LoadMaster Ansible Reference Guide

1 Introduction

Ansible is an open source automation platform. It can help with configuration management, application deployment, and task automation. In Kemp, we use Ansible to configure LoadMasters by running playbook configurations that are pushed out to LoadMasters through Kemp 360 Central.

First you define your layout in the Ansible playbook. When you run the playbook it calls Application Program Interface (API) commands on Kemp 360 Central, which then configures the LoadMasters connected to Kemp 360 Central.

Kemp have developed the following modules to be used in Ansible playbooks:

  • Virtual Service
  • Sub Virtual Service (SubVS)
  • Real Server
  • Upload Certificate
  • Add Header Rule
  • Delete Header Rule
  • Replace Body Rule
  • Replace Header Rule
  • Match Content Rule
  • Modify URL Rule

Requesting the API Key

To get the API key for Ansible, execute the following API command using your Kemp 360 Central credentials:

Make a curl request against your installation of Kemp 360 Central in the following way:

curl "https://{CENTRAL}/api/v1/user/authenticate/" --data "{""username"":""admin"",""password"":""{PASSWORD}""}"

You should see a response similar to below:

{

"apikey": "abc123",

"id": 1,

"success": true

}

2 Modify a Virtual Service on a LoadMaster

2.1 Synopsis

This module adds or modifies a Virtual Service on a LoadMaster. The minimum supported LoadMaster firmware version is 7.2.47.0.

2.2 Parameters

Parameter Choices/
Defaults 
Comments
allow_https_2

 

str

Choices:

  • Y: Enabled
  • N: Disabled
Enable HTTP/2 for this Virtual Service. SSL Acceleration must be enabled before HTTP/2 can be enabled. The BestPractices  cipher set should be used when HTTP/2 is enabled.

central_address

str/required

  The IP address of the Kemp 360 Central that the LoadMaster is added to.

central_api_key

str/required

  Admin-level API Key to access API services on Kemp 360 Central.

central_username

str/required

  Username for Kemp 360 Central that is linked to the given API key.
cert_name

str

  Identifier (name) of a preexisting certificate on the LoadMaster to assign to the Virtual Service.
check_host

str

  The check_use_11 parameter must be enabled to set the check_host value. When using HTTP/1.1 checking, the Real Servers require a Hostname be supplied in each request. If no value is set then this value is the IP address of the Virtual Service.
check_pattern

str

 

When the check_type is set to http or https, this corresponds to the Reply 200 Pattern in the WUI. This parameter only applies when the HTTP Method is set to GET or POST.

When the check_type is set to bdata: Specify the hexadecimal string that will be searched for in the response. Specify an empty value to unset check_pattern.

check_port

int

  The port to be checked. If a port is not specified, the Real Server port is used. Specify 0 to unset check_port.
check_post_data

 

str

  This parameter is only relevant if the HTTP Method is set to POST. When using the POST method, up to 2047 characters of POST data can be sent to the server.
check_type

str

Choices:

  • icmp
  • https
  • http
  • tcp
  • smtp
  • nntp
  • ftp
  • telnet
  • pop3
  • imap
  • rdp
  • bdata
  • ldap
  • none
Specify which protocol is to be used to check the health of the Real Server. The default value is dependent on the Virtual Service port.
check_url

str

 

When the check_type is set to http or https - by default, the health checker tries to access the URL / to determine if the machine is available. A different URL can be set in the check_url parameter. When the check_type is set to bdata: Specify a hexadecimal string to send to the Real Server. The maximum character length for the check_url parameter value is 126 characters.
check_use_11

str

Choices:

  • N: Disabled
  • Y: Enabled
By default, the health checker uses HTTP/1.0 when checking the Real Server status. Enabling check_use_11 means HTTP/1.1 is used (which is more efficient).
check_use_get

int

Choices:

  • 0: HEAD
  • 1: GET
  • 2: POST
When accessing the health check URL - the system can use the HEAD, the GET, or the POST method.
cipher_set

str

Choices:

  • Default
  • Default_NoRc4
  • BestPractices
  • Intermediate_compatibility
  • Backward_compatibility
  • WUI
  • FIPS
  • Legacy
  • Null_Ciphers- <NameOfCustomCipherSet>
This parameter can be used to assign a cipher set to a Virtual Service. System-defined cipher sets and custom cipher sets can be assigned using this parameter.
ciphers

str

  Multiple ciphers can be assigned by inserting a colon between each cipher. When ciphers are assigned in this way, a Cipher Set called Custom_<VirtualServiceID> is created/updated. Note: The assigned ciphers list is overwritten when ciphers are added in this way. Ensure to include all ciphers to be assigned.

enable

str/required

Choices:

  • N: Disabled
  • Y: Enabled←
Specify if the Virtual Service should be created in a live (enabled) state.
enhanced_health_checks

int

Choices:

  • 0: Disabled
  • 1: Enabled
Enabling the enhanced_health_checks parameter provides an additional health check parameter - rs_minimum. If the enhanced_health_checks parameter is disabled, the Virtual Service is considered available if at least one Real Server is available. If the enhanced_health_checks parameter is enabled, you can specify the minimum number of Real Servers that should be available to consider the Virtual Service to be available.

ensure

str/required

Present←

Value set to indicate to Kemp 360 Central that this Virtual Service should always exist. This is set automatically by the module.
force_l7

int

Choices:

  • 0: Disabled
  • 1: Enabled
Enabling force_l7 means the Virtual Service runs at Layer 7 and not Layer 4. This may be needed for various reasons, including that only Layer 7 services can be non-transparent.

