bigip_device_facts - Collect facts from F5 BIG-IP devices¶
New in version 2.7.
Synopsis¶
- Collect facts from F5 BIG-IP devices.
Requirements¶
The below requirements are needed on the host that executes this module.
- f5-sdk >= 3.0.16
Parameters¶
| Parameter | Choices/Defaults | Comments | |
|---|---|---|---|
|
gather_subset
required |
|
When supplied, this argument will restrict the facts returned to a given subset.
Can specify a list of values to include a larger subset.
Values can also be used with an initial
! to specify that a specific subset should not be collected.aliases: include |
|
|
password
required |
The password for the user account used to connect to the BIG-IP.
You may omit this option by setting the environment variable
F5_PASSWORD.aliases: pass, pwd |
||
|
provider
(added in 2.5) |
Default: None
|
A dict object containing connection details.
|
|
| ssh_keyfile |
Specifies the SSH keyfile to use to authenticate the connection to the remote device. This argument is only used for cli transports.
You may omit this option by setting the environment variable
ANSIBLE_NET_SSH_KEYFILE. |
||
| timeout |
Default: 10
|
Specifies the timeout in seconds for communicating with the network device for either connecting or sending commands. If the timeout is exceeded before the operation is completed, the module will error.
|
|
|
server
required |
The BIG-IP host.
You may omit this option by setting the environment variable
F5_SERVER. |
||
|
user
required |
The username to connect to the BIG-IP with. This user must have administrative privileges on the device.
You may omit this option by setting the environment variable
F5_USER. |
||
| server_port |
Default: 443
|
The BIG-IP server port.
You may omit this option by setting the environment variable
F5_SERVER_PORT. |
|
|
password
required |
The password for the user account used to connect to the BIG-IP.
You may omit this option by setting the environment variable
F5_PASSWORD.aliases: pass, pwd |
||
|
validate_certs
bool |
|
If
no, SSL certificates are not validated. Use this only on personally controlled sites using self-signed certificates.You may omit this option by setting the environment variable
F5_VALIDATE_CERTS. |
|
|
transport
required |
|
Configures the transport connection to use when connecting to the remote device.
|
|
|
server
required |
The BIG-IP host.
You may omit this option by setting the environment variable
F5_SERVER. |
||
|
server_port
(added in 2.2) |
Default: 443
|
The BIG-IP server port.
You may omit this option by setting the environment variable
F5_SERVER_PORT. |
|
|
user
required |
The username to connect to the BIG-IP with. This user must have administrative privileges on the device.
You may omit this option by setting the environment variable
F5_USER. |
||
|
validate_certs
bool (added in 2.0) |
|
If
no, SSL certificates are not validated. Use this only on personally controlled sites using self-signed certificates.You may omit this option by setting the environment variable
F5_VALIDATE_CERTS. |
|
Notes¶
Note
- For more information on using Ansible to manage F5 Networks devices see https://www.ansible.com/integrations/networks/f5.
- Requires the f5-sdk Python package on the host. This is as easy as
pip install f5-sdk. - Requires BIG-IP software version >= 12.
- The F5 modules only manipulate the running configuration of the F5 product. To ensure that BIG-IP specific configuration persists to disk, be sure to include at least one task that uses the bigip_config module to save the running configuration. Refer to the module’s documentation for the correct usage of the module to save your running configuration.
Examples¶
- name: Collect BIG-IP facts
bigip_device_facts:
gather_subset:
- interfaces
- vlans
provider:
server: lb.mydomain.com
user: admin
password: secret
delegate_to: localhost
- name: Collect all BIG-IP facts
bigip_device_facts:
gather_subset:
- all
provider:
server: lb.mydomain.com
user: admin
password: secret
delegate_to: localhost
- name: Collect all BIG-IP facts except trunks
bigip_device_facts:
gather_subset:
- all
- "!trunks"
provider:
server: lb.mydomain.com
user: admin
password: secret
delegate_to: localhost
Return Values¶
Common return values are documented here, the following are the fields unique to this module:
| Key | Returned | Description | |||
|---|---|---|---|---|---|
|
asm_policy_stats
complex
|
When asm-policy-stats is specified in gather_subset. |
Miscellaneous ASM policy related facts.
Sample:
hash/dictionary of values
|
|||
|
policies_attached
int
|
changed |
The number of ASM policies that are attached to virtual servers.
Sample:
1
|
|||
|
policies_inactive
int
|
changed |
The number of ASM policies that are marked as inactive.
|
|||
|
policies_active
int
|
changed |
The number of ASM policies that are marked as active.
Sample:
3
|
|||
|
policies
int
|
changed |
The total number of ASM policies on the device.
Sample:
3
|
|||
|
policies_unattached
int
|
changed |
The number of ASM policies that are not attached to a virtual server.
Sample:
3
|
|||
|
client_ssl_profiles
complex
|
When client-ssl-profiles is specified in gather_subset. |
Client SSL Profile related facts.
Sample:
hash/dictionary of values
|
|||
|
modssl_methods
bool
|
changed |
Enables or disables ModSSL method emulation.
|
|||
|
profile_mode_enabled
bool
|
changed |
Specifies the profile mode, which enables or disables SSL processing.
Sample:
True
|
|||
|
forward_proxy_lookup_by_ipaddr_port
bool
|
changed |
Specifies whether to perform certificate look up by IP address and port number.
|
|||
|
cache_timeout
int
|
changed |
Specifies the SSL session cache timeout value.
Sample:
3600
|
|||
|
strict_resume
bool
|
changed |
Enables or disables strict-resume.
Sample:
True
|
|||
|
allow_non_ssl
bool
|
changed |
Enables or disables non-SSL connections.
Sample:
True
|
|||
|
forward_proxy_ca_certificate_file
string
|
changed |
Specifies the name of the certificate file that is used as the certification authority certificate when SSL forward proxy feature is enabled.
|
|||
|
parent
string
|
changed |
Parent of the profile
Sample:
/Common/clientssl
|
|||
|
server_name
string
|
changed |
Specifies the server names to be matched with SNI (server name indication) extension information in ClientHello from a client connection.
Sample:
bigip01
|
|||
|
renegotiation
bool
|
changed |
Specifies whether renegotiations are enabled.
Sample:
True
|
|||
|
certificate_file
string
|
changed |
Specifies the name of the certificate installed on the traffic management system for the purpose of terminating or initiating an SSL connection.
Sample:
/Common/default.crt
|
|||
|
sni_default
bool
|
changed |
When
yes, this profile is the default SSL profile when the server name in a client connection does not match any configured server names, or a client connection does not specify any server name at all.Sample:
True
|
|||
|
forward_proxy_enabled
bool
|
changed |
Enables or disables SSL forward proxy feature.
Sample:
True
|
|||
|
forward_proxy_certificate_extension_include
list
|
changed |
Specifies the extensions of the web server certificates to be included in the generated certificates using SSL Forward Proxy.
Sample:
['basic-constraints', 'subject-alternative-name']
|
|||
|
sni_require
bool
|
changed |
When this option is
yes, a client connection that does not specify a known server name or does not support SNI extension will be rejected. |
|||
|
description
string
|
changed |
Description of the profile.
Sample:
My profile
|
|||
|
chain_file
string
|
changed |
Specifies or builds a certificate chain file that a client can use to authenticate the profile.
Sample:
/Common/ca-chain.crt
|
|||
|
authenticate_depth
int
|
changed |
Specifies the authenticate depth. This is the client certificate chain maximum traversal depth.
Sample:
9
|
|||
|
forward_proxy_ca_passphrase
string
|
changed |
Specifies the passphrase of the key file that is used as the certification authority key when SSL forward proxy feature is enabled.
|
|||
|
secure_renegotiation_mode
string
|
changed |
Specifies the secure renegotiation mode.
Sample:
require
|
|||
|
ca_file
string
|
changed |
Specifies the certificate authority (CA) file name.
Sample:
/Common/default-ca.crt
|
|||
|
retain_certificate
bool
|
changed |
APM module requires storing certificate in SSL session. When
no, certificate will not be stored in SSL session.Sample:
True
|
|||
|
full_path
string
|
changed |
Full name of the resource as known to BIG-IP.
Sample:
/Common/bigip02.internal
|
|||
|
renegotiation_period
int
|
changed |
Number of seconds required to renegotiate an SSL session.
|
|||
|
name
string
|
changed |
Relative name of the resource in BIG-IP.
Sample:
bigip02.internal
|
|||
|
ciphers
string
|
changed |
Specifies a list of cipher names.
Sample:
['DEFAULT']
|
|||
|
alert_timeout
int
|
changed |
Maximum time period in seconds to keep the SSL session active after alert message is sent, or indefinite.
|
|||
|
renegotiation_maximum_record_delay
int
|
changed |
Maximum number of SSL records that the traffic management system can receive before it renegotiates an SSL session.
|
|||
|
authenticate_frequency
string
|
changed |
Specifies how often the system authenticates a user.
Sample:
once
|
|||
|
crl_file
string
|
changed |
Specifies the certificate revocation list file name.
Sample:
/Common/default.crl
|
|||
|
forward_proxy_ca_key_file
string
|
changed |
Specifies the name of the key file that is used as the certification authority key when SSL forward proxy feature is enabled.
|
|||
|
session_ticket
bool
|
changed |
Enables or disables session-ticket.
|
|||
|
cache_size
int
|
changed |
Specifies the SSL session cache size.
Sample:
262144
|
|||
|
unclean_shutdown
bool
|
changed |
Whether to force the SSL profile to perform a clean shutdown of all SSL connections or not
|
|||
|
peer_certification_mode
string
|
changed |
Specifies the peer certificate mode.
Sample:
ignore
|
|||
|
forward_proxy_certificate_lifespan
int
|
changed |
Specifies the lifespan of the certificate generated using the SSL forward proxy feature.
Sample:
30
|
|||
|
handshake_timeout
int
|
changed |
Specifies the handshake timeout in seconds.
Sample:
10
|
|||
|
device_groups
complex
|
When device-groups is specified in gather_subset. |
Device group related facts.
Sample:
hash/dictionary of values
|
|||
|
autosync_enabled
bool
|
changed |
Whether the device group automatically synchronizes configuration data to its members.
|
|||
|
incremental_config_sync_size_maximum
int
|
changed |
Specifies the maximum size (in KB) to devote to incremental config sync cached transactions.
Sample:
1024
|
|||
|
name
string
|
changed |
Relative name of the resource in BIG-IP.
Sample:
fasthttp
|
|||
|
asm_sync_enabled
bool
|
changed |
Specifies whether to synchronize ASM configurations of device group members.
Sample:
True
|
|||
|
devices
list
|
changed |
List of devices that are in the group. Devices are listed by their
full_path.Sample:
['/Common/bigip02.internal']
|
|||
|
network_failover_enabled
bool
|
changed |
Specifies whether network failover is used.
Sample:
True
|
|||
|
type
string
|
changed |
Specifies the type of device group.
Sample:
sync-only
|
|||
|
full_load_on_sync
bool
|
changed |
Specifies that the entire configuration for a device group is sent when configuration synchronization is performed.
Sample:
True
|
|||
|
full_path
string
|
changed |
Full name of the resource as known to BIG-IP.
Sample:
/Common/fasthttp
|
|||
|
description
string
|
changed |
Description of the device group.
Sample:
My device group
|
|||
|
devices
complex
|
When devices is specified in gather_subset. |
Device related facts.
Sample:
hash/dictionary of values
|
|||
|
comment
string
|
changed |
User comments about the device.
Sample:
My device
|
|||
|
active_modules
list
|
changed |
The currently licensed and provisioned modules on the device.
Sample:
['DNS Services (LAB)', 'PSM, VE']
|
|||
|
product
string
|
changed |
Displays the software product name.
Sample:
BIG-IP
|
|||
|
description
string
|
changed |
Description of the device.
Sample:
My device
|
|||
|
software_version
string
|
changed |
Displays the software version number.
Sample:
13.1.0.7
|
|||
|
chassis_type
string
|
changed |
Displays the chassis type. The possible values are
individual and viprion.Sample:
individual
|
|||
|
configsync_address
string
|
changed |
IP address used for configuration synchronization.
Sample:
10.10.10.10
|
|||
|
failover_state
string
|
changed |
Device failover state.
