bigip_device_httpd - Manage HTTPD related settings on BIG-IP
Synopsis
- Manages HTTPD related settings on the BIG-IP. These settings are interesting to change when you want to set GUI timeouts and other TMUI related settings.
Requirements
The below requirements are needed on the host that executes this module.
- f5-sdk >= 3.0.9
- requests
Parameters
| Parameter | Choices/Defaults | Comments | |
|---|---|---|---|
| allow |
Specifies, if you have enabled HTTPD access, the IP address or address range for other systems that can communicate with this system.
To specify all addresses, use the value
all.
IP address can be specified, such as 172.27.1.10.
IP rangees can be specified, such as 172.27.*.* or 172.27.0.0/255.255.0.0.
|
||
| auth_name |
Sets the BIG-IP authentication realm name.
|
||
| auth_pam_dashboard_timeout
bool
|
|
Sets whether or not the BIG-IP dashboard will timeout.
|
|
| auth_pam_idle_timeout |
Sets the GUI timeout for automatic logout, in seconds.
|
||
| auth_pam_validate_ip
bool
|
|
Sets the authPamValidateIp setting.
|
|
| fast_cgi_timeout |
Sets the timeout of FastCGI.
|
||
| hostname_lookup
bool
|
|
Sets whether or not to display the hostname, if possible.
|
|
| log_level |
|
Sets the minimum httpd log level.
|
|
| max_clients |
Sets the maximum number of clients that can connect to the GUI at once.
|
||
| password
required
|
The password for the user account used to connect to the BIG-IP. You can omit this option if the environment variable
F5_PASSWORD is set.
aliases: pass, pwd |
||
| provider
(added in 2.5)
|
A dict object containing connection details.
|
||
| password
required
|
The password for the user account used to connect to the BIG-IP. You can omit this option if the environment variable
F5_PASSWORD is set.
aliases: pass, pwd |
||
| server
required
|
The BIG-IP host. You can omit this option if the environment variable
F5_SERVER is set.
|
||
| server_port | Default:
443
|
The BIG-IP server port. You can omit this option if the environment variable
F5_SERVER_PORT is set.
|
|
| user
required
|
The username to connect to the BIG-IP with. This user must have administrative privileges on the device. You can omit this option if the environment variable
F5_USER is set.
|
||
| validate_certs
bool
|
|
If
no, SSL certificates will not be validated. Use this only on personally controlled sites using self-signed certificates. You can omit this option if the environment variable
F5_VALIDATE_CERTS is set.
|
|
| timeout | Default:
10
|
Specifies the timeout in seconds for communicating with the network device for either connecting or sending commands. If the timeout is exceeded before the operation is completed, the module will error.
|
|
| ssh_keyfile |
Specifies the SSH keyfile to use to authenticate the connection to the remote device. This argument is only used for
cli transports. If the value is not specified in the task, the value of environment variable
ANSIBLE_NET_SSH_KEYFILE will be used instead.
|
||
| transport
required
|
|
Configures the transport connection to use when connecting to the remote device.
|
|
| redirect_http_to_https
bool
|
|
Whether or not to redirect http requests to the GUI to https.
|
|
| server
required
|
The BIG-IP host. You can omit this option if the environment variable
F5_SERVER is set.
|
||
| server_port
(added in 2.2)
|
Default:
443
|
The BIG-IP server port. You can omit this option if the environment variable
F5_SERVER_PORT is set.
|
|
| ssl_cipher_suite
(added in 2.6)
|
Specifies the ciphers that the system uses.
The values in the suite are separated by colons (:).
Can be specified in either a string or list form. The list form is the recommended way to provide the cipher suite. See examples for usage.
Use the value
default to set the cipher suite to the system default. This value is equivalent to specifying a list of
ECDHE-RSA-AES128-GCM-SHA256, ECDHE-RSA-AES256-GCM-SHA384,ECDHE-RSA-AES128-SHA,ECDHE-RSA-AES256-SHA, ECDHE-RSA-AES128-SHA256,ECDHE-RSA-AES256-SHA384,ECDHE-ECDSA-AES128-GCM-SHA256, ECDHE-ECDSA-AES256-GCM-SHA384,ECDHE-ECDSA-AES128-SHA,ECDHE-ECDSA-AES256-SHA, ECDHE-ECDSA-AES128-SHA256,ECDHE-ECDSA-AES256-SHA384,AES128-GCM-SHA256, AES256-GCM-SHA384,AES128-SHA,AES256-SHA,AES128-SHA256,AES256-SHA256, ECDHE-RSA-DES-CBC3-SHA,ECDHE-ECDSA-DES-CBC3-SHA,DES-CBC3-SHA.
|
||
| ssl_port |
The HTTPS port to listen on.
|
||
| ssl_protocols
(added in 2.6)
|
The list of SSL protocols to accept on the management console.
