- 18 Mar 2024
-
DarkLight
-
PDF
Ansible F5 Device Provider Object
- Updated on 18 Mar 2024
-
DarkLight
-
PDF
When monitoring and configuring F5 (also referred to as F5 BIG-IP) network devices via Ansible, a provider
dictionary object that contains connection information and credentials is required to access a device. The object is passed as an argument to the Ansible modules (i.e., bigip_command
, bigip_config
, etc.) that manage the device. When using the Automation Gateway module execution API to run Ansible bigip
modules, the provider object is required to be in JSON format. Below is the JSON schema for the provider object found in the F5-BIGiP
module decorations certified by Itential. Additional information about the provider object can be found in the Ansible documentation.
"provider": {
"description": "A dictionary object containing connection details.",
"type": "object",
"properties": {
"password": {
"description": "The password for the user account used to connect to the BIG-IP. You can omit this option if the environment variable C(F5_PASSWORD) is set.",
"type": "string"
},
"server": {
"description": "The BIG-IP host. You can omit this option if the environment variable C(F5_SERVER is set.",
"type": "string"
},
"server_port": {
"description": "The BIG-IP server port. You can omit this option if the environment variable C(F5_SERVER_PORT) is set.",
"default": 443,
"type": "integer"
},
"user": {
"description": "The username to connect to the BIG-IP with. This user must have administrative privileges on the device. You can omit this option if the environment variable C(F5_USER) is set.",
"type": "string"
},
"validate_certs": {
"description": "If C(no), SSL certificates will not be validated. Use this only on personally controlled sites using self-signed certificates. You can omit this option if the environment variable C(F5_VALIDATE_CERTS) is set.",
"default": true,
"type": "boolean"
},
"timeout": {
"description": "Specifies the timeout in seconds for communicating with the network device for either connecting or sending commands. If the timeout is exceeded before the operation is completed, the module will error.",
"default": 10,
"type": "integer"
},
"ssh_keyfile": {
"description": "Specifies the SSH keyfile to use to authenticate the connection to the remote device. This argument is only used for I(cli) transports. If the value is not specified in the task, the value of environment variable C(ANSIBLE_NET_SSH_KEYFILE) will be used instead.",
"type": "string"
},
"transport": {
"description": "Configures the transport connection to use when connecting to the remote device.",
"default": "rest",
"type": "string",
"enum": [
"cli",
"rest"
]
}
},
"anyOf": [
{"required": ["password"]},
{"required": ["ssh_keyfile"]}
],
"required": [
"server",
"user"
]
}
ansible_provider Inventory Variable
Starting in release 2019.3, in addition to support for Ansible connection inventory variables (i.e., ansible_host
, ansible_connection
, ansible_network_os
, etc.), support has been added for the Automation Gateway specific inventory variable ansible_provider
. This variable is of type object and supports the exact same fields as the F5 provider object shown in the JSON schema. Like all other inventory variables, this variable is added when configuring a device using the AG device APIs, or included in the Ansible device inventory file when running in external inventory mode.
Sample F5 Device Inventory Configuration
{
"name": "f5_host",
"variables": {
"ansible_connection": "local",
"ansible_network_os": "bigip",
"ansible_provider": {
"server": "bigip01-host",
"user": "sample_user",
"password": "sample_password",
"validate_certs": false
},
"ansible_host": "bigip01-host"
}
}
In order to avoid AG clients having to include a JSON provider object for each F5-BIGIP
module execution, AG will now automatically construct the object using the contents of the ansible_provider
inventory variable fields and add it as a module execution argument. The ansible_network_os
variable must be set to bigp
and be present at the host level for this conversion to occur. If a provider object is already present as a module argument, the contents of the argument will be used instead of the contents of the host's ansible_provider
inventory variable.
Note: When managing F5 devices via the Itential provided roles (i.e.
itential_cli
,itential_get_config
, etc.), theansible_provider
inventory variable must be configured for the F5 devices that are present in thehosts
parameter of the Automation Gateway role execution API.
Sample INI Inventory File with ansible_provider Variable
Note: The variable
ansible_provider
must be a valid JSON string passed in single quotes ('
).
[F5_Group]
F5_device1 ansible_host=172.20.100.53 ansible_connection=local ansible_network_os=bigip ansible_provider='{"server":"172.20.100.53","user":"admin","password":"admin","validate_certs":false}'
Sample F5 Module Execution Request
{"hosts":["f5_host"],"args":{"commands":["show sys clock"]}}
Sample F5 Module Execution Response
[
{
"module": "bigip_command",
"task": "bigip_command",
"host": "f5_host",
"status": "SUCCESS",
"argument_warnings": null,
"results": {
"executed_commands": [
"tmsh -c \\\"show sys clock\\\""
],
"changed": false,
"stdout": [
"----------------------------\nSys::Clock\n----------------------------\nMon Dec 02 17:25:39 EST 2019"
],
"stdout_lines": [
[
"----------------------------",
"Sys::Clock",
"----------------------------",
"Mon Dec 02 17:25:39 EST 2019"
]
]
}
}
]