salt.modules.bigip

An execution module which can manipulate an f5 bigip via iControl REST
maturity:

develop

platform:

f5_bigip_11.6

salt.modules.bigip.add_pool_member(hostname, username, password, name, member)

A function to connect to a bigip device and add a new member to an existing pool.

hostname

The host/address of the bigip device

username

The iControl REST username

password

The iControl REST password

name

The name of the pool to modify

member

The name of the member to add i.e. 10.1.1.2:80

CLI Example:

salt '*' bigip.add_pool_members bigip admin admin my-pool 10.2.2.1:80
salt.modules.bigip.commit_transaction(hostname, username, password, label)

A function to connect to a bigip device and commit an existing transaction.

hostname

The host/address of the bigip device

username

The iControl REST username

password

The iControl REST password

label

the label of this transaction stored within the grain: bigip_f5_trans:<label>

CLI Example:

salt '*' bigip.commit_transaction bigip admin admin my_transaction
salt.modules.bigip.create_monitor(hostname, username, password, monitor_type, name, **kwargs)

A function to connect to a bigip device and create a monitor.

hostname

The host/address of the bigip device

username

The iControl REST username

password

The iControl REST password

monitor_type

The type of monitor to create

name

The name of the monitor to create

kwargs

Consult F5 BIGIP user guide for specific options for each monitor type. Typically, tmsh arg names are used.

CLI Example:

salt '*' bigip.create_monitor bigip admin admin http my-http-monitor timeout=10 interval=5
salt.modules.bigip.create_node(hostname, username, password, name, address, trans_label=None)

A function to connect to a bigip device and create a node.

hostname

The host/address of the bigip device

username

The iControl REST username

password

The iControl REST password

name

The name of the node

address

The address of the node

trans_label

The label of the transaction stored within the grain: bigip_f5_trans:<label>

CLI Example:

salt '*' bigip.create_node bigip admin admin 10.1.1.2
salt.modules.bigip.create_pool(hostname, username, password, name, members=None, allow_nat=None, allow_snat=None, description=None, gateway_failsafe_device=None, ignore_persisted_weight=None, ip_tos_to_client=None, ip_tos_to_server=None, link_qos_to_client=None, link_qos_to_server=None, load_balancing_mode=None, min_active_members=None, min_up_members=None, min_up_members_action=None, min_up_members_checking=None, monitor=None, profiles=None, queue_depth_limit=None, queue_on_connection_limit=None, queue_time_limit=None, reselect_tries=None, service_down_action=None, slow_ramp_time=None)

A function to connect to a bigip device and create a pool.

hostname

The host/address of the bigip device

username

The iControl REST username

password

The iControl REST password

name

The name of the pool to create.

members

List of comma delimited pool members to add to the pool. i.e. 10.1.1.1:80,10.1.1.2:80,10.1.1.3:80

allow_nat

[yes | no]

allow_snat

[yes | no]

description

[string]

gateway_failsafe_device

[string]

ignore_persisted_weight

[enabled | disabled]

ip_tos_to_client

[pass-through | [integer]]

ip_tos_to_server

[pass-through | [integer]]

link_qos_to_client

[pass-through | [integer]]

link_qos_to_server

[pass-through | [integer]]

load_balancing_mode

[dynamic-ratio-member | dynamic-ratio-node | fastest-app-response | fastest-node | least-connections-members | least-connections-node | least-sessions | observed-member | observed-node | predictive-member | predictive-node | ratio-least-connections-member | ratio-least-connections-node | ratio-member | ratio-node | ratio-session | round-robin | weighted-least-connections-member | weighted-least-connections-node]

min_active_members

[integer]

min_up_members

[integer]

min_up_members_action

[failover | reboot | restart-all]

min_up_members_checking

[enabled | disabled]

monitor

[name]

profiles

[none | profile_name]

queue_depth_limit

[integer]

queue_on_connection_limit

[enabled | disabled]

queue_time_limit

[integer]

reselect_tries

[integer]

service_down_action

[drop | none | reselect | reset]

slow_ramp_time

[integer]

CLI Example:

salt '*' bigip.create_pool bigip admin admin my-pool 10.1.1.1:80,10.1.1.2:80,10.1.1.3:80 monitor=http
salt.modules.bigip.create_profile(hostname, username, password, profile_type, name, **kwargs)

A function to connect to a bigip device and create a profile.

hostname

The host/address of the bigip device

username

The iControl REST username

password

The iControl REST password

profile_type

The type of profile to create

name

The name of the profile to create

kwargs

[ arg=val ] ... [arg=key1:val1,key2:val2] ...

