LoadMaster Ansible Reference Guide

Updated: October 24, 2022 08:35

1 Introduction

Ansible is an open source automation platform. It can help with configuration management, application deployment, and task automation. In Kemp, we use Ansible to configure LoadMasters by running playbook configurations that are pushed out to LoadMasters through Kemp 360 Central.

First you define your layout in the Ansible playbook. When you run the playbook it calls Application Program Interface (API) commands on Kemp 360 Central, which then configures the LoadMasters connected to Kemp 360 Central.

Kemp have developed the following modules to be used in Ansible playbooks:

Virtual Service
Sub Virtual Service (SubVS)
Real Server
Add LDAP Authentication
Add or Modify an LDAP-based SSO
Add or Modify a RADIUS-based SSO
Add or Modify a RADIUS-LDAP-based SSO
Add or Modify a Certificate-based SSO
Add or Modify a SAML-based SSO
Add GEO FQDN Data
Update GEO Maps and Clusters
Update GEO Miscellaneous Options and GEO Partnership
Upload Certificate
Add Header Rule
Delete Header Rule
Replace Body Rule
Replace Header Rule
Match Content Rule
Modify URL Rule
Update Global Parameters

Requesting the API Key

To get the API key for Ansible, execute the following API command using your Kemp 360 Central credentials:

Make a curl request against your installation of Kemp 360 Central in the following way:

curl "https://{CENTRAL}/api/v1/user/authenticate/" --data "{""username"":""admin"",""password"":""{PASSWORD}""}"

You should see a response similar to below:

{

"apikey": "abc123",

"id": 1,

"success": true

}

2 Modify a Virtual Service on a LoadMaster

2.1 Synopsis

This module adds or modifies a Virtual Service on a LoadMaster. The minimum supported LoadMaster firmware version is 7.2.47.0.

2.2 Parameters

Parameter	Choices/ Defaults	Comments
allow_https_2 str	Choices: Y: Enabled N: Disabled	Enable HTTP/2 for this Virtual Service. SSL Acceleration must be enabled before HTTP/2 can be enabled. The BestPractices cipher set should be used when HTTP/2 is enabled.
cache int	Choices: 0: Disabled 1: Enabled	Enable or disable the caching of URLs.
cache_percent str	Choices: 0: Disabled 1: Enabled	Specify the maximum percentage of cache space permitted for this Virtual Service. This is only relevant if cache is enabled. The maximum value is 100.
central_address str/required		The IP address of the Kemp 360 Central that the LoadMaster is added to.
central_api_key str/required		Admin-level API Key to access API services on Kemp 360 Central.
central_username str/required		Username for Kemp 360 Central that is linked to the given API key.
cert_name str		Identifier (name) of a preexisting certificate on the LoadMaster to assign to the Virtual Service.
check_host str		The check_use_11 parameter must be enabled to set the check_host value. When using HTTP/1.1 checking, the Real Servers require a Hostname be supplied in each request. If no value is set then this value is the IP address of the Virtual Service.
check_pattern str		When the check_type is set to http or https, this corresponds to the Reply 200 Pattern in the WUI. This parameter only applies when the HTTP Method is set to GET or POST. When the check_type is set to bdata: Specify the hexadecimal string that will be searched for in the response. Specify an empty value to unset check_pattern.
check_port int		The port to be checked. If a port is not specified, the Real Server port is used. Specify 0 to unset check_port.
check_post_data str		This parameter is only relevant if the HTTP Method is set to POST. When using the POST method, up to 2047 characters of POST data can be sent to the server.
check_type str	Choices: icmp https http tcp smtp nntp ftp telnet pop3 imap rdp bdata ldap none	Specify which protocol is to be used to check the health of the Real Server. The default value is dependent on the Virtual Service port.
check_url str		When the check_type is set to http or https - by default, the health checker tries to access the URL / to determine if the machine is available. A different URL can be set in the check_url parameter. When the check_type is set to bdata: Specify a hexadecimal string to send to the Real Server. The maximum character length for the check_url parameter value is 126 characters.
check_use_11 str	Choices: N: Disabled Y: Enabled	By default, the health checker uses HTTP/1.0 when checking the Real Server status. Enabling check_use_11 means HTTP/1.1 is used (which is more efficient).
check_use_get int	Choices: 0: HEAD 1: GET 2: POST	When accessing the health check URL - the system can use the HEAD, the GET, or the POST method.
compress int	Choices: 0 - Disabled 1 - Enabled	When enabled, files sent from the LoadMaster are compressed with Gzip.
copy_hdr_from str	Choices: 0 - Disabled 1 - Enabled	The source header field to copy from when the request is sent to the LoadMaster.
copy_hdr_to str		The name of the header field into which the source header is copied. This is used with the copy_hdr_from variable.
cipher_set str	Choices: Default Default_NoRc4 BestPractices Intermediate_compatibility Backward_compatibility WUI FIPS Legacy Null_Ciphers- <NameOfCustomCipherSet>	This parameter can be used to assign a cipher set to a Virtual Service. System-defined cipher sets and custom cipher sets can be assigned using this parameter.
ciphers str		Multiple ciphers can be assigned by inserting a colon between each cipher. When ciphers are assigned in this way, a Cipher Set called Custom_<VirtualServiceID> is created/updated. Note: The assigned ciphers list is overwritten when ciphers are added in this way. Ensure to include all ciphers to be assigned.
default_gw str		Set the default gateway for this Virtual Service.
enable str/required	Choices: N: Disabled Y: Enabled (default)	Specify if the Virtual Service should be created in a live (enabled) state.
enhanced_health_checks int	Choices: 0: Disabled 1: Enabled	Enabling the enhanced_health_checks parameter provides an additional health check parameter - rs_minimum. If the enhanced_health_checks parameter is disabled, the Virtual Service is considered available if at least one Real Server is available. If the enhanced_health_checks parameter is enabled, you can specify the minimum number of Real Servers that should be available to consider the Virtual Service to be available.
ensure str/required	Present (default)	Value set to indicate to Kemp 360 Central that this Virtual Service should always exist. This is set automatically by the module.
error_code int		If no Real Servers are available, the LoadMaster can terminate the connection with a HTTP error code. Specify the error code number in this parameter. Valid values are in the range 200-505.
error_url str		When no Real Servers are available and an error response is sent back to the client, you can also specify a redirect URL.
follow_vsid int		Specify the ID of the Virtual Service to follow. This is used for redirects.
force_l7 int	Choices: 0: Disabled 1: Enabled	Enabling force_l7 means the Virtual Service runs at Layer 7 and not Layer 4. This may be needed for various reasons, including that only Layer 7 services can be non-transparent.
vs_ip str/required		The IPv4 Address to assign to the Virtual Service.
ldap_endpoint str		Specify the name of an LDAP endpoint to use for the health checks. If LDAP is selected as the check_type, the server IP address (or addresses) and ports from the LDAP endpoint configuration are used instead of the Real Server IP address and port.
lm_address str/required		IP address and port of the LoadMaster that contains the Virtual Service or SubVS that the Real Server should be created or modified on. The format is 'ip:port'.
match_body_rules list		Names (Identifiers) of Match Body type Content Rules to assign to the Virtual Service. These content rules must exist on the LoadMaster before being assigned to a Virtual Service.
match_length int		This parameter is only relevant when the check_type is set to bdata. By setting this you can specify the number of bytes to find the check_pattern within.
need_host_name int	Choices: 0: Disabled 1: Enabled	When this parameter is enabled, the hostname is always required to be sent in the TLS client hello message. If it is not sent, the connection is dropped.
nickname str/required	Choices: 0: Disabled 1: Enabled	The nickname to assign to the Virtual Service. It must be unique.
ocsp_verify int	Choices: 0: Disabled 1: Enabled	Verify (using Online Certificate Status Protocol (OCSP)) that the client certificate is valid.
persist str	Choices: ssl cookie active-cookie cookie-src cookie-hash cookie-hash-src url query-hash hash host header super super-src src rdp rdp-src rdp-sb rdp-sb-src udpsip none	Specify the type of persistence (stickiness) to be used for this Virtual Service.
persist_timeout int		The length of time (in seconds) after the last connection that the LoadMaster remembers the persistence information. Timeout values are rounded down to an even number of minutes. Setting a value that is not a number of whole minutes results in the excess being ignored. Setting a value to less than 60 seconds results in a value of 0 being set, which disables persistency.
vs_port int/required		The port on which the Virtual Service must be active. Can be any valid port number from 3 to 65530, or a wildcard `*`.
preprocess_rules list		Names (Identifiers) of Preprocess type Content Rules to assign to the Virtual Service. These content rules must exist on the LoadMaster before being assigned to a Virtual Service.
vs_protocol str/required	Choices: tcp: Use the TCP protocol udp: Use the UDP protocol	The protocol type that this Virtual Service uses.
qos str	Choices: Normal-Service Minimize-Cost Maximize-Reliability Maximize-Throughput Minimize-Delay	Quality of Service sets a type of service that deals with packets, which treats and prioritizes the traffic.
request_rules list		Names (Identifiers) of Request type Content Rules to assign to the Virtual Service. These content rules must exist on the LoadMaster before being assigned to a Virtual Service.
response_rules list		Names (Identifiers) of Response type Content Rules to assign to the Virtual Service. These content rules must exist on the LoadMaster before being assigned to a Virtual Service.
rs_minimum int		An integer that specifies how many Real Servers must be up for a Virtual Service or SubVS to be considered up. It is an integer from 0 to N, where N is the number of Real Servers on this particular service. In practice, this value is usually 1.
rs_rule_precedence int		This parameter should be used in conjunction with rs_rule_precedence_pos. This parameter is used to specify the name of the existing rule whose position you want to change.
rs_rule_precedence_pos str		This parameter, in conjunction with the rs_rule_precedence parameter, is used to change the position of the rule in a sequence of rules. For example, a position of 2 means the rule will be checked second.
schedule str	Choices: Round-Robin Weighted-Round-Robin Least-Connection Weighted-Least-Connection Fixed-Weighting Adaptive-Resource-Based Source-IP-Hash Weighted-Response-Time SDN-Adaptive URL-Hash	Specify the type of scheduling of new connections to Real Servers that is to be performed.
ssl_acceleration int	Choices: 0: Disabled 1: Enabled	Enable SSL handling services for the Virtual Service.
ssl_reencrypt int	Choices 0: Disabled 1: Enabled	When this option is enabled, the SSL data stream is re-encrypted before sending to the Real Server. This parameter is only valid if SSL Acceleration is enabled.
ssl_rewrite str	Choices None http https	When the Real Server rejects a request with a HTTP redirect, the requesting Location URL may need to be converted to specify HTTPS instead of HTTP (the opposite also applies).
subnet_originating int	Choices 0: Disabled 1: Enabled	When transparency is disabled for a Virtual Service, the source IP address of connections to Real Servers is the Virtual Service. When enabled, the source IP address is the local address of the LoadMaster. If the Real Server is on a subnet, the subnet address of the LoadMaster is used.
tls_type list	Choices SSLv3 TLS1.0 TLS1.1 TLS1.2 TLS1.3	Specify which of the following protocols to support; SSLv3, TLS1.0, TLS1.1, TLS1.2, or TLS1.3.
transparent int	Choices 0: Disabled 1: Enabled	(Layer 7 only) When transparency is enabled, connections at the Real Server appear to originate at the client. With transparency disabled, connections originate at the LoadMaster.
use_for_snat int	Choices 0: Disabled 1: Enabled	By default, when the LoadMaster is being used to NAT Real Servers, the source IP address used on the internet is that of the LoadMaster. Enabling this option allows the Real Servers configured to use the Virtual Service as the source IP address instead. If the Real Servers are configured on more than one Virtual Service which has this option set, only connections to destination port 80 will use this Virtual Service as the source IP address.
vs_type str/required	Choices gen http http/2 log ts tls	This specifies the type of service being load balanced.
allowed_hosts str		This parameter is only relevant when ESP is enabled. Specify all the virtual hosts that can be accessed using this Virtual Service.
allowed_directories str		This parameter is only relevant when ESP is enabled. Specify all the virtual directories that can be accessed using this Virtual Service. You can specify up to 254 characters for this parameter.
domain str		The Single Sign On (SSO) domain in which this Virtual Service will operate.
logoff str		This parameter is only relevant when ESP is enabled and when the Client Authentication Mode is set to Form Based. Specify the string that the LoadMaster should use to detect a logout event. Multiple logoff strings can be specified by using a space-separated list. If the URL to be matched contains sub-directories before the specified string, the Logoff String will not be matched. Therefore, the LoadMaster will not log the user off. You can specify up to 255 characters for this parameter.
add_auth_header str		This option is only available if SAML is selected as the input_auth_mode. Specify the name of the HTTP header. This header is added to the HTTP request from the LoadMaster to the Real Server and its value is set to the user ID for the authenticated session. You can specify up to 255 characters for this parameter.
display_pub_priv int	Choices 0: Disabled 1: Enabled	Display the public/private option on the login page. Based on the option the user selects on the login form, the session timeout value is set to the value specified for either the public or private timeout.
disable_password_form int	Choices 0: Disabled 1: Enabled	Enabling this option removes the password field from the login page. This may be needed when password validation is not required, for example if using RSA SecurID authentication in a singular fashion.
captcha str		Enable this parameter to allow CAPTCHA verification on the login page. The LoadMaster only supports CAPTCHA v2. The input_auth_mode must be set to 2 (Form Based) for the CAPTCHA parameters to be relevant. All CAPTCHA parameters must be set before it can be used. Both the LoadMaster and the client machine must be able to access Google for this to work. Before the CAPTCHA has been correctly answered, the submit button on the login form is disabled. If the user does not submit the form within two minutes of answering the CAPTCHA, the CAPTCHA times out (Google-specified timeout), and the user must verify a new CAPTCHA (the submit button is disabled until the new CAPTCHA has been verified).
captcha_private_key str		The key that was provided as the private key when you signed up for the CAPTCHA service.
captcha_access_url int	Choices 0: Disabled 1: Enabled	The URL of the service that provides the CAPTCHA challenge. Usually: www.google.com/recaptcha/api.js Do not start this URL with https. Only CAPTCHA V2 is currently supported.
captcha_verify_url str		The URL of the service that verifies the response to the CAPTCHA challenge. Usually: www.google.com/recaptcha/api/siteverify Do not start this URL with https. Only CAPTCHA V2 is currently supported.
esp_logs int	Choices: 0 1 2 3 4 5 6 7	Enable ESP logging. Valid values are below: 0 - Logging off 1 - User Access 2 - Security 3 - User Access and Security 4 - Connection 5 - User Access and Connection 6 - Security and connection 7 - User Access, Security and Connection Note: The only valid values for SMTP services are 0 and 4. For SMTP services, security issues are always logged. Nothing is logged for user access because there are no logins.
smtp_allowed_domains str		Specify all the permitted domains that are allowed to be received by this Virtual Service.
excluded_directories str		This parameter is only relevant when ESP is enabled. Any virtual directories specified within this field will not be pre-authorized on this Virtual Service and are passed directly to the relevant Real Servers.
esp_enabled int	Choices 0: Disabled 1: Enabled	Enable or disable the Edge Security Pack (ESP) features.
input_auth_mode int	Choices: 0 1 2 3 4 5 6	Specify the client authentication method to be used: 0 - Delegate to Server 1 - Basic Authentication 2 - Form Based 4 - Client Certificate 5 - NTLM 6 - SAML
output_auth_mode int	Choices: 0 1 2 3 4	Specify the server authentication mode to be used: 0 - None 1 - Basic Authentication 2 - Form Based 3 - KCD 4 - Server Token
server_fba_path str		Only relevant when using form-based authentication as the Server Authentication Mode (output_auth_mode). Set the authentication path for server-side Form Based Authentication (FBA). When used in Exchange environments, this does not need to be set.
out_conf str		Enter the name of the outbound SSO domain.
single_sign_on_dir str		This parameter relates to the SSO Image Set drop-down in the ESP Options section of the modify Virtual Service screen in the LoadMaster User Interface (UI). Specify the name of the image set to be used for the login screen. If no image set is specified, the default Exchange image set will be used.
single_sign_on_message str		Specifies the SSO message that is displayed. The single_sign_on_message parameter accepts HTML code, so you can insert an image if required. There are several characters that are not supported. These are the grave accent character ( ` ) and the single quote ('). If a grave accent character is used in the SingleSignOnMessage, the character will not display in the output, for example a`b`c becomes abc. If a single quote is used, users will not be able to log in.
allowed_groups str		Specify the groups that are allowed to access this Virtual Service. If the parameter value is longer than the maximum length of a HTTP GET query (1024 characters), you must set the HTTP Method to POST. You can specify up to 2048 characters for this parameter.
group_sids str		Specify the group security identifiers (SIDs) that are allowed to access this Virtual Service. Each group is separated by a semi-colon. Spaces are used to separate bytes in certain group SIDs. Here is an example: S-1-5-21-703902271-2531649136-2593404273-1606 SIDs can be found by using the get-adgroup-Identity GroupName command. If the parameter value is longer than the maximum length of HTTP GET query (1024 characters), you must set the HTTP Method to POST.
include_nested_groups str		This parameter relates to the AllowedGroups parameter. Enable this option to include nested groups in the authentication attempt. If this option is disabled, only users in the top-level group will be granted access. If this option is enabled, users in both the top-level and first sub-level group will be granted access.
steering_groups str		Enter the Active Directory group names that will be used for steering traffic. Use a semi-colon to separate multiple group names. The steering group index number corresponds to the location of the group in this list. If the parameter value is longer than the maximum length of a HTTP GET query (1024 characters), you must set the HTTP Method to POST.
excluded_domains str		Any virtual directories specified within this field will not be pre-authorized on this Virtual Service and will be passed directly to the relevant Real Servers. Multiple excluded domains can be specified by using a space-separated list.
alt_domains str		Specify alternative domains to be assigned to a Virtual Service when configuring multi-domain authentication. To specify multiple alternative domains, use a space-separated list.
user_pwd_change_url str		This is relevant when using form-based LDAP authentication. Specify the URL that users can use to change their password. If a user's password has expired, or if they must reset their password, this URL and the user_pwd_change_msg is displayed on the login form. This URL must be put into the exception list for authentication, if required.
user_pwd_change_msg str		This parameter is only relevant if the user_pwd_change_url parameter is set. Specify the text to be displayed on the login form when the user must reset their password.
user_pwd_expiry_warn int	Choices 0: Disabled 1: Enabled	By default, SSO users are notified about the number of days before they must change their password. If you disable this option, the password expiry notification will not appear on the login forms. This parameter is only relevant if the input_auth_mode is set to Form Based (2) and the user_pwd_change_url is set. The language of the warning text is based on the SSO Image Set that is selected (English, French, or Portuguese).
user_pwd_expiry_warn_days int		Specify the number of days to show the warning before the password is expired. This parameter is only relevant if the input_auth_mode is set to Form Based (2) and the user_pwd_change_url is set.
intercept int	Choices 0: Disabled (default) 1: Enabled	Enable or disable the Web Application Firewall (WAF).
intercept_opts list		A list of strings to enable or disable certain WAF features.
intercept_post_other_content_types list		Enter a comma-separated list of POST content types allowed for WAF analysis, for example text/plain,text/css. By default, all types (other than XML/JSON) are enabled. To set this to any other content types, set the value to any. Enabling the inspection of any other content types may increase system resource utilization (CPU and memory). A specific list of content types should be considered.
alert_threshold int		This is the threshold of incidents per hour before sending an alert. Setting this to 0 disables alerting. Range: 0 - 100000
waf_rules list		List of WAF rules and which group they belong to with the name of the rule and IDs to disable in the format: G\<rule_name>:208080:2000023

