azure_rm_appgateway – Manage Application Gateway instance.

New in version 2.7.

Synopsis

  • Create, update and delete instance of Application Gateway.

Requirements

The below requirements are needed on the host that executes this module.

  • python >= 2.7
  • azure >= 2.0.0

Parameters

Parameter Choices/Defaults Comments
ad_user
-
Active Directory username. Use when authenticating with an Active Directory user rather than service principal.
adfs_authority_url
-
added in 2.6
Default:
null
Azure AD authority url. Use when authenticating with Username/password, and has your own ADFS authority.
api_profile
-
added in 2.5
Default:
"latest"
Selects an API profile to use when communicating with Azure services. Default value of latest is appropriate for public clouds; future values will allow use with Azure Stack.
append_tags
boolean
    Choices:
  • no
  • yes ←
Use to control if tags field is canonical or just appends to existing tags. When canonical, any tags not found in the tags parameter will be removed from the object's metadata.
auth_source
-
added in 2.5
    Choices:
  • auto
  • cli
  • credential_file
  • env
  • msi
Controls the source of the credentials to use for authentication.
If not specified, ANSIBLE_AZURE_AUTH_SOURCE environment variable will be used and default to auto if variable is not defined.
auto will follow the default precedence of module parameters -> environment variables -> default profile in credential file ~/.azure/credentials.
When set to cli, the credentials will be sources from the default Azure CLI profile.
Can also be set via the ANSIBLE_AZURE_AUTH_SOURCE environment variable.
When set to msi, the host machine must be an azure resource with an enabled MSI extension. subscription_id or the environment variable AZURE_SUBSCRIPTION_ID can be used to identify the subscription ID if the resource is granted access to more than one subscription, otherwise the first subscription is chosen.
The msi was added in Ansible 2.6.
authentication_certificates
-
Authentication certificates of the application gateway resource.
data
-
Certificate public data - base64 encoded pfx
name
-
Name of the resource that is unique within a resource group. This name can be used to access the resource.
backend_address_pools
-
List of backend address pool of the application gateway resource.
backend_addresses
-
List of backend addresses
fqdn
-
Fully qualified domain name (FQDN).
ip_address
-
IP address
name
-
Resource that is unique within a resource group. This name can be used to access the resource.
backend_http_settings_collection
-
Backend http settings of the application gateway resource.
affinity_cookie_name
-
Cookie name to use for the affinity cookie.
authentication_certificates
-
List of references to application gateway authentication certificates.
id
-
Resource ID.
cookie_based_affinity
-
    Choices:
  • enabled
  • disabled
Cookie based affinity.
host_name
-
Host header to be sent to the backend servers.
name
-
Name of the resource that is unique within a resource group. This name can be used to access the resource.
path
-
Path which should be used as a prefix for all http requests. Null means no path will be prefixed. Default value is null.
pick_host_name_from_backend_address
-
Whether to pick host header should be picked from the host name of the backend server. Default value is false.
port
-
Port
protocol
-
    Choices:
  • http
  • https
Protocol.
request_timeout
-
Request timeout in seconds. Application Gateway will fail the request if response is not received within RequestTimeout. Acceptable va lues are from 1 second to 86400 seconds.
cert_validation_mode
-
added in 2.5
    Choices:
  • validate
  • ignore
Controls the certificate validation behavior for Azure endpoints. By default, all modules will validate the server certificate, but when an HTTPS proxy is in use, or against Azure Stack, it may be necessary to disable this behavior by passing ignore. Can also be set via credential file profile or the AZURE_CERT_VALIDATION environment variable.
client_id
-
Azure client ID. Use when authenticating with a Service Principal.
cloud_environment
-
added in 2.4
Default:
"AzureCloud"
For cloud environments other than the US public cloud, the environment name (as defined by Azure Python SDK, eg, AzureChinaCloud, AzureUSGovernment), or a metadata discovery endpoint URL (required for Azure Stack). Can also be set via credential file profile or the AZURE_CLOUD_ENVIRONMENT environment variable.
frontend_ip_configurations
-
Frontend IP addresses of the application gateway resource.
name
-
Name of the resource that is unique within a resource group. This name can be used to access the resource.
private_ip_address
-
PrivateIPAddress of the network interface IP Configuration.
private_ip_allocation_method
-
    Choices:
  • static
  • dynamic
PrivateIP allocation method.
public_ip_address
-
Reference of the PublicIP resource.
subnet
-
Reference of the subnet resource.