Consult F5 BIGIP user guide for specific options for each monitor type. Typically, tmsh arg names are used.

Creating Complex Args

Profiles can get pretty complicated in terms of the amount of possible config options. Use the following shorthand to create complex arguments such as lists, dictionaries, and lists of dictionaries. An option is also provided to pass raw json as well.

lists [i,i,i]:

param='item1,item2,item3'

Dictionary [k:v,k:v,k,v]:

param='key-1:val-1,key-2:val2,key-3:va-3'

List of Dictionaries [k:v,k:v|k:v,k:v|k:v,k:v]:

param='key-1:val-1,key-2:val-2|key-1:val-1,key-2:val-2|key-1:val-1,key-2:val-2'

JSON: 'j{ ... }j':

cert-key-chain='j{ "default": { "cert": "default.crt", "chain": "default.crt", "key": "default.key" } }j'

Escaping Delimiters:

Use \, or \: or \| to escape characters which shouldn't be treated as delimiters i.e. ciphers='DEFAULT\:!SSLv3'

CLI Example:

salt '*' bigip.create_profile bigip admin admin http my-http-profile defaultsFrom='/Common/http'
salt '*' bigip.create_profile bigip admin admin http my-http-profile defaultsFrom='/Common/http' \
    enforcement=maxHeaderCount:3200,maxRequests:10
salt.modules.bigip.create_virtual(hostname, username, password, name, destination, pool=None, address_status=None, auto_lasthop=None, bwc_policy=None, cmp_enabled=None, connection_limit=None, dhcp_relay=None, description=None, fallback_persistence=None, flow_eviction_policy=None, gtm_score=None, ip_forward=None, ip_protocol=None, internal=None, twelve_forward=None, last_hop_pool=None, mask=None, mirror=None, nat64=None, persist=None, profiles=None, policies=None, rate_class=None, rate_limit=None, rate_limit_mode=None, rate_limit_dst=None, rate_limit_src=None, rules=None, related_rules=None, reject=None, source=None, source_address_translation=None, source_port=None, state=None, traffic_classes=None, translate_address=None, translate_port=None, vlans=None)

A function to connect to a bigip device and create a virtual server.

hostname

The host/address of the bigip device

username

The iControl REST username

password

The iControl REST password

name

The name of the virtual to create

destination

[ [virtual_address_name:port] | [ipv4:port] | [ipv6.port] ]

pool

[ [pool_name] | none]

address_status

[yes | no]

auto_lasthop

[default | enabled | disabled ]

bwc_policy

[none] | string]

cmp_enabled

[yes | no]

dhcp_relay

[yes | no]

connection_limit

[integer]

description

[string]

state

[disabled | enabled]

fallback_persistence

[none | [profile name] ]

flow_eviction_policy

[none | [eviction policy name] ]

gtm_score

[integer]

ip_forward

[yes | no]

ip_protocol

[any | protocol]

internal

[yes | no]

twelve_forward

(12-forward) [yes | no]

last_hop-pool

[ [pool_name] | none]

mask

{ [ipv4] | [ipv6] }

mirror

{ [disabled | enabled | none] }

nat64

[enabled | disabled]

persist

[none | profile1,profile2,profile3 ... ]

profiles

[none | default | profile1,profile2,profile3 ... ]

policies

[none | default | policy1,policy2,policy3 ... ]

rate_class

[name]

rate_limit

[integer]

rate_limit_mode

[destination | object | object-destination | object-source | object-source-destination | source | source-destination]

rate_limit_dst

[integer]

rate_limitçsrc

[integer]

rules

[none | [rule_one,rule_two ...] ]

related_rules

[none | [rule_one,rule_two ...] ]

reject

[yes | no]

source

{ [ipv4[/prefixlen]] | [ipv6[/prefixlen]] }

source_address_translation

[none | snat:pool_name | lsn | automap ]

source_port

[change | preserve | preserve-strict]

state

[enabled | disabled]

traffic_classes

[none | default | class_one,class_two ... ]

translate_address

[enabled | disabled]

translate_port

[enabled | disabled]

vlans

[none | default | [enabled|disabled]:vlan1,vlan2,vlan3 ... ]

