Help
Technical Forum
Ask questions. Discover Answers.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Technical Forum Quicklinks: No Replies | Active-Not Solved | Recent Solutions

BIG-IP & Ansible configuration of "External Users"

Go to solution
seamlessfirework
Altocumulus
Altocumulus

‎04-Apr-2023 03:14

Hey gus

I was wondering if I can configure the "External Users" through an Ansible playbook. In the official Ansible documentation I did not find a solution for that.

Screenshot 2023-04-04 at 11.52.14.png

In my case any user is authenticated against a Cisco TACACS+ appliance. If I leave the knob to "No Access" I cannot connect through SSH to the BIG-IP

Labels:
0 Kudos
1 ACCEPTED SOLUTION

Go to solution
Sebastian_Maniak
MVP
MVP

‎05-Apr-2023 16:28

Yes you can, since there is no ansible module for it you can use the two follow options. 

1.  You can use the F5 DO module and deploy the base configuration using f5 declarative objects. https://clouddocs.f5.com/products/extensions/f5-declarative-onboarding/latest/declarations/auth.html

Then use ansbile to send an f5 DO to the device. (Remember you don't need the entire Config, you can split the files up and just have a tacacs+ Config). 

 

2. Using ansbile you can just send tmsh command. Just add the commands that you would do in the cli using bigip_command 

    - name: command
      bigip_command:
        commands:
          - list sys crypto

 

View solution in original post

4 REPLIES 4

Go to solution
Leslie_Hubertus
Community Manager
Community Manager

‎05-Apr-2023 16:16

Hi @seamlessfirework - @Matt_Mabis can probably help you with this, or maybe @Sebastian_Maniak.

 

0 Kudos

Go to solution
Sebastian_Maniak
MVP
MVP

‎05-Apr-2023 16:28

Yes you can, since there is no ansible module for it you can use the two follow options. 

1.  You can use the F5 DO module and deploy the base configuration using f5 declarative objects. https://clouddocs.f5.com/products/extensions/f5-declarative-onboarding/latest/declarations/auth.html

Then use ansbile to send an f5 DO to the device. (Remember you don't need the entire Config, you can split the files up and just have a tacacs+ Config). 

 

2. Using ansbile you can just send tmsh command. Just add the commands that you would do in the cli using bigip_command 

    - name: command
      bigip_command:
        commands:
          - list sys crypto

 

Go to solution
seamlessfirework
Altocumulus
Altocumulus
In response to Sebastian_Maniak

‎06-Apr-2023 05:18

Thanks Sebastian. Since we are not on F5 DO yet I will give sending commands through Ansible a hit.

0 Kudos

Go to solution
seamlessfirework
Altocumulus
Altocumulus
In response to Sebastian_Maniak

‎12-Apr-2023 04:18

It worked out by sending a TMSH command through a playbook. The DO stuff is the next step. Thanks again @Sebastian_Maniak 

0 Kudos
Copyright © 2023 Khoros, LLC