{"id":20329706,"url":"https://github.com/f5devcentral/f5-puppet","last_synced_at":"2025-04-11T21:01:02.823Z","repository":{"id":48648222,"uuid":"99969210","full_name":"f5devcentral/f5-puppet","owner":"f5devcentral","description":"Puppet modules for F5 BIG-IP","archived":false,"fork":false,"pushed_at":"2021-07-15T23:05:12.000Z","size":1384,"stargazers_count":13,"open_issues_count":41,"forks_count":27,"subscribers_count":11,"default_branch":"master","last_synced_at":"2025-03-25T16:55:34.797Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"","language":"Ruby","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/f5devcentral.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2017-08-10T22:19:47.000Z","updated_at":"2023-12-15T21:44:22.000Z","dependencies_parsed_at":"2022-09-10T08:41:02.022Z","dependency_job_id":null,"html_url":"https://github.com/f5devcentral/f5-puppet","commit_stats":null,"previous_names":[],"tags_count":18,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/f5devcentral%2Ff5-puppet","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/f5devcentral%2Ff5-puppet/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/f5devcentral%2Ff5-puppet/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/f5devcentral%2Ff5-puppet/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/f5devcentral","download_url":"https://codeload.github.com/f5devcentral/f5-puppet/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248097460,"owners_count":21047246,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-11-14T20:13:01.403Z","updated_at":"2025-04-11T21:01:02.428Z","avatar_url":"https://github.com/f5devcentral.png","language":"Ruby","funding_links":[],"categories":[],"sub_categories":[],"readme":"# f5\n\n#### Table of Contents\n\n1. [Overview](#overview)\n2. [Warning](#warning)\n3. [Module Description - What the module does and why it is useful](#module-description)\n4. [Setup - The basics of getting started with f5](#setup)\n    * [Beginning with f5](#beginning-with-f5)\n5. [Usage - Configuration options and additional functionality](#usage)\n\t* [Set up two load-balanced web servers](#set-up-two-load-balanced-web-servers)\n\t* [Tips and Tricks](#tips-and-tricks)\n6. [Reference - An under-the-hood peek at what the module is doing and how](#reference)\n7. [Limitations - OS compatibility, etc.](#limitations)\n8. [Development - Guide for contributing to the module](#development)\n9. [Support](#support)\n\n## Overview\n\nThe f5 module enables Puppet management of LTM F5 load balancers by providing types and REST-based providers.  The Puppet, Inc. versions (\u003c= v1.5.4) of this module are no longer in development.  That module has been merged with the development efforts of F5.  Starting with v1.6.0, BIG-IP module development will be handled by F5.\n\n## Warning\n\nPer the information in the [Overview](#overview), this module cannot be used in conjunction with the former, deprecated module under the namespace of [puppetlabs/f5](https://forge.puppet.com/puppetlabs/f5).  The [puppetlabs/f5](https://forge.puppet.com/puppetlabs/f5) module must be removed before you installing this module.  This is recommended as this module will be the only actively maintained module in the future.\n\n## Module Description\n\nThis module uses REST to manage various aspects of F5 load balancers, and acts\nas a foundation for building higher level abstractions within Puppet.\n\nThe module allows you to manage nodes, pools, applications, and application service, in order to manage much of your F5 configuration through Puppet.\n\n## Setup\n\n### Beginning with f5\n\nBefore you can use the f5 module, you must create a proxy system able to run `puppet device`. Your Puppet agent will serve as the \"proxy system\" for the `puppet device` subcommand.\n\nCreate a device.conf file in the Puppet conf directory (either /etc/puppet or /etc/puppetlabs/puppet) on the Puppet agent. Within your device.conf, you must have:\n\n~~~\n[bigip]\ntype f5\nurl https://\u003cUSERNAME\u003e:\u003cPASSWORD\u003e@\u003cIP ADDRESS OF BIGIP\u003e/\n~~~\n\nIn the above example, `\u003cUSERNAME\u003e` and `\u003cPASSWORD\u003e` refer to Puppet's login for the device.\n\nAdditionally, you must install the faraday gem into the Puppet Ruby environment on the proxy host (Puppet agent) by declaring the `f5` class on that host. If you do not install the faraday gem, the module will not work.\n\n## Usage example\n\n### Set up two load-balanced web servers.\n\n#### Before you begin\n\nThis example assumes the following pre-existing infrastructure:\n\n1. A server running as a Puppet master.\n2. A Puppet agent running as a proxy or controller to the f5 device.\n3. A f5 device that has been registered with the Puppet master via the proxy or controller.\n\nThe F5 device contains a management VLAN, a client VLAN to contain the virtual server, and a server VLAN to connect to the two web servers the module sets up.\n\nTo load balance requests between 2 webservers using the BIG-IP, you must know the following information about your systems:\n\n1. The IP addresses of both of the web servers;\n2. The names of the nodes each web server will be on;\n3. The ports the web servers are listening on; and\n4. The IP address of the virtual server.\n\n### Steps\n\n1.  Classify the f5 device with the required resource types.\n2.  Apply classification to the device from the proxy or controller by running `puppet device -v --user=root`.\n\nSee below for the detailed steps.\n\n#### Step One: Classifying your servers\n\nIn your site.pp, `\u003cdevicecertname\u003e.pp` node manifest, or a `profiles::\u003cprofile_name\u003e` manifest file, enter the below code in the relevant class statement or node declaration:\n\n~~~puppet\n  f5_node { '/Common/WWW_Server_1':\n    ensure                   =\u003e 'present',\n    address                  =\u003e '172.16.226.10',\n    description              =\u003e 'WWW Server 1',\n    availability_requirement =\u003e 'all',\n    health_monitors          =\u003e ['/Common/icmp'],\n  }\n  f5_node { '/Common/WWW_Server_2':\n    ensure                   =\u003e 'present',\n    address                  =\u003e '172.16.226.11',\n    description              =\u003e 'WWW Server 2',\n    availability_requirement =\u003e 'all',\n    health_monitors          =\u003e ['/Common/icmp'],\n  }\n  f5_pool { '/Common/puppet_pool':\n    ensure                    =\u003e 'present',\n    members                   =\u003e [\n      { name =\u003e '/Common/WWW_Server_1', port =\u003e '80', },\n      { name =\u003e '/Common/WWW_Server_2', port =\u003e '80', },\n    ],\n    availability_requirement  =\u003e 'all',\n    health_monitors           =\u003e ['/Common/http_head_f5'],\n    require                   =\u003e [\n      F5_node['/Common/WWW_Server_1'],\n      F5_node['/Common/WWW_Server_2'],\n    ],\n  }\n  f5_virtualserver { '/Common/puppet_vs':\n    ensure                     =\u003e 'present',\n    provider                   =\u003e 'standard',\n    default_pool               =\u003e '/Common/puppet_pool',\n    destination_address        =\u003e '192.168.80.100',\n    destination_mask           =\u003e '255.255.255.255',\n    http_profile               =\u003e '/Common/http',\n    service_port               =\u003e '80',\n    protocol                   =\u003e 'tcp',\n    source_address_translation =\u003e 'automap',\n    source                     =\u003e '0.0.0.0/0',\n    vlan_and_tunnel_traffic    =\u003e {'enabled' =\u003e ['/Common/Client']},\n    require                    =\u003e F5_pool['/Common/puppet_pool'],\n  }\n~~~\n\n**The order of your resources is extremely important.** You must first establish your two web servers. In the code above, they are `f5_node { '/Common/WWW_Server_1'...` and `f5_node { '/Common/WWW_Server_2'...`. Each has the minimum number of parameters possible and is set up with a health monitor that pings each server directly to make sure it is still responsive.\n\nNext, establish the pool of servers. The pool is also set up with the minimum number of parameters. The health monitor for the pool runs an https request to see that a webpage is returned.\n\nFinally, the virtual server brings your setup together. Your virtual server **must** have a `provider` assigned.\n\nIf you're using a profile, remember to apply the profile to the node with either the console, your ENC, or site.pp.\n\n#### Step Two: Run puppet device\n\nRun the following command to have the device proxy node generate a certificate and apply your classifications to the F5 device.\n\n~~~\n$ puppet device -v --user=root\n~~~\n\nIf you do not run this command, clients can not make requests to the web servers.\n\nAt this point, your basic web servers should be up and fielding requests.\n\n(Note: Due to [a bug](https://tickets.puppetlabs.com/browse/PUP-1391), passing `--user=root` is required, even though the command is already run as root.)\n\n### Tips and Tricks\n\n#### Basic usage\n\nOnce you've established a basic configuration, you can explore the providers and their allowed options by running `puppet resource \u003cTYPENAME\u003e` for each type. (**Note:** You must have your authentification credentials in `FACTER_url` within your command, or `puppet resource` will not work.) This provides a starting point for seeing what's already on your F5. If anything failed to set up properly, it will not show up when you run the command.\n\nTo begin with, call the types from the proxy system.\n\n~~~\n$ FACTER_url=https://\u003cUSERNAME\u003e:\u003cPASSWORD\u003e@\u003cIP ADDRESS OF BIGIP\u003e puppet resource f5_node\n~~~\n\nTo manage the device (create, modify, or remove resources), classify the bigip\njust as you would classify any other Puppet node (site.pp, ENC,\nConsole, etc.), using the device certname specified in device.conf.\nThen run `puppet device -v` on the proxy node as you would normally use the\n`puppet agent` command.\n\n#### Role and profiles\n\nThe [above example](#set-up-two-load-balanced-web-servers) is for setting up a simple configuration of two web servers. However, for anything more complicated, use the roles and profiles pattern when classifying nodes or devices for F5.\n\n#### Custom HTTP monitors\n\nIf you have a '/Common/http_monitor' (which is available by default), then when you are creating a '/Common/custom_http_monitor' you can use just `parent_monitor =\u003e '/Common/http'`, so that you don't have to duplicate all values.\n\n## Reference\n\n#### Notes\n\n* The defaults for any given type's parameters are determined by your F5, which varies based on your environment and version. Please consult [F5's documentation](https://support.f5.com/kb/en-us/products/big-ip_ltm.html) to discover the defaults pertinent to your setup.\n* All resource type titles are required to be in the format of `/Partition/title`, such as `/Common/my_virtualserver`.\n\n### Private Classes\n\n* [f5]: The main class of the module. Installs the faraday gem; contains no adjustable settings.\n\n### Types\n\n* [f5_iapp](#f5_iapp): Manages iApp instances on the F5 device.\n* [f5_node](#f5_node): Manages nodes on the F5 device.\n* [f5_pool](#f5_pool): Manages pools of `f5_node` resources on the F5 device.\n* [f5_irule](#f5_irule): Creates and manages iRule objects on your F5 device.\n* [f5_monitor](#f5_monitor): Creates and manages monitor objects, which determine the health or performance of pools, individual nodes, or virtual servers.\n* [f5_virtualserver](#f5_virtualserver): Creates and manages virtual node objects on your F5 device.\n* [f5_partition](#f5_partition): Manages partitions on the F5 device.\n* [f5_vlan](#f5_vlan): Manages virtual LANs on the F5 device.\n* [f5_selfip](#f5_selfip): Sets the self IP address on the BIG-IP system.