community.general.rax_clb_ssl – Manage SSL termination for a Rackspace Cloud Load Balancer.¶
Note
This plugin is part of the community.general collection (version 2.5.1).
To install it use: ansible-galaxy collection install community.general
.
To use it in a playbook, specify: community.general.rax_clb_ssl
.
Requirements¶
The below requirements are needed on the host that executes this module.
pyrax
python >= 2.6
Parameters¶
Parameter | Choices/Defaults | Comments |
---|---|---|
api_key
string
|
Rackspace API key, overrides credentials.
aliases: password |
|
auth_endpoint
string
|
The URI of the authentication service.
If not specified will be set to https://identity.api.rackspacecloud.com/v2.0/
|
|
certificate
string
|
The public SSL certificates as a string in PEM format.
|
|
credentials
path
|
File to find the Rackspace credentials in. Ignored if api_key and username are provided.
aliases: creds_file |
|
enabled
boolean
|
|
If set to "false", temporarily disable SSL termination without discarding
existing credentials.
|
env
string
|
Environment as configured in ~/.pyrax.cfg, see https://github.com/rackspace/pyrax/blob/master/docs/getting_started.md#pyrax-configuration.
|
|
https_redirect
boolean
|
|
If "true", the load balancer will redirect HTTP traffic to HTTPS.
Requires "secure_traffic_only" to be true. Incurs an implicit wait if SSL
termination is also applied or removed.
|
identity_type
string
|
Default: "rackspace"
|
Authentication mechanism to use, such as rackspace or keystone.
|
intermediate_certificate
string
|
One or more intermediate certificate authorities as a string in PEM
format, concatenated into a single string.
|
|
loadbalancer
string
/ required
|
Name or ID of the load balancer on which to manage SSL termination.
|
|
private_key
string
|
The private SSL key as a string in PEM format.
|
|
region
string
|
Region to create an instance in.
|
|
secure_port
integer
|
Default: 443
|
The port to listen for secure traffic.
|
secure_traffic_only
boolean
|
|
If "true", the load balancer will *only* accept secure traffic.
|
state
string
|
|
If set to "present", SSL termination will be added to this load balancer.
If "absent", SSL termination will be removed instead.
|
tenant_id
string
|
The tenant ID used for authentication.
|
|
tenant_name
string
|
The tenant name used for authentication.
|
|
username
string
|
Rackspace username, overrides credentials.
|
|
validate_certs
boolean
|
|
Whether or not to require SSL validation of API endpoints.
aliases: verify_ssl |
wait
boolean
|
|
Wait for the balancer to be in state "running" before turning.
|
wait_timeout
integer
|
Default: 300
|
How long before "wait" gives up, in seconds.
|
Notes¶
Note
The following environment variables can be used,
RAX_USERNAME
,RAX_API_KEY
,RAX_CREDS_FILE
,RAX_CREDENTIALS
,RAX_REGION
.RAX_CREDENTIALS
andRAX_CREDS_FILE
points to a credentials file appropriate for pyrax. See https://github.com/rackspace/pyrax/blob/master/docs/getting_started.md#authenticatingRAX_USERNAME
andRAX_API_KEY
obviate the use of a credentials fileRAX_REGION
defines a Rackspace Public Cloud region (DFW, ORD, LON, …)The following environment variables can be used,
RAX_USERNAME
,RAX_API_KEY
,RAX_CREDS_FILE
,RAX_CREDENTIALS
,RAX_REGION
.RAX_CREDENTIALS
andRAX_CREDS_FILE
points to a credentials file appropriate for pyrax. See https://github.com/rackspace/pyrax/blob/master/docs/getting_started.md#authenticatingRAX_USERNAME
andRAX_API_KEY
obviate the use of a credentials fileRAX_REGION
defines a Rackspace Public Cloud region (DFW, ORD, LON, …)
Examples¶
- name: Enable SSL termination on a load balancer
community.general.rax_clb_ssl:
loadbalancer: the_loadbalancer
state: present
private_key: "{{ lookup('file', 'credentials/server.key' ) }}"
certificate: "{{ lookup('file', 'credentials/server.crt' ) }}"
intermediate_certificate: "{{ lookup('file', 'credentials/trust-chain.crt') }}"
secure_traffic_only: true
wait: true
- name: Disable SSL termination
community.general.rax_clb_ssl:
loadbalancer: "{{ registered_lb.balancer.id }}"
state: absent
wait: true
Authors¶
Ash Wilson (@smashwilson)