bigip_device_httpd – Manage HTTPD related settings on BIG-IP¶

New in version 2.5.

Synopsis
Requirements
Parameters
Notes
Examples
Return Values
Status

Synopsis ¶

Manages HTTPD related settings on the BIG-IP. These settings are interesting to change when you want to set GUI timeouts and other TMUI related settings.

Requirements ¶

The below requirements are needed on the host that executes this module.

f5-sdk >= 3.0.16
requests

Parameters ¶

Parameter		Choices/Defaults	Comments
allow -			Specifies, if you have enabled HTTPD access, the IP address or address range for other systems that can communicate with this system. To specify all addresses, use the value `all`. IP address can be specified, such as 172.27.1.10. IP rangees can be specified, such as 172.27.. or 172.27.0.0/255.255.0.0.
auth_name -			Sets the BIG-IP authentication realm name.
auth_pam_dashboard_timeout boolean		Choices: no yes	Sets whether or not the BIG-IP dashboard will timeout.
auth_pam_idle_timeout -			Sets the GUI timeout for automatic logout, in seconds.
auth_pam_validate_ip boolean		Choices: no yes	Sets the authPamValidateIp setting.
fast_cgi_timeout -			Sets the timeout of FastCGI.
hostname_lookup boolean		Choices: no yes	Sets whether or not to display the hostname, if possible.
log_level -		Choices: alert crit debug emerg error info notice warn	Sets the minimum httpd log level.
max_clients -			Sets the maximum number of clients that can connect to the GUI at once.
password - / required			The password for the user account used to connect to the BIG-IP. You may omit this option by setting the environment variable `F5_PASSWORD`. aliases: pass, pwd
provider - added in 2.5		Default: None	A dict object containing connection details.
	password - / required		The password for the user account used to connect to the BIG-IP. You may omit this option by setting the environment variable `F5_PASSWORD`. aliases: pass, pwd
	server - / required		The BIG-IP host. You may omit this option by setting the environment variable `F5_SERVER`.
	server_port -	Default: 443	The BIG-IP server port. You may omit this option by setting the environment variable `F5_SERVER_PORT`.
	ssh_keyfile -		Specifies the SSH keyfile to use to authenticate the connection to the remote device. This argument is only used for cli transports. You may omit this option by setting the environment variable `ANSIBLE_NET_SSH_KEYFILE`.
	timeout -	Default: 10	Specifies the timeout in seconds for communicating with the network device for either connecting or sending commands. If the timeout is exceeded before the operation is completed, the module will error.
	transport - / required	Choices: rest cli ←	Configures the transport connection to use when connecting to the remote device.
	user - / required		The username to connect to the BIG-IP with. This user must have administrative privileges on the device. You may omit this option by setting the environment variable `F5_USER`.
	validate_certs boolean	Choices: no yes ←	If `no`, SSL certificates are not validated. Use this only on personally controlled sites using self-signed certificates. You may omit this option by setting the environment variable `F5_VALIDATE_CERTS`.
redirect_http_to_https boolean		Choices: no yes	Whether or not to redirect http requests to the GUI to https.
server - / required			The BIG-IP host. You may omit this option by setting the environment variable `F5_SERVER`.
server_port - added in 2.2		Default: 443	The BIG-IP server port. You may omit this option by setting the environment variable `F5_SERVER_PORT`.
ssl_cipher_suite - added in 2.6			Specifies the ciphers that the system uses. The values in the suite are separated by colons (:). Can be specified in either a string or list form. The list form is the recommended way to provide the cipher suite. See examples for usage. Use the value `default` to set the cipher suite to the system default. This value is equivalent to specifying a list of `ECDHE-RSA-AES128-GCM-SHA256, ECDHE-RSA-AES256-GCM-SHA384,ECDHE-RSA-AES128-SHA,ECDHE-RSA-AES256-SHA, ECDHE-RSA-AES128-SHA256,ECDHE-RSA-AES256-SHA384,ECDHE-ECDSA-AES128-GCM-SHA256, ECDHE-ECDSA-AES256-GCM-SHA384,ECDHE-ECDSA-AES128-SHA,ECDHE-ECDSA-AES256-SHA, ECDHE-ECDSA-AES128-SHA256,ECDHE-ECDSA-AES256-SHA384,AES128-GCM-SHA256, AES256-GCM-SHA384,AES128-SHA,AES256-SHA,AES128-SHA256,AES256-SHA256, ECDHE-RSA-DES-CBC3-SHA,ECDHE-ECDSA-DES-CBC3-SHA,DES-CBC3-SHA`.
ssl_port -			The HTTPS port to listen on.
ssl_protocols - added in 2.6			The list of SSL protocols to accept on the management console. A space-separated list of tokens in the format accepted by the Apache mod_ssl SSLProtocol directive. Can be specified in either a string or list form. The list form is the recommended way to provide the cipher suite. See examples for usage. Use the value `default` to set the SSL protocols to the system default. This value is equivalent to specifying a list of `all,-SSLv2,-SSLv3`.
user - / required			The username to connect to the BIG-IP with. This user must have administrative privileges on the device. You may omit this option by setting the environment variable `F5_USER`.
validate_certs boolean added in 2.0		Choices: no yes ←	If `no`, SSL certificates are not validated. Use this only on personally controlled sites using self-signed certificates. You may omit this option by setting the environment variable `F5_VALIDATE_CERTS`.

