community.general.rax_clb_ssl – Manage SSL termination for a Rackspace Cloud Load Balancer.

Note

This plugin is part of the community.general collection (version 2.5.1).

To install it use: ansible-galaxy collection install community.general.

To use it in a playbook, specify: community.general.rax_clb_ssl.

Synopsis

  • Set up, reconfigure, or remove SSL termination for an existing load balancer.

Requirements

The below requirements are needed on the host that executes this module.

  • pyrax

  • python >= 2.6

Parameters

Parameter Choices/Defaults Comments
api_key
string
Rackspace API key, overrides credentials.

aliases: password
auth_endpoint
string
The URI of the authentication service.
If not specified will be set to https://identity.api.rackspacecloud.com/v2.0/
certificate
string
The public SSL certificates as a string in PEM format.
credentials
path
File to find the Rackspace credentials in. Ignored if api_key and username are provided.

aliases: creds_file
enabled
boolean
    Choices:
  • no
  • yes ←
If set to "false", temporarily disable SSL termination without discarding
existing credentials.
env
string
https_redirect
boolean
    Choices:
  • no
  • yes
If "true", the load balancer will redirect HTTP traffic to HTTPS.
Requires "secure_traffic_only" to be true. Incurs an implicit wait if SSL
termination is also applied or removed.
identity_type
string
Default:
"rackspace"
Authentication mechanism to use, such as rackspace or keystone.
intermediate_certificate
string
One or more intermediate certificate authorities as a string in PEM
format, concatenated into a single string.
loadbalancer
string / required
Name or ID of the load balancer on which to manage SSL termination.
private_key
string
The private SSL key as a string in PEM format.
region
string
Region to create an instance in.
secure_port
integer
Default:
443
The port to listen for secure traffic.
secure_traffic_only
boolean
    Choices:
  • no ←
  • yes
If "true", the load balancer will *only* accept secure traffic.
state
string
    Choices:
  • present ←
  • absent
If set to "present", SSL termination will be added to this load balancer.
If "absent", SSL termination will be removed instead.
tenant_id
string
The tenant ID used for authentication.
tenant_name
string
The tenant name used for authentication.
username
string
Rackspace username, overrides credentials.
validate_certs
boolean
    Choices:
  • no
  • yes
Whether or not to require SSL validation of API endpoints.

aliases: verify_ssl
wait
boolean
    Choices:
  • no ←
  • yes
Wait for the balancer to be in state "running" before turning.
wait_timeout
integer
Default:
300
How long before "wait" gives up, in seconds.

Notes

Note

  • The following environment variables can be used, RAX_USERNAME, RAX_API_KEY, RAX_CREDS_FILE, RAX_CREDENTIALS, RAX_REGION.

  • RAX_CREDENTIALS and RAX_CREDS_FILE points to a credentials file appropriate for pyrax. See https://github.com/rackspace/pyrax/blob/master/docs/getting_started.md#authenticating

  • RAX_USERNAME and RAX_API_KEY obviate the use of a credentials file

  • RAX_REGION defines a Rackspace Public Cloud region (DFW, ORD, LON, …)

  • The following environment variables can be used, RAX_USERNAME, RAX_API_KEY, RAX_CREDS_FILE, RAX_CREDENTIALS, RAX_REGION.

  • RAX_CREDENTIALS and RAX_CREDS_FILE points to a credentials file appropriate for pyrax. See https://github.com/rackspace/pyrax/blob/master/docs/getting_started.md#authenticating

  • RAX_USERNAME and RAX_API_KEY obviate the use of a credentials file

  • RAX_REGION defines a Rackspace Public Cloud region (DFW, ORD, LON, …)

Examples

- name: Enable SSL termination on a load balancer
  community.general.rax_clb_ssl:
    loadbalancer: the_loadbalancer
    state: present
    private_key: "{{ lookup('file', 'credentials/server.key' ) }}"
    certificate: "{{ lookup('file', 'credentials/server.crt' ) }}"
    intermediate_certificate: "{{ lookup('file', 'credentials/trust-chain.crt') }}"
    secure_traffic_only: true
    wait: true

- name: Disable SSL termination
  community.general.rax_clb_ssl:
    loadbalancer: "{{ registered_lb.balancer.id }}"
    state: absent
    wait: true

Authors

  • Ash Wilson (@smashwilson)