2.3 Examples

- name: Create a Virtual Service
  hosts: localhost
				
  vars: 
    central_address: '10.35.23.180'
    central_username: 'admin'
    central_api_key: '4ef39d110474a18639bab'
    lm_address: '10.35.23.2:443'
    ip: '10.35.23.156'
    port: 443
    prot: 'tcp'
				
  tasks:
    - name: Create Virtual Service Pathos on LM
      virtual_service: 
        central_address: '{{ central_address }}'
        central_username: '{{ central_username }}'
    	central_api_key: '{{ central_api_key }}'
        lm_address: '{{ lm_address }}'
        enable: 'Y'
        nickname: 'Pathos'
        ip: '{{ ip }}'
        port: '{{ port }}'
        protocol: '{{ prot }}'
    	vs_type: 'http'
        ssl_acceleration: 1
        check_type: 'icmp'
        qos: 'Maximize-Reliability'
        transparent: 1

2.4 Return Values

The following are the fields unique to this module:

Key	Returned	Description
message str	always	The message response indicating whether the task created or modified the Virtual Service. Sample: VS Updated
changed bool	always	A Boolean to indicate whether changes were made during the task Sample: true
dataChanged str	when changed is true	The parameters that were changed during the task. Sample: {"check_type": "icmp","NickName": "Pathos","SSLAcceleration": "Y", "TlsType": "3", "Transparent": "Y"}
msg str	when task failed	The error message related to why the task failed. Sample: The minimum supported LoadMaster firmware version is 7.2.47.0.

2.5 Status

This module is maintained by Kemp Technologies.

3 Modify a SubVS on a LoadMaster

3.1 Synopsis

This module configures a SubVS on a LoadMaster. The minimum supported LoadMaster firmware version is 7.2.47.0. To configure a SubVS on a Virtual Service, the Virtual Service must be defined in your playbook before the SubVS.

