azure_rm_appgateway – Manage Application Gateway instance

New in version 2.7.

Synopsis

  • Create, update and delete instance of Application Gateway.

Requirements

The below requirements are needed on the host that executes this module.

  • python >= 2.7

  • azure >= 2.0.0

Parameters

Parameter Choices/Defaults Comments
ad_user
string
Active Directory username. Use when authenticating with an Active Directory user rather than service principal.
adfs_authority_url
string
added in 2.6
Azure AD authority url. Use when authenticating with Username/password, and has your own ADFS authority.
api_profile
string
added in 2.5
Default:
"latest"
Selects an API profile to use when communicating with Azure services. Default value of latest is appropriate for public clouds; future values will allow use with Azure Stack.
append_tags
boolean
    Choices:
  • no
  • yes ←
Use to control if tags field is canonical or just appends to existing tags.
When canonical, any tags not found in the tags parameter will be removed from the object's metadata.
auth_source
string
added in 2.5
    Choices:
  • auto
  • cli
  • credential_file
  • env
  • msi
Controls the source of the credentials to use for authentication.
If not specified, ANSIBLE_AZURE_AUTH_SOURCE environment variable will be used and default to auto if variable is not defined.
auto will follow the default precedence of module parameters -> environment variables -> default profile in credential file ~/.azure/credentials.
When set to cli, the credentials will be sources from the default Azure CLI profile.
Can also be set via the ANSIBLE_AZURE_AUTH_SOURCE environment variable.
When set to msi, the host machine must be an azure resource with an enabled MSI extension. subscription_id or the environment variable AZURE_SUBSCRIPTION_ID can be used to identify the subscription ID if the resource is granted access to more than one subscription, otherwise the first subscription is chosen.
The msi was added in Ansible 2.6.
authentication_certificates
-
Authentication certificates of the application gateway resource.
data
-
Certificate public data - base64 encoded pfx.
name
-
Name of the resource that is unique within a resource group. This name can be used to access the resource.
backend_address_pools
-
List of backend address pool of the application gateway resource.
backend_addresses
-
List of backend addresses.
fqdn
-
Fully qualified domain name (FQDN).
ip_address
-
IP address.
name
-
Resource that is unique within a resource group. This name can be used to access the resource.
backend_http_settings_collection
-
Backend http settings of the application gateway resource.
affinity_cookie_name
-
Cookie name to use for the affinity cookie.
authentication_certificates
-
List of references to application gateway authentication certificates.
Applicable only when cookie_based_affinity is enabled, otherwise quietly ignored.
id
-
Resource ID.
cookie_based_affinity
-
    Choices:
  • enabled
  • disabled
Cookie based affinity.
host_name
-
Host header to be sent to the backend servers.
name
-
Name of the resource that is unique within a resource group. This name can be used to access the resource.
path
-
Path which should be used as a prefix for all http requests.
Null means no path will be prefixed. Default value is null.
pick_host_name_from_backend_address
-
Whether to pick host header should be picked from the host name of the backend server. Default value is false.
port
-
The destination port on the backend.
probe
-
Probe resource of an application gateway.
protocol
-
    Choices:
  • http
  • https
The protocol used to communicate with the backend.
request_timeout
-
Request timeout in seconds.
Application Gateway will fail the request if response is not received within RequestTimeout.
Acceptable values are from 1 second to 86400 seconds.
cert_validation_mode
string
added in 2.5
    Choices:
  • ignore
  • validate
Controls the certificate validation behavior for Azure endpoints. By default, all modules will validate the server certificate, but when an HTTPS proxy is in use, or against Azure Stack, it may be necessary to disable this behavior by passing ignore. Can also be set via credential file profile or the AZURE_CERT_VALIDATION environment variable.
client_id
string
Azure client ID. Use when authenticating with a Service Principal.
cloud_environment
string
added in 2.4
Default:
"AzureCloud"
For cloud environments other than the US public cloud, the environment name (as defined by Azure Python SDK, eg, AzureChinaCloud, AzureUSGovernment), or a metadata discovery endpoint URL (required for Azure Stack). Can also be set via credential file profile or the AZURE_CLOUD_ENVIRONMENT environment variable.
frontend_ip_configurations
-
Frontend IP addresses of the application gateway resource.
name
-
Name of the resource that is unique within a resource group. This name can be used to access the resource.
private_ip_address
-
PrivateIPAddress of the network interface IP Configuration.
private_ip_allocation_method
-
    Choices:
  • static
  • dynamic
PrivateIP allocation method.
public_ip_address
-
Reference of the PublicIP resource.
subnet
-
Reference of the subnet resource.
frontend_ports
-
List of frontend ports of the application gateway resource.
name
-
Name of the resource that is unique within a resource group. This name can be used to access the resource.
port
-
Frontend port.
gateway_ip_configurations
-
List of subnets used by the application gateway.
name
-
Name of the resource that is unique within a resource group. This name can be used to access the resource.
subnet
-
Reference of the subnet resource. A subnet from where application gateway gets its private address.
http_listeners
-
List of HTTP listeners of the application gateway resource.
frontend_ip_configuration
-