ip

str/required

  The IPv4 Address to assign to the Virtual Service.
ldap_endpoint

str

  Specify the name of an LDAP endpoint to use for the health checks. If LDAP is selected as the check_type, the server IP address (or addresses) and ports from the LDAP endpoint configuration are used instead of the Real Server IP address and port.

lm_address

str/required

  IP address and port of the LoadMaster that contains the Virtual Service or SubVS that the Real Server should be created or modified on. The format is 'ip:port'.
match_body_rules

list

  Names (Identifiers) of Match Body type Content Rules to assign to the Virtual Service. These content rules must exist on the LoadMaster before being assigned to a Virtual Service.
match_length

int

  This parameter is only relevant when the check_type is set to bdata. By setting this you can specify the number of bytes to find the check_pattern within.
need_host_name

int

Choices:

  • 0: Disabled
  • 1: Enabled
When this parameter is enabled, the hostname is always required to be sent in the TLS client hello message. If it is not sent, the connection is dropped.

nickname

str/required

Choices:

  • 0: Disabled
  • 1: Enabled
The nickname to assign to the Virtual Service. It must be unique.
ocsp_verify

int

Choices:

  • 0: Disabled
  • 1: Enabled
Verify (using Online Certificate Status Protocol (OCSP)) that the client certificate is valid.
persist

str

Choices:

  • ssl
  • cookie,
  • active-cookie
  • cookie-src
  • cookie-hash
  • cookie-hash-src
  • url
  • query-hash
  • hash
  • host
  • header
  • super
  • super-src
  • src
  • rdp
  • rdp-src
  • rdp-sb
  • rdp-sb-src
  • udpsip
  • none
Specify the type of persistence (stickiness) to be used for this Virtual Service.
persist_timeout

int

  The length of time (in seconds) after the last connection that the LoadMaster remembers the persistence information. Timeout values are rounded down to an even number of minutes. Setting a value that is not a number of whole minutes results in the excess being ignored. Setting a value to less than 60 seconds results in a value of 0 being set, which disables persistency.

port

int/required

  The port on which the Virtual Service must be active. Can be any valid port number from 3 to 65530, or a wildcard `*`.
preprocess_rules

list

  Names (Identifiers) of Preprocess type Content Rules to assign to the Virtual Service. These content rules must exist on the LoadMaster before being assigned to a Virtual Service.

protocol

str/required

Choices:

  • tcp: Use the TCP protocol
  • udp: Use the UDP protocol
The protocol type that this Virtual Service uses.
qos

str

Choices:

  • Normal-Service
  • Minimize-Cost
  • Maximize-Reliability
  • Maximize-Throughput
  • Minimize-Delay
Quality of Service sets a type of service that deals with packets, which treats and prioritizes the traffic.
request_rules

list

  Names (Identifiers) of Request type Content Rules to assign to the Virtual Service. These content rules must exist on the LoadMaster before being assigned to a Virtual Service.
response_rules

list

  Names (Identifiers) of Response type Content Rules to assign to the Virtual Service. These content rules must exist on the LoadMaster before being assigned to a Virtual Service.
rs_minimum

int

  An integer that specifies how many Real Servers must be up for a Virtual Service or SubVS to be considered up. It is an integer from 0 to N, where N is the number of Real Servers on this particular service. In practice, this value is usually 1.
rs_rule_precedence

int

  This parameter should be used in conjunction with rs_rule_precedence_pos. This parameter is used to specify the name of the existing rule whose position you want to change.
rs_rule_precedence_pos

str

  This parameter, in conjunction with the rs_rule_precedence parameter, is used to change the position of the rule in a sequence of rules. For example, a position of 2 means the rule will be checked second.
schedule

str

Choices:

  • Round-Robin
  • Weighted-Round-Robin
  • Least-Connection
  • Weighted-Least-Connection
  • Fixed-Weighting
  • Adaptive-Resource-Based
  • Source-IP-Hash
  • Weighted-Response-Time
  • SDN-Adaptive
  • URL-Hash
Specify the type of scheduling of new connections to Real Servers that is to be performed.
ssl_acceleration

int

Choices:

  • 0: Disabled
  • 1: Enabled
Enable SSL handling services for the Virtual Service.
ssl_reencrypt

int

Choices
  • 0: Disabled
  • 1: Enabled
When this option is enabled, the SSL data stream is re-encrypted before sending to the Real Server. This parameter is only valid if SSL Acceleration is enabled.
ssl_rewrite

str

Choices
  • None
  • http
  • https
When the Real Server rejects a request with a HTTP redirect, the requesting Location URL may need to be converted to specify HTTPS instead of HTTP (the opposite also applies).
tls_type

list

Choices
  • SSLv3
  • TLS1.0
  • TLS1.1
  • TLS1.2
  • TLS1.3
Specify which of the following protocols to support; SSLv3, TLS1.0, TLS1.1, TLS1.2, or TLS1.3.
transparent

int

Choices
  • 0: Disabled
  • 1: Enabled
(Layer 7 only) When transparency is enabled, connections at the Real Server appear to originate at the client. With transparency disabled, connections originate at the LoadMaster.
use_for_snat

int

Choices
  • 0: Disabled
  • 1: Enabled
By default, when the LoadMaster is being used to NAT Real Servers, the source IP address used on the internet is that of the LoadMaster. Enabling this option allows the Real Servers configured to use the Virtual Service as the source IP address instead. If the Real Servers are configured on more than one Virtual Service which has this option set, only connections to destination port 80 will use this Virtual Service as the source IP address.

vs_type

str/required

Choices
  • gen
  • http
  • http/2
  • log
  • ts
  • tls
This specifies the type of service being load balanced.