3.2 Parameters

Parameter	Choices/ Defaults	Comments
add_via int	Choices: 0 1 2 3 4 5 6	Corresponds to the add http headers in LM
central_username str/required		The Kemp 360 Central username.
central_api_key str/required		The API key for the user of the Kemp 360 Central machine.
central_address str/required		The IP address of the Kemp 360 Central that the LoadMaster is added to.
enable str	Choices: Y N	Enable the SubVS.
lm_address str/required		IP address and port of the LoadMaster that contains the Virtual Service or SubVS that the Real Server should be created or modified on. The format is 'ip:port'.
vs str/required		The IP address of the parent Virtual Service on the LoadMaster.
port int/required		The port of the parent Virtual Service on the LoadMaster value between 3 and 65530.
limit int		The maximum number of open connections that can be sent to a Real Server before it is taken out of rotation; values 0-100000.
nickname str/required		Nickname of a SubVS.
qos int	Choices 0 1 2 4 8	Quality of Service sets a type of service that deals with how packets treat and prioritize the traffic.
subnet_originating int	Choices: 0 1	When transparency is not enabled, the source IP address of connections to the Real Servers is that of the Virtual Service. When transparency is enabled, the source IP address is the IP address that is initiating connection to the Virtual Service. If the Real Server is on a subnet, and the Subnet Originating Requests option is enabled, then the subnet address of the LoadMaster is used as the source IP address.
vs_type str	Choices: gen http http/2 tls log	This specifies the type of service being load balanced.
critical int	Choices: 0 1	Enabling this parameter indicates that the Real Server is required for the Virtual Service to be considered available. The Virtual Service is marked as down if the Real Server has failed or is disabled.
check_type str	Choices: icmp http https tcp smtp nntp ftp telnet pop3 imap rdp bdara ldap none	Specify which protocol is to be used to check the health of the Real Server.
check_codes str		A space-separated list of HTTP status codes that should be treated as successful when received from the Real Server.
check_port int		The port to be checked. If a port is not specified, the Real Server port is used. Specify 0 to unset check_port.
weight int		When using weighted round robin scheduling, the weight of a Real Server is used to indicate what relative proportion of traffic should be sent to the server. Servers with higher values receive more traffic. The weight of a SubVS can also be updated using the modrs command - set the Real Server to the number that appears in the Id column for the relevant SubVS in the parent Virtual Service modify screen; values 1-65535.
check_host str		The check_use_11 parameter must be enabled to set the check_host value. When using HTTP/1.1 checking, the Real Servers require a Hostname be supplied in each request. If no value is set, then this value is the IP address of the Virtual Service.
check_pattern str		When the check_type is set to http or https - this corresponds to the Reply 200 Pattern in the WUI. This parameter only applies when the HTTP Method is set to GET or POST. When the check_type is set to bdata: Specify the hexadecimal string, which is searched for in the response. Specify an empty value to unset check_pattern.
check_headers str		Specify up to four additional headers/fields that will be sent with each health check request. Separate the pairs with a pipe, for example; Host:xyc\|UserAgent:prq.
check_use_11 str	Choices: 0 1	By default, the health checker uses HTTP/1.0 when checking the Real Server status. Enabling check_use_11 means HTTP/1.1 is used (which is more efficient).
enhanced_health_checks int	Choices 0 1	Enabling the enhanced_health_checks parameter provides an additional health check parameter - rs_minimum. If the enhanced_health_checks parameter is disabled, the Virtual Service is considered available if at least one Real Server is available. If the enhanced_health_checks parameter is enabled, you can specify the minimum number of Real Servers that should be available to consider the Virtual Service to be available.
rs_minimum int		An integer that specifies how many Real Servers must be up for a Virtual Service or SubVS to be considered up. It is an integer from 0 to N, where N is the number of Real Servers on this particular service. In practice, this value is usually 1.
extra_header_key str		Specify the key for the extra header to be inserted into every request sent to the Real Servers.
extra_header_value str		Specify the value for the extra header to be inserted into every request sent to the Real Servers.
error_code int		If no Real Servers are available, the LoadMaster can terminate the connection with a HTTP error code. Specify the error code number in this parameter. To unset the error code, set the parameter to an empty string.
error_url str		When no Real Servers are available and an error response is sent back to the client, a redirect URL can also be specified.
ldap_endpoint str		Specify the name of an LDAP endpoint to use for the health checks. If LDAP is selected as the check_type, the server IP address (or addresses) and ports from the LDAP endpoint configuration are used instead of the Real Server IP address and port.
copy_header_from str		This is the name of the source header field to copy into the new header field before the request is sent to the Real Servers.
copy_header_to str		Used in conjunction with the copy_header_from parameter. The name of the header field into which the source header is to be copied.
transparent int	Choices: 0 1	When using Layer 7, when this is enabled - the connection arriving at the Real Server appears to come directly from the client. Alternatively, the connection can be non-transparent, which means that the connections at the Real Server appear to come from the LoadMaster. If a Virtual Service (with or without a SubVS) has SSL re-encrypt enabled, the transparency flag of the Virtual Service has no meaning (re-encryption forces transparency to be off). The transparency setting can still be modified by the API and is honored when re-encrypt is disabled on the Virtual Service.
multi_connect int	Choices: 0 1	Enabling this option permits the LoadMaster to manage connection handling between the LoadMaster and the Real Servers. Requests from multiple clients are sent over the same TCP connection. Multiplexing only works for simple HTTP GET operations. This parameter cannot be enabled in certain situations, for example if WAF, ESP, or SSL Acceleration is enabled.
non_local int	Choices: 0 1	By default only Real Servers on local networks can be assigned to a Virtual Service. Enabling this option allows a non-local Real Server to be assigned to the Virtual Service. This option is only available if a non local Real Server is enabled and the Transparent option is disabled on the relevant Virtual Service.
check_url str		When the check_type is set to http or https - by default, the health checker tries to access the URL / to determine if the machine is available. A different URL can be set in the check_url parameter. When the check_type is set to bdata: Specify a hexadecimal string to send to the Real Server. The maximum character length for the check_url parameter value is 126 characters.
check_post_data str		This parameter is only relevant if the HTTP Method is set to POST. When using the POST method, up to 2047 characters of POST data can be sent to the server.
check_use_get int	Choices: 0 1 2	When accessing the health check URL - the system can use the HEAD, the GET, or the POST method.
persist str	Choices: ssl cookie active-cookie cookie-src cookie-hash cookie-hash-src url query-hash hash host header super super-src src rdp rdp-src rdp-sb rdp-sb-src udpsip none	Specify the type of persistence (stickiness) to be used for this Virtual Service.
persist_timeout int		The length of time (in seconds) after the last connection that the LoadMaster remembers the persistence information. Timeout values are rounded down to an even number of minutes. Setting a value that is not a number of whole minutes results in the excess being ignored. Setting a value to less than 60 seconds results in a value of 0 being set, which disables persistency.
match_len int		This parameter is only relevant when the check_type is set to bdata. Specify the number of bytes to find the check_pattern within; values 0-8000.
stand_by_addr str		Specify the IP address of the 'Sorry' server that is to be used when no other Real Servers are available. This server will not be health checked and is assumed to be always available.
stand_by_port int		Specify the port of the 'Sorry' server.
schedule str	Choices: Round-Robin Weighted-Round-Robin Least-Connection Weighted-Least-Connection Fixed-Weighting Adaptive-Resource-Based Source-IP-Hash Weighted-Response-Time SDN-Adaptive URL-Hash	Specify the type of scheduling of new connections to Real Servers that is to be performed.
rs_rule_precedence str		This parameter should be used in conjunction with rs_rule_precedence_pos. This parameter is used to specify the name of the existing rule whose position you want to change.
rs_rule_precedence_pos int		This parameter, in conjunction with the rs_rule_precedence parameter, is used to change the position of the rule in a sequence of rules. For example, a position of 2 means the rule is checked second.
selection_rules str		Specify a list of selection rules to add to the SubVS.
request_header_rules str		Add a list of request rules to a SubVS.
response_header_rules str		Add a list of response rules to a SubVS.

3.3 Examples

- name: Create a Sub VS
  hosts: localhost
				
  vars:
   central_address: '10.35.23.180'
   central_username: 'admin'
   central_api_key: '4ef39d1104767e18639bab'
   lm_address: '10.35.23.2:443'
				
 tasks:
 - name: Create SubVS
   sub_virtual_service:
       central_address: '{{ central_address }}'
       central_api_key: '{{ central_api_key }}'
       central_username: '{{ central_username }}'
       lm_address: '{{ lm_address }}'
       vs: 10.35.23.100'
       port: 80
       prot: 'tcp'
       nickname: 'Beta'
       vs_type: 'http'
       enable: 'Y'
       enhanced_health_checks: 1
       schedule: 'Round-Robin'
       content_rules: ['matchRedHeader']

3.4 Return Values

The following are the fields unique to this module:

Key	Returned	Description
message str	always	The message response indicating whether the task created or modified the SubVS. Sample: SubVS Updated
changed bool	always	A Boolean to indicate whether changes were made during the task true
dataChanged str	when changed is true	The parameters that were changed during the task. Sample: {"Transparent": "N", "UseforSnat": "N", "VSPort": "0", "VStype": "http", "NickName": "Epsilon"}
msg str	when task failed	The error message related to why the task failed. Sample: The minimum supported LoadMaster firmware version is 7.2.47.0.

3.5 Status

This module is maintained by Kemp Technologies.

4 Modify a Real Server on a LoadMaster

4.1 Synopsis

This module adds or modifies a Real Server to Virtual Services and SubVS on a LoadMaster. The minimum supported LoadMaster firmware version is 7.2.47.0. To configure a Real Server on a Virtual Service, the Virtual Service must be defined in your playbook before the Real Server. To configure a Real Server on a SubVS, the SubVS must be defined in your playbook before the Real Server.

4.2 Parameters

Parameter	Choices/ Defaults	Comments
lm_address str/required		The IP address and port of the LoadMaster that contains the Virtual Service or SubVS that the Real Server should be created or modified on.
lm_port str		The port of the LoadMaster.
central_address str/required		The IP address of the Kemp 360 Central that the LoadMaster is added to.
username str/required		The Kemp 360 Central username.
api_key str/required		The API key for the user of the Kemp 360 Central machine.
vs_ip str/required		The IP address of the Virtual Service on the provided LoadMaster.
vs_port int/required		The port of the Virtual Service on the provided LoadMaster. Values are between 3 and 65530.
vs_prot str/required	Choices udp tcp	The protocol of the Virtual Service on the provided LoadMaster.
rs_ip str/required		The IP address of the Real Server that is being created or modified.
rs_port str/required		The port of the Real Server that is being created or modified. Values are between 3 and 65530.
rs_limit int		The maximum number of open connections that can be sent to a Real Server before it is taken out of rotation. Values are between 0 and 100000.
rs_weight int		When using weighted round robin scheduling, the weight of a Real Server is used to indicate what relative proportion of traffic should be sent to the server. Servers with higher values receive more traffic. The weight of a SubVS can also be updated using the modrs command; set the Real Server to the number that appears in the Id column for the relevant SubVS in the parent Virtual Service modify screen.
rs_fw_method str	Choices nat route	The type of forwarding method used. The default method is NAT. Direct server return can only be used with Layer 4 services.
rs_enable str	Choices Y (default) N	Enable or disable the Real Server.
rs_critical int	Choices 0: Disabled 1: Enabled	Enabling this parameter indicates that the Real Server is required for the Virtual Service to be considered available. The Virtual Service is marked as down if the Real Server has failed or is disabled.
sub_vs_nickname str		To create or modify a Real Server on a SubVS; the nickname of the SubVS must be provided.
addtoallsubvs int	Choices 0: Disabled 1: Enabled	Enable this option when adding a Real Server to all SubVSs of a Virtual Service; values are 0 or 1.
newport int		The port on the Real Server to be used. Values are between 3 and 65535.
follow int		Specify what Real Server the health check is based on by setting this parameter to the RsIndex of the Real Server to be followed. This can either be set to the RsIndex of the same Real Server to health check based on that particular Real Server status, or another Real Server can be specified. For example, if Real Server 1 is down, any Real Servers that have their health check based on Real Server 1 are also marked as down, regardless of their actual Real Server status.
content_rules list		A list of content rule names to be added to a Real Server. The names provided must be previously added to the LoadMaster and must be Content Matching rules.

