f5-ansible
f5-ansible copied to clipboard
F5Networks
bigip_device_info from F5 BIG-IP does not show client-ssl-profiles if selected 'Client Certificate Constrained Delegation'
COMPONENT NAME
bigip_device_info
Environment: Ansible Module
ANSIBLE VERSION
ansible [core 2.15.1]
config file = None
configured module search path = ['/Users/xyz/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
ansible python module location = /opt/xyz/homebrew/lib/python3.11/site-packages/ansible
ansible collection location = /Users/.ansible/collections:/usr/share/ansible/collections
executable location = /opt/homebrew/bin/ansible
python version = 3.11.9 (main, Apr 2 2024, 08:25:04) [Clang 15.0.0 (clang-1500.3.9.4)] (/opt/homebrew/opt/[email protected]/bin/python3.11)
jinja version = 3.1.2
libyaml = True
BIGIP VERSION
16.x
CONFIGURATION
OS / ENVIRONMENT
SUMMARY
bigip_device_info module doesn't capture gather_subset for client-ssl-profiles if Client Certificate Constrained Delegation selected for Client Fallback Certificate F5 Config:-
ltm profile client-ssl test-skyse {
app-service none
**c3d-client-fallback-cert** lb-june_cert_May2023
ca-file test01.test_211.crt
cert-key-chain {
default_fqdn_2023_1 {
cert default.crt
chain fqdn_2023
key default.key
usage CA
}
default_test01.test_211_0 {
cert default.crt
chain test01.test_211.crt
key default.key
}
}
defaults-from clientssl
inherit-ca-certkeychain false
inherit-certkeychain false
peer-cert-mode request
ssl-forward-proxy enabled
}
STEPS TO REPRODUCE
Looks like its bug
- name: Collect BIG-IP information
bigip_device_info:
gather_subset:
- client-ssl-profiles
provider: "{{ provider }}"
delegate_to: localhost
##### EXPECTED RESULTS
Full Cert cleint profile info to be displayed, here '**lb-june_cert_May2023**' should also displayed.
##### ACTUAL RESULTS
<!--- What actually happened? If possible run with high verbosity (-vvvv) -->
<!--- Paste verbatim command output between quotes below -->
{
"alert_timeout": 0,
"allow_non_ssl": "no",
"authenticate_depth": 9,
"authenticate_frequency": "once",
"ca_file": "/Common/fqdn_2023.crt",
"cache_size": 262144,
"cache_timeout": 3600,
"certificate_file": "/Common/default.crt",
"chain_file": "/Common/test01.test_211.crt",
"ciphers": [
"DEFAULT"
],
"description": "none",
"forward_proxy_ca_certificate_file": "/Common/default.crt",
"forward_proxy_ca_key_file": "/Common/default.key",
"forward_proxy_certificate_extension_include": [
"basic-constraints",
"subject-alternative-name"
],
"forward_proxy_certificate_lifespan": 30,
"forward_proxy_enabled": "yes",
"forward_proxy_lookup_by_ipaddr_port": "no",
"full_path": "/Common/test-skyse",
"handshake_timeout": 10,
"key_file": "/Common/default.key",
"modssl_methods": "no",
"name": "test-skyse",
"parent": "/Common/clientssl",
"peer_certification_mode": "request",
"profile_mode_enabled": "yes",
"renegotiation": "yes",
"renegotiation_maximum_record_delay": 0,
"renegotiation_period": 0,
"retain_certificate": "yes",
"secure_renegotiation_mode": "require",
"session_ticket": "no",
"sni_default": "no",
"sni_require": "no",
"strict_resume": "no",
"unclean_shutdown": "yes"
}
Hi @f5killer,
Thanks for your feedback. It's not a bug. As described in https://clouddocs.f5.com/products/orchestration/ansible/devel/modules/bigip_device_info_module.html#bigip-device-info-module-3 only some informations are queried. We will monitor if there are more request on the same topic.
