cs_securitygroup_rule – Manages security group rules on Apache CloudStack based clouds.¶
New in version 2.0.
Requirements¶
The below requirements are needed on the host that executes this module.
- python >= 2.6
- cs >= 0.6.10
Parameters¶
Parameter | Choices/Defaults | Comments |
---|---|---|
api_http_method
-
|
|
HTTP method used to query the API endpoint.
If not given, the
CLOUDSTACK_METHOD env variable is considered.As the last option, the value is taken from the ini config file, also see the notes.
Fallback value is
get if not specified. |
api_key
-
|
API key of the CloudStack API.
If not given, the
CLOUDSTACK_KEY env variable is considered.As the last option, the value is taken from the ini config file, also see the notes.
|
|
api_region
-
|
Default: "cloudstack"
|
Name of the ini section in the
cloustack.ini file.If not given, the
CLOUDSTACK_REGION env variable is considered. |
api_secret
-
|
Secret key of the CloudStack API.
If not set, the
CLOUDSTACK_SECRET env variable is considered.As the last option, the value is taken from the ini config file, also see the notes.
|
|
api_timeout
-
|
HTTP timeout in seconds.
If not given, the
CLOUDSTACK_TIMEOUT env variable is considered.As the last option, the value is taken from the ini config file, also see the notes.
Fallback value is 10 seconds if not specified.
|
|
api_url
-
|
URL of the CloudStack API e.g. https://cloud.example.com/client/api.
If not given, the
CLOUDSTACK_ENDPOINT env variable is considered.As the last option, the value is taken from the ini config file, also see the notes.
|
|
cidr
-
|
Default: "0.0.0.0/0"
|
CIDR (full notation) to be used for security group rule.
|
end_port
-
|
End port for this rule. Required if
protocol=tcp or protocol=udp , but start_port will be used if not set. |
|
icmp_code
-
|
Error code for this icmp message. Required if
protocol=icmp . |
|
icmp_type
-
|
Type of the icmp message being sent. Required if
protocol=icmp . |
|
poll_async
-
|
Default: "yes"
|
Poll async jobs until job has finished.
|
project
-
|
Name of the project the security group to be created in.
|
|
protocol
-
|
|
Protocol of the security group rule.
|
security_group
-
/ required
|
Name of the security group the rule is related to. The security group must be existing.
|
|
start_port
-
|
Start port for this rule. Required if
protocol=tcp or protocol=udp .aliases: port |
|
state
-
|
|
State of the security group rule.
|
type
-
|
|
Ingress or egress security group rule.
|
user_security_group
-
|
Security group this rule is based of.
|
Notes¶
Note
- Ansible uses the
cs
library’s configuration method if credentials are not provided by the argumentsapi_url
,api_key
,api_secret
. Configuration is read from several locations, in the following order. TheCLOUDSTACK_ENDPOINT
,CLOUDSTACK_KEY
,CLOUDSTACK_SECRET
andCLOUDSTACK_METHOD
.CLOUDSTACK_TIMEOUT
environment variables. ACLOUDSTACK_CONFIG
environment variable pointing to an.ini
file. Acloudstack.ini
file in the current working directory. A.cloudstack.ini
file in the users home directory. Optionally multiple credentials and endpoints can be specified using ini sections incloudstack.ini
. Use the argumentapi_region
to select the section name, default section iscloudstack
. See https://github.com/exoscale/cs for more information. - A detailed guide about cloudstack modules can be found in the CloudStack Cloud Guide.
- This module supports check mode.
Examples¶
---
- name: allow inbound port 80/tcp from 1.2.3.4 added to security group 'default'
local_action:
module: cs_securitygroup_rule
security_group: default
port: 80
cidr: 1.2.3.4/32
- name: allow tcp/udp outbound added to security group 'default'
local_action:
module: cs_securitygroup_rule
security_group: default
type: egress
start_port: 1
end_port: 65535
protocol: '{{ item }}'
with_items:
- tcp
- udp
- name: allow inbound icmp from 0.0.0.0/0 added to security group 'default'
local_action:
module: cs_securitygroup_rule
security_group: default
protocol: icmp
icmp_code: -1
icmp_type: -1
- name: remove rule inbound port 80/tcp from 0.0.0.0/0 from security group 'default'
local_action:
module: cs_securitygroup_rule
security_group: default
port: 80
state: absent
- name: allow inbound port 80/tcp from security group web added to security group 'default'
local_action:
module: cs_securitygroup_rule
security_group: default
port: 80
user_security_group: web
Return Values¶
Common return values are documented here, the following are the fields unique to this module:
Key | Returned | Description |
---|---|---|
cidr
string
|
success and cidr is defined |
CIDR of the rule.
Sample:
0.0.0.0/0
|
end_port
integer
|
success |
end port of the rule.
Sample:
80
|
id
string
|
success |
UUID of the of the rule.
Sample:
a6f7a5fc-43f8-11e5-a151-feff819cdc9f
|
protocol
string
|
success |
protocol of the rule.
Sample:
tcp
|
security_group
string
|
success |
security group of the rule.
Sample:
default
|
start_port
integer
|
success |
start port of the rule.
Sample:
80
|
type
string
|
success |
type of the rule.
Sample:
ingress
|
user_security_group
string
|
success and user_security_group is defined |
user security group of the rule.
Sample:
default
|
Status¶
- This module is guaranteed to have no backward incompatible interface changes going forward. [stableinterface]
- This module is maintained by the Ansible Community. [community]
Authors¶
- René Moser (@resmo)
Hint
If you notice any issues in this documentation you can edit this document to improve it.