Help
Technical Forum
Ask questions. Discover Answers.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Technical Forum Quicklinks: No Replies | Active-Not Solved | Recent Solutions
Custom Alert Banner

F5 AppWorld 2024 session proposal deadline extended to Friday, December 8th!

Ansible Deployment of Virtual Server With Profiles

Brad_Stapleton
Nimbostratus
Nimbostratus

‎13-Feb-2020 10:19

We are in the process of planning a migration to a new set of virtual BigIPs. To help expedite the process, we have decided to leverage Ansible to help deploy and maintain configurations moving forward. We ran into a snag today when attempting to deploy profiles with virtual servers. We want to apply a client SSL profile to port 443 virtual servers but not to port 80 virtual servers. We are using a "with_items" loop to create multiple viral servers without duplicating the task inside of the playbook.

 

Any ideas on how to achieve this without having to duplicate the task over and over because of the client SSL profile? A portion of our configuration is below:

 

bigip_virtual_server:

   state: present

   partition: "{{ partition }}"

   name: "{{ item.name }}"

   port: "{{ item.port }}"

   destination: "{{ item.destination }}"

   description: "vs 1"

   pool: "vs1_pool"

   profiles:

     - tcp-wan-optimized

     - http

     - wan-optimized-compression

     - vs1_client_ssl

   provider:

     server:        "{{ server }}"

     user:          "{{ username }}"

     password:      "{{ password }}"

     validate_certs: "{{ validate_certs }}"

 with_items:

   - { name: "server_port_80",

       port: 80,

       destination: IP,

     }

   - { name: "server_port_443,

       port: 443,

       destination: IP,

     }

Labels:
0 Kudos
2 REPLIES 2

Aaron_Booker
F5 Employee
F5 Employee

‎11-May-2020 15:17

Here is one way to do it with a profiles variable and string concatenation:

 

---

- name: Create objects on a BIG-IP

 hosts: bigip14-1

 gather_facts: False

 connection: local

 vars:

   provider:

     password: "{{ bigip_password }}"

     server: "{{ ansible_host }}"

     user: "{{ bigip_username }}"

     validate_certs: False

   profiles: "tcp-wan-optimized,http,wan-optimized-compression"

 

 tasks:

   - name: Create a virtual server

     bigip_virtual_server:

       provider: "{{ provider }}"

       name: "{{ item.name }}"

       destination: "{{ item.destination }}"

       port: "{{ item.port }}"

       snat: "Automap"

       all_profiles: "{{ item.profiles }}"

       pool: "example_pool"

     with_items:

       - { name: "server_port_80",

           port: 80,

           destination: 10.150.1.1,

           profiles: "{{ profiles }}"

         }

       - { name: "server_port_443",

           port: 443,

           destination: 10.150.1.1,

           profiles: "{{ profiles + ',example_client_ssl' }}"

          }

     notify:

       - Save the running configuration to disk

 

 handlers:

   - name: Save the running configuration to disk

     bigip_config:

       save: yes

       provider: "{{ provider }}"

 

0 Kudos

Aaron_Booker
F5 Employee
F5 Employee
In response to Aaron_Booker

‎13-May-2020 12:12

Also this Q&A was the basis for a new AskF5 article:

K42420223: Using F5 Modules for Ansible to create HTTP and HTTPS virtual servers in a single task

If you have any feedback, you can add that to the bottom of the article.

0 Kudos
Copyright © 2023 Khoros, LLC