Frontend IP configuration resource of an application gateway.
frontend_port
-
Frontend port resource of an application gateway.
host_name
-
Host name of http listener.
name
-
Name of the resource that is unique within a resource group. This name can be used to access the resource.
protocol
-
    Choices:
  • http
  • https
Protocol of the c(http) listener.
require_server_name_indication
-
Applicable only if protocol is https. Enables SNI for multi-hosting.
ssl_certificate
-
SSL certificate resource of an application gateway.
location
-
Resource location. If not set, location from the resource group will be used as default.
name
- / required
The name of the application gateway.
password
string
Active Directory user password. Use when authenticating with an Active Directory user rather than service principal.
probes
-
added in 2.8
Probes available to the application gateway resource.
host
-
Host name to send the probe to.
interval
-
The probing interval in seconds.
This is the time interval between two consecutive probes.
Acceptable values are from 1 second to 86400 seconds.
name
-
Name of the probe that is unique within an Application Gateway.
path
-
Relative path of probe.
Valid path starts from '/'.
Probe is sent to <Protocol>://<host>:<port><path>.
protocol
-
    Choices:
  • http
  • https
The protocol used for the probe.
timeout
-
The probe timeout in seconds.
Probe marked as failed if valid response is not received with this timeout period.
Acceptable values are from 1 second to 86400 seconds.
unhealthy_threshold
-
The probe retry count.
Backend server is marked down after consecutive probe failure count reaches UnhealthyThreshold.
Acceptable values are from 1 second to 20.
profile
string
Security profile found in ~/.azure/credentials file.
redirect_configurations
-
added in 2.8
Redirect configurations of the application gateway resource.
include_path
-
Include path in the redirected url.
include_query_string
-
Include query string in the redirected url.
name
-
Name of the resource that is unique within a resource group.
redirect_type
-
    Choices:
  • permanent
  • found
  • see_other
  • temporary
Redirection type.
target_listener
-
Reference to a listener to redirect the request to.
request_routing_rules
-
List of request routing rules of the application gateway resource.
backend_address_pool
-
Backend address pool resource of the application gateway.
backend_http_settings
-
Backend http settings resource of the application gateway.
http_listener
-
Http listener resource of the application gateway.
name
-
Name of the resource that is unique within a resource group. This name can be used to access the resource.
redirect_configuration
-
Redirect configuration resource of the application gateway.
rule_type
-
    Choices:
  • basic
  • path_based_routing
Rule type.
resource_group
- / required
The name of the resource group.
secret
string
Azure client secret. Use when authenticating with a Service Principal.
sku
-
SKU of the application gateway resource.
capacity
-
Capacity (instance count) of an application gateway.
name
-
    Choices:
  • standard_small
  • standard_medium
  • standard_large
  • waf_medium
  • waf_large
Name of an application gateway SKU.
tier
-
    Choices:
  • standard
  • waf
Tier of an application gateway.
ssl_certificates
-
SSL certificates of the application gateway resource.
data
-
Base-64 encoded pfx certificate.
Only applicable in PUT Request.
name
-
Name of the resource that is unique within a resource group. This name can be used to access the resource.
password
-
Password for the pfx file specified in data.
Only applicable in PUT request.
ssl_policy
-
SSL policy of the application gateway resource.
cipher_suites
-
    Choices:
  • tls_ecdhe_rsa_with_aes_256_gcm_sha384
  • tls_ecdhe_rsa_with_aes_128_gcm_sha256
  • tls_ecdhe_rsa_with_aes_256_cbc_sha384
  • tls_ecdhe_rsa_with_aes_128_cbc_sha256
  • tls_ecdhe_rsa_with_aes_256_cbc_sha
  • tls_ecdhe_rsa_with_aes_128_cbc_sha
  • tls_dhe_rsa_with_aes_256_gcm_sha384
  • tls_dhe_rsa_with_aes_128_gcm_sha256
  • tls_dhe_rsa_with_aes_256_cbc_sha
  • tls_dhe_rsa_with_aes_128_cbc_sha
  • tls_rsa_with_aes_256_gcm_sha384
  • tls_rsa_with_aes_128_gcm_sha256
  • tls_rsa_with_aes_256_cbc_sha256
  • tls_rsa_with_aes_128_cbc_sha256
  • tls_rsa_with_aes_256_cbc_sha
  • tls_rsa_with_aes_128_cbc_sha
  • tls_ecdhe_ecdsa_with_aes_256_gcm_sha384
  • tls_ecdhe_ecdsa_with_aes_128_gcm_sha256
  • tls_ecdhe_ecdsa_with_aes_256_cbc_sha384
  • tls_ecdhe_ecdsa_with_aes_128_cbc_sha256
  • tls_ecdhe_ecdsa_with_aes_256_cbc_sha
  • tls_ecdhe_ecdsa_with_aes_128_cbc_sha
  • tls_dhe_dss_with_aes_256_cbc_sha256
  • tls_dhe_dss_with_aes_128_cbc_sha256
  • tls_dhe_dss_with_aes_256_cbc_sha
  • tls_dhe_dss_with_aes_128_cbc_sha
  • tls_rsa_with_3des_ede_cbc_sha
  • tls_dhe_dss_with_3des_ede_cbc_sha
List of SSL cipher suites to be enabled in the specified order to application gateway.
disabled_ssl_protocols
-
    Choices:
  • tls_v1_0
  • tls_v1_1
  • tls_v1_2
List of SSL protocols to be disabled on application gateway.
min_protocol_version
-
    Choices:
  • tls_v1_0
  • tls_v1_1
  • tls_v1_2
Minimum version of Ssl protocol to be supported on application gateway.
policy_name
-
    Choices:
  • ssl_policy20150501
  • ssl_policy20170401
  • ssl_policy20170401_s
Name of Ssl predefined policy.
policy_type
-
    Choices:
  • predefined
  • custom
Type of SSL Policy.
state
-
    Choices:
  • absent
  • present ←
Assert the state of the Public IP. Use present to create or update a and absent to delete.
subscription_id
string
Your Azure subscription Id.
tags
dictionary
Dictionary of string:string pairs to assign as metadata to the object.
Metadata tags on the object will be updated with any provided values.
To remove tags set append_tags option to false.
tenant
string
Azure tenant ID. Use when authenticating with a Service Principal.

