salt.modules.bigip

An execution module which can manipulate an f5 bigip via iControl REST
maturity:develop
platform:f5_bigip_11.6
salt.modules.bigip.add_pool_member(hostname, username, password, name, member)

A function to connect to a bigip device and add a new member to an existing pool.

hostname
The host/address of the bigip device
username
The iControl REST username
password
The iControl REST password
name
The name of the pool to modify
member
The name of the member to add i.e. 10.1.1.2:80

CLI Example:

salt '*' bigip.add_pool_members bigip admin admin my-pool 10.2.2.1:80
salt.modules.bigip.commit_transaction(hostname, username, password, label)

A function to connect to a bigip device and commit an existing transaction.

hostname
The host/address of the bigip device
username
The iControl REST username
password
The iControl REST password
label
the label of this transaction stored within the grain: bigip_f5_trans:<label>

CLI Example:

salt '*' bigip.commit_transaction bigip admin admin my_transaction
salt.modules.bigip.create_monitor(hostname, username, password, monitor_type, name, **kwargs)

A function to connect to a bigip device and create a monitor.

hostname
The host/address of the bigip device
username
The iControl REST username
password
The iControl REST password
monitor_type
The type of monitor to create
name
The name of the monitor to create
kwargs
Consult F5 BIGIP user guide for specific options for each monitor type. Typically, tmsh arg names are used.

CLI Example:

salt '*' bigip.create_monitor bigip admin admin http my-http-monitor timeout=10 interval=5
salt.modules.bigip.create_node(hostname, username, password, name, address, trans_label=None)

A function to connect to a bigip device and create a node.

hostname
The host/address of the bigip device
username
The iControl REST username
password
The iControl REST password
name
The name of the node
address
The address of the node
trans_label
The label of the transaction stored within the grain: bigip_f5_trans:<label>

CLI Example:

salt '*' bigip.create_node bigip admin admin 10.1.1.2
salt.modules.bigip.create_pool(hostname, username, password, name, members=None, allow_nat=None, allow_snat=None, description=None, gateway_failsafe_device=None, ignore_persisted_weight=None, ip_tos_to_client=None, ip_tos_to_server=None, link_qos_to_client=None, link_qos_to_server=None, load_balancing_mode=None, min_active_members=None, min_up_members=None, min_up_members_action=None, min_up_members_checking=None, monitor=None, profiles=None, queue_depth_limit=None, queue_on_connection_limit=None, queue_time_limit=None, reselect_tries=None, service_down_action=None, slow_ramp_time=None)

A function to connect to a bigip device and create a pool.

hostname
The host/address of the bigip device
username
The iControl REST username
password
The iControl REST password
name
The name of the pool to create.
members
List of comma delimited pool members to add to the pool. i.e. 10.1.1.1:80,10.1.1.2:80,10.1.1.3:80
allow_nat
[yes | no]
allow_snat
[yes | no]
description
[string]
gateway_failsafe_device
[string]
ignore_persisted_weight
[enabled | disabled]
ip_tos_to_client
[pass-through | [integer]]
ip_tos_to_server
[pass-through | [integer]]
link_qos_to_client
[pass-through | [integer]]
link_qos_to_server
[pass-through | [integer]]
load_balancing_mode
[dynamic-ratio-member | dynamic-ratio-node | fastest-app-response | fastest-node | least-connections-members | least-connections-node | least-sessions | observed-member | observed-node | predictive-member | predictive-node | ratio-least-connections-member | ratio-least-connections-node | ratio-member | ratio-node | ratio-session | round-robin | weighted-least-connections-member | weighted-least-connections-node]
min_active_members
[integer]
min_up_members
[integer]
min_up_members_action
[failover | reboot | restart-all]
min_up_members_checking
[enabled | disabled]
monitor
[name]
profiles
[none | profile_name]
queue_depth_limit
[integer]
queue_on_connection_limit
[enabled | disabled]
queue_time_limit
[integer]
reselect_tries
[integer]
service_down_action
[drop | none | reselect | reset]
slow_ramp_time
[integer]

CLI Example:

salt '*' bigip.create_pool bigip admin admin my-pool 10.1.1.1:80,10.1.1.2:80,10.1.1.3:80 monitor=http
salt.modules.bigip.create_profile(hostname, username, password, profile_type, name, **kwargs)

A function to connect to a bigip device and create a profile.

hostname
The host/address of the bigip device
username
The iControl REST username
password
The iControl REST password
profile_type
The type of profile to create
name
The name of the profile to create
kwargs

[ arg=val ] ... [arg=key1:val1,key2:val2] ...