2.3 Examples

- name: Create a Virtual Service

hosts: localhost

vars:

central_address: '10.35.23.180'

central_username: 'admin'

central_api_key: '4ef39d110474a18639bab'

lm_address: '10.35.23.2:443'

ip: '10.35.23.156'

port: 443

prot: 'tcp'

tasks:

- name: Create Virtual Service Pathos on LM

virtual_service:

central_address: '{{ central_address }}'

central_username: '{{ central_username }}'

central_api_key: '{{ central_api_key }}'

lm_address: '{{ lm_address }}'

enable: 'Y'

nickname: 'Pathos'

ip: '{{ ip }}'

port: '{{ port }}'

protocol: '{{ prot }}'

vs_type: 'http'

ssl_acceleration: 1

check_type: 'icmp'

qos: 'Maximize-Reliability'

transparent: 1

2.4 Return Values

The following are the fields unique to this module:

Key Returned Description

message

str

always

The message response indicating whether the task created or modified the Virtual Service.

Sample:

VS Updated

changed

bool

always

A Boolean to indicate whether changes were made during the task

Sample:

true

dataChanged

str

when changed is true

The parameters that were changed during the task.

Sample:

{"check_type": "icmp","NickName": "Pathos","SSLAcceleration": "Y", "TlsType": "3", "Transparent": "Y"}

msg

str

when task failed

The error message related to why the task failed.

Sample:

The minimum supported LoadMaster firmware version is 7.2.47.0.

2.5 Status

This module is maintained by Kemp Technologies.

3 Modify a SubVS on a LoadMaster

 

3.1 Synopsis

This module configures a SubVS on a LoadMaster. The minimum supported LoadMaster firmware version is 7.2.47.0. To configure a SubVS on a Virtual Service, the Virtual Service must be defined in your playbook before the SubVS.

3.2 Parameters

Parameter Choices/

 

Defaults
Comments
add_via

int

Choices:

  • 0
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
Corresponds to the add http headers in LM

central_username

str/required

  The Kemp 360 Central username.

central_api_key

str/required

  The API key for the user of the Kemp 360 Central machine.

central_address

str/required

  The IP address of the Kemp 360 Central that the LoadMaster is added to.
enable

str

Choices:

  • Y
  • N
Enable the SubVS.

lm_address

str/required

  IP address and port of the LoadMaster that contains the Virtual Service or SubVS that the Real Server should be created or modified on. The format is 'ip:port'.

vs

str/required

  The IP address of the parent Virtual Service on the LoadMaster.

port

int/required

  The port of the parent Virtual Service on the LoadMaster value between 3 and 65530.
limit

int

  The maximum number of open connections that can be sent to a Real Server before it is taken out of rotation; values 0-100000.

nickname

str/required

  Nickname of a SubVS.
qos

int

Choices

  • 0
  • 1
  • 2
  • 4
  • 8
Quality of Service sets a type of service that deals with how packets treat and prioritize the traffic.
subnet_originating

int

Choices:

  • 0
  • 1
When transparency is not enabled, the source IP address of connections to the Real Servers is that of the Virtual Service. When transparency is enabled, the source IP address is the IP address that is initiating connection to the Virtual Service. If the Real Server is on a subnet, and the Subnet Originating Requests option is enabled, then the subnet address of the LoadMaster is used as the source IP address.
vs_type

str

Choices:

  • gen
  • http
  • http/2
  • tls
  • log
This specifies the type of service being load balanced.
critical

int

Choices:

  • 0
  • 1
Enabling this parameter indicates that the Real Server is required for the Virtual Service to be considered available. The Virtual Service is marked as down if the Real Server has failed or is disabled.
check_type

str

Choices:

  • icmp
  • http
  • https
  • tcp
  • smtp
  • nntp
  • ftp
  • telnet
  • pop3
  • imap
  • rdp
  • bdara
  • ldap
  • none
Specify which protocol is to be used to check the health of the Real Server.
check_codes

str

  A space-separated list of HTTP status codes that should be treated as successful when received from the Real Server.
check_port

int

  The port to be checked. If a port is not specified, the Real Server port is used. Specify 0 to unset check_port.
weight

int

  When using weighted round robin scheduling, the weight of a Real Server is used to indicate what relative proportion of traffic should be sent to the server. Servers with higher values receive more traffic. The weight of a SubVS can also be updated using the modrs command - set the Real Server to the number that appears in the Id column for the relevant SubVS in the parent Virtual Service modify screen; values 1-65535.
check_host

str

  The check_use_11 parameter must be enabled to set the check_host value. When using HTTP/1.1 checking, the Real Servers require a Hostname be supplied in each request. If no value is set, then this value is the IP address of the Virtual Service.
check_pattern

str

  When the check_type is set to http or https - this corresponds to the Reply 200 Pattern in the WUI. This parameter only applies when the HTTP Method is set to GET or POST. When the check_type is set to bdata: Specify the hexadecimal string, which is searched for in the response. Specify an empty value to unset check_pattern.
check_headers

str

  Specify up to four additional headers/fields that will be sent with each health check request. Separate the pairs with a pipe, for example; Host:xyc|UserAgent:prq.
check_use_11

str

Choices:

  • 0
  • 1
By default, the health checker uses HTTP/1.0 when checking the Real Server status. Enabling check_use_11 means HTTP/1.1 is used (which is more efficient).
enhanced_health_checks

int

Choices

  • 0
  • 1
Enabling the enhanced_health_checks parameter provides an additional health check parameter - rs_minimum. If the enhanced_health_checks parameter is disabled, the Virtual Service is considered available if at least one Real Server is available. If the enhanced_health_checks parameter is enabled, you can specify the minimum number of Real Servers that should be available to consider the Virtual Service to be available.
rs_minimum

int

  An integer that specifies how many Real Servers must be up for a Virtual Service or SubVS to be considered up. It is an integer from 0 to N, where N is the number of Real Servers on this particular service. In practice, this value is usually 1.
extra_header_key

str

  Specify the key for the extra header to be inserted into every request sent to the Real Servers.