Sample:
active
|
|||
|
secondary_mirror_address
string
|
changed |
Secondary IP address used for state mirroring.
Sample:
2.2.2.2
|
|||
|
timelimited_modules
list
|
changed |
Displays the licensed modules that are time-limited.
Sample:
['IP Intelligence, 3Yr, ...', 'PEM URL Filtering, 3Yr, ...']
|
|||
|
edition
string
|
changed |
Displays the software edition.
Sample:
Point Release 7
|
|||
|
base_mac_address
string
|
changed |
Media Access Control address (MAC address) of the device.
Sample:
fa:16:3e:c3:42:6f
|
|||
|
timezone
string
|
changed |
Displays the time zone configured on the device.
Sample:
UTC
|
|||
|
multicast_address
string
|
changed |
Specifies the multicast IP address used for failover.
Sample:
4.4.4.4
|
|||
|
unicast_addresses
complex
|
changed |
Specifies the entire set of unicast addresses used for failover.
|
|||
|
ip
string
|
changed |
The IP address that the failover daemon will listen on for packets from its peers.
Sample:
5.4.3.5
|
|||
|
effective_ip
string
|
changed |
The IP address that peers can use to reach this unicast address IP.
Sample:
5.4.3.5
|
|||
|
port
int
|
changed |
The IP port that the failover daemon uses to accept packets from its peers.
Sample:
1026
|
|||
|
effective_port
int
|
changed |
The port that peers can use to reach this unicast address.
Sample:
1026
|
|||
|
primary_mirror_address
string
|
changed |
Specifies the IP address used for state mirroring.
Sample:
5.5.5.5
|
|||
|
optional_modules
list
|
changed |
Modules that are available for the current platform, but are not currently licensed.
Sample:
['App Mode (TMSH Only, No Root/Bash)', 'BIG-IP VE, Multicast Routing']
|
|||
|
marketing_name
string
|
changed |
Marketing name of the device platform.
Sample:
BIG-IP Virtual Edition
|
|||
|
name
string
|
changed |
Relative name of the resource in BIG-IP.
Sample:
bigip02.internal
|
|||
|
self
bool
|
changed |
Whether this device is the one that was queried for facts, or not.
Sample:
True
|
|||
|
hostname
string
|
changed |
Device hostname
Sample:
bigip02.internal
|
|||
|
chassis_id
string
|
changed |
Serial number of the device.
Sample:
11111111-2222-3333-444444444444
|
|||
|
platform_id
string
|
changed |
Displays the device platform identifier.
Sample:
Z100
|
|||
|
contact
string
|
changed |
Administrator contact information.
Sample:
The User
|
|||
|
location
string
|
changed |
Specifies the physical location of the device.
Sample:
London
|
|||
|
management_address
string
|
changed |
IP address of the management interface.
Sample:
3.3.3.3
|
|||
|
full_path
string
|
changed |
Full name of the resource as known to BIG-IP.
Sample:
/Common/bigip02.internal
|
|||
|
build
string
|
changed |
The minor version information of the total product version.
Sample:
0.0.1
|
|||
|
external_monitors
complex
|
When external-monitors is specified in gather_subset. |
External monitor related facts.
Sample:
hash/dictionary of values
|
|||
|
args
string
|
Specifies any command-line arguments that the script requires.
Sample:
arg1 arg2 arg3
|
||||
|
name
string
|
changed |
Relative name of the resource in BIG-IP.
Sample:
external
|
|||
|
parent
string
|
changed |
Profile from which this profile inherits settings.
Sample:
external
|
|||
|
variables
complex
|
Specifies any variables that the script requires.
Sample:
{'key1': 'val', 'key_2': 'val 2'}
|
||||
|
destination
string
|
Specifies the IP address and service port of the resource that is the destination of this monitor.
Sample:
*:*
|
||||
|
interval
int
|
Specifies, in seconds, the frequency at which the system issues the monitor check when either the resource is down or the status of the resource is unknown.
Sample:
5
|
||||
|
time_until_up
int
|
Specifies the amount of time, in seconds, after the first successful response before a node is marked up.
|
||||
|
manual_resume
bool
|
Specifies whether the system automatically changes the status of a resource to up at the next successful monitor check.
Sample:
True
|
||||
|
timeout
int
|
Specifies the number of seconds the target has in which to respond to the monitor request.
Sample:
16
|
||||
|
up_interval
int
|
Specifies, in seconds, the frequency at which the system issues the monitor check when the resource is up.
|
||||
|
external_program
string
|
Specifies the name of the file for the monitor to use.
Sample:
/Common/arg_example
|
||||
|
full_path
string
|
changed |
Full name of the resource as known to BIG-IP.
Sample:
/Common/external
|
|||
|
description
string
|
changed |
Description of the resource.
Sample:
My monitor
|
|||
|
fasthttp_profiles
complex
|
When fasthttp-profiles is specified in gather_subset. |
FastHTTP profile related facts.
Sample:
hash/dictionary of values
|
|||
|
receive_window_size
int
|
changed |
Amount of data the BIG-IP system can accept without acknowledging the server.
|
|||
|
maximum_segment_size_override
int
|
changed |
Maximum segment size (MSS) override for server-side connections.
|
|||
|
description
string
|
changed |
Description of the resource.
Sample:
My profile
|
|||
|
oneconnect_idle_timeout_override
int
|
changed |
Number of seconds after which a server-side connection in a OneConnect pool is eligible for deletion, when the connection has no traffic.
|
|||
|
insert_x_forwarded_for
bool
|
changed |
Whether the system inserts the X-Forwarded-For header in an HTTP request with the client IP address, to use with connection pooling.
|
|||
|
request_header_insert
string
|
changed |
A string that the system inserts as a header in an HTTP request. If the header exists already, the system does not replace it.
Sample:
X-F5-Authentication: foo
|
|||
|
oneconnect_ramp_up_increment
int
|
changed |
The increment in which the system makes additional connections available, when all available connections are in use.
Sample:
4
|
|||
|
oneconnect_replenish'
bool
|
changed |
Specifies, when
yes, that the system will not keep a steady-state maximum of connections to the back-end unless the number of connections to the pool have dropped beneath the minimum_pool_size specified in the profile.Sample:
True
|
|||
|
idle_timeout
int
|
changed |
Length of time that a connection is idle (has no traffic) before the connection is eligible for deletion.
Sample:
300
|
|||
|
http_1_1_close_workarounds
bool
|
changed |
Specifies, when
yes, that the server uses workarounds for HTTP 1.1 close issues. |
|||
|
oneconnect_minimum_pool_size
int
|
changed |
Minimum number of connections to a load balancing pool.
|
|||
|
server_close_timeout
int
|
changed |
Number of seconds after which the system closes a client connection, when the system either receives a server FIN packet or sends a FIN packet to the server.
Sample:
5
|
|||
|
name
string
|
changed |
Relative name of the resource in BIG-IP.
Sample:
fasthttp
|
|||
|
server_sack
bool
|
changed |
Whether the BIG-IP system processes Selective ACK (Sack) packets in cookie responses from the server.
|
|||
|
client_close_timeout
int
|
changed |
Number of seconds after which the system closes a client connection, when the system either receives a client FIN packet or sends a FIN packet to the client.
Sample:
5
|
|||
|
server_timestamp
bool
|
changed |
Whether the BIG-IP system processes timestamp request packets in cookie responses from the server.
|
|||
|
parent
string
|
changed |
Profile from which this profile inherits settings.
Sample:
fasthttp
|
|||
|
reset_on_timeout
bool
|
changed |
Specifies, when
yes, that the system sends a reset packet (RST) in addition to deleting the connection, when a connection exceeds the idle timeout value.Sample:
True
|
|||
|
maximum_header_size
int
|
changed |
Maximum amount of HTTP header data that the system buffers before making a load balancing decision.
Sample:
32768
|
|||
|
maximum_requests
int
|
changed |
Maximum number of requests that the system can receive on a client-side connection, before the system closes the connection.
|
|||
|
oneconnect_maximum_reuse
int
|
changed |
Maximum number of times that the system can re-use a current connection.
|
|||
|
oneconnect_maximum_pool_size
int
|
changed |
Maximum number of connections to a load balancing pool.
Sample:
2048
|
|||
|
unclean_shutdown
string
|
changed |
How the system handles closing connections. Values provided may be
enabled, disabled, or fast.Sample:
enabled
|
|||
|
force_http_1_0_response
bool
|
changed |
Specifies, when
yes, that the server sends responses to clients in the HTTP/1.0 format. |
|||
|
full_path
string
|
changed |
Full name of the resource as known to BIG-IP.
Sample:
/Common/fasthttp
|
|||
|
fastl4_profiles
complex
|
When fastl4-profiles is specified in gather_subset. |
FastL4 profile related facts.
Sample:
hash/dictionary of values
|
|||
|
receive_window
int
|
changed |
Specifies the window size to use, in bytes.
The maximum is 2^31 for window scale enabling.
Sample:
1000
|
|||
|
pva_dynamic_client_packets
int
|
changed |
Specifies the number of client packets before dynamic ePVA hardware re-offloading occurs.
Values will be between 0 and 10.
Sample:
8
|
|||
|
tcp_handshake_timeout
int
|
changed |
Specifies a TCP handshake timeout in seconds.
Sample:
5
|
|||
|
hardware_syn_cookie
bool
|
changed |
Enables or disables hardware SYN cookie support when PVA10 is present on the system.
This option is deprecated in version 13.0.0 and is replaced by
syn-cookie-enable. |
|||
|
ttl_mode
string
|
changed |
Describe the outgoing TCP packet's IP Header TTL mode.
When
proxy, sets the outgoing IP Header TTL value to 255/64 for ipv4/ipv6 respectively.When
preserve, sets the outgoing IP Header TTL value to be same as the incoming IP Header TTL value.When
decrement, sets the outgoing IP Header TTL value to be one less than the incoming TTL value.When
set, sets the outgoing IP Header TTL value to a specific value(as specified by ttl_v4 or ttl_v6.Sample:
preserve
|
|||
|
priority_to_client
int or string
|
changed |
Specifies internal packet priority for the client side.
This option specifies the internal packet priority that the system assigns to packets when sending them to clients.
Sample:
300
|
|||
|
pva_offload_state
string
|
changed |
Specifies at what stage the ePVA performs hardware offload.
When
embryonic, implies at TCP CSYN or the first client UDP packet.When
establish, implies TCP 3WAY handshaking or UDP CS round trip are confirmed.Sample:
embryonic
|
|||
|
ttl_v6
int
|
changed |
Specify the outgoing packet's IP Header TTL value for IPv6 traffic.
Maximum value that can be specified is 255.
Sample:
300
|
|||
|
ip_tos_to_client
string or int
|
changed |
Specifies an IP Type of Service (ToS) number for the client-side.
This option specifies the ToS level that the traffic management system assigns to IP packets when sending them to clients.
Sample:
200
|
|||
|
tcp_timestamp_mode
string
|
changed |
Specifies how you want to handle the TCP timestamp.
Sample:
preserve
|
|||
|
late_binding
bool
|
changed |
Specifies whether to enable or disable intelligent selection of a back-end server pool.
Sample:
True
|
|||
|
mss_override
int
|
changed |
Specifies a maximum segment size (MSS) override for server connections. Note that this is also the MSS advertised to a client when a client first connects.
0 (zero), means the option is disabled. Otherwise, the value will be between 256 and 9162.Sample:
500
|
|||
|
loose_init
bool
|
changed |
Specifies that the system initializes a connection when it receives any Transmission Control Protocol (TCP) packet, rather than requiring a SYN packet for connection initiation.
Sample:
True
|
|||
|
software_syn_cookie
bool
|
changed |
Enables or disables software SYN cookie support when PVA10 is not present on the system.
This option is deprecated in version 13.0.0 and is replaced by
syn_cookie_enabled.Sample:
True
|
|||
|
dont_fragment_flag
string
|
changed |
Describes the Don't Fragment (DF) bit setting in the IP Header of the outgoing TCP packet.
When
pmtu, sets the outgoing IP Header DF bit based on IP pmtu setting(tm.pathmtudiscovery).When
preserve, sets the outgoing Packet's IP Header DF bit to be same as incoming IP Header DF bit.When
set, sets the outgoing packet's IP Header DF bit.When
clear, clears the outgoing packet's IP Header DF bit.Sample:
pmtu
|
|||
|
tcp_close_timeout
int
|
changed |
Specifies a TCP close timeout in seconds.
