Closed kevingstewart closed 1 year ago
bigip_sslo_config_policy
ansible [core 2.12.5] config file = None configured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules'] ansible python module location = /usr/local/lib/python3.8/dist-packages/ansible ansible collection location = /root/.ansible/collections:/usr/share/ansible/collections executable location = /usr/local/bin/ansible python version = 3.8.10 (default, Mar 15 2022, 12:22:08) [GCC 9.4.0] jinja version = 3.1.2 libyaml = True
Sys::Version Main Package Product BIG-IP Version 16.1.3.2 Build 0.0.4 Edition Point Release 2 Date Wed Sep 14 08:12:07 PDT 2022
9.3.41
No specific system/ansible configuration changes
Ubuntu 20.04 Python 3.8.10
An SSLO security policy yaml will fail if the security policy already exists. This is not the same behavior as other SSLO modules.
fatal: [172.16.1.83]: FAILED! => {"changed": false, "module_stderr": "'conditions'", "module_stdout": "", "msg": "MODULE FAILURE\nSee stdout/stderr for the exact error"}
--- # Reference: https://clouddocs.f5.com/products/orchestration/ansible/devel/f5_bigip/modules_2_0/bigip_sslo_config_policy_module.html#bigip-sslo-config-policy-module-2 - name: Create SSLO Outbound Security Policy Configuration hosts: all gather_facts: False collections: - f5networks.f5_bigip connection: httpapi vars: #ansible_host: "172.16.1.83" ansible_httpapi_port: 443 ansible_user: "admin" ansible_httpapi_password: "admin" ansible_network_os: f5networks.f5_bigip.bigip ansible_httpapi_use_ssl: yes ansible_httpapi_validate_certs: no tasks: ## Security Policy - name: Create an SSLO security policy bigip_sslo_config_policy: name: "sslopolicy" state: "absent" policy_consumer: "outbound" default_rule: allow_block: "allow" tls_intercept: "intercept" service_chain: "service_chain_2" policy_rules: - name: "Pinners_Rule" match_type: "match_all" policy_action: "allow" ssl_action: "bypass" conditions: - condition_type: "ssl_check" - condition_type: "category_lookup_sni" condition_option_category: - "Pinners" - name: "bypass_pii_traffic" policy_action: "allow" ssl_action: "bypass" service_chain: "service_chain_1" conditions: - condition_type: "category_lookup_sni" condition_option_category: - "Financial Data and Services"
Hi, internal ID to track this request is: INFRAANO-926, thanks!
Hi issue fixed in Dec 2022 release, please open new issue if you see any problem.
COMPONENT NAME
bigip_sslo_config_policy
Environment
ANSIBLE VERSION
BIGIP VERSION
SSL ORCHESTRATOR VERSION
CONFIGURATION
No specific system/ansible configuration changes
OS / ENVIRONMENT
SUMMARY
An SSLO security policy yaml will fail if the security policy already exists. This is not the same behavior as other SSLO modules.
STEPS TO REPRODUCE