4.3 Examples

- name: Create Real Server
  hosts: localhost
				
  vars:    
   central_address: '10.35.39.21'
   lm_address: '10.35.39.20:443'
   username: 'admin'
   api_key: '699129a26ad34466a4cc'
				
  tasks:
- name: Create Real Server
  hosts: localhost
  tasks:
  - name: Create RS for VS 10.35.39.25:8010
    real_server:
      lm_address: '{{ lm_address }}'
      central_address: '{{ central_address }}'
      username: '{{ username }}'
      api_key: '{{ api_key }}'
      vs_ip: '10.35.39.25'
      vs_port: 8010
      vs_prot: 'tcp'
      rs_ip: '10.35.39.6'
      rs_port: 4006
      rs_limit: 220

4.4 Return Values

The following are the fields unique to this module:

Key	Returned	Description
message str	always	The message response indicating whether the task created or modified the Real Server. Sample: Real Server 10.35.39.180:8010 created successfully
changed bool	always	A Boolean to indicate whether changes were made during the task Sample: true
dataChanged str	when changed is true	The parameters that were changed during the task. Sample: {"Addr": "10.35.39.180", "Critical": "N", "DnsName": null, "Enable": "Y", "Follow": "0", "Forward": "nat"}
msg str	when task failed	The error message related to why the task failed. Sample: The minimum supported LoadMaster firmware version is 7.2.47.0.

4.5 Status

This module is maintained by Kemp Technologies.

5 Add LDAP Authentication on the LoadMaster

5.1 Synopsis

Module to add LDAP authentication on LoadMaster.

5.2 Parameters

Parameter	Choices /Defaults	Comments
lm_address str		The IP address and port of the LoadMaster. The format is 'ip:port'.
central_address str		The IP address of the Kemp 360 Central machine that the LoadMaster is added to.
username str		The username of the Kemp 360 Central user.
api_key str		The API key for the Kemp 360 Central machine.
name str		The name of the LDAP service.
ldaptype str	Choices: 0 - Unencrypted (default) 1 - StartTLS 2 - LDAPS	Specify the transport protocol to use when communicating with the LDAP server.
adminuser str		The username that is used to check the LDAP server.
adminpass str		The password that is used to check the LDAP server.
server str		Specify the address, or addresses, of the LDAP server to be used. You can also specify a port number, if desired. Separate multiple addresses with a space.
vinterval str		Specify how often to revalidate the user the with the LDAP server. Range: 10 - 86400 seconds
referralcount str		Multiple hops may increase authentication latency. There is a performance impact that depends on the number and depth of referrals required in your configuration. You must have intimate knowledge of your Active Directory structure to set the referral limit appropriately. The same credentials are used for all lookups, and so on. The use of Active Directory Global Catalog (GC) is the preferred configuration as the primary means of resolution instead of enabling LDAP referral chasing. A GC query can be used to query the GC cache instead of relying on LDAP and the referral process. Using Active Directory GC has little or no performance drag on the LoadMaster. For steps on how to add/remove the GC, refer to the following TechNet article: Add or Remove the Global Catalog.
timeout str		Specify the LDAP server timeout in seconds. The default value is 5. Valid values range from 5 to 60.

5.3 Examples

- name: Create a small configuration for LoadMaster
  hosts: localhost

  vars:
	central_address: '10.35.60.27'
	central_username: 'admin'
	central_api_key: '7291f46c25094ee5edc8ef4bf54c3144050e2717'
	lm_address: '10.35.60.30'
	lm_port: '443'
	vs_ip: '10.35.60.123'
	vs_port: 443
	vs_prot: 'tcp'
	rs_ip: '10.35.60.112'

  tasks:
	- name: Set SSO LDAP
	  sso_ldap:
		central_address: '{{ central_address }}'
		username: '{{ central_username }}'
		api_key: '{{ central_api_key }}'
		lm_address: '{{ lm_address }}'
		lm_port: '{{ lm_port }}'
		name: 'TestLdap'
		ldaptype: '2'
		server: 'ldap://10.35.23.154'
		vinterval: '240'
		adminuser: 'user123'
		adminpass: 'test'
		referralcount: 0
		timeout: 3600

5.4 Return Values

The following are the fields unique to this module:

Key	Returned	Description
message str	always	The message response indicating whether the task created or modified. Sample: LDAP auth was configured successfully
changed bool	always	A Boolean to indicate whether changes were made during the task. Sample: true
dataChanged	when changed is true	The error message related to why the task failed.
msg str	when task fails	The error message relating to why the task failed. Sample: The minimum supported LoadMaster firmware version is 7.2.47.0

5.5 Status

This module is maintained by Kemp Technologies.

6 Add or Modify an LDAP-based SSO on the LoadMaster

6.1 Synopsis

Module to add or modify a Certificate based SSO on LoadMaster.

6.2 Parameters

Parameter	Choices /Defaults	Comments
lm_address str		The IP address and port of the LoadMaster. The format is 'ip:port'.
central_address str		The IP address of the Kemp 360 Central machine that the LoadMaster is added to.
username str		The username of the Kemp 360 Central user.
api_key str		The API key for the Kemp 360 Central machine.
domain str		Set the name for the logon domain you are providing.
auth_type str		Set the authentication type for the LoadMaster. For sso_ldap this can only be LDAP-Unencrypted.
ldap_endpoint str		The name of an existing LDAP endpoint. Specify the LDAP endpoint to use.
logon_domain str		This parameter corresponds with the Domain/Realm field in the WUI. This is the login domain to be used. This is also used with logon_fmt to construct the normalized user name.
logon_fmt str	Choices: Principalname Username Not Specified	Specify the logon string format used to authenticate to the LDAP server.
logon_transcode str	Choices: 0: Disabled 1: Enabled	Enable or disable the transcode of logon credentials from ISO-8859-1 to UTF-8, when required.
ldapephc str	Choices: 0: Disabled 1: Enabled	Enable this parameter to use the LDAP endpoint admin username and password for the health check.
max_failed_auths str		The maximum number of failed login attempts before the user is locked out. Range: 0-999
unblock_tout str		The timeout value (in seconds) before a blocked account is automatically unblocked. This must be greater than the reset_fail_tout value.
sess_tout_type str	Choices: idle time max duration	Specify the type of session timeout to be used.
sess_tout_idle_pub str		The session idle timeout value in seconds. This value is used in a public environment.
sess_tout_idle_priv str		The session idle timeout value in seconds. This value is used in a private environment.
sess_tout_duration_priv str		The maximum duration timeout value for the session in seconds. This value is used in a private environment.

6.3 Examples

- name: Create a small configuration for LoadMaster
  hosts: localhost

  vars:
	central_address: '10.35.60.27'
	central_username: 'admin'
	central_api_key: '7291f46c25094ee5edc8ef4bf54c3144050e2717'
	lm_address: '10.35.60.30'
	lm_port: '443'
	vs_ip: '10.35.60.123'
	vs_port: 443
	vs_prot: 'tcp'
	rs_ip: '10.35.60.112'

  tasks:
    - name: Set SSO LDAP
	  sso_ldap:
		central_address: '{{ central_address }}'
		username: '{{ central_username }}'
		api_key: '{{ central_api_key }}'
		lm_address: '{{ lm_address }}'
		lm_port: '{{ lm_port }}'
		domain: 'TestLdap'
		ldap_endpoint: 'LDAP1'
		auth_type: 'LDAP-Unencrypted'
		logon_domain: 'logondomain'
		logon_fmt: 'Not Specified'
		logon_transcode: '0'
		max_failed_auths: '18'
		unblock_tout: '2020'
		sess_tout_idle_pub: '706'
		sess_tout_duration_pub: '700'
		sess_tout_idle_priv: '702'
		sess_tout_duration_priv: '700'
		sess_tout_type: 'idle time'
		ldapephc: '0'
		testuser: 'user123'
		testpass: 'test'

6.4 Return Values

Common return values are documented here; the following are the fields unique to this module:

Key	Returned	Description
message str	always	The message response indicating whether the task created or modified. Sample: Successfully updated SSO Parameters
changed bool	always	A Boolean to indicate whether changes were made during the task. Sample: true
dataChanged str	when changed is true	The parameters that were changed during the task.
msg str	when task fails	The error message relating to why the task failed. Sample: The minimum supported LoadMaster firmware version is 7.2.47.0

6.5 Status

This module is maintained by Kemp Technologies.

7 Add or Modify a RADIUS-based SSO on the LoadMaster

7.1 Synopsis

Module to add or modify a RADIUS based SSO on LoadMaster.

7.2 Parameters

Parameter	Choices /Defaults	Comments
lm_address str		IP address and port of the LoadMaster. The format is 'ip:port'.
central_address str		The Kemp 360 Central IP address where the LoadMaster is added to.
username str		The username of the Kemp 360 Central user.
api_key str		The API key for the Kemp 360 Central user.
domain str		An identifer for the domain you are creating.
auth_type str		The type of SSO domain this will be. For RADIUS this should be 'RADIUS'.
radius_shared_secret str		The shared secret to be used between the RADIUS server and the LoadMaster.
radius_send_nas_id str	Choices: 0: Disabled 1: Enabled	If enabled, a NAS identifer string (radius_nas_id) is sent to the RADIUS server.
radius_nas_id str		The Network Access Server (NAS) identifer string.
server str		The address(s) of the server(s) to use to validate this domain. (IPv4 only)
logon_domain str		The domain/realm used to construct normalized username for login.
logon_fmt str		Specify the logon string format used to authenticate to the LDAP/RADIUS server.
logon_fmt2 str		Specify an alternate logon string format used to authenticate to the LDAP/RADIUS.
logon_transcode str	Choices: 0: Disabled 1: Enabled	Enable or disable the transcode of logon credentials from ISO-8859-1 to UTF-8, when required.
max_failed_auths str		The maximum number of failed login attempts before the user is locked out. Range: 0-999
unblock_tout str		The timeout value (in seconds) before a blocked account is automatically unblocked. This must be greater than the reset_fail_tout value.
sess_tout_idle_pub str		The session idle timeout value in seconds. This value is used in a public environment.
sess_tout_duration_pub str		The maximum duration timeout value for the session in seconds. This value is used in a public environment.
sess_tout_idle_priv str		The session idle timeout value in seconds. This value is used in a private environment.
sess_tout_duration_priv str		The maximum duration timeout value for the session in seconds. This value is used in a private environment.
sess_tout_type str	Choices: idle time max duration	Specify the type of session timeout to be used.
reset_fail_count str		The number of seconds that must elapse before the Failed Login Attempts counter is reset to 0. This value must be less than the unblock_tout.

