fwebos_server_pool.py – Config FortiWeb server objects Server Pool¶
New in version 1.0.1.
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.11
Parameters¶
- body Possible parameters to go in the body for the request required: True
- name name type:string maxLength:63
- type server pool type type:string choice: reverse-proxy, offline-protection, transparent-servers-for-tp, transparent-servers-for-ti, transparent-servers-for-wccp,
- protocol protocol type:string choice: HTTP, FTP, ADFSPIP, TCPPROXY,
- server-balance switch server balance type:string choice: enable, disable,
- health health check type:string
- hlck-sip Source IP address for TTP health check type:string
- hlck-sip6 Source IPv6 address for TTP health check type:string
- lb-algo load balance algo type:string choice: round-robin, weighted-round-robin, least-connections, uri-hash, full-uri-hash, host-hash, host-domain-hash, src-ip-hash,
- persistence persistence policy type:string
- comment comment type:string maxLength:199
- server-pool-id server pool id type:string
- http-reuse reuse fd connect to server type:string choice: never, safe, aggressive, always,
- reuse-conn-total-time max times value(unit: second) type:integer maximum:1000 minimum:1
- reuse-conn-idle-time max times value(unit: second) type:integer maximum:1000 minimum:1
- reuse-conn-max-request max requset/response times type:integer maximum:1000 minimum:1
- reuse-conn-max-count max connection number type:integer maximum:1000 minimum:1
- adfs-server-name adfs server name, only for ADFSPIP type:string maxLength:255
- pserver-list pserver list type:array
- id name of pserver list
- server-type server type
- ip ip address
- domain domain name
- adfs-username adfs username for registry, only for ADFSPIP
- adfs-password adfs password for registry, only for ADFSPIP
- sdn-addr-type Type of addresses to collect.
- sdn sdn connector
- filter Match criteria filter.
- port server port
- weight weight
- status status
- server-id server id
- backup-server backup-server
- proxy-protocol pserver proxy protocol switch
- proxy-protocol-version pserver proxy protocol version
- ssl ssl
- implicit_ssl implicit ssl switch, only use for ftp
- ssl-quiet-shutdown enable/disable SSL quiet Shutdown
- ssl-session-timeout ssl session timeout setting, default value 7200s, range (1, 14400)
- server-side-sni enable/disable SNI transparent
- multi-certificate enable multi certificate
- certificate certificate
- certificate-group multi certificate group
- certificate-type enable letsencrypt certificate
- lets-certificate letsencrypt certificate
- intermediate-certificate-group intermediate-certificate-group
- certificate-verify certificate-verify
- client-certificate-proxy client certificate proxyd enable/disable, Must be set certificate-verify
- client-certificate-proxy-sign-ca client certificate proxy sign ca, Must be set certificate-verify
- client-certificate client-certificate
- server-certificate-verify enable/disable server certificate verify
- server-certificate-verify-policy server certificate verify
- server-certificate-verify-action action for server certificate verify
- session-ticket-reuse enable/disable session ticket reuse
- session-id-reuse enable/disable session id reuse
- sni SNI status
- sni-certificate SNI certificate
- sni-strict SNI strict mode
- urlcert URL based client certificate
- urlcert-group URL based client certificate group
- urlcert-hlen URL based client certificate max http request length if matched(16-10240K)
- use-ciphers-group use SSL ciphers group or not
- ssl-ciphers-group SSL ciphers group
- tls-v10 TLS 1.0 protocol status
- tls-v11 TLS 1.1 protocol status
- tls-v12 TLS 1.2 protocol status
- tls-v13 TLS 1.3 protocol status
- ssl-noreg SSL no renegotiate
- ssl-cipher SSL cipher-suite
- ssl-custom-cipher SSL custom cipher-suite
- tls13-custom-cipher TLSv1.3 custom cipher-suite
- hsts-header hsts header support
- hsts-max-age hsts max age value
- hsts-include-subdomains hsts include subdomains support
- hsts-preload hsts preload support
- hpkp-header hpkp header support
- client-certificate-forwarding client certificate forwarding
- client-certificate-forwarding-sub-header custom header of client certificate forwarding subject
- client-certificate-forwarding-cert-header custom header of client certificate forwarding certificate
- health-check-inherit inherit serverpool's health check
- health health check
- conn-limit set connection limit
- recover seconds to postpone forwarding traffic after downtime
- warm-up how long to forward traffic at a lesser rate
- warm-rate maximum connection rate while the server is starting up
- http2 http2 enable/disable
- hlck-domain health check domain name
- mkey If present, objects will be filtered on property with this name type:string
- vdom Specify the Virtual Domain(s) from which results are returned or changes are applied to. If this parameter is not provided, the management VDOM will be used. If the admin does not have access to the VDOM, a permission error will be returned. The URL parameter is one of: vdom=root (Single VDOM) vdom=vdom1,vdom2 (Multiple VDOMs) vdom=* (All VDOMs) type:array
- clone_mkey Use *clone_mkey* to specify the ID for the new resource to be cloned. If *clone_mkey* is set, *mkey* must be provided which is cloned from. type:string
Examples¶
- name:
hosts: all
vars:
connection: httpapi
gather_facts: false
tasks:
- name: delete server pool
fwebos_server_pool:
action: delete
vdom: root
name: test
- name: Create server pool
fwebos_server_pool:
action: add
vdom: root
name: test
type: reverse-proxy
server_balance: enable
lb_algo: round-robin
comment: test111
health: HLTHCK_ICMP
persistence: test
reuse_conn_total_time: 100
reuse_conn_max_request: 100
reuse_conn_max_count: 100
- name: edit server pool
fwebos_server_pool:
action: edit
vdom: root
name: test
type: reverse-proxy
server_balance: enable
lb_algo: round-robin
comment: test111
health: HLTHCK_ICMP
persistence: test
reuse_conn_total_time: 100
reuse_conn_idle_time: 20
reuse_conn_max_request: 100
reuse_conn_max_count: 100
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- 200 : OK: Request returns successful
- 400 : Bad Request: Request cannot be processed by the API
- 401 : Not Authorized: Request without successful login session
- 403 : Forbidden: Request is missing CSRF token or administrator is missing access profile permissions.
- 404 : Resource Not Found: Unable to find the specified resource.
- 405 : Method Not Allowed: Specified HTTP method is not allowed for this resource.
- 413 : Request Entity Too Large: Request cannot be processed due to large entity
- 424 : Failed Dependency: Fail dependency can be duplicate resource, missing required parameter, missing required attribute, invalid attribute value
- 429 : Access temporarily blocked: Maximum failed authentications reached. The offended source is temporarily blocked for certain amount of time.
- 500 : Internal Server Error: Internal error when processing the request
For errorcode please check FortiWeb API errorcode at : https://documenter.getpostman.com/view/11233300/TVetbkaK#887b9eb4-7c13-4338-a8db-16cc117f0119