Sample:
100
|
|||
|
priority_to_server
int or string
|
changed |
Specifies internal packet priority for the server side.
This option specifies the internal packet priority that the system assigns to packets when sending them to servers.
Sample:
200
|
|||
|
tcp_window_scale_mode
string
|
changed |
Specifies how you want to handle the TCP window scale.
Sample:
preserve
|
|||
|
server_timestamp
bool
|
changed |
Specifies whether to support server timestamp option in cookie response by default.
Sample:
True
|
|||
|
link_qos_to_server
int or string
|
changed |
Specifies a Link QoS (VLAN priority) number for the server side.
This option specifies the QoS level that the system assigns to packets when sending them to servers.
Sample:
5
|
|||
|
pva_dynamic_server_packets
int
|
changed |
Specifies the number of server packets before dynamic ePVA hardware re-offloading occurs.
Values will be between 0 and 10.
Sample:
5
|
|||
|
ttl_v4
int
|
changed |
Specify the outgoing packet's IP Header TTL value for IPv4 traffic.
Maximum value that can be specified is 255.
Sample:
200
|
|||
|
tcp_time_wait_timeout
int
|
changed |
Specifies a TCP time_wait timeout in milliseconds.
Sample:
60
|
|||
|
pva_flow_aging
bool
|
changed |
Specifies if automatic aging from ePVA flow cache is enabled or not.
Sample:
True
|
|||
|
ip_tos_to_server
string or int
|
changed |
Specifies an IP ToS number for the server side.
This option specifies the ToS level that the traffic management system assigns to IP packets when sending them to servers.
Sample:
pass-through
|
|||
|
client_timeout
int
|
changed |
Specifies late binding client timeout in seconds.
This is the number of seconds allowed for a client to transmit enough data to select a server pool.
If this timeout expires, the timeout-recovery option dictates whether to drop the connection or fallback to the normal FastL4 load-balancing method to pick a server pool.
Sample:
30
|
|||
|
pva_offload_dynamic
bool
|
changed |
Specifies whether PVA flow dynamic offloading is enabled or not.
Sample:
True
|
|||
|
syn_cookie_whitelist
bool
|
changed |
Specifies whether or not to use a SYN Cookie WhiteList when doing software SYN Cookies.
|
|||
|
keep_alive_interval
int
|
changed |
Specifies the keep-alive probe interval, in seconds.
A value of 0 indicates keep-alive is disabled.
Sample:
10
|
|||
|
description
string
|
changed |
Description of the resource.
Sample:
My profile
|
|||
|
parent
string
|
changed |
Profile from which this profile inherits settings.
Sample:
fastl4
|
|||
|
idle_timeout
int
|
changed |
Specifies the number of seconds that a connection is idle before the connection is eligible for deletion.
Values will be in the range of 0 to 4294967295 (inclusive).
0 is equivalent to the TMUI value "immediate".4294967295 is equivalent to the TMUI value "indefinite".Sample:
300
|
|||
|
reassemble_fragments
bool
|
changed |
Specifies whether to reassemble fragments.
Sample:
True
|
|||
|
timeout_recovery
string
|
changed |
Specifies late binding timeout recovery mode. This is the action to take when late binding timeout occurs on a connection.
When
disconnect, only the L7 iRule actions are acceptable to pick a server.When
fallback, the normal FastL4 load-balancing methods are acceptable to pick a server.Sample:
fallback
|
|||
|
syn_cookie_enabled
bool
|
changed |
Enables syn-cookies capability on this virtual server.
|
|||
|
generate_init_seq_number
bool
|
changed |
Specifies whether you want to generate TCP sequence numbers on all SYNs that conform with RFC1948, and allow timestamp recycling.
Sample:
True
|
|||
|
name
string
|
changed |
Relative name of the resource in BIG-IP.
Sample:
fastl4
|
|||
|
strip_sack
bool
|
changed |
Specifies whether you want to block the TCP SackOK option from passing to the server on an initiating SYN.
Sample:
True
|
|||
|
server_sack
bool
|
changed |
Specifies whether to support server sack option in cookie response by default.
|
|||
|
pva_acceleration
string
|
changed |
Specifies the Packet Velocity(r) ASIC acceleration policy.
Sample:
full
|
|||
|
reset_on_timeout
bool
|
changed |
Specifies whether you want to reset connections on timeout.
Sample:
True
|
|||
|
rtt_from_client
bool
|
changed |
Enables or disables the TCP timestamp options to measure the round trip time to the client.
|
|||
|
rtt_from_server
bool
|
changed |
Enables or disables the TCP timestamp options to measure the round trip time to the server.
Sample:
True
|
|||
|
explicit_flow_migration
bool
|
changed |
Specifies whether to have the iRule code determine exactly when the FIX stream drops down to the ePVA hardware.
Sample:
True
|
|||
|
pva_flow_evict
bool
|
changed |
Specifies if this flow can be evicted upon hash collision with a new flow learn snoop request.
|
|||
|
link_qos_to_client
int or string
|
changed |
Specifies a Link Quality of Service (QoS) (VLAN priority) number for the client side.
This option specifies the QoS level that the system assigns to packets when sending them to clients.
Sample:
7
|
|||
|
loose_close
bool
|
changed |
Specifies that the system closes a loosely-initiated connection when the system receives the first FIN packet from either the client or the server.
|
|||
|
full_path
string
|
changed |
Full name of the resource as known to BIG-IP.
Sample:
/Common/fastl4
|
|||
|
syn_cookie_mss
int
|
changed |
Specifies a maximum segment size (MSS) for server connections when SYN Cookie is enabled.
Sample:
2000
|
|||
|
gateway_icmp_monitors
complex
|
When gateway-icmp-monitors is specified in gather_subset. |
Gateway ICMP monitor related facts.
Sample:
hash/dictionary of values
|
|||
|
destination
string
|
Specifies the IP address and service port of the resource that is the destination of this monitor.
Sample:
*:*
|
||||
|
description
string
|
changed |
Description of the resource.
Sample:
My monitor
|
|||
|
parent
string
|
changed |
Profile from which this profile inherits settings.
Sample:
gateway_icmp
|
|||
|
adaptive_divergence_type
string
|
Specifies whether the adaptive-divergence-value is
relative or absolute.Sample:
relative
|
||||
|
adaptive_divergence_value
int
|
Specifies how far from mean latency each monitor probe is allowed to be.
Sample:
25
|
||||
|
up_interval
int
|
Specifies, in seconds, the frequency at which the system issues the monitor check when the resource is up.
|
||||
|
transparent
bool
|
Specifies whether the monitor operates in transparent mode.
|
||||
|
adaptive_sampling_timespan
int
|
Specifies the size of the sliding window, in seconds, which records probe history.
Sample:
300
|
||||
|
name
string
|
changed |
Relative name of the resource in BIG-IP.
Sample:
gateway_icmp
|
|||
|
interval
int
|
Specifies, in seconds, the frequency at which the system issues the monitor check when either the resource is down or the status of the resource is unknown.
Sample:
5
|
||||
|
adaptive_limit
int
|
Specifies the hard limit, in milliseconds, which the probe is not allowed to exceed, regardless of the divergence value.
Sample:
200
|
||||
|
time_until_up
int
|
Specifies the amount of time, in seconds, after the first successful response before a node is marked up.
|
||||
|
manual_resume
bool
|
Specifies whether the system automatically changes the status of a resource to up at the next successful monitor check.
Sample:
True
|
||||
|
timeout
int
|
Specifies the number of seconds the target has in which to respond to the monitor request.
Sample:
16
|
||||
|
adaptive
bool
|
Whether adaptive response time monitoring is enabled for this monitor.
|
||||
|
full_path
string
|
changed |
Full name of the resource as known to BIG-IP.
Sample:
/Common/gateway_icmp
|
|||
|
gtm_pools
complex
|
When any of gtm-pools or gtm-*-pools is specified in gather_subset. |
GTM pool related facts.
Every "type" of pool has the exact same list of possible facts. Therefore, the list of facts here is presented once instead of 6 times.
Sample:
hash/dictionary of values
|
|||
|
verify_member_availability
bool
|
Whether or not the system verifies the availability of the members before sending a connection to them.
|
||||
|
partition
|
Partition the pool exists on.
|
||||
|
qos_packet_rate
int
|
Weight assign to the Packet Rate performance factor when load balacing option is QoS.
|
||||
|
qos_hit_ratio
int
|
Weight of the Hit Ratio performance factor for the QoS dynamic load balancing method
|
||||
|
disabled
bool
|
Is the pool disabled
|
||||
|
alternate_mode
string
|
The load balancing mode that the system uses to load balance name resolution requests among the members of the pool.
Sample:
drop-packet
|
||||
|
members
complex
|
Lists of members (and their configurations) in the pool.
|
||||
|
ttl
int
|
Number of seconds that the IP address, once found, is valid.
|
||||
|
qos_vs_score
int
|
Weight assign to the Virtual Server Score performance factor when load balacing option is QoS.
|
||||
|
qos_topology
int
|
Weight assign to the Topology performance factor when load balacing option is QoS.
|
||||
|
name
string
|
changed |
Relative name of the resource in BIG-IP.
Sample:
pool1
|
|||
|
max_answers_returned
int
|
Maximum number of available virtual servers that the system lists in a response.
|
||||
|
fallback_mode
string
|
Specifies the load balancing mode that the system uses to load balance name resolution amongst the pool members if the preferred and alternate modes are unsuccessful in picking a pool.
|
||||
|
qos_rtt
int
|
Weight assign to the Round Trip Time performance factor when load balacing option is QoS.
|
||||
|
load_balancing_mode
string
|
Specifies the preferred load balancing mode that the system uses to load balance requests across pool members.
|
||||
|
qos_kilobytes_second
int
|
Weight assigned to Kilobytes per Second performance factor when load balancing option is QoS.
|
||||
|
qos_lcs
int
|
Weight assign to the Link Capacity performance factor when load balacing option is QoS.
|
||||
|
enabled
bool
|
Is the pool enabled.
|
||||
|
qos_vs_capacity
int
|
Weight assign to the Virtual Server performance factor when load balacing option is QoS.
|
||||
|
qos_hops
int
|
Weight of the Hops performance factor when load balancing mode or fallback mode is QoS.
|
||||
|
manual_resume
bool
|
Whether manual resume is enabled for this pool
|
||||
|
full_path
string
|
changed |
Full name of the resource as known to BIG-IP.
Sample:
/Common/pool1
|
|||
|
dynamic_ratio
bool
|
Whether or not the dynamic ratio load balancing algorithm is enabled for this pool.
Sample:
True
|
||||
|
gtm_servers
complex
|
When gtm-servers is specified in gather_subset. |
GTM server related facts.
Sample:
hash/dictionary of values
|
|||
|
product
|
Specifies the server type.
|
||||
|
virtual_servers
complex
|
Virtual servers that are resources for this server.
|
||||
|
addresses
complex
|
Specifies the server IP addresses for the server.
|
||||
|
datacenter
string
|
Full name of the datacenter this server belongs to.
|
||||
|
limit_cpu_usage
|
For a server configured as a generic host, specifies the percent of CPU usage, otherwise has no effect.
|
||||
|
limit_mem_available_status
bool
|
Whether
limit_mem_available is enabled for this server. |
||||
|
expose_route_domains
bool
|
Allow the GTM server to auto-discover the LTM virtual servers from all route domains.
|
||||
|
virtual_server_discovery
string
|
Whether the system auto-discovers the virtual servers for this server.
|
||||
|
monitor_type
string
|
changed |
Whether one or monitors need to pass, or all monitors need to pass.
Sample:
and_list
|
|||
|
disabled
bool
|
Whether the server is disabled.
|
||||
|
iq_allow_snmp
bool
|
Whether the GTM uses this BIG-IP system to conduct an SNMP probe before delegating traffic to it.
|
||||
|
iq_allow_service_check
bool
|
Whether the GTM uses this BIG-IP system to conduct a service check probe before delegating traffic to it.
|
||||
|
limit_mem_available
|
For a server configured as a generic host, specifies the available memory required by the virtual servers on the server.