\n* [f5_dns](#f5_dns): Sets the system DNS on the BIG-IP system.\n* [f5_ntp](#f5_ntp): Sets the system NTP on the BIG-IP system.\n* [f5_globalsetting](#f5_globalsetting): Sets the gener system global setting on the BIG-IP system.\n* [f5_user](#f5_user): Sets the user account on the BIG-IP system.\n* [f5_route](#f5_route): Configure route on the Big-IP system.\n* [f5_root](#f5_root): Modify the password of the root user on the Big-IP system.\n* [f5_license](#f5_license): Manage license installation and activation on BIG-IP devices\n* [f5_selfdevice](#f5_selfdevice): Change device name from default bigip1\n* [f5_device](#f5_device): Manages device IP configuration settings for HA on a BIG-IP.\n* [f5_addtotrust](#f5_addtotrust): Manage the trust relationships between BIG-IPs.\n* [f5_devicegroup](#f5_devicegroup): Manage device groups on a BIG-IP.\n* [f5_configsync](#f5_configsync): Perform initial sync of the Device Group.\n* [f5_command](#f5_command): Run arbitrary TMSH command on the Big-IP system.\n* [f5_persistencecookie](#f5_persistencecookie): Manage Virtual server Cookie persistence profile on a BIG-IP\n* [f5_persistencedestaddr](#f5_persistencedestaddr): Manage Virtual server Destination Address Affinity persistence profile on a BIG-IP\n* [f5_persistencehash](#f5_persistencehash): Manage Virtual server Hash persistence profile on a BIG-IP\n* [f5_persistencesourceaddr](#f5_persistencesourceaddr): Manage Virtual server Source Address persistence profile on a BIG-IP\n* [f5_persistencessl](#f5_persistencessl): Manaage Virtual server SSL persistence profile on a BIG-IP\n* [f5_persistenceuniversal](#f5_persistenceuniversal): Manage Virtual server Universal persistence profile on a BIG-IP\n* [f5_profilehttp](#f5_profilehttp): Manage Virtual server HTTP traffic profile\n* [f5_profileclientssl](#f5_profileclientssl): Manage Virtual server client-side proxy SSL profile\n* [f5_profileserverssl](#f5_profileserverssl): Manage Virtual server server-side proxy SSL profile\n* [f5_sslkey](#f5_sslkey): Import SSL keys from BIG-IP\n* [f5_sslcertificate](#f5_sslcertificate): Import SSL certificate from BIG-IP\n* [f5_snat](#f5_snat): Manage Secure network address translation (SNAT)\n* [f5_snatpool](#f5_snatpool): Manage SNAT pools on a BIG-IP\n* [f5_datagroup](#f5_datagroup): Manage Internal data group\n* [f5_datagroupexternal](#f5_datagroupexternal): Manage External data group\n\n\n### Type: f5_iapp\n\nManage iApp application services on the F5 device. See [F5 documentation](https://devcentral.f5.com/s/articles/getting-started-with-iapps-a-conceptual-overview-20524) for information about iApps. The best way to get started is to create an application service in the F5 gui, then copy the manifest returned for it via `puppet resource f5_iapp`\n\n#### Parameters\n\n##### name\nSpecifies the name of the iApp application service to manage. Must be in the form of `/\u003cpartition/\u003cinstance name\u003e.app/\u003cinstance name\u003e` . Example: `/Common/my_test.app/my_test`\n\nValid options: a string.\n\n##### template\nName of the iApp template to be used when creating the iApp application service.\n\nValid options: a string.\n\n##### variables\nHash containing iApp vars for the given template.\n\nValid options: a hash.\n\n##### tables\nHash containing iApp table entries for the given template.\n\nValid options: a hash.\n\n### Type: f5_node\n\nManages nodes on the F5 device. See [F5 documentation](https://techdocs.f5.com/kb/en-us/products/big-ip_ltm/manuals/product/ltm-concepts-11-5-1/5.html) for information about configuring F5 nodes.\n\n#### Parameters\n\n##### name\n\nSpecifies the name of the node resource to manage.\n\nValid options: a string.\n\n##### address\n\nSpecifies the IP address and route domain ID of the node resource.\n\nValid options: IPv4 or IPv6 addresses optionally followed by % sign and a route domain ID, such as '10.0.5.5%3'.\n\n##### availability_requirement\n\nSets the number of health monitors that must be available. This **must** be set if you have any monitors, but it cannot be set to more than the number of monitors you have.\n\nValid options: 'all' or an integer.\n\n##### connection_limit\n\nSets the maximum number of concurrent connections allowed for the virtual server. Setting this parameter to '0' turns off connection limits.\n\nValid options: an integer.\n\n##### connection_rate_limit\n\nSets the connection rate limit of the node.\n\nValid options: an integer.\n\n##### description\n\nSets the description of the node.\n\nValid options: a string.\n\n##### ensure\n\nDetermines whether the node resource is present or absent.\n\nValid options: 'present' or 'absent'.\n\n##### health_monitors\n\nAssigns health monitors to the node resource. You can assign a single monitor\nor an array of monitors. If you're using an array of monitors then you must also set `availability_requirement`.\n\nValid options: [\"/PARTITION/OBJECTS\"], 'default', or 'none'\n\n##### logging\n\nSets the logging state for the node resource.\n\nValid options: 'disabled', 'enabled', true, or false.\n\n##### provider\n\nSpecifies the backend to use for the `f5_node` resource. You seldom need to specify this, as Puppet usually discovers the appropriate provider for your platform.\n\n##### ratio\n\nSets the ratio weight of the node resource. The number of connections that each machine receives over time is proportionate to a ratio weight you define for each machine within the pool.\n\nValid options: an integer.\n\n##### state\n\nSets the state of the node resource.\n\nValid options: 'enabled', 'disabled' or 'forced_offline'\n\n\n### f5_pool\n\nManages pools of `f5_node` resources on the F5 device. See [F5 documentation](https://techdocs.f5.com/kb/en-us/products/big-ip_ltm/manuals/product/ltm-concepts-11-5-0/5.html) to learn more about F5 pools.\n\n#### Parameters\n\n##### name\n\nSpecifies the name of the pool to manage.\n\nValid options: a string.\n\n##### allow_nat\n\nSpecifies whether to enable network address translations (NAT) for the pool.\n\nValid options: true or false\n\n##### allow_snat\n\nSpecifies whether to enable secure network address translations (SNAT) for the pool.\n\nValid options: true or false\n\n##### availability_requirement\n\nSets the number of health monitors that must be available.  This **must** be set if you have any monitors, but cannot be set to more than the number of monitors you have.\n\nValid options: 'all' or integers\n\n##### description\n\nSets the description of the pool.\n\nValid options: a string.\n\n##### ensure\n\nDetermines whether the pool is present or absent.\n\nValid options: 'present' or 'absent'\n\n##### health_monitors\n\nSets the health monitor for the pool. You can assign a single monitor\nor an array of monitors. If you're using an array of monitors then you must also set `availability_requirement`.\n\nValid options: [\"/PARTITION/OBJECTS\"], 'default', or 'none'\n\n##### service_down\n\nSpecifies the action to take when the service is down.\n\nValid options: 'none', 'reject', 'drop', or 'reselect'\n\n##### slow_ramp_time\n\nSets the slow ramp time for the pool.\n\nValid options: an integer.\n\n##### ip_tos_to_client\n\nSets the return packet ToS level for the pool. The value you set is inspected by upstream devices and gives outbound traffic the appropriate priority.\n\nValid options: 'pass-through', 'mimic', or an integer between 0 and 255\n\n##### ip_tos_to_server\n\nSets the packet ToS level for the pool. The BIG-IP system can apply an iRule and send the traffic to different pools of servers based on the ToS level you set.\n\nValid options: 'pass-through', 'mimic', or an integer between 0 and 255\n\n##### link_qos_to_client\n\nSets the return packet QoS level for the pool. The value you set is inspected by upstream devices and gives outbound traffic the appropriate priority.\n\nValid options: 'pass-through' or an integer between 0 and 7\n\n##### link_qos_to_server\n\nSets the packet QoS level for the pool. The BIG-IP system can apply an iRule that sends the traffic to different pools of servers based on that QoS level you set.\n\nValid options: 'pass-through' or an integer between 0 and 7\n\n##### members\n\nAn array of hashes containing pool node members and their port. Pool members must exist on the F5 before you classify them in `f5_pool`. You can create the members using the `f5_node` type first. (See the example in [Usage](#usage).)\n\nValid options: 'none' or\n\n    [\n      {\n        'name' =\u003e '/PARTITION/NODE NAME',\n        'port' =\u003e \u003can integer between 0 and 65535\u003e,\n      },\n      ...\n    ]\n\n\n##### reselect_tries\n\nSpecifies the number of reselect tries to attempt.\n\nValid options: an integer.\n\n##### request_queuing\n\nSpecifies whether to queue connection requests that exceed the connection capacity for the pool. (The connection capacity is determined by the `connection limit` set in `f5_node`.)\n\nValid options: true or false.\n\n##### request_queue_depth\n\nSpecifies the maximum number of connection requests allowed in the queue. Defaults to '0', which allows unlimited connection requests constrained by available memory. This parameter can be set even if `request_queuing` is false, but it does not do anything until `request_queuing` is set to `true`.\n\nValid options: an integer.\n\n##### request_queue_timeout\n\nSpecifies the maximum number of milliseconds that a connection request can be queued until capacity becomes available. If the connection is not made in the time specified, the connection request is removed from the queue and reset. Defaults to '0', which allows unlimited time in the queue. This parameter can be set even if `request_queuing` is false, but it does not do anything until `request_queuing` is set to `true`.\n\nValid options: an integer.\n\n##### ip_encapsulation\n\nSpecifies the type of IP encapsulation on outbound packets, specifically BIG-IP system to server-pool member.\n\nValid options: '/PARTITION/gre', '/PARTITION/nvgre', '/PARTITION/dslite', '/PARTITION/ip4ip4', '/PARTITION/ip4ip6' '/PARTITION/ip6ip4', '/PARTITION/ip6ip6', or '/PARTITION/ipip'.\n\n##### load_balancing_method\n\nSets the method of load balancing for the pool.\n\nValid options: 'round-robin', 'ratio-member', 'least-connections-member', 'observed-member', 'predictive-member', 'ratio-node', 'least-connection-node', 'fastest-node', 'observed-node', 'predictive-node', 'dynamic-ratio-member', 'weighted-least-connection-member', 'weighted-least-connection-node', 'ratio-session', 'ratio-least-connections-member', or 'ratio-least-connection-node'\n\n##### ignore_persisted_weight\n\nDisables persisted weights in predictive load balancing methods. This parameter is only applicable when `load_balancing_method` is set to one of the following values: 'ratio-member', 'observed-member', 'predictive-member', 'ratio-node', 'observed-node', or 'predictive-node'.\n\nValid options: true or false\n\n##### priority_group_activation\n\nAssigns `f5_node` resources to priority groups within the pool.\n\nValid options: 'disabled' or integers\n\n### f5_irule\n\nCreates and manages iRule objects on your F5 device. See [F5 documentation](https://techdocs.f5.com/kb/en-us/products/big-ip_ltm/manuals/product/ltm-concepts-11-5-0/18.html) to learn more about iRules.\n\n#### Parameters\n\n##### definition\n\nSet the syntax for your iRule. This parameter should be event declarations consisting of TCL code to be executed when an event occurs.\n\nValid options: Any valid iRule TCL script\n\n##### ensure\n\nDetermines whether iRules should be present on the F5 device.\n\nValid options: 'present' or 'absent'\n\n##### name\n\nSets the name of the iRule object.\n\nValid options: a string.\n\n##### verify_signature\n\nVerifies the signature contained in the `definition`.