f5-ansible
f5-ansible copied to clipboard
F5Networks
Ability to drop persistent connections from a virtual server
Is your feature request related to a problem? Please describe.
We use the bigip_virtual_server module to disable a virtual server and then after a period of time we use the bigip_command module to drop persistent connections. We do this to give our clients a few minutes to finish their requests before we forcibly drop them. Recently noticed ansible output includes a warning to request this be supported in a module since write commands aren't idempotent.
- name: Drop connections to LTM virtual server
local_action:
module: bigip_command
commands: "tmsh delete sys connection cs-server-addr {{ f5_ltm_virtual_server_ip }}"
provider:
server: "{{ f5_ltm_server }}"
user: "{{ f5_ltm_username }}"
password: "{{ f5_ltm_password }}"
until: not ltm_virtual_server_drop['failed']
retries: 5
delay: 5
"warnings": [
"Using \"write\" commands is not idempotent. You should use a module that is specifically made for that. If such a module does not exist, then please file a bug. The command in question is \"delete sys connection cs-server-addr 172...\""
]
Describe the solution you'd like
It would be nice to not have a to use tmsh to drop these connections but have it baked into a module.
Hi, @perzizzle have you tried forcing the pool members to “forced offline” with: https://clouddocs.f5.com/products/orchestration/ansible/devel/modules/bigip_pool_member_module.html#bigip-pool-member-module ? State parameter
By disabling ALL pool members within a pool, you will get the same outcome.
@G-gonzalezjimenez this does work but is incredibly slow when dealing with more than a handful of hosts (and consumer 100% of the LTM CPU).
Hi @perzizzle,
Deleting connections from the connections table cannot be idempotent because the number of connections varies. Using the command module is the best way to achieve what you are trying to do.
