Forum Discussion

sarlindo's avatar
sarlindo
Icon for Altostratus rankAltostratus
Jan 27, 2021

F5 APM/LTM Ansible module - which to use for changing apm access profile attached to VS?

I would like to use the ansible f5 modules to basically remove or add an access policy attached to a virtual server list. Which ansible f5 module would I use for that?

 

 

Would it be the bigip_asm_policy module? If so, I don't see where I see the association with the virtual servers access policy drop down list in the GUI.

 

 bigip_asm_policy:

      name: "{{ ans_f5_access_profile }}"

      partition: "{{ ans_f5_partition }}"

      active: yes

      state: present

      provider:

        server: "{{ ans_f5_endpoint_url }}"

        user: "{{ ans_f5_userid }}"

        password: "{{ ans_f5_password }}"

        validate_certs: no

 

 

Ansible
BIG-IP
BIG-IP Access Policy Manager (APM)
devops
  • Dario_Garrido's avatar
    Dario_Garrido
    Jan 29, 2021

    Hello Sarlindo.

    As I said in my previous response :-), 'profiles' option is a 'replace-all-with' action, so you have to introduce a complete list of profiles to assign on the VS.

    In the documentation states this:

    "List of profiles (HTTP, ClientSSL, ServerSSL, etc) to apply to both sides of the connection (client-side and server-side) ... If you want to remove a profile from the list of profiles currently active on the virtual, simply remove it from the profiles list".

    Conclusion:

    • With AP profile: {{ tcp http myaccess-prof }}
    • Without AP profile: {{ tcp http }}

    So, your variable "ans_f5_access_profile" should be a complete list with all the profiles assigned to the VS.

    If this was helpful, I will appreciate if you mark my answer as 'the best' to help other people to find it ;-).

     

    Regards,

    Dario.

  • Dario_Garrido's avatar
    Dario_Garrido
    Icon for MVP rankMVP
    Jan 28, 2021

    Hello Sarlindo.

     

    You should use bigip_virtual_server and attach your access profile as a regular profile.

    https://clouddocs.f5.com/products/orchestration/ansible/devel/modules/bigip_virtual_server_module.html

     

    This is the complete list of Ansible modules available.

    https://clouddocs.f5.com/products/orchestration/ansible/devel/modules/module_index.html

     

    Regards,

    Dario.

    • sarlindo's avatar
      sarlindo
      Icon for Altostratus rankAltostratus
      Jan 28, 2021

      Hello Dario,

       

      Thanks for this, so I should use something like the following to attach the profile I want? And to detach the profile I assume I need to use the "state: absent" ?

       

       - name: Attach policy to VS

          bigip_virtual_server:

            state: present

            partition: "{{ ans_f5_partition }}"

            name: "{{ ans_f5_virtual_server }}"

            profiles:

              - "{{ ans_f5_access_profile }}"

            provider:

              server: "{{ ans_f5_endpoint_url }}"

              user: "{{ ans_f5_userid }}"

              password: "{{ ans_f5_password }}"

              validate_certs: no

       

      • Dario_Garrido's avatar
        Dario_Garrido
        Icon for MVP rankMVP
        Jan 28, 2021

        Just ommit this 'state' option.

         

        Please, let me know if everything works as expected.

         

        Regards,

        Dario.