azure.azcollection.azure_rm_loadbalancer module – Manage Azure load balancers
Note
This module is part of the azure.azcollection collection (version 3.1.0).
You might already have this collection installed if you are using the ansible
package.
It is not included in ansible-core
.
To check whether it is installed, run ansible-galaxy collection list
.
To install it, use: ansible-galaxy collection install azure.azcollection
.
You need further requirements to be able to use this module,
see Requirements for details.
To use it in a playbook, specify: azure.azcollection.azure_rm_loadbalancer
.
New in azure.azcollection 0.1.2
Synopsis
Create, update and delete Azure load balancers.
Requirements
The below requirements are needed on the host that executes this module.
python >= 2.7
The host that executes this module must have the azure.azcollection collection installed via galaxy
All python packages listed in collection’s requirements.txt must be installed via pip on the host that executes modules from azure.azcollection
Full installation instructions may be found https://galaxy.ansible.com/azure/azcollection
Parameters
Parameter |
Comments |
---|---|
Active Directory username. Use when authenticating with an Active Directory user rather than service principal. |
|
Azure AD authority url. Use when authenticating with Username/password, and has your own ADFS authority. |
|
Selects an API profile to use when communicating with Azure services. Default value of Default: |
|
Use to control if tags field is canonical or just appends to existing tags. When canonical, any tags not found in the tags parameter will be removed from the object’s metadata. Choices:
|
|
Controls the source of the credentials to use for authentication. Can also be set via the When set to When set to When set to When set to When set to The Choices:
|
|
List of backend address pools. |
|
Name of the backend address pool. |
|
Controls the certificate validation behavior for Azure endpoints. By default, all modules will validate the server certificate, but when an HTTPS proxy is in use, or against Azure Stack, it may be necessary to disable this behavior by passing Choices:
|
|
Azure client ID. Use when authenticating with a Service Principal or Managed Identity (msi). Can also be set via the |
|
For cloud environments other than the US public cloud, the environment name (as defined by Azure Python SDK, eg, Default: |
|
Determines whether or not instance discovery is performed when attempting to authenticate. Setting this to true will completely disable both instance discovery and authority validation. This functionality is intended for use in scenarios where the metadata endpoint cannot be reached such as in private clouds or Azure Stack. The process of instance discovery entails retrieving authority metadata from https://login.microsoft.com/ to validate the authority. By setting this to **True**, the validation of the authority is disabled. As a result, it is crucial to ensure that the configured authority host is valid and trustworthy. Set via credential file profile or the Choices:
|
|
List of frontend IPs to be used. |
|
Name of the frontend ip configuration. |
|
The reference of the Public IP resource. |
|
The Private IP allocation method. Choices:
|
|
Name of an existing public IP address object in the current resource group to associate with the security group. |
|
The reference of the subnet resource. Should be an existing subnet’s resource id. |
|
list of availability zones denoting the IP allocated for the resource needs to come from. This must be specified sku=Standard and subnet when setting zones. |
|
Defines an external port range for inbound NAT to a single backend port on NICs associated with a load balancer. Inbound NAT rules are created automatically for each NIC associated with the Load Balancer using an external port from this range. Defining an Inbound NAT pool on your Load Balancer is mutually exclusive with defining inbound Nat rules. Inbound NAT pools are referenced from virtual machine scale sets. NICs that are associated with individual virtual machines cannot reference an inbound NAT pool. They have to reference individual inbound NAT rules. |
|
The port used for internal connections on the endpoint. Acceptable values are between 1 and 65535. |
|
A reference to frontend IP addresses. |
|
The last port in the range of external ports that will be used to provide inbound NAT to NICs associated with the load balancer. Acceptable values range between 1 and 65535. |
|
The first port in the range of external ports that will be used to provide inbound NAT to NICs associated with the load balancer. Acceptable values range between 1 and 65534. |
|
Name of the inbound NAT pool. |
|
IP protocol for the NAT pool. Choices:
|
|
Collection of inbound NAT Rules used by a load balancer. Defining inbound NAT rules on your load balancer is mutually exclusive with defining an inbound NAT pool. Inbound NAT pools are referenced from virtual machine scale sets. NICs that are associated with individual virtual machines cannot reference an Inbound NAT pool. They have to reference individual inbound NAT rules. |
|
The port used for internal connections on the endpoint. Acceptable values are between 0 and 65535. Note that value 0 enables “Any Port”. |
|
Configures a virtual machine’s endpoint for the floating IP capability required to configure a SQL AlwaysOn Availability Group. This setting is required when using the SQL AlwaysOn Availability Groups in SQL server. This setting can’t be changed after you create the endpoint. Choices:
|
|
Receive bidirectional TCP Reset on TCP flow idle timeout or unexpected connection termination. This element is only used when protocol=Tcp. Choices:
|
|
A reference to frontend IP addresses. |
|
The port for the external endpoint. Frontend port numbers must be unique across all rules within the load balancer. Acceptable values are between 0 and 65534. Note that value 0 enables “Any Port”. |
|
