Forum Discussion
seamlessfirework
Cirrus
CirrusBIG-IP & Ansible configuration of "External Users"
Hey gus
I was wondering if I can configure the "External Users" through an Ansible playbook. In the official Ansible documentation I did not find a solution for that.
In my case any user is authenticated against a Cisco TACACS+ appliance. If I leave the knob to "No Access" I cannot connect through SSH to the BIG-IP
Yes you can, since there is no ansible module for it you can use the two follow options.
1. You can use the F5 DO module and deploy the base configuration using f5 declarative objects. https://clouddocs.f5.com/products/extensions/f5-declarative-onboarding/latest/declarations/auth.html
Then use ansbile to send an f5 DO to the device. (Remember you don't need the entire Config, you can split the files up and just have a tacacs+ Config).
2. Using ansbile you can just send tmsh command. Just add the commands that you would do in the cli using bigip_command
- name: command bigip_command: commands: - list sys crypto
Yes you can, since there is no ansible module for it you can use the two follow options.
1. You can use the F5 DO module and deploy the base configuration using f5 declarative objects. https://clouddocs.f5.com/products/extensions/f5-declarative-onboarding/latest/declarations/auth.html
Then use ansbile to send an f5 DO to the device. (Remember you don't need the entire Config, you can split the files up and just have a tacacs+ Config).
2. Using ansbile you can just send tmsh command. Just add the commands that you would do in the cli using bigip_command
- name: command bigip_command: commands: - list sys crypto- seamlessfirework
Thanks Sebastian. Since we are not on F5 DO yet I will give sending commands through Ansible a hit.
- seamlessfirework
It worked out by sending a TMSH command through a playbook. The DO stuff is the next step. Thanks again Sebastian_Maniak
Hi seamlessfirework - Matt_Mabis can probably help you with this, or maybe Sebastian_Maniak.
