-
Notifications
You must be signed in to change notification settings - Fork 7
/
f5_create_playbook.yaml
103 lines (91 loc) · 3.44 KB
/
f5_create_playbook.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
- name: Create F5 Application
hosts: localhost
connection: local
collections: venafi.machine_identity
vars_files:
- variables.yaml
roles:
- role: certificate
certificate_common_name: "{{ test_site.name }}.{{ test_site.domain }}"
certificate_alt_name: "DNS:{{ test_site.name }}.{{ test_site.domain }}"
certificate_privatekey_type: "RSA"
certificate_privatekey_size: "2048"
certificate_chain_option: "last"
certificate_cert_dir: "./tmp"
certificate_cert_path: "./tmp/{{ cert_name }}"
certificate_chain_path: "./tmp/{{ chain_name }}"
certificate_privatekey_path: "./tmp/{{ key_name }}"
certificate_copy_private_key_to_remote: false
certificate_remote_execution: false
certificate_remote_privatekey_path: "./tmp/{{ key_name }}.remote"
certificate_remote_cert_path: "./tmp/{{ cert_name }}.remote"
certificate_remote_chain_path: "./tmp/{{ chain_name }}.remote"
tasks:
- name: Create Private Key on F5 BIG-IP {{ f5_address }}
bigip_ssl_key:
state: present
provider: "{{ f5_provider }}"
name: "{{ key_name }}"
partition: "{{ f5_partition }}"
content: "{{ lookup('file', './tmp/' + key_name) }}"
delegate_to: localhost
- name: Create Certificate on F5 BIG-IP {{ f5_address }}
bigip_ssl_certificate:
state: present
provider: "{{ f5_provider }}"
name: "{{ cert_name }}"
partition: "{{ f5_partition }}"
content: "{{ lookup('file', './tmp/' + cert_name + '.remote') }}"
delegate_to: localhost
- name: Create CA Bundle on F5 BIG-IP {{ f5_address }}
bigip_ssl_certificate:
state: present
provider: "{{ f5_provider }}"
name: "{{ chain_name }}"
partition: "{{ f5_partition }}"
content: "{{ lookup('file', './tmp/' + chain_name + '.remote') }}"
delegate_to: localhost
- name: Create Client SSL Profile on F5 BIG-IP {{ f5_address }}
bigip_profile_client_ssl:
state: present
provider: "{{ f5_provider }}"
name: "clientssl_{{ test_site.name }}"
partition: "{{ f5_partition }}"
parent: "clientssl"
cert_key_chain:
- cert: "{{ cert_name }}"
key: "{{ key_name }}"
chain: "{{ chain_name }}"
delegate_to: localhost
- name: Create Pool on F5 BIG-IP {{ f5_address }}
bigip_pool:
state: present
provider: "{{ f5_provider }}"
name: "pool_{{ test_site.name }}"
partition: "{{ f5_partition }}"
lb_method: round-robin
delegate_to: localhost
- name: Add Pool Members on F5 BIG-IP {{ f5_address }}
bigip_pool_member:
state: present
provider: "{{ f5_provider }}"
partition: "{{ f5_partition }}"
host: "{{ item.host }}"
port: "{{ item.port }}"
pool: "pool_{{ test_site.name }}"
with_items: "{{ f5_pool_members }}"
delegate_to: localhost
- name: Create Virtual Server on F5 BIG-IP {{ f5_address }}
bigip_virtual_server:
state: present
provider: "{{ f5_provider }}"
name: "vs_{{ test_site.name }}"
partition: "{{ f5_partition }}"
description: "Provisioned by Ansible"
destination: "{{ f5_virtual_ip }}"
port: "{{ f5_virtual_port }}"
snat: Automap
pool: "pool_{{ test_site.name }}"
profiles:
- "clientssl_{{ test_site.name }}"
delegate_to: localhost