search

F5Networks / f5-ansible

Imperative Ansible modules for F5 BIG-IP products
GNU General Public License v3.0
376 stars 229 forks source link

bigip_virtual_server - add support for defining source in virtual, used extensively in afm use cases #483

Closed neozoolook closed 6 years ago

neozoolook commented 6 years ago
ISSUE TYPE
COMPONENT NAME
ANSIBLE VERSION
ansible 2.4.0.0
  config file = /etc/ansible/ansible.cfg
  configured module search path = [u'/home/pp2854/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/local/lib/python2.7/dist-packages/ansible
  executable location = /usr/local/bin/ansible
  python version = 2.7.12 (default, Nov 19 2016, 06:48:10) [GCC 5.4.0 20160609]
PYTHON VERSION
2.7.12
BIGIP VERSION
Sys::Version
Main Package
  Product     BIG-IP
  Version     12.1.2
  Build       1.49.271
  Edition     Engineering Hotfix HF1
  Date        Fri May 19 13:49:47 PDT 2017

Hotfix List
ID602136-5    ID624526-3   ID624228-1  ID633181-1  ID632472-1   ID580026-5
ID634215-1    ID644489-1   ID627246-1  ID628890-1  ID629698-1   ID624831-2
ID620215-5    ID634115-1   ID606518-3  ID609107-1  ID649571-1   ID574020-5
ID586738-4    ID646760     ID583943-1  ID627747-1  ID572885-1   ID633413-1
ID635541      ID631627-4   ID638799-1  ID632668-5  ID628009-1   ID596067-2
ID655500      ID624023-3   ID541550-3  ID652151-1  ID623927-2   ID630546-1
ID648544-5    ID606771-2   ID627433-1  ID631722    ID593078-1   ID635252-1
ID623930-3    ID580168-4   ID608408-2  ID643187-2  ID599858-7   ID424542-5
ID641512-4    ID614563-3   ID592871-3  ID642874-1  ID562928-2   ID557471-3
ID543208-1    ID635129     ID610180-2  ID601180-2  ID616059-1   ID626542-2
ID620659-3    ID649617-2   ID579926-1  ID628623-1  ID655240     ID564281-3
ID601828-1    ID589379-2   ID621447-1  ID618261-6  ID609691-1   ID621337-6
ID630622-1    ID576591-6   ID624193-2  ID613536-5  ID642983-1   ID604061-2
ID629845-2    ID628897-1   ID610429-5  ID607152-1  ID613326-1   ID366695-1
ID628685-2    ID627972-2   ID636044-1  ID628348-1  ID600827-8   ID653453
ID611487-3    ID626386-1   ID628337-1  ID599191-2  ID645805     ID608304-1
ID631025-1    ID541320-10  ID587966-1  ID594127-2  ID618254-4   ID621909-4
ID621210-2    ID621937-1   ID632731-2  ID639193-1  ID534520-1   ID619071-3
ID624198-1    ID624263-4   ID633512-1  ID617628-1  ID624570-1   ID619849-4
ID623119      ID628202-4   ID642058-1  ID622496    ID599285-2   ID584582-1
ID509858-5    ID619663-3   ID620829-2  ID624876-1  ID610295-1   ID616838-3
ID624744-1    ID651476     ID626106-3  ID584310-1  ID603082-3   ID632499-1
ID642015-2    ID604727-1   ID624361-1  ID625172-1  ID619473-2   ID600223-2
ID595819-1    ID614296-1   ID620366-4  ID608320-3  ID606257-3   ID583024-1
ID583754-7    ID611512-1   ID611669-4  ID620079-3  ID631131-3   ID639750-1
ID625824-1    ID627059-1   ID637559-1  ID631862-1  ID625474-1   ID658036-1
ID648879-2    ID592113-5   ID524277-2  ID612809-1  ID652484-2   ID621524-2
ID630661-2    ID601268-5   ID630571-1  ID627117-1  ID641574     ID620614-4
ID623885-4    ID642284     ID611161-3  ID620635-2  ID623518-1   ID627914-1
ID627403-2    ID562267-3   ID625098-3  ID631688-7  ID636254-2   ID619811-2
ID621976-4    ID641390-5   ID623562-3  ID585097-1  ID615970-1   ID629085-1
ID641612-2    ID628687-2   ID568543-4  ID625085    ID627360-1   ID610129-3
ID655594-1    ID619398-7   ID589400-1  ID540928-1  ID642039-2   ID620625-2
ID648990      ID610417-1   ID625783-1  ID622126-1  ID627257-2   ID633391-1
ID609788      ID639236-1   ID625703-2  ID626438-1  ID621974-4   ID625832-4
ID626851-2    ID628836-4   ID557358-5  ID608551-3  ID625671-4   ID584029-6
ID632005-1    ID632324-2   ID628869-4  ID611658-3  ID633723-3   ID584082-3
ID352957-4    ID569316-1   ID621239-2  ID631737-1  ID649933-1   ID610302-1
ID602830-1    ID635961-1   ID419741-3  ID596450-1  ID641256-1   ID632326-2
ID602376-1    ID533956-3   ID625106-2  ID627961-3  ID623093-1   ID628972-2
ID621273-1    ID627279-2   ID609084-2  ID641248    ID584471-1   ID615934-1
ID600205-9    ID581840-5   ID582769-1  ID630150-1  ID629069-2   ID623401-1
ID581746-1    ID637181-4   ID601378-2  ID567457-2  ID630610-5   ID627898-2
ID635754-1    ID638137     ID625198-1  ID517756-6  ID620400-1   ID635561-1
ID560114-6    ID627907-1   ID625542-1  ID632504-1  ID641482-2   ID642400-2
ID622244-2    ID628164-3   ID604496-4  ID603979-4  ID606710-10  ID591246-1
ID622913-2    ID618170-3   ID605010-1  ID624616-1  ID636918-2   ID615267-2
ID644490-1    ID621870-2   ID632423-4  ID617063-1  ID636397-1   ID634001-2
ID570217-2    ID594642-3   ID600232-9  ID624457-5  ID619528-4   ID557434-4
ID648056-2    ID626599-3   ID643404-2  ID625159-1  ID598134-1   ID636520-3
ID636702-3    ID621126-2   ID635233-3  ID630929-1  ID634576     ID590805-4
ID595272-1    ID622183-5   ID605420-5  ID617858-2  ID640352-2   ID634252
ID630475-5    ID626839     ID500452-8  ID625275-1  ID629871-2   ID613225-7
ID621957-2    ID643547-1   ID621935-6  ID619879-1  ID617901-1   ID618428
ID590211-2    ID599121-2   ID600982-5  ID639744-1  ID648865-2   ID641445-1
ID599720-2    ID629127-1   ID618517-1  ID600593-1  ID622856-1   ID626910-1
ID640903-1    ID629530-2   ID624966-2  ID627214-3  ID596340-8   ID583516-2
ID603723-2    ID642330-2   ID624733-1  ID637308-8  ID618404-1   ID609027-1
ID623922-5    ID638780-3   ID641013-5  ID640510-3  ID431840-3   ID584374-2
ID617310-2    ID622790-1   ID640521-1  ID633349    ID632386-1   ID642221-2
ID626360      ID616918-1   ID618430-2  ID625372-5  ID612419-1   ID598498-7
ID627916-1    ID597270-2   ID643396-2  ID611151-2  ID629627-1   ID622662-7
ID503842-4    ID620801-3   ID629412-3  ID638935-3  ID611968-3   ID609244-4
ID618771-1    ID618779-1   ID600052-1  ID597828-1  ID617002-1   ID612769-1
ID575027-1    ID631582     ID640824-1  ID632685    ID632344-2   ID603550-1
ID651106      ID564876-2   ID635116-1  ID392121-3  ID591666-3   ID644970-1
ID613765-3    ID635412     ID628832-4  ID629801-2  ID610255-1   ID418349-2
ID636535      ID423629-3   ID608245    ID615254-2  ID631472-1   ID660170-1
ID600198-2    ID608424-2   ID615107-1  ID614509-1  ID623023-1   ID630611-1
ID627798-3    ID609614-3   ID635933-3  ID636290    ID612694-5   ID621115-1
ID631841-7    ID640457-2   ID629499-9  ID573764-1  ID648715-2   ID636370
ID629145-1    ID629663-1   ID601255-4  ID603667-2  ID604237-3   ID633879-1
ID646511-1    ID619486-3   ID581406-1  ID630306-1  ID623336-4   ID623055-1
ID626721-5    ID597214-5   ID641360-2  ID636699-5  ID616022-2   ID621371-2
ID609119-7    ID598002-10
LIBRARY VERSIONS
bigsuds==1.0.4
f5-sdk==2.3.3
CONFIGURATION

