For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Existing Ansible BIG-IP modules

Right around the time that I started at F5, I was at the pinnacle of my exposure to Ansible. So imagine my surprise when I saw BIG-IP modules in the Ansible core product! I immediately wanted to know...
Updated Jun 06, 2023
Version 2.0
Ansible
BIG-IP
devops
iControl
Soenke_Jacobs's avatar
Soenke_Jacobs
Icon for Nimbostratus rankNimbostratus
Jun 16, 2017

Hi Cool_Y,

there is another way in ansible to create or modify Client SSL Profiles via tmsh command:

-name: "create clientssl profile {{ ClientSSLProfileName }}"

command: > 
            tmsh create ltm profile client-ssl {{ ClientSSLProfileName }} 
            {% if DefaultCiphers is defined %} ciphers {{ DefaultCiphers }}{% endif %} 
            {% if ClientSSLOptions is defined %} options {{ ClientSSLOptions }}{% endif %} 
            {% if ClientSSLDefaultProfile is defined %} defaults-from {{ ClientSSLDefaultProfile }}{% endif %} 
            {% if SSLCertName is defined %} cert {{ SSLCertName }}{% endif %} 
            {% if SSLKeyName is defined %} key {{ SSLKeyName }}{% endif %} 
            {% if SSLChainName is defined %} chain {{ SSLChainName }}{% endif %}

This seemed to be very complex, but it isn't with some explanations.

If you want to create a Client SSL Profile, you wouln't specify all parameters (like ciphers) to it, because most parameters will be set in the Parent Profile. Every if-clause checks, if there is a value for the given paramter in the playbook and if not, this parameter/value pair wouldn' t be put to the tmsh command.

To modify a Client SSL Profile you have to replace create with modify in the tmsh command.

Best regards,

Soenke