If available memory falls below this limit, the system marks the server as unavailable.
|
||||
|
prober_preference
|
Specifies the type of prober to use to monitor this servers resources.
|
||||
|
limit_max_bps_status
bool
|
Whether
limit_max_bps is enabled for this server. |
||||
|
limit_max_connections
|
Maximum number of concurrent connections, combind, for this server.
|
||||
|
monitors
list
|
changed |
Specifies health monitors that the system uses to determine whether this server is available for load balancing.
Sample:
['/Common/https_443', '/Common/icmp']
|
|||
|
name
string
|
changed |
Relative name of the resource in BIG-IP.
Sample:
server1
|
|||
|
link_discovery
string
|
Specifies whether the system auto-discovers the links for this server.
|
||||
|
iq_allow_path
bool
|
Whether the GTM uses this BIG-IP system to conduct a path probe before delegating traffic to it.
|
||||
|
limit_max_pps_status
bool
|
Whether
limit_max_pps is enabled for this server. |
||||
|
enabled
bool
|
Whether the server is enabled.
|
||||
|
devices
complex.
|
Specifies the names of the devies that represent this server.
|
||||
|
limit_cpu_usage_status
bool
|
Whether
limit_cpu_usage is enabled for this server. |
||||
|
limit_max_pps
|
Maximum allowable data transfer rate, in packets per second, for this server.
|
||||
|
limit_max_bps
|
Maximum allowable data throughput rate in bits per second for this server.
|
||||
|
prober_fallback
|
The type of prober to use to monitor this servers resources when the preferred type is not available.
|
||||
|
limit_max_connections_status
bool
|
Whether
limit_max_connections is enabled for this server. |
||||
|
full_path
string
|
changed |
Full name of the resource as known to BIG-IP.
Sample:
/Common/server1
|
|||
|
gtm_wide_ips
complex
|
When any of gtm-wide-ips or gtm-*-wide-ips is specified in gather_subset. |
GTM Wide IP related facts.
Every "type" of wide-ip has the exact same list of possible facts. Therefore, the list of facts here is presented once instead of 6 times.
Sample:
hash/dictionary of values
|
|||
|
persist_cidr_ipv4
|
Specifies the number of bits the system uses to identify IPv4 addresses when persistence is enabled.
|
||||
|
persist_cidr_ipv6
|
Specifies the number of bits the system uses to identify IPv6 addresses when persistence is enabled.
|
||||
|
pool_lb_mode
|
Specifies the load balancing method used to select a pool in this wide IP.
|
||||
|
name
string
|
changed |
Relative name of the resource in BIG-IP.
Sample:
wide1
|
|||
|
failure_rcode_response
bool
|
When
yes, specifies that the system returns a RCODE response to Wide IP requests after exhausting all load-balancing methods. |
||||
|
failure_rcode
|
Specifies the DNS RCODE used when
failure_rcode_response is yes. |
||||
|
enabled
bool
|
Whether the Wide IP is enabled.
|
||||
|
last_resort_pool
|
Specifies which pool, as listed in Pool List, for the system to use as the last resort pool for the wide IP.
|
||||
|
failure_rcode_ttl
|
Specifies the negative caching TTL of the SOA for the RCODE response.
|
||||
|
disabled
bool
|
Whether the Wide IP is disabled.
|
||||
|
ttl_persistence
|
Specifies, in seconds, the length of time for which the persistence entry is valid.
|
||||
|
pools
complex
|
Specifies the pools that this wide IP uses for load balancing.
|
||||
|
minimal_response
|
Specifies that the system forms the smallest allowable DNS response to a query.
|
||||
|
full_path
string
|
changed |
Full name of the resource as known to BIG-IP.
Sample:
/Common/wide1
|
|||
|
description
|
Description of the wide ip.
|
||||
|
http_monitors
complex
|
When http-monitors is specified in gather_subset. |
HTTP monitor related facts.
Sample:
hash/dictionary of values
|
|||
|
username
string
|
Specifies the username, if the monitored target requires authentication.
Sample:
user1
|
||||
|
receive_string
string
|
Specifies the text string that the monitor looks for in the returned resource.
Sample:
check string
|
||||
|
description
string
|
changed |
Description of the resource.
Sample:
My monitor
|
|||
|
parent
string
|
changed |
Profile from which this profile inherits settings.
Sample:
http
|
|||
|
interval
int
|
Specifies, in seconds, the frequency at which the system issues the monitor check when either the resource is down or the status of the resource is unknown.
Sample:
5
|
||||
|
adaptive_divergence_type
string
|
Specifies whether the adaptive-divergence-value is
relative or absolute.Sample:
relative
|
||||
|
adaptive_divergence_value
int
|
Specifies how far from mean latency each monitor probe is allowed to be.
Sample:
25
|
||||
|
up_interval
int
|
Specifies, in seconds, the frequency at which the system issues the monitor check when the resource is up.
|
||||
|
transparent
bool
|
Specifies whether the monitor operates in transparent mode.
|
||||
|
name
string
|
changed |
Relative name of the resource in BIG-IP.
Sample:
http
|
|||
|
adaptive_sampling_timespan
int
|
Specifies the size of the sliding window, in seconds, which records probe history.
Sample:
300
|
||||
|
reverse
bool
|
Specifies whether the monitor operates in reverse mode. When the monitor is in reverse mode, a successful check marks the monitored object down instead of up.
|
||||
|
send_string
string
|
Specifies the text string that the monitor sends to the target object.
Sample:
GET /\r\n
|
||||
|
destination
string
|
Specifies the IP address and service port of the resource that is the destination of this monitor.
Sample:
*:*
|
||||
|
adaptive_limit
int
|
Specifies the hard limit, in milliseconds, which the probe is not allowed to exceed, regardless of the divergence value.
Sample:
200
|
||||
|
time_until_up
int
|
Specifies the amount of time, in seconds, after the first successful response before a node is marked up.
|
||||
|
receive_disable_string
string
|
Specifies a text string that the monitor looks for in the returned resource. If the text string is matched in the returned resource, the corresponding node or pool member is marked session disabled.
Sample:
check disable string
|
||||
|
manual_resume
bool
|
Specifies whether the system automatically changes the status of a resource to up at the next successful monitor check.
Sample:
True
|
||||
|
timeout
int
|
Specifies the number of seconds the target has in which to respond to the monitor request.
Sample:
16
|
||||
|
adaptive
bool
|
Whether adaptive response time monitoring is enabled for this monitor.
|
||||
|
full_path
string
|
changed |
Full name of the resource as known to BIG-IP.
Sample:
/Common/http
|
|||
|
ip_dscp
int
|
Specifies the differentiated services code point (DSCP).
|
||||
|
http_profiles
complex
|
When http-profiles is specified in gather_subset. |
HTTP profile related facts.
Sample:
hash/dictionary of values
|
|||
|
insert_x_forwarded_for
bool
|
changed |
When
yes, specifies that the system inserts an X-Forwarded-For header in an HTTP request with the client IP address, to use with connection pooling. |
|||
|
request_chunking
string
|
changed |
Specifies how the system handles HTTP content that is chunked by a client.
Sample:
preserve
|
|||
|
via_request
string
|
changed |
Specifies whether to Remove, Preserve, or Append Via headers included in a client request to an origin web server.
Sample:
preserve
|
|||
|
parent
string
|
changed |
Profile from which this profile inherits settings.
Sample:
http
|
|||
|
excess_client_headers
string
|
changed |
Specifies the pass-through behavior when
max_header_count value is exceeded by the client.When
reject, rejects the connection.Sample:
reject
|
|||
|
oversize_server_headers
string
|
changed |
Specifies the pass-through behavior when the
max_header_size value is exceeded by the server.Sample:
reject
|
|||
|
full_path
string
|
changed |
Full name of the resource as known to BIG-IP.
Sample:
/Common/http
|
|||
|
sflow_poll_interval
int
|
changed |
The maximum interval in seconds between two pollings.
|
|||
|
accept_xff
bool
|
changed |
Enables or disables trusting the client IP address, and statistics from the client IP address, based on the request's X-Forwarded-For (XFF) headers, if they exist.
Sample:
True
|
|||
|
sflow_sampling_rate
int
|
changed |
Specifies the ratio of packets observed to the samples generated.
|
|||
|
max_requests
int
|
changed |
Specifies the number of requests that the system accepts on a per-connection basis.
|
|||
|
max_header_size
int
|
changed |
Specifies the maximum size in bytes the system allows for all HTTP request headers combined, including the request line.
Sample:
32768
|
|||
|
allow_truncated_redirects
bool
|
changed |
Specifies the pass-through behavior when a redirect lacking the trailing carriage-return and line feed pair at the end of the headers is parsed.
When
no, will silently drop the invalid HTTP. |
|||
|
server_agent_name
string
|
changed |
Specifies the string used as the server name in traffic generated by LTM.
Sample:
BigIP
|
|||
|
description
string
|
changed |
Description of the resource.
Sample:
My profile
|
|||
|
default_connect_handling
string
|
changed |
Specifies the behavior of the proxy service when handling outbound requests.
Sample:
deny
|
|||
|
hsts_enabled
bool
|
changed |
When
yes, enables the HTTP Strict Transport Security settings.Sample:
True
|
|||
|
oversize_client_headers
string
|
changed |
Specifies the pass-through behavior when the
max_header_size value is exceeded by the client.Sample:
reject
|
|||
|
name
string
|
changed |
Relative name of the resource in BIG-IP.
Sample:
http
|
|||
|
known_methods
list
|
changed |
Optimizes the behavior of a known HTTP method in the list.
The default methods include the following HTTP/1.1 methods. CONNECT, DELETE, GET, HEAD, LOCK, OPTIONS, POST, PROPFIND, PUT, TRACE, UNLOCK.
If a known method is deleted from the
known_methods list, the BIG-IP system applies the unknown_method setting to manage that traffic.Sample:
['CONNECT', 'DELETE', '...']
|
|||
|
excess_server_headers
string
|
changed |
Specifies the pass-through behavior when
max_header_count value is exceeded by the server.When
reject, rejects the connection.Sample:
reject
|
|||
|
unknown_method
string
|
changed |
Specifies the behavior (allow, reject, or pass through) when an unknown HTTP method is parsed.
Sample:
allow
|
|||
|
response_chunking
string
|
changed |
Specifies how the system handles HTTP content that is chunked by a server.
Sample:
selective
|
|||
|
lws_max_columns
int
|
changed |
Specifies the maximum column width for any given line, when inserting an HTTP header in an HTTP request.
Sample:
80
|
|||
|
pipeline_action
string
|
changed |
Enables or disables HTTP/1.1 pipelining.
Sample:
allow
|
|||
|
onconnect_transformations
bool
|
changed |
When
yes, specifies, that the system performs HTTP header transformations for the purpose of keeping connections open.Sample:
True
|
|||
|
hsts_include_subdomains
bool
|
changed |
When
yes, applies the HSTS policy to the HSTS host and its subdomains.Sample:
True
|
|||
|
proxy_mode
string
|
changed |
Specifies the proxy mode for this profile. Either reverse, explicit, or transparent.
Sample:
reverse
|
|||
|
max_header_count
int
|
changed |
Specifies the maximum number of headers the system supports.
Sample:
64
|
|||
|
via_response
string
|
changed |
Specifies whether to Remove, Preserve, or Append Via headers included in an origin web server response to a client.
Sample:
preserve
|
|||
|
redirect_rewrite
string
|
changed |
Specifies whether the system rewrites the URIs that are part of HTTP redirect (3XX) responses
Sample:
none
|
|||
|
https_monitors
complex
|
When https-monitors is specified in gather_subset. |
HTTPS monitor related facts.
Sample:
hash/dictionary of values
|
|||
|
username
string
|
Specifies the username, if the monitored target requires authentication.
Sample:
user1
|
||||
|
receive_string
string
|
Specifies the text string that the monitor looks for in the returned resource.
Sample:
check string
|
||||
|
description
string
|
changed |
Description of the resource.
Sample:
My monitor
|
|||
|
parent
string
|
changed |
Profile from which this profile inherits settings.
Sample:
http
|
|||
|
ssl_profile
string
|
Specifies the SSL profile to use for the HTTPS monitor.