7.3 Examples

- name: Create a small configuration for LoadMaster
  hosts: localhost

  vars:
	central_address: '10.35.60.27'
	central_username: 'admin'
	central_api_key: '7291f46c25094ee5edc8ef4bf54c3144050e2717'
	lm_address: '10.35.60.30'
	lm_port: '443'
	vs_ip: '10.35.60.123'
	vs_port: 443
	vs_prot: 'tcp'
	rs_ip: '10.35.60.112'

  tasks:
  - name: Set Radius SSO list
	sso_radius:
		central_address: '{{ central_address }}'
		username: '{{ central_username }}'
		api_key: '{{ central_api_key }}'
		lm_address: '{{ lm_address }}'
		lm_port: '{{ lm_port }}'
		domain: 'TestRadius'
		auth_type: 'RADIUS'
		server: '10.35.60.111'
		radius_shared_secret: 'def'
		radius_send_nas_id: '0'
		radius_nas_id: '1'
		logon_domain: 'domainTestABC'
		logon_fmt: 'Username Only'
		logon_fmt2: 'Principalname'
		logon_transcode: 0 
		max_failed_auths: '1'
		unblock_tout: '71'
		sess_tout_idle_pub: '1301'
		sess_tout_duration_pub: '1301'
		sess_tout_idle_priv: '1302'
		sess_tout_duration_priv: '1302'
		sess_tout_type: 'idle time'
		reset_fail_count: '79'
		testuser: '123'
		testpass: '123'

7.4 Return Values

The following are the fields unique to this module:

Key	Returned	Description
message str	always	The message response indicating whether the SSO domain was created successfully.
changed bool	always	A Boolean to indicate whether changes were made during the task.
dataChanged str	when changed is true	The parameters that were changed during the task.
msg str	when task fails	The error message relating to why the task failed.

7.5 Status

This module is maintained by Kemp Technologies.

8 Add or Modify a RADIUS-LDAP-based SSO on the LoadMaster

8.1 Synopsis

Module to add or modify a RADIUS-LDAP based SSO on LoadMaster.

8.2 Parameters

Parameter	Choices /Defaults	Comments
lm_address str		IP address and port of the LoadMaster. The format is 'ip:port'.
central_address str		The IP address of the Kemp 360 Central machine that the LoadMaster is added to.
username str		The username of the Kemp 360 Central user.
api_key str		The API key of the Kemp 360 Central user.
domain str		Set the name for the logon domain you are providing.
auth_type str		Set the authentication type for the LoadMaster. For sso_radius this can only be RADIUS and LDAP-Unencrypted.
ldap_endpoint str		The name of an existing LDAP endpoint. Specify the LDAP endpoint to use.
radius_shared_secret str		The shared secret to be used between the RADIUS server and the LoadMaster.
radius_send_nas_id str	Choices: 0: Disabled 1: Enabled	If this parameter is disabled (default), a NAS identifier is not sent to the RADIUS server. If it is enabled, a Network Access Server (NAS) identifier string is sent to the RADIUS server. By default, this is the hostname. Alternatively, if a value is specified in the radius_nas_id parameter, this value is used as the NAS identifier. If the NAS identifier cannot be added, the RADIUS access request is still processed. This field is only available if the auth_type is set to a RADIUS option.
radius_nas_id str		If the radius_send_nas_id parameter is enabled, the radius_nas_id parameter is relevant. When specified, this value is used as the NAS identifier. Otherwise, the hostname is used as the NAS identifier. If the NAS identifier cannot be added, the RADIUS access request is still processed. This parameter is only relevant if the auth_type is set to a RADIUS option and the radius_send_nas_id parameter is enabled.
server str		The address (or addresses) of the server(s) that are to be used to validate this domain. IPv6 is not supported for RADIUS authentication.
ldapephc str	Choices: 0: Disabled 1: Enabled	Enable this parameter to use the LDAP endpoint admin username and password for the health check.
testuser str		The username to check the authentication server(s), if you are not using an LDAP endpoint.
testpass str		The password of the user to check the authentication server(s), if you are not using an LDAP endpoint.
logon_domain str		This parameter corresponds with the Domain/Realm field in the WUI. The login domain to be used. This is also used with logon format to construct the normalized user name.
logon_fmt str	Choices: Principalname Username Not Specified	Specify the logon string format used to authenticate to the LDAP server.
logon_transcode str	Choices: 0: Disabled 1: Enabled	Enable or disable the transcode of logon credentials from ISO-8859-1 to UTF-8, when required.
max_failed_auths str	Choices: 0: Disabled 1: Enabled	The maximum number of failed login attempts before the user is locked out.
unblock_tout str		The timeout value (in seconds) before a blocked account is automatically unblocked. This must be greater than the reset_fail_tout value.
sess_tout_idle_pub str		The session idle timeout value in seconds. This value is used in a public environment.
sess_tout_duration_pub str		The maximum duration timeout value for the session in seconds. This value is used in a public environment.
sess_tout_idle_priv str		The session idle timeout value in seconds. This value is used in a private environment.
sess_tout_duration_priv str		The maximum duration timeout value for the session in seconds. This value is used in a private environment.
sess_tout_type str	Choices: idle time max duration	Specify the type of session timeout to be used.
reset_fail_tout int		The number of seconds that must elapse before the Failed Login Attempts counter is reset to 0. This value must be less than the unblock_tout. Range: 60-86400

8.3 Examples

- name: Create a small configuration for LoadMaster
  hosts: localhost

  vars:
	central_address: '10.35.60.27'
	central_username: 'admin'
	central_api_key: '7291f46c25094ee5edc8ef4bf54c3144050e2717'
	lm_address: '10.35.60.30'
	lm_port: '443'
	vs_ip: '10.35.60.123'
	vs_port: 443
	vs_prot: 'tcp'
	rs_ip: '10.35.60.112'

  tasks:
	- name: Set Radius LDAP SSO
	  sso_radius_ldap:
	  	central_address: '{{ central_address }}'
		username: '{{ central_username }}'
		api_key: '{{ central_api_key }}'
		lm_address: '{{ lm_address }}'
		lm_port: '{{ lm_port }}'
		domain: 'TestLdapRadius'
		auth_type: 'RADIUS and LDAP-Unencrypted'
		ldap_endpoint: 'LDAP1'
		radius_shared_secret: 'def'
		radius_send_nas_id: '1'
		radius_nas_id: 'ABC123'
		server: '10.35.60.111'
		ldapephc: '0'
		testuser: 'user123'
		testpass: 'test'
		logon_domain: 'domainTestABC'
		logon_fmt: 'Username Only'
		logon_fmt2: 'Username'
		logon_transcode: '0'
		max_failed_auths: '1'
		unblock_tout: '70'
		sess_tout_idle_pub: '701'
		sess_tout_duration_pub: '1201'
		sess_tout_idle_priv: '702'
		sess_tout_duration_priv: '1202'
		sess_tout_type: 'idle time'
		reset_fail_tout: '95'

8.4 Return Values

The following are the fields unique to this module:

Key	Returned	Description
message str	always	The message response indicating whether the task created or modified. Sample: Successfully updated SSO Parameters
changed bool	always	A Boolean to indicate whether changes were made during the task. Sample: true
msg str	when task fails	The error message relating to why the task failed. Sample: The minimum supported LoadMaster firmware version is 7.2.47.0

8.5 Status

This module is maintained by Kemp Technologies.

9 Add or Modify a Certificate-based SSO on the LoadMaster

9.1 Synopsis

Module to add or modify a certificate-based SSO on LoadMaster.

9.2 Parameters

Parameter	Choices /Defaults	Comments
lm_address str		The IP address and port of the LoadMaster. The format is 'ip:port'.
central_address str		The IP address of the Kemp 360 Central machine that the LoadMaster is added to.
username str		The username of the Kemp 360 Central user.
api_key str		The API key for the Kemp 360 Central machine.
domain str		An identifer for the domain you are creating.
logon_domain str		The domain/realm used to construct the normalized username for login.
auth_type str		The type of SSO domain this will be. For RADIUS this should be 'RADIUS'.
logon_fmt str		Specify the logon string format used to authenticate to the LDAP/RADIUS server.
logon_fmt2 str		Specify an alternate logon string format used to authenticate to the LDAP/RADIUS.
logon_transcode bool	Choices: 0: Disabled 1: Enabled	Enable or disable the transcode of logon credentials from ISO-8859-1 to UTF-8, when required.
reset_fail_tout str		The number of seconds that must elapse before the Failed Login Attempts counter is reset to 0. This value must be less than the unblock_tout.
unblock_tout str		The timeout value (in seconds) before a blocked account is automatically unblocked. This must be greater than the reset_fail_tout value.
max_failed_auths int		The maximum number of failed login attempts before the user is locked out. (0-999)
sess_tout_idle_pub str		The session idle timeout value in seconds. This value is used in a public environment.
sess_tout_duration_pub str		The maximum duration timeout value for the session in seconds. This value is used in a public environment.
sess_tout_idle_priv str		The session idle timeout value in seconds. This value is used in a private environment.
sess_tout_duration_priv str		The maximum duration timeout value for the session in seconds. This value is used in a private environment.
sess_tout_type str	Choices: idle time max duration	Specify the type of session timeout to be used.

9.3 Example

- name: Create a small configuration for LoadMaster
  hosts: localhost

  vars:
	central_address: '10.35.60.27'
	central_username: 'admin'
	central_api_key: '7291f46c25094ee5edc8ef4bf54c3144050e2717'
	lm_address: '10.35.60.30'
	lm_port: '443'
	vs_ip: '10.35.60.123'
	vs_port: 443
	vs_prot: 'tcp'
	rs_ip: '10.35.60.112'

  tasks:
  - name: Set SSO Certificates list
    sso_certificate:
		central_address: '{{ central_address }}'
		username: '{{ central_username }}'
		api_key: '{{ central_api_key }}'
		lm_address: '{{ lm_address }}'
		lm_port: '{{ lm_port }}'
		domain: 'TestCert'
		ldap_endpoint: 'LDAP1'
		auth_type: 'Certificates'
		ldapephc: '0'
		logon_domain: 'test'
		logon_fmt: 'Not Specified'
		logon_transcode: '1'    
		max_failed_auths: '18'
		unblock_tout: '4022'
		sess_tout_idle_pub: '503'
		sess_tout_duration_pub: '303'
		sess_tout_idle_priv: '903'
		sess_tout_duration_priv: '503'
		sess_tout_type: 'max duration'
		reset_fail_tout: '63'
		cert_check_asi: '1'
		cert_check_cn: '1'
		testuser: 'user123'
		testpass: 'test'

9.4 Return Values

The following are the fields unique to this module:

Key	Returned	Description
message str	always	The message response indicating whether the SSO data was updated. Sample: Successfully updated SSO Parameters
changed bool	always	A Boolean to indicate whether changes were made during the task. Sample: true
msg str	when task fails	The error message relating to why the task failed. Sample: Could not update SSO

9.5 Status

This module is maintained by Kemp Technologies.

