rax_clb_ssl – Manage SSL termination for a Rackspace Cloud Load Balancer¶
New in version 2.0.
Synopsis¶
Set up, reconfigure, or remove SSL termination for an existing load balancer.
Requirements¶
The below requirements are needed on the host that executes this module.
pyrax
python >= 2.6
Parameters¶
| Parameter | Choices/Defaults | Comments |
|---|---|---|
|
api_key
string
|
Rackspace API key, overrides credentials.
aliases: password |
|
|
auth_endpoint
-
|
Default: "https://identity.api.rackspacecloud.com/v2.0/"
|
The URI of the authentication service.
|
|
certificate
-
|
The public SSL certificates as a string in PEM format.
|
|
|
credentials
path
|
File to find the Rackspace credentials in. Ignored if api_key and username are provided.
aliases: creds_file |
|
|
enabled
boolean
|
|
If set to "false", temporarily disable SSL termination without discarding
existing credentials.
|
|
env
string
|
Environment as configured in ~/.pyrax.cfg, see https://github.com/rackspace/pyrax/blob/master/docs/getting_started.md#pyrax-configuration.
|
|
|
https_redirect
boolean
|
|
If "true", the load balancer will redirect HTTP traffic to HTTPS.
Requires "secure_traffic_only" to be true. Incurs an implicit wait if SSL
termination is also applied or removed.
|
|
identity_type
-
|
Default: "rackspace"
|
Authentication mechanism to use, such as rackspace or keystone.
|
|
intermediate_certificate
-
|
One or more intermediate certificate authorities as a string in PEM
format, concatenated into a single string.
|
|
|
loadbalancer
-
/ required
|
Name or ID of the load balancer on which to manage SSL termination.
|
|
|
private_key
-
|
The private SSL key as a string in PEM format.
|
|
|
region
string
|
Default: "DFW"
|
Region to create an instance in.
|
|
secure_port
-
|
Default: 443
|
The port to listen for secure traffic.
|
|
secure_traffic_only
boolean
|
|
If "true", the load balancer will *only* accept secure traffic.
|
|
state
-
|
|
If set to "present", SSL termination will be added to this load balancer.
If "absent", SSL termination will be removed instead.
|
|
tenant_id
-
|
The tenant ID used for authentication.
|
|
|
tenant_name
-
|
The tenant name used for authentication.
|
|
|
username
string
|
Rackspace username, overrides credentials.
|
|
|
validate_certs
boolean
|
|
Whether or not to require SSL validation of API endpoints.
aliases: verify_ssl |
|
wait
boolean
|
|
Wait for the balancer to be in state "running" before turning.
|
|
wait_timeout
-
|
Default: 300
|
How long before "wait" gives up, in seconds.
|
Notes¶
Note
The following environment variables can be used,
RAX_USERNAME,RAX_API_KEY,RAX_CREDS_FILE,RAX_CREDENTIALS,RAX_REGION.RAX_CREDENTIALSandRAX_CREDS_FILEpoints to a credentials file appropriate for pyrax. See https://github.com/rackspace/pyrax/blob/master/docs/getting_started.md#authenticatingRAX_USERNAMEandRAX_API_KEYobviate the use of a credentials fileRAX_REGIONdefines a Rackspace Public Cloud region (DFW, ORD, LON, …)The following environment variables can be used,
RAX_USERNAME,RAX_API_KEY,RAX_CREDS_FILE,RAX_CREDENTIALS,RAX_REGION.RAX_CREDENTIALSandRAX_CREDS_FILEpoints to a credentials file appropriate for pyrax. See https://github.com/rackspace/pyrax/blob/master/docs/getting_started.md#authenticatingRAX_USERNAMEandRAX_API_KEYobviate the use of a credentials fileRAX_REGIONdefines a Rackspace Public Cloud region (DFW, ORD, LON, …)
Examples¶
- name: Enable SSL termination on a load balancer
rax_clb_ssl:
loadbalancer: the_loadbalancer
state: present
private_key: "{{ lookup('file', 'credentials/server.key' ) }}"
certificate: "{{ lookup('file', 'credentials/server.crt' ) }}"
intermediate_certificate: "{{ lookup('file', 'credentials/trust-chain.crt') }}"
secure_traffic_only: true
wait: true
- name: Disable SSL termination
rax_clb_ssl:
loadbalancer: "{{ registered_lb.balancer.id }}"
state: absent
wait: true
Status¶
This module is not guaranteed to have a backwards compatible interface. [preview]
This module is maintained by the Ansible Community. [community]