community.network.avi_sslprofile – Module for setup of SSLProfile Avi RESTful Object¶
Note
This plugin is part of the community.network collection (version 2.1.1).
To install it use: ansible-galaxy collection install community.network
.
To use it in a playbook, specify: community.network.avi_sslprofile
.
Synopsis¶
This module is used to configure SSLProfile object
more examples at https://github.com/avinetworks/devops
Parameters¶
Parameter | Choices/Defaults | Comments | |
---|---|---|---|
accepted_ciphers
string
|
Ciphers suites represented as defined by http://www.openssl.org/docs/apps/ciphers.html.
Default value when not specified in API or module is interpreted by Avi Controller as AES:3DES:RC4.
|
||
accepted_versions
string
|
Set of versions accepted by the server.
|
||
api_context
dictionary
|
Avi API context that includes current session ID and CSRF Token.
This allows user to perform single login and re-use the session.
|
||
api_version
string
|
Default: "16.4.4"
|
Avi API version of to use for Avi API and objects.
|
|
avi_api_patch_op
string
|
|
Patch operation to use when using avi_api_update_method as patch.
|
|
avi_api_update_method
string
|
|
Default method for object update is HTTP PUT.
Setting to patch will override that behavior to use HTTP PATCH.
|
|
avi_credentials
dictionary
|
Avi Credentials dictionary which can be used in lieu of enumerating Avi Controller login details.
|
||
api_version
string
|
Default: "16.4.4"
|
Avi controller version
|
|
controller
string
|
Avi controller IP or SQDN
|
||
csrftoken
string
|
Avi controller API csrftoken to reuse existing session with session id
|
||
password
string
|
Avi controller password
|
||
port
string
|
Avi controller port
|
||
session_id
string
|
Avi controller API session id to reuse existing session with csrftoken
|
||
tenant
string
|
Default: "admin"
|
Avi controller tenant
|
|
tenant_uuid
string
|
Avi controller tenant UUID
|
||
timeout
string
|
Default: 300
|
Avi controller request timeout
|
|
token
string
|
Avi controller API token
|
||
username
string
|
Avi controller username
|
||
avi_disable_session_cache_as_fact
boolean
|
|
It disables avi session information to be cached as a fact.
|
|
cipher_enums
string
|
Enum options - tls_ecdhe_ecdsa_with_aes_128_gcm_sha256, tls_ecdhe_ecdsa_with_aes_256_gcm_sha384, tls_ecdhe_rsa_with_aes_128_gcm_sha256,
tls_ecdhe_rsa_with_aes_256_gcm_sha384, tls_ecdhe_ecdsa_with_aes_128_cbc_sha256, tls_ecdhe_ecdsa_with_aes_256_cbc_sha384,
tls_ecdhe_rsa_with_aes_128_cbc_sha256, tls_ecdhe_rsa_with_aes_256_cbc_sha384, tls_rsa_with_aes_128_gcm_sha256, tls_rsa_with_aes_256_gcm_sha384,
tls_rsa_with_aes_128_cbc_sha256, tls_rsa_with_aes_256_cbc_sha256, tls_ecdhe_ecdsa_with_aes_128_cbc_sha, tls_ecdhe_ecdsa_with_aes_256_cbc_sha,
tls_ecdhe_rsa_with_aes_128_cbc_sha, tls_ecdhe_rsa_with_aes_256_cbc_sha, tls_rsa_with_aes_128_cbc_sha, tls_rsa_with_aes_256_cbc_sha,
tls_rsa_with_3des_ede_cbc_sha, tls_rsa_with_rc4_128_sha.
|
||
controller
string
|
Default: ""
|
IP address or hostname of the controller. The default value is the environment variable
AVI_CONTROLLER . |
|
description
string
|
User defined description for the object.
|
||
dhparam
string
|
Dh parameters used in ssl.
At this time, it is not configurable and is set to 2048 bits.
|
||
enable_ssl_session_reuse
boolean
|
|
Enable ssl session re-use.
Default value when not specified in API or module is interpreted by Avi Controller as True.
|
|
name
string
/ required
|
Name of the object.
|
||
password
string
|
Default: ""
|
Password of Avi user in Avi controller. The default value is the environment variable
AVI_PASSWORD . |
|
prefer_client_cipher_ordering
boolean
|
|
Prefer the ssl cipher ordering presented by the client during the ssl handshake over the one specified in the ssl profile.
Default value when not specified in API or module is interpreted by Avi Controller as False.
|
|
send_close_notify
boolean
|
|
Send 'close notify' alert message for a clean shutdown of the ssl connection.
Default value when not specified in API or module is interpreted by Avi Controller as True.
|
|
ssl_rating
string
|
Sslrating settings for sslprofile.
|
||
ssl_session_timeout
string
|
The amount of time in seconds before an ssl session expires.
Default value when not specified in API or module is interpreted by Avi Controller as 86400.
|
||
state
string
|
|
The state that should be applied on the entity.
|
|
tags
string
|
List of tag.
|
||
tenant
string
|
Default: "admin"
|
Name of tenant used for all Avi API calls and context of object.
|
|
tenant_ref
string
|
It is a reference to an object of type tenant.
|
||
tenant_uuid
string
|
Default: ""
|
UUID of tenant used for all Avi API calls and context of object.
|
|
type
string
|
Ssl profile type.
Enum options - SSL_PROFILE_TYPE_APPLICATION, SSL_PROFILE_TYPE_SYSTEM.
Field introduced in 17.2.8.
Default value when not specified in API or module is interpreted by Avi Controller as SSL_PROFILE_TYPE_APPLICATION.
|
||
url
string
|
Avi controller URL of the object.
|
||
username
string
|
Default: ""
|
Username used for accessing Avi controller. The default value is the environment variable
AVI_USERNAME . |
|
uuid
string
|
Unique object identifier of the object.
|
Notes¶
Note
For more information on using Ansible to manage Avi Network devices see https://www.ansible.com/ansible-avi-networks.
Examples¶
- name: Create SSL profile with list of allowed ciphers
community.network.avi_sslprofile:
controller: '{{ controller }}'
username: '{{ username }}'
password: '{{ password }}'
accepted_ciphers: >
ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA:
ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA384:
AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:
AES256-SHA:DES-CBC3-SHA:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:
ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA
accepted_versions:
- type: SSL_VERSION_TLS1
- type: SSL_VERSION_TLS1_1
- type: SSL_VERSION_TLS1_2
cipher_enums:
- TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
- TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
- TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
- TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
- TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
- TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
- TLS_RSA_WITH_AES_128_GCM_SHA256
- TLS_RSA_WITH_AES_256_GCM_SHA384
- TLS_RSA_WITH_AES_128_CBC_SHA256
- TLS_RSA_WITH_AES_256_CBC_SHA256
- TLS_RSA_WITH_AES_128_CBC_SHA
- TLS_RSA_WITH_AES_256_CBC_SHA
- TLS_RSA_WITH_3DES_EDE_CBC_SHA
- TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
- TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
- TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
- TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
- TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
- TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
name: PFS-BOTH-RSA-EC
send_close_notify: true
ssl_rating:
compatibility_rating: SSL_SCORE_EXCELLENT
performance_rating: SSL_SCORE_EXCELLENT
security_score: '100.0'
tenant_ref: Demo
Return Values¶
Common return values are documented here, the following are the fields unique to this module:
Key | Returned | Description |
---|---|---|
obj
dictionary
|
success, changed |
SSLProfile (api/sslprofile) object
|
Authors¶
Gaurav Rastogi (@grastogi23) <grastogi@avinetworks.com>