\n\nValid options: true or false\n\n### f5_monitor\n\nCreates and manages monitor objects, which determine the health or performance of pools, individual nodes, or virtual servers. See [F5 documentation](https://techdocs.f5.com/kb/en-us/products/big-ip_ltm/manuals/product/ltm-concepts-11-5-0/14.html) to learn more about F5 monitors.\n\n#### Providers\n\n**Note:** Not all features are available with all providers. The providers below are based on [F5 monitor options](https://support.f5.com/kb/en-us/products/big-ip_ltm/manuals/product/ltm-monitors-reference-11-1-0/3.html).\n\n* `external` - Create your own monitor type. (Contains features: `external`.)\n* `gateway_icmp` - Make a simple resource check using ICMP. (Contains features: `transparent`.)\n* `http` - Check the status of HTTP traffic. (Contains features: `auth`, `dscp`, `reverse`, `strings`, and `transparent`.)\n* `https` - Check the status of HTTPS traffic. (Contains features: `auth`, `dscp`, `reverse`, `ssl`, `strings`, and `transparent`.)\n* `icmp` - Make a simple node check. (Contains features: `transparent`.)\n* `ldap` - Check the status of LDAP servers. (Contains features: `auth`, `debug`, and `ldap`.)\n* `sip` - Check the status of SIP Call-ID services. (Contains features: `debug` and `sip`.)\n* `tcp` - Verify the TCP service by attempting to receive specific content from a resource.(Contains features: `dscp`, `reverse`, `strings`, and `transparent`.)\n* `tcp_half` - Monitor a service by sending a TCP SYN packet to it. (Contains features: `transparent`.)\n* `udp` - Verify the UDP service by attempting to send UDP packets to a pool, individual node, or virtual server. (Contains features: `debug`, `reverse`, `strings`, and `transparent`.)\n\n#### Features\n\n**Note:** Not all features are available with all providers.\n\n* `auth` - Enables authentication functionality. (Available with `http`, `https`, `ldap`. )\n* `debug` - Enables debugging functionality. (Available with `ldap`, `sip`, and `udp`.)\n* `dscp` - Enables DSCP functionality. (Available with `http`, `https`, and `tcp`.)\n* `external` - Enables external command functionality. (Available with `external`.)\n* `ldap` - Enables LDAP functionality. (Available with `ldap`.)\n* `reverse` - Enables reverse test functionality. (Available with `http`, `https`, `tcp`, and `udp`.)\n* `sip` - Enables SIP functionality. (Availlable with `sip`.)\n* `ssl` - Enables SSL functionality. (Available with `https`.)\n* `strings` - Enables you to send or receive strings. (Available with `http`, `https`, `tcp`, and `udp`.)\n* `transparent` - Enables pass-through functionality. (Available with `gateway_icmp`, `http`, `https`, `icmp`, `tcp`, `tcp_half`, and `udp`.)\n\n\n#### Parameters\n\n##### additional_accepted_status_codes\n\nSets any additional accepted status codes for SIP monitors. (Requires `sip` feature.)\n\nValid options: '*', 'any', or an integer between 100 and 999\n\n##### additional_rejected_status_codes\n\nSets any additional rejected status codes for SIP monitors. (Requires `sip` feature.)\n\nValid options: '*', 'any', or an integer between 100 and 999\n\n##### alias_address\n\nSpecifies the destination IP address for the monitor to check.\n\nValid options: 'ipv4' or 'ipv6'\n\n##### alias_service_port\n\nSpecifies the destination port for the monitor to check.\n\nValid options: '*' or an integer between 1 and 65535\n\n##### arguments\n\nSets command arguments for an external monitor. (Requires `external` feature.)\n\nValid options: a string.\n\n##### base\n\nSets an LDAP base for the LDAP monitor. (Requires `ldap` feature.)\n\nValid options: a string.\n\n##### chase_referrals\n\nSets the LDAP chase referrals for the LDAP monitor. (Requires `ldap` feature.)\n\nValid options: 'enabled', 'disabled', true, false, 'yes', or 'no'\n\n##### cipher_list\n\nSpecifies the list of ciphers that match either the ciphers of the client sending a request or those of the server sending a response. The ciphers in this parameter are what would be in the Cipher List field. (Requires `ssl` feature.)\n\nValid options: a string.\n\n##### client_certificate\n\nSpecifies the client certificate that the monitor sends to the target SSL server. (Requires `ssl` feature.)\n\nValid options: a string.\n\n##### client_key\n\nSpecifies a key for the client certificate that the monitor sends to the target SSL server. (Requires `ssl` feature.)\n\nValid options: a string.\n\n##### compatibility\n\nSets the SSL options setting in OpenSSL to 'ALL'. Defaults to 'enabled'.\n\nValid options: 'enabled', 'disabled', true, false, 'yes', or 'no'\n\n##### debug\n\nSets the debug option for LDAP, SIP, and UDP monitors. (Requires `debug` feature.)\n\nValid options: 'enabled', 'disabled', true, false, 'yes', or 'no'\n\n##### description\n\nSets the description of the monitor.\n\nValid options: a string.\n\n##### ensure\n\nDetermines whether or not the resource should be present.\n\nValid options: 'present' or 'absent'\n\n##### external_program\n\nSpecifies the command to run for an external monitor. (Requires `external` feature.)\n\nValid options: a string.\n\n##### filter\n\nSets the LDAP filter for the LDAP monitor. (Requires `ldap` feature.)\n\nValid options: a string.\n\n##### header_list\n\nSpecifies the headers for an SIP monitor. (Requires `sip` feature.)\n\nValid options: Array\n\n##### interval\n\nSpecifies how often to send a request. Determined in seconds.\n\nValid options: an integer.\n\n##### ip_dscp\n\nSpecifies the ToS or DSCP bits for optimizing traffic and allowing the appropriate TCP profiles to pass. Defaults to '0', which clears the ToS bits for all traffic using that profile. (Requires `dscp` feature.)\n\nValid options: An integer between 0 and 63\n\n##### mandatory_attributes\n\nSpecifies LDAP mandatory attributes for the LDAP monitor. (Requires `ldap` feature.)\n\nValid options: 'enabled', 'disabled', true, false, 'yes', or 'no'\n\n##### manual_resume\n\nEnables the manual resume of a monitor, associates the monitor with a resource, disables the resource so it becomes unavailable, and leaves the resource offline until you manually re-enable it.\n\nValid options: 'enabled', 'disabled', true, false, 'yes', or 'no'\n\n##### mode\n\nSpecifies the SIP mode for the SIP monitor. (Requires `sip` feature.)\n\nValid options: 'tcp', 'udp', 'tls', and 'sips'\n\n##### name\n\nSets the name of the monitor.\n\nValid options: a string.\n\n##### parent_monitor\n\nSpecifies the parent-predefined or user-defined monitor. **This parameter can't be modified once the monitor is created.** All providers can be used with this parameter.\n\nValid values: '/\u003c PARTITION \u003e/\u003c MONITOR NAME \u003e' (For example: '/Common/http_443')\n\n##### password\n\nSets the password for the monitor's authentication when checking a resource. (Requires `auth` feature.)\n\nValid options: a string.\n\n##### provider\n\nSpecifies the backend to use for the `f5_monitor` resource. You seldom need to specify this, as Puppet usually discovers the appropriate provider for your platform.\n\nAvailable providers can be found in the \"Providers\" section above.\n\n##### receive_string\n\nSpecifies the text string that the monitor looks for in the returned resource. (Requires `strings` feature.)\n\nValid options: Regular expression\n\n##### receive_disable_string\n\nSpecifies the text string the monitor looks for in the returned resource. (Requires `strings` feature.)\n\nIf you use a `receive_string` value together with a `receive_disable_string` value to match the value of a response from the origin web server, you can create one of three states for a pool member or node: Up (Enabled), when only `receive_string` matches the response; Up (Disabled), when only `receive_disable_string` matches the response; or Down, when neither `receive_string` nor `receive_disable_string` matches the response.\n\nValid options: Regular expression\n\n##### reverse\n\nMarks the pool, pool member, or node down when the test is successful. (Requires `reverse` feature.)\n\nValid options: 'enabled', 'disabled', true, false, 'yes', or 'no'\n\n##### security\n\nSets the LDAP security for the LDAP monitor. (Requires `ldap` feature.)\n\nValid options: 'none', 'ssl', and 'tls'\n\n##### send_string\n\nSpecifies the text string that the monitor sends to the target resource. (Requires `strings` feature.)\n\nValid options: a string; for example: 'GET / HTTP/1.0\\n\\n'.\n\n##### sip_request\n\nSpecifies the request to be sent by the SIP monitor. (Requires `sip` feature.)\n\nValid options: a string.\n\n##### time_until_up\n\nAllows the system to delay the marking of a pool member or node as 'up' for some number of seconds after receipt of the first correct response.\n\nValid options: an integer.\n\n##### timeout\n\nSpecifies the period of time to wait before timing out if a pool member or node being checked does not respond or the status of a node indicates that performance is degraded.\n\nValid options: an integer.\n\n##### transparent\n\nEnables you to specify the route through which the monitor pings the destination server, which forces the monitor to ping through the pool, pool member, or node with which it is associated (usually a firewall) to the pool, pool member, or node. (Requires `transparent` feature.)\n\nValid options:  'enabled', 'disabled', true, false, 'yes', or 'no'\n\n##### up_interval\n\nSets how often the monitor should check the health of a resource.\n\nValid options: an integer, 'disabled', false, or 'no'\n\n##### username\n\nSets a username for the monitor's authentication when checking a resource. (Requires `auth` feature.)\n\nValid option: a string.\n\n### f5_virtualserver\n\nCreates and manages virtual node objects on your F5 device.\n\n#### Providers\n\n**Note:** Not all features are available with all providers. The providers below were based on F5 virtual server options you can read about [here](https://support.f5.com/kb/en-us/solutions/public/14000/100/sol14163.html).\n\n* `forwarding_ip` - Forwards packets directly to the destination IP address specified in the client request, and has no pool members to load balance. (Available with `bandwidth_control`, `clone_pool`,`connection_limit`, `connection_mirroring`, `irules`, `last_hop_pool`, `protocol_client`, `source_port`, `source_translation`, and `traffic_class`.)\n* `forwarding_layer_2` - Shares the same IP address as a node in an associated VLAN group. (Available with `bandwidth_control`, `clone_pool`,`connection_limit`, `connection_mirroring`, `default_pool`, `fallback_persistence`, `irules`, `last_hop_pool`, `persistence`, `protocol_client`, `source_port`, `source_translation`, and `traffic_class`.)\n* `performance_http` - Increases the speed at which the virtual server processes HTTP requests, and has a FastHTTP profile associated with it. (Available with `bandwidth_control`, `clone_pool`, `default_pool`, `irules`, `last_hop_pool`, `persistence`, `protocol_client`, `source_port`, `source_translation`, and `traffic_class`.)\n* `performance_l4` - Increases the speed at which the virtual server processes packets, and has a FastL4 profile associated with it. (Available with `bandwidth_control`, `clone_pool`,`connection_limit`, `connection_mirroring`, `default_pool`, `fallback_persistence`, `irules`, `last_hop_pool`, `persistence`, `protocol_client`, `source_port`, `source_translation`, and `traffic_class`.)\n* `reject` - Rejects any traffic destined for the virtual server IP address. (Available with `irules`, `source_port`, and `traffic_class`.)\n* `standard` - Directs client traffic to a load balancing pool, and is a general purpose virtual server. (Available with `address_translation`, `bandwidth_control`, `clone_pool`,`connection_limit`, `connection_mirroring`, `default_pool`, `fallback_persistence`, `irules`, `persistence`, `policies`, `port_translation`, `protocol_client`, `protocol_server`, `source_port`, `source_translation`, `standard_profiles` and `traffic_class`.)