Sample:
/Common/serverssl
|
||||
|
interval
int
|
Specifies, in seconds, the frequency at which the system issues the monitor check when either the resource is down or the status of the resource is unknown.
Sample:
5
|
||||
|
adaptive_divergence_type
string
|
Specifies whether the adaptive-divergence-value is
relative or absolute.Sample:
relative
|
||||
|
adaptive_divergence_value
int
|
Specifies how far from mean latency each monitor probe is allowed to be.
Sample:
25
|
||||
|
up_interval
int
|
Specifies, in seconds, the frequency at which the system issues the monitor check when the resource is up.
|
||||
|
transparent
bool
|
Specifies whether the monitor operates in transparent mode.
|
||||
|
name
string
|
changed |
Relative name of the resource in BIG-IP.
Sample:
http
|
|||
|
adaptive_sampling_timespan
int
|
Specifies the size of the sliding window, in seconds, which records probe history.
Sample:
300
|
||||
|
reverse
bool
|
Specifies whether the monitor operates in reverse mode. When the monitor is in reverse mode, a successful check marks the monitored object down instead of up.
|
||||
|
send_string
string
|
Specifies the text string that the monitor sends to the target object.
Sample:
GET /\r\n
|
||||
|
destination
string
|
Specifies the IP address and service port of the resource that is the destination of this monitor.
Sample:
*:*
|
||||
|
adaptive_limit
int
|
Specifies the hard limit, in milliseconds, which the probe is not allowed to exceed, regardless of the divergence value.
Sample:
200
|
||||
|
time_until_up
int
|
Specifies the amount of time, in seconds, after the first successful response before a node is marked up.
|
||||
|
receive_disable_string
string
|
Specifies a text string that the monitor looks for in the returned resource. If the text string is matched in the returned resource, the corresponding node or pool member is marked session disabled.
Sample:
check disable string
|
||||
|
manual_resume
bool
|
Specifies whether the system automatically changes the status of a resource to up at the next successful monitor check.
Sample:
True
|
||||
|
timeout
int
|
Specifies the number of seconds the target has in which to respond to the monitor request.
Sample:
16
|
||||
|
adaptive
bool
|
Whether adaptive response time monitoring is enabled for this monitor.
|
||||
|
full_path
string
|
changed |
Full name of the resource as known to BIG-IP.
Sample:
/Common/http
|
|||
|
ip_dscp
int
|
Specifies the differentiated services code point (DSCP).
|
||||
|
iapp_services
complex
|
When iapp-services is specified in gather_subset. |
iApp v1 service related facts.
Sample:
hash/dictionary of values
|
|||
|
tables
complex
|
changed |
List of the tabular data used to create the service.
Sample:
[{'name': 'basic__snatpool_members'}, '...']
|
|||
|
name
string
|
changed |
Relative name of the resource in BIG-IP.
Sample:
service1
|
|||
|
inherited_traffic_group
bool
|
changed |
Whether the traffic group is inherited or not.
Sample:
True
|
|||
|
strict_updates
bool
|
changed |
Whether strict updates are enabled or not.
Sample:
True
|
|||
|
inherited_device_group
bool
|
changed |
Whether the device group is inherited or not.
Sample:
True
|
|||
|
device_group
string
|
changed |
The device group the iApp service is part of.
Sample:
/Common/dg1
|
|||
|
template_modified
bool
|
changed |
Whether template that the service is based on is modified from its default value, or not.
Sample:
True
|
|||
|
lists
complex
|
changed |
List of the lists data used to create the service.
Sample:
[{'name': 'irules__irules'}, {'value': []}, '...']
|
|||
|
traffic_group
string
|
changed |
Traffic group the service is a part of.
Sample:
/Common/tg
|
|||
|
metadata
complex
|
changed |
List of the metadata data used to create the service..
Sample:
[{'name': 'var1'}, {'persist': 'true'}, '...']
|
|||
|
variables
complex
|
changed |
List of the variable data used to create the service.
Sample:
[{'name': 'afm__policy'}, {'encrypted': 'no'}, {'value': '/#no_not_use#'}, '...']
|
|||
|
full_path
string
|
changed |
Full name of the resource as known to BIG-IP.
Sample:
/Common/service1
|
|||
|
description
string
|
changed |
Description of the service
Sample:
My service
|
|||
|
icmp_monitors
complex
|
When icmp-monitors is specified in gather_subset. |
ICMP monitor related facts.
Sample:
hash/dictionary of values
|
|||
|
destination
string
|
Specifies the IP address and service port of the resource that is the destination of this monitor.
Sample:
*:*
|
||||
|
description
string
|
changed |
Description of the resource.
Sample:
My monitor
|
|||
|
parent
string
|
changed |
Profile from which this profile inherits settings.
Sample:
icmp
|
|||
|
adaptive_divergence_type
string
|
Specifies whether the adaptive-divergence-value is
relative or absolute.Sample:
relative
|
||||
|
adaptive_divergence_value
int
|
Specifies how far from mean latency each monitor probe is allowed to be.
Sample:
25
|
||||
|
up_interval
int
|
Specifies, in seconds, the frequency at which the system issues the monitor check when the resource is up.
|
||||
|
transparent
bool
|
Specifies whether the monitor operates in transparent mode.
|
||||
|
adaptive_sampling_timespan
int
|
Specifies the size of the sliding window, in seconds, which records probe history.
Sample:
300
|
||||
|
name
string
|
changed |
Relative name of the resource in BIG-IP.
Sample:
icmp
|
|||
|
interval
int
|
Specifies, in seconds, the frequency at which the system issues the monitor check when either the resource is down or the status of the resource is unknown.
Sample:
5
|
||||
|
adaptive_limit
int
|
Specifies the hard limit, in milliseconds, which the probe is not allowed to exceed, regardless of the divergence value.
Sample:
200
|
||||
|
time_until_up
int
|
Specifies the amount of time, in seconds, after the first successful response before a node is marked up.
|
||||
|
manual_resume
bool
|
Specifies whether the system automatically changes the status of a resource to up at the next successful monitor check.
Sample:
True
|
||||
|
timeout
int
|
Specifies the number of seconds the target has in which to respond to the monitor request.
Sample:
16
|
||||
|
adaptive
bool
|
Whether adaptive response time monitoring is enabled for this monitor.
|
||||
|
full_path
string
|
changed |
Full name of the resource as known to BIG-IP.
Sample:
/Common/icmp
|
|||
|
interfaces
complex
|
When interfaces is specified in gather_subset. |
Interface related facts.
Sample:
hash/dictionary of values
|
|||
|
description
string
|
changed |
Description of the interface
Sample:
My interface
|
|||
|
bundle_speed
string
|
changed |
The bundle-speed on the port when bundle capability is enabled.
Sample:
100G
|
|||
|
sflow_poll_interval
int
|
changed |
Specifies the maximum interval in seconds between two pollings.
|
|||
|
bundle
string
|
changed |
The bundle capability on the port.
Sample:
not-supported
|
|||
|
active_media_type
string
|
changed |
Displays the current media setting for the interface.
Sample:
100TX-FD
|
|||
|
sflow_poll_interval_global
bool
|
changed |
Specifies whether the global interface poll-interval setting overrides the object-level poll-interval setting.
Sample:
True
|
|||
|
prefer_port
string
|
changed |
Indicates which side of a combo port the interface uses, if both sides of the port have the potential for external links.
Sample:
sfp
|
|||
|
stp_link_type
string
|
changed |
Specifies the STP link type for the interface.
Sample:
auto
|
|||
|
if_index
int
|
changed |
The index assigned to this interface.
Sample:
32
|
|||
|
name
string
|
changed |
Relative name of the resource in BIG-IP.
Sample:
irule1
|
|||
|
stp_auto_edge_port
bool
|
changed |
STP edge port detection.
Sample:
True
|
|||
|
enabled
bool
|
changed |
Whether the interface is enabled or not
Sample:
True
|
|||
|
lldp_admin
string
|
changed |
Sets the sending or receiving of LLDP packets on that interface. Should be one of
disable, txonly, rxonly or txrx.Sample:
txonly
|
|||
|
mtu
int
|
changed |
Displays the Maximum Transmission Unit (MTU) of the interface, which is the maximum number of bytes in a frame without IP fragmentation.
Sample:
1500
|
|||
|
stp_enabled
bool
|
changed |
Whether STP is enabled or not.
|
|||
|
flow_control
string
|
changed |
Specifies how the system controls the sending of PAUSE frames for flow control.
Sample:
tx-rx
|
|||
|
mac_address
string
|
changed |
Displays the 6-byte ethernet address in non-case-sensitive hexadecimal colon notation.
Sample:
00:0b:09:88:00:9a
|
|||
|
media_sfp
string
|
changed |
The settings for an SFP (pluggable) interface.
Sample:
auto
|
|||
|
full_path
string
|
changed |
Full name of the resource as known to BIG-IP.
Sample:
/Common/irul1
|
|||
|
irules
complex
|
When irules is specified in gather_subset. |
iRule related facts.
Sample:
hash/dictionary of values
|
|||
|
definition
string
|
changed |
The actual definition of the iRule.
Sample:
when HTTP_REQUEST ...
|
|||
|
ignore_verification
bool
|
changed |
Whether the verification of the iRule should be ignored or not.
|
|||
|
name
string
|
changed |
Relative name of the resource in BIG-IP.
Sample:
irule1
|
|||
|
signature
string
|
changed |
The calculated signature of the iRule.
Sample:
WsYy2M6xMqvosIKIEH/FSsvhtWMe6xKOA6i7f...
|
|||
|
checksum
string
|
changed |
Checksum of the iRule as calculated by BIG-IP.
Sample:
d41d8cd98f00b204e9800998ecf8427e
|
|||
|
full_path
string
|
changed |
Full name of the resource as known to BIG-IP.
Sample:
/Common/irul1
|
|||
|
ltm_pools
complex
|
When ltm-pools is specified in gather_subset. |
List of LTM (Local Traffic Manager) pools.
Sample:
hash/dictionary of values
|
|||
|
minimum_up_members_action
string
|
changed |
The action to take if the
minimum_up_members_checking is enabled and the number of active pool members falls below the number specified in minimum_up_members.Sample:
failover
|
|||
|
allow_nat
bool
|
changed |
Whether NATs are automatically enabled or disabled for any connections using this pool.
Sample:
True
|
|||
|
lb_method
string
|
changed |
Load balancing method used by the pool.
Sample:
round-robin
|
|||
|
description
string
|
changed |
Description of the pool.
Sample:
my pool
|
|||
|
ignore_persisted_weight
bool
|
changed |
Do not count the weight of persisted connections on pool members when making load balancing decisions.
|
|||
|
server_link_qos
string
|
changed |
The Quality of Service (QoS) level to use when sending packets to a server.
Sample:
pass-through
|
|||
|
minimum_active_members
int
|
changed |
Whether the system load balances traffic according to the priority number assigned to the pool member.
This parameter is identical to
priority_group_activation and is just an alias for it.Sample:
2
|
|||
|
service_down_action
string
|
changed |
The action to take if the service specified in the pool is marked down.
Sample:
none
|
|||
|
members
complex
|
when members exist in the pool. |
List of LTM (Local Traffic Manager) pools.
|
|||
|
description
string
|
changed |
The description of the pool member.
Sample:
pool member 1
|
|||
|
ephemeral
bool
|
changed |
Whether the node backing the pool member is ephemeral or not.
Sample:
True
|
|||
|
encapsulation_profile
string
|
changed |
The encapsulation profile to use for the pool member.
Sample:
ip4ip4
|
|||
|
inherit_profile
bool
|
changed |
Whether the pool member inherits the encapsulation profile from the parent pool.
|
|||
|
session
string
|
changed |
Enables or disables the pool member for new sessions.
Sample:
monitor-enabled
|
|||
|
address
string
|
changed |
IP address of the pool member.
Sample:
1.1.1.1
|
|||
|
ratio
int
|
changed |
The weight of the pool for load balancing purposes.
Sample:
1
|
|||
|
rate_limit
bool
|
changed |
The maximum number of connections per second allowed for a pool member.
|
|||
|
logging
bool
|
changed |
Whether the monitor applied should log its actions.
|
|||
|
name
string
|
changed |
Relative name of the resource in BIG-IP.
Sample:
member:80
|
|||
|
partition
string
|
changed |
Partition that the member exists on.