Consult F5 BIGIP user guide for specific options for each monitor type. Typically, tmsh arg names are used.

Creating Complex Args

Profiles can get pretty complicated in terms of the amount of possible config options. Use the following shorthand to create complex arguments such as lists, dictionaries, and lists of dictionaries. An option is also provided to pass raw json as well.

lists [i,i,i]:
param='item1,item2,item3'
Dictionary [k:v,k:v,k,v]:
param='key-1:val-1,key-2:val2,key-3:va-3'
List of Dictionaries [k:v,k:v|k:v,k:v|k:v,k:v]:
param='key-1:val-1,key-2:val-2|key-1:val-1,key-2:val-2|key-1:val-1,key-2:val-2'
JSON: 'j{ ... }j':
cert-key-chain='j{ "default": { "cert": "default.crt", "chain": "default.crt", "key": "default.key" } }j'
Escaping Delimiters:
Use \, or \: or \| to escape characters which shouldn't be treated as delimiters i.e. ciphers='DEFAULT\:!SSLv3'

CLI Examples:

salt '*' bigip.create_profile bigip admin admin http my-http-profile defaultsFrom='/Common/http'
salt '*' bigip.create_profile bigip admin admin http my-http-profile defaultsFrom='/Common/http' \
    enforcement=maxHeaderCount:3200,maxRequests:10
salt.modules.bigip.create_virtual(hostname, username, password, name, destination, pool=None, address_status=None, auto_lasthop=None, bwc_policy=None, cmp_enabled=None, connection_limit=None, dhcp_relay=None, description=None, fallback_persistence=None, flow_eviction_policy=None, gtm_score=None, ip_forward=None, ip_protocol=None, internal=None, twelve_forward=None, last_hop_pool=None, mask=None, mirror=None, nat64=None, persist=None, profiles=None, policies=None, rate_class=None, rate_limit=None, rate_limit_mode=None, rate_limit_dst=None, rate_limit_src=None, rules=None, related_rules=None, reject=None, source=None, source_address_translation=None, source_port=None, state=None, traffic_classes=None, translate_address=None, translate_port=None, vlans=None)

A function to connect to a bigip device and create a virtual server.

hostname
The host/address of the bigip device
username
The iControl REST username
password
The iControl REST password
name
The name of the virtual to create
destination
[ [virtual_address_name:port] | [ipv4:port] | [ipv6.port] ]
pool
[ [pool_name] | none]
address_status
[yes | no]
auto_lasthop
[default | enabled | disabled ]
bwc_policy
[none] | string]
cmp_enabled
[yes | no]
dhcp_relay
[yes | no]
connection_limit
[integer]
description
[string]
state
[disabled | enabled]
fallback_persistence
[none | [profile name] ]
flow_eviction_policy
[none | [eviction policy name] ]
gtm_score
[integer]
ip_forward
[yes | no]
ip_protocol
[any | protocol]
internal
[yes | no]
twelve_forward
(12-forward) [yes | no]
last_hop-pool
[ [pool_name] | none]
mask
{ [ipv4] | [ipv6] }
mirror
{ [disabled | enabled | none] }
nat64
[enabled | disabled]
persist
[none | profile1,profile2,profile3 ... ]
profiles
[none | default | profile1,profile2,profile3 ... ]
policies
[none | default | policy1,policy2,policy3 ... ]
rate_class
[name]
rate_limit
[integer]
rate_limit_mode
[destination | object | object-destination | object-source | object-source-destination | source | source-destination]
rate_limit_dst
[integer]
rate_limitçsrc
[integer]
rules
[none | [rule_one,rule_two ...] ]
related_rules
[none | [rule_one,rule_two ...] ]
reject
[yes | no]
source
{ [ipv4[/prefixlen]] | [ipv6[/prefixlen]] }
source_address_translation
[none | snat:pool_name | lsn | automap ]
source_port
[change | preserve | preserve-strict]
state
[enabled | disabled]
traffic_classes
[none | default | class_one,class_two ... ]
translate_address
[enabled | disabled]
translate_port
[enabled | disabled]
vlans
[none | default | [enabled|disabled]:vlan1,vlan2,vlan3 ... ]