extra_header_value

str

  Specify the value for the extra header to be inserted into every request sent to the Real Servers.
error_code

int

  If no Real Servers are available, the LoadMaster can terminate the connection with a HTTP error code. Specify the error code number in this parameter. To unset the error code, set the parameter to an empty string.
error_url

str

  When no Real Servers are available and an error response is sent back to the client, a redirect URL can also be specified.
ldap_endpoint

str

  Specify the name of an LDAP endpoint to use for the health checks. If LDAP is selected as the check_type, the server IP address (or addresses) and ports from the LDAP endpoint configuration are used instead of the Real Server IP address and port.
copy_header_from

str

  This is the name of the source header field to copy into the new header field before the request is sent to the Real Servers.
copy_header_to

str

  Used in conjunction with the copy_header_from parameter. The name of the header field into which the source header is to be copied.
transparent

int

Choices:

  • 0
  • 1
When using Layer 7, when this is enabled - the connection arriving at the Real Server appears to come directly from the client. Alternatively, the connection can be non-transparent, which means that the connections at the Real Server appear to come from the LoadMaster. If a Virtual Service (with or without a SubVS) has SSL re-encrypt enabled, the transparency flag of the Virtual Service has no meaning (re-encryption forces transparency to be off). The transparency setting can still be modified by the API and is honored when re-encrypt is disabled on the Virtual Service.
multi_connect

int

Choices:

  • 0
  • 1
Enabling this option permits the LoadMaster to manage connection handling between the LoadMaster and the Real Servers. Requests from multiple clients are sent over the same TCP connection. Multiplexing only works for simple HTTP GET operations. This parameter cannot be enabled in certain situations, for example if WAF, ESP, or SSL Acceleration is enabled.
non_local

int

Choices:

  • 0
  • 1
By default only Real Servers on local networks can be assigned to a Virtual Service. Enabling this option allows a non-local Real Server to be assigned to the Virtual Service. This option is only available if a non local Real Server is enabled and the Transparent option is disabled on the relevant Virtual Service.
check_url

str

  When the check_type is set to http or https - by default, the health checker tries to access the URL / to determine if the machine is available. A different URL can be set in the check_url parameter. When the check_type is set to bdata: Specify a hexadecimal string to send to the Real Server. The maximum character length for the check_url parameter value is 126 characters.
check_post_data

str

  This parameter is only relevant if the HTTP Method is set to POST. When using the POST method, up to 2047 characters of POST data can be sent to the server.
check_use_get

int

Choices:

  • 0
  • 1
  • 2
When accessing the health check URL - the system can use the HEAD, the GET, or the POST method.
persist

str

Choices:

  • ssl
  • cookie
  • active-cookie
  • cookie-src
  • cookie-hash
  • cookie-hash-src
  • url
  • query-hash
  • hash
  • host
  • header
  • super
  • super-src src
  • rdp
  • rdp-src
  • rdp-sb
  • rdp-sb-src
  • udpsip
  • none
Specify the type of persistence (stickiness) to be used for this Virtual Service.
persist_timeout

int

  The length of time (in seconds) after the last connection that the LoadMaster remembers the persistence information. Timeout values are rounded down to an even number of minutes. Setting a value that is not a number of whole minutes results in the excess being ignored. Setting a value to less than 60 seconds results in a value of 0 being set, which disables persistency.
match_len

int

  This parameter is only relevant when the check_type is set to bdata. Specify the number of bytes to find the check_pattern within; values 0-8000.
stand_by_addr

str

  Specify the IP address of the 'Sorry' server that is to be used when no other Real Servers are available. This server will not be health checked and is assumed to be always available.
stand_by_port

int

  Specify the port of the 'Sorry' server.
schedule

str

Choices:

  • Round-Robin
  • Weighted-Round-Robin
  • Least-Connection
  • Weighted-Least-Connection
  • Fixed-Weighting
  • Adaptive-Resource-Based
  • Source-IP-Hash
  • Weighted-Response-Time
  • SDN-Adaptive
  • URL-Hash
Specify the type of scheduling of new connections to Real Servers that is to be performed.
rs_rule_precedence

str

  This parameter should be used in conjunction with rs_rule_precedence_pos. This parameter is used to specify the name of the existing rule whose position you want to change.
rs_rule_precedence_pos

int

  This parameter, in conjunction with the rs_rule_precedence parameter, is used to change the position of the rule in a sequence of rules. For example, a position of 2 means the rule is checked second.
selection_rules

str

  Specify a list of selection rules to add to the SubVS.
request_header_rules

str

  Add a list of request rules to a SubVS.
response_header_rules

str

  Add a list of response rules to a SubVS.

3.3 Examples

- name: Create a Sub VS

hosts: localhost

vars:

central_address: '10.35.23.180'

central_username: 'admin'

central_api_key: '4ef39d1104767e18639bab'

lm_address: '10.35.23.2:443'

tasks:

- name: Create SubVS

sub_virtual_service:

central_address: '{{ central_address }}'

central_api_key: '{{ central_api_key }}'

central_username: '{{ central_username }}'

lm_address: '{{ lm_address }}'

vs: '10.35.23.100'

port: 80

prot: 'tcp'

nickname: 'Beta'

vs_type: 'http'

enable: 'Y'

enhanced_health_checks: 1

schedule: 'Round-Robin'

content_rules: ['matchRedHeader']

3.4 Return Values

The following are the fields unique to this module:

Key Returned Description

message

str

always

The message response indicating whether the task created or modified the SubVS.

