rax_clb_ssl – Manage SSL termination for a Rackspace Cloud Load Balancer

Synopsis

  • Set up, reconfigure, or remove SSL termination for an existing load balancer.

Requirements

The below requirements are needed on the host that executes this module.

  • pyrax

  • python >= 2.6

Parameters

Parameter Choices/Defaults Comments
api_key
string
Rackspace API key, overrides credentials.

aliases: password
auth_endpoint
-
Default:
"https://identity.api.rackspacecloud.com/v2.0/"
The URI of the authentication service.
certificate
-
The public SSL certificates as a string in PEM format.
credentials
path
File to find the Rackspace credentials in. Ignored if api_key and username are provided.

aliases: creds_file
enabled
boolean
    Choices:
  • no
  • yes ←
If set to "false", temporarily disable SSL termination without discarding
existing credentials.
env
string
https_redirect
boolean
    Choices:
  • no
  • yes
If "true", the load balancer will redirect HTTP traffic to HTTPS.
Requires "secure_traffic_only" to be true. Incurs an implicit wait if SSL
termination is also applied or removed.
identity_type
-
Default:
"rackspace"
Authentication mechanism to use, such as rackspace or keystone.
intermediate_certificate
-
One or more intermediate certificate authorities as a string in PEM
format, concatenated into a single string.
loadbalancer
- / required
Name or ID of the load balancer on which to manage SSL termination.
private_key
-
The private SSL key as a string in PEM format.
region
string
Default:
"DFW"
Region to create an instance in.
secure_port
-
Default:
443
The port to listen for secure traffic.
secure_traffic_only
boolean
    Choices:
  • no ←
  • yes
If "true", the load balancer will *only* accept secure traffic.
state
-
    Choices:
  • present ←
  • absent
If set to "present", SSL termination will be added to this load balancer.
If "absent", SSL termination will be removed instead.
tenant_id
-
The tenant ID used for authentication.
tenant_name
-
The tenant name used for authentication.
username
string
Rackspace username, overrides credentials.
validate_certs
boolean
    Choices:
  • no
  • yes
Whether or not to require SSL validation of API endpoints.

aliases: verify_ssl
wait
boolean
    Choices:
  • no ←
  • yes
Wait for the balancer to be in state "running" before turning.
wait_timeout
-
Default:
300
How long before "wait" gives up, in seconds.

Notes

Note

  • The following environment variables can be used, RAX_USERNAME, RAX_API_KEY, RAX_CREDS_FILE, RAX_CREDENTIALS, RAX_REGION.

  • RAX_CREDENTIALS and RAX_CREDS_FILE points to a credentials file appropriate for pyrax. See https://github.com/rackspace/pyrax/blob/master/docs/getting_started.md#authenticating

  • RAX_USERNAME and RAX_API_KEY obviate the use of a credentials file

  • RAX_REGION defines a Rackspace Public Cloud region (DFW, ORD, LON, …)

  • The following environment variables can be used, RAX_USERNAME, RAX_API_KEY, RAX_CREDS_FILE, RAX_CREDENTIALS, RAX_REGION.

  • RAX_CREDENTIALS and RAX_CREDS_FILE points to a credentials file appropriate for pyrax. See https://github.com/rackspace/pyrax/blob/master/docs/getting_started.md#authenticating

  • RAX_USERNAME and RAX_API_KEY obviate the use of a credentials file

  • RAX_REGION defines a Rackspace Public Cloud region (DFW, ORD, LON, …)

Examples

- name: Enable SSL termination on a load balancer
  rax_clb_ssl:
    loadbalancer: the_loadbalancer
    state: present
    private_key: "{{ lookup('file', 'credentials/server.key' ) }}"
    certificate: "{{ lookup('file', 'credentials/server.crt' ) }}"
    intermediate_certificate: "{{ lookup('file', 'credentials/trust-chain.crt') }}"
    secure_traffic_only: true
    wait: true

- name: Disable SSL termination
  rax_clb_ssl:
    loadbalancer: "{{ registered_lb.balancer.id }}"
    state: absent
    wait: true

Status

Authors

  • Ash Wilson (@smashwilson)

Hint

If you notice any issues in this documentation, you can edit this document to improve it.