frontend_ports
-
List of frontend ports of the application gateway resource.
name
-
Name of the resource that is unique within a resource group. This name can be used to access the resource.
port
-
Frontend port
gateway_ip_configurations
-
List of subnets used by the application gateway.
name
-
Name of the resource that is unique within a resource group. This name can be used to access the resource.
subnet
-
Reference of the subnet resource. A subnet from where application gateway gets its private address.
http_listeners
-
List of HTTP listeners of the application gateway resource.
frontend_ip_configuration
-
Frontend IP configuration resource of an application gateway.
frontend_port
-
Frontend port resource of an application gateway.
host_name
-
Host name of http listener.
name
-
Name of the resource that is unique within a resource group. This name can be used to access the resource.
protocol
-
    Choices:
  • http
  • https
Protocol.
require_server_name_indication
-
Applicable only if protocol is https. Enables SNI for multi-hosting.
ssl_certificate
-
SSL certificate resource of an application gateway.
location
-
Resource location. If not set, location from the resource group will be used as default.
name
- / required
The name of the application gateway.
password
-
Active Directory user password. Use when authenticating with an Active Directory user rather than service principal.
profile
-
Security profile found in ~/.azure/credentials file.
request_routing_rules
-
List of request routing rules of the application gateway resource.
backend_address_pool
-
Backend address pool resource of the application gateway.
backend_http_settings
-
Frontend port resource of the application gateway.
http_listener
-
Http listener resource of the application gateway.
name
-
Name of the resource that is unique within a resource group. This name can be used to access the resource.
rule_type
-
    Choices:
  • basic
  • path_based_routing
Rule type.
resource_group
- / required
The name of the resource group.
secret
-
Azure client secret. Use when authenticating with a Service Principal.
sku
-
SKU of the application gateway resource.
capacity
-
Capacity (instance count) of an application gateway.
name
-
    Choices:
  • standard_small
  • standard_medium
  • standard_large
  • waf_medium
  • waf_large
Name of an application gateway SKU.
tier
-
    Choices:
  • standard
  • waf
Tier of an application gateway.
ssl_certificates
-
SSL certificates of the application gateway resource.
data
-
Base-64 encoded pfx certificate.
name
-
Name of the resource that is unique within a resource group. This name can be used to access the resource.
password
-
Password for the pfx file specified in data.
ssl_policy
-
SSL policy of the application gateway resource.
cipher_suites
-
    Choices:
  • tls_ecdhe_rsa_with_aes_256_gcm_sha384
  • tls_ecdhe_rsa_with_aes_128_gcm_sha256
  • tls_ecdhe_rsa_with_aes_256_cbc_sha384
  • tls_ecdhe_rsa_with_aes_128_cbc_sha256
  • tls_ecdhe_rsa_with_aes_256_cbc_sha
  • tls_ecdhe_rsa_with_aes_128_cbc_sha
  • tls_dhe_rsa_with_aes_256_gcm_sha384
  • tls_dhe_rsa_with_aes_128_gcm_sha256
  • tls_dhe_rsa_with_aes_256_cbc_sha
  • tls_dhe_rsa_with_aes_128_cbc_sha
  • tls_rsa_with_aes_256_gcm_sha384
  • tls_rsa_with_aes_128_gcm_sha256
  • tls_rsa_with_aes_256_cbc_sha256
  • tls_rsa_with_aes_128_cbc_sha256
  • tls_rsa_with_aes_256_cbc_sha
  • tls_rsa_with_aes_128_cbc_sha
  • tls_ecdhe_ecdsa_with_aes_256_gcm_sha384
  • tls_ecdhe_ecdsa_with_aes_128_gcm_sha256
  • tls_ecdhe_ecdsa_with_aes_256_cbc_sha384
  • tls_ecdhe_ecdsa_with_aes_128_cbc_sha256
  • tls_ecdhe_ecdsa_with_aes_256_cbc_sha
  • tls_ecdhe_ecdsa_with_aes_128_cbc_sha
  • tls_dhe_dss_with_aes_256_cbc_sha256
  • tls_dhe_dss_with_aes_128_cbc_sha256
  • tls_dhe_dss_with_aes_256_cbc_sha
  • tls_dhe_dss_with_aes_128_cbc_sha
  • tls_rsa_with_3des_ede_cbc_sha
  • tls_dhe_dss_with_3des_ede_cbc_sha
List of SSL cipher suites to be enabled in the specified order to application gateway.
disabled_ssl_protocols
-
    Choices:
  • tls_v1_0
  • tls_v1_1
  • tls_v1_2
List of SSL protocols to be disabled on application gateway.
min_protocol_version
-
    Choices:
  • tls_v1_0
  • tls_v1_1
  • tls_v1_2
Minimum version of Ssl protocol to be supported on application gateway.
policy_name
-
    Choices:
  • ssl_policy20150501
  • ssl_policy20170401
  • ssl_policy20170401_s
Name of Ssl predefined policy.
policy_type
-
    Choices:
  • predefined
  • custom
Type of SSL Policy.
state
-
    Choices:
  • absent
  • present ←
Assert the state of the Public IP. Use 'present' to create or update a and 'absent' to delete.
subscription_id
-
Your Azure subscription Id.
tags
-
Dictionary of string:string pairs to assign as metadata to the object. Metadata tags on the object will be updated with any provided values. To remove tags set append_tags option to false.
tenant
-
Azure tenant ID. Use when authenticating with a Service Principal.