Notes ¶

Note

Requires the requests Python package on the host. This is as easy as pip install requests.
For more information on using Ansible to manage F5 Networks devices see https://www.ansible.com/integrations/networks/f5.
Requires the f5-sdk Python package on the host. This is as easy as pip install f5-sdk.
Requires BIG-IP software version >= 12.
The F5 modules only manipulate the running configuration of the F5 product. To ensure that BIG-IP specific configuration persists to disk, be sure to include at least one task that uses the bigip_config module to save the running configuration. Refer to the module’s documentation for the correct usage of the module to save your running configuration.

Examples ¶

- name: Set the BIG-IP authentication realm name
  bigip_device_httpd:
    auth_name: BIG-IP
    password: secret
    server: lb.mydomain.com
    user: admin
  delegate_to: localhost

- name: Set the auth pam timeout to 3600 seconds
  bigip_device_httpd:
    auth_pam_idle_timeout: 1200
    password: secret
    server: lb.mydomain.com
    user: admin
  delegate_to: localhost

- name: Set the validate IP settings
  bigip_device_httpd:
    auth_pam_validate_ip: on
    password: secret
    server: lb.mydomain.com
    user: admin
  delegate_to: localhost

- name: Set SSL cipher suite by list
  bigip_device_httpd:
    password: secret
    server: lb.mydomain.com
    user: admin
    ssl_cipher_suite:
      - ECDHE-RSA-AES128-GCM-SHA256
      - ECDHE-RSA-AES256-GCM-SHA384
      - ECDHE-RSA-AES128-SHA
      - AES256-SHA256
  delegate_to: localhost

- name: Set SSL cipher suite by string
  bigip_device_httpd:
    password: secret
    server: lb.mydomain.com
    user: admin
    ssl_cipher_suite: ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA:AES256-SHA256
  delegate_to: localhost

- name: Set SSL protocols by list
  bigip_device_httpd:
    password: secret
    server: lb.mydomain.com
    user: admin
    ssl_protocols:
      - all
      - -SSLv2
      - -SSLv3
  delegate_to: localhost

- name: Set SSL protocols by string
  bigip_device_httpd:
    password: secret
    server: lb.mydomain.com
    user: admin
    ssl_cipher_suite: all -SSLv2 -SSLv3
  delegate_to: localhost

Return Values ¶

Common return values are documented here, the following are the fields unique to this module:

Key	Returned	Description
auth_name string	changed	The new authentication realm name. Sample: foo
auth_pam_dashboard_timeout boolean	changed	Whether or not the BIG-IP dashboard will timeout.
auth_pam_idle_timeout string	changed	The new number of seconds for GUI timeout. Sample: 1200
auth_pam_validate_ip boolean	changed	The new authPamValidateIp setting. Sample: True
fast_cgi_timeout integer	changed	The new timeout of FastCGI. Sample: 500
hostname_lookup boolean	changed	Whether or not to display the hostname, if possible. Sample: True
log_level string	changed	The new minimum httpd log level. Sample: crit
max_clients integer	changed	The new maximum number of clients that can connect to the GUI at once. Sample: 20
redirect_http_to_https boolean	changed	Whether or not to redirect http requests to the GUI to https. Sample: True
ssl_cipher_suite string	changed	The new ciphers that the system uses. Sample: ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA
ssl_port integer	changed	The new HTTPS port to listen on. Sample: 10443
ssl_protocols string	changed	The new list of SSL protocols to accept on the management console. Sample: all -SSLv2 -SSLv3

Status ¶

This module is guaranteed to have no backward incompatible interface changes going forward. [stableinterface]
This module is maintained by an Ansible Partner. [certified]

Authors¶

Joe Reifel (@JoeReifel)
Tim Rupp (@caphrim007)

Hint

If you notice any issues in this documentation you can edit this document to improve it.

bigip_device_httpd – Manage HTTPD related settings on BIG-IP¶

Synopsis¶

Requirements¶

Parameters¶

Notes¶

Examples¶

Return Values¶

Status¶