CLI Examples:

salt '*' bigip.create_virtual bigip admin admin my-virtual-3 26.2.2.5:80 \
    pool=my-http-pool-http profiles=http,tcp

salt '*' bigip.create_virtual bigip admin admin my-virtual-3 43.2.2.5:80 \
    pool=test-http-pool-http profiles=http,websecurity persist=cookie,hash \
    policies=asm_auto_l7_policy__http-virtual \
    rules=_sys_APM_ExchangeSupport_helper,_sys_https_redirect \
    related_rules=_sys_APM_activesync,_sys_APM_ExchangeSupport_helper \
    source_address_translation=snat:my-snat-pool \
    translate_address=enabled translate_port=enabled \
    traffic_classes=my-class,other-class \
    vlans=enabled:external,internal
salt.modules.bigip.delete_monitor(hostname, username, password, monitor_type, name)

A function to connect to a bigip device and delete an existing monitor.

hostname
The host/address of the bigip device
username
The iControl REST username
password
The iControl REST password
monitor_type
The type of monitor to delete
name
The name of the monitor to delete

CLI Example:

salt '*' bigip.delete_monitor bigip admin admin http my-http-monitor
salt.modules.bigip.delete_node(hostname, username, password, name, trans_label=None)

A function to connect to a bigip device and delete a specific node.

hostname
The host/address of the bigip device
username
The iControl REST username
password
The iControl REST password
name
The name of the node which will be deleted.
trans_label
The label of the transaction stored within the grain: bigip_f5_trans:<label>

CLI Example:

salt '*' bigip.delete_node bigip admin admin my-node
salt.modules.bigip.delete_pool(hostname, username, password, name)

A function to connect to a bigip device and delete a specific pool.

hostname
The host/address of the bigip device
username
The iControl REST username
password
The iControl REST password
name
The name of the pool which will be deleted

CLI Example:

salt '*' bigip.delete_node bigip admin admin my-pool
salt.modules.bigip.delete_pool_member(hostname, username, password, name, member)

A function to connect to a bigip device and delete a specific pool.

hostname
The host/address of the bigip device
username
The iControl REST username
password
The iControl REST password
name
The name of the pool to modify
member
The name of the pool member to delete

CLI Example:

salt '*' bigip.delete_node bigip admin admin my-pool 10.2.2.2:80
salt.modules.bigip.delete_profile(hostname, username, password, profile_type, name)

A function to connect to a bigip device and delete an existing profile.

hostname
The host/address of the bigip device
username
The iControl REST username
password
The iControl REST password
profile_type
The type of profile to delete
name
The name of the profile to delete

CLI Example:

salt '*' bigip.delete_profile bigip admin admin http my-http-profile
salt.modules.bigip.delete_transaction(hostname, username, password, label)

A function to connect to a bigip device and delete an existing transaction.

hostname
The host/address of the bigip device
username
The iControl REST username
password
The iControl REST password
label
The label of this transaction stored within the grain: bigip_f5_trans:<label>

CLI Example:

salt '*' bigip.delete_transaction bigip admin admin my_transaction
salt.modules.bigip.delete_virtual(hostname, username, password, name)

A function to connect to a bigip device and delete a specific virtual.

hostname
The host/address of the bigip device
username
The iControl REST username
password
The iControl REST password
name
The name of the virtual to delete

CLI Example:

salt '*' bigip.delete_virtual bigip admin admin my-virtual
salt.modules.bigip.list_monitor(hostname, username, password, monitor_type, name=None)

A function to connect to a bigip device and list an existing monitor. If no name is provided than all monitors of the specified type will be listed.

hostname
The host/address of the bigip device
username
The iControl REST username
password
The iControl REST password
monitor_type
The type of monitor(s) to list
name
The name of the monitor to list

CLI Example:

salt '*' bigip.list_monitor bigip admin admin http my-http-monitor
salt.modules.bigip.list_node(hostname, username, password, name=None, trans_label=None)

