Manual Chapter : Secure Password Policy Enforcement on F5 Modules for Ansible

Applies To:

Show Versions Show Versions

BIG-IP LTM

  • 16.0.0, 15.1.0, 15.0.1, 15.0.0, 14.1.2, 14.1.0, 14.0.1, 14.0.0
Manual Chapter

Secure Password Policy Enforcement on F5 Modules for Ansible

F5 Modules for Ansible use basic auth to communicate with the BIG-IP over HTTPS, so when password policy is enforced with
config reset
, Ansible will not be able to reach the BIG-IP until you update the password of your host in the inventory file. If you do not change the inventory password, your task will fail because it cannot authenticate.
The following code is an example of resetting the system configuration:
# config reset task - name: Reset the BIG-IP bigip_config: reset: yes save: True delegate_to: localhost
After config reset, you must immediately set the inventory password to match the new admin password. For example:
- name: Reset the BIG-IP - name: After reset, configure the expired admin password uri: url: "https://{{ inventory_hostname }}/mgmt/shared/authz/users/admin” method: PATCH body: '{"oldPassword":"admin","password":"{{ bigip_password }}"}’ body_format: json validate_certs: no force_basic_auth: yes user: admin password: admin headers: Content-Type: "application/json” delegate_to: localhost
The root password is automatically changed to the admin password if it was previously unchanged, so you will also need to update the root password to match the inventory password that Ansible expects.
- name: Last part of config reset - configure the root password bigip_user: full_name: root username_credential: root password_credential: "{{ bigip_password }}” update_password: always delegate_to: localhost