Sample:

SubVS Updated

changed

bool

always

A Boolean to indicate whether changes were made during the task

true

dataChanged

str

when changed is true

The parameters that were changed during the task.

Sample:

{"Transparent": "N", "UseforSnat": "N", "VSPort": "0", "VStype": "http", "NickName": "Epsilon"}

msg

str

when task failed

The error message related to why the task failed.

Sample:

The minimum supported LoadMaster firmware version is 7.2.47.0.

3.5 Status

This module is maintained by Kemp Technologies.

4 Modify a Real Server on a LoadMaster

4.1 Synopsis

This module adds or modifies a Real Server to Virtual Services and SubVS on a LoadMaster. The minimum supported LoadMaster firmware version is 7.2.47.0. To configure a Real Server on a Virtual Service, the Virtual Service must be defined in your playbook before the Real Server. To configure a Real Server on a SubVS, the SubVS must be defined in your playbook before the Real Server.

4.2 Parameters

Parameter Choices/

 

Defaults
Comments

lm_address

str/required

  The IP address and port of the LoadMaster that contains the Virtual Service or SubVS that the Real Server should be created or modified on. The format is 'ip:port'.

central_address

str/required

  The IP address of the Kemp 360 Central that the LoadMaster is added to.

username

str/required

  The Kemp 360 Central username.

api_key

str/required

  The API key for the user of the Kemp 360 Central machine.

vs_ip

str/required

  The IP address of the Virtual Service on the provided LoadMaster.
vs_port

int/required

  The port of the Virtual Service on the provided LoadMaster. Values are between 3 and 65530.

vs_prot

str/required

Choices

  • udp
  • tcp
The protocol of the Virtual Service on the provided LoadMaster.

rs_ip

str/required

  The IP address of the Real Server that is being created or modified.

rs_port

str/required

  The port of the Real Server that is being created or modified. Values are between 3 and 65530.
rs_limit

int

  The maximum number of open connections that can be sent to a Real Server before it is taken out of rotation. Values are between 0 and 100000.
rs_weight

int

 

When using weighted round robin scheduling, the weight of a Real Server is used to indicate what relative proportion of traffic should be sent to the server. Servers with higher values receive more traffic.

The weight of a SubVS can also be updated using the modrs command; set the Real Server to the number that appears in the Id column for the relevant SubVS in the parent Virtual Service modify screen.

rs_fw_method

str

Choices

  • nat
  • route
The type of forwarding method used. The default method is NAT. Direct server return can only be used with Layer 4 services.
rs_enable

str

Choices

  • Y←
  • N
Enable or disable the Real Server.
rs_critical

int

Choices
  • 0: Disabled
  • 1: Enabled
Enabling this parameter indicates that the Real Server is required for the Virtual Service to be considered available. The Virtual Service is marked as down if the Real Server has failed or is disabled.
sub_vs_nickname

str

  To create or modify a Real Server on a SubVS; the nickname of the SubVS must be provided.
addtoallsubvs

int

Choices
  • 0: Disabled
  • 1: Enabled
Enable this option when adding a Real Server to all SubVSs of a Virtual Service; values are 0 or 1.
newport

int

  The port on the Real Server to be used. Values are between 3 and 65535.
follow

int

 

Specify what Real Server the health check is based on by setting this parameter to the RsIndex of the Real Server to be followed. This can either be set to the RsIndex of the same Real Server to health check based on that particular Real Server status, or another Real Server can be specified. For example, if Real Server 1 is down, any Real Servers that have their health check based on Real Server 1 are also marked as down, regardless of their actual Real Server status.
content_rules

list

 

A list of content rule names to be added to a Real Server. The names provided must be previously added to the LoadMaster and must be Content Matching rules.

4.3 Examples

- name: Create Real Server

hosts: localhost

vars:

central_address: '10.35.39.21'

lm_address: '10.35.39.20:443'

username: 'admin'

api_key: '699129a26ad34466a4cc'

tasks:

- name: Create Real Server

hosts: localhost

tasks:

- name: Create RS for VS 10.35.39.25:8010

real_server:

lm_address: '{{ lm_address }}'

central_address: '{{ central_address }}'

username: '{{ username }}'

api_key: '{{ api_key }}'

vs_ip: '10.35.39.25'

vs_port: 8010

vs_prot: 'tcp'

rs_ip: '10.35.39.6'

rs_port: 4006

rs_limit: 220

4.4 Return Values

The following are the fields unique to this module:

Key Returned Description

message

str

always

The message response indicating whether the task created or modified the Real Server.

Sample:

Real Server 10.35.39.180:8010 created successfully

changed

bool

always

A Boolean to indicate whether changes were made during the task

Sample:

true

dataChanged

str

when changed is true

The parameters that were changed during the task.

Sample:

{"Addr": "10.35.39.180", "Critical": "N", "DnsName": null, "Enable": "Y", "Follow": "0", "Forward": "nat"}

msg

str

when task failed

The error message related to why the task failed.

Sample:

The minimum supported LoadMaster firmware version is 7.2.47.0.

4.5 Status

This module is maintained by Kemp Technologies.

5 Upload a Certificate and Key on a LoadMaster

 

5.1 Synopsis

This module uploads a certificate and key to a LoadMaster. A certificate and key must be in the same file being uploaded. A certificate upload must be defined in your playbook before being assigned to a Virtual Service.