A function to connect to a bigip device and list all nodes or a specific node.

hostname
The host/address of the bigip device
username
The iControl REST username
password
The iControl REST password
name
The name of the node to list. If no name is specified than all nodes will be listed.
trans_label
The label of the transaction stored within the grain: bigip_f5_trans:<label>

CLI Example:

salt '*' bigip.list_node bigip admin admin my-node
salt.modules.bigip.list_pool(hostname, username, password, name=None)

A function to connect to a bigip device and list all pools or a specific pool.

hostname
The host/address of the bigip device
username
The iControl REST username
password
The iControl REST password
name
The name of the pool to list. If no name is specified then all pools will be listed.

CLI Example:

salt '*' bigip.list_pool bigip admin admin my-pool
salt.modules.bigip.list_profile(hostname, username, password, profile_type, name=None)

A function to connect to a bigip device and list an existing profile. If no name is provided than all profiles of the specified type will be listed.

hostname
The host/address of the bigip device
username
The iControl REST username
password
The iControl REST password
profile_type
The type of profile(s) to list
name
The name of the profile to list

CLI Example:

salt '*' bigip.list_profile bigip admin admin http my-http-profile
salt.modules.bigip.list_transaction(hostname, username, password, label)

A function to connect to a bigip device and list an existing transaction.

hostname
The host/address of the bigip device
username
The iControl REST username
password
The iControl REST password
label
the label of this transaction stored within the grain: bigip_f5_trans:<label>

CLI Example:

salt '*' bigip.list_transaction bigip admin admin my_transaction
salt.modules.bigip.list_virtual(hostname, username, password, name=None)

A function to connect to a bigip device and list all virtuals or a specific virtual.

hostname
The host/address of the bigip device
username
The iControl REST username
password
The iControl REST password
name
The name of the virtual to list. If no name is specified than all virtuals will be listed.

CLI Example:

salt '*' bigip.list_virtual bigip admin admin my-virtual
salt.modules.bigip.modify_monitor(hostname, username, password, monitor_type, name, **kwargs)

A function to connect to a bigip device and modify an existing monitor.

hostname
The host/address of the bigip device
username
The iControl REST username
password
The iControl REST password
monitor_type
The type of monitor to modify
name
The name of the monitor to modify
kwargs
Consult F5 BIGIP user guide for specific options for each monitor type. Typically, tmsh arg names are used.

CLI Example:

salt '*' bigip.modify_monitor bigip admin admin http my-http-monitor  timout=16 interval=6
salt.modules.bigip.modify_node(hostname, username, password, name, connection_limit=None, description=None, dynamic_ratio=None, logging=None, monitor=None, rate_limit=None, ratio=None, session=None, state=None, trans_label=None)

A function to connect to a bigip device and modify an existing node.

hostname
The host/address of the bigip device
username
The iControl REST username
password
The iControl REST password
name
The name of the node to modify
connection_limit
[integer]
description
[string]
dynamic_ratio
[integer]
logging
[enabled | disabled]
monitor
[[name] | none | default]
rate_limit
[integer]
ratio
[integer]
session
[user-enabled | user-disabled]
state
[user-down | user-up ]
trans_label
The label of the transaction stored within the grain: bigip_f5_trans:<label>

CLI Example:

salt '*' bigip.modify_node bigip admin admin 10.1.1.2 ratio=2 logging=enabled
salt.modules.bigip.modify_pool(hostname, username, password, name, allow_nat=None, allow_snat=None, description=None, gateway_failsafe_device=None, ignore_persisted_weight=None, ip_tos_to_client=None, ip_tos_to_server=None, link_qos_to_client=None, link_qos_to_server=None, load_balancing_mode=None, min_active_members=None, min_up_members=None, min_up_members_action=None, min_up_members_checking=None, monitor=None, profiles=None, queue_depth_limit=None, queue_on_connection_limit=None, queue_time_limit=None, reselect_tries=None, service_down_action=None, slow_ramp_time=None)

A function to connect to a bigip device and modify an existing pool.

