読者です 読者をやめる 読者になる 読者になる

Hack the World!

プログラミングや,ネットワークに関する話題を取り扱っています.知識をつけて,優雅にお仕事するのを目指しています.

Ansible を使って、big-ip を制御して、自動的にサービスを組み込む。その1

ansible

Ansible のNet Infrastructure モジュールは、LBやOpen vSwitchの制御が行えます。

これにより、サーバの自動構築の後に自動的にサービスに組み込むことが可能になります。
 
 
 
ここでは、F5ネットワークス社が提供している、Big-IP Vitrual Editionを利用して、試してみましょう。
まずは、通常のサーバと同様にVirtualBox を用いて試してみましょう。
 
ただし、Big-IP VEは、VirtualBOXには正式に対応していません。
以下のWikiに書いてある対応が必要になります。
 
 
 
 
■概要
 
 
big-ipでは以下のモジュールがサポートされています。
 
それぞれ以下のようになっています。
pool=グループ
pool member=グループのメンバー(Node+Port情報)
node=メンバーの詳細
 
 
monitor は、nodeやゲートウェイが生きているか、等の確認に利用します。
 
 
 
 
まずは基本である、bigip_factsを動かしてみます。
以下のように設定してみましょう。
- hosts: all
  gather_facts: False
  serial: 1
  tasks:
  - local_action: >
     bigip_facts
     include=interface,vlan,address_class,certificate,client_ssl_profile,device_group,interface,key,node,pool,rule,self_ip,software,system_info,traffic_group,trunk,virtual_address,virtual_server,vlan
     server=192.168.0.5(自分の環境に合わせて設定してください。)
     user=admin
     password=admin
    run_once: true
    delegate_to: 127.0.0.1
 
パラメータは、代替見てわかるかと思いますが、特徴的なのは、以下の3つです。
・IDやPW、IPをplaybookの中で設定する
・include に取得する内容を設定する。
・run_once,delegate_to 等のディレクティブを利用する。
 
上記は、通常のSSHコネクションを用いるのではなく、SOAP通信を利用する事に起因します。
big-ipは、iControl という、big-ipで提供されているAPIを利用する事から、
このような形式になっています。
 
また、PlaybookはInventoryファイルに基づいて、動作することから通常では、Inventoryに設定されたホストの回数分実行される事になります。
したがって、run_once を付与したり、delegate_to を使って、localhostで実行する様に設定します。
こうすることで、localhostからiControl API向けのリクエストを1回だけ投げると言った操作が可能になります。
 
 
 
以下がinterface,vlanの includeを設定した場合の結果になります。
まだmgmtしか設定していないので、mgmtの情報のみが取得できます。
 

f:id:graceful_life:20141009024445p:image

 
 
 
 
 
課題:run_onceが効かない
 
 
 
 
以下はフルで設定した場合の出力例になります。
 
PLAY [lb01] *******************************************************************
 
TASK: [bigip_facts  include=interface,vlan,address_class,certificate,client_ssl_profile,device_group,interface,key,node,pool,rule,self_ip,software,system_info,traffic_group,trunk,virtual_address,virtual_server,vlan server=192.168.0.5 user=admin password=admin
] ***
ok: [lb01 -> 127.0.0.1]
 
