cancel
Showing results for 
Search instead for 
Did you mean: 
Login & Join the DevCentral Connects Group to watch the Recorded LiveStream (May 12) on Basic iControl Security - show notes included.

Ansible Deployment of Virtual Server With Profiles

Brad_Stapleton
Nimbostratus
Nimbostratus

We are in the process of planning a migration to a new set of virtual BigIPs. To help expedite the process, we have decided to leverage Ansible to help deploy and maintain configurations moving forward. We ran into a snag today when attempting to deploy profiles with virtual servers. We want to apply a client SSL profile to port 443 virtual servers but not to port 80 virtual servers. We are using a "with_items" loop to create multiple viral servers without duplicating the task inside of the playbook.

 

Any ideas on how to achieve this without having to duplicate the task over and over because of the client SSL profile? A portion of our configuration is below:

 

bigip_virtual_server:

   state: present

   partition: "{{ partition }}"

   name: "{{ item.name }}"

   port: "{{ item.port }}"

   destination: "{{ item.destination }}"

   description: "vs 1"

   pool: "vs1_pool"

   profiles:

     - tcp-wan-optimized

     - http

     - wan-optimized-compression

     - vs1_client_ssl

   provider:

     server:        "{{ server }}"

     user:          "{{ username }}"

     password:      "{{ password }}"

     validate_certs: "{{ validate_certs }}"

 with_items:

   - { name: "server_port_80",

       port: 80,

       destination: IP,

     }

   - { name: "server_port_443,

       port: 443,

       destination: IP,

     }

2 REPLIES 2

Aaron_Booker
F5 Employee
F5 Employee

Here is one way to do it with a profiles variable and string concatenation:

 

---

- name: Create objects on a BIG-IP

 hosts: bigip14-1

 gather_facts: False

 connection: local

 vars:

   provider:

     password: "{{ bigip_password }}"

     server: "{{ ansible_host }}"

     user: "{{ bigip_username }}"

     validate_certs: False

   profiles: "tcp-wan-optimized,http,wan-optimized-compression"

 

 tasks:

   - name: Create a virtual server

     bigip_virtual_server:

       provider: "{{ provider }}"

       name: "{{ item.name }}"

       destination: "{{ item.destination }}"

       port: "{{ item.port }}"

       snat: "Automap"

       all_profiles: "{{ item.profiles }}"

       pool: "example_pool"

     with_items:

       - { name: "server_port_80",

           port: 80,

           destination: 10.150.1.1,

           profiles: "{{ profiles }}"

         }

       - { name: "server_port_443",

           port: 443,

           destination: 10.150.1.1,

           profiles: "{{ profiles + ',example_client_ssl' }}"

          }

     notify:

       - Save the running configuration to disk

 

 handlers:

   - name: Save the running configuration to disk

     bigip_config:

       save: yes

       provider: "{{ provider }}"

 

Also this Q&A was the basis for a new AskF5 article:

K42420223: Using F5 Modules for Ansible to create HTTP and HTTPS virtual servers in a single task

If you have any feedback, you can add that to the bottom of the article.