\n* `stateless` - Improves the performance of UDP traffic over a standard virtual server in specific scenarios but with limited feature support. (Available with `address_translation`, `connection_limit`, `default_pool`, `last_hop_pool`, and `port_translation`.)\n\n#### Features\n\n**Note:** Not all features are available with all providers.\n\n* `address_translation` - Supports address translation. (Available with `standard` and `stateless`.)\n* `bandwidth_control` - Supports bandwidth control. (Available with `forwarding_ip`, `forwarding_layer_2`, `performance_http`, `performance_l4`, and `standard`.)\n* `clone_pool` - Supports clone pools. (Available with `forwarding_ip`, `forwarding_layer_2`, `performance_http`, `performance_l4`, and `standard`.)\n* `connection_limit` - Supports limiting connections. (Available with `forwarding_ip`, `forwarding_layer_2`, `performance_http`, `performance_l4`, `standard`, and `stateless`.)\n* `connection_mirroring` - Supports mirroring connections. (Available with `forwarding_ip`, `forwarding_layer_2`, `performance_l4`, and `standard`.)\n* `default_pool` - Supports setting a default pool. (Available with `forwarding_layer_2`, `performance_l4`, and `standard`.)\n* `fallback_persistence` - Supports setting a fallback persistence profile. (Available with `forwarding_layer_2`, `performance_http`, `performance_l4`, `standard`, and `stateless`.)\n* `irules` - Supports setting iRules. (Available with `forwarding_ip`, `forwarding_layer_2`, `performance_http`, `performance_l4`, `reject`, and `standard`.)\n* `last_hop_pool` -  Supports a last hop pool. (Available with `forwarding_ip`, `forwarding_layer_2`, `performance_http`, `performance_l4`, and `stateless`.)\n* `persistence` - Supports setting a persistence profile. (Available with `forwarding_layer_2`, `performance_http`, `performance_l4`, and `standard`.)\n* `policies` - Supports policies. (Available with `standard`.)\n* `port_translation` - Supports port translation. (Available with `standard` and `stateless`.)\n* `protocol_client` - Supports client protocol profiles. (Available with `forwarding_ip`, `forwarding_layer_2`, `performance_http`, `performance_l4`, and `standard`.)\n* `protocol_server` - Supports server protocol profiles. (Available with `standard`.)\n* `source_port` - Supports source port setting. (Available with `forwarding_ip`, `forwarding_layer_2`, `performance_http`, `performance_l4`, `reject`, and `standard`.)\n* `source_translation` - Supports source address translation. (Available with `forwarding_ip`, `forwarding_layer_2`, `performance_http`, `performance_l4`, and `standard`.)\n* `standard_profiles` - Supports the standard set of profiles. (Available with `standard`.)\n* `traffic_class` - Supports traffic class objects. (Available with `forwarding_ip`, `forwarding_layer_2`, `performance_http`, `performance_l4`, `reject`, and `standard`.)\n\n#### Parameters\n\n##### address_status\n\nDetermines whether the virtual server's IP should respond to pings based on pool member availability.\n\nValid options: 'enabled', 'disabled', true, false, 'yes', or 'no'\n\n##### address_translation\n\nDetermines whether address translation is on or not. If the address is translated, the servers interpret the traffic as coming from the F5 and respond to the F5. However, if the address is not translated, the servers interpret the traffic as coming from the router and return the traffic there. Address translation  works only at layer 4 and below. (Requires `address_translation` feature.)\n\nValid options: 'enabled', 'disabled', true, false, 'yes', or 'no'\n\n##### authentication_profiles\n\nEnables you to use specific authentication profiles that make various traffic behaviors applicable to multiple protocols. The authentication profiles available when this parameter is enabled are: LDAP, RADIUS, TACACS+, SSL Client Certificate LDAP, SSL OCSP, and CRLDP. (Requires `standard_profiles` feature.)\n\nValid options: 'none' or '/\u003c PARTITION \u003e/\u003c VIRTUAL SERVER NAME \u003e'\n\n##### auto_last_hop\n\nAllows the BIG-IP system to track the source MAC address of incoming connections and return traffic from pools to the source MAC address, regardless of the routing table.\n\nValid options: 'default', 'enabled', or 'disabled'\n\n##### bandwidth_controller\n\nApplies a bandwidth controller to enforce the total amount of bandwidth that can be used by the virtual server.\n\nValid options: 'none' or '/\u003c PARTITION \u003e/\u003c VIRTUAL SERVER NAME \u003e'\n\n##### clone_pool_client\n\nCopies traffic to IDS's prior to address translation.\n\nValid options: 'none' or '/\u003c PARTITION \u003e/\u003c VIRTUAL SERVER NAME \u003e'\n\n##### clone_pool_server\n\nCopies traffic to IDS's after address translation.\n\nValid options: 'none' or '/\u003c PARTITION \u003e/\u003c VIRTUAL SERVER NAME \u003e'\n\n##### connection_limit\n\nSets the maximum number of concurrent connections allowed for the virtual server. Setting this to 0 turns off connection limits. (Requires `connection_limit` feature.)\n\nValid options: an integer.\n\n##### connection_mirroring\n\nSets whether to mirror connection and persistence information to another device in order to prevent interruption in service during failover. (Requires `connection_mirroring` feature.)\n\nValid options: 'enabled', 'disabled', true, false, 'yes', or 'no'\n\n##### connection_rate_limit\n\nSets the connection rate limit of the object.\n\nValid options: An integer or 'disabled'.\n\n##### connection_rate_limit_destination_mask\n\nSpecifies the CIDR mask of connection destinations with rate limiting.\n\nValid options: An integer between 0 and 32.\n\n##### connection_rate_limit_mode\n\nSets the connection rate limit mode.\n\nValid options:\n\n* 'per_virtual_server'\n* 'per_virtual_server_and_source_address'\n* 'per_virtual_server_and_destination_address'\n* 'per_virtual_server_destination_and_source_address'\n* 'per_source_address'\n* 'per_destination_address'\n* 'per_source_and_destination_address'\n\n##### connection_rate_limit_source_mask\n\nSpecifies the CIDR mask of connection sources with rate limiting.\n\nValid options: An integer between 0 and 32.\n\n##### default_persistence_profile\n\nEnables you to use specific persistence profiles that make various traffic behaviors applicable to multiple protocols. The persistence profiles available when this parameter is enabled are: Cookie, Destination Address Affinity, Hash, Microsoft Remote Desktop, SIP, Source Address Affinity, SSL, and Universal. (Requires `persistence` feature.)\n\nValid options: 'none' or '/\u003c PARTITION \u003e/\u003c VIRTUAL SERVER NAME \u003e'.\n\n##### default_pool\n\nSpecifies a pool of nodes that F5 sends traffic to if not otherwise specified by another property such as an iRule or OneConnect profile. (Requires `default_pool` feature.)\n\nValid options: 'none' or '/\u003c PARTITION \u003e/\u003c VIRTUAL SERVER NAME \u003e'.\n\n##### description\n\nSets the description of the virtual server.\n\nValid options: a string.\n\n##### destination_address\n\nSets the IP address of the virtual server. Optionally includes a route domain ID. Eg: '10.0.5.5%3'\n\nValid options: IP Address\n\n##### destination_mask\n\nSpecifies the netmask for a network virtual server, which clarifies whether the host is 0 or a wildcard representation. Is required for network virtual servers.\n\nValid options: Netmask\n\n##### diameter_profile\n\nEnables you to use a Diameter profile, which allows the BIG-IP system to send client-initiated Diameter messages to load balancing servers and ensure that those messages persist on the servers. (Requires `standard_profiles` feature.)\n\nValid options: 'none' or '/\u003c PARTITION \u003e/\u003c VIRTUAL SERVER NAME \u003e'\n\n##### dns_profile\n\nEnables you to use a custom DNS profile to enable features such as: converting IPv6-formatted addresses to IPv4 format, DNS Express, and DNSSEC. (Requires `standard_profiles` feature.)\n\nValid options: 'none' or '/\u003c PARTITION \u003e/\u003c VIRTUAL SERVER NAME \u003e'\n\n##### ensure\n\nDetermines whether or not the resource should be present.\n\nValid options: 'present' or 'absent'\n\n##### fallback_persistence_profile\n\nSpecifies the type of persistence that the BIG-IP system should use if it cannot use the default persistence. (Requires `fallback_persistence` feature.)\n\nValid options: 'none' or '/\u003c PARTITION \u003e/\u003c VIRTUAL SERVER NAME \u003e'\n\n##### fix_profile\n\nEnables you to use Financial Information eXchange (FIX) protocol messages in routing, load balancing, persisting, and logging connections. (Requires `standard_profiles` feature.)\n\nValid options: 'none' or '/\u003c PARTITION \u003e/\u003c VIRTUAL SERVER NAME \u003e'\n\n##### ftp_profile\n\nDefines the behavior of File Transfer Protocol (FTP) traffic. (Requires `standard_profiles` feature.)\n\nValid options: 'none' or '/\u003c PARTITION \u003e/\u003c VIRTUAL SERVER NAME \u003e'\n\n##### html_profile\n\nEnables the virtual server to modify HTML content that passes through it, according to your specifications. (Requires `standard_profiles` feature.)\n\nValid options: 'none' or '/\u003c PARTITION \u003e/\u003c VIRTUAL SERVER NAME \u003e'\n\n##### http_compression_profile\n\nEnables compression of HTTP content to reduce the amount of data to be transmitted and significantly reduce bandwidth usage. (Requires `standard_profiles` feature.)\n\nValid options: 'none' or '/\u003c PARTITION \u003e/\u003c VIRTUAL SERVER NAME \u003e'\n\n##### http_profile\n\nEnables you to use an HTTP profile that ensures that HTTP traffic management suits your specific needs. (Requires `standard_profiles` feature.)\n\nValid options: 'none' or '/\u003c PARTITION \u003e/\u003c VIRTUAL SERVER NAME \u003e'\n\n##### irules\n\nEnables the use of iRule objects on your virtual server. (Requires `irules` feature.)\n\nValid options: 'none' or '/\u003c PARTITION \u003e/\u003c IRULE OBJECT NAME \u003e'\n\n##### last_hop_pool\n\nDirects reply traffic to the last hop router using a last hop pool. **Note: This parameter overrides the auto_lasthop setting.**\n\nValid options: 'none' or '/\u003c PARTITION \u003e/\u003c POOL NAME \u003e'\n\n##### name\n\nSets the name of the virtual server.\n\nValid options: a string.\n\n##### nat64\n\nMaps IPv6 subscriber private addresses to IPv4 Internet public addresses.\n\nValid options: 'enabled', 'disabled', true, false, 'yes', or 'no'\n\n##### ntlm_conn_pool\n\nEnables use of an encrypted challenge/response protocol to authenticate a user without sending the user's password over the network. (Requires `standard_profiles` feature.)\n\nValid options: 'none' or '/\u003c PARTITION \u003e/\u003c VIRTUAL SERVER NAME \u003e'\n\n##### oneconnect_profile\n\nEnables connection pooling on your virtual server. (Requires `standard_profiles` feature.)\n\nValid options: 'none' or '/\u003c PARTITION \u003e/\u003c VIRTUAL SERVER NAME \u003e'\n\n##### policies\n\nEnables use of custom /Partition/Object policies.(Requires `policies` feature.)\n\nValid options: Array\n\n##### port_translation\n\nDetermines whether port translation is on or not. If the port is translated, the servers interpret the traffic as coming from the F5 and responds to the F5. However, if the port is not translated, the servers interpret the traffic as coming from the router and return the traffic there. (Requires `port_translation` feature.)\n\nValid options: 'enabled', 'disabled', true, false, 'yes', or 'no'\n\n##### protocol\n\nSets the network protocol name for which you want the virtual server to direct traffic.