TASK: [debug var=test] ********************************************************
ok: [lb01] => {
    "test": {
        "ansible_facts": {
            "address_class": {
                "/Common/aol": {
                    "address_class": [
                        [
                            {
                                "address": "64.12.96.0",
                                "netmask": "255.255.224.0"
                            },
                            ""
                        ],
                        [
                            {
                                "address": "195.93.16.0",
                                "netmask": "255.255.240.0"
                            },
                            ""
                        ],
                        [
                            {
                                "address": "195.93.48.0",
                                "netmask": "255.255.252.0"
                            },
                            ""
                        ],
                        [
                            {
                                "address": "195.93.64.0",
                                "netmask": "255.255.224.0"
                            },
                            ""
                        ],
                        [
                            {
                                "address": "195.93.96.0",
                                "netmask": "255.255.224.0"
                            },
                            ""
                        ],
                        [
                            {
                                "address": "198.81.0.0",
                                "netmask": "255.255.252.0"
                            },
                            ""
                        ],
                        [
                            {
                                "address": "198.81.8.0",
                                "netmask": "255.255.254.0"
                            },
                            ""
                        ],
                        [
                            {
                                "address": "198.81.16.0",
                                "netmask": "255.255.240.0"
                            },
                            ""
                        ],
                        [
                            {
                                "address": "202.67.65.128",
                                "netmask": "255.255.255.128"
                            },
                            ""
                        ],
                        [
                            {
                                "address": "205.188.112.0",
                                "netmask": "255.255.240.0"
                            },
                            ""
                        ],
                        [
                            {
                                "address": "205.188.146.144",
                                "netmask": "255.255.255.252"
                            },
                            ""
                        ],
                        [
                            {
                                "address": "205.188.192.0",
                                "netmask": "255.255.240.0"
                            },
                            ""
                        ],
                        [
                            {
                                "address": "205.188.208.0",
                                "netmask": "255.255.254.0"
                            },
                            ""
                        ],
                        [
                            {
                                "address": "207.200.112.0",
                                "netmask": "255.255.248.0"
                            },
                            ""
                        ]
                    ],
                    "description": ""
                },
                "/Common/private_net": {
                    "address_class": [
                        [
                            {
                                "address": "10.0.0.0",
                                "netmask": "255.0.0.0"
                            },
                            ""
                        ],
                        [
                            {
                                "address": "172.16.0.0",
                                "netmask": "255.240.0.0"
                            },
                            ""
                        ],
                        [
                            {
                                "address": "192.168.0.0",
                                "netmask": "255.255.0.0"
                            },
                            ""
                        ]
                    ],
                    "description": ""
                }
            },
            "certificate": {
                "/Common/ca-bundle": {
                    "certificate": {
                        "bit_length": 1024,
                        "cert_info": {
                            "email": null,
                            "id": "/Common/ca-bundle"
                        },
                        "cert_type": "CTYPE_CA_SIGNED_UNKNOWN",
                        "expiration_date": 1534204740,
                        "expiration_string": "Aug 13 23:59:00 2018 GMT",
                        "issuer": {
                            "common_name": "GTE CyberTrust Global Root",
                            "country_name": "US",
                            "division_name": "GTE CyberTrust Solutions, Inc.",
                            "locality_name": null,
                            "organization_name": "GTE Corporation",
                            "state_name": null
                        },
                        "key_type": "KTYPE_RSA_PUBLIC",
                        "serial_number": "421",
                        "subject": {
                            "common_name": "GTE CyberTrust Global Root",
                            "country_name": "US",
                            "division_name": "GTE CyberTrust Solutions, Inc.",
                            "locality_name": null,
                            "organization_name": "GTE Corporation",
                            "state_name": null
                        },
                        "version": 1
                    },
                    "file_name": "/Common/ca-bundle.crt",
                    "is_bundled": true
                },
                "/Common/default": {
                    "certificate": {
                        "bit_length": 2048,
                        "cert_info": {
                            "email": "root@localhost.localdomain",
                            "id": "/Common/default"
                        },
                        "cert_type": "CTYPE_CA_SIGNED_UNKNOWN",
                        "expiration_date": 1728081927,
                        "expiration_string": "Oct  4 22:45:27 2024 GMT",
                        "issuer": {
                            "common_name": "localhost.localdomain",
                            "country_name": "US",
                            "division_name": "IT",
                            "locality_name": "Seattle",
                            "organization_name": "MyCompany",
                            "state_name": "WA"
                        },
                        "key_type": "KTYPE_RSA_PUBLIC",
                        "serial_number": "1740",
                        "subject": {
                            "common_name": "localhost.localdomain",
                            "country_name": "US",
                            "division_name": "IT",
                            "locality_name": "Seattle",
                            "organization_name": "MyCompany",
