Forum Discussion

Ichnafi's avatar
Ichnafi
Icon for Cirrostratus rankCirrostratus
Mar 09, 2023

Ansible - Running bash commands with bigip_command module - How it's done

Hello fellow F5ers,

the description of the F5 Ansible-Module "bigip_command" states it would "[...]Run TMSH and BASH commands on F5 devices[...]"

Scrolling through the documentation, you will only see tmsh commands. When you try to run a direct bash command, the execution will fail. Sadly the correct way of getting bash commands to run is only documentet in an issue "unable to run bash commands using bigip_command module #1846" filed in the F5's Github Repo.

Here is the solution:

 

- name: Task that needs to run a bash command
  bigip_command:
    commands: run /util bash -c "whatever bash command you need"
    provider: "{{ provider }}"
  delegate_to: localhost

 

My specific usecase was to change the crypto-master-key of a LTM-Cluster, which is an interactive command and there is no ansible module that covers this. Because of the user interaction that is forced by the command, the only way of automate the hole this is to use the "expect" command (at least I did not find any other solution).

Changing the crypto-master-key involves:
1. Running in tmsh: modify /sys crypto master-key prompt-for-password
2. enter the new passwort twice

I finally managed to run this with ansible like this:

 

- name: set crypto key
  bigip_command:
    commands: >
      run /util bash -c "
      expect -c 'spawn tmsh modify /sys crypto master-key prompt-for-password;
      sleep 1;
      send -- {{ crypto_key }}\r;
      sleep 1;
      send -- {{ crypto_key }}\r;
      sleep 1'"
    provider: "{{ bigip_provider }}"
  delegate_to: localhost

 

There you go.
Hava a good one!

  • Thanks for the hint. I just did (i think...is it in review?)

  • Is the expected output from this going to be in JSON decodable format, or no? I'm trying to run a script that comes with TMOS (temp folder cleanup), and it keeps erroring out with the following.

    TASK [Run clean_tmsh_tmp_dirs script against a BIG-IP] ************************************************************************************************************** fatal: [10.1.1.15 -> localhost]: FAILED! => {"changed": false, "msg": "No JSON object could be decoded"}

    Here's the playbook:

    ---
    - name: Run clean_tmsh_tmp_dirs script against BIG-IPs
      hosts: all
      connection: local
      vars:
        provider:
          password: 
          server: localhost
          user: admin
          validate_certs: no
          server_port: 443
      tasks:
      - name: Run clean_tmsh_tmp_dirs script against a BIG-IP
        bigip_command:
          commands: run /util bash -c 'yes yes | /usr/local/bin/clean_tmsh_tmp_dirs'
          provider: "{{ provider }}"
        delegate_to: localhost

     

    Thanks,

    Matt