standard ansible.cfg,

OS / ENVIRONMENT

N/A

SUMMARY

current bigip_virtual_server module has the ability to define 'destination, port, and mask' however there is no way to support the similar task with respect to 'source ip'. This is used extensively with virtuals, in which you may have to have several virtuals defined that are specific handlers for specific ports/protocols coming from known source IP hosts and/or ranges. 

Example of TMSH output using source defined on virtual v4/v6 examples;

ltm virtual UNTRUSTED-NET-V6 {
    description "Catch Any UDP/GTP"
    destination ::.any
    fw-enforced-policy GTP-POLICY
    ip-protocol udp
    mask any6
    profiles {
        gtp { }
        udp { }
    }
    security-log-profiles {
       LOGGING-PROFILE
    }
    source 2606:ae00:2e10:104::5/128
    source-address-translation {
        type automap
    }
    translate-address disabled
    translate-port disabled
    vlans {
        UNTRUSTED_NET_1
    }
    vlans-enabled
    vs-index 22
}

ltm virtual  UNTRUSTED-NET-V4 {
    description "Catch Any UDP/GTP"
    destination 0.0.0.0:any
    fw-enforced-policy GTP-POLICY
    ip-protocol udp
    mask any
    profiles {
        gtp { }
        udp { }
    }
    security-log-profiles {
        LOGGING-PROFILE
    }
    source 188.219.80.100/32
    source-address-translation {
        type automap
    }
    translate-address disabled
    translate-port disabled
    vlans {
        UNTRUSTED_NET_1
    }
    vlans-enabled
    vs-index 23
}

Above examples will only match with UDP/GTP originate from those source IP's as example, before handing the flows over to AFM policy as bound to the virtual.

We would like to see this added as feature to the module if at all possible.
STEPS TO REPRODUCE
EXPECTED RESULTS
ACTUAL RESULTS
caphrim007 commented 6 years ago

@neozoolook this is the "Source Address" field in TMUI?

neozoolook commented 6 years ago

@caphrim007 yes I believe that is the case.

caphrim007 commented 6 years ago

@neozoolook this should now be added in the f5-ansible copy of virtual server. Give it a try and report any further issues