                            "state_name": "WA"
                        },
                        "version": 3
                    },
                    "file_name": "/Common/default.crt",
                    "is_bundled": false
                },
                "/Common/f5-irule": {
                    "certificate": {
                        "bit_length": 2048,
                        "cert_info": {
                            "email": "support@f5.com",
                            "id": "/Common/f5-irule"
                        },
                        "cert_type": "CTYPE_CA_SIGNED_UNKNOWN",
                        "expiration_date": 1944422489,
                        "expiration_string": "Aug 13 21:21:29 2031 GMT",
                        "issuer": {
                            "common_name": "support.f5.com",
                            "country_name": "US",
                            "division_name": "Product Development",
                            "locality_name": "Seattle",
                            "organization_name": "F5 Networks",
                            "state_name": "Washington"
                        },
                        "key_type": "KTYPE_RSA_PUBLIC",
                        "serial_number": "c3:4c:63:f7:7f:d3:ae:e5",
                        "subject": {
                            "common_name": "support.f5.com",
                            "country_name": "US",
                            "division_name": "Product Development",
                            "locality_name": "Seattle",
                            "organization_name": "F5 Networks",
                            "state_name": "Washington"
                        },
                        "version": 1
                    },
                    "file_name": "/Common/f5-irule.crt",
                    "is_bundled": false
                }
            },
            "client_ssl_profile": {
                "/Common/clientssl": {
                    "alert_timeout": {
                        "default_flag": false,
                        "value": 10
                    },
                    "allow_nonssl_state": {
                        "default_flag": true,
                        "value": "STATE_DISABLED"
                    },
                    "authenticate_depth": {
                        "default_flag": false,
                        "value": 9
                    },
                        "value": 9
                    },
                    "authenticate_once_state": {
                        "default_flag": false,
                        "value": "STATE_ENABLED"
                    },
                    "ca_file": {
                        "default_flag": false,
                        "value": null
                    },
                    "cache_size": {
                        "default_flag": false,
                        "value": 262144
                    },
                    "cache_timeout": {
                        "default_flag": false,
                        "value": 3600
                    },
                    "certificate_file": {
                        "default_flag": false,
                        "value": "/Common/default.crt"
                    },
                    "chain_file": {
                        "default_flag": false,
                        "value": null
                    },
                    "cipher_list": {
                        "default_flag": false,
                        "values": [
                            "DEFAULT"
                        ]
                    },
                    "client_certificate_ca_file": {
                        "default_flag": false,
                        "value": null
                    },
                    "crl_file": {
                        "default_flag": false,
                        "value": null
                    },
                    "default_profile": "",
                    "description": "",
                    "forward_proxy_ca_certificate_file": {
                        "default_flag": true,
                        "value": null
                    },
                    "forward_proxy_ca_key_file": {
                        "default_flag": true,
                        "value": null
                    },
                    "forward_proxy_ca_passphrase": {
                        "default_flag": true,
                        "value": null
                    },
                    "forward_proxy_certificate_extension_include": {
                        "default_flag": true,
                        "value":
                    },
                    "forward_proxy_certificate_lifespan": {
                        "default_flag": true,
                        "value": 30
                    },
                    "forward_proxy_enabled_state": {
                        "default_flag": true,
                        "value": "STATE_DISABLED"
                    },
                    "handshake_timeout": {
                        "default_flag": false,
                        "value": 10
                    },
                    "is_base_profile": true,
                    "is_system_profile": true,
                    "key_file": {
                        "default_flag": false,
                        "value": "/Common/default.key"
                    },
                    "modssl_emulation_state": {
                        "default_flag": false,
                        "value": "STATE_DISABLED"
                    },
                    "passphrase": {
                        "default_flag": false,
                        "value": null
                    },
                    "peer_certification_mode": {
                        "default_flag": false,
                        "value": "CLIENTSSL_CERTIFICATE_MODE_IGNORE"
                    },
                    "profile_mode": {
                        "default_flag": false,
                        "value": "PROFILE_MODE_ENABLED"
                    },
                    "renegotiation_maximum_record_delay": {
                        "default_flag": false,
                        "value": 10
                    },
                    "renegotiation_period": {
                        "default_flag": false,
                        "value": -1
                    },
                    "renegotiation_state": {
                        "default_flag": false,
                        "value": "STATE_ENABLED"
                    },
                    "renegotiation_throughput": {
                        "default_flag": false,
                        "value": -1
                    },
                    "secure_renegotiation_mode": {
                        "default_flag": false,
                        "value": "SECURE_RENEGOTIATION_MODE_REQUIRE"
                    },
                    "server_name": {
                        "default_flag": true,
                        "value": null
                    },
                    "session_ticket_state": {
                        "default_flag": true,
                        "value": "STATE_DISABLED"
                    },
                    "sni_default_state": {
                        "default_flag": true,
                        "value": "STATE_DISABLED"
                    },
                    "sni_require_state": {
                        "default_flag": true,
                        "value": "STATE_DISABLED"
                    },
                    "ssl_option": {
                        "default_flag": false,
                        "values": [
                            "SSL_OPTION_DONT_INSERT_EMPTY_FRAGMENTS"
                        ]
                    },
                    "strict_resume_state": {
                        "default_flag": false,
                        "value": "STATE_DISABLED"
                    },
