New in version 2.2.
- f5-sdk >= 1.5.0
- BIG-IP >= v12
| parameter | required | default | choices | comments |
|---|---|---|---|---|
| cert_content |
no |
When used instead of 'cert_src', sets the contents of a certificate directly to the specified value. This is used with lookup plugins or for anything with formatting or templating. Either one of
key_src, key_content, cert_src or cert_content must be provided when state is present. |
||
| cert_src |
no |
This is the local filename of the certificate. Either one of
key_src, key_content, cert_src or cert_content must be provided when state is present. |
||
| key_content |
no |
When used instead of 'key_src', sets the contents of a certificate key directly to the specified value. This is used with lookup plugins or for anything with formatting or templating. Either one of
key_src, key_content, cert_src or cert_content must be provided when state is present. |
||
| key_src |
no |
This is the local filename of the private key. Either one of
key_src, key_content, cert_src or cert_content must be provided when state is present. |
||
| name |
yes |
SSL Certificate Name. This is the cert/key pair name used when importing a certificate/key into the F5. It also determines the filenames of the objects on the LTM (:Partition:name.cer_11111_1 and :Partition_name.key_11111_1).
|
||
| passphrase |
no |
Passphrase on certificate private key
|
||
| password |
yes |
The password for the user account used to connect to the BIG-IP. This option can be omitted if the environment variable
F5_PASSWORD is set. |
||
| server |
yes |
The BIG-IP host. This option can be omitted if the environment variable
F5_SERVER is set. |
||
| server_port (added in 2.2) |
no | 443 |
The BIG-IP server port. This option can be omitted if the environment variable
F5_SERVER_PORT is set. |
|
| state |
no | present |
|
Certificate and key state. This determines if the provided certificate and key is to be made
present on the device or absent. |
| user |
yes |
The username to connect to the BIG-IP with. This user must have administrative privileges on the device. This option can be omitted if the environment variable
F5_USER is set. |
||
| validate_certs (added in 2.0) |
no | True |
|
If
no, SSL certificates will not be validated. This should only be used on personally controlled sites using self-signed certificates. This option can be omitted if the environment variable F5_VALIDATE_CERTS is set. |
- name: Import PEM Certificate from local disk bigip_ssl_certificate: name: "certificate-name" server: "lb.mydomain.com" user: "admin" password: "secret" state: "present" cert_src: "/path/to/cert.crt" key_src: "/path/to/key.key" delegate_to: localhost - name: Use a file lookup to import PEM Certificate bigip_ssl_certificate: name: "certificate-name" server: "lb.mydomain.com" user: "admin" password: "secret" state: "present" cert_content: "{{ lookup('file', '/path/to/cert.crt') }}" key_content: "{{ lookup('file', '/path/to/key.key') }}" delegate_to: localhost - name: "Delete Certificate" bigip_ssl_certificate: name: "certificate-name" server: "lb.mydomain.com" user: "admin" password: "secret" state: "absent" delegate_to: localhost
Common return values are documented here Return Values, the following are the fields unique to this module:
| name | description | returned | type | sample |
|---|---|---|---|---|
| cert_checksum |
SHA1 checksum of the cert that was provided.
|
changed and created | string | f7ff9e8b7bb2e09b70935a5d785e0cc5d9d0abf0 |
| cert_filename |
The name of the SSL certificate. The
cert_filename and key_filename will be similar to each other, however the cert_filename will have a .crt extension. |
created | string | cert1.crt |
| cert_name |
The name of the certificate that the user provided
|
created | string | cert1 |
| cert_source_path |
Path on BIG-IP where the source of the certificate is stored.
|
created | string | /var/config/rest/downloads/cert1.crt |
| key_checksum |
SHA1 checksum of the key that was provided.
|
changed and created | string | cf23df2207d99a74fbe169e3eba035e633b65d94 |
| key_filename |
The name of the SSL certificate key. The
key_filename and cert_filename will be similar to each other, however the key_filename will have a .key extension. |
created | string | cert1.key |
| key_source_path |
Path on BIG-IP where the source of the key is stored
|
created | string | /var/config/rest/downloads/cert1.key |
Note
This module is flagged as preview which means that it is not guaranteed to have a backwards compatible interface.
For help in developing on modules, should you be so inclined, please read Community Information & Contributing, Testing Ansible and Developing Modules.