CLI Example:

salt '*' bigip.create_virtual bigip admin admin my-virtual-3 26.2.2.5:80 \
    pool=my-http-pool-http profiles=http,tcp

salt '*' bigip.create_virtual bigip admin admin my-virtual-3 43.2.2.5:80 \
    pool=test-http-pool-http profiles=http,websecurity persist=cookie,hash \
    policies=asm_auto_l7_policy__http-virtual \
    rules=_sys_APM_ExchangeSupport_helper,_sys_https_redirect \
    related_rules=_sys_APM_activesync,_sys_APM_ExchangeSupport_helper \
    source_address_translation=snat:my-snat-pool \
    translate_address=enabled translate_port=enabled \
    traffic_classes=my-class,other-class \
    vlans=enabled:external,internal
salt.modules.bigip.delete_monitor(hostname, username, password, monitor_type, name)

A function to connect to a bigip device and delete an existing monitor.

hostname

The host/address of the bigip device

username

The iControl REST username

password

The iControl REST password

monitor_type

The type of monitor to delete

name

The name of the monitor to delete

CLI Example:

salt '*' bigip.delete_monitor bigip admin admin http my-http-monitor
salt.modules.bigip.delete_node(hostname, username, password, name, trans_label=None)

A function to connect to a bigip device and delete a specific node.

hostname

The host/address of the bigip device

username

The iControl REST username

password

The iControl REST password

name

The name of the node which will be deleted.

trans_label

The label of the transaction stored within the grain: bigip_f5_trans:<label>

CLI Example:

salt '*' bigip.delete_node bigip admin admin my-node
salt.modules.bigip.delete_pool(hostname, username, password, name)

A function to connect to a bigip device and delete a specific pool.

hostname

The host/address of the bigip device

username

The iControl REST username

password

The iControl REST password

name

The name of the pool which will be deleted

CLI Example

salt '*' bigip.delete_node bigip admin admin my-pool
salt.modules.bigip.delete_pool_member(hostname, username, password, name, member)

A function to connect to a bigip device and delete a specific pool.

hostname

The host/address of the bigip device

username

The iControl REST username

password

The iControl REST password

name

The name of the pool to modify

member

The name of the pool member to delete

CLI Example:

salt '*' bigip.delete_pool_member bigip admin admin my-pool 10.2.2.2:80
salt.modules.bigip.delete_profile(hostname, username, password, profile_type, name)

A function to connect to a bigip device and delete an existing profile.

hostname

The host/address of the bigip device

username

The iControl REST username

password

The iControl REST password

profile_type

The type of profile to delete

name

The name of the profile to delete

CLI Example:

salt '*' bigip.delete_profile bigip admin admin http my-http-profile
salt.modules.bigip.delete_transaction(hostname, username, password, label)

A function to connect to a bigip device and delete an existing transaction.

hostname

The host/address of the bigip device

username

The iControl REST username

password

The iControl REST password

label

The label of this transaction stored within the grain: bigip_f5_trans:<label>

CLI Example:

salt '*' bigip.delete_transaction bigip admin admin my_transaction
salt.modules.bigip.delete_virtual(hostname, username, password, name)

A function to connect to a bigip device and delete a specific virtual.

hostname

The host/address of the bigip device

username

The iControl REST username

password

The iControl REST password

name

The name of the virtual to delete

CLI Example:

salt '*' bigip.delete_virtual bigip admin admin my-virtual
salt.modules.bigip.list_monitor(hostname, username, password, monitor_type, name=None)

A function to connect to a bigip device and list an existing monitor. If no name is provided than all monitors of the specified type will be listed.

hostname

The host/address of the bigip device

username

The iControl REST username

password

The iControl REST password

monitor_type

The type of monitor(s) to list

name

The name of the monitor to list

CLI Example:

salt '*' bigip.list_monitor bigip admin admin http my-http-monitor
salt.modules.bigip.list_node(hostname, username, password, name=None, trans_label=None)

A function to connect to a bigip device and list all nodes or a specific node.

hostname

The host/address of the bigip device

username

The iControl REST username

password

The iControl REST password

name

The name of the node to list. If no name is specified than all nodes will be listed.

trans_label

The label of the transaction stored within the grain: bigip_f5_trans:<label>

CLI Example:

salt '*' bigip.list_node bigip admin admin my-node
salt.modules.bigip.list_pool(hostname, username, password, name=None)

A function to connect to a bigip device and list all pools or a specific pool.

hostname

The host/address of the bigip device

username

The iControl REST username

password

The iControl REST password

name

The name of the pool to list. If no name is specified then all pools will be listed.