\n\nValid options: 'all', 'tcp', 'udp', or 'sctp'\n\n##### protocol_profile_client\n\nSetting this parameter requires setting `protocol_profile_server` as well. If you want to default this value, set `protocol_profile_server` to the same value as `protocol_profile_client`.\n\nEnables you to use specific protocol profiles that expand the capacities of specific protocols pertaining to incoming connections from a web client. The protocol profiles available when this parameter is enabled are: Fast L4, Fast HTTP, HTTP Class, TCP, UDP, and SCTP. (Requires `protocol_client` feature.)\n\nValid options: 'none' or '/\u003c PARTITION \u003e/\u003c VIRTUAL SERVER NAME \u003e'\n\n##### protocol_profile_server\n\nSetting this parameter requires setting `protocol_profile_client` as well. If you want to default this value, set `protocol_profile_client` to the same value as `protocol_profile_server`.\n\nEnables you to use specific protocol profiles that expand the capacities of specific protocols pertaining to F5's connection to the virtual server's it's sending traffic to. The protocol profiles available when this parameter is enabled are: Fast L4, Fast HTTP, HTTP Class, TCP, UDP, and SCTP. (Requires `protocol_server` feature.)\n\nValid options: 'none' or '/\u003c PARTITION \u003e/\u003c VIRTUAL SERVER NAME \u003e'\n\n##### provider\n\nSpecifies the backend to use for the f5_virtualserver resource. You seldom need to specify this, as Puppet usually discovers the appropriate provider for your platform.\n\nAvailable providers can be found in the \"Providers\" section above.\n\n##### rate_class\n\nEnables you to define the throughput limitations and packet scheduling method that you want the BIG-IP system to apply to all traffic that the rate class handles.\n\nValid options: 'none' or '/\u003c PARTITION \u003e/\u003c VIRTUAL SERVER NAME \u003e'\n\n##### request_adapt_profile\n\nInstructs an HTTP virtual server to send a request to a named virtual server of type Internal for possible modification by an Internet Content Adaptation Protocol (ICAP) server. (Requires `standard_profiles` feature.)\n\nValid options: 'none' or '/\u003c PARTITION \u003e/\u003c VIRTUAL SERVER NAME \u003e'\n\n##### request_logging_profile\n\nEnables you to configure data within a log file for requests and responses in accordance with specified parameters. (Requires `standard_profiles` feature.)\n\nValid options: 'none' or '/\u003c PARTITION \u003e/\u003c VIRTUAL SERVER NAME \u003e'\n\n##### response_adapt_profile\n\nInstructs an HTTP virtual server to send a response to a named virtual server of type Internal for possible modification by an Internet Content Adaptation Protocol (ICAP) server. (Requires `standard_profiles` feature.)\n\nValid options: 'none' or '/\u003c PARTITION \u003e/\u003c VIRTUAL SERVER NAME \u003e'\n\n##### rewrite_profile\n\nSpecifies the TCL expression that the system uses to rewrite the request URI that is forwarded to the server without sending an HTTP redirect to the client. **Note:** If you use static text rather than a TCL expression, the system maps the specified URI for every incoming request. (Requires `standard_profiles` feature.)\n\nValid options: 'none' or '/\u003c PARTITION \u003e/\u003c VIRTUAL SERVER NAME \u003e'\n\n##### rtsp_profile\n\nEnables a client system to control a remote streaming-media server and allow time-based access to files on a server. (Requires 'standard_profiles' feature.)\n\nValid options: 'none' or '/\u003c PARTITION \u003e/\u003c VIRTUAL SERVER NAME \u003e'\n\n##### service_port\n\nSpecifies a service name or port number for which you want to direct traffic. **This parameter is required.** (Requires 'service_port' feature.)\n\nValid options: '*' or integers\n\n##### sip_profile\n\nConfigures how the virtual server handles SIP sessions. (Requires `standard_profiles` feature.)\n\nValid options: 'none' or '/\u003c PARTITION \u003e/\u003c VIRTUAL SERVER NAME \u003e'\n\n##### socks_profile\n\nConfigures the BIG-IP system to handle proxy requests and function as a gateway. Configuring browser traffic to use the proxy allows you to control whether to allow or deny a requested connection. (Requires `standard_profiles` feature.)\n\nValid options: 'none' or '/\u003c PARTITION \u003e/\u003c VIRTUAL SERVER NAME \u003e'\n\n##### source\n\nSpecifies the CIDR notation for traffic source address. Optionally includes a route domain ID.\n\nValid options: '\u003c IPADDRESS[%ID]/ 0 - 32 \u003e'. For instance: '78.0.0.0%3/8'.\n\n##### source_address_translation\n\nAssigns an existing SNAT or LSN pool to the virtual server, or enables the Automap feature. When you use this setting, the BIG-IP system automatically maps all original source IP addresses passing through the virtual server to an address in the SNAT or LSN pool. (Requires `source_translation` feature.)\n\nValid options: 'none', 'automap', { 'snat' =\u003e '/Partition/pool_name'}, or { 'lsn' =\u003e '/Partition/pool_name'}\n\n##### source_port\n\nSpecifies whether the system preserves the source port of the connection. (Requires `source_port` feature.)\n\nValid options: 'preserve', 'preserve_strict', or 'change'\n\n##### spdy_profile\n\nMinimizes latency of HTTP requests by multiplexing streams and compressing headers. When you assign a SPDY profile to an HTTP virtual server, the HTTP virtual server informs clients that a SPDY virtual server is available to respond to SPDY requests. (Requires `standard_profiles` feature.)\n\nValid options: 'none' or '/\u003c PARTITION \u003e/\u003c VIRTUAL SERVER NAME \u003e'\n\n##### ssl_profile_client\n\nEnables the the BIG-IP system to handle authentication and encryption tasks for any SSL connection coming into a BIG-IP system from a client system. (Requires `standard_profiles` feature.)\n\nValid options: 'none' or '/\u003c PARTITION \u003e/\u003c VIRTUAL SERVER NAME \u003e'\n\n##### ssl_profile_server\n\nEnables the BIG-IP system to handle encryption tasks for any SSL connection being sent from a BIG-IP system to a target server. A server SSL profile is able to act as a client by presenting certificate credentials to a server when authentication of the BIG-IP system is required. (Requires `standard_profiles` feature.)\n\nValid options: 'none' or '/\u003c PARTITION \u003e/\u003c VIRTUAL SERVER NAME \u003e'\n\n##### state\n\nSets the state of the virtual server.\n\nValid options: 'enabled', 'disabled', or 'forced_offline'\n\n##### statistics_profile\n\nProvides user-defined statistical counters.\n\nValid options: 'none' or '/\u003c PARTITION \u003e/\u003c VIRTUAL SERVER NAME \u003e'\n\n##### stream_profile\n\nSearches for and replaces strings within a data stream. (Requires `standard_profiles` feature.)\n\nValid options: 'none' or '/\u003c PARTITION \u003e/\u003c VIRTUAL SERVER NAME \u003e'\n\n##### traffic_class\n\nAllows you to classify traffic according to a set of criteria that you define, such as source and destination IP addresses, for the virtual server.\n\nValid options: An array of /Partition/traffic_class_name objects\n\n##### vlan_and_tunnel_traffic\n\nSpecifies the names of VLANs for which the virtual server is enabled or disabled.\n\nValid options: '\u003c 'all','enabled', or 'disabled' \u003e =\u003e [ '/Partition/object' ]}'\n\n##### vs_score\n\nWeight taken into account by the Global Traffic Manager.\n\nValid options: an integer between 0 and 100  (Note: value is a percentage.)\n\n##### web_acceleration_profile\n\nAllows the BIG-IP system to store HTTP objects in memory and reuse these objects for subsequent connections. (Requires `standard_profiles` feature.)\n\nValid options: 'none' or '/\u003c PARTITION \u003e/\u003c VIRTUAL SERVER NAME \u003e'\n\n##### xml_profile\n\nDefines the formatting and attack pattern checks for the security policy. (Requires `standard_profiles` feature.)\n\nValid options: 'none' or '/\u003c PARTITION \u003e/\u003c VIRTUAL SERVER NAME \u003e'.\n\n### f5_partition\n\nManages partitions on the F5 device. See [f5 documentation](https://support.f5.com/kb/en-us/solutions/public/7000/200/sol7230.html) for information about configuring F5 partitions.\n\n#### Parameters\n\n##### name\n\nSpecifies the name of the partition resource to manage.\n\nValid options: a string.\n\n##### description\n\nSets the description of the node.\n\nValid options: a string.\n\n### f5_vlan\n\nManages virtual LANs on the F5 device. See [f5 documentation](https://techdocs.f5.com/kb/en-us/products/big-ip_ltm/manuals/product/bigip-system-ecmp-mirrored-clustering-12-1-0/2.html) for information about configuring F5 VLANS.\n\n#### Parameters\n\n##### name\n\nSpecifies the name of the partition resource to manage.\n\nValid options: a string.\n\n##### description\n\nSets the description of the node.\n\nValid options: a string.\n\n#### vlan_tag\n\nSpecifies the VLAN ID. If you do not specify a VLAN ID, the BIG-IP system assigns an ID automatically.\n\nValid range: 1 - 4094.\n\n##### source_check\n\nCauses the BIG-IP system to verify that the return path of an initial packet is through the same VLAN from which the packet originated.\n\nValid options: 'enabled' or 'disabled'.\n\n##### mtu\n\nSpecifies the Maximum Transmission Unit.\n\nValid range: 576 - 65535.\n\n##### fail_safe\n\nTriggers fail-over in a redundant system when certain VLAN-related events occur.\n\nValid options: 'enabled' or 'disabled'.\n\n##### fail_safe_timeout\n\nSpecifies the number of seconds that a system can run without detecting network traffic on this VLAN before it takes the fail-safe action.\n\nValid range: 0 - 4294967295.\n\n##### fail_safe_action\n\nSpecifies the action that the system takes when it does not detect any traffic on this VLAN, and the timeout has expired. The default is 'reboot'. Valid options:\n\n* 'reboot': The system reboots.\n* 'restart-all': The system restarts all services.\n\n##### auto_last_hop\n\nAllows the BIG-IP system to track the source MAC address of incoming connections and return traffic from pools to the source MAC address, regardless of the routing table.\n\nValid options: 'default', 'enabled', or 'disabled'.\n\n##### cmp_hash\n\nSpecifies how the traffic on the VLAN will be disaggregated. The value selected determines the traffic disaggregation method. You can choose to disaggregate traffic based on `src-ip`, `dst-ip`, or default, which specifies that the default CMP hash uses L4 ports.\n\nValid options: 'default', 'src-ip' or 'dst-ip'.\n\n##### dag_round_robin\n\nSpecifies whether some of the stateless traffic on the VLAN should be disaggregated in a round-robin order instead of using a static hash.\n\nValid options: 'enabled' or 'disabled'\n\n##### sflow_polling_interval\n\nSpecifies the maximum interval in seconds between two pollings.\n\nValid range: 0 - 86400.\n\n##### sflow_sampling_rate\n\nSpecifies the ratio of packets observed to the samples generated.\n\nValid range: 0 - 102400.\n\n##### interface\n\nAn array of interfaces that this vlan resource is bound to.\n\nCorrect format example is:\n\n`[{name =\u003e '1.1', tagged =\u003e true}, {name =\u003e '2.1', tagged =\u003e true}]`\n\n### f5_selfip\n\nSets the self IP address on the BIG-IP system that you associate with a VLAN, to access hosts in that VLAN. By virtue of its netmask, a self IP address represents an address space; that is, a range of IP addresses spanning the hosts in the VLAN, rather than a single host address. You can associate self IP addresses not only with VLANs, but also with VLAN groups\n\n#### Parameters\n\n##### name\n\nSpecifies the name of the selfip to manage.\n\nValid options: a string.\n\n##### address\n\nSpecify either an IPv4 or an IPv6 address. For an IPv4 address, you must specify a /32 IP address per RFC 3021 and a CIDR range. EG 9.9.9.9/255\n\nValid options: ip/cidr\n\n##### vlan\n\nSpecifies the VLAN associated with this self IP address.