Notes

Note

  • For authentication with Azure you can pass parameters, set environment variables or use a profile stored in ~/.azure/credentials. Authentication is possible using a service principal or Active Directory user. To authenticate via service principal, pass subscription_id, client_id, secret and tenant or set environment variables AZURE_SUBSCRIPTION_ID, AZURE_CLIENT_ID, AZURE_SECRET and AZURE_TENANT.
  • To authenticate via Active Directory user, pass ad_user and password, or set AZURE_AD_USER and AZURE_PASSWORD in the environment.
  • Alternatively, credentials can be stored in ~/.azure/credentials. This is an ini file containing a [default] section and the following keys: subscription_id, client_id, secret and tenant or subscription_id, ad_user and password. It is also possible to add additional profiles. Specify the profile by passing profile or setting AZURE_PROFILE in the environment.

Examples

- name: Create instance of Application Gateway
  azure_rm_appgateway:
    resource_group: myresourcegroup
    name: myappgateway
    sku:
      name: standard_small
      tier: standard
      capacity: 2
    gateway_ip_configurations:
      - subnet:
          id: "{{ subnet_id }}"
        name: app_gateway_ip_config
    frontend_ip_configurations:
      - subnet:
          id: "{{ subnet_id }}"
        name: sample_gateway_frontend_ip_config
    frontend_ports:
      - port: 90
        name: ag_frontend_port
    backend_address_pools:
      - backend_addresses:
          - ip_address: 10.0.0.4
        name: test_backend_address_pool
    backend_http_settings_collection:
      - port: 80
        protocol: http
        cookie_based_affinity: enabled
        name: sample_appgateway_http_settings
    http_listeners:
      - frontend_ip_configuration: sample_gateway_frontend_ip_config
        frontend_port: ag_frontend_port
        name: sample_http_listener
    request_routing_rules:
      - rule_type: Basic
        backend_address_pool: test_backend_address_pool
        backend_http_settings: sample_appgateway_http_settings
        http_listener: sample_http_listener
        name: rule1

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key Returned Description
id
string
always
Resource ID.

Sample:
id


Status

Authors

  • Zim Kalinowski (@zikalino)

Hint

If you notice any issues in this documentation you can edit this document to improve it.