The timeout for the TCP idle connection. The value can be set between 4 and 30 minutes. The default value is This element is only used when protocol=Tcp. |
|
name of the inbound nat rule. |
|
IP protocol for the inbound nat rule. Choices:
|
|
Object collection representing the load balancing rules Gets the provisioning. |
|
A reference to a pool of DIPs. Inbound traffic is randomly load balanced across IPs in the backend IPs. |
|
The port used for internal connections on the endpoint. Acceptable values are between 0 and 65535. Note that value 0 enables “Any Port”. |
|
Configure outbound source network address translation (SNAT). The default behavior when omitted is equivalent to disable_outbound_snat=True. True is equivalent to “(Recommended) Use outbound rules to provide backend pool members access to the internet” in portal. False is equivalent to “Use default outbound access” in portal. Choices:
|
|
Configures a virtual machine’s endpoint for the floating IP capability required to configure a SQL AlwaysOn Availability Group. Choices:
|
|
A reference to frontend IP addresses. |
|
The port for the external endpoint. Frontend port numbers must be unique across all rules within the load balancer. Acceptable values are between 0 and 65534. Note that value 0 enables “Any Port”. |
|
The timeout for the TCP idle connection. The value can be set between 4 and 30 minutes. The default value is This element is only used when the protocol is set to TCP. Default: |
|
The session persistence policy for this rule; Choices:
|
|
Name of the load balancing rule. |
|
The name of the load balancer probe this rule should use for health checks. |
|
IP protocol for the load balancing rule. Choices:
|
|
Valid Azure location. Defaults to location of the resource group. |
|
Parent argument. |
|
Parent argument. |
|
Name of the load balancer. |
|
Active Directory user password. Use when authenticating with an Active Directory user rather than service principal. |
|
List of probe definitions used to check endpoint health. |
|
The number of probes where if no response, will result in stopping further traffic from being delivered to the endpoint. This values allows endpoints to be taken out of rotation faster or slower than the typical times used in Azure. Default: |
|
The interval, in seconds, for how frequently to probe the endpoint for health status. Slightly less than half the allocated timeout period, which allows two full probes before taking the instance out of rotation. The default value is Default: |
|
Name of the probe. |
|
Probe port for communicating the probe. Possible values range from 1 to 65535, inclusive. |
|
The protocol of the end point to be probed. If If Choices:
|
|
The URI used for requesting health status from the VM. Path is required if protocol=Http or protocol=Https. Otherwise, it is not allowed. |
|
Security profile found in ~/.azure/credentials file. |
|
Name of a resource group where the load balancer exists or will be created. |
|
Azure client secret. Use when authenticating with a Service Principal. |
|
The load balancer SKU. Choices:
|
|
Assert the state of the load balancer. Use Choices:
|
|
Your Azure subscription Id. |
|
Dictionary of string:string pairs to assign as metadata to the object. Metadata tags on the object will be updated with any provided values. To remove tags set append_tags option to false. Currently, Azure DNS zones and Traffic Manager services also don’t allow the use of spaces in the tag. Azure Front Door doesn’t support the use of Azure Automation and Azure CDN only support 15 tags on resources. |
|
Azure tenant ID. Use when authenticating with a Service Principal. |
|
The thumbprint of the private key specified in x509_certificate_path. Use when authenticating with a Service Principal. Required if x509_certificate_path is defined. |
|
Path to the X509 certificate used to create the service principal in PEM format. The certificate must be appended to the private key. Use when authenticating with a Service Principal. |
Notes
Note
For authentication with Azure you can pass parameters, set environment variables, use a profile stored in ~/.azure/credentials, or log in before you run your tasks or playbook with
az login
.Authentication is also possible using a service principal or Active Directory user.
To authenticate via service principal, pass subscription_id, client_id, secret and tenant or set environment variables AZURE_SUBSCRIPTION_ID, AZURE_CLIENT_ID, AZURE_SECRET and AZURE_TENANT.
To authenticate via Active Directory user, pass ad_user and password, or set AZURE_AD_USER and AZURE_PASSWORD in the environment.
Alternatively, credentials can be stored in ~/.azure/credentials. This is an ini file containing a [default] section and the following keys: subscription_id, client_id, secret and tenant or subscription_id, ad_user and password. It is also possible to add additional profiles. Specify the profile by passing profile or setting AZURE_PROFILE in the environment.
See Also
See also
- Sign in with Azure CLI
How to authenticate using the
az login
command.
Examples
- name: create load balancer
azure_rm_loadbalancer:
resource_group: myResourceGroup
name: testloadbalancer1
frontend_ip_configurations:
- name: frontendipconf0
public_ip_address: testpip
backend_address_pools:
- name: backendaddrpool0
probes:
- name: prob0
port: 80
inbound_nat_pools:
- name: inboundnatpool0
frontend_ip_configuration_name: frontendipconf0
protocol: Tcp
frontend_port_range_start: 80
frontend_port_range_end: 81
backend_port: 8080
load_balancing_rules:
- name: lbrbalancingrule0
frontend_ip_configuration: frontendipconf0
backend_address_pool: backendaddrpool0
frontend_port: 80
backend_port: 80
probe: prob0
inbound_nat_rules:
- name: inboundnatrule0
backend_port: 8080
protocol: Tcp
frontend_port: 8080
frontend_ip_configuration: frontendipconf0
Return Values
Common return values are documented here, the following are the fields unique to this module:
Key |
Description |
---|---|
Whether or not the resource has changed. Returned: always |
|
Current state of the load balancer. Returned: always |