hostname
The host/address of the bigip device
username
The iControl REST username
password
The iControl REST password
name
The name of the pool to modify.
allow_nat
[yes | no]
allow_snat
[yes | no]
description
[string]
gateway_failsafe_device
[string]
ignore_persisted_weight
[yes | no]
ip_tos_to_client
[pass-through | [integer]]
ip_tos_to_server
[pass-through | [integer]]
link_qos_to_client
[pass-through | [integer]]
link_qos_to_server
[pass-through | [integer]]
load_balancing_mode
[dynamic-ratio-member | dynamic-ratio-node | fastest-app-response | fastest-node | least-connections-members | least-connections-node | least-sessions | observed-member | observed-node | predictive-member | predictive-node | ratio-least-connections-member | ratio-least-connections-node | ratio-member | ratio-node | ratio-session | round-robin | weighted-least-connections-member | weighted-least-connections-node]
min_active_members
[integer]
min_up_members
[integer]
min_up_members_action
[failover | reboot | restart-all]
min_up_members_checking
[enabled | disabled]
monitor
[name]
profiles
[none | profile_name]
queue_on_connection_limit
[enabled | disabled]
queue_depth_limit
[integer]
queue_time_limit
[integer]
reselect_tries
[integer]
service_down_action
[drop | none | reselect | reset]
slow_ramp_time
[integer]

CLI Example:

salt '*' bigip.modify_pool bigip admin admin my-pool 10.1.1.1:80,10.1.1.2:80,10.1.1.3:80 min_active_members=1
salt.modules.bigip.modify_pool_member(hostname, username, password, name, member, connection_limit=None, description=None, dynamic_ratio=None, inherit_profile=None, logging=None, monitor=None, priority_group=None, profiles=None, rate_limit=None, ratio=None, session=None, state=None)

A function to connect to a bigip device and modify an existing member of a pool.

hostname
The host/address of the bigip device
username
The iControl REST username
password
The iControl REST password
name
The name of the pool to modify
member
The name of the member to modify i.e. 10.1.1.2:80
connection_limit
[integer]
description
[string]
dynamic_ratio
[integer]
inherit_profile
[enabled | disabled]
logging
[enabled | disabled]
monitor
[name]
priority_group
[integer]
profiles
[none | profile_name]
rate_limit
[integer]
ratio
[integer]
session
[user-enabled | user-disabled]
state
[ user-up | user-down ]

CLI Example:

salt '*' bigip.modify_pool_member bigip admin admin my-pool 10.2.2.1:80 state=use-down session=user-disabled
salt.modules.bigip.modify_profile(hostname, username, password, profile_type, name, **kwargs)

A function to connect to a bigip device and create a profile.

A function to connect to a bigip device and create a profile.

hostname
The host/address of the bigip device
username
The iControl REST username
password
The iControl REST password
profile_type
The type of profile to create
name
The name of the profile to create
kwargs

[ arg=val ] ... [arg=key1:val1,key2:val2] ...

Consult F5 BIGIP user guide for specific options for each monitor type. Typically, tmsh arg names are used.

Creating Complex Args

Profiles can get pretty complicated in terms of the amount of possible config options. Use the following shorthand to create complex arguments such as lists, dictionaries, and lists of dictionaries. An option is also provided to pass raw json as well.

lists [i,i,i]:
param='item1,item2,item3'
Dictionary [k:v,k:v,k,v]:
param='key-1:val-1,key-2:val2,key-3:va-3'
List of Dictionaries [k:v,k:v|k:v,k:v|k:v,k:v]:
param='key-1:val-1,key-2:val-2|key-1:val-1,key-2:val-2|key-1:val-1,key-2:val-2'
JSON: 'j{ ... }j':
cert-key-chain='j{ "default": { "cert": "default.crt", "chain": "default.crt", "key": "default.key" } }j'
Escaping Delimiters:
Use \, or \: or \| to escape characters which shouldn't be treated as delimiters i.e. ciphers='DEFAULT\:!SSLv3'

