Documentation

bigip_snmp_community - Manages SNMP communities on a BIG-IP.

New in version 2.6.

Synopsis

  • Assists in managing SNMP communities on a BIG-IP. Different SNMP versions are supported by this module. Take note of the different parameters offered by this module, as different parameters work for different versions of SNMP. Typically this becomes an interest if you are mixing versions v2c and 3.

Requirements

The below requirements are needed on the host that executes this module.

  • f5-sdk >= 3.0.9

Parameters

Parameter Choices/Defaults Comments
access
    Choices:
  • ro
  • rw
  • read-only
  • read-write
Specifies the user's access level to the MIB.
When creating a new community, if this parameter is not specified, the default is ro.
When ro, specifies that the user can view the MIB, but cannot modify the MIB.
When rw, specifies that the user can view and modify the MIB.
community
Specifies the community string (password) for access to the MIB.
This parameter is only relevant when version is v1, or v2c. If version is something else, this parameter is ignored.
ip_version
    Choices:
  • 4
  • 6
Specifies whether the record applies to IPv4 or IPv6 addresses.
When creating a new community, if this value is not specified, the default of 4 will be used.
This parameter is only relevant when version is v1, or v2c. If version is something else, this parameter is ignored.
name
Name that identifies the SNMP community.
When version is v1 or v2c, this parameter is required.
The name public is a reserved name on the BIG-IP. This module handles that name differently than others. Functionally, you should not see a difference however.
oid
Specifies the object identifier (OID) for the record.
When version is v3, this parameter is required.
When version is either v1 or v2c, if this value is specified, then source must not be set to all.
partition Default:
Common
Device partition to manage resources on.
password
required
The password for the user account used to connect to the BIG-IP. You can omit this option if the environment variable F5_PASSWORD is set.

aliases: pass, pwd
port
Specifies the port for the trap destination.
This parameter is only relevant when version is v1, or v2c. If version is something else, this parameter is ignored.
provider
(added in 2.5)
A dict object containing connection details.
ssh_keyfile
Specifies the SSH keyfile to use to authenticate the connection to the remote device. This argument is only used for cli transports. If the value is not specified in the task, the value of environment variable ANSIBLE_NET_SSH_KEYFILE will be used instead.
timeout Default:
10
Specifies the timeout in seconds for communicating with the network device for either connecting or sending commands. If the timeout is exceeded before the operation is completed, the module will error.
server
required
The BIG-IP host. You can omit this option if the environment variable F5_SERVER is set.
user
required
The username to connect to the BIG-IP with. This user must have administrative privileges on the device. You can omit this option if the environment variable F5_USER is set.
server_port Default:
443
The BIG-IP server port. You can omit this option if the environment variable F5_SERVER_PORT is set.
password
required
The password for the user account used to connect to the BIG-IP. You can omit this option if the environment variable F5_PASSWORD is set.

aliases: pass, pwd
validate_certs
bool
    Choices:
  • no
  • yes ←
If no, SSL certificates will not be validated. Use this only on personally controlled sites using self-signed certificates. You can omit this option if the environment variable F5_VALIDATE_CERTS is set.
transport
required
    Choices:
  • rest
  • cli ←
Configures the transport connection to use when connecting to the remote device.
server
required
The BIG-IP host. You can omit this option if the environment variable F5_SERVER is set.
server_port
(added in 2.2)
Default:
443
The BIG-IP server port. You can omit this option if the environment variable F5_SERVER_PORT is set.
snmp_auth_password
Specifies the password for the user.
When creating a new SNMP v3 community, this parameter is required.
This value must be at least 8 characters long.
snmp_auth_protocol
    Choices:
  • md5
  • sha
  • none
Specifies the authentication method for the user.
When md5, specifies that the system uses the MD5 algorithm to authenticate the user.
When sha, specifies that the secure hash algorithm (SHA) to authenticate the user.
When none, specifies that user does not require authentication.
When creating a new SNMP v3 community, if this parameter is not specified, the default of sha will be used.
snmp_privacy_password
Specifies the password for the user.
When creating a new SNMP v3 community, this parameter is required.
This value must be at least 8 characters long.
snmp_privacy_protocol
    Choices:
  • aes
  • des
  • none
Specifies the encryption protocol.
When aes, specifies that the system encrypts the user information using AES (Advanced Encryption Standard).
When des, specifies that the system encrypts the user information using DES (Data Encryption Standard).
When none, specifies that the system does not encrypt the user information.
When creating a new SNMP v3 community, if this parameter is not specified, the default of aes will be used.
snmp_username
Specifies the name of the user for whom you want to grant access to the SNMP v3 MIB.
This parameter is only relevant when version is v3. If version is something else, this parameter is ignored.
When creating a new SNMP v3 community, this parameter is required.
This parameter cannot be changed once it has been set.
source
Specifies the source address for access to the MIB.
This parameter can accept a value of all.
If this parameter is not specified, the value all is used.
This parameter is only relevant when version is v1, or v2c. If version is something else, this parameter is ignored.
If source is set to all, then it is not possible to specify an oid. This will raise an error.
This parameter should be provided when state is absent, so that the correct community is removed. To remove the public SNMP community that comes with a BIG-IP, this parameter should be set to default.
state
    Choices:
  • present ←
  • absent
When present, ensures that the address list and entries exists.
When absent, ensures the address list is removed.
update_password
    Choices:
  • always ←
  • on_create
always will allow to update passwords if the user chooses to do so. on_create will only set the password for newly created resources.
user
required
The username to connect to the BIG-IP with. This user must have administrative privileges on the device. You can omit this option if the environment variable F5_USER is set.
validate_certs
bool

(added in 2.0)
    Choices:
  • no
  • yes ←
If no, SSL certificates will not be validated. Use this only on personally controlled sites using self-signed certificates. You can omit this option if the environment variable F5_VALIDATE_CERTS is set.
version
    Choices:
  • v1
  • v2c ←
  • v3
Specifies to which Simple Network Management Protocol (SNMP) version the trap destination applies.

Notes

Note

Examples

- name: Create an SMNP v2c read-only community
  bigip_snmp_community:
    name: foo
    version: v2c
    source: all
    oid: .1
    access: ro
    password: secret
    server: lb.mydomain.com
    state: present
    user: admin
  delegate_to: localhost

- name: Create an SMNP v3 read-write community
  bigip_snmp_community:
    name: foo
    version: v3
    snmp_username: foo
    snmp_auth_protocol: sha
    snmp_auth_password: secret
    snmp_privacy_protocol: aes
    snmp_privacy_password: secret
    oid: .1
    access: rw
    password: secret
    server: lb.mydomain.com
    state: present
    user: admin
  delegate_to: localhost

- name: Remove the default 'public' SNMP community
  bigip_snmp_community:
    name: public
    source: default
    password: secret
    server: lb.mydomain.com
    state: absent
    user: admin
  delegate_to: localhost

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key Returned Description
param1
bool
changed
The new param1 value of the resource.

Sample:
True
param2
string
changed
The new param2 value of the resource.

Sample:
Foo is bar


Status

This module is flagged as preview which means that it is not guaranteed to have a backwards compatible interface.

Author

  • Tim Rupp (@caphrim007)

Hint

If you notice any issues in this documentation you can edit this document to improve it.