5.2 Parameters

Parameter Choices/

 

Defaults
Comments

api_key

str/required

  The API key for the user of the Kemp 360 Central machine.

central_address

str/required

  The IP address of the Kemp 360 Central that the LoadMaster is added to.

cert_name

str/required

  The name of the identifier of the cert to upload or replace.

cert_file

str/required

  Path to the file where the key and cert are stored. This must have both key and cert in the same file.

replace

int/required

Choices:

  • 0
  • 1
A Boolean to upload the cert to replace the current cert.

username

int/required

  The Kemp 360 Central username.
intermediate

int

Choices:

  • 0←
  • 1
A Boolean to specify if the cert is an intermediate or not.

5.3 Example

- name: Upload a certificate to the LoadMaster

hosts: localhost

vars:

central_address: '10.35.39.21'

lm_address: '10.35.39.20:443'

username: 'admin'

api_key: '699129a26ace3fcd34466a4cc'

tasks:

- name: Upload a certificate to the LoadMaster

cert_management:

lm_address: '{{ lm_address }}'

central_address: '{{ central_address }}'

cert_name: 'cert'

cert_file: '/path/to/cert/test.pem'

replace: 0

username: '{{ username }}'

api_key: '{{ api_key }}'

5.4 Return Values

Common return values are documented here; the following are the fields unique to this module:

Key Returned Description

message

str

always

The message response indicating whether the certificate was uploaded.

Sample:

Certificate uploaded to LoadMaster

changed

bool

always

A Boolean to indicate whether changes were made during the task

true

msg

str

when task failed

The error message related to why the task failed.

Sample:

Could not add Certificate to LM - Command Failed: Certificate Identifier already exists

5.5 Status

This module is maintained by Kemp Technologies.

6 Add or Modify a Header Rule

 

6.1 Synopsis

This module adds or modifies addHeaderRules on a LoadMaster. The minimum supported LoadMaster firmware version is 7.2.47.0. Rules must be defined in your playbook before being assigned to Virtual Services, SubVSs, and Real Servers.

6.2 Parameters

Parameter Choices/

 

Defaults
Comments

lm_address

str/required

  The IP address and port of the LoadMaster. The format is 'ip:port'.

central_address

str/required

  The IP address of the Kemp 360 Central that the LoadMaster is added to.

username

str/required

  The Kemp 360 Central username.

api_key

str/required

  The API key for the user of the Kemp 360 Central machine.

name

str/required

  The name of the AddHeaderRule.

header

str/required

  The name of the header field to be added.

replacement

str/required

  The replacement string. You can enter a maximum of 255 characters in this parameter.
only_on_flag

int

  Range: 1-9. Only try to execute this rule if the specified flag is set. Using the only_on_flag and set_on_match parameters, it is possible to make rules dependent on each other, that is, only execute a particular rule if another rule has been successfully matched.

6.3 Examples

- name: Create ReplaceHeaderRule

hosts: localhost

vars:

central_address: '10.35.39.21'

lm_address: '10.35.39.20:443'

username: 'admin'

api_key: '699129a26ace406fd65ee30a6983fcd34466a4cc'

tasks:

- name: Create ReplaceHeaderRule

replace_header_rule:

lm_address: '{{ lm_address }}'

central_address: '{{ central_address }}'

username: '{{ username }}'

api_key: '{{ api_key }}'

name: 'replaceHeaderRule1'

header: 'name'

replacement: 'username'

pattern: '^((http[s]?|ftl):\/)$'

6.4 Return Values

The following are the fields unique to this module:

Key Returned Description

message

str

always

The message response indicating whether the task created or modified the rule.

Sample:

AddHeaderRule with name addHeaderRule1 was created successfully

changed

bool

always

A Boolean to indicate whether changes were made during the task

Sample:

true

dataChanged

str

when changed is true

The parameters that were changed during the task.

Sample:

{"Header": "name","HeaderValue": "username","Name": "addHeaderRule1"}

msg

str

when task failed

The error message related to why the task failed.

Sample:

The minimum supported LoadMaster firmware version is 7.2.47.0.

6.5 Status

This module is maintained by Kemp Technologies.

7 Delete Header Rule

7.1 Synopsis

This module adds or modifies a deleteHeaderRule on a LoadMaster. The minimum supported LoadMaster firmware version is 7.2.47.0. Rules must be defined in your playbook before being assigned to Virtual Services, SubVS, and Real Servers.

7.2 Parameters

Parameter Choices/
Defaults
Comments

lm_address

str/required

  The IP address and port of the LoadMaster. The format is 'ip:port'.

central_address

str/required

  The IP address of the Kemp 360 Central that the LoadMaster is added to.

username

str/required

  The Kemp 360 Central username.

api_key

str/required

  The API key for the user of the Kemp 360 Central machine.

name

str/required

  The name of the DeleteHeaderRule.

pattern

str

  The pattern to be matched.

only_on_flag

int

  Range: 1-9. Only try to execute this rule if the specified flag is set. Using the only_on_flag and set_on_match parameters, it is possible to make rules dependent on each other, that is, only execute a particular rule if another rule has been successfully matched.

7.3 Examples

- name: Create DeleteHeaderRule

hosts: localhost

vars:

central_address: '10.35.39.21'

lm_address: '10.35.39.20:443'

username: 'admin'

api_key: '699129a26ace983fcd34466a4cc'

tasks:

- name: Create DeleteHeaderRule

delete_header_rule:

lm_address: '{{ lm_address }}'

central_address: '{{ central_address }}'

username: '{{ username }}'

api_key: '{{ api_key }}'

name: 'deleteHeaderRule1'

pattern: '^((http[s]?|ftl):\/)$'

7.4 Return Values

The following are the fields unique to this module:

Key Returned Description

message

str

always

The message response indicating whether the task created or modified the rule.

