search

F5Networks / f5-ansible

Imperative Ansible modules for F5 BIG-IP products
GNU General Public License v3.0
377 stars 233 forks source link

Add virtual server option "serverssl-use-sni" in "bigip_virtual_server" and "bigip_device_info" #2438

Open gomesjj opened 4 days ago

gomesjj commented 4 days ago

Is your feature request related to a problem? Please describe.

There's no option to set the 'serverssl-use-sni' option using the "bigip_virtual_server" module. The module "bigip_device_info" also doesn't report this option's state.

As a workaround I am using the "bigip_command" module (see below example), but that is not idempotent and a warning is generated to that effect.

Using:

- name: Set serverssl_use_sni value
  f5networks.f5_modules.bigip_command:
    provider: "{{ provider }}"
    chdir: "{{ partition | default('Common') }}"
    commands:
      - modify ltm virtual {{ vs_name }} serverssl-use-sni enabled
  delegate_to: localhost

Describe the solution you'd like

I would like the ability to use the "bigip_virtual_server" module to set the option.

Desired:

 - name: Set serverssl_use_sni value
   f5networks.f5_modules.bigip_virtual_server:
     provider: "{{ provider }}"
     name: "{{ vs_name }}"
     serverssl_use_sni: true
   delegate_to: localhost

Describe alternatives you've considered

I've been using the "bigip_command" module, and I've also tested with the F5 rest API. I am not in a position to use AS3.

Additional context

Issue #2391 (raised in Feb) with the same request, but was invalidated with a recommendation to use the "bigip_command" module. However, I believe an idempotent method should be used. Also note that issue #2419 was recently addressed, adding the "per_flow_request_access_policy" option, which could also be set via the "bigip_command" module.

I've patched the modules locally and both work correctly. I can raise a pull request and provide the simple modifications to the modules if required.

Changes to modules:

"bigip_virtual_server" - adding 30 lines "bigip_device_info" - adding 15 lines

pgouband commented 4 days ago

Hi @gomesjj,

Individuals or business entities who contribute to this project must complete and submit the F5 Contributor License Agreement to Ansible_CLA@f5.com prior to their code submission being included in this project.

gomesjj commented 2 days ago

@pgouband,

I've sent the license agreement, although I think the changes are so minimal that I don't count it as proper contribution...

Anyway, raised pull request #2439.

gomesjj commented 2 days ago

I've closed the previous pull request as I made a mistake and submitted the wrong changes. I will raise another one… Sorry.

gomesjj commented 2 days ago

New pull request raised: #2441.

pgouband commented 2 days ago

Hi,

Thanks for reporting. Added to the backlog and internal tracking ID for this request is: INFRAANO-1706.