Sample:
Common
|
|||
|
connection_limit
int
|
changed |
The maximum number of concurrent connections allowed for a pool member.
|
|||
|
monitors
list
|
changed |
Monitors active on the pool member. Monitor names are in their "full_path" form.
Sample:
['/Common/http']
|
|||
|
state
string
|
changed |
Controls the state of the pool member, overriding any monitors.
Sample:
down
|
|||
|
dynamic_ratio
int
|
changed |
A range of numbers that you want the system to use in conjunction with the ratio load balancing method.
Sample:
1
|
|||
|
fqdn_autopopulate
bool
|
changed |
Whether the node should scale to the IP address set returned by DNS.
Sample:
True
|
|||
|
priority_group
int
|
changed |
The priority group within the pool for this pool member.
|
|||
|
full_path
string
|
changed |
Full name of the resource as known to BIG-IP.
Includes the port in the name
Sample:
/Common/member:80
|
|||
|
queue_time_limit
int
|
changed |
Specifies the maximum time, in milliseconds, a connection will remain enqueued.
|
|||
|
name
string
|
changed |
Relative name of the resource in BIG-IP.
Sample:
pool1
|
|||
|
minimum_up_members
int
|
changed |
The minimum number of pool members that must be up.
Sample:
1
|
|||
|
priority_group_activation
int
|
changed |
Whether the system load balances traffic according to the priority number assigned to the pool member.
This parameter is identical to
minimum_active_members and is just an alias for it.Sample:
2
|
|||
|
allow_snat
bool
|
changed |
Whether SNATs are automatically enabled or disabled for any connections using this pool.
Sample:
True
|
|||
|
client_link_qos
string
|
changed |
Whether the system sets a Quality of Service (QoS) level within a packet sent to the client, based on the targeted pool.
Values can range from
0 to 7, or be set to pass-through.Sample:
pass-through
|
|||
|
reselect_tries
int
|
changed |
The number of times the system tries to contact a pool member after a passive failure.
|
|||
|
client_ip_tos
string
|
changed |
Whether the system sets a Type of Service (ToS) level within a packet sent to the client, based on the targeted pool.
Values can range from
0 to 255, or be set to pass-through or mimic.Sample:
pass-through
|
|||
|
slow_ramp_time
int
|
changed |
The ramp time for the pool.
This provides the ability to cause a pool member that has just been enabled, or marked up, to receive proportionally less traffic than other members in the pool.
Sample:
10
|
|||
|
minimum_up_members_checking
bool
|
changed |
Enables or disables the
minimum_up_members feature. |
|||
|
server_ip_tos
string
|
changed |
The Type of Service (ToS) level to use when sending packets to a server.
Sample:
pass-through
|
|||
|
full_path
string
|
changed |
Full name of the resource as known to BIG-IP.
Sample:
/Common/pool1
|
|||
|
queue_on_connection_limit
bool
|
changed |
Enable or disable queuing connections when pool member or node connection limits are reached.
Sample:
True
|
|||
|
queue_depth_limit
int
|
changed |
The maximum number of connections that may simultaneously be queued to go to any member of this pool.
Sample:
3
|
|||
|
metadata
complex
|
changed |
Dictionary of arbitrary key/value pairs set on the pool.
Sample:
hash/dictionary of values
|
|||
|
nodes
complex
|
When nodes is specified in gather_subset. |
Node related facts.
Sample:
hash/dictionary of values
|
|||
|
monitor_status
string
|
changed |
Status of the node as reported by the monitor(s) associated with it.
This value is also used in determining node
state.Sample:
down
|
|||
|
description
string
|
changed |
Description of the node.
Sample:
My node
|
|||
|
session_status
string
|
changed |
This value is also used in determining node
state.Sample:
enabled
|
|||
|
connection_limit
int
|
changed |
Maximum number of connections that node can handle.
Sample:
100
|
|||
|
address
string
|
changed |
IP address of the node.
Sample:
2.3.4.5
|
|||
|
status_reason
string
|
changed |
If there is a problem with the status of the node, that problem is reported here.
Sample:
/Common/https_443 No successful responses received...
|
|||
|
monitors
list
|
changed |
A list of the monitors identified in the
monitor_rule.Sample:
['/Common/https_443', '/Common/icmp']
|
|||
|
ratio
int
|
changed |
Fixed size ratio used for node during
Ratio load balancing.Sample:
10
|
|||
|
name
string
|
changed |
Relative name of the resource in BIG-IP.
Sample:
5.6.7.8
|
|||
|
monitor_rule
string
|
changed |
A string representation of the full monitor rule.
Sample:
/Common/https_443 and /Common/icmp
|
|||
|
rate_limit
int
|
changed |
Maximum number of connections per second allowed for node.
Sample:
1000
|
|||
|
enabled_status
string
|
changed |
The enabled-ness of the node.
Sample:
enabled
|
|||
|
full_path
string
|
changed |
Full name of the resource as known to BIG-IP.
Sample:
/Common/5.6.7.8
|
|||
|
availability_status
string
|
changed |
The availability of the node.
Sample:
offline
|
|||
|
monitor_type
string
|
changed |
The
monitor_type field related to the bigip_node module, for this nodes monitors.Sample:
and_list
|
|||
|
dynamic_ratio
int
|
changed |
Dynamic ratio number for the node used when doing
Dynamic Ratio load balancing.Sample:
200
|
|||
|
oneconnect_profiles
complex
|
When oneconnect-profiles is specified in gather_subset. |
OneConnect profile related facts.
Sample:
hash/dictionary of values
|
|||
|
idle_timeout_override
int
|
changed |
Specifies the number of seconds that a connection is idle before the connection flow is eligible for deletion.
Sample:
1000
|
|||
|
max_age
int
|
changed |
Specifies the maximum age, in number of seconds, of a connection in the connection reuse pool.
Sample:
100
|
|||
|
name
string
|
changed |
Relative name of the resource in BIG-IP.
Sample:
oneconnect
|
|||
|
parent
string
|
changed |
Profile from which this profile inherits settings.
Sample:
oneconnect
|
|||
|
source_mask
string
|
changed |
Specifies a source IP mask.
If no mask is provided, the value
any6 is used.Sample:
255.255.255.0
|
|||
|
limit_type
string
|
changed |
When
none, simultaneous in-flight requests and responses over TCP connections to a pool member are counted toward the limit.When
idle, idle connections will be dropped as the TCP connection limit is reached.When
strict, the TCP connection limit is honored with no exceptions. This means that idle connections will prevent new TCP connections from being made until they expire, even if they could otherwise be reused.Sample:
idle
|
|||
|
max_reuse
int
|
changed |
Specifies the maximum number of times that a server connection can be reused.
Sample:
1000
|
|||
|
full_path
string
|
changed |
Full name of the resource as known to BIG-IP.
Sample:
/Common/oneconnect
|
|||
|
share_pools
bool
|
changed |
Indicates that connections may be shared not only within a virtual server, but also among similar virtual servers.
Sample:
True
|
|||
|
max_size
int
|
changed |
Specifies the maximum number of connections that the system holds in the connection reuse pool.
If the pool is already full, then the server connection closes after the response is completed.
Sample:
1000
|
|||
|
description
string
|
changed |
Description of the resource.
Sample:
My profile
|
|||
|
partitions
complex
|
When partitions is specified in gather_subset. |
Partition related information.
Sample:
hash/dictionary of values
|
|||
|
default_route_domain
int
|
changed |
ID of the route domain that is associated with the IP addresses that reside in the partition.
|
|||
|
name
string
|
changed |
Relative name of the resource in BIG-IP.
Sample:
Common
|
|||
|
full_path
string
|
changed |
Full name of the resource as known to BIG-IP.
Sample:
Common
|
|||
|
description
string
|
changed |
Description of the partition.
Sample:
Tenant 1
|
|||
|
provision_info
complex
|
When provision-info is specified in gather_subset. |
Module provisioning related information.
Sample:
hash/dictionary of values
|
|||
|
disk_ratio
int
|
changed |
Ratio of disk allocated to this module.
Only relevant if
level was specified as custom. Otherwise, this value will be reported as 0. |
|||
|
level
int
|
changed |
Provisioned level of the module on BIG-IP.
Valid return values can include
none, minimum, nominal, dedicated and custom. |
|||
|
memory_ratio
int
|
changed |
Ratio of memory allocated to this module.
Only relevant if
level was specified as custom. Otherwise, this value will be reported as 0. |
|||
|
cpu_ratio
int
|
changed |
Ratio of CPU allocated to this module.
Only relevant if
level was specified as custom. Otherwise, this value will be reported as 0. |
|||
|
full_path
string
|
changed |
Full name of the resource as known to BIG-IP.
Sample:
asm
|
|||
|
name
string
|
changed |
Relative name of the resource in BIG-IP.
Sample:
asm
|
|||
|
self_ips
complex
|
When self-ips is specified in gather_subset. |
Self-IP related facts.
Sample:
hash/dictionary of values
|
|||
|
service_policy
string
|
changed |
Service policy assigned to the Self-IP.
Sample:
/Common/service1
|
|||
|
name
string
|
changed |
Relative name of the resource in BIG-IP.
Sample:
self1
|
|||
|
vlan
string
|
changed |
VLAN associated with the Self-IP.
Sample:
/Common/vlan1
|
|||
|
netmask
string
|
changed |
Netmask portion of the IP address. In dotted notation.
Sample:
255.255.255.0
|
|||
|
netmask_cidr
int
|
changed |
Netmask portion of the IP address. In CIDR notation.
Sample:
24
|
|||
|
traffic_group_inherited
bool
|
changed |
Whether or not the traffic group is inherited.
|
|||
|
full_path
string
|
changed |
Full name of the resource as known to BIG-IP.
Sample:
/Common/self1
|
|||
|
floating
bool
|
changed |
Whether the Self-IP is a floating address or not.
Sample:
True
|
|||
|
traffic_group
string
|
changed |
Traffic group the Self-IP is associated with.
Sample:
/Common/traffic-group-local-only
|
|||
|
allow_access_list
list
|
changed |
List of protocols and optionally their ports that are allowed to access the Self-IP. Also known as port-lockdown in the web interface.
Items in the list are in the format of "protocol:port". Some items may not have a port associated with them and in those cases the port is
0.Sample:
['tcp:80', 'egp:0']
|
|||
|
description
string
|
changed |
Description of the Self-IP.
Sample:
My self-ip
|
|||
|
server_ssl_profiles
complex
|
When server-ssl-profiles is specified in gather_subset. |
Server SSL related facts.
Sample:
hash/dictionary of values
|
|||
|
max_active_handshakes
string
|
Specifies the maximum number allowed SSL active handshakes.
Sample:
100
|
||||
|
ca_file
string
|
Certificate authority file name.
Sample:
default.crt
|
||||
|
chain
string
|
Specifies or builds a certificate chain file that a client can use to authenticate the profile.
Sample:
/Common/default.crt
|
||||
|
renegotiate_period
string
|
Number of seconds from the initial connect time after which the system renegotiates an SSL session.
Sample:
indefinite
|
||||
|
c3d_ca_cert
string
|
Name of the certificate file that is used as the certification authority certificate when SSL client certificate constrained delegation is enabled.
Sample:
/Common/cacert.crt
|
||||
|
sni_require
bool
|
When
yes, connections to a server that does not support SNI extension will be rejected. |
||||
|
cipher_group
string
|
Specifies a cipher group.
|
||||
|
session_mirroring
bool
|
Enables or disables the mirroring of sessions to high availability peer.
Sample:
True
|
||||
|
ssl_c3d
bool
|
Enables or disables SSL Client certificate constrained delegation.
Sample:
True
|
||||
|
mod_ssl_methods
bool
|
Enables or disables ModSSL methods.
Sample:
True
|
||||
|
allow_expired_crl
bool
|
changed |
Use the specified CRL file even if it has expired.
Sample:
True
|
|||
|
cache_timeout
int
|
The SSL session cache timeout value, which is the usable lifetime seconds of negotiated SSL session IDs.
