Forum Discussion

Brad_Stapleton's avatar
Brad_Stapleton
Icon for Nimbostratus rankNimbostratus
Feb 13, 2020

Ansible Deployment of Virtual Server With Profiles

We are in the process of planning a migration to a new set of virtual BigIPs. To help expedite the process, we have decided to leverage Ansible to help deploy and maintain configurations moving forward. We ran into a snag today when attempting to deploy profiles with virtual servers. We want to apply a client SSL profile to port 443 virtual servers but not to port 80 virtual servers. We are using a "with_items" loop to create multiple viral servers without duplicating the task inside of the playbook.

 

Any ideas on how to achieve this without having to duplicate the task over and over because of the client SSL profile? A portion of our configuration is below:

 

bigip_virtual_server:

   state: present

   partition: "{{ partition }}"

   name: "{{ item.name }}"

   port: "{{ item.port }}"

   destination: "{{ item.destination }}"

   description: "vs 1"

   pool: "vs1_pool"

   profiles:

     - tcp-wan-optimized

     - http

     - wan-optimized-compression

     - vs1_client_ssl

   provider:

     server:        "{{ server }}"

     user:          "{{ username }}"

     password:      "{{ password }}"

     validate_certs: "{{ validate_certs }}"

 with_items:

   - { name: "server_port_80",

       port: 80,

       destination: IP,

     }

   - { name: "server_port_443,

       port: 443,

       destination: IP,

     }

Ansible
application delivery
BIG-IP
LTM
operations
  • Aaron_Booker's avatar
    Aaron_Booker
    Icon for Employee rankEmployee
    May 11, 2020

    Here is one way to do it with a profiles variable and string concatenation:

     

    ---

    - name: Create objects on a BIG-IP

     hosts: bigip14-1

     gather_facts: False

     connection: local

     vars:

       provider:

         password: "{{ bigip_password }}"

         server: "{{ ansible_host }}"

         user: "{{ bigip_username }}"

         validate_certs: False

       profiles: "tcp-wan-optimized,http,wan-optimized-compression"

     

     tasks:

       - name: Create a virtual server

         bigip_virtual_server:

           provider: "{{ provider }}"

           name: "{{ item.name }}"

           destination: "{{ item.destination }}"

           port: "{{ item.port }}"

           snat: "Automap"

           all_profiles: "{{ item.profiles }}"

           pool: "example_pool"

         with_items:

           - { name: "server_port_80",

               port: 80,

               destination: 10.150.1.1,

               profiles: "{{ profiles }}"

             }

           - { name: "server_port_443",

               port: 443,

               destination: 10.150.1.1,

               profiles: "{{ profiles + ',example_client_ssl' }}"

              }

         notify:

           - Save the running configuration to disk

     

     handlers:

       - name: Save the running configuration to disk

         bigip_config:

           save: yes

           provider: "{{ provider }}"