CLI Example:

salt '*' bigip.list_pool bigip admin admin my-pool
salt.modules.bigip.list_profile(hostname, username, password, profile_type, name=None)

A function to connect to a bigip device and list an existing profile. If no name is provided than all profiles of the specified type will be listed.

hostname

The host/address of the bigip device

username

The iControl REST username

password

The iControl REST password

profile_type

The type of profile(s) to list

name

The name of the profile to list

CLI Example:

salt '*' bigip.list_profile bigip admin admin http my-http-profile
salt.modules.bigip.list_transaction(hostname, username, password, label)

A function to connect to a bigip device and list an existing transaction.

hostname

The host/address of the bigip device

username

The iControl REST username

password

The iControl REST password

label

the label of this transaction stored within the grain: bigip_f5_trans:<label>

CLI Example:

salt '*' bigip.list_transaction bigip admin admin my_transaction
salt.modules.bigip.list_virtual(hostname, username, password, name=None)

A function to connect to a bigip device and list all virtuals or a specific virtual.

hostname

The host/address of the bigip device

username

The iControl REST username

password

The iControl REST password

name

The name of the virtual to list. If no name is specified than all virtuals will be listed.

CLI Example:

salt '*' bigip.list_virtual bigip admin admin my-virtual
salt.modules.bigip.modify_monitor(hostname, username, password, monitor_type, name, **kwargs)

A function to connect to a bigip device and modify an existing monitor.

hostname

The host/address of the bigip device

username

The iControl REST username

password

The iControl REST password

monitor_type

The type of monitor to modify

name

The name of the monitor to modify

kwargs

Consult F5 BIGIP user guide for specific options for each monitor type. Typically, tmsh arg names are used.

CLI Example:

salt '*' bigip.modify_monitor bigip admin admin http my-http-monitor  timout=16 interval=6
salt.modules.bigip.modify_node(hostname, username, password, name, connection_limit=None, description=None, dynamic_ratio=None, logging=None, monitor=None, rate_limit=None, ratio=None, session=None, state=None, trans_label=None)

A function to connect to a bigip device and modify an existing node.

hostname

The host/address of the bigip device

username

The iControl REST username

password

The iControl REST password

name

The name of the node to modify

connection_limit

[integer]

description

[string]

dynamic_ratio

[integer]

logging

[enabled | disabled]

monitor

[[name] | none | default]

rate_limit

[integer]

ratio

[integer]

session

[user-enabled | user-disabled]

state

[user-down | user-up ]

trans_label

The label of the transaction stored within the grain: bigip_f5_trans:<label>

CLI Example:

salt '*' bigip.modify_node bigip admin admin 10.1.1.2 ratio=2 logging=enabled
salt.modules.bigip.modify_pool(hostname, username, password, name, allow_nat=None, allow_snat=None, description=None, gateway_failsafe_device=None, ignore_persisted_weight=None, ip_tos_to_client=None, ip_tos_to_server=None, link_qos_to_client=None, link_qos_to_server=None, load_balancing_mode=None, min_active_members=None, min_up_members=None, min_up_members_action=None, min_up_members_checking=None, monitor=None, profiles=None, queue_depth_limit=None, queue_on_connection_limit=None, queue_time_limit=None, reselect_tries=None, service_down_action=None, slow_ramp_time=None)

A function to connect to a bigip device and modify an existing pool.

hostname

The host/address of the bigip device

username

The iControl REST username

password

The iControl REST password

name

The name of the pool to modify.