Sample:
86400
|
||||
|
bypass_on_handshake_alert
bool
|
Enables or disables SSL forward proxy bypass on receiving handshake_failure, protocol_version or unsupported_extension alert message during the serverside SSL handshake.
|
||||
|
ssl_forward_proxy_enabled
bool
|
Enables or disables ssl-forward-proxy feature.
|
||||
|
ocsp
string
|
Specifies the name of ocsp profile for purpose of validating status of server certificate.
|
||||
|
expire_cert_response_control
string
|
Specifies the BIGIP action when the server certificate has expired.
Sample:
drop
|
||||
|
server_name
string
|
Server name to be included in SNI (server name indication) extension during SSL handshake in ClientHello.
|
||||
|
secure_renegotiation
string
|
Specifies the secure renegotiation mode.
Sample:
require
|
||||
|
proxy_ssl_passthrough
bool
|
Allows Proxy SSL to passthrough the traffic when ciphersuite negotiated between the client and server is not supported.
Sample:
True
|
||||
|
description
string
|
changed |
Description of the resource.
Sample:
My profile
|
|||
|
cert
string
|
The name of the certificate installed on the traffic management system for the purpose of terminating or initiating an SSL connection.
Sample:
/Common/default.crt
|
||||
|
c3d_cert_extension_includes
list
|
Extensions of the client certificates to be included in the generated certificates using SSL client certificate constrained delegation.
Sample:
['basic-constraints', 'extended-key-usage', '...']
|
||||
|
ssl_sign_hash
string
|
Specifies SSL sign hash algorithm which is used to sign and verify SSL Server Key Exchange and Certificate Verify messages for the specified SSL profiles.
Sample:
sha1
|
||||
|
strict_resume
bool
|
Enables or disables the resumption of SSL sessions after an unclean shutdown.
|
||||
|
untrusted_cert_response_control
string
|
Specifies the BIGIP action when the server certificate has untrusted CA.
Sample:
drop
|
||||
|
renegotiation
bool
|
Whether renegotiations are enabled.
Sample:
True
|
||||
|
sni_default
bool
|
When
yes, this profile is the default SSL profile when the server name in a client connection does not match any configured server names, or a client connection does not specify any server name at all.Sample:
True
|
||||
|
mode
bool
|
Enables or disables SSL processing.
|
||||
|
generic_alert
bool
|
Enables or disables generic-alert.
Sample:
True
|
||||
|
ciphers
string
|
Specifies a cipher name
Sample:
DEFAULT
|
||||
|
authenticate_name
string
|
changed |
Common Name (CN) that is embedded in a server certificate.
The system authenticates a server based on the specified CN.
Sample:
foo
|
|||
|
parent
string
|
changed |
Profile from which this profile inherits settings.
Sample:
serverssl
|
|||
|
c3d_cert_lifespan
int
|
Lifespan of the certificate generated using the SSL client certificate constrained delegation.
Sample:
24
|
||||
|
authenticate_depth
int
|
changed |
The client certificate chain maximum traversal depth
Sample:
9
|
|||
|
handshake_timeout
string
|
Specifies the handshake timeout in seconds.
Sample:
10
|
||||
|
full_path
string
|
changed |
Full name of the resource as known to BIG-IP.
Sample:
serverssl
|
|||
|
ssl_forward_proxy_bypass
bool
|
Enables or disables ssl-forward-proxy-bypass feature.
Sample:
True
|
||||
|
key
string
|
Specifies the key file name. Specifies the name of the key installed on the traffic management system for the purpose of terminating or initiating an SSL connection.
Sample:
/Common/default.key
|
||||
|
retain_certificate
bool
|
APM module requires storing certificate in SSL session. When
no, certificate will not be stored in SSL session. |
||||
|
c3d_ca_key
string
|
Name of the key file that is used as the certification authority key when SSL client certificate constrained delegation is enabled.
Sample:
/Common/default.key
|
||||
|
name
string
|
changed |
Relative name of the resource in BIG-IP.
Sample:
serverssl
|
|||
|
alert_timeout
string
|
changed |
Maximum time period in seconds to keep the SSL session active after alert message is sent, or indefinite.
Sample:
100
|
|||
|
peer_cert_mode
string
|
Specifies the peer certificate mode.
Sample:
ignore
|
||||
|
crl_file
string
|
Specifies the certificate revocation list file name.
|
||||
|
renegotiate_size
string
|
Specifies a throughput size, in megabytes, of SSL renegotiation.
Sample:
indefinite
|
||||
|
session_ticket
bool
|
Enables or disables session-ticket.
|
||||
|
authentication_frequency
string
|
changed |
Specifies the frequency of authentication.
Sample:
once
|
|||
|
cache_size
int
|
The SSL session cache size.
Sample:
262144
|
||||
|
unclean_shutdown
bool
|
Specifies, when
yes, that the SSL profile performs unclean shutdowns of all SSL connections, which means that underlying TCP connections are closed without exchanging the required SSL shutdown alerts.Sample:
True
|
||||
|
bypass_on_client_cert_fail
bool
|
Enables or disables SSL forward proxy bypass on failing to get client certificate that server asks for.
Sample:
True
|
||||
|
options
list
|
Enables options, including some industry-related workarounds.
Sample:
['netscape-reuse-cipher-change-bug', 'dont-insert-empty-fragments']
|
||||
|
proxy_ssl
bool
|
Allows further modification of application traffic within an SSL tunnel while still allowing the server to perform necessary authorization, authentication, auditing steps.
Sample:
True
|
||||
|
software_hotfixes
complex
|
When software-hotfixes is specified in gather_subset. |
List of software hotfixes.
Sample:
hash/dictionary of values
|
|||
|
product
string
|
changed |
Product contained in the ISO.
Sample:
BIG-IP
|
|||
|
verified
bool
|
changed |
Whether or not the system has verified this image.
Sample:
True
|
|||
|
name
string
|
changed |
Name of the image.
Sample:
Hotfix-BIGIP-13.0.0.3.0.1679-HF3.iso
|
|||
|
title
string
|
changed |
Human friendly name of the image.
Sample:
Hotfix Version 3.0.1679
|
|||
|
checksum
string
|
changed |
MD5 checksum of the image.
Note that this is the checksum that is stored inside the ISO. It is not the actual checksum of the ISO.
Sample:
df1ec715d2089d0fa54c0c4284656a98
|
|||
|
version
string
|
changed |
Version of software contained in the image.
This is a sub-string of the
name.Sample:
13.0.0
|
|||
|
build
string
|
changed |
Build number of the image.
This is usually a sub-string of the
name.Sample:
3.0.1679
|
|||
|
id
string
|
changed |
ID component of the image.
This is usually a sub-string of the
name.Sample:
HF3
|
|||
|
full_path
string
|
changed |
Full name of the resource as known to BIG-IP.
Sample:
Hotfix-BIGIP-13.0.0.3.0.1679-HF3.iso
|
|||
|
software_images
complex
|
When software-images is specified in gather_subset. |
List of software images.
Sample:
hash/dictionary of values
|
|||
|
build_date
string
|
changed |
Date of the build.
Sample:
2018-05-05T15:26:30
|
|||
|
product
string
|
changed |
Product contained in the ISO.
Sample:
BIG-IP
|
|||
|
verified
bool
|
changed |
Whether or not the system has verified this image.
Sample:
True
|
|||
|
name
string
|
changed |
Name of the image.
Sample:
BIGIP-13.1.0.7-0.0.1.iso
|
|||
|
checksum
string
|
changed |
MD5 checksum of the image.
Note that this is the checksum that is stored inside the ISO. It is not the actual checksum of the ISO.
Sample:
df1ec715d2089d0fa54c0c4284656a98
|
|||
|
last_modified
string
|
changed |
Last modified date of the ISO.
Sample:
2018-05-05T15:26:30
|
|||
|
build
string
|
changed |
Build number of the image.
This is usually a sub-string of the
name.Sample:
0.0.1
|
|||
|
version
string
|
changed |
Version of software contained in the image.
This is a sub-string of the
name.Sample:
13.1.0.7
|
|||
|
file_size
int
|
changed |
Size, in megabytes, of the image.
Sample:
1938
|
|||
|
full_path
string
|
changed |
Full name of the resource as known to BIG-IP.
Sample:
BIGIP-13.1.0.7-0.0.1.iso
|
|||
|
software_volumes
complex
|
When software-volumes is specified in gather_subset. |
List of software volumes.
Sample:
hash/dictionary of values
|
|||
|
status
string
|
changed |
Status of the software installed, or being installed, in the volume.
When
complete, indicates that the software has completed installing.Sample:
complete
|
|||
|
product
string
|
changed |
The F5 product installed in this slot.
This should always be BIG-IP.
Sample:
BIG-IP
|
|||
|
name
string
|
changed |
Relative name of the resource in BIG-IP.
This usually matches the
full_name.Sample:
HD1.1
|
|||
|
base_build
string
|
changed |
Base build version of the software installed in the volume.
When a hotfix is installed, this refers to the base version of software that the hotfix requires.
Sample:
0.0.6
|
|||
|
version
string
|
changed |
Version of software installed in the volume, excluding the
build number.Sample:
13.1.0.4
|
|||
|
build
string
|
changed |
Build version of the software installed in the volume.
Sample:
0.0.6
|
|||
|
active
bool
|
changed |
Whether the volume is currently active or not.
An active volume contains the currently running version of software.
Sample:
True
|
|||
|
full_path
string
|
changed |
Full name of the resource as known to BIG-IP.
Sample:
HD1.1
|
|||
|
default_boot_location
bool
|
changed |
Whether this volume is the default boot location or not.
Sample:
True
|
|||
|
ssl_certs
complex
|
When ssl-certs is specified in gather_subset. |
SSL certificate related facts.
Sample:
hash/dictionary of values
|
|||
|
last_update_time
string
|
changed |
Specifies the last time at which the file-object was updated/modified.
Sample:
2018-05-15T21:11:15Z
|
|||
|
name
string
|
changed |
Relative name of the resource in BIG-IP.
Sample:
cert1
|
|||
|
expiration_date
string
|
changed |
Specifies a string representation of the expiration date of the certificate.
Sample:
Aug 13 21:21:29 2031 GMT
|
|||
|
is_bundle
bool
|
changed |
Specifies whether the certificate file is a bundle (that is, whether it contains more than one certificate).
|
|||
|
key_type
string
|
changed |
Specifies the type of cryptographic key associated with this certificate.
Sample:
rsa-private
|
|||
|
key_size
int
|
changed |
Specifies the size (in bytes) of the file associated with this file object.
Sample:
2048
|
|||
|
create_time
string
|
changed |
Specifies the time at which the file-object was created.
Sample:
2018-05-15T21:11:15Z
|
|||
|
full_path
string
|
changed |
Full name of the resource as known to BIG-IP.
Sample:
/Common/cert1
|
|||
|
sha1_checksum
string
|
changed |
SHA1 checksum of the certificate.
Sample:
1306e84e1e6a2da53816cefe1f684b80d6be1e3e
|
|||
|
fingerprint
string
|
changed |
Displays the SHA-256 fingerprint of the certificate.
Sample:
SHA256/88:A3:05:...:59:01:EA:5D:B0
|
|||
|
system_path
string
|
changed |
Path on the BIG-IP where the cert can be found.
Sample:
/config/ssl/ssl.crt/f5-irule.crt
|
|||
|
subject
string
|
changed |
Specifies X509 information of the certificate's subject.
Sample:
[email protected],CN=...
|
|||
|
expiration_timestamp
int
|
changed |
Specifies the date at which this certificate expires. Stored as a POSIX time.
Sample:
1944422489
|
|||
|
issuer
string
|
changed |
Specifies X509 information of the certificate's issuer.
Sample:
[email protected],...CN=support.f5.com,
|
|||
|
ssl_keys
complex
|
When ssl-certs is specified in gather_subset. |
SSL certificate related facts.
Sample:
hash/dictionary of values
|
|||
|
key_type
string
|
changed |
Specifies the cryptographic type of the key in question. That is, which algorithm this key is compatible with.
Sample:
rsa-private
|
|||
|
key_size
int
|
changed |
Specifies the size of the cryptographic key associated with this file object, in bits.
Sample:
2048
|
|||
|
name
string
|
changed |
Relative name of the resource in BIG-IP.
Sample:
key1
|
|||
|
sha1_checksum
string
|
changed |
The SHA1 checksum of the key.
Sample:
1fcf7de3dd8e834d613099d8e10b2060cd9ecc9f
|
|||
|
system_path
string
|
changed |
The path on the filesystem where the key is stored.