\n\nValid options: string\n\n##### traffic_group\n\nSpecifies the traffic group to associate with the self IP. You can click the box to have the self IP inherit the traffic group from the root folder, or clear the box to select a specific traffic group for the self IP.\n\nValid options: string\n\n##### inherit_traffic_group\n\nWhether to inherit the traffic group from the current partition or path.\n\nValid options: true, false.\n\n##### port_lockdown\n\nSpecifies the protocols and services from which this self IP can accept traffic. Note that fewer active protocols enhances the security level of the self IP and its associated VLANs. Accepts an array of: 'default', 'all', protocol:port (for example, `[\"TCP:80\", \"UDP:55\"]`). Options behave as follows:\n\n* `protocol:port`: the protocols and ports to activate on this self IP.\n* `default`: Activates only the default protocols and services. You can determine the supported protocols and services by running the tmsh list net self-allow defaults command on the command line. May be combined with further protocol:port values.\n* `all`: Activates all TCP and UDP services on this self IP. May not be combined with any other value.\n* `none`: Specifies that this self IP accepts no traffic. May not be combined with any other values.\n\n### f5_dns\n\nManages system DNS settings on the F5 device. See [F5 documentation](https://support.f5.com/csp/article/K26057357) to learn more about F5 DNS. f5_dns has no `ensure =\u003e absent` functionality.\n\n\n#### Parameters\n\n###### name\n\nSpecifies the name of the DNS resource to manage.\n\nValid options: a string.\n\n##### description\n\nSets the description of the DNS.\n\nValid options: a string.\n\n##### name_servers\n\nSpecifies the name servers that the system uses to validate DNS lookups, and resolve host names.\n\nCorrect format example is: [\"4.2.2.2\", \"8.8.8.8”]\n\n##### search\nSpecifies the domains that the system searches for local domain lookups, to resolve local host names.\n\nCorrect format example is: [\"localhost\",\"f5.local”]\n\n#### Example\n~~~puppet\n  f5_dns { '/Common/dns':\n    name_servers         =\u003e [\"4.2.2.2\", \"8.8.8.8\"],\n    search               =\u003e [\"localhost\",\"f5.local\"],\n   }\n~~~\n\n\n### f5_ntp\n\nManages system NTP settings on the F5 device. See [F5 documentation](https://support.f5.com/csp/article/K13380) to learn more about F5 DNS.\n\n#### Parameters\n\n###### name\nSpecifies the name of the NTP resource to manage.\n\nValid options: a string.\n\n##### description\n\nSets the description of the NTP.\n\nValid options: a string.\n\n##### servers\n\nSpecifies the time servers that the system uses to update the system time\n\nCorrect format example is: ['0.pool.ntp.org', '1.pool.ntp.org']\n\n##### timezone\n\nSpecifies the timezone\n\n#### Example\n\n~~~puppet\n  f5_ntp { '/Common/ntp':\n    servers  =\u003e ['0.pool.ntp.org', '1.pool.ntp.org'],\n    timezone =\u003e 'UTC',\n   }\n~~~\n\n### f5_globalsetting\n\nManages system global settings on the F5 device. See [F5 documentation](https://support.f5.com/csp/article/K14938) to learn more about F5 global setting. f5_globalsetting has no `ensure =\u003e absent` functionality.\n\n#### Parameters\n\n###### name\nSpecifies the name of the global setting resource to manage.\n\nValid options: a string.\n\n##### description\n\nSets the description of the global setting.\n\nValid options: a string.\n\n##### hostname\n\nSpecifies a local name for the system.\n\nThe default value is bigip1.\n\n##### gui_setup\n\nEnables or disables the Setup utility in the browser-based Configuration utility.\n\nThe default value is enabled.\n\n#### Example\n\n~~~puppet\n  f5_globalsetting { '/Common/globalsetting':\n    hostname  =\u003e \"bigip-a.f5.local\",\n    gui_setup =\u003e \"disabled\",\n   }\n~~~\n\n### f5_user\n\nManages the user account on the F5 device. See [F5 documentation](https://techdocs.f5.com/kb/en-us/products/big-ip_ltm/manuals/product/bigip-user-account-administration-13-0-0.html) to learn more about F5 user account.\n\n#### Parameters\n\n###### name\n\nSpecifies the name of the user account to manage.\n\n$name is mandatory for all users in the format of `my_user`. Without $name specification, the  $name defaults to the value of $title, which is in the format of `/Partition/title`, such as `/Common/my_user`.\n\nValid options: a string.\n\n##### description\n\nSets the description of the user account.\n\nValid options: a string.\n\n##### ensure\n\nDetermines whether the user resource is present or absent.\n\nValid options: 'present' or 'absent'.\n\n##### password\n\nSet the user password during creation or modification without prompting or confirmation.\n\n#### Example\n\n##### Add a user\n~~~puppet\n  f5_user { '/Common/joe':\n    name     =\u003e 'joe',\n    ensure   =\u003e 'present',\n    password =\u003e 'joe',\n  }\n~~~\n\n##### Delete a user\n~~~puppet\n  f5_user { '/Common/joe':\n    name   =\u003e 'joe',\n    ensure =\u003e 'absent',\n  }\n~~~\n\n### f5_route\n\nConfigure route on the Big-IP system. See [F5 documentation](https://support.f5.com/csp/article/K13833) to learn more about F5 Configuring Routes.\n\n#### Parameters\n\n###### name\n\nSpecifies the identifier that, when appended to BIG-IP system addresses, indicates the specific route domain in the partition to which the address applies.\n\nValid options: a string.\n\n##### description\n\nSpecifies descriptive text that identifies the route.\n\nValid options: a string.\n\n##### gw\n\nSpecifies a gateway address for the route.\n\nValid options: IPv4 or IPv6 addresses.\n\n##### mtu\n\nSets a specific maximum transmission unit (MTU).\n\nValid options: 0 - 65535.\n\n##### network\n\nThe destination subnet and netmask for the route.\n\nValid options: IP address followed by netmask.\n\n##### pool\n\nSpecifies a gateway pool, which allows multiple, load-balanced gateways to be used for the route.\n\nValid options: a string.\n\n##### tm_interface\n\nSpecifies a VLAN for the route. This can be a VLAN or VLAN group.\n\nValid options: a string.\n\n#### Example\n\n##### Create default route\n~~~puppet\n  f5_route { '/Common/Default':\n    ensure  =\u003e 'present',\n    gw      =\u003e \"10.1.20.253\",\n    mtu     =\u003e '0',\n    network =\u003e \"0.0.0.0/0\",\n  }\n~~~\n\n##### Delete default route\n~~~puppet\n  f5_route { '/Common/Default':\n    ensure =\u003e 'absent',\n~~~\n\n\n### f5_root\n\nChanges the password of the root user on the Big-IP system. The root user can be used for SSH to obtain remote access to the device. A root user can not send REST requests it is not a REST Framework user. f5_root has no `ensure =\u003e absent` functionality.\n\n#### Parameters\n\n###### name\n\nSpecifies the name of the root user to manage.\n\nValid options: a string.\n\n##### description\n\nSets the description of the root user.\n\nValid options: a string.\n\n##### old_password\n\nThe root user’s old password.\n\nValid options: a string.\n\n##### new_password\n\nThe root user’s new password.\n\nValid options: a string.\n\n#### Example\n\n~~~puppet\n  f5_root { '/Common/root':\n    old_password =\u003e 'default',\n    new_password =\u003e 'default',\n  }\n~~~\n\n### f5_license\n\nManage license installation and activation on BIG-IP devices. f5_license has no `ensure =\u003e absent` functionality\n\n#### Parameters\n\n###### name\n\nSpecifies the name.\n\nValid options: a string.\n\n##### description\n\nSets the description.\n\nValid options: a string.\n\n##### registration_key\n\nThe registration key to use to license the BIG-IP.\n\n#### Example\n\n~~~puppet\n  f5_license { '/Common/license':\n    registration_key =\u003e \"GKWPN-NDMLV-CXSTE-NWDEX-PCFPTLV\"\n  }\n~~~\n\n### f5_selfdevice\n\nChange device name from default bigip1 under 'Device Management \u003e Devices'. This is achieved by using tmsh `mv`command, and hence has no `ensure =\u003e absent` functionality.\n\nNOTE: This does not impact the hostname\n\n#### Parameters\n\n###### name\n\nSpecifies the name of device name to manage.\n\nValid options: a string.\n\n##### description\n\nSets the description of device name.\n\nValid options: a string\n\n##### target\n\nSpecifies the target device name.\n\nValid options: a string\n\n#### Examples\n\nrename the self device:\n~~~puppet\n  f5_selfdevice { '/Common/bigip-a.f5.local':\n    target =\u003e\"bigip-a.f5.local\",\n  }\n~~~\n\nreset the device name:\n~~~puppet\n  f5_selfdevice { '/Common/bigip1':\n    target =\u003e\"bigip1\",\n  }\n~~~\n\n### f5_device\n\nManages device IP configuration settings for HA on a BIG-IP. Each BIG-IP device has synchronization and failover connectivity information (IP addresses) that you define as part of HA pairing or clustering. This module allows you to configure that information.\n\n#### Parameters\n\n###### name\n\nSpecifies the name of the device to manage\n\nValid options: a string.\n\n##### description\n\nSets the description of the device IP configuration settings\n\nValid options: a string.\n\n##### configsync_ip\n\nLocal IP address that the system uses for ConfigSync operations.\n\n##### mirror_ip\n\nSpecifies the primary IP address for the system to use to mirror connections.\n\n#### Example\n\n~~~puppet\n  f5_device{ '/Common/bigip-a.f5.local':\n    ensure        =\u003e 'present',\n    configsync_ip =\u003e '10.1.30.1',\n    mirror_ip     =\u003e '10.1.30.1',\n  }\n~~~\n\n### f5_addtotrust\n\nManage the trust relationships between BIG-IPs. In this task we will add BIG-IP-B as a trusted peer of BIG-IP-A. This is achieved by using tmsh command, and hence has no `ensure =\u003e absent` functionality.\n\n#### Parameters\n\n###### name\n\nSpecifies the name\n\nValid options: a string.\n\n##### description\n\nSets the description.\n\nValid options: a string.\n\n##### device\n\nSpecify the FQDN or management-ip of the new device.\n\n##### device_name\n\nSpecify the name of the peer device to add.\n\n##### username\n\nSpecify the username when adding the new device.\n\n##### password\n\nSpecify the password when adding the new device.\n\n#### Example\n\n~~~puppet\n  f5_addtotrust { '/Common/addtotrust':\n    device     =\u003e \"10.192.74.112\",\n    device_name =\u003e \"bigip-b.f5.local\",\n    username   =\u003e \"admin\",\n    password   =\u003e \"admin\",\n  }\n~~~\n\n### f5_devicegroup\n\nManage device groups on a BIG-IP. Managing device groups allows you to create HA pairs and clusters of BIG-IP devices.\n\n#### Parameters\n\n###### name\n\nSpecifies the name of device group to manage.\n\nValid options: a string.\n\n##### description\n\nSets the description of the device group.\n\nValid options: a string.\n\n##### ensure\n\nDetermines whether the device group resource is present or absent.\n\nValid options: 'present' or 'absent'.\n\n##### type\n\nSpecifies if the device-group will be used for failover or resource syncing\n\nValid options: a string.\n\n##### auto_sync\n\nSpecifies if the device-group will automatically sync configuration data to its members\n\nValid options: a string.\n\n##### devices\n\nAn array of devices to be added to the device group.\n\n#### Example\n\n##### Create a device group\n~~~puppet\n  f5_devicegroup{ '/Common/DeviceGroup1':\n    ensure    =\u003e 'present',\n    type      =\u003e 'sync-failover',\n    auto_sync =\u003e 'enabled',\n    devices   =\u003e [ \"bigip-a.f5.local\",\"bigip-b.f5.local\" ],\n  }\n~~~\n\n##### Delete a device group\n~~~puppet\n  f5_devicegroup{ '/Common/DeviceGroup1':\n    ensure =\u003e 'absent',\n  }\n~~~\n\n\n### f5_configsync\n\nPerform initial sync of the Device Group. This is achieved by using tmsh `run` command, and hence has no `ensure =\u003e absent` functionality.