                    "unclean_shutdown_state": {
                        "default_flag": false,
                        "value": "STATE_ENABLED"
                    }
                },
                "/Common/clientssl-insecure-compatible": {
                    "alert_timeout": {
                        "default_flag": true,
                        "value": 10
                    },
                    "allow_nonssl_state": {
                        "default_flag": true,
                        "value": "STATE_DISABLED"
                    },
                    "authenticate_depth": {
                        "default_flag": true,
                        "value": 9
                    },
                    "authenticate_once_state": {
                        "default_flag": true,
                        "value": "STATE_ENABLED"
                    },
                    "ca_file": {
                        "default_flag": true,
                        "value": null
                    },
                    "cache_size": {
                        "default_flag": true,
                        "value": 262144
                    },
                    "cache_timeout": {
                        "default_flag": true,
                        "value": 3600
                    },
                    "certificate_file": {
                        "default_flag": true,
                        "value": "/Common/default.crt"
                    },
                    "chain_file": {
                        "default_flag": true,
                        "value": null
                    },
                    "cipher_list": {
                        "default_flag": false,
                        "values": [
                            "!SSLv2",
                            "COMPAT",
                            "!DH",
                            "!ADH",
                            "!EDH",
                            "@SPEED"
                        ]
                    },
                    "client_certificate_ca_file": {
                        "default_flag": true,
                        "value": null
                    },
                    "crl_file": {
                        "default_flag": true,
                        "value": null
                    },
                    "default_profile": "/Common/clientssl",
                    "description": "",
                    "forward_proxy_ca_certificate_file": {
                        "default_flag": true,
                        "value": null
                    },
                    "forward_proxy_ca_key_file": {
                        "default_flag": true,
                        "value": null
                    },
                    "forward_proxy_ca_passphrase": {
                        "default_flag": true,
                        "value": null
                    },
                    "forward_proxy_certificate_extension_include": {
                        "default_flag": true,
                        "value":
                    },
                    "forward_proxy_certificate_lifespan": {
                        "default_flag": true,
                        "value": 30
                    },
                    "forward_proxy_enabled_state": {
                        "default_flag": true,
                        "value": "STATE_DISABLED"
                    },
                    "handshake_timeout": {
                        "default_flag": true,
                        "value": 10
                    },
                    "is_base_profile": false,
                    "is_system_profile": true,
                    "key_file": {
                        "default_flag": true,
                        "value": "/Common/default.key"
                    },
                    "modssl_emulation_state": {
                        "default_flag": true,
                        "value": "STATE_DISABLED"
                    },
                    "passphrase": {
                        "default_flag": true,
                        "value": null
                    },
                    "peer_certification_mode": {
                        "default_flag": true,
                        "value": "CLIENTSSL_CERTIFICATE_MODE_IGNORE"
                    },
                    "profile_mode": {
                        "default_flag": true,
                        "value": "PROFILE_MODE_ENABLED"
                    },
                    "renegotiation_maximum_record_delay": {
                        "default_flag": true,
                        "value": 10
                    },
                    "renegotiation_period": {
                        "default_flag": true,
                    "renegotiation_period": {
                        "default_flag": true,
                        "value": -1
                    },
                    "renegotiation_state": {
                        "default_flag": false,
                        "value": "STATE_ENABLED"
                    },
                    "renegotiation_throughput": {
                        "default_flag": true,
                        "value": -1
                    },
                    "secure_renegotiation_mode": {
                        "default_flag": false,
                        "value": "SECURE_RENEGOTIATION_MODE_REQUEST"
                    },
                    "server_name": {
                        "default_flag": true,
                        "value": null
                    },
                    "session_ticket_state": {
                        "default_flag": true,
                        "value": "STATE_DISABLED"
                    },
                    "sni_default_state": {
                        "default_flag": true,
                        "value": "STATE_DISABLED"
                    },
                    "sni_require_state": {
                        "default_flag": true,
                        "value": "STATE_DISABLED"
                    },
                    "ssl_option": {
                        "default_flag": true,
                        "values": [
                            "SSL_OPTION_DONT_INSERT_EMPTY_FRAGMENTS"
                        ]
                    },
                    "strict_resume_state": {
                        "default_flag": true,
                        "value": "STATE_DISABLED"
                    },
                    "unclean_shutdown_state": {
                        "default_flag": true,
                        "value": "STATE_ENABLED"
                    }
                },
                "/Common/wom-default-clientssl": {
                    "alert_timeout": {
                        "default_flag": true,
                        "value": 10
                    },
                    "allow_nonssl_state": {
                        "default_flag": false,
                        "value": "STATE_ENABLED"
                    },
                    "authenticate_depth": {
                        "default_flag": true,
                        "value": 9
                    },
                    "authenticate_once_state": {
                        "default_flag": true,
                        "value": "STATE_ENABLED"
                    },
                    "ca_file": {
                        "default_flag": true,
                        "value": null
                    },
                    "cache_size": {
                        "default_flag": true,
                        "value": 262144
                    },
                    "cache_timeout": {
                        "default_flag": true,
                        "value": 3600
                    },
                    "certificate_file": {
                        "default_flag": true,
                        "value": "/Common/default.crt"
                    },
                    "chain_file": {