10 Add or Modify a SAML-based SSO on the LoadMaster

10.1 Synopsis

Module to add or modify a SAML-based SSO on LoadMaster. The minimum supported LoadMaster firmware version is 7.2.47.0.

10.2 Parameters

Parameter	Choices /Defaults	Comments
lm_address str		IP address and port of the LoadMaster. The format is 'ip:port'.
central_address str		The IP address of the Kemp 360 Central machine that the LoadMaster is added to.
username str		The username of the Kemp 360 Central user.
api_key str		The API key for the Kemp 360 Central user.
domain str		Set the name for the logon domain you are providing.
auth_type str		Set the authentication type for the LoadMaster. For sso_saml this can only be SAML.
idp_entity_id str		Specify the Identity Service Provider (IdP) Entity ID.
idp_sso_url str		Specify the IdP Single Sign On (SSO) URL.
idp_cert str		Specify the IdP certificate to use for verification processing.
sp_cert str		It is optional to sign requests that are sent in the context of logon. Currently, the LoadMaster does not sign those requests. In the context of log off requests - it is mandatory and these requests must be signed. This is to avoid any spoofing and to provide extra security in relation to log off functionality. This ensures that users are not being hacked and not being logged off unnecessarily. In the sp_cert parameter, you can choose to use a self-signed certificate or third party certificate to perform the signing. To specify a self-signed certificate, set sp_cert to useselfsigned. To use a third party certificate, specify the name of the certificate to use (this certificate must be uploaded to the intermediate certificate section of the LoadMaster before it can be selected).
sp_entity_id str		The Service Provider (SP) entity ID is an identifier that is shared to enable the IdP to understand, accept, and have knowledge of the entity when request messages are sent from the LoadMaster. This must correlate to the identifier of the relying party on the AD FS server.
sess_tout_idle_pub str		The session idle timeout value in seconds. This value is used in a public environment.
sess_tout_duration_pub str		The maximum duration timeout value for the session in seconds. This value is used in a public environment.
sess_tout_type str	Choices: idle time max duration	Specify the type of session timeout to be used.
idp_match_cert str	Choices: 0: Disabled 1: Enabled	If this option is enabled, the IdP certificate assigned must match the certificate in the IdP SAML response.

10.3 Examples

- name: Create a small configuration for LoadMaster
  hosts: localhost

  vars:
	central_address: '10.35.34.2'
	central_username: 'admin'
	central_api_key: 'b54058156b44a6ac818d58e6bc92b3ce57f17aa3'
	lm_address: '10.35.34.134'
	lm_port: '443'
	vs_ip: '10.35.60.123'
	vs_port: 443
	vs_prot: 'tcp'
	rs_ip: '10.35.60.112'

  tasks:
    - name: Set SAML SSO list
	  sso_saml:
		central_address: '{{ central_address }}'
		username: '{{ central_username }}'
		api_key: '{{ central_api_key }}'
		lm_address: '{{ lm_address }}'
		lm_port: '{{ lm_port }}'
		domain: 'TestSaml'
		auth_type: 'SAML'
		idp_entity_id: 'test_abc123'
		idp_sso_url: 'https://www.def.com/url/abc123'
		idp_logoff_url: 'https://www.def.com/url/logoff123'
		idp_cert: '1'
		sp_cert: '38FCF8174F0E9FCF1318FC5758E8F5BC5BD6EA6D'
		sp_entity_id: '09876'
		sess_tout_idle_pub: '802'
		sess_tout_duration_pub: '1200'
		sess_tout_type: 'idle time'
		idp_match_cert: '0'

10.4 Return Values

Common return values are documented here; the following are the fields unique to this module:

Key	Returned	Description
message str	always	The message response indicating whether the SSO data was updated Sample: Successfully updated SSO Parameters
changed bool	always	A Boolean to indicate whether changes were made during the task. Sample: true
msg str	when task fails	The error message relating to why the task failed. Sample: Could not update SSO

10.5 Status

This module is maintained by Kemp Technologies.

11 Add GEO FQDN Data

11.1 Synopsis

Module to add GEO FQDN data on the LoadMaster.

11.2 Parameters

Parameter	Choices /Defaults	Comments
central_api_key str		The API key for the user of the Kemp 360 Central machine.
central_address str		The Kemp 360 Central IP address.
central_username str		The username of the Kemp 360 Central user.
lm_address str		The IP address of the LoadMaster that is attached to Kemp 360 Central.
lm_port int		The port of the LoadMaster.
fqdn str		The FQDN to be added or edited on the LoadMaster.
fail_over int		This parameter is only relevant if the selection criteria is set to Location Based.
selection_criteria str	Choices: rr wrr fw rsr prx lb all	The selection criteria for addresses associated with the FQDN.
fail_time int		If a failure delay is not set, normal health checking is performed. If set, this parameter defines the number of minutes to wait after a failure before finally disabling it.
site_recovery_mode str	Choices: auto manual	If this is set to automatic, upon site recovery the site is brought back into operation immediately. If this is set to manual, once the site has failed, the site is disabled. Manual intervention is required to restore normal operation.
public_request_value int	Choices: 0 1 2 3	Restrict responses to clients from public IP addresses to specific classes of site. Here is an explanation of the different settings and their values: 0 - Public Sites Only 1 - Prefer Public Sites 2 - Prefer Private Sites 3 - Any Sites
private_request_value int	Choices: 0 1 2 3	Restrict responses to clients from private IP addresses to specific classes of site. Here is an explanation of the different settings and their values: 0 - Private Sites Only 1 - Prefer Private Sites 2 - Prefer Public Sites 3 - Any Sites
local_settings int	Choices: 0: Disabled 1: Enabled	Enabling this parameter provides two additional parameters for the FQDN - local_ttl and local_sticky.
local_ttl int		The Time To Live (TTL) value dictates how long the reply from the GEO LoadMaster can be cached by other DNS servers or client devices. The time interval is defined in seconds. This value should be as practically low as possible. The default value for this field is 10. Defaults to the value of the global ttl value when an FQDN is created. Range: 1 to 86400
local_sticky int		Stickiness, also known as persistence, is the property that enables all name resolution requests from an individual client to be sent to the same resources until a specified period of time has elapsed.
unanimous_checks int	Choices: 0: Disabled 1: Enabled	When this parameter is enabled, if any IP addresses fail health checking - the other FQDN IP addresses which belong to the same cluster will be forced down.

11.3 Examples

- name: Add FQDN to LoadMaster
  hosts: localhost

  vars:
	central_address: '10.35.53.100'
	lm_address: '10.35.53.101'
	lm_port: 443
	username: 'admin'
	api_key: '699129a26ace3fcd34466a4cc'
	domain: 'example.com'

  tasks:
  - name: Add FQDN to LoadMaster
	geo_fqdn:
		lm_address: '{{ lm_address }}'
		lm_port '{{ lm_port }}'
		central_address: '{{ central_address }}'
		central_username: '{{ username }}'
		central_api_key: '{{ api_key }}'
		fqdn: '{{ domain }}'
		selection_criteria: 'wrr'
		fail_time: 50
		site_recovery_mode: 'auto'
		local_settings: 1
		local_ttl: 302
		local_sticky: 304
		unanimous_checks: 1

11.4 Return Values

The following are the fields unique to this module:

Key	Returned	Description
message str	always	The message response indicating whether the GEO FQDN data was updated. Sample: Successfully updated FQDN Parameters
changed bool	always	A Boolean to indicate whether changes were made during the task. Sample: true
msg str	when task fails	The error message relating to why the task failed. Sample: Could not update FQDN, ...

11.5 Status

This module is maintained by Kemp Technologies.

12 Update GEO Maps and Clusters

12.1 Synopsis

Module to update GEO maps and cluster data on the LoadMaster.

12.2 Parameters

Parameter	Choices /Defaults	Comments
central_api_key str		The API key for the user of the Kemp 360 Central machine.
central_address str		The IP address of Kemp 360 Central.
central_username str		The username of the Kemp 360 Central user.
lm_address str		The IP address of the LoadMaster attached to Kemp 360 Central.
lm_port int		The LoadMaster port that is attached to Kemp 360 Central.
fqdn str		The FQDN of the GEO configuration.
cluster_ip str		The cluster IP address to be set.
cluster_name str		The cluster nickname to be set.
cluster_type str	Choices: default remoteLM localLM	The type of cluster.
cluster_checker str	Choices: none tcp icmp	Specify the method used to check the status of the cluster.
cluster_checker_port int		Specify the port of the cluster.
cluster_enable int	Choices: 0: Disabled 1: Enabled	Enable or disable the cluster.
cluster_latitude_seconds int		The latitude of the cluster.
cluster_longitude_seconds int		The longitude of the cluster.
map_ip str		The IP address of the cluster.
map_checker str	Choices: none icmp tcp clust	The type of checking to do on the map.
map_weight int		The weight of the map.
map_address str		The map IP address to check.
map_port int		The map port to be addressed.
map_enable int	Choices: 0: Disabled 1: Enabled	Enable or disable the map.
map_latitude_seconds str		The map longitude.
map_longitude_seconds str		The map longitude.
checker_ip str		Specify the address used to health check the IP address.
checker_port str		The address port used to health check the IP address.
country_code str		The country code.
is_continent int	Choices: 0: Disabled 1: Enabled	When dealing with a country - the is_continent parameter must be set to 0. When adding a continent - the is_continent parameter must be set to 1.
custom_location str		The custom location.

12.3 Examples

- name: Test general geo parameters
  hosts: localhost

  vars:
	central_address: '10.35.53.50'
	central_username: 'Admin'
	central_api_key: '32e0513423f2df63ce7afd5cf5fdb5eda448eb9c'
	lm_address: '10.35.53.6'
	lm_port: '443'
	domain: 'www.example.com'

	name: GEO map Example
		geo_misc:
			central_address: '{{ central_address }}'
			central_username: '{{ central_username }}'
			central_api_key: '{{ central_api_key }}'
			lm_address: '{{ lm_address }}'
			lm_port: '{{ lm_port }}'
			central_api_key: '{{ central_api_key }}'
			fqdn: '{{ domain }}'
			cluster_ip: '10.35.53.100'
			cluster_type: 'default'
			cluster_name: 'Cluster'
			cluster_checker: 'tcp'
			cluster_checker_port: 8080
			cluster_enable: 1
			cluster_latitude_seconds: 360
			cluster_longitude_seconds: 360
			map_ip: '10.35.53.101'
			map_enable: 1
			map_checker: 'tcp'
			map_weight: 500
			checker_ip: '10.35.53.190'
			checker_port: 7893
			country_code: 'IE'
			is_continent: 0

12.4 Return Values

The following are the fields unique to this module:

Key	Returned	Description
message str	always	The message response indicating whether the task created or modified the GEO map or cluster. Sample: Map cluster and data updated
changed bool	always	A Boolean to indicate whether changes were made during the task. Sample: true
dataChanged str	when changed is true	The parameters that were changed during the task.
msg str	when task fails	The error message relating to why the task failed. Sample: Could not update cluster and map data

12.5 Status

This module is maintained by Kemp Technologies.

13 Update GEO Miscellaneous Options and GEO Partnership

13.1 Synopsis

Module to update GEO miscellaneous options and GEO partnership.