allow_nat

[yes | no]

allow_snat

[yes | no]

description

[string]

gateway_failsafe_device

[string]

ignore_persisted_weight

[yes | no]

ip_tos_to_client

[pass-through | [integer]]

ip_tos_to_server

[pass-through | [integer]]

link_qos_to_client

[pass-through | [integer]]

link_qos_to_server

[pass-through | [integer]]

load_balancing_mode

[dynamic-ratio-member | dynamic-ratio-node | fastest-app-response | fastest-node | least-connections-members | least-connections-node | least-sessions | observed-member | observed-node | predictive-member | predictive-node | ratio-least-connections-member | ratio-least-connections-node | ratio-member | ratio-node | ratio-session | round-robin | weighted-least-connections-member | weighted-least-connections-node]

min_active_members

[integer]

min_up_members

[integer]

min_up_members_action

[failover | reboot | restart-all]

min_up_members_checking

[enabled | disabled]

monitor

[name]

profiles

[none | profile_name]

queue_on_connection_limit

[enabled | disabled]

queue_depth_limit

[integer]

queue_time_limit

[integer]

reselect_tries

[integer]

service_down_action

[drop | none | reselect | reset]

slow_ramp_time

[integer]

CLI Example:

salt '*' bigip.modify_pool bigip admin admin my-pool 10.1.1.1:80,10.1.1.2:80,10.1.1.3:80 min_active_members=1
salt.modules.bigip.modify_pool_member(hostname, username, password, name, member, connection_limit=None, description=None, dynamic_ratio=None, inherit_profile=None, logging=None, monitor=None, priority_group=None, profiles=None, rate_limit=None, ratio=None, session=None, state=None)

A function to connect to a bigip device and modify an existing member of a pool.

hostname

The host/address of the bigip device

username

The iControl REST username

password

The iControl REST password

name

The name of the pool to modify

member

The name of the member to modify i.e. 10.1.1.2:80

connection_limit

[integer]

description

[string]

dynamic_ratio

[integer]

inherit_profile

[enabled | disabled]

logging

[enabled | disabled]

monitor

[name]

priority_group

[integer]

profiles

[none | profile_name]

rate_limit

[integer]

ratio

[integer]

session

[user-enabled | user-disabled]

state

[ user-up | user-down ]

CLI Example:

salt '*' bigip.modify_pool_member bigip admin admin my-pool 10.2.2.1:80 state=use-down session=user-disabled
salt.modules.bigip.modify_profile(hostname, username, password, profile_type, name, **kwargs)

A function to connect to a bigip device and create a profile.

A function to connect to a bigip device and create a profile.

hostname

The host/address of the bigip device

username

The iControl REST username

password

The iControl REST password

profile_type

The type of profile to create

name

The name of the profile to create

kwargs

[ arg=val ] ... [arg=key1:val1,key2:val2] ...

Consult F5 BIGIP user guide for specific options for each monitor type. Typically, tmsh arg names are used.

Creating Complex Args

Profiles can get pretty complicated in terms of the amount of possible config options. Use the following shorthand to create complex arguments such as lists, dictionaries, and lists of dictionaries. An option is also provided to pass raw json as well.

lists [i,i,i]:

param='item1,item2,item3'

Dictionary [k:v,k:v,k,v]:

param='key-1:val-1,key-2:val2,key-3:va-3'

List of Dictionaries [k:v,k:v|k:v,k:v|k:v,k:v]:

param='key-1:val-1,key-2:val-2|key-1:val-1,key-2:val-2|key-1:val-1,key-2:val-2'

JSON: 'j{ ... }j':

cert-key-chain='j{ "default": { "cert": "default.crt", "chain": "default.crt", "key": "default.key" } }j'

Escaping Delimiters:

Use \, or \: or \| to escape characters which shouldn't be treated as delimiters i.e. ciphers='DEFAULT\:!SSLv3'