Sample:

DeleteHeaderRule with name deleteHeaderRule1 was created successfully

changed

bool

always

A Boolean to indicate whether changes were made during the task

Sample:

true

dataChanged

str

when changed is true

The parameters that were changed during the task.

Sample:

{"Name": "deleteHeaderRule1", "Pattern": "^((http[s]?|ftl):\\/)$"}

msg

str

when task failed

The error message related to why the task failed.

Sample:

The minimum supported LoadMaster firmware version is 7.2.47.0.

7.5 Status

This module is maintained by Kemp Technologies.

8 Replace Body Rule

8.1 Synopsis

This module adds or modifies a replaceBodyRule on a LoadMaster. The minimum supported LoadMaster firmware version is 7.2.47.0. Rules must be defined in your playbook before being assigned to Virtual Services, SubVS, and Real Servers.

8.2 Parameters

Parameter Choices/

 

Defaults
Comments

lm_address

str/required

  The IP address and port of the LoadMaster. The format is 'ip:port'.

central_address

str/required

  The IP address of the Kemp 360 Central that the LoadMaster is added to.

username

str/required

  The Kemp 360 Central username.

api_key

str/required

  The API key for the user of the Kemp 360 Central machine.

name

str/required

  The name of the ReplaceBodyRule.

replacement

str/required

  The replacement string.
pattern

str

  The pattern to be matched.
only_on_flag

int

  Range: 1-9. Only try to execute this rule if the specified flag is set. Using the only_on_flag and set_on_match parameters, it is possible to make rules dependent on each other, that is, only execute a particular rule if another rule has been successfully matched.
case_independent

int

Choices:

  • 0: Disabled
  • 1: Enabled
Enable this parameter to ignore the case of the strings when comparing.

8.3 Examples

- name: Create ReplaceBodyRule

hosts: localhost

vars:

central_address: '10.35.39.21'

lm_address: '10.35.39.20:443'

username: 'admin'

api_key: '699129a26acd34466a4cc'

tasks:

- name: Create ReplaceBodyRule

replace_body_rule:

lm_address: '{{ lm_address }}'

central_address: '{{ central_address }}'

username: '{{ username }}'

api_key: '{{ api_key }}'

name: 'replaceBodyRule1'

case_independent: 1

replacement: 'username'

pattern: '^((http[s]?|ftl):\/)$'

8.4 Return Values

The following are the fields unique to this module:

Key Returned Description

message

str

always

The message response indicating whether the task created or modified the rule.

Sample:

ReplaceBodyRule with name replaceBodyRule1 was created successfully

changed

bool

always

A Boolean to indicate whether changes were made during the task

Sample:

true

dataChanged

str

when changed is true

The parameters that were changed during the task.

Sample:

{"CaseIndependent": "N","Name": "replaceBodyRule1","Pattern": "^((http[s]?|ftl):\\/)$","Replacement": "username"}

msg

str

when task failed

The error message related to why the task failed.

Sample:

The minimum supported LoadMaster firmware version is 7.2.47.0.

8.5 Status

This module is maintained by Kemp Technologies.

9 Replace Header Rule

9.1 Synopsis

This module adds or modifies a replaceHeaderRule to a LoadMaster. The minimum supported LoadMaster firmware version is 7.2.47.0. Rules must be defined in your playbook before being assigned to Virtual Services, SubVS, and Real Servers.

9.2 Parameters

Parameter Choices/ Defaults Comments

lm_address

str/required

  The IP address and port of the LoadMaster. The format is 'ip:port'.

central_address

str/required

  The IP address of the Kemp 360 Central that the LoadMaster is added to.

username

str/required

  The Kemp 360 Central username.

api_key

str/required

  The API key for the user of the Kemp 360 Central machine.

name

str/required

  The name of the ReplaceHeaderRule.
header

str

  The header field name where the substitution should be performed.

replacement

str/required

  The replacement string.

pattern

str

  The pattern to be matched.

only_on_flag

int

  Range: 1-9. Only try to execute this rule if the specified flag is set. Using the only_on_flag and set_on_match parameters, it is possible to make rules dependent on each other, that is, only execute a particular rule if another rule has been successfully matched.

9.3 Examples

- name: Create ReplaceHeaderRule

hosts: localhost

vars:

central_address: '10.35.39.21'

lm_address: '10.35.39.20:443'

username: 'admin'

api_key: '699129a26ace406fd65ee30a6983fcd34466a4cc'

tasks:

- name: Create ReplaceHeaderRule

replace_header_rule:

lm_address: '{{ lm_address }}'

central_address: '{{ central_address }}'

username: '{{ username }}'

api_key: '{{ api_key }}'

name: 'replaceHeaderRule1'

header: 'name'

replacement: 'username'

pattern: '^((http[s]?|ftl):\/)$'

9.4 Return Values

The following are the fields unique to this module:

Key Returned Description

message

str

always

The message response indicating whether the task created or modified the rule.

Sample:

ReplaceHeaderRule with name replaceHeaderRule1 was created successfully

changed

bool

always

A Boolean to indicate whether changes were made during the task

Sample:

true

dataChanged

str

when changed is true

The parameters that were changed during the task.

Sample:

{"Header": "name","Name": "replaceHeaderRule1", "Pattern": "^((http[s]?|ftl):\\/)$",Replacement": "username"}

msg

str

when task failed

The error message related to why the task failed.

Sample:

The minimum supported LoadMaster firmware version is 7.2.47.0.

9.5 Status

This module is maintained by Kemp Technologies.