\n\n#### Parameters\n\n###### name\n\nSpecifies the name.\n\nValid options: a string.\n\n##### description\n\nSets the description.\n\nValid options: a string.\n\n##### to_group\n\nSpecifies the 'to-group' device group to run a config-sync\n\n#### Example\n\n~~~puppet\n  f5_configsync { '/Common/config-sync':\n    to_group =\u003e \"DeviceGroup1\",\n  }\n~~~\n\n\n### f5_command\n\nSends an arbitrary command to an BIG-IP node. TMSH command has no `ensure =\u003e absent` functionality.It provides a way to execute native tmsh or bash commands ( using the REST API (/mgmt/tm/util/bash)\n\n#### Parameters\n\n###### name\n\nSpecifies the name.\n\nValid options: a string.\n\n##### description\n\nSets the description.\n\nValid options: a string.\n\n##### tmsh\n\nSpecifies the command to send to the remote BIG-IP device over the configured provider\n\n#### Example\n\n~~~puppet\n  f5_command { '/Common/tmsh':\n    tmsh  =\u003e \"tmsh create ltm node 2.2.2.2\",\n  }\n~~~\n\n### f5_persistencecookie\n\nManage Virtual server Cookie persistence profile\n\n#### Parameters\n\n###### name\n\nSpecifies the name of Cookie persistence profile to manage.\n\nValid options: a string.\n\n##### description\n\nSets the description of the Cookie persistence profile.\n\nValid options: a string.\n\n##### ensure\n\nDetermines whether the Cookie persistence profile resource is present or absent.\n\nValid options: 'present' or 'absent'.\n\n##### method\n\nSpecifies the type of cookie processing that the system uses. The default value is insert.\n\nValid options: 'insert', 'passive', 'rewrite'\n\n##### cookie_name\n\nSpecifies a unique name for the profile.\n\nValid options: a string.\n\n##### httponly\n\nSpecifies whether the httponly attribute should be enabled or disabled for the inserted cookies. The default value is enabled.\n\nValid options: 'enabled', 'disabled'\n\n##### secure\n\nSpecifies whether the secure attribute should be enabled or disabled for the inserted cookies\n\nValid options: 'enabled', 'disabled'\n\n##### always_send\n\nSpecifies, when enabled, that the cookie persistence entry will be sent to the client on every response, rather than only on the first response.\n\nValid options: 'enabled', 'disabled'\n\n##### expiration\n\nSpecifies the cookie expiration date in the format d:h:m:s, h:m:s, m:s or seconds. Hours 0-23, minutes 0-59, seconds 0-59. The time period must be less than 24856 days. You can use \"session-cookie\" (0 seconds) to indicate that the cookie expires when the browser closes.\n\n##### cookie_encryption\n\nSpecifies the way in which cookie format will be used: \"disabled\": generate old format,unencrypted, \"preferred\": generate encrypted cookie but accept both encrypted and old format, and \"required\": cookie format must be encrypted. Default is required.\n\nValid options: 'enabled', 'disabled'\n\n#### Example\n\n##### Create a Cookie persistence profile\n~~~puppet\n  f5_persistencecookie { '/Common/cookie1':\n    ensure            =\u003e 'present',\n    method            =\u003e 'insert',\n    cookie_name       =\u003e 'name1',\n    httponly          =\u003e 'enabled',\n    secure            =\u003e 'enabled',\n    always_send       =\u003e 'disabled',\n    expiration        =\u003e '0',\n    cookie_encryption =\u003e 'disabled',\n}\n~~~\n\n##### Delete a Cookie persistence profile\n~~~puppet\n  f5_persistencecookie { '/Common/cookie1':\n    ensure =\u003e 'absent',\n  }\n~~~\n\n### f5_persistencedestaddr\n\nManage Virtual server Destination Address Affinity persistence profile on a BIG-IP\n\n#### Parameters\n\n###### name\n\nSpecifies the name of Destination Address Affinity persistence profile to manage\n\nValid options: a string.\n\n##### description\n\nSets the description of the Destination Address Affinity persistence profile\n\nValid options: a string.\n\n##### ensure\n\nDetermines whether the persistence profile resource is present or absent.\n\nValid options: 'present' or 'absent'.\n\n##### match_across_pools\n\nSpecifies, when enabled, that the system can use any pool that contains this persistence record. The default value is disabled.\n\nValid options: 'enabled', 'disabled'\n\n##### match_across_services\n\nSpecifies, when enabled, that all persistent connections from a client IP address, which go to the same virtual IP address, also go to the same node. The default value is disabled.\n\nValid options: 'enabled', 'disabled'\n\n##### match_across_virtuals\n\nSpecifies, when enabled, that all persistent connections from the same client IP address go to the same node. The default value is disabled.\n\nValid options: 'enabled', 'disabled'\n\n##### hash_algorithm\n\nSpecifies whether the system uses the hash algorithm defined by the Cache Array Routing Protocol (CARP) to select a pool member.\n\nValid options: default, 'carp'.\n\n##### mask\n\nSpecifies an IP mask. This is the mask used by simple persistence for connections.\n\nValid options: Netmask\n\n##### timeout\n\nSpecifies the duration of the persistence entries. The default value is 180 seconds.\n\nValid options: an integer.\n\n##### override_connection_limit\n\nSpecifies, when enabled, that the pool member connection limits are not enforced for persisted clients. Per-virtual connection limits remain hard limits and are not disabled. The default value is disabled.\n\nValid options: 'enabled', 'disabled'\n\n\n#### Example\n\n##### Create Destination Address Affinity persistence profile\n~~~puppet\n  f5_persistencedestaddr { '/Common/dest_addr1':\n     ensure                    =\u003e 'present',\n     match_across_pools        =\u003e 'enabled',\n     match_across_services     =\u003e 'enabled',\n     match_across_virtuals     =\u003e 'enabled',\n     hash_algorithm            =\u003e 'carp',\n     mask                      =\u003e '255.255.0.0',\n     timeout                   =\u003e '180',\n     override_connection_limit =\u003e 'enabled',\n  }\n~~~\n\n##### Delete a Destination Address Affinity persistence profile\n~~~puppet\n  f5_persistencedestaddr { '/Common/dest_addr1':\n    ensure =\u003e 'absent',\n  }\n~~~\n\n### f5_persistencehash\n\nManage device groups on a BIG-IP. Managing device groups allows you to create HA pairs and clusters of BIG-IP devices.\n\n#### Parameters\n\n###### name\n\nSpecifies the name of device group to manage.\n\nValid options: a string.\n\n##### description\n\nSets the description of the device group.\n\nValid options: a string.\n\n##### ensure\n\nDetermines whether the device group resource is present or absent.\n\nValid options: 'present' or 'absent'.\n\n##### type\n\nSpecifies if the device-group will be used for failover or resource syncing\n\nValid options: a string.\n\n##### auto_sync\n\nSpecifies if the device-group will automatically sync configuration data to its members\n\nValid options: a string.\n\n##### devices\n\nAn array of devices to be added to the device group.\n\n#### Example\n\n##### Create a device group\n~puppet\n  f5_devicegroup{ '/Common/DeviceGroup1':\n    ensure    =\u003e 'present',\n    type      =\u003e 'sync-failover',\n    auto_sync =\u003e 'enabled',\n    devices   =\u003e [ \"bigip-a.f5.local\",\"bigip-b.f5.local\" ],\n  }\n~\n\n##### Delete a device group\n~puppet\n  f5_devicegroup{ '/Common/DeviceGroup1':\n    ensure =\u003e 'absent',\n  }\n~\n\n### f5_persistencesourceaddr\n\nManage device groups on a BIG-IP. Managing device groups allows you to create HA pairs and clusters of BIG-IP devices.\n\n#### Parameters\n\n###### name\n\nSpecifies the name of device group to manage.\n\nValid options: a string.\n\n##### description\n\nSets the description of the device group.\n\nValid options: a string.\n\n##### ensure\n\nDetermines whether the device group resource is present or absent.\n\nValid options: 'present' or 'absent'.\n\n##### type\n\nSpecifies if the device-group will be used for failover or resource syncing\n\nValid options: a string.\n\n##### auto_sync\n\nSpecifies if the device-group will automatically sync configuration data to its members\n\nValid options: a string.\n\n##### devices\n\nAn array of devices to be added to the device group.\n\n#### Example\n\n##### Create a device group\n~puppet\n  f5_devicegroup{ '/Common/DeviceGroup1':\n    ensure    =\u003e 'present',\n    type      =\u003e 'sync-failover',\n    auto_sync =\u003e 'enabled',\n    devices   =\u003e [ \"bigip-a.f5.local\",\"bigip-b.f5.local\" ],\n  }\n~\n\n##### Delete a device group\n~puppet\n  f5_devicegroup{ '/Common/DeviceGroup1':\n    ensure =\u003e 'absent',\n  }\n~\n\n### f5_persistencessl\n\nManage device groups on a BIG-IP. Managing device groups allows you to create HA pairs and clusters of BIG-IP devices.\n\n#### Parameters\n\n###### name\n\nSpecifies the name of device group to manage.\n\nValid options: a string.\n\n##### description\n\nSets the description of the device group.\n\nValid options: a string.\n\n##### ensure\n\nDetermines whether the device group resource is present or absent.\n\nValid options: 'present' or 'absent'.\n\n##### type\n\nSpecifies if the device-group will be used for failover or resource syncing\n\nValid options: a string.\n\n##### auto_sync\n\nSpecifies if the device-group will automatically sync configuration data to its members\n\nValid options: a string.\n\n##### devices\n\nAn array of devices to be added to the device group.\n\n#### Example\n\n##### Create a device group\n~puppet\n  f5_devicegroup{ '/Common/DeviceGroup1':\n    ensure    =\u003e 'present',\n    type      =\u003e 'sync-failover',\n    auto_sync =\u003e 'enabled',\n    devices   =\u003e [ \"bigip-a.f5.local\",\"bigip-b.f5.local\" ],\n  }\n~\n\n##### Delete a device group\n~puppet\n  f5_devicegroup{ '/Common/DeviceGroup1':\n    ensure =\u003e 'absent',\n  }\n~\n\n### f5_persistenceuniversal\n\nManage device groups on a BIG-IP. Managing device groups allows you to create HA pairs and clusters of BIG-IP devices.\n\n#### Parameters\n\n###### name\n\nSpecifies the name of device group to manage.\n\nValid options: a string.\n\n##### description\n\nSets the description of the device group.\n\nValid options: a string.\n\n##### ensure\n\nDetermines whether the device group resource is present or absent.\n\nValid options: 'present' or 'absent'.\n\n##### type\n\nSpecifies if the device-group will be used for failover or resource syncing\n\nValid options: a string.\n\n##### auto_sync\n\nSpecifies if the device-group will automatically sync configuration data to its members\n\nValid options: a string.\n\n##### devices\n\nAn array of devices to be added to the device group.\n\n#### Example\n\n##### Create a device group\n~puppet\n  f5_devicegroup{ '/Common/DeviceGroup1':\n    ensure    =\u003e 'present',\n    type      =\u003e 'sync-failover',\n    auto_sync =\u003e 'enabled',\n    devices   =\u003e [ \"bigip-a.f5.local\",\"bigip-b.f5.local\" ],\n  }\n~\n\n##### Delete a device group\n~puppet\n  f5_devicegroup{ '/Common/DeviceGroup1':\n    ensure =\u003e 'absent',\n  }\n~\n\n### f5_profilehttp\n\nManage Virtual server HTTP traffic profile\n\n#### Parameters\n\n###### name\n\nSpecifies the name of HTTP traffic profile to manage.\n\nValid options: a string.\n\n##### description\n\nSets the description of the HTTP traffic profile\n\nValid options: a string.\n\n##### ensure\n\nDetermines whether the HTTP traffic profile resource is present or absent.\n\nValid options: 'present' or 'absent'.\n\n##### fallback_host\n\nSpecifies an HTTP fallback host. HTTP redirection allows you to redirect HTTP traffic to another protocol identifier, host name, port number, or URI path. For example, if all members of the targeted pool are unavailable (that is, the members are disabled, marked as down, or have exceeded their connection limit), the system can redirect the HTTP request to the fallback host, with the HTTP reply Status Code 302 Found.