CLI Example:

salt '*' bigip.modify_profile bigip admin admin http my-http-profile defaultsFrom='/Common/http'

salt '*' bigip.modify_profile bigip admin admin http my-http-profile defaultsFrom='/Common/http' \
    enforcement=maxHeaderCount:3200,maxRequests:10

salt '*' bigip.modify_profile bigip admin admin client-ssl my-client-ssl-1 retainCertificate=false \
    ciphers='DEFAULT\:!SSLv3'
    cert_key_chain='j{ "default": { "cert": "default.crt", "chain": "default.crt", "key": "default.key" } }j'
salt.modules.bigip.modify_virtual(hostname, username, password, name, destination=None, pool=None, address_status=None, auto_lasthop=None, bwc_policy=None, cmp_enabled=None, connection_limit=None, dhcp_relay=None, description=None, fallback_persistence=None, flow_eviction_policy=None, gtm_score=None, ip_forward=None, ip_protocol=None, internal=None, twelve_forward=None, last_hop_pool=None, mask=None, mirror=None, nat64=None, persist=None, profiles=None, policies=None, rate_class=None, rate_limit=None, rate_limit_mode=None, rate_limit_dst=None, rate_limit_src=None, rules=None, related_rules=None, reject=None, source=None, source_address_translation=None, source_port=None, state=None, traffic_classes=None, translate_address=None, translate_port=None, vlans=None)

A function to connect to a bigip device and modify an existing virtual server.

hostname

The host/address of the bigip device

username

The iControl REST username

password

The iControl REST password

name

The name of the virtual to modify

destination

[ [virtual_address_name:port] | [ipv4:port] | [ipv6.port] ]

pool

[ [pool_name] | none]

address_status

[yes | no]

auto_lasthop

[default | enabled | disabled ]

bwc_policy

[none] | string]

cmp_enabled

[yes | no]

dhcp_relay

[yes | no}

connection_limit

[integer]

description

[string]

state

[disabled | enabled]

fallback_persistence

[none | [profile name] ]

flow_eviction_policy

[none | [eviction policy name] ]

gtm_score

[integer]

ip_forward

[yes | no]

ip_protocol

[any | protocol]

internal

[yes | no]

twelve_forward

(12-forward) [yes | no]

last_hop-pool

[ [pool_name] | none]

mask

{ [ipv4] | [ipv6] }

mirror

{ [disabled | enabled | none] }

nat64

[enabled | disabled]

persist

[none | profile1,profile2,profile3 ... ]

profiles

[none | default | profile1,profile2,profile3 ... ]

policies

[none | default | policy1,policy2,policy3 ... ]

rate_class

[name]

rate_limit

[integer]

rate_limitr_mode

[destination | object | object-destination | object-source | object-source-destination | source | source-destination]

rate_limit_dst

[integer]

rate_limit_src

[integer]

rules

[none | [rule_one,rule_two ...] ]

related_rules

[none | [rule_one,rule_two ...] ]

reject

[yes | no]

source

{ [ipv4[/prefixlen]] | [ipv6[/prefixlen]] }

source_address_translation

[none | snat:pool_name | lsn | automap ]

source_port

[change | preserve | preserve-strict]

state

[enabled | disable]

traffic_classes

[none | default | class_one,class_two ... ]

translate_address

[enabled | disabled]

translate_port

[enabled | disabled]

vlans

[none | default | [enabled|disabled]:vlan1,vlan2,vlan3 ... ]

CLI Example:

salt '*' bigip.modify_virtual bigip admin admin my-virtual source_address_translation=none
salt '*' bigip.modify_virtual bigip admin admin my-virtual rules=my-rule,my-other-rule
salt.modules.bigip.replace_pool_members(hostname, username, password, name, members)

A function to connect to a bigip device and replace members of an existing pool with new members.

hostname

The host/address of the bigip device

username

The iControl REST username

password

The iControl REST password

name

The name of the pool to modify

members

List of comma delimited pool members to replace existing members with. i.e. 10.1.1.1:80,10.1.1.2:80,10.1.1.3:80

CLI Example:

salt '*' bigip.replace_pool_members bigip admin admin my-pool 10.2.2.1:80,10.2.2.2:80,10.2.2.3:80
salt.modules.bigip.start_transaction(hostname, username, password, label)

A function to connect to a bigip device and start a new transaction.

hostname

The host/address of the bigip device

username

The iControl REST username

password

The iControl REST password

label

The name / alias for this transaction. The actual transaction id will be stored within a grain called bigip_f5_trans:<label>

CLI Example:

salt '*' bigip.start_transaction bigip admin admin my_transaction

Generated on October 23, 2024 at 09:02:06 UTC.

You are viewing docs for the latest stable release, 3007.1. Switch to docs for the previous stable release, 3006.9, or to a recent doc build from the master branch.


saltproject.io

© 2024 VMware, Inc. | Privacy Policy