                        "default_flag": true,
                        "value": null
                    },
                    "cipher_list": {
                        "default_flag": true,
                        "values": [
                            "DEFAULT"
                        ]
                    },
                    "client_certificate_ca_file": {
                        "default_flag": true,
                        "value": null
                    },
                    "crl_file": {
                        "default_flag": true,
                        "value": null
                    },
                    "default_profile": "/Common/clientssl",
                    "description": "",
                    "forward_proxy_ca_certificate_file": {
                        "default_flag": true,
                        "value": null
                    },
                    "forward_proxy_ca_key_file": {
                        "default_flag": true,
                        "value": null
                    },
                    "forward_proxy_ca_passphrase": {
                        "default_flag": true,
                        "value": null
                    },
                    "forward_proxy_certificate_extension_include": {
                        "default_flag": true,
                        "value":
                    },
                    "forward_proxy_certificate_lifespan": {
                        "default_flag": true,
                        "value": 30
                    },
                    "forward_proxy_enabled_state": {
                        "default_flag": true,
                        "value": "STATE_DISABLED"
                    },
                    "handshake_timeout": {
                        "default_flag": true,
                        "value": 10
                    },
                    "is_base_profile": false,
                    "is_system_profile": true,
                    "key_file": {
                        "default_flag": true,
                        "value": "/Common/default.key"
                    },
                    "modssl_emulation_state": {
                        "default_flag": true,
                        "value": "STATE_DISABLED"
                    },
                    "passphrase": {
                        "default_flag": true,
                        "value": null
                    },
                    "peer_certification_mode": {
                        "default_flag": true,
                        "value": "CLIENTSSL_CERTIFICATE_MODE_IGNORE"
                    },
                    "profile_mode": {
                        "default_flag": true,
                        "value": "PROFILE_MODE_ENABLED"
                    },
                    "renegotiation_maximum_record_delay": {
                        "default_flag": true,
                        "value": 10
                    },
                    "renegotiation_period": {
                        "default_flag": true,
                        "value": -1
                    },
                    "renegotiation_state": {
                        "default_flag": true,
                        "value": "STATE_ENABLED"
                    },
                    "renegotiation_throughput": {
                        "default_flag": true,
                        "value": -1
                    },
                    "secure_renegotiation_mode": {
                        "default_flag": true,
                        "value": "SECURE_RENEGOTIATION_MODE_REQUIRE"
                    },
                    "server_name": {
                        "default_flag": true,
                        "value": null
                    },
                    "session_ticket_state": {
                        "default_flag": true,
                        "value": "STATE_DISABLED"
                    },
                    "sni_default_state": {
                        "default_flag": true,
                        "value": "STATE_DISABLED"
                    },
                    "sni_require_state": {
                        "default_flag": true,
                        "value": "STATE_DISABLED"
                    },
                    "ssl_option": {
                        "default_flag": true,
                        "values": [
                            "SSL_OPTION_DONT_INSERT_EMPTY_FRAGMENTS"
                        ]
                    },
                    "strict_resume_state": {
                        "default_flag": true,
                        "value": "STATE_DISABLED"
                    },
                    "unclean_shutdown_state": {
                        "default_flag": true,
                        "value": "STATE_ENABLED"
                    }
                }
            },
            "device_group": {
                "/Common/device_trust_group": {
                    "all_preferred_active": false,
                    "autosync_enabled_state": "STATE_ENABLED",
                    "description": "",
                    "device": [
                        "/Common/bigip1"
                    ],
                    "network_failover_enabled_state": "STATE_DISABLED",
                    "type": "DGT_SYNC_ONLY"
                },
                "/Common/gtm": {
                    "all_preferred_active": false,
                    "autosync_enabled_state": "STATE_DISABLED",
                    "description": "",
                    "device": [
                        "/Common/bigip1"
                    ],
                    "network_failover_enabled_state": "STATE_DISABLED",
                    "type": "DGT_SYNC_ONLY"
                }
            },
            "interface": {
                "mgmt": {
                    "active_media": "MT_100TX_FULL",
                    "actual_flow_control": "FLOW_CONTROL_PAUSE_NONE",
                    "bundle_state": "INTERFACE_BUNDLE_NOT_SUPPORTED",
                    "description": "",
                    "dual_media_state": "STATE_DISABLED",
                    "enabled_state": "STATE_ENABLED",
                    "flow_control": "FLOW_CONTROL_PAUSE_TX_RX",
                    "learning_mode": "LEARNING_MODE_ENABLE_FORWARD",
                    "lldp_admin_status": "INTERFACE_LLDP_TXONLY",
                    "lldp_tlvmap": 130943,
                    "mac_address": "08:00:27:D4:76:EA",
                    "media": "MT_AUTO",
                    "media_option": {
                        "interface_name": "mgmt",
                        "media_options": [
                            "MT_NONE",
                            "MT_AUTO",
                            "MT_10T_FULL",
                            "MT_10T_HALF",
                            "MT_100TX_FULL",
                            "MT_100TX_HALF"
                        ]
                    },
                    "media_option_sfp": {
                        "interface_name": "mgmt",
                        "media_options": [
                            "MT_NONE",
                            "MT_AUTO"
                        ]
                    },
                    "media_sfp": "MT_AUTO",
                    },
                    "media_sfp": "MT_AUTO",
                    "media_speed": 100,
                    "media_status": "MEDIA_STATUS_UP",
                    "mtu": 1500,
                    "phy_master_slave_mode": "PHY_MODE_AUTO",
                    "prefer_sfp_state": "STATE_ENABLED",
                    "sfp_media_state": "STATE_DISABLED",
                    "stp_active_edge_port_state": "STATE_ENABLED",
                    "stp_enabled_state": "STATE_ENABLED",
                    "stp_link_type": "STP_LINK_TYPE_AUTO",
                    "stp_protocol_detection_reset_state": "STATE_DISABLED"
                }
            },
            "key": {
                "/Common/default": {