10 Match Content Rule

10.1 Synopsis

This module adds or modifies a matchContentRule on a LoadMaster. The minimum supported LoadMaster firmware version is 7.2.47.0. Rules must be defined in your playbook before being assigned to Virtual Services, SubVS, and Real Servers.

10.2 Parameters

Parameter Choices/Defaults Comments

lm_address

str/required

  The IP address and port of the LoadMaster. The format is 'ip:port'.

central_address

str/required

  The IP address of the Kemp 360 Central that the LoadMaster is added to.

username

str/required

  The Kemp 360 Central username.

api_key

str/required

  The API key for the user of the Kemp 360 Central machine.

name

str/required

  The name of the MatchContentRule.
match_type

str/required

Choices:

  • regex
  • prefix
  • postfix
The name of the MatchContentRule.
include_host

str

  Prepend the hostname to request URI before performing the match.
ignore_case

str

  Ignore case when comparing the strings.
negate_match

str

  Ignore case when comparing the strings.
include_query

str

 

Append the query string to the URI before performing a match.

header

str/required

  The header field name that should be matched. If no header field is set, the default is to match in the URL. Set this to body to match on the body of a request.

pattern

str/required

  The pattern to be matched.
set_on_match

int

  If the rule is successfully matched, set the specified flag. Accepted values: 0-9.

only_on_flag

int

  Range: 1-9. Only try to execute this rule if the specified flag is set. Using the only_on_flag and set_on_match parameters, it is possible to make rules dependent on each other, that is, only execute a particular rule if another rule has been successfully matched.
must_fail

int

Choices:

  • 0: Disabled
  • 1: Enabled
If this rule is matched, then always fail to connect.

10.3 Examples

- name: Create ModifyURLRule

hosts: localhost

vars:

central_address: '10.35.39.21'

lm_address: '10.35.39.20:443'

username: 'admin'

api_key: '699129a26acecd34466a4cc'

tasks:

- name: Create ModifyURLRule

match_content_rule:

lm_address: '{{ lm_address }}'

central_address: '{{ central_address }}'

username: '{{ username }}'

api_key: '{{ api_key }}'

name: 'matchContentRule1'

match_type: 'regex'

include_host: 'Y'

ignore_case: 'Y'

include_query: 'Y'

header: 'username'

pattern: '^((http[s]?|ftl):\/)$'

10.4 Return Values

The following are the fields unique to this module:

Key Returned Description

message

str

always

The message response indicating whether the task created or modified the rule.

Sample:

MatchContentRule with name matchContentRule1 was created successfully

changed

changed

bool

always

A Boolean to indicate whether changes were made during the task

Sample:

true

dataChanged

str

when changed is true

The parameters that were changed during the task.

Sample:

{"CaseIndependent": "Y","Header": "username","MatchType": "Regex","Name": "matchContentRule1","Pattern": "^((http[s]?|ftl):\\/)$"}

msg

str

when task failed

The error message related to why the task failed.

Sample:

The minimum supported LoadMaster firmware version is 7.2.47.0.

10.5 Status

This module is maintained by Kemp Technologies.

11 Add or Modify a modifyURLRule on a LoadMaster

11.1 Synopsis

This module adds or modifies a modifyURLRule on a LoadMaster. The minimum supported LoadMaster firmware version is 7.2.47.0. Rules must be defined in your playbook before being assigned to Virtual Services, SubVS, and Real Servers.

11.2 Parameters

Parameter Choices
/Defaults
Comments

lm_address

str/required

  The IP address and port of the LoadMaster. The format is 'ip:port'.

central_address

str/required

  The IP address of the Kemp 360 Central that the LoadMaster is added to.

username

str/required

  The Kemp 360 Central username.

api_key

str/required

  The API key for the user of the Kemp 360 Central machine.

name

str/required

  The name of the ModifyURLRule.

replacement

str/required

  How the URL is to be modified.

pattern

  The pattern to be matched.

only_on_flag

int

  Range: 1-9. Only try to execute this rule if the specified flag is set. Using the only_on_flag and set_on_match parameters, it is possible to make rules dependent on each other, that is, only execute a particular rule if another rule has been successfully matched.

11.3 Examples

- name: Create ModifyURLRulehosts: localhost

vars:

central_address: '10.35.39.21'

lm_address: '10.35.39.20:443'

username: 'admin'

api_key: '699129a26accd34466a4cc'

tasks:

- name : Create ModifyURLRule

modify_url_rule:

lm_address: '{{ lm_address }}'

central_address: '{{ central_address }}'

username: '{{ username }}'

api_key: '{{ api_key }}'

name: 'ModifyURLRule1'

replacement: 'username'

pattern: '^((http[s]?|ftl):\/)$'

11.4 Return Values

The following are the fields unique to this module:

Key Returned Description

message

str

always

The message response indicating whether the task created or modified the rule.

Sample:

ModifyURLRule with name ModifyURLRule1 was created successfully

 

changed

bool

always

A Boolean to indicate whether changes were made during the task

Sample:

true

dataChanged

str

when changed is true

The parameters that were changed during the task.

Sample:

{"Name": "ModifyURLRule1","Pattern": "^((http[s]?|ftl):\\/)$","Replacement": "username"}

msg

str

when task failed

The error message related to why the task failed.

Sample:

The minimum supported LoadMaster firmware version is 7.2.47.0.

11.5 Status

This module is maintained by Kemp Technologies.

12 Appendix

To install Ansible, refer to the Ansible Quick Start Guide at https://docs.ansible.com/ansible/latest/user_guide/quickstart.html.

Last Updated Date

This document was last updated on 17 October 2019.

Was this article helpful?

0 out of 0 found this helpful

Comments