ngine_io.cloudstack.cs_securitygroup_rule module – Manages security group rules on Apache CloudStack based clouds.
Note
This module is part of the ngine_io.cloudstack collection (version 2.5.0).
You might already have this collection installed if you are using the ansible package.
It is not included in ansible-core.
To check whether it is installed, run ansible-galaxy collection list.
To install it, use: ansible-galaxy collection install ngine_io.cloudstack.
You need further requirements to be able to use this module,
see Requirements for details.
To use it in a playbook, specify: ngine_io.cloudstack.cs_securitygroup_rule.
New in ngine_io.cloudstack 0.1.0
Synopsis
Add and remove security group rules.
Requirements
The below requirements are needed on the host that executes this module.
python >= 2.6
cs >= 0.9.0
Parameters
Parameter |
Comments |
|---|---|
HTTP method used to query the API endpoint. If not given, the Choices:
|
|
API key of the CloudStack API. If not given, the |
|
Secret key of the CloudStack API. If not set, the |
|
HTTP timeout in seconds. If not given, the Default: |
|
URL of the CloudStack API e.g. https://cloud.example.com/client/api. If not given, the |
|
Verify CA authority cert file. If not given, the |
|
CIDR (full notation) to be used for security group rule. Default: |
|
End port for this rule. Required if protocol=tcp or protocol=udp, but start_port will be used if not set. |
|
Error code for this icmp message. Required if protocol=icmp. |
|
Type of the icmp message being sent. Required if protocol=icmp. |
|
Poll async jobs until job has finished. Choices:
|
|
Name of the project the security group to be created in. |
|
Protocol of the security group rule. Choices:
|
|
Name of the security group the rule is related to. The security group must be existing. |
|
Start port for this rule. Required if protocol=tcp or protocol=udp. |
|
State of the security group rule. Choices:
|
|
Ingress or egress security group rule. Choices:
|
|
Security group this rule is based of. |
|
If If not given, the This should only be used on personally controlled sites using self-signed certificates. Choices:
|
Notes
Note
A detailed guide about cloudstack modules can be found in the CloudStack Cloud Guide.
This module supports check mode.
Examples
---
- name: allow inbound port 80/tcp from 1.2.3.4 added to security group 'default'
ngine_io.cloudstack.cs_securitygroup_rule:
security_group: default
port: 80
cidr: 1.2.3.4/32
- name: allow tcp/udp outbound added to security group 'default'
ngine_io.cloudstack.cs_securitygroup_rule:
security_group: default
type: egress
start_port: 1
end_port: 65535
protocol: '{{ item }}'
with_items:
- tcp
- udp
- name: allow inbound icmp from 0.0.0.0/0 added to security group 'default'
ngine_io.cloudstack.cs_securitygroup_rule:
security_group: default
protocol: icmp
icmp_code: -1
icmp_type: -1
- name: remove rule inbound port 80/tcp from 0.0.0.0/0 from security group 'default'
ngine_io.cloudstack.cs_securitygroup_rule:
security_group: default
port: 80
state: absent
- name: allow inbound port 80/tcp from security group web added to security group 'default'
ngine_io.cloudstack.cs_securitygroup_rule:
security_group: default
port: 80
user_security_group: web
Return Values
Common return values are documented here, the following are the fields unique to this module:
Key |
Description |
|---|---|
CIDR of the rule. Returned: success and cidr is defined Sample: |
|
end port of the rule. Returned: success Sample: |
|
UUID of the of the rule. Returned: success Sample: |
|
protocol of the rule. Returned: success Sample: |
|
security group of the rule. Returned: success Sample: |
|
start port of the rule. Returned: success Sample: |
|
type of the rule. Returned: success Sample: |
|
user security group of the rule. Returned: success and user_security_group is defined Sample: |