13.2 Parameters

Parameter	Choices /Defaults	Comments
central_api_key str		The API key for the user of the Kemp 360 Central machine.
central_address str		The Kemp 360 Central IP address.
central_username str		The username of the Kemp 360 Central user.
lm_address str		The IP address of the LoadMaster that is attached to Kemp 360 Central.
lm_port int		The port of the LoadMaster IP address.
zone str		Specify the zone name.
source_of_authority str		The response set for Source of Authority requests.
soa_email str		Email address of the person responsible for the zone and to which email may be sent to report errors or problems. This is the email address of a suitable DNS administrator but more commonly the technical contact for the domain.
name_server str		Set the response sent for Name Server requests.
ttl int		Set the Time To Live (TTL) (in seconds).
persist int		This corresponds with the Stickiness WUI field. This determines how long (in seconds) a specific response will be returned to a host.
check_interval int		Set how often (in seconds) that devices will be checked.
conn_timeout int		Set the timeout (in seconds) for the check request.
retry_attempts int		Set the number of times the check will be retried before the device is marked as failed Range: 2-10
ip_range list		The IP range data to be added. This must include the CIDR number per IP range.
latitude str		Latitude data to be added to the IP range.
longtitude str		Longtitude data to be added to the IP range.
country_code str		Country code data to be added to the IP range.
custom_location str		Custom location data to be added to the IP range.
white_list list		White list of allowed IP ranges.
algorithm str	Choices: RSASHA256 NSEC3RSASHA1 NSEC3RSASHA1	The algorithm to be used in DNS.
key_size int	Choices: 1024 2048 4096	The key size to be used in DNS.
dns_enable int	Choices: 0: Disabled 1: Enabled	Enable or disable DNS in GEO.
geo_clients list		Set the addresses of the GEO LoadMasters which can retrieve service status information from the LoadMaster.
geo_partners list		Set the IP address of the GEO LoadMaster partner(s). These GEO LoadMasters will keep their DNS configurations in sync.
geo_ssh_port int		The port over which GEO LoadMasters will communicate with each other.
geo_ssh_interface int		Specify the ID of the GEO interface in which the SSH partner tunnel is created, for example, setting this to 0 means the interface eth0.

13.3 Examples

- name: Add FQDN to LoadMaster
  hosts: localhost

  vars:
	central_address: '10.35.53.100'
	lm_address: '10.35.53.101'
	lm_port: 443
	username: 'admin'
	api_key: '699129a26ace3fcd34466a4cc'

	tasks:
	- name: Add FQDN to LoadMaster
	  geo_fqdn:
		lm_address: '{{ lm_address }}'
		lm_port '{{ lm_port }}'
		central_address: '{{ central_address }}'
		central_username: '{{ username }}'
		central_api_key: '{{ api_key }}'
		geo_clients: ['10.35.53.200']
		geo_partners: ['10.35.53.220']
		geo_ssh_port: 22

13.4 Return Values

The following are the fields unique to this module:

Key	Returned	Description
message str	always	The message response indicating whether the miscellaneous data was updated. Sample: Successfully updated MISC Parameters
changed bool	always	A Boolean to indicate whether changes were made during the task. Sample: true
msg str	when task fails	The error message relating to why the task failed. Sample: Could not update MISC, ...

13.5 Status

This module is maintained by Kemp Technologies.

14 Upload a Certificate and Key on a LoadMaster

14.1 Synopsis

This module uploads a certificate and key to a LoadMaster. A certificate and key must be in the same file being uploaded. A certificate upload must be defined in your playbook before being assigned to a Virtual Service.

14.2 Parameters

Parameter	Choices/ Defaults	Comments
api_key str/required		The API key for the user of the Kemp 360 Central machine.
central_address str/required		The IP address of the Kemp 360 Central that the LoadMaster is added to.
cert_name str/required		The name of the identifier of the cert to upload or replace.
cert_file str/required		Path to the file where the key and cert are stored. This must have both key and cert in the same file.
replace int/required	Choices: 0 1	A Boolean to upload the cert to replace the current cert.
username int/required		The Kemp 360 Central username.
intermediate int	Choices: 0 (default) 1	A Boolean to specify if the cert is an intermediate or not.

14.3 Example

 - name: Upload a certificate to the LoadMaster
   hosts: localhost
				
   vars:
    central_address: '10.35.39.21'
    lm_address: '10.35.39.20:443'
    username: 'admin'
    api_key: '699129a26ace3fcd34466a4cc'
				
   tasks: 
   - name: Upload a certificate to the LoadMaster
      cert_management:
       lm_address: '{{ lm_address }}'
       central_address: '{{ central_address }}'
       cert_name: 'cert'
       cert_file: '/path/to/cert/test.pem'
       replace: 0
       username: '{{ username }}'
       api_key: '{{ api_key }}'

14.4 Return Values

Common return values are documented here; the following are the fields unique to this module:

Key	Returned	Description
message str	always	The message response indicating whether the certificate was uploaded. Sample: Certificate uploaded to LoadMaster
changed bool	always	A Boolean to indicate whether changes were made during the task true
msg str	when task failed	The error message related to why the task failed. Sample: Could not add Certificate to LM - Command Failed: Certificate Identifier already exists

14.5 Status

This module is maintained by Kemp Technologies.

15 Add or Modify a Header Rule

15.1 Synopsis

This module adds or modifies addHeaderRules on a LoadMaster. The minimum supported LoadMaster firmware version is 7.2.47.0. Rules must be defined in your playbook before being assigned to Virtual Services, SubVSs, and Real Servers.

15.2 Parameters

Parameter	Choices/ Defaults	Comments
lm_address str/required		The IP address and port of the LoadMaster. The format is 'ip:port'.
central_address str/required		The IP address of the Kemp 360 Central that the LoadMaster is added to.
username str/required		The Kemp 360 Central username.
api_key str/required		The API key for the user of the Kemp 360 Central machine.
name str/required		The name of the AddHeaderRule.
header str/required		The name of the header field to be added.
replacement str/required		The replacement string. You can enter a maximum of 255 characters in this parameter.
only_on_flag int		Range: 1-9. Only try to execute this rule if the specified flag is set. Using the only_on_flag and set_on_match parameters, it is possible to make rules dependent on each other, that is, only execute a particular rule if another rule has been successfully matched.

15.3 Examples

- name: Create AddHeaderRule
  hosts: localhost
				
  vars:
   central_address: '10.35.39.21'
   lm_address: '10.35.39.20:443'
   username: 'admin'
   api_key:'699129a26ace3fcd34466a4cc'
				
  tasks:
- name: Create AddHeaderRule
  add_header_rule:
    lm_address: '{{ lm_address }}'
    central_address: '{{ central_address }}'
    username: '{{ username }}'
    api_key: '{{ api_key }}'
    name: 'addHeaderRule1'
    header: 'name'
    replacement: 'username'

15.4 Return Values

The following are the fields unique to this module:

Key	Returned	Description
message str	always	The message response indicating whether the task created or modified the rule. Sample: AddHeaderRule with name addHeaderRule1 was created successfully
changed bool	always	A Boolean to indicate whether changes were made during the task Sample: true
dataChanged str	when changed is true	The parameters that were changed during the task. Sample: {"Header": "name","HeaderValue": "username","Name": "addHeaderRule1"}
msg str	when task failed	The error message related to why the task failed. Sample: The minimum supported LoadMaster firmware version is 7.2.47.0.

15.5 Status

This module is maintained by Kemp Technologies.

16 Delete Header Rule

16.1 Synopsis

This module adds or modifies a deleteHeaderRule on a LoadMaster. The minimum supported LoadMaster firmware version is 7.2.47.0. Rules must be defined in your playbook before being assigned to Virtual Services, SubVS, and Real Servers.

16.2 Parameters

Parameter	Choices/ Defaults	Comments
lm_address str/required		The IP address and port of the LoadMaster. The format is 'ip:port'.
central_address str/required		The IP address of the Kemp 360 Central that the LoadMaster is added to.
username str/required		The Kemp 360 Central username.
api_key str/required		The API key for the user of the Kemp 360 Central machine.
name str/required		The name of the DeleteHeaderRule.
pattern str		The pattern to be matched.
only_on_flag int		Range: 1-9. Only try to execute this rule if the specified flag is set. Using the only_on_flag and set_on_match parameters, it is possible to make rules dependent on each other, that is, only execute a particular rule if another rule has been successfully matched.

16.3 Examples

- name: Create DeleteHeaderRule
  hosts localhost
				
  vars:
    central_address: '10.35.39.21'
    lm_address: '10.35.39.20:443'
    username: 'admin'
    api_key: '699129a26ace983fcd34466a4cc'

  tasks:
  - name: Create DeleteHeaderRule
    delete_header_rule:
         lm_address: '{{ lm_address }}'
         central_address: '{{ central_address }}'
         username: '{{ username }}'
         api_key: '{{ api_key }}'
         name: 'deleteHeaderRule1'
         pattern: '^((http[s]?|ftl):\/)$'

16.4 Return Values

The following are the fields unique to this module:

Key	Returned	Description
message str	always	The message response indicating whether the task created or modified the rule. Sample: DeleteHeaderRule with name deleteHeaderRule1 was created successfully
changed bool	always	A Boolean to indicate whether changes were made during the task Sample: true
dataChanged str	when changed is true	The parameters that were changed during the task. Sample: {"Name": "deleteHeaderRule1", "Pattern": "^((http[s]?\|ftl):\\/)$"}
msg str	when task failed	The error message related to why the task failed. Sample: The minimum supported LoadMaster firmware version is 7.2.47.0.

16.5 Status

This module is maintained by Kemp Technologies.

17 Replace Body Rule

17.1 Synopsis

This module adds or modifies a replaceBodyRule on a LoadMaster. The minimum supported LoadMaster firmware version is 7.2.47.0. Rules must be defined in your playbook before being assigned to Virtual Services, SubVS, and Real Servers.

17.2 Parameters

Parameter	Choices/ Defaults	Comments
lm_address str/required		The IP address of the LoadMaster.
lm_port str		The port of the LoadMaster.
central_address str/required		The IP address of the Kemp 360 Central that the LoadMaster is added to.
username str/required		The Kemp 360 Central username.
api_key str/required		The API key for the user of the Kemp 360 Central machine.
name str/required		The name of the ReplaceBodyRule.
replacement str/required		The replacement string.
pattern str		The pattern to be matched.
only_on_flag int		Range: 1-9. Only try to execute this rule if the specified flag is set. Using the only_on_flag and set_on_match parameters, it is possible to make rules dependent on each other, that is, only execute a particular rule if another rule has been successfully matched.
case_independent int	Choices: 0: Disabled 1: Enabled	Enable this parameter to ignore the case of the strings when comparing.

