Forum Discussion

Ichnafi's avatar
Ichnafi
Icon for Cirrostratus rankCirrostratus
Mar 09, 2023

Ansible - Running bash commands with bigip_command module - How it's done

Hello fellow F5ers,

the description of the F5 Ansible-Module "bigip_command" states it would "[...]Run TMSH and BASH commands on F5 devices[...]"

Scrolling through the documentation, you will only see tmsh commands. When you try to run a direct bash command, the execution will fail. Sadly the correct way of getting bash commands to run is only documentet in an issue "unable to run bash commands using bigip_command module #1846" filed in the F5's Github Repo.

Here is the solution:

 

- name: Task that needs to run a bash command
  bigip_command:
    commands: run /util bash -c "whatever bash command you need"
    provider: "{{ provider }}"
  delegate_to: localhost

 

My specific usecase was to change the crypto-master-key of a LTM-Cluster, which is an interactive command and there is no ansible module that covers this. Because of the user interaction that is forced by the command, the only way of automate the hole this is to use the "expect" command (at least I did not find any other solution).

Changing the crypto-master-key involves:
1. Running in tmsh: modify /sys crypto master-key prompt-for-password
2. enter the new passwort twice

I finally managed to run this with ansible like this:

 

- name: set crypto key
  bigip_command:
    commands: >
      run /util bash -c "
      expect -c 'spawn tmsh modify /sys crypto master-key prompt-for-password;
      sleep 1;
      send -- {{ crypto_key }}\r;
      sleep 1;
      send -- {{ crypto_key }}\r;
      sleep 1'"
    provider: "{{ bigip_provider }}"
  delegate_to: localhost

 

There you go.
Hava a good one!

application delivery
devops
  • Ichnafi's avatar
    Ichnafi
    Icon for Cirrostratus rankCirrostratus
    Mar 09, 2023

    Thanks for the hint. I just did (i think...is it in review?)

  • bowlermj's avatar
    bowlermj
    Icon for Employee rankEmployee
    May 31, 2024

    Is the expected output from this going to be in JSON decodable format, or no? I'm trying to run a script that comes with TMOS (temp folder cleanup), and it keeps erroring out with the following.

    TASK [Run clean_tmsh_tmp_dirs script against a BIG-IP] ************************************************************************************************************** fatal: [10.1.1.15 -> localhost]: FAILED! => {"changed": false, "msg": "No JSON object could be decoded"}

    Here's the playbook:

    ---
- name: Run clean_tmsh_tmp_dirs script against BIG-IPs
  hosts: all
  connection: local
  vars:
    provider:
      password: 
      server: localhost
      user: admin
      validate_certs: no
      server_port: 443
  tasks:
  - name: Run clean_tmsh_tmp_dirs script against a BIG-IP
    bigip_command:
      commands: run /util bash -c 'yes yes | /usr/local/bin/clean_tmsh_tmp_dirs'
      provider: "{{ provider }}"
    delegate_to: localhost

     

    Thanks,

    Matt