Notes

Note

  • For authentication with Azure you can pass parameters, set environment variables, use a profile stored in ~/.azure/credentials, or log in before you run your tasks or playbook with az login.

  • Authentication is also possible using a service principal or Active Directory user.

  • To authenticate via service principal, pass subscription_id, client_id, secret and tenant or set environment variables AZURE_SUBSCRIPTION_ID, AZURE_CLIENT_ID, AZURE_SECRET and AZURE_TENANT.

  • To authenticate via Active Directory user, pass ad_user and password, or set AZURE_AD_USER and AZURE_PASSWORD in the environment.

  • Alternatively, credentials can be stored in ~/.azure/credentials. This is an ini file containing a [default] section and the following keys: subscription_id, client_id, secret and tenant or subscription_id, ad_user and password. It is also possible to add additional profiles. Specify the profile by passing profile or setting AZURE_PROFILE in the environment.

See Also

See also

Sign in with Azure CLI

How to authenticate using the az login command.

Examples

- name: Create instance of Application Gateway
  azure_rm_appgateway:
    resource_group: myResourceGroup
    name: myAppGateway
    sku:
      name: standard_small
      tier: standard
      capacity: 2
    gateway_ip_configurations:
      - subnet:
          id: "{{ subnet_id }}"
        name: app_gateway_ip_config
    frontend_ip_configurations:
      - subnet:
          id: "{{ subnet_id }}"
        name: sample_gateway_frontend_ip_config
    frontend_ports:
      - port: 90
        name: ag_frontend_port
    backend_address_pools:
      - backend_addresses:
          - ip_address: 10.0.0.4
        name: test_backend_address_pool
    backend_http_settings_collection:
      - port: 80
        protocol: http
        cookie_based_affinity: enabled
        name: sample_appgateway_http_settings
    http_listeners:
      - frontend_ip_configuration: sample_gateway_frontend_ip_config
        frontend_port: ag_frontend_port
        name: sample_http_listener
    request_routing_rules:
      - rule_type: Basic
        backend_address_pool: test_backend_address_pool
        backend_http_settings: sample_appgateway_http_settings
        http_listener: sample_http_listener
        name: rule1

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key Returned Description
id
string
always
Resource ID.

Sample:
id


Status

Authors

  • Zim Kalinowski (@zikalino)

Hint

If you notice any issues in this documentation, you can edit this document to improve it.