A space-separated list of tokens in the format accepted by the Apache mod_ssl SSLProtocol directive.
Can be specified in either a string or list form. The list form is the recommended way to provide the cipher suite. See examples for usage.
Use the value
default to set the SSL protocols to the system default. This value is equivalent to specifying a list of
all,-SSLv2,-SSLv3.
|
||
| user
required
|
The username to connect to the BIG-IP with. This user must have administrative privileges on the device. You can omit this option if the environment variable
F5_USER is set.
|
||
| validate_certs
bool
(added in 2.0)
|
|
If
no, SSL certificates will not be validated. Use this only on personally controlled sites using self-signed certificates. You can omit this option if the environment variable
F5_VALIDATE_CERTS is set.
|
|
Notes
Note
- Requires the requests Python package on the host. This is as easy as
pip install requests. - For more information on using Ansible to manage F5 Networks devices see https://www.ansible.com/integrations/networks/f5.
- Requires the f5-sdk Python package on the host. This is as easy as
pip install f5-sdk.
Examples
- name: Set the BIG-IP authentication realm name
bigip_device_httpd:
auth_name: BIG-IP
password: secret
server: lb.mydomain.com
user: admin
delegate_to: localhost
- name: Set the auth pam timeout to 3600 seconds
bigip_device_httpd:
auth_pam_idle_timeout: 1200
password: secret
server: lb.mydomain.com
user: admin
delegate_to: localhost
- name: Set the validate IP settings
bigip_device_httpd:
auth_pam_validate_ip: on
password: secret
server: lb.mydomain.com
user: admin
delegate_to: localhost
- name: Set SSL cipher suite by list
bigip_device_httpd:
password: secret
server: lb.mydomain.com
user: admin
ssl_cipher_suite:
- ECDHE-RSA-AES128-GCM-SHA256
- ECDHE-RSA-AES256-GCM-SHA384
- ECDHE-RSA-AES128-SHA
- AES256-SHA256
delegate_to: localhost
- name: Set SSL cipher suite by string
bigip_device_httpd:
password: secret
server: lb.mydomain.com
user: admin
ssl_cipher_suite: ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA:AES256-SHA256
delegate_to: localhost
- name: Set SSL protocols by list
bigip_device_httpd:
password: secret
server: lb.mydomain.com
user: admin
ssl_protocols:
- all
- -SSLv2
- -SSLv3
delegate_to: localhost
- name: Set SSL protocols by string
bigip_device_httpd:
password: secret
server: lb.mydomain.com
user: admin
ssl_cipher_suite: all -SSLv2 -SSLv3
delegate_to: localhost
Return Values
Common return values are documented here, the following are the fields unique to this module:
| Key | Returned | Description |
|---|---|---|
| auth_name
string
|
changed |
The new authentication realm name.
Sample:
foo
|
| auth_pam_dashboard_timeout
bool
|
changed |
Whether or not the BIG-IP dashboard will timeout.
|
| auth_pam_idle_timeout
string
|
changed |
The new number of seconds for GUI timeout.
Sample:
1200
|
| auth_pam_validate_ip
bool
|
changed |
The new authPamValidateIp setting.
Sample:
True
|
| fast_cgi_timeout
int
|
changed |
The new timeout of FastCGI.
Sample:
500
|
| hostname_lookup
bool
|
changed |
Whether or not to display the hostname, if possible.
Sample:
True
|
| log_level
string
|
changed |
The new minimum httpd log level.
Sample:
crit
|
| max_clients
int
|
changed |
The new maximum number of clients that can connect to the GUI at once.
Sample:
20
|
| redirect_http_to_https
bool
|
changed |
Whether or not to redirect http requests to the GUI to https.
Sample:
True
|
| ssl_cipher_suite
string
|
changed |
The new ciphers that the system uses.
Sample:
ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA
|
| ssl_port
int
|
changed |
The new HTTPS port to listen on.
Sample:
10443
|
| ssl_protocols
string
|
changed |
The new list of SSL protocols to accept on the management console.
Sample:
all -SSLv2 -SSLv3
|
Status
This module is flagged as stableinterface which means that the maintainers for this module guarantee that no backward incompatible interface changes will be made.
Maintenance
This module is flagged as community which means that it is maintained by the Ansible Community. See Module Maintenance & Support for more info.
For a list of other modules that are also maintained by the Ansible Community, see here.
Author
- Joe Reifel (@JoeReifel)
- Tim Rupp (@caphrim007)
Hint
If you notice any issues in this documentation you can edit this document to improve it.
© 2012–2018 Michael DeHaan
© 2018–2019 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/2.6/modules/bigip_device_httpd_module.html