                    "file_name": "/Common/default.key",
                    "flags": 0,
                    "key_info": {
                        "bit_length": 2048,
                        "id": "/Common/default",
                        "key_type": "KTYPE_RSA_PRIVATE",
                        "security": "STYPE_NORMAL"
                    }
                }
            },
            "node": {},
            "pool": {},
            "rule": {
                "/Common/_sys_auth_krbdelegate": {
                    "definition": "when HTTP_REQUEST {\n        set thecert \"\"\n        set ckname F5KRBAUTH\n        set ckpass abc123\n        set authprofiles [PROFILE::list auth]\n        # Search the auth profiles for the krbdelegate(7) and grab cookie info\n        foreach profname $authprofiles {\n            if { [PROFILE::auth $profname type] == 7 } {\n                set tmpckname [PROFILE::auth $profname cookie_name]\n                set tmpckpass [PROFILE::auth $profname cookie_key]\n                if {[PROFILE::auth $profname cookie_name] != \"\" } {\n                    set ckname $tmpckname\n                    set ckpass $tmpckpass\n                    break\n                }\n            }\n        }\n        set seecookie 0\n        set insertcookie 0\n        # check for the cookie\n        if {not [info exists tmm_auth_http_sids(krbdelegate)]} {\n            set tmm_auth_sid [AUTH::start pam default_krbdelegate]\n            set tmm_auth_http_sids(krbdelegate) $tmm_auth_sid\n            AUTH::subscribe $tmm_auth_sid\n        } else {\n            set tmm_auth_sid $tmm_auth_http_sids(krbdelegate)\n        }\n        if { [PROFILE::exists clientssl] } {\n            set certcmd \"SSL::cert 0\"\n            set thecert [ eval $certcmd ]\n        }\n        if { $thecert == \"\" } {\n            # if no cert, assume old kerb delegation\n            # if there is no Authorization header and no cookie, get one.\n            if { ([HTTP::header Authorization] == \"\") and\n                  (not [HTTP::cookie exists $ckname])} {\n                HTTP::respond 401 WWW-Authenticate Negotiate\n                return\n            }\n        }\n        if {[HTTP::cookie exists $ckname]} {\n            set ckval [HTTP::cookie decrypt $ckname $ckpass]\n            AUTH::username_credential $tmm_auth_sid \"cookie\"\n            AUTH::password_credential $tmm_auth_sid $ckval\n            set seecookie 1\n        } else {\n            if { $thecert == \"\" } {\n                # Kerberos Delegation - set username\n                # Strip off the Negotiate before the base64d goodness\n                AUTH::username_credential $tmm_auth_sid [lindex [HTTP::header Authorization] 1]\n            }\n            else {\n                # Protocol Transition - set ttm_auth_sid\n                AUTH::username_credential $tmm_auth_sid \"krpprottran\"\n                AUTH::cert_credential $tmm_auth_sid $thecert\n            }\n            AUTH::password_credential $tmm_auth_sid \"xxxx\"\n        }\n        AUTH::authenticate $tmm_auth_sid\n\n        if {not [info exists tmm_auth_http_collect_count]} {\n            HTTP::collect\n            set tmm_auth_http_successes 0\n            set tmm_auth_http_collect_count 1\n        } else {\n            incr tmm_auth_http_collect_count\n        }\n    }\n    when AUTH_RESULT {\n        if {not [info exists tmm_auth_http_sids(krbdelegate)] or \\\n            ($tmm_auth_http_sids(krbdelegate) != [AUTH::last_event_session_id]) or \\\n            (not [info exists tmm_auth_http_collect_count])} {\n            return\n        }\n        if {[AUTH::status] == 0} {\n            incr tmm_auth_http_successes\n        }\n        # If multiple auth sessions are pending and\n        # one failure results in termination and this is a failure\n        # or enough successes have now occurred\n        if {([array size tmm_auth_http_sids] > 1) and \\\n            ((not [info exists tmm_auth_http_sufficient_successes] or \\\n             ($tmm_auth_http_successes >= $tmm_auth_http_sufficient_successes)))} {\n            # Abort the other auth sessions\n            foreach {type sid} [array get tmm_auth_http_sids] {\n                unset tmm_auth_http_sids($type)\n                if {($type ne \"krbdelegate\") and ($sid != -1)} {\n                    AUTH::abort $sid\n                    incr tmm_auth_http_collect_count -1\n               }\n            }\n        }\n        # If this is the last outstanding auth then either\n        # release or respond to this session\n        incr tmm_auth_http_collect_count -1\n        if {$tmm_auth_http_collect_count == 0} {\n            unset tmm_auth_http_collect_count\n            if { [AUTH::status] == 0 } {\n                array set pamout [AUTH::response_data]\n                HTTP::header replace Authorization \"Negotiate $pamout(krbdelegate:attr:SPNEGO)\"\n                if {$seecookie == 0} {\n                    set insertcookie $pamout(krbdelegate:attr:KRB5CCNAME)\n                }\n                HTTP::release\n            } else {\n                HTTP::respond 401 WWW-Authenticate Negotiate \"Set-Cookie\" \"$ckname= ; expires=Wed Dec 31 16:00:00 1969\"\n            }\n        }\n    }\n    # When the response goes out, if we need to insert a cookie, do it.\n    when HTTP_RESPONSE {\n        if {$insertcookie != 0} {\n            HTTP::cookie insert name $ckname value $insertcookie\n            HTTP::cookie encrypt $ckname $ckpass\n        }\n    }\ndefinition-signature mILi/VF69pqpNg+XJ4nClBl8+zq4v9FsiBYnKjX3zLZOChRWKt5CwkwpsbCRzx5DnvHglp9uXDYrjqcAFvM5aRA2R5LAhKQSq6pVPwHdZUJluYv0t3n6af/vSyc7KYsx6gga1jLuiFZaEzmG8c+r4igxwEee874iQBjYaWhHyKYGhlhly/Ez2FE9DNRpRepz2sq/jaKzEmmMod3CCXurXVGlC/Pk8qnbNid1yC15DGosrAKW1d8lhYbVBaXVQ1ahrr/UPYnDdHB1BiWUzRSS4uOKuUyUmT/xPI14/Nwv8zdFvlu+AnnD543zH6KhdSHhJ3zCVy2HSZ5wPuN3YswcBA==\n",
                    "description": ""
                },
                "/Common/_sys_auth_ssl_cc_ldap": {
                    "definition": "when CLIENT_ACCEPTED {\n        set tmm_auth_ssl_cc_ldap_sid 0\n        set tmm_auth_ssl_cc_ldap_done 0\n    }\n    when CLIENTSSL_CLIENTCERT {\n        set tmm_auth_ssl_cc_ldap_done 0\n        if {$tmm_auth_ssl_cc_ldap_sid == 0} {\n            set tmm_auth_ssl_cc_ldap_sid [AUTH::start pam default_ssl_cc_ldap]\n            if {[info exists tmm_auth_subscription]} {\n                AUTH::subscribe $tmm_auth_ssl_cc_ldap_sid\n            }\n        }\n        AUTH::cert_credential $tmm_auth_ssl_cc_ldap_sid [SSL::cert 0]\n        AUTH::authenticate $tmm_auth_ssl_cc_ldap_sid\n        SSL::handshake hold\n    }\n    when CLIENTSSL_HANDSHAKE {\n        set tmm_auth_ssl_cc_ldap_done 1\n    }\n    when AUTH_RESULT {\n        if {[info exists tmm_auth_ssl_cc_ldap_sid] and \\\n            ($tmm_auth_ssl_cc_ldap_sid == [AUTH::last_event_session_id])} {\n            set tmm_auth_status [AUTH::status]\n            if {$tmm_auth_status == 0} {\n                set tmm_auth_ssl_cc_ldap_done 1\n                SSL::handshake resume\n            } elseif {$tmm_auth_status != -1 || $tmm_auth_ssl_cc_ldap_done == 0} {\n                reject\n            }\n        }\n    }\ndefinition-signature ngQlx90MhJE25h5RJcXL8JWwGZQjMuOOisHV876CwOSP319nIAr0VTBcAoOWF6x2Y29seinXiUigiQ5mMbo4NhMiE1k20XGO17zsuzhRb/btIbw0auL836WZ26Jss0SRPeJO0aJ7OZ/WP644WGgSu17JPsm34KPw1Ca5ZRy/0hpH4UDFrBYM0QiLdzb1J6J26GnI4JcjmQvbTlHkhJB2GzzZq5ltuBKvv797yEiLh05tcUyz7JrOfmZZA6FWfV3SaCy2c2KT1LQ1LaEGbghh8trhFYY9rdcX41g6T71Y0sej13kkTOZXUVEadWDtaJzYkXQBulVgwG4FxNtamyQfNg==\n",
                    "description": ""
                },
                "/Common/_sys_auth_ssl_crldp": {