17.3 Examples

 - name: Create ReplaceBodyRule
   hosts: localhost
				
   vars:
    central_address: '10.35.39.21'
    lm_address: '10.35.39.20:443'
    username: 'admin'
    api_key: '699129a26acd34466a4cc'
				
   tasks:
   - name: Create ReplaceBodyRule
     replace_body_rule:
         lm_address: '{{ lm_address }}'
         central_address: '{{ central_address }}'
         username: '{{ username }}'
         api_key: '{{ api_key }}'
         name: 'replaceBodyRule1'
         case_independent: 1
         replacement: 'username'
         pattern: '^((http[s]?|ftl):\/)$'

17.4 Return Values

The following are the fields unique to this module:

Key	Returned	Description
message str	always	The message response indicating whether the task created or modified the rule. Sample: ReplaceBodyRule with name replaceBodyRule1 was created successfully
changed bool	always	A Boolean to indicate whether changes were made during the task Sample: true
dataChanged str	when changed is true	The parameters that were changed during the task. Sample: {"CaseIndependent": "N","Name": "replaceBodyRule1","Pattern": "^((http[s]?\|ftl):\\/)$","Replacement": "username"}
msg str	when task failed	The error message related to why the task failed. Sample: The minimum supported LoadMaster firmware version is 7.2.47.0.

17.5 Status

This module is maintained by Kemp Technologies.

18 Replace Header Rule

18.1 Synopsis

This module adds or modifies a replaceHeaderRule to a LoadMaster. The minimum supported LoadMaster firmware version is 7.2.47.0. Rules must be defined in your playbook before being assigned to Virtual Services, SubVS, and Real Servers.

18.2 Parameters

Parameter	Choices/Defaults	Comments
lm_address str/required		The IP address of the LoadMaster.
lm_port str		The port of the LoadMaster.
central_address str/required		The IP address of the Kemp 360 Central that the LoadMaster is added to.
username str/required		The Kemp 360 Central username.
api_key str/required		The API key for the user of the Kemp 360 Central machine.
name str/required		The name of the ReplaceHeaderRule.
header str		The header field name where the substitution should be performed.
replacement str/required		The replacement string.
pattern str		The pattern to be matched.
only_on_flag int		Range: 1-9. Only try to execute this rule if the specified flag is set. Using the only_on_flag and set_on_match parameters, it is possible to make rules dependent on each other, that is, only execute a particular rule if another rule has been successfully matched.

18.3 Examples

- name: Create ReplaceHeaderRule
  hosts: localhost
  vars:
   central_address: '10.35.39.21'
   lm_address: '10.35.39.20:443'
   username: 'admin'
   api_key: '699129a26ace406fd65ee30a6983fcd34466a4cc'
				
  tasks:
  - name: Create ReplaceHeaderRule 
    replace_header_rule:
        lm_address: '{{ lm_address }}'
        central_address: '{{ central_address }}'
        username: '{{ username }}'
        api_key: '{{ api_key }}'
        name: 'replaceHeaderRule1'
        header: 'name'
        replacement: 'username'
        pattern: '^((http[s]?|ftl):\/)$'

18.4 Return Values

The following are the fields unique to this module:

Key	Returned	Description
message str	always	The message response indicating whether the task created or modified the rule. Sample: ReplaceHeaderRule with name replaceHeaderRule1 was created successfully
changed bool	always	A Boolean to indicate whether changes were made during the task Sample: true
dataChanged str	when changed is true	The parameters that were changed during the task. Sample: {"Header": "name","Name": "replaceHeaderRule1", "Pattern": "^((http[s]?\|ftl):\\/)$",Replacement": "username"}
msg str	when task failed	The error message related to why the task failed. Sample: The minimum supported LoadMaster firmware version is 7.2.47.0.

18.5 Status

This module is maintained by Kemp Technologies.

19 Match Content Rule

19.1 Synopsis

This module adds or modifies a matchContentRule on a LoadMaster. The minimum supported LoadMaster firmware version is 7.2.47.0. Rules must be defined in your playbook before being assigned to Virtual Services, SubVS, and Real Servers.

19.2 Parameters

Parameter	Choices/Defaults	Comments
lm_address str/required		The IP address and port of the LoadMaster. The format is 'ip:port'.
central_address str/required		The IP address of the Kemp 360 Central that the LoadMaster is added to.
username str/required		The Kemp 360 Central username.
api_key str/required		The API key for the user of the Kemp 360 Central machine.
name str/required		The name of the MatchContentRule.
match_type str/required	Choices: regex prefix postfix	The name of the MatchContentRule.
include_host str		Prepend the hostname to request URI before performing the match.
ignore_case str		Ignore case when comparing the strings.
negate_match str		Ignore case when comparing the strings.
include_query str		Append the query string to the URI before performing a match.
header str/required		The header field name that should be matched. If no header field is set, the default is to match in the URL. Set this to body to match on the body of a request.
pattern str/required		The pattern to be matched.
set_on_match int		If the rule is successfully matched, set the specified flag. Accepted values: 0-9.
only_on_flag int		Range: 1-9. Only try to execute this rule if the specified flag is set. Using the only_on_flag and set_on_match parameters, it is possible to make rules dependent on each other, that is, only execute a particular rule if another rule has been successfully matched.
must_fail int	Choices: 0: Disabled 1: Enabled	If this rule is matched, then always fail to connect.

19.3 Examples

- name: Create ModifyURLRule
   hosts: localhost
				
   vars:   
     central_address: '10.35.39.21'
     lm_address: '10.35.39.20:443'
     username: 'admin'
     api_key: '699129a26acecd34466a4cc'
				
   tasks:
    - name: Create ModifyURLRule
      match_content_rule:
      lm_address: '{{ lm_address }}'
      central_address: '{{ central_address }}'
      username: '{{ username }}'
      api_key: '{{ api_key }}'
      name: 'matchContentRule1'
      match_type: 'regex'
      include_host: 'Y'
      ignore_case: 'Y'
      include_query: 'Y'
      header:'username' 
      pattern: '^((http[s]?|ftl):\/)$'

19.4 Return Values

The following are the fields unique to this module:

Key

Returned

Description

message

str

always

The message response indicating whether the task created or modified the rule.

Sample:

MatchContentRule with name matchContentRule1 was created successfully

changed

bool

always

A Boolean to indicate whether changes were made during the task

Sample:

true

dataChanged

str

when changed is true

The parameters that were changed during the task.

Sample:

{"CaseIndependent": "Y","Header": "username","MatchType": "Regex","Name": "matchContentRule1","Pattern": "^((http[s]?|ftl):\\/)$"}

msg

str

when task failed

The error message related to why the task failed.

Sample:

The minimum supported LoadMaster firmware version is 7.2.47.0.

19.5 Status

This module is maintained by Kemp Technologies.

20 Add or Modify a modifyURLRule on a LoadMaster

20.1 Synopsis

This module adds or modifies a modifyURLRule on a LoadMaster. The minimum supported LoadMaster firmware version is 7.2.47.0. Rules must be defined in your playbook before being assigned to Virtual Services, SubVS, and Real Servers.

20.2 Parameters

Parameter	Choices/Defaults	Comments
lm_address str/required		The IP address of the LoadMaster.
lm_port str		The port of the LoadMaster.
central_address str/required		The IP address of the Kemp 360 Central that the LoadMaster is added to.
username str/required		The Kemp 360 Central username.
api_key str/required		The API key for the user of the Kemp 360 Central machine.
name str/required		The name of the ModifyURLRule.
replacement str/required		How the URL is to be modified.
pattern str		The pattern to be matched.
only_on_flag int		Range: 1-9. Only try to execute this rule if the specified flag is set. Using the only_on_flag and set_on_match parameters, it is possible to make rules dependent on each other, that is, only execute a particular rule if another rule has been successfully matched.

20.3 Examples

- name: Create ModifyURLRule
  hosts: localhost

  vars:
    central_address: '10.35.39.21'
    lm_address: '10.35.39.20:443'
    username: admin
    api_key: '699129a26accd34466a4cc'
					
  tasks:
   - name: Create ModifyURLRule
     modify_url_rule:
      lm_address:'{{ lm_address }}'
      central_address: '{{ central_address }}'
      username: '{{ username }}'
      api_key:'{{ api_key }}'
      name: 'ModifyURLRule1'
      replacement: 'username'
      pattern: '^((http[s]?|ftl):\/)$'

20.4 Return Values

The following are the fields unique to this module:

Key	Returned	Description
message str	always	The message response indicating whether the task created or modified the rule. Sample: ModifyURLRule with name ModifyURLRule1 was created successfully
changed bool	always	A Boolean to indicate whether changes were made during the task Sample: true
dataChanged str	when changed is true	The parameters that were changed during the task. Sample: {"Name": "ModifyURLRule1","Pattern": "^((http[s]?\|ftl):\\/)$","Replacement": "username"}
msg str	when task failed	The error message related to why the task failed. Sample: The minimum supported LoadMaster firmware version is 7.2.47.0.

20.5 Status

This module is maintained by Kemp Technologies.

21 Update Global Parameters

21.1 Synopsis

Module to update global parameters such as black list updates, WAF updates, and non-local Real Server.

21.2 Parameters

Parameter	Choices /Defaults	Comments
central_api_key str		The API key for the user of the Kemp 360 Central machine.
central_address str		The Kemp 360 Central IP address.
central_username str		The username of the Kemp 360 Central user.
lm_address str		The IP address of the LoadMaster that is attached to Kemp 360 Central.
lm_port int		The port of the LoadMaster.
non-local_rs int	Choices: 0: Disabled 1: Enabled	Enable non-local Real Servers on the LoadMaster.
black_list_auto_update int	Choices: 0: Disabled 1: Enabled	Enable or disable the blacklist auto-update setting.
black_list_auto_install int	Choices: 0: Disabled 1: Enabled	Enable or disable the blacklist auto-install setting.
black_list_install_time int		The hour of the day to install the blacklist updates.
waf_auto_update int	Choices: 0: Disabled 1: Enabled	Enable or disable the WAF auto-update setting.
waf_auto_install int	Choices: 0: Disabled 1: Enabled	Enable or disable the WAF auto-install setting.
waf_install_time int		The hour of the day to install the WAF updates.

21.3 Examples

- name: Configure LoadMaster Global Parameters
  hosts: localhost

  vars:
	central_address: '10.35.53.5'
	central_username: 'Admin'
	central_api_key: 'apikey'
	lm_address: '10.35.53.6'
	lm_port: '443'

  tasks:
	- name: Turn on some global settings
	  global_params:
		central_address: '{{ central_address }}'
		central_username: '{{ central_username }}'
		central_api_key: '{{ central_api_key }}'
		lm_address: '{{ lm_address }}'
		lm_port: '{{ lm_port }}'
		non_local_rs: 1
		black_list_auto_update: 1
		black_list_auto_install: 1
		black_list_install_time: 10
		waf_auto_update: 1
		waf_auto_install: 1
		waf_install_time: 8

21.4 Return Values

The following are the fields unique to this module:

Key	Returned	Description
message str	always	The message response indicating whether the global data was updated. Sample: Successfully updated Global Parameters
changed bool	always	A Boolean to indicate whether changes were made during the task. Sample: true
msg str	when task fails	The error message relating to why the task failed. Sample: Global setting(s) could not be set, ...

21.5 Status

This module is maintained by Kemp Technologies.

22 Appendix

To install Ansible, refer to the Ansible Quick Start Guide at https://docs.ansible.com/ansible/latest/user_guide/quickstart.html.

Last Updated Date

This document was last updated on 28 August 2020.

Download PDF File