BIG-IP ASM Automation with Ansible

My Background Back in September I started my Ansible journey, coming from no knowledge about Ansible and its automation capabilities I was asked to develop some code/playbooks to automate some of th...
Published Dec 30, 2019
Version 1.0
Ansible
application delivery
ASM Advanced WAF
automation
BIG-IP
security
series-handy-ansible-hacks
Matt_Bystrzak's avatar
Matt_Bystrzak
Icon for Nimbostratus rankNimbostratus
Mar 03, 2020

Hey Matt,

 

Thanks for the article. This is a great example of how to work with the ASM policies via Ansible.

 

I have a couple questions pertaining to managing whitelist IP addresses. I'm currently working on presenting a front end through a ticketing system so that application folks can request an IP address be whitelisted as sort of a self service type of thing. That system will signal Ansible to start the magic show. The struggle I'm currently having is how I handle sanitizing input and assuring that what is being requested isn't an invalid entry.

 

My first example is for IPI whitelist or blacklist. I'm managing a CSV file essentially and it's hosted by a web server that the F5 is pulling in as a feed list. Straight forward stuff. But I'm trying to update the contents of the CSV file in a way that maintains the integrity of the function. I'm open to approaching this problem differently, but I'm kind of stuck at the moment.

 

I know this isn't exactly what you're talking about here, but I think that the same issue ends up showing up. What is your mechanism for maintaining integrity, or how might you approach managing the state of your list? I'm still relatively new to all the Ansible-isms, so forgive my ignorance if you're somehow handling that in this example and I'm just missing it.

 

Any insights you could provide are greatly appreciated.