                    "definition": "when CLIENT_ACCEPTED {\n        set tmm_auth_ssl_crldp_sid 0\n        set tmm_auth_ssl_crldp_done 0\n    }\n    when CLIENTSSL_CLIENTCERT {\n        set tmm_auth_ssl_crldp_done 0\n        if {$tmm_auth_ssl_crldp_sid == 0} {\n            set tmm_auth_ssl_crldp_sid [AUTH::start pam default_ssl_crldp]\n            if {[info exists tmm_auth_subscription]} {\n                AUTH::subscribe $tmm_auth_ssl_crldp_sid\n            }\n        }\n        AUTH::cert_credential $tmm_auth_ssl_crldp_sid [SSL::cert 0]\n        AUTH::cert_issuer_credential $tmm_auth_ssl_crldp_sid [SSL::cert issuer 0]\n        AUTH::authenticate $tmm_auth_ssl_crldp_sid\n        SSL::handshake hold\n    }\n    when CLIENTSSL_HANDSHAKE {\n        set tmm_auth_ssl_crldp_done 1\n    }\n    when AUTH_RESULT {\n        if {[info exists tmm_auth_ssl_crldp_sid] and \\\n            ($tmm_auth_ssl_crldp_sid == [AUTH::last_event_session_id])} {\n            set tmm_auth_status [AUTH::status]\n            if {$tmm_auth_status == 0} {\n                set tmm_auth_ssl_crldp_done 1\n                SSL::handshake resume\n            } elseif {$tmm_auth_status != -1 || $tmm_auth_ssl_crldp_done == 0} {\n                reject\n            }\n        }\n    }\ndefinition-signature Wr7rrhc3cX2sRb1dFv/utR/rA8V4xtQ+3x8DjmlFXs/g/AV0TKd5vxQMHrfvvvGFJadPJG6KSGaKidVlDuU9SYEEisqqnF+gaObvLdLMDNW4uMlD9Rr2FuJ65XHRIGbmFrw6yhWR4pi79Q3a8C7g68CAedq1G45WiKAnlIhaz6HDLAHxDM01Snt/x1+x9j4yC2bM7FiL2MbDMQECVQTteY6au1qgCvumC0greBgbvCkbCtYDnVlRkpBj3BPXgcD0cQ373VxBtcUmoJLFvhxl/Vo8BzmCr1PzmVJjMjCEme26YA0fTr0fpvshrFDhgRFlWhm8o8lPsGxArZ9vVhmNUA==\n",
                    "description": ""
                },
                "/Common/_sys_auth_ssl_ocsp": {
                    "definition": "when CLIENT_ACCEPTED {\n        set tmm_auth_ssl_ocsp_sid 0\n        set tmm_auth_ssl_ocsp_done 0\n    }\n    when CLIENTSSL_CLIENTCERT {\n        set tmm_auth_ssl_ocsp_done 0\n        if {$tmm_auth_ssl_ocsp_sid == 0} {\n            set tmm_auth_ssl_ocsp_sid [AUTH::start pam default_ssl_ocsp]\n            if {[info exists tmm_auth_subscription]} {\n                AUTH::subscribe $tmm_auth_ssl_ocsp_sid\n            }\n        }\n        AUTH::cert_credential $tmm_auth_ssl_ocsp_sid [SSL::cert 0]\n        AUTH::cert_issuer_credential $tmm_auth_ssl_ocsp_sid [SSL::cert issuer 0]\n        AUTH::authenticate $tmm_auth_ssl_ocsp_sid\n        SSL::handshake hold\n    }\n    when CLIENTSSL_HANDSHAKE {\n        set tmm_auth_ssl_ocsp_done 1\n    }\n    when AUTH_RESULT {\n        if {[info exists tmm_auth_ssl_ocsp_sid] and \\\n            ($tmm_auth_ssl_ocsp_sid == [AUTH::last_event_session_id])} {\n            set tmm_auth_status [AUTH::status]\n            if {$tmm_auth_status == 0} {\n                set tmm_auth_ssl_ocsp_done 1\n                SSL::handshake resume\n            } elseif {$tmm_auth_status != -1 || $tmm_auth_ssl_ocsp_done == 0} {\n                reject\n            }\n        }\n    }\ndefinition-signature d8lro5/CxaPN2Tl4ktO940QgTQrrt6oPqjWxx2997wwA5kiK+xVeVolBhSFk3znMM07rA2J0A6ff7UqZDn6w1viC7M1QcB0LY0sbjc5YDLXpVBLlQzYLO7jDEb8qjPPLQGpprKzIX/78jTCYvYg9tXT2XkAxnZCuTE/U2SgUbRTHB2EJhmgdXznM/kbRzWWq94k0Y/etrPh5QOggWrskny4RotLOH3urkIJD2wXHlHMZfgtLmS59i/BQzTuBnnW2TGWbmD13mtn49rfkDRPEdhbqOHzMW1si5Lk4c406MXZw/9wEclSFE2EyXvU83EzrgHrh+W06HqyfL+ovZA0C4g==\n",
                    "description": ""
                },
                "/Common/_sys_https_redirect": {
                    "definition": "when HTTP_REQUEST {\n       HTTP::redirect https://[getfield [HTTP::host] \":\" 1][HTTP::uri]\n    }\ndefinition-signature mwyl4XlRKRMQc0prWs7RtpgPcNfocOKb+MaFwAnQgAuUZZyG68OaGZsOCN3poUOFdHOc6fk2XAdGRmTRiP/7BCT7thsOX5zLFzA1N1wcr57KWVzEZt3ezxVXn2Z974OmbWm7P5Lclcr7N3adrLJMWfyfPPVF1tUYn0IQPD2QNMmfbcbr1oCuO93n/5dn0s6/EacHZGG53hVibW7xQuJXdMtoQ6ArSZ4U3n4vCDTb6NLYbAj6PirVzKY2pcsWFHFUSVrphSFwERc8+0XGHUE6Cb3ihzygoZc2cQ5jk3frFY70MkDluPTShFRbHd7PlMPRezrfkVZVeUHA/iBPcYcD+w==\n",
                    "description": ""
                }
            },
            "self_ip": {},
            "software": [
                {
                    "active": true,
                    "base_build": "39.0",
                    "build": "39.0",
                    "edition": null,
                    "installation_id": {
                        "chassis_slot_id": 0,
                        "install_volume": "HD1.1"
                    },
                    "product": "BIG-IP",
                    "status": "complete",
                    "version": "11.3.0"
                }
            ],
            "system_info": {
                "base_mac_address": "08:00:27:D4:76:EA",
                "blade_temperature": ,
                "chassis_slot_information": [],
                "globally_unique_identifier": "08:00:27:D4:76:EA",
                "group_id": "DefaultGroup",
                "hardware_information": [
                    {
                        "model": "Intel(R) Core(TM) i7-3520M CPU @ 2.90GHz",
                        "name": "cpus",
                        "slot": 0,
                        "type": "HARDWARE_BASE_BOARD",
                        "versions": [
                            {
                                "name": "cache size",
                                "value": "6144 KB"
                            },
                            {
                                "name": "cores",
                                "value": "1"
                            },
                            {
                                "name": "cpu MHz",
                                "value": "2812.218"
                            }
                        ]
                    }
                ],
                "marketing_name": "BIG-IP Virtual Edition",
                "product_information": {
                    "package_edition": "VE Trial 11.3.0-HF1 (based on BIGIP 11.3.0HF6)",
                    "package_version": "Build 39.0 - Mon Mar 24 14:01:16 PDT 2014",
                    "product_code": "BIG-IP",
                    "product_features": [
                        "App Tunnel",
                        "Active Directory/Windows Domain Authentication",
                        "LDAP Authentication",
                        "RADIUS Authentication",
                        "SecurID Authentication",
                        "Base Endpoint Security Checks",
                        "Antivirus Checks",
                        "Firewall Checks",
                        "Machine Certificate Checks",
                        "Protected Workspace",
                        "Secure Virtual Keyboard",
                        "Network Access",
                        "Remote Desktop",
                        "Access Policy Manager Support",
                        "Reverse Proxy",
                        "Concurrent Connectivity Sessions (Limited): 10",
                        "Rate Shaping and Rate Class Support",
                        "Traffic Classification L4",
                        "Traffic Classification iRules+L7",
                        "Stochastic Fair Queuing Mode",
                        "Priority FIFO (ToS) Queuing Mode",
                        "QoS and ToS Tagging",
                        "Connection Limits",
                        "OneConnect - Switching and Pooling",
                        "Connection Rebinding",
                        "Connection Timeout",
                        "Route Pool",
                        "Last Hop Pool",
                        "Active Active",
                        "Failover",
                        "Pool Min Up Members",
                        "State Mirroring",
                        "VLAN Failsafe",
                        "HTTP traffic classifier",
                        "ICAP",
                        "iSession",
                        "iSNAT - Rules Referencing SNAT Pools",
                        "Basic Load Balancing",
                        "Dynamic Ratio Load Balancing",
                        "Fastest Load Balancing",
                        "L3 Addr Load Balancing",
