changed Sample: “foo” |
|
Whether or not the BIG-IP dashboard will timeout. Returned: changed Sample: false |
|
The new number of seconds for GUI timeout. Returned: changed Sample: 1200 |
|
The new authPamValidateIp setting. Returned: changed Sample: true |
|
The new timeout of FastCGI. Returned: changed Sample: 500 |
|
Whether or not to display the hostname, if possible. Returned: changed Sample: true |
|
The new minimum HTTPD log level. Returned: changed Sample: “crit” |
|
The new maximum number of clients that can connect to the GUI at once. Returned: changed Sample: 20 |
|
Whether or not to redirect HTTP requests to the GUI to HTTPS. Returned: changed Sample: true |
|
The new ciphers the system uses. Returned: changed Sample: “ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA” |
|
List of the new ciphers the system uses. Returned: changed Sample: [“ECDHE-RSA-AES256-GCM-SHA384”, “ECDHE-RSA-AES128-SHA”] |
|
The new HTTPS port to listen on. Returned: changed Sample: 10443 |
|
The new list of SSL protocols to accept on the management console. Returned: changed Sample: “all -SSLv2 -SSLv3” |
Authors
Joe Reifel (@JoeReifel)
Tim Rupp (@caphrim007)