\n\nValid options: a string.\n\n##### fallback_status_codes\n\nSpecifies one or more three-digit status codes that can be returned by an HTTP server.\n\nValid options: a string.\n\n#### Example\n\n##### Create a HTTP traffic profile\n~~~puppet\n    f5_profilehttp { '/Common/http-profile_1':\n       ensure                          =\u003e 'present',\n       fallback_host                   =\u003e \"redirector.siterequest.com\",\n       fallback_status_codes           =\u003e ['500'],\n    }\n~~~\n\n##### Delete a HTTP traffic profile\n~~~puppet\n    f5_profilehttp { '/Common/http-profile_1':\n      ensure =\u003e 'absent',\n    }\n~~~\n\n### f5_profileclientssl\n\nManage Virtual server client-side proxy SSL profile\n\n#### Parameters\n\n###### name\n\nSpecifies the name of client-side proxy SSL profile to manage.\n\nValid options: a string.\n\n##### description\n\nSets the description of the client-side proxy SSL profile\n\nValid options: a string.\n\n##### ensure\n\nDetermines whether the client-side proxy SSL profile resource is present or absent.\n\nValid options: 'present' or 'absent'.\n\n##### cert\n\nSpecifies the name of the certificate installed on the traffic management system for the purpose of terminating or initiating an SSL connection.\n\nValid options: a string.\n\n##### key\n\nSpecifies the name of a key file that you generated and installed on the system. The default key name is default.key.\n\nValid options: a string.\n\n##### proxy_ssl\n\nEnables proxy SSL mode, which requires a corresponding server SSL profile with proxy-ssl enabled to allow for modification of application data within an SSL tunnel.o\n\nValid options: 'enabled', 'disabled'\n\n##### proxy_ssl_passthrough\n\nEnables proxy SSL passthrough mode, which requires a corresponding server SSL profile with proxy-ssl-passthrough enabled to allow for modification of application data within an SSL tunnel.\n\nValid options: 'enabled', 'disabled'\n\n#### Example\n\n##### Create a client-side proxy SSL profile\n~~~puppet\n    f5_profileclientssl {'/Common/clientssl-profile1':\n       ensure                          =\u003e 'present',\n       cert                            =\u003e\"/Common/default.crt\",\n       key                             =\u003e\"/Common/default.key\",\n       proxy_ssl                       =\u003e 'enabled',\n       proxy_ssl_passthrough           =\u003e 'enabled',\n    }\n~~~\n\n##### Delete a device group\n~~~puppet\n    f5_profileclientssl {'/Common/clientssl-profile1':\n      ensure =\u003e 'absent',\n    }\n~~~\n\n### f5_profileserverssl\n\nManage Virtual server server-side proxy SSL profile\n\n#### Parameters\n\n###### name\n\nSpecifies the name of Virtual server server-side proxy SSL profile to manage.\n\nValid options: a string.\n\n##### description\n\nSets the description of the Virtual server server-side proxy SSL profile\n\nValid options: a string.\n\n##### ensure\n\nDetermines whether the Virtual server server-side proxy SSL profile resource is present or absent.\n\nValid options: 'present' or 'absent'.\n\n##### cert\n\nSpecifies the name of the certificate installed on the traffic management system for the purpose of terminating or initiating an SSL connection. The default value is none.\n\nValid options: a string.\n\n##### key\n\nSpecifies the name of the key installed on the traffic management system for the purpose of terminating or initiating an SSL connection. The default value is none.\n\nValid options: a string.\n\n##### proxy_ssl\n\nEnables proxy SSL mode, which requires a corresponding client SSL profile with proxy-ssl enabled to allow for modification of application data within an SSL tunnel.\n\nValid options: 'enabled', 'disabled'\n\n##### proxy_ssl_passthrough\n\nEnables proxy SSL passthrough mode, which requires a corresponding client SSL profile with proxy-ssl-passthrough enabled to allow for modification of application data within an SSL tunnel.\n\nValid options: 'enabled', 'disabled'\n\n#### Example\n\n##### Create a server-side proxy SSL profile\n~~~puppet\n    f5_profileserverssl {'/Common/serverssl-profile1':\n       ensure                          =\u003e 'present',\n       cert                            =\u003e\"/Common/default.crt\",\n       key                             =\u003e\"/Common/default.key\",\n       proxy_ssl                       =\u003e 'enabled',\n       proxy_ssl_passthrough           =\u003e 'enabled',\n    }\n~~~\n\n##### Delete a server-side proxy SSL profile\n~~~puppet\n    f5_profileserverssl {'/Common/serverssl-profile1':\n      ensure =\u003e 'absent',\n    }\n~~~\n\n### f5_sslkey\n\nImport SSL keys from BIG-IP. This is achieved by using tmsh mvcommand, and hence has no ensure =\u003e absent functionality.\n\n#### Parameters\n\n###### name\n\nSpecifies the name of SSL key to manage.\n\nValid options: a string.\n\n##### description\n\nSets the description of the SSL key.\n\nValid options: a string.\n\n##### keyname\n\nSpecifies name of the key\n\nValid options: a string.\n\n##### from_local_file\n\nSpecifies the exiting key file with full path that the system extracts the key text from.\n\nValid options: a string.\n\n#### Example\n\n##### Create an SSL key\n~~~puppet\nf5_sslkey { '/Common/sslkey':\n    keyname  =\u003e \"test\",\n    from_local_file =\u003e \"/var/tmp/test.key\",\n}\n~~~\n\n\n### f5_sslcertificate\n\nImport SSL certificate from BIG-IP. This is achieved by using tmsh mvcommand, and hence has no ensure =\u003e absent functionality.\n\n#### Parameters\n\n###### name\n\nSpecifies the name of SSL certificate to manage.\n\nValid options: a string.\n\n##### description\n\nSets the description of the SSL certificate.\n\nValid options: a string.\n\n##### certificate_name\n\nSpecifies the name of the certificate\n\nValid options: a string.\n\n##### rom_local_file\n\nSpecifies the exiting certificate file with full path that the system extracts the certificate text from.\n\nValid options: a string.\n\n\n#### Example\n\n##### Create an SSL certificate\n~~~puppet\nf5_sslcertificate { '/Common/sslcertificate':\n    certificate_name  =\u003e \"test\",\n    from_local_file =\u003e \"/var/tmp/test.crt\",\n}\n~~~\n\n### f5_snat\n\nManage Secure network address translation (SNAT)\n\n#### Parameters\n\n###### name\n\nSpecifies the name of SNAT\n\nValid options: a string.\n\n##### description\n\nSets the description of the SNAT.\n\nValid options: a string.\n\n##### ensure\n\nDetermines whether the SNAT resource is present or absent.\n\nValid options: 'present' or 'absent'.\n\n##### snatpool\n\nSpecifies the name of a SNAT pool. You can only use this option when automap and translation are not used.\n\nValid options: a string.\n\n##### origins\n\nSpecifies, for each SNAT that you create, the origin addresses that are to be members of that SNAT.\n\nValid options: an array\n\n#### Example\n\n##### Create SNAT\n~~~puppet\n    f5_snat { '/Common/snat_list1':\n       ensure   =\u003e 'present',\n       snatpool =\u003e ['/Common/snat_pool1'],\n       origins  =\u003e [{\"name\"=\u003e\"10.0.0.0/8\"}],\n    }\n~~~\n\n##### Delete SNAT\n~~~puppet\n    f5_snatpool { '/Common/snat_pool1':\n      ensure =\u003e 'absent',\n    }\n~~~\n\n### f5_snatpool\n\nManage SNAT pools on a BIG-IP\n\n#### Parameters\n\n###### name\n\nSpecifies the name of the SNAT pool member.\n\nValid options: a string.\n\n##### description\n\nSets the description of the SNAT pool.\n\nValid options: a string.\n\n##### ensure\n\nDetermines whether the SNAT pool resource is present or absent.\n\nValid options: 'present' or 'absent'.\n\n##### members\n\nAn array of SNAT pool members that belong to this SNAT pool.\n\n#### Example\n\n##### Create a device group\n~~~puppet\n  f5_snatpool { '/Common/snat_pool1':\n    ensure  =\u003e 'present',\n    members =\u003e [\"/Common/1.1.1.1\", \"/Common/1.1.1.2\", \"/Common/1.1.1.3\"],\n  }\n~~~\n\n##### Delete a device group\n~~~puppet\n  f5_snatpool { '/Common/snat_pool1':\n    ensure =\u003e 'absent',\n  }\n~~~\n\n### f5_datagroup\n\nManage Internal data group\n\n#### Parameters\n\n###### name\n\nSpecifies the name of Internal data group to manage.\n\nValid options: a string.\n\n##### description\n\nSets the description of the Internal data group\n\nValid options: a string.\n\n##### ensure\n\nDetermines whether the Internal data group resource is present or absent.\n\nValid options: 'present' or 'absent'.\n\n##### type\n\nSpecifies the type of data group.\n\nValid options: 'ip','string', 'integer'\n\n##### records\n\nSpecifies an IP address, or string  of the string record, or  integer value for the integer record to add to the data group.\n\n#### Example\n\n##### Create Internal data group\n~~~puppet\n    f5_datagroup { '/Common/datagroup1':\n       ensure                          =\u003e 'present',\n       type                            =\u003e 'ip',\n       records                         =\u003e [{'data' =\u003e '', 'name' =\u003e '64.12.96.0/19'}, {'data' =\u003e '', 'name' =\u003e '195.93.16.0/20'}],\n    }\n\n    f5_datagroup { '/Common/datagroup2':\n       ensure                          =\u003e 'present',\n       type                            =\u003e 'string',\n       records                         =\u003e [{'data' =\u003e '', 'name' =\u003e '.gif'}, {'data' =\u003e '', 'name' =\u003e '.jpg'}],\n    }\n\n    f5_datagroup { '/Common/datagroup3':\n       ensure                          =\u003e 'present',\n       type                            =\u003e 'integer',\n       records                         =\u003e [{'data' =\u003e '', 'name' =\u003e '1'}, {'data' =\u003e '', 'name' =\u003e '2'}],\n    }\n~~~\n\n##### Delete Internal data group\n~~~puppet\n    f5_datagroup { '/Common/datagroup1':\n      ensure =\u003e 'absent',\n    }\n    f5_datagroup { '/Common/datagroup2':\n      ensure =\u003e 'absent',\n    }\n    f5_datagroup { '/Common/datagroup3':\n      ensure =\u003e 'absent',\n    }\n~~~\n\n### f5_datagroupexternal\n\nManage External data group\n\n#### Parameters\n\n###### name\n\nSpecifies the name of External data group  to manage.\n\nValid options: a string.\n\n##### description\n\nSets the description of the External data group\n\nValid options: a string.\n\n##### ensure\n\nDetermines whether the device group resource is present or absent.\n\nValid options: 'present' or 'absent'.\n\n##### external_file_name\n\nSpecifies an external data group file.\n\nValid options: a string.\n\n#### Example\n\n##### Create an external data group\n~~~puppet\n    f5_datagroupexternal { '/Common/datagroupext1':\n      ensure             =\u003e 'present',\n      external_file_name =\u003e '/Common/add_dg1',\n    }\n~~~\n\n##### Delete an external data group\n~~~puppet\n    f5_datagroupexternal { '/Common/datagroupext1':\n      ensure =\u003e 'absent',\n    }\n~~~\n\n## Limitations\n\nF5 version v12.1 or greater.\nPuppet Enterprise: 2016.4.x or greater.\n\n## Development\n\nPuppet modules on the Puppet Forge are open projects, and community contributions are essential for keeping them great. Please follow our guidelines when contributing changes.\nFor more information, see our [module contribution guide.](https://docs.puppetlabs.com/forge/contributing.html)\n\n## Support\nSupport for this module is provided by the F5 community. To file an issue, please visit this [link](https://github.com/f5devcentral/f5-puppet/issues/new), and a contributor may be able to help. This is not actively developed by F5 at this time.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ff5devcentral%2Ff5-puppet","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ff5devcentral%2Ff5-puppet","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ff5devcentral%2Ff5-puppet/lists"}