F5Networks
Help with bigip_firewall_address_list with ansible tower
So I'm trying to add an IP to address list in f5 using a playbook being run on ansible tower. I got a working playbook that does this but it overwrites the existing list with my input. I was recommended to use "bigip_device_info" to get the list and add it with my new input. I'm just not sure which choice should I use user "gather_subset". Any recommendations?
- name: BigIP_Blacklist
hosts: all
connection: local
gather_facts: false
collections:
- f5networks.f5_modules
tasks:
- name: Collecting previous list
bigip_device_info:
gather_subset:
- **WHICH ONE TO USE**
provider:
server: xx.xx.xx.x
user: '{{ lookup("env", "ANSIBLE_NET_USERNAME") }}'
password: '{{ lookup("env", "ANSIBLE_NET_PASSWORD") }}'
server_port: 443
validate_certs: false
register: device_facts
- name: "Adding the IP to blacklist in Test"
bigip_firewall_address_list:
name: test_afm_address_list_blacklist24_drop
addresses:
- "{{Blacklist_IP}}"
- device_facts
provider:
password: '{{ lookup("env", "ANSIBLE_NET_PASSWORD") }}'
server: xx.xx.xx.x
server_port: 443
user: '{{ lookup("env", "ANSIBLE_NET_USERNAME") }}'
validate_certs: false
delegate_to: localhost
@Samuel-Singh - Suggest use
gather_subsetand share your findings.
Sure but which choices am I using? 'all' maybe?
Hi @Samuel-Singh , you can use the bigip_command module to add an address to an existing address list.
urohit011's comment really helped us.
We had the same requirement and were able to get the blacklist setup by using the bigip_command module instead of the bigip_firewall_address_list module.
In this setup, I already have a VIP configured with the blacklist-testing address list as part of the firewall policy that rejects the blacklist-testing address list and allows other traffic.
---
# The ansible job will run ANY f5 command line request. This will be able to make any change that's useful!
#
- name: Modify blacklist on the VIP
hosts: all
connection: local
vars:
blacklistip: "{{blklstaddr}}"
cli:
password: "{{labf5cred}}"
server: xxx.xxx.xxx.xxx
user: f5_api
validate_certs: no
server_port: 443
tasks:
- name: Modify existing address list blacklist-testing
bigip_command:
commands: modify security firewall address-list blacklist-testing addresses add { {{ blacklistip }} }
provider: "{{ cli }}"
delegate_to: localhost
register: result
Hi, I do not. Thank you
Samuel Singh | systems engineer | hayneedle.comhttps://www.hayneedle.com/
From: Krithika Chidambaram @.> Sent: Tuesday, November 29, 2022 2:21 PM To: F5Networks/f5-ansible @.> Cc: Samuel Singh @.>; Mention @.> Subject: EXT: Re: [F5Networks/f5-ansible] Help with bigip_firewall_address_list with ansible tower (Issue #2190)
EXTERNAL: Report suspicious emails to Email Abuse.
Hi, do you have any other questions? Thanks!
— Reply to this email directly, view it on GitHubhttps://urldefense.com/v3/__https:/github.com/F5Networks/f5-ansible/issues/2190*issuecomment-1331179097__;Iw!!IfjTnhH9!Q-OwfRx9ALWP-rU9nigCcZjga0_OFuQBIb45mjMRk4-kZGVl2iPe9jrSS26xD9rpS6Iz0hKVuyXUN6I8UeIJBxpdSZE$, or unsubscribehttps://urldefense.com/v3/__https:/github.com/notifications/unsubscribe-auth/AXAFIBNFFQ7HJGRWAKB45ZTWKZJRTANCNFSM5ROJGTQA__;!!IfjTnhH9!Q-OwfRx9ALWP-rU9nigCcZjga0_OFuQBIb45mjMRk4-kZGVl2iPe9jrSS26xD9rpS6Iz0hKVuyXUN6I8UeIJPiEk2Oc$. You are receiving this because you were mentioned.Message ID: @.@.>>