Forum Discussion
Nimbostratusreading Client SSL Profile details via Ansible
I have an automation I'm building that does a lot of things . . . but one of the tasks in that pile is to try to read, specifically, the field that contains the TLS specifications for every client SSL profile.
The server SSL profiles have the options: field in them:
but for the life of me, I can find no similar field in the output of client ssl profiles from f5networks.f5_modules.bigip_device_info.
None of the other management modules (especially bigip_profile_client_ssl) seem to help with this: in stating that they "manage" profiles, it'd appear that they only write them individually, not read all of them in full detail.
Is there something I'm missing?
1 Reply
- svs
Cirrostratus
You're right, the module doesn't provide this information. Don't ask me why. I'm not a (big) fan of the bigip_device_info module. It can cause crashes on your Ansible control host and/or the restjavad itself. I've seen both.
I'd recommend to write your own small lookup plugins. It usually costs you a bit extra time, but you save a lot of time, because you can process the returned data in the exact way you need it, with the full capabilites of python, instead of forming lousy new dicts and lists using Ansible loops.
A very basic example for such a lookup
# python 3 headers, required if submitting to Ansible from __future__ import absolute_import, division, print_function __metaclass__ = type DOCUMENTATION = r""" name: bigip_virtual_address short_description: the used Virtual Addresses description: - This lookup connects to BIG-IP and collects all virtual addresses. options: bigip_provider: description: The usual provider, used within BIG-IP modules """ import ipaddress import requests import json import urllib3 from requests.auth import HTTPBasicAuth from ansible.errors import AnsibleError, AnsibleParserError from ansible.plugins.lookup import LookupBase from ansible.utils.display import Display from ansible.module_utils.common.text.converters import to_native, to_text display = Display() class LookupModule(LookupBase): def run(self, bigip_provider, variables, **kwargs): self.set_options(var_options=variables, direct=kwargs) display.vvvv(f"Options {self.get_options()}") display.v(f"Options {bigip_provider}") bigip_provider = bigip_provider[0] urllib3.disable_warnings() bip_vip_result = requests.get( url=f"https://{bigip_provider['server']}:{bigip_provider['server_port']}/mgmt/tm/ltm/virtual-address", auth=HTTPBasicAuth(bigip_provider["user"], bigip_provider["password"]), verify=bigip_provider["validate_certs"], timeout=bigip_provider["timeout"], ) if bip_vip_result.status_code == 200: bip_vip_result_json = bip_vip_result.json() bip_vip_list = {"virtual_addresses": []} for item in bip_vip_result_json["items"]: bip_vip_list["virtual_addresses"].append( { "address": item["address"], "netmask": item["mask"], "arp_enabled": True if item["arp"] == "enabled" else False, "auto_delete": True if item["autoDelete"] == "true" else False, "enabled": True if item["enabled"] == "true" else False, "floating": True if item["floating"] == "true" else False, "icmp": True if item["icmpEcho"] == "enabled" else False, } ) display.v(f"bip_vip_list: {[bip_vip_list]}") else: raise AnsibleError( f"Failed to request Virtual Address data from {bigip_provider['server']}:{bigip_provider['server_port']}" ) ret = [bip_vip_list] return retMight not be the best version of my code, but gets the job done. Use it like that:
- name: "Get Virtual Addresses from BIG-IP" ansible.builtin.set_fact: bip_virtual_addresses: "{{ lookup('bigip_virtual_address', <the usual provider dict>) }}" tags: ["always"]