Sample:
/config/ssl/ssl.key/default.key
|
|||
|
security_type
string
|
changed |
Specifies the type of security used to handle or store the key.
Sample:
normal
|
|||
|
full_path
string
|
changed |
Full name of the resource as known to BIG-IP.
Sample:
/Common/key1
|
|||
|
system_db
complex
|
When system-db is specified in gather_subset. |
System DB related facts.
Sample:
hash/dictionary of values
|
|||
|
name
string
|
changed |
Relative name of the resource in BIG-IP.
Sample:
vendor.wwwurl
|
|||
|
value_range
string
|
changed |
The accepted range of values for the key
Sample:
string
|
|||
|
scf_config
string
|
changed |
Whether the database key would be found in an SCF config or not.
|
|||
|
default
string
|
changed |
Default value of the key.
Sample:
www.f5.com
|
|||
|
full_path
string
|
changed |
Full name of the resource as known to BIG-IP.
Sample:
vendor.wwwurl
|
|||
|
value
string
|
changed |
The value of the key
Sample:
www.f5.com
|
|||
|
system_info
complex
|
When traffic-groups is specified in gather_subset. |
Traffic group related facts.
Sample:
hash/dictionary of values
|
|||
|
product_changelist
int
|
Changelist that product branches from.
Sample:
2557198
|
||||
|
product_build_date
string
|
Human readable build date.
Sample:
Tue May 15 15:26:30 PDT 2018
|
||||
|
package_version
string
|
A string combining the
product_build and product_build_date.Sample:
Build 0.0.1 - Tue May 15 15:26:30 PDT 2018
|
||||
|
product_version
string
|
Major product version of the running software.
Sample:
13.1.0.7
|
||||
|
product_build
string
|
Build version of the release version.
Sample:
0.0.1
|
||||
|
platform
string
|
Platform identifier.
Sample:
Z100
|
||||
|
base_mac_address
string
|
changed |
Media Access Control address (MAC address) of the device.
Sample:
fa:16:3e:c3:42:6f
|
|||
|
host_board_part_revision
string
|
Revision of the host board.
|
||||
|
product_code
string
|
Code identifying the product.
Sample:
BIG-IP
|
||||
|
package_edition
string
|
changed |
Displays the software edition.
Sample:
Point Release 7
|
|||
|
product_built
int
|
Unix timestamp of when the product was built.
Sample:
180515152630
|
||||
|
uptime
int
|
Time, in seconds, since the system booted.
Sample:
603202
|
||||
|
marketing_name
string
|
changed |
Marketing name of the device platform.
Sample:
BIG-IP Virtual Edition
|
|||
|
host_board_serial
string
|
Serial of the host board.
|
||||
|
chassis_serial
string
|
Serial of the chassis
Sample:
11111111-2222-3333-444444444444
|
||||
|
hardware_information
complex
|
changed |
Information related to the hardware (drives and CPUs) of the system.
|
|||
|
model
string
|
The model of the hardware.
Sample:
Virtual Disk
|
||||
|
type
string
|
The type of hardware.
Sample:
physical-disk
|
||||
|
name
string
|
The name of the hardware.
Sample:
HD1
|
||||
|
versions
complex
|
Hardware specific properties
|
||||
|
version
string
|
Value of the property
Sample:
154.00G
|
||||
|
name
string
|
Name of the property
Sample:
Size
|
||||
|
time
complex
|
changed |
Mapping of the current time information to specific time-named keys.
|
|||
|
second
int
|
changed |
The current second of the minute.
Sample:
51
|
|||
|
hour
int
|
changed |
The current hour of the day in 24-hour form.
Sample:
18
|
|||
|
year
int
|
changed |
The current year in 4-digit form.
Sample:
2018
|
|||
|
day
int
|
changed |
The current day of the month, in numeric form.
Sample:
7
|
|||
|
minute
int
|
changed |
The current minute of the hour.
Sample:
16
|
|||
|
month
int
|
changed |
The current month, in numeric form.
Sample:
6
|
|||
|
switch_board_serial
string
|
Serial of the switch board.
|
||||
|
product_jobid
int
|
ID of the job that built the product version.
Sample:
1012030
|
||||
|
switch_board_part_revision
string
|
Switch board revision.
|
||||
|
tcp_half_open_monitors
complex
|
When tcp-half-open-monitors is specified in gather_subset. |
TCP Half-open monitor related facts.
Sample:
hash/dictionary of values
|
|||
|
interval
int
|
Specifies, in seconds, the frequency at which the system issues the monitor check when either the resource is down or the status of the resource is unknown.
Sample:
5
|
||||
|
name
string
|
changed |
Relative name of the resource in BIG-IP.
Sample:
tcp
|
|||
|
parent
string
|
changed |
Profile from which this profile inherits settings.
Sample:
tcp
|
|||
|
destination
string
|
Specifies the IP address and service port of the resource that is the destination of this monitor.
Sample:
*:*
|
||||
|
time_until_up
int
|
Specifies the amount of time, in seconds, after the first successful response before a node is marked up.
|
||||
|
manual_resume
bool
|
Specifies whether the system automatically changes the status of a resource to up at the next successful monitor check.
Sample:
True
|
||||
|
timeout
int
|
Specifies the number of seconds the target has in which to respond to the monitor request.
Sample:
16
|
||||
|
up_interval
int
|
Specifies, in seconds, the frequency at which the system issues the monitor check when the resource is up.
|
||||
|
transparent
bool
|
Specifies whether the monitor operates in transparent mode.
|
||||
|
full_path
string
|
changed |
Full name of the resource as known to BIG-IP.
Sample:
/Common/tcp
|
|||
|
description
string
|
changed |
Description of the resource.
Sample:
My monitor
|
|||
|
tcp_monitors
complex
|
When tcp-monitors is specified in gather_subset. |
TCP monitor related facts.
Sample:
hash/dictionary of values
|
|||
|
destination
string
|
Specifies the IP address and service port of the resource that is the destination of this monitor.
Sample:
*:*
|
||||
|
description
string
|
changed |
Description of the resource.
Sample:
My monitor
|
|||
|
parent
string
|
changed |
Profile from which this profile inherits settings.
Sample:
tcp
|
|||
|
adaptive_divergence_type
string
|
Specifies whether the adaptive-divergence-value is
relative or absolute.Sample:
relative
|
||||
|
adaptive_divergence_value
int
|
Specifies how far from mean latency each monitor probe is allowed to be.
Sample:
25
|
||||
|
up_interval
int
|
Specifies, in seconds, the frequency at which the system issues the monitor check when the resource is up.
|
||||
|
transparent
bool
|
Specifies whether the monitor operates in transparent mode.
|
||||
|
reverse
bool
|
Specifies whether the monitor operates in reverse mode. When the monitor is in reverse mode, a successful check marks the monitored object down instead of up.
|
||||
|
adaptive_sampling_timespan
int
|
Specifies the size of the sliding window, in seconds, which records probe history.
Sample:
300
|
||||
|
name
string
|
changed |
Relative name of the resource in BIG-IP.
Sample:
tcp
|
|||
|
interval
int
|
Specifies, in seconds, the frequency at which the system issues the monitor check when either the resource is down or the status of the resource is unknown.
Sample:
5
|
||||
|
adaptive_limit
int
|
Specifies the hard limit, in milliseconds, which the probe is not allowed to exceed, regardless of the divergence value.
Sample:
200
|
||||
|
time_until_up
int
|
Specifies the amount of time, in seconds, after the first successful response before a node is marked up.
|
||||
|
manual_resume
bool
|
Specifies whether the system automatically changes the status of a resource to up at the next successful monitor check.
Sample:
True
|
||||
|
timeout
int
|
Specifies the number of seconds the target has in which to respond to the monitor request.
Sample:
16
|
||||
|
adaptive
bool
|
Whether adaptive response time monitoring is enabled for this monitor.
|
||||
|
full_path
string
|
changed |
Full name of the resource as known to BIG-IP.
Sample:
/Common/tcp
|
|||
|
ip_dscp
int
|
Specifies the differentiated services code point (DSCP).
|
||||
|
tcp_profiles
complex
|
When tcp-profiles is specified in gather_subset. |
TCP profile related facts.
Sample:
hash/dictionary of values
|
|||
|
receive_window
int
|
Specifies the maximum advertised RECEIVE window size.
Sample:
65535
|
||||
|
syn_cookie_enable
bool
|
Specifies the default (if no DoS profile is associated) number of embryonic connections that are allowed on any virtual server, before SYN Cookie challenges are enabled for that virtual server.
Sample:
True
|
||||
|
verified_accept
bool
|
Specifies, when
yes, that the system can actually communicate with the server before establishing a client connection.Sample:
True
|
||||
|
initial_congestion_window_size
int
|
Specifies the initial congestion window size for connections to this destination.
Sample:
3
|
||||
|
minimum_rto
int
|
Specifies the minimum length of time the system waits for acknowledgements of data sent before resending the data.
Sample:
1000
|
||||
|
fast_open_cookie_expiration
int
|
Specifies the number of seconds that a Fast Open Cookie delivered to a client is valid for SYN packets from that client.
Sample:
1000
|
||||
|
md5_signature
bool
|
Specifies, when
yes, to use RFC2385 TCP-MD5 signatures to protect TCP traffic against intermediate tampering.Sample:
True
|
||||
|
push_flag
string
|
Specifies how the BIG-IP system receives ACKs.
Sample:
default
|
||||
|
time_to_live
string
|
Specifies the outgoing TCP packet's IP Header TTL mode.
Sample:
proxy
|
||||
|
mptcp_checksum_verify
bool
|
Specifies, when
yes, that the system verifies the checksum for MPTCP connections. |
||||
|
fin_wait_2
string
|
Specifies the length of time that a TCP connection is in the FIN-WAIT-2 state before quitting.
Sample:
100
|
||||
|
syn_cookie_white_list
bool
|
Specifies whether or not to use a SYN Cookie WhiteList when doing software SYN Cookies.
|
||||
|
fin_wait_1
string
|
Specifies the length of time that a TCP connection is in the FIN-WAIT-1 or CLOSING state before quitting.
Sample:
indefinite
|
||||
|
mptcp_retransmit_min
int
|
Specifies the minimum value (in msec) of the retransmission timer for these MPTCP flows.
Sample:
1000
|
||||
|
dont_fragment_flag
string
|
Specifies the Don't Fragment (DF) bit setting in the IP Header of the outgoing TCP packet.
Sample:
pmtu
|
||||
|
max_segment_size
int
|
Specifies the largest amount of data that the system can receive in a single TCP segment, not including the TCP and IP headers.
Sample:
1460
|
||||
|
enhanced_loss_recovery
bool
|
Specifies whether the system uses enhanced loss recovery to recover from random packet losses more effectively.
Sample:
True
|
||||
|
retransmit_threshold
int
|
Specifies the number of duplicate ACKs (retransmit threshold) to start fast recovery.
Sample:
3
|
||||
|
mptcp_subflow_max
int
|
Specifies the maximum number of MPTCP subflows for a single flow.
Sample:
6
|
||||
|
congestion_metrics_cache
bool
|
Specifies, when
yes, that the system uses a cache for storing congestion metrics.Subsequently, because these metrics are already known and cached, the initial slow-start ramp for previously-encountered peers improves.
Sample:
True
|
||||
|
ip_tos
string
|
Specifies the L3 Type of Service (ToS) level that the system inserts in TCP packets destined for clients.
Sample:
mimic
|
||||
|
explicit_congestion_notification
bool
|
Specifies, when
yes, that the system uses the TCP flags CWR (congestion window reduction) and ECE (ECN-Echo) to notify its peer of congestion and congestion counter-measures.Sample:
True
|
||||
|
mptcp_no_join_dss_ack
bool
|
Specifies, when checked (enabled), that no DSS option is sent on the JOIN ACK.
|
||||
|
close_wait
string
|
Specifies the length of time that a TCP connection remains in the LAST-ACK state before quitting.
In addition to a numeric value, the value of this fact may also be one of
immediate or indefinite.When
immediate, specifies that the TCP connection closes immediately after entering the LAST-ACK state.When
indefinite, specifies that TCP connections in the LAST-ACK state do not close until they meet the maximum retransmissions timeout. | ||||