openstack.cloud.security_group_rule – Add/Delete rule from an existing security group¶
Note
This plugin is part of the openstack.cloud collection (version 1.2.1).
To install it use: ansible-galaxy collection install openstack.cloud
.
To use it in a playbook, specify: openstack.cloud.security_group_rule
.
Requirements¶
The below requirements are needed on the host that executes this module.
openstacksdk
openstacksdk >= 0.12.0
python >= 3.6
Parameters¶
Notes¶
Note
The standard OpenStack environment variables, such as
OS_USERNAME
may be used instead of providing explicit values.Auth information is driven by openstacksdk, which means that values can come from a yaml config file in /etc/ansible/openstack.yaml, /etc/openstack/clouds.yaml or ~/.config/openstack/clouds.yaml, then from standard environment variables, then finally by explicit parameters in plays. More information can be found at https://docs.openstack.org/openstacksdk/
Examples¶
# Create a security group rule
- openstack.cloud.security_group_rule:
cloud: mordred
security_group: foo
protocol: tcp
port_range_min: 80
port_range_max: 80
remote_ip_prefix: 0.0.0.0/0
# Create a security group rule for ping
- openstack.cloud.security_group_rule:
cloud: mordred
security_group: foo
protocol: icmp
remote_ip_prefix: 0.0.0.0/0
# Another way to create the ping rule
- openstack.cloud.security_group_rule:
cloud: mordred
security_group: foo
protocol: icmp
port_range_min: -1
port_range_max: -1
remote_ip_prefix: 0.0.0.0/0
# Create a TCP rule covering all ports
- openstack.cloud.security_group_rule:
cloud: mordred
security_group: foo
protocol: tcp
port_range_min: 1
port_range_max: 65535
remote_ip_prefix: 0.0.0.0/0
# Another way to create the TCP rule above (defaults to all ports)
- openstack.cloud.security_group_rule:
cloud: mordred
security_group: foo
protocol: tcp
remote_ip_prefix: 0.0.0.0/0
# Create a rule for VRRP with numbered protocol 112
- openstack.cloud.security_group_rule:
security_group: loadbalancer_sg
protocol: 112
remote_group: loadbalancer-node_sg
# Create a security group rule for a given project
- openstack.cloud.security_group_rule:
cloud: mordred
security_group: foo
protocol: icmp
remote_ip_prefix: 0.0.0.0/0
project: myproj
# Remove the default created egress rule for IPv4
- openstack.cloud.security_group_rule:
cloud: mordred
security_group: foo
protocol: any
remote_ip_prefix: 0.0.0.0/0
Return Values¶
Common return values are documented here, the following are the fields unique to this module:
Authors¶
OpenStack Ansible SIG