CLI Examples:

salt '*' bigip.modify_profile bigip admin admin http my-http-profile defaultsFrom='/Common/http'

salt '*' bigip.modify_profile bigip admin admin http my-http-profile defaultsFrom='/Common/http' \
    enforcement=maxHeaderCount:3200,maxRequests:10

salt '*' bigip.modify_profile bigip admin admin client-ssl my-client-ssl-1 retainCertificate=false \
    ciphers='DEFAULT\:!SSLv3'
    cert_key_chain='j{ "default": { "cert": "default.crt", "chain": "default.crt", "key": "default.key" } }j'
salt.modules.bigip.modify_virtual(hostname, username, password, name, destination=None, pool=None, address_status=None, auto_lasthop=None, bwc_policy=None, cmp_enabled=None, connection_limit=None, dhcp_relay=None, description=None, fallback_persistence=None, flow_eviction_policy=None, gtm_score=None, ip_forward=None, ip_protocol=None, internal=None, twelve_forward=None, last_hop_pool=None, mask=None, mirror=None, nat64=None, persist=None, profiles=None, policies=None, rate_class=None, rate_limit=None, rate_limit_mode=None, rate_limit_dst=None, rate_limit_src=None, rules=None, related_rules=None, reject=None, source=None, source_address_translation=None, source_port=None, state=None, traffic_classes=None, translate_address=None, translate_port=None, vlans=None)

A function to connect to a bigip device and modify an existing virtual server.

hostname
The host/address of the bigip device
username
The iControl REST username
password
The iControl REST password
name
The name of the virtual to modify
destination
[ [virtual_address_name:port] | [ipv4:port] | [ipv6.port] ]
pool
[ [pool_name] | none]
address_status
[yes | no]
auto_lasthop
[default | enabled | disabled ]
bwc_policy
[none] | string]
cmp_enabled
[yes | no]
dhcp_relay
[yes | no}
connection_limit
[integer]
description
[string]
state
[disabled | enabled]
fallback_persistence
[none | [profile name] ]
flow_eviction_policy
[none | [eviction policy name] ]
gtm_score
[integer]
ip_forward
[yes | no]
ip_protocol
[any | protocol]
internal
[yes | no]
twelve_forward
(12-forward) [yes | no]
last_hop-pool
[ [pool_name] | none]
mask
{ [ipv4] | [ipv6] }
mirror
{ [disabled | enabled | none] }
nat64
[enabled | disabled]
persist
[none | profile1,profile2,profile3 ... ]
profiles
[none | default | profile1,profile2,profile3 ... ]
policies
[none | default | policy1,policy2,policy3 ... ]
rate_class
[name]
rate_limit
[integer]
rate_limitr_mode
[destination | object | object-destination | object-source | object-source-destination | source | source-destination]
rate_limit_dst
[integer]
rate_limit_src
[integer]
rules
[none | [rule_one,rule_two ...] ]
related_rules
[none | [rule_one,rule_two ...] ]
reject
[yes | no]
source
{ [ipv4[/prefixlen]] | [ipv6[/prefixlen]] }
source_address_translation
[none | snat:pool_name | lsn | automap ]
source_port
[change | preserve | preserve-strict]
state
[enabled | disable]
traffic_classes
[none | default | class_one,class_two ... ]
translate_address
[enabled | disabled]
translate_port
[enabled | disabled]
vlans
[none | default | [enabled|disabled]:vlan1,vlan2,vlan3 ... ]

CLI Example:

salt '*' bigip.modify_virtual bigip admin admin my-virtual source_address_translation=none
salt '*' bigip.modify_virtual bigip admin admin my-virtual rules=my-rule,my-other-rule
salt.modules.bigip.replace_pool_members(hostname, username, password, name, members)

A function to connect to a bigip device and replace members of an existing pool with new members.

hostname
The host/address of the bigip device
username
The iControl REST username
password
The iControl REST password
name
The name of the pool to modify
members
List of comma delimited pool members to replace existing members with. i.e. 10.1.1.1:80,10.1.1.2:80,10.1.1.3:80

CLI Example:

salt '*' bigip.replace_pool_members bigip admin admin my-pool 10.2.2.1:80,10.2.2.2:80,10.2.2.3:80
salt.modules.bigip.start_transaction(hostname, username, password, label)

A function to connect to a bigip device and start a new transaction.

hostname
The host/address of the bigip device
username
The iControl REST username
password
The iControl REST password
label
The name / alias for this transaction. The actual transaction id will be stored within a grain called bigip_f5_trans:<label>

CLI Example:

salt '*' bigip.start_transaction bigip admin admin my_transaction