                        "Least Connection Load Balancing",
                        "Least Sessions Load Balancing",
                        "Observed Load Balancing",
                        "LB Pools Maximum Nodes: Unlimited",
                        "Predictive Load Balancing",
                        "Priority Load Balancing",
                        "Ratio Load Balancing",
                        "Ratio Session Load Balancing",
                        "Round Robin Load Balancing",
                        "UDP Packet Load Balancing",
                        "Web Logic Load Balancing",
                        "DIAMETER Monitor",
                        "EAV Monitor",
                        "FTP Monitor",
                        "gateway ICMP Monitor",
                        "HTTP Monitor",
                        "HTTPS Monitor",
                        "ICMP Monitor",
                        "IMAP Monitor",
                        "Inband Monitor",
                        "LDAP Monitor",
                        "LDAP Over SSL Monitor",
                        "Module Score Monitor",
                        "Microsoft SQL Monitor",
                        "MySQL Monitor",
                        "NNTP Monitor",
                        "Oracle Monitor",
                        "POP3 Monitor",
                        "PostgreSQL Monitor",
                        "RADIUS Monitor",
                        "RealN Monitor",
                        "Reverse Keyword",
                        "RPC Monitor",
                        "Monitor Rules",
                        "SASP Monitor",
                        "SCRIPTED Monitor",
                        "SIP Monitor",
                        "SMB Monitor",
                        "SMTP Monitor",
                        "SNMP Monitor",
                        "Soap Monitor",
                        "TCP Monitor",
                        "TCP Echo Monitor",
                        "TCP Half Open Monitor",
                        "Transparent Device Monitor",
                        "UDP Monitor",
                        "Virtual Location Monitor",
                        "WAP Monitor",
                        "WMI Monitor",
                        "Monitors",
                        "Network Address Translation",
                        "Persistence",
                        "Cookie Persistence",
                        "Simple Persistence",
                        "SIP Persistence",
                        "SSL Session ID Persistence",
                        "Sticky Persistence",
                        "Universal Persistence",
                        "WTS Persistence",
                        "Pools",
                        "HTTP Content Transformation",
                        "Fast L4",
                        "FTP",
                        "HTTP Header Transformation",
                        "HTTP",
                        "Probe Control - IDS Traffic Management",
                        "HTTP Redirection",
                        "SIP",
                        "TCP",
                        "UDP",
                        "RAM Cache",
                        "RTSP switching",
                        "L4 iRules",
                        "L7 iRules",
                        "User-Defined Statistics",
                        "iRules",
                        "SCTP support",
                        "SNAT Standard",
                        "SSL Forward Proxy",
                        "Address Translation",
                        "Port Translation",
                        "Transparent Device Load Balancing",
                        "Access Policy Manager Limited",
                        "Local Traffic Manager",
                        "IPv6 DNS Support",
                        "IPv6 Gateway Module",
                        "Interface Mirroring",
                        "Spanning Tree Protocol",
                        "PVA Enable",
                        "SSL Mbps: 2000",
                        "CMP SSL",
                        "CMP SSL per core",
                        "SSL Total TPS: Unlimited",
                        "Virtual Edition number of vCPU cores: 1",
                        "Virtual Edition maximum throughput: 1",
                        "CMP compression per core",
                        "HTTP Compression: 50",
                        "BigIP Maximum throughput: 1",
                        "SSL client certificate authorization via LDAP",
                        "DDoS Connection Limits",
                        "Dynamic Connection Reaping",
                        "Packet Filter",
                        "SYN Check",
                        "SSL Support",
                        "SSL Online Certificate Status Protocol",
                        "SSL certificate validation via CRLDP"
                    ],
                    "product_version": "11.3.0"
                },
                    "product_version": "11.3.0"
                },
                "pva_version": null,
                "system_id": "80303E1B-1974-5B1F-FF25-1AE30CAE2879",
                "system_information": {
                    "annunciator_board_part_revision": null,
                    "annunciator_board_serial": null,
                    "chassis_serial": "7bc50f9c-5d9b-440b-577f19d0658f",
                    "host_board_part_revision": null,
                    "host_board_serial": null,
                    "host_name": "localhost.localdomain",
                    "os_machine": "x86_64",
                    "os_release": "2.6.32-220.el6.f5.x86_64",
                    "os_version": "#1 SMP Mon Mar 24 13:51:52 PDT 2014",
                    "platform": "Z99",
                    "product_category": "Virtual Edition Trial",
                    "switch_board_part_revision": null,
                    "switch_board_serial": null,
                    "system_name": "Linux"
                },
                "time": {
                    "day": 8,
                    "hour": 0,
                    "minute": 11,
                    "month": 10,
                    "second": 51,
                    "year": 2014
                },
                "time_zone": {
                    "gmt_offset": -7,
                    "is_daylight_saving_time": true,
                    "time_zone": "PDT"
                },
                "uptime": 3147
            },
            "traffic_group": {
                "/Common/traffic-group-1": {
                    "auto_failback_enabled_state": "STATE_DISABLED",
                    "auto_failback_time": 60,
                    "default_device": "",
                    "description": "",
                    "is_floating": true,
                    "mac_masquerade_address": "00:00:00:00:00:00",
                    "unit_id": 1
                },
                "/Common/traffic-group-local-only": {
                    "auto_failback_enabled_state": "STATE_DISABLED",
                    "auto_failback_time": 60,
                    "default_device": "",
                    "description": "",
                    "is_floating": false,
                    "mac_masquerade_address": "00:00:00:00:00:00",
                    "unit_id": 0
                }
            },
            "trunk": {},
            "virtual_address": {},
            "virtual_server": {},
            "vlan": {}
        },
        "changed": false,
        "invocation": {
            "module_args": "include=interface,vlan,address_class,certificate,client_ssl_profile,device_group,interface,key,node,pool,rule,self_ip,software,system_info,traffic_group,trunk,virtual_address,virtual_server,vlan server=192.168.0.5 user=admin password=admin",
            "module_name": "bigip_facts"
        }
    }
}
 
PLAY RECAP ********************************************************************
lb01                       : ok=2    changed=0    unreachable=0    failed=0