W3cubDocs

/Ansible

bigip_ssl_certificate - Import/Delete certificates from BIG-IP.

New in version 2.2.

Synopsis
Requirements (on host that executes module)
Options
Examples
Return Values
Notes
- Status

Synopsis

This module will import/delete SSL certificates on BIG-IP LTM. Certificates can be imported from certificate and key files on the local disk, in PEM format.

Requirements (on host that executes module)

f5-sdk >= 1.5.0
BIG-IP >= v12

Options

parameter	required	default	choices	comments
cert_content	no			When used instead of 'cert_src', sets the contents of a certificate directly to the specified value. This is used with lookup plugins or for anything with formatting or templating. Either one of `key_src`, `key_content`, `cert_src` or `cert_content` must be provided when `state` is `present`.
cert_src	no			This is the local filename of the certificate. Either one of `key_src`, `key_content`, `cert_src` or `cert_content` must be provided when `state` is `present`.
key_content	no			When used instead of 'key_src', sets the contents of a certificate key directly to the specified value. This is used with lookup plugins or for anything with formatting or templating. Either one of `key_src`, `key_content`, `cert_src` or `cert_content` must be provided when `state` is `present`.
key_src	no			This is the local filename of the private key. Either one of `key_src`, `key_content`, `cert_src` or `cert_content` must be provided when `state` is `present`.
name	yes			SSL Certificate Name. This is the cert/key pair name used when importing a certificate/key into the F5. It also determines the filenames of the objects on the LTM (:Partition:name.cer_11111_1 and :Partition_name.key_11111_1).
passphrase	no			Passphrase on certificate private key
password	yes			The password for the user account used to connect to the BIG-IP. This option can be omitted if the environment variable `F5_PASSWORD` is set.
server	yes			The BIG-IP host. This option can be omitted if the environment variable `F5_SERVER` is set.
server_port (added in 2.2)	no	443		The BIG-IP server port. This option can be omitted if the environment variable `F5_SERVER_PORT` is set.
state	no	present	present absent	Certificate and key state. This determines if the provided certificate and key is to be made `present` on the device or `absent`.
user	yes			The username to connect to the BIG-IP with. This user must have administrative privileges on the device. This option can be omitted if the environment variable `F5_USER` is set.
validate_certs (added in 2.0)	no	True	True False	If `no`, SSL certificates will not be validated. This should only be used on personally controlled sites using self-signed certificates. This option can be omitted if the environment variable `F5_VALIDATE_CERTS` is set.

Examples

- name: Import PEM Certificate from local disk
  bigip_ssl_certificate:
      name: "certificate-name"
      server: "lb.mydomain.com"
      user: "admin"
      password: "secret"
      state: "present"
      cert_src: "/path/to/cert.crt"
      key_src: "/path/to/key.key"
  delegate_to: localhost

- name: Use a file lookup to import PEM Certificate
  bigip_ssl_certificate:
      name: "certificate-name"
      server: "lb.mydomain.com"
      user: "admin"
      password: "secret"
      state: "present"
      cert_content: "{{ lookup('file', '/path/to/cert.crt') }}"
      key_content: "{{ lookup('file', '/path/to/key.key') }}"
  delegate_to: localhost

- name: "Delete Certificate"
  bigip_ssl_certificate:
      name: "certificate-name"
      server: "lb.mydomain.com"
      user: "admin"
      password: "secret"
      state: "absent"
  delegate_to: localhost

Return Values

Common return values are documented here Return Values, the following are the fields unique to this module:

name	description	returned	type	sample
cert_source_path	Path on BIG-IP where the source of the certificate is stored.	created	string	/var/config/rest/downloads/cert1.crt
cert_checksum	SHA1 checksum of the cert that was provided.	changed and created	string	f7ff9e8b7bb2e09b70935a5d785e0cc5d9d0abf0
cert_filename	The name of the SSL certificate. The `cert_filename` and `key_filename` will be similar to each other, however the `cert_filename` will have a `.crt` extension.	created	string	cert1.crt
cert_name	The name of the certificate that the user provided	created	string	cert1
key_source_path	Path on BIG-IP where the source of the key is stored	created	string	/var/config/rest/downloads/cert1.key
key_filename	The name of the SSL certificate key. The `key_filename` and `cert_filename` will be similar to each other, however the `key_filename` will have a `.key` extension.	created	string	cert1.key
key_checksum	SHA1 checksum of the key that was provided.	changed and created	string	cf23df2207d99a74fbe169e3eba035e633b65d94

Notes

Note

Requires the f5-sdk Python package on the host. This is as easy as pip install f5-sdk.
This module does not behave like other modules that you might include in roles where referencing files or templates first looks in the role’s files or templates directory. To have it behave that way, use the Ansible file or template lookup (see Examples). The lookups behave as expected in a role context.

Status

This module is flagged as preview which means that it is not guaranteed to have a backwards compatible interface.

For help in developing on modules, should you be so inclined, please read Community Information & Contributing, Testing Ansible and Developing Modules.

© 2012–2017 Michael